Underground: Tales of Hacking, Madness and Obsession from the Electronic Frontier by Suelette Dreyfus Read Free Book Online Page B
Authors: Suelette Dreyfus
worm’s creator knew that certain accounts with the highest privileges were likely to have standard names, common across different machines. Accounts with names such as ‘SYSTEM’, ‘DECNET’ and ‘FIELD’ with standard passwords such as
‘SYSTEM’ and ‘DECNET’ were often built into a computer before it was shipped from the manufacturer. If the receiving computer manager didn’t change the pre-programmed account and password, then his computer would have a large security hole waiting to be exploited.
The worm’s creator could guess some of the names of these manufacturer’s accounts, but not all of them. By endowing the worm with an ability to learn, he gave it far more power. As the worm spread, it became more and more intelligent. As it reproduced, its offspring evolved into ever more advanced creatures, increasingly successful at breaking into new systems.
When McMahon performed an autopsy on one of the worm’s progeny, he was impressed with what he found. Slicing the worm open and inspecting its entrails, he discovered an extensive collection of generic privileged accounts across the SPAN network. In fact, the worm wasn’t only picking up the standard VMS privileged accounts; it had learned accounts common to NASA but not necessarily to other VMS computers. For example, a lot of NASA sites which ran a type of TCP/IP mailer that needed either a POSTMASTER or a MAILER account. John saw those names turn up inside the worm’s progeny.
Even if it only managed to break into an unprivileged account, the worm would use the account as an incubator. The worm replicated and then attacked other computers in the network. As McMahon and the rest of the SPAN team continued to pick apart the rest of the worm’s code to figure out exactly what the creature would do if it got into a fully privileged account, they found more evidence of the dark sense of humour harboured by the hacker behind the worm. Part of the worm, a subroutine, was named ‘find fucked’.
The SPAN team tried to give NASA managers calling in as much information as they could about the worm. It was the best way to help computer managers, isolated in their offices around the country, to regain a sense of control over the crisis.
Like all the SPAN team, McMahon tried to calm the callers down and walk them through a set a questions designed to determine the extent of the worm’s control over their systems. First, he asked them what symptoms their systems were showing. In a crisis situation, when you’re holding a hammer, everything looks like a nail. McMahon wanted to make sure that the problems on the system were in fact caused by the worm and not something else entirely.
If the only problem seemed to be mysterious comments flashing across the screen, McMahon concluded that the worm was probably harassing the staff on that computer from a neighbouring system which it had successfully invaded. The messages suggested that the recipients’
accounts had not been hijacked by the worm. Yet.
VAX/VMS machines have a feature called Phone, which is useful for on-line communications. For example, a NASA scientist could ‘ring up’
one of his colleagues on a different computer and have a friendly chat on-line. The chat session is live, but it is conducted by typing on the computer screen, not ‘voice’. The VMS Phone facility enabled the worm to send messages to users. It would simply call them using the phone protocol. But instead of starting a chat session, it sent them statements from what was later determined to be the aptly named Fortune Cookie file--a collection of 60 or so pre-programmed comments.
In some cases, where the worm was really bugging staff, McMahon told the manager at the other end of the phone to turn the computer’s Phone feature off. A few managers complained and McMahon gave them the obvious ultimatum: choose Phone or peace. Most chose peace.
When McMahon finished his preliminary analysis, he had good news and bad
‘SYSTEM’ and ‘DECNET’ were often built into a computer before it was shipped from the manufacturer. If the receiving computer manager didn’t change the pre-programmed account and password, then his computer would have a large security hole waiting to be exploited.
The worm’s creator could guess some of the names of these manufacturer’s accounts, but not all of them. By endowing the worm with an ability to learn, he gave it far more power. As the worm spread, it became more and more intelligent. As it reproduced, its offspring evolved into ever more advanced creatures, increasingly successful at breaking into new systems.
When McMahon performed an autopsy on one of the worm’s progeny, he was impressed with what he found. Slicing the worm open and inspecting its entrails, he discovered an extensive collection of generic privileged accounts across the SPAN network. In fact, the worm wasn’t only picking up the standard VMS privileged accounts; it had learned accounts common to NASA but not necessarily to other VMS computers. For example, a lot of NASA sites which ran a type of TCP/IP mailer that needed either a POSTMASTER or a MAILER account. John saw those names turn up inside the worm’s progeny.
Even if it only managed to break into an unprivileged account, the worm would use the account as an incubator. The worm replicated and then attacked other computers in the network. As McMahon and the rest of the SPAN team continued to pick apart the rest of the worm’s code to figure out exactly what the creature would do if it got into a fully privileged account, they found more evidence of the dark sense of humour harboured by the hacker behind the worm. Part of the worm, a subroutine, was named ‘find fucked’.
The SPAN team tried to give NASA managers calling in as much information as they could about the worm. It was the best way to help computer managers, isolated in their offices around the country, to regain a sense of control over the crisis.
Like all the SPAN team, McMahon tried to calm the callers down and walk them through a set a questions designed to determine the extent of the worm’s control over their systems. First, he asked them what symptoms their systems were showing. In a crisis situation, when you’re holding a hammer, everything looks like a nail. McMahon wanted to make sure that the problems on the system were in fact caused by the worm and not something else entirely.
If the only problem seemed to be mysterious comments flashing across the screen, McMahon concluded that the worm was probably harassing the staff on that computer from a neighbouring system which it had successfully invaded. The messages suggested that the recipients’
accounts had not been hijacked by the worm. Yet.
VAX/VMS machines have a feature called Phone, which is useful for on-line communications. For example, a NASA scientist could ‘ring up’
one of his colleagues on a different computer and have a friendly chat on-line. The chat session is live, but it is conducted by typing on the computer screen, not ‘voice’. The VMS Phone facility enabled the worm to send messages to users. It would simply call them using the phone protocol. But instead of starting a chat session, it sent them statements from what was later determined to be the aptly named Fortune Cookie file--a collection of 60 or so pre-programmed comments.
In some cases, where the worm was really bugging staff, McMahon told the manager at the other end of the phone to turn the computer’s Phone feature off. A few managers complained and McMahon gave them the obvious ultimatum: choose Phone or peace. Most chose peace.
When McMahon finished his preliminary analysis, he had good news and bad
Similar Books
Miami Spice
Deborah Merrell
A Weekend Temptation
Krista Caley
Inequities
Jambrea Jo Jones
Mystic Memories
Gillian Doyle, Susan Leslie Liepitz
Everything You Want
Macyn Like
Captive Star
Nora Roberts
No Time Like Mardi Gras
Kimberly Lang
Love Hurts
Brenda Grate
In the Blood
Nancy A. Collins
Biblical
Christopher Galt