The version of Sendmail run by System X had a security hole Anthrax could exploit by sending himself a tiny backdoor program. To do this, he used System X's mail-processing service to send a 'letter' which contained a tiny computer program. System X would never have allowed the program to run normally, but this program worked like a letter bomb. When System X opened the letter, the program jumped out and started running. It told System X that anyone could connect to port 2001--to an interactive sh.e.l.l--of the computer without using a pa.s.sword.

A port is a door to the outside world. TCP/IP computers use a standard set of ports for certain services. Port 25 for mail. Port 79 for Finger. Port 21 for FTP. Port 23 for Telnet. Port 513 for Rlogin. Port 80 for the World Wide Web. A TCP/IP based computer system has 65535 ports but most of them go unused. Indeed, the average Unix box uses only 35, leaving the remaining 65500 ports sitting idle. Anthrax simply picked one of these sleepy ports, dusted off the cobwebs and plugged in using the backdoor created by his tiny mail-borne program.

Connecting directly to a port created some problems, because the system wouldn't recognise certain keystrokes from the port, such as the return key. For this reason, Anthrax had to create an account for himself which would let him telnet to the site and login like any normal user. To do this, he needed root privileges in order to create an account and, ultimately, a permanent backdoor into the system.

He began hunting for vulnerabilities in System X's security. There was nothing obvious, but he decided to try out a bug he had successfully used elsewhere. He had first learned about it on an international phone conference, where he had traded information with other hackers and phreakers. The security hole involved the system's relatively obscure load-module program. The program added features to the running system but, more importantly, it ran as root, meaning that it had a free run on the system when it was executed. It also meant that any other programs the load-module program called up also ran as root. If Anthrax could get this program to run one of his own programs--a little Trojan--he could get root on System X.

The load-module bug was by no means a sure thing on System X. Most commercial systems--computers run by banks or credit agencies, for example--had cleaned up the load-module bug in their Sunos computers months before. But military systems consistently missed the bug. They were like turtles--hard on the outside, but soft and vulnerable on the inside. Since the bug couldn't be exploited unless a hacker was already inside a system, the military's computer security officials didn't seem to pay much attention to it. Anthrax had visited a large number of military systems prior to System X, and in his experience more than 90 per cent of their Sunos computers had never fixed the bug.

With only normal privileges, Anthrax couldn't force the load-module program to run his backdoor Trojan program. But he could trick it into doing so. The secret was in one simple keyboard character: /.

Unix-based computer systems are a bit like the protocols of the diplomatic corps; the smallest variation can change something's meaning entirely. Hackers, too, understand the implications of subtle changes.

A Unix-based system reads the phrase:

/bin/program

very differently from:

bin program

One simple character--the '/'--makes an enormous difference. A Unix computer reads the '/' as a road sign. The first phrase tells the computer, 'Follow the road to the house of the user called "bin" and when you get there, go inside and fetch the file called "program" and run it'. A blank s.p.a.ce, however, tells the computer something quite different. In this case, Anthrax knew it told the computer to execute the command which proceeded the s.p.a.ce. That second phrase told the machine, 'Look everywhere for a program called "bin" and run it'.

Anthrax prepared for his attack on the load-module program by installing his own special program, named 'bin', into a temporary storage area on System X. If he could get System X to run his program with root privileges, he too would have procured root level access to the system. When everything was in place, Anthrax forced the system to read the character '/' as a blank s.p.a.ce. Then he ran the load-module program, and watched. When System X hunted around for a program named 'bin', it quickly found Anthrax's Trojan and ran it.

The hacker savoured the moment, but he didn't pause for long. With a few swift keystrokes, he added an entry to the pa.s.sword file, creating a basic account for himself. He exited his connection to port 2001, circled around through another route, using the 0014 gateway, and logged into System X using his newly created account. It felt good walking in through the front door.

Once inside, Anthrax had a quick look around. The system startled him.

There were only three human users. Now that was definitely odd. Most systems had hundreds of users. Even a small system might serve 30 or 40 people, and this was not a small system. He concluded that System X wasn't just some machine designed to send and receive email. It was operational. It did something.

Anthrax considered how to clean up his footsteps and secure his position. While he was hardly broadcasting his presence, someone might discover his arrival simply by looking at who was logged in on the list of accounts in the pa.s.sword file. He had given his backdoor root account a bland name, but he could reasonably a.s.sume that these three users knew their system pretty well. And with only three users, it was probably the kind of system that had lots of babysitting. After all that effort, Anthrax needed a watchful nanny like a hole in the head.

He worked at moving into the shadows.

He removed himself from the WTMP and UTMP files, which listed who had been on-line and who was still logged in. Anthrax wasn't invisible, but an admin would have to look closely at the system's network connections and list of processes to find him. Next stop: the login program.

Anthrax couldn't use his newly created front-door account for an extended period--the risk of discovery was too great. If he accessed the computer repeatedly in this manner, a prying admin might eventually find him and delete his account. An extra account on a system with only three users was a dead give-away. And losing access to System X just as things were getting interesting was not on his agenda.

Anthrax leaned back in his chair and stretched his shoulders. His hacking room was an old cloakroom, though it was barely recognisable as such. It looked more like a closet--a very messy closet. The whole room was ankle-deep in sc.r.a.p papers, most of them with lists of numbers on the back and front. Occasionally, Anthrax scooped up all the papers and piled them into heavy-duty garbage bags, three of which could just fit inside the room at any one time. Anthrax always knew roughly where he had 'filed' a particular set of notes. When he needed it, he tipped the bag onto the floor, searched through the mound and returned to the computer. When the sea of paper reached a critical ma.s.s, he jammed everything back into the garbage bag again.

The computer--an Amiga 500 box with a cheap Panasonic TV as the monitor--sat on a small desk next to his mother's sewing machine cabinet. The small bookcase under the desk was stuffed with magazines like Compute and Australian Communications, along with a few Commodore, Amiga and Unix reference manuals. There was just enough s.p.a.ce for Anthrax's old stereo and his short-wave radio. When he wasn't listening to his favourite show, a hacking program broadcast from a pirate station in Ecuador, he tuned into Radio Moscow or the BBC's World Service.

Anthrax considered what to do with System X. This system had aroused his curiosity and he intended to visit it frequently.

It was time to work on the login patch. The patch replaced the system's normal login program and had a special feature: a master pa.s.sword. The pa.s.sword was like a diplomatic pa.s.sport. It would let him do anything, go anywhere. He could login as any user using the master pa.s.sword. Further, when he logged in with the master pa.s.sword, he wouldn't show up on any log files--leaving no trail. But the beauty of the login patch was that, in every other way, it ran as the normal login program. The regular computer users--all three of them--could login as usual with their pa.s.swords and would never know Anthrax had been in the system.

He thought about ways of setting up his login patch. Installing a patch on System X wasn't like mending a pair of jeans. He couldn't just slap on a swath from an old bandanna and quick-st.i.tch it in with a thread of any colour. It was more like mending an expensive cashmere coat. The fabric needed to be a perfect match in colour and texture.

And because the patch required high-quality invisible mending, the size also needed to be just right.

Every file in a computer system has three dates: the date it was created, the date it was last modified and the date it was last accessed. The problem was that the login patch needed to have the same creation and modification dates as the original login program so that it would not raise suspicions. It wasn't hard to get the dates but it was difficult to paste them onto the patch. The last access date wasn't important as it changed whenever the program was run anyway--whenever a user of the System X logged in.

If Anthrax ripped out the original login program and st.i.tched his patch in its place, the patch would be stamped with a new creation date. He knew there was no way to change a creation date short of changing the clock for the whole system--something which would cause problems elsewhere in System X.

The first thing a good system admin does when he or she suspects a break-in is search for all files created or modified over the previous few days. One whiff of an intruder and a good admin would be all over Anthrax's login patch within about five minutes.

Anthrax wrote the modification and creation dates down on a bit of paper. He would need those in a moment. He also jotted down the size of the login file.

Instead of tearing out the old program and sewing in a completely new one, Anthrax decided to overlay his patch by copying it onto the top of the old program. He uploaded his own login patch, with his master pa.s.sword encased inside it, but he didn't install it yet. His patch was called 'troj'--short for Trojan. He typed:

cat/bin/login The cat command told the computer: 'go get the data in the file called "troj" and put it in the file "/bin/login"'. He checked the piece of paper where he had scribbled down the original file's creation and modification dates, comparing them to the new patch. The creation date and size matched the original. The modification date was still wrong, but he was two-thirds of the way home.Anthrax began to fasten down the final corner of the patch by using a little-known feature of the command: /usr/5bin/date Then he changed the modification date of his login patch to the original login file's date.He stepped back to admire his work from a distance. The newly installed patch matched the original perfectly. Same size. Same creation date. Same modification date. With patch in place, he deleted the root account he had installed while visiting port 2001. Always take your garbage with you when you leave.Now for the fun bit. Snooping around. Anthrax headed off for the email, the best way to work out what a system was used for. There were lots of reports from underlings to the three system users on buying equipment, progress reports on a certain project, updates. What was this project?Then Anthrax came across a huge directory. He opened it and there, couched inside, were perhaps 100 subdirectories. He opened one of them. It was immense, containing hundreds of files. The smallest subfile had perhaps 60 computer screens' worth of material, all of it unintelligible. Numbers, letters, control codes. Anthrax couldn't make head nor tail of the files. It was as if he was staring at a group of binary files. The whole subdirectory was filled with thousands of pages of mush. He thought they looked like data files for some database.As he didn't have the program he needed to interpret the mush, Anthrax cast around looking for a more readable directory.He pried open a file and discovered it was a list. Names and phone numbers of staff at a large telecommunications company. Work phone numbers. Home numbers. Well, at least that gave him a clue as to the nature of the project. Something to do with telecommunications. A project important enough that the military needed the home phone numbers of the senior people involved.The next file confirmed it. Another list, a very special list. A pot of gold at the end of the rainbow. The find of a career spent hacking.If the US government had had any inkling what was happening at that moment, heads would have rolled. If it had known that a foreigner, and a follower of what mainstream American media termed an extremist religious group, had this information in his possession, the defence agency would have called in every law enforcement agency it could enlist.As John McMahon might have said, a lot of yelling and screaming would have occurred.Anthrax's mother had made a good home for the family, but his father continued to disrupt it with his violence. Fun times with his friends shone like bright spots amidst the decay of Anthrax's family life.Practical jokes were his specialty. Even as a small child, he had delighted in trickery and as he grew up, the jokes became more sophisticated. Phreaking was great. It let him prank people all over the world. And pranking was cool.Most of the fun in pranking was sharing it with friends. Anthrax called into a voice conference frequented by phreakers and hackers.Though he never trusted others completely when it came to working on projects together, it was OK to socialise. The phreaking methods he used to get onto the phone conference were his own business. Provided he was discreet in how much he said in the conference, he thought there wasn't too much risk.He joined the conference calls using a variety of methods. One favourite was using a multinational corporation's Dialcom service.Company employees called in, gave their ID numbers, and the operator put them through to wherever they wanted to go, free of charge. All Anthrax needed was a valid ID number.Sometimes it was hard work, sometimes he was lucky. The day Anthrax tried the Dialcom service was a lucky day. He dialled from his favourite pay phone.'What is your code, sir?' The operator asked.'Yes, well, this is Mr Baker. I have a sheet with a lot of numbers here. I am new to the company. Not sure which one it is.' Anthrax shuffled papers on top of the pay phone, near the receiver. 'How many digits is it?'