Altos unified the international hacking world as nothing else had done. In sharing information about their own countries' computers and networks, hackers helped each other venture further and further abroad. The Australians had gained quite a reputation on Altos. They knew their stuff. More importantly, they possessed DEFCON, a program which mapped out uncharted networks and scanned for accounts on systems within them. Force wrote DEFCON based on a simple automatic scanning program provided by his friend and mentor, Craig Bowen (Thunderbird1).

Like the telephone system, the X.25 networks had a large number of 'phone numbers', called network user addresses (NUAs). Most were not valid. They simply hadn't been a.s.signed to anyone yet. To break into computers on the network, you had to find them first, which meant either hearing about a particular system from a fellow hacker or scanning. Scanning--typing in one possible address after another--was worse than looking for a needle in a haystack. 02624-589004-0004. Then increasing the last digit by one on each attempt. 0005. 0006. 0007.

Until you hit a machine at the other end.

Back in 1987 or early 1988, Force had logged into Pacific Island for a talk with Craig Bowen. Force bemoaned the tediousness of hand scanning.

'Well, why the h.e.l.l are you doing it manually?' Bowen responded. 'You should just use my program.' He then gave Force the source code for his simple automated scanning program, along with instructions.

Force went through the program and decided it would serve as a good launchpad for bigger things, but it had a major limitation. The program could only handle one connection at a time, which meant it could only scan one branch of a network at a time.

Less than three months later, Force had rewritten Bowen's program into the far more powerful DEFCON, which became the jewel in the crown of the Australian hackers' reputation. With DEFCON, a hacker could automatically scan fifteen or twenty network addresses simultaneously.

He could command the computer to map out pieces of the Belgian, British and Greek X.25 communications networks, looking for computers hanging off the networks like buds at the tips of tree branches.

Conceptually, the difference was a little like using a basic PC, which can only run one program at a time, as opposed to operating a more sophisticated one where you can open many windows with different programs running all at once. Even though you might only be working in one window, say, writing a letter, the computer might be doing calculations in a spreadsheet in another window in the background. You can swap between different functions, which are all running in the background simultaneously.

While DEFCON was busy scanning, Force could do other things, such as talk on Altos. He continued improving DEFCON, writing up to four more versions of the program. Before long, DEFCON didn't just scan twenty different connections at one time; it also automatically tried to break into all the computers it found through those connections.

Though the program only tried basic default pa.s.swords, it had a fair degree of success, since it could attack so many network addresses at once. Further, new sites and mini-networks were being added so quickly that security often fell by the wayside in the rush to join in. Since the addresses were unpublished, companies often felt this obscurity offered enough protection.

DEFCON produced lists of thousands of computer sites to raid. Force would leave it scanning from a hacked Prime computer, and a day or two later he would have an output file with 6000 addresses on different networks. He perused the list and selected sites which caught his attention. If his program had discovered an interesting address, he would travel over the X.25 network to the site and then try to break into the computer at that address. Alternatively, DEFCON might have already successfully penetrated the machine using a default pa.s.sword, in which case the address, account name and pa.s.sword would all be waiting for Force in the log file. He could just walk right in.

Everyone on Altos wanted DEFCON, but Force refused to hand over the program. No way was he going to have other hackers tearing up virgin networks. Not even Erik Bloodaxe, one of the leaders of the most prestigious American hacking group, Legion of Doom (LOD), got DEFCON when he asked for it. Erik took his handle from the name of a Viking king who ruled over the area now known as York, England. Although Erik was on friendly terms with the Australian hackers, Force remained adamant. He would not let the jewel out of his hands.

But on this fateful day in 1988, Par didn't want DEFCON. He wanted the secret Force had just discovered, but held so very close to his chest.

And the Australian didn't want to give it to him.

Force was a meticulous hacker. His bedroom was remarkably tidy, for a hacker's room. It had a polished, spartan quality. There were a few well-placed pieces of minimalist furniture: a black enamel metal single bed, a modern black bedside table and a single picture on the wall--a photographic poster of lightning, framed in gla.s.s. The largest piece of furniture was a blue-grey desk with a return, upon which sat his computer, a printer and an immaculate pile of print-outs. The bookcase, a tall modern piece matching the rest of the furniture, contained an extensive collection of fantasy fiction books, including what seemed to be almost everything ever written by David Eddings. The lower shelves housed a.s.sorted chemistry and programming books. A chemistry award proudly jutted out from the shelf housing a few Dungeons and Dragons books.

He kept his hacking notes in an orderly set of plastic folders, all filed in the bottom of his bookcase. Each page of notes, neatly printed and surrounded by small, tidy handwriting revealing updates and minor corrections, had its own plastic cover to prevent smudges or stains.

Force thought it was inefficient to hand out his DEFCON program and have ten people scan the same network ten different times. It wasted time and resources. Further, it was becoming harder to get access to the main X.25 sites in Australia, like Minerva. Scanning was the type of activity likely to draw the attention of a system admin and result in the account being killed. The more people who scanned, the more accounts would be killed, and the less access the Australian hackers would have. So Force refused to hand over DEFCON to hackers outside The Realm, which is one thing that made it such a powerful group.

Scanning with DEFCON meant using Netlink, a program which legitimate users didn't often employ. In his hunt for hackers, an admin might look for people running Netlink, or he might just examine which systems a user was connecting to. For example, if a hacker connected directly to Altos from Minerva without hopping through a respectable midpoint, such as another corporate machine overseas, he could count on the Minerva admins killing off the account.

DEFCON was revolutionary for its time, and difficult to reproduce. It was written for Prime computers, and not many hackers knew how to write programs for Primes. In fact, it was exceedingly difficult for most hackers to learn programming of any sort for large, commercial machines. Getting the system engineering manuals was tough work and many of the large companies guarded their manuals almost as trade secrets. Sure, if you bought a $100000 system, the company would give you a few sets of operating manuals, but that was well beyond the reach of a teenage hacker. In general, information was h.o.a.rded--by the computer manufacturers, by the big companies which bought the systems, by the system administrators and even by the universities.

Learning on-line was slow and almost as difficult. Most hackers used 300 or 1200 baud modems. Virtually all access to these big, expensive machines was illegal. Every moment on-line was a risky proposition.

High schools never had these sorts of expensive machines. Although many universities had systems, the administrators were usually miserly with time on-line for students. In most cases, students only got accounts on the big machines in their second year of computer science studies. Even then, student accounts were invariably on the university's oldest, clunkiest machine. And if you weren't a comp-sci student, forget it. Indulging your intellectual curiosity in VMS systems would never be anything more than a pipe dream.

Even if you did manage to overcome all the roadblocks and develop some programming experience in VMS systems, for example, you might only be able to access a small number of machines on any given network. The X.25 networks connected a large number of machines which used very different operating systems. Many, such as Primes, were not in the least bit intuitive. So if you knew VMS and you hit a Prime machine, well, that was pretty much it.

Unless, of course, you happened to belong to a clan of hackers like The Realm. Then you could call up the BBS and post a message. 'Hey, I found a really cool Primos system at this address. Ran into problems trying to figure the parameters of the Netlink command. Ideas anyone?'

And someone from your team would step forward to help.

In The Realm, Force tried to a.s.semble a diverse group of Australia's best hackers, each with a different area of expertise. And he happened to be the resident expert in Prime computers.

Although Force wouldn't give DEFCON to anyone outside The Realm, he wasn't unreasonable. If you weren't in the system but you had an interesting network you wanted mapped, he would scan it for you. Force referred to scans for network user addresses as 'NUA sprints'. He would give you a copy of the NUA sprint. While he was at it, he would also keep a copy for The Realm. That was efficient. Force's pet project was creating a database of systems and networks for The Realm, so he simply added the new information to its database.

Force's great pa.s.sion was mapping new networks, and new mini-networks were being added to the main X.25 networks all the time. A large corporation, such a BHP, might set up its own small-scale network connecting its offices in Western Australia, Queensland, Victoria and the United Kingdom. That mini-network might be attached to a particular X.25 network, such as Austpac. Get into the Austpac network and chances were you could get into any of the company's sites.

Exploration of all this uncharted territory consumed most of Force's time. There was something cutting-edge, something truly adventurous about finding a new network and carefully piecing together a picture of what the expanding web looked like. He drew detailed pictures and diagrams showing how a new part of the network connected to the rest.

Perhaps it appealed to his sense of order, or maybe he was just an adventurer at heart. Whatever the underlying motivation, the maps provided The Realm with yet another highly prized a.s.set.

When he wasn't mapping networks, Force published Australia's first underground hacking journal, Globetrotter. Widely read in the international hacking community, Globetrotter reaffirmed Australian hackers' pre-eminent position in the international underground.

But on this particular day, Par wasn't thinking about getting a copy of Globetrotter or asking Force to scan a network for him. He was thinking about that secret. Force's new secret. The secret Parmaster desperately wanted.

Force had been using DEFCON to scan half a dozen networks while he chatted to Par on Altos. He found an interesting connection from the scan, so he went off to investigate it. When he connected to the unknown computer, it started firing off strings of numbers at Force's machine. Force sat at his desk and watched the characters rush by on his screen.

It was very odd. He hadn't done anything. He hadn't sent any commands to the mystery computer. He hadn't made the slightest attempt to break into the machine. Yet here the thing was throwing streams of numbers.

What kind of computer was this? There might have been some sort of header which would identify the computer, but it had zoomed by so fast in the unexpected data dump that Force had missed it.

Force flipped over to his chat with Par on Altos. He didn't completely trust Par, thinking the friendly American sailed a bit close to the wind. But Par was an expert in X.25 networks and was bound to have some clue about these numbers. Besides, if they turned out to be something sensitive, Force didn't have to tell Par where he found them.

'I've just found a bizarre address. It is one strange system. When I connected, it just started shooting off numbers at me. Check these out.'

Force didn't know what the numbers were, but Par sure did. 'Those look like credit cards,' he typed back.

'Oh.' Force went quiet.

Par thought the normally chatty Australian hacker seemed astonished.

After a short silence, the now curious Par nudged the conversation forward. 'I have a way I can check out whether they really are valid cards,' he volunteered. 'It'll take some time, but I should be able to do it and get back to you.'

'Yes.' Force seemed hesitant. 'OK.'

On the other side of the Pacific from Par, Force thought about this turn of events. If they were valid credit cards, that was very cool.

Not because he intended to use them for credit card fraud in the way Ivan Trotsky might have done. But Force could use them for making long-distance phone calls to hack overseas. And the sheer number of cards was astonishing. Thousand and thousands of them. Maybe 10000.

All he could think was, s.h.i.t! Free connections for the rest of my life.

Hackers such as Force considered using cards to call overseas computer systems a little distasteful, but certainly acceptable. The card owner would never end up paying the bill anyway. The hackers figured that Telecom, which they despised, would probably have to wear the cost in the end, and that was fine by them. Using cards to hack was nothing like ordering consumer goods. That was real credit card fraud. And Force would never sully his hands with that sort of behaviour.

Force scrolled back over his capture of the numbers which had been injected into his machine. After closer inspection, he saw there were headers which appeared periodically through the list. One said, 'CitiSaudi'.

He checked the prefix of the mystery machine's network address again.

He knew from previous scans that it belonged to one of the world's largest banks. Citibank.

The data dump continued for almost three hours. After that, the Citibank machine seemed to go dead. Force saw nothing but a blank screen, but he kept the connection open. There was no way he was going to hang up from this conversation. He figured this had to be a freak connection--that he accidentally connected to this machine somehow, that it wasn't really at the address he had tried based on the DEFCON scan of Citibank's network.

How else could it have happened? Surely Citibank wouldn't have a computer full of credit cards which spilled its guts every time someone rang up to say 'h.e.l.lo'? There would be tonnes of security on a machine like that. This machine didn't even have a pa.s.sword. It didn't even need a special character command, like a secret handshake.

Freak connections happened now and then on X.25 networks. They had the same effect as a missed voice phone connection. You dial a friend's number--and you dial it correctly--but somehow the call gets screwed up in the tangle of wires and exchanges and your call gets put through to another number entirely. Of course, once something like that happens to an X.25 hacker, he immediately tries to figure out what the h.e.l.l is going on, to search every shred of data from the machine looking for the system's real address.

Because it was an accident, he suspects he will never find the machine again.

Force stayed home from school for two days to keep the connection alive and to piece together how he landed on the doorstep of this computer. During this time, the Citibank computer woke up a few times, dumped a bit more information, and then went back to sleep. Keeping the connection alive meant running a small risk of discovery by an admin at his launch point, but the rewards in this case far exceeded the risk.

It wasn't all that unusual for Force to skip school to hack. His parents used to tell him, 'You better stop it, or you'll have to wear gla.s.ses one day'. Still, they didn't seem to worry too much, since their son had always excelled in school without much effort. At the start of his secondary school career he had tried to convince his teachers he should skip year 9. Some objected. It was a ha.s.sle, but he finally arranged it by quietly doing the coursework for year 9 while he was in year 8.

After Force had finally disconnected from the CitiSaudi computer and had a good sleep, he decided to check on whether he could reconnect to the machine. At first, no-one answered, but when he tried a little later, someone answered all right. And it was the same talkative resident who answered the door the first time. Although it only seemed to work at certain hours of the day, the Citibank network address was the right one. He was in again.

As Force looked over the captures from his Citibank hack, he noticed that the last section of the data dump didn't contain credit card numbers like the first part. It had people's names--Middle Eastern names--and a list of transactions. Dinner at a restaurant. A visit to a brothel. All sorts of transactions. There was also a number which looked like a credit limit, in come cases a very, very large limit, for each person. A sheik and his wife appeared to have credit limits of $1 million--each. Another name had a limit of $5 million.