THAT was power.

It wasn't like Anthrax screaming at his father until his voice turned to a whisper, all for nothing. He could make people sit up and take notice with this sort of power.

Hacking a system gave him a sense of control. Getting root on a system always gave him an adrenalin rush for just that reason. It meant the system was his, he could do whatever he wanted, he could run whatever processes or programs he desired, he could remove other users he didn't want using his system. He thought, I own the system. The word 'own' anch.o.r.ed the phrase which circled through his thoughts again and again when he successfully hacked a system.

The sense of ownership was almost pa.s.sionate, rippled with streaks of obsession and jealousy. At any given moment, Anthrax had a list of systems he owned and that had captured his interest for that moment.

Anthrax hated seeing a system administrator logging onto one of those systems. It was an invasion. It was as though Anthrax had just got this woman he had been after for some time alone in a room with the door closed. Then, just as he was getting to know her, this other guy had barged in, sat down on the couch and started talking to her.

It was never enough to look at a system from a distance and know he could hack it if he wanted to. Anthrax had to actually hack the system. He had to own it. He needed to see what was inside the system, to know exactly what it was he owned.

The worst thing admins could do was to fiddle with system security.

That made Anthrax burn with anger. If Anthrax was on-line, silently observing the admins' activities, he would feel a sudden urge to log them off. He wanted to punish them. Wanted them to know he was into their system. And yet, at the same time, he didn't want them to know.

Logging them off would draw attention to himself, but the two desires pulled at him from opposite directions. What Anthrax really wanted was for the admins to know he controlled their system, but for them not to be able to do anything about it. He wanted them to be helpless.

Anthrax decided to keep undercover. But he contemplated the power of having System X's list of telephone exchange dial-ups and their username-pa.s.sword combinations. Normally, it would take days for a single hacker with his lone modem to have much impact on the US military's communications network. Sure, he could take down a few exchanges before the military wised up and started protecting themselves. It was like hacking a military computer. You could take out a machine here, a system there. But the essence of the power of System X was being able to use its own resources to orchestrate widespread pandemonium quickly and quietly.

Anthrax defines power as the potential for real world impact. At that moment of discovery and realisation, the real world impact of hacking System X looked good. The telecommunications company computer seemed like a good place to hang up a sniffer, so he plugged one into the machine and decided to return in a little while. Then he logged out and went to bed.

When he revisited the sniffer a day or so later, Anthrax received a rude shock. Scrolling through the sniffer file, he did a double take on one of the entries. Someone had logged into the company's system using his special login patch pa.s.sword.

He tried to stay calm. He thought hard. When was the last time he had logged into the system using that special pa.s.sword? Could his sniffer have logged himself on an earlier hacking session? It did happen occasionally. Hackers sometimes gave themselves quite a fright. In the seamless days and nights of hacking dozens of systems, it was easy to forget the last time you logged into a particular system using the special pa.s.sword. The more he thought, the more he was absolutely sure. He hadn't logged into the system again.

Which left the obvious question. Who had?

Sometimes Anthrax pranked, sometimes he punished. Punishment could be severe or mild. Generally it was severe. And unlike pranking, it was not done randomly.

Different things set him off. The librarian, for example. In early 1993 Anthrax had enrolled in Asia-Pacific and Business Studies at a university in a nearby regional city. Ever since he showed up on the campus, he had been ha.s.sled by a student who worked part-time at the university library. On more than one occasion, Anthrax had been reading at a library table when a security guard came up and asked to search his bags. And when Anthrax looked over his shoulder to the check-out desk, that librarian was always there, the one with the bad att.i.tude smeared across his face.

The hara.s.sment became so noticeable, Anthrax's friends began commenting on it. His bag would be hand-searched when he left the library, while other students walked through the electronic security boom gate unbothered. When he returned a book one day late, the librarian--that librarian--insisted he pay all sorts of fines.

Anthrax's pleas of being a poor student fell on deaf ears. By the time exam period rolled around at the end of term, Anthrax decided to punish the librarian by taking down the library's entire computer system.

Logging in to the library computer via modem from home, Anthrax quickly gained root privileges. The system had security holes a mile wide. Then, with one simple command, he deleted every file in the computer. He knew the system would be backed up somewhere, but it would take a day or two to get the system up and running again. In the meantime, every loan or book search had to be conducted manually.

During Anthrax's first year at university, even small incidents provoked punishment. Cutting him off while he was driving, or swearing at him on the road, fit the bill. Anthrax would memorise the licence plate of the offending driver, then social engineer the driver's personal details. Usually he called the police to report what appeared to be a stolen car and then provided the licence plate number. Shortly after, Anthrax tuned into to his police scanner, where he picked up the driver's name and address as it was read over the airways to the investigating police car. Anthrax wrote it all down.

Then began the process of punishment. Posing as the driver, Anthrax rang the driver's electricity company to arrange a power disconnection. The next morning the driver might return home to find his electricity cut off. The day after, his gas might be disconnected. Then his water. Then his phone.

Some people warranted special punishment--people such as Bill. Anthrax came across Bill on the Swedish Party Line, an English-speaking telephone conference. For a time, Anthrax was a regular fixture on the line, having attempted to call it by phreaking more than 2000 times over just a few months. Of course, not all those attempts were successful, but he managed to get through at least half the time. It required quite an effort to keep a presence on the party line, since it automatically cut people off after only ten minutes. Anthrax made friends with the operators, who sometimes let him stay on-line a while longer.

Bill, a Swedish Party Line junkie, had recently been released from prison, where he had served time for beating up a Vietnamese boy at a railway station. He had a bad att.i.tude and he often greeted the party line by saying, 'Are there any c.o.o.ns on the line today?' His att.i.tude to women wasn't much better. He relentlessly hit on the women who frequented the line. One day, he made a mistake. He gave out his phone number to a girl he was trying to pick up. The operator copied it down and when her friend Anthrax came on later that day, she pa.s.sed it on to him.

Anthrax spent a few weeks social engineering various people, including utilities and relatives whose telephone numbers appeared on Bill's phone accounts, to piece together the details of his life. Bill was a rough old ex-con who owned a budgie and was dying of cancer. Anthrax phoned Bill in the hospital and proceeded to tell him all sorts of personal details about himself, the kind of details which upset a person.

Not long after, Anthrax heard that Bill had died. The hacker felt as though he had perhaps gone a bit too far.

The tension at home had eased a little by the time Anthrax left to attend university. But when he returned home during holidays he found his father even more unbearable. More and more, Anthrax rebelled against his father's sniping comments and violence. Eventually, he vowed that the next time his father tried to break his arm he would fight back. And he did.

One day Anthrax's father began making bitter fun of his younger son's stutter. Br.i.m.m.i.n.g with biting sarcasm, the father mimicked Anthrax's brother.

'Why are you doing that?' Anthrax yelled. The bait had worked once again.

It was as though he became possessed with a spirit not his own. He yelled at his father, and put a fist into the wall. His father grabbed a chair and thrust it forward to keep Anthrax at bay, then reached back for the phone. Said he was calling the police. Anthrax ripped the phone from the wall. He pursued his father through the house, smashing furniture. Amid the crashing violence of the fight, Anthrax suddenly felt a flash of fear for his mother's clock--a much loved, delicate family heirloom. He gently picked it up and placed it out of harm's way. Then he heaved the stereo into the air and threw it at his father. The stereo cabinet followed in its wake. Wardrobes toppled with a crash across the floor.

When his father fled the house, Anthrax got a hold of himself and began to look around. The place was a disaster area. All those things so tenderly gathered and carefully treasured by his mother, the things she had used to build her life in a foreign land of white people speaking an alien tongue, lay in fragments scattered around the house.

Anthrax felt wretched. His mother was distraught at the destruction and he was badly shaken by how much it upset her. He promised to try and control his temper from that moment on. It proved to be a constant battle. Mostly he would win, but not always. The battle still simmered below the surface.

Sometimes it boiled over.

Anthrax considered the possibilities of who else would be using his login patch. It could be another hacker, perhaps someone who was running another sniffer that logged Anthrax's previous login. But it was more likely to be a security admin. Meaning he had been found out.

Meaning that he might be being traced even as he leap-frogged through System X to the telecommunications company's computer.

Anthrax made his way to the system admin's mailboxes. If the game was up, chances were something in the mailbox would give it away.

There it was. The evidence. They were onto him all right, and they hadn't wasted any time. The admins had mailed CERT, the Computer Emergency Response Team at Carnegie Mellon University, reporting a security breach. CERT, the nemesis of every Internet hacker, was bound to complicate matters. Law enforcement would no doubt be called in now.

It was time to get out of this system, but not before leaving in a blaze of glory. A prank left as a small present.

CERT had written back to the admins acknowledging the incident and providing a case number. Posing as one of the admins, Anthrax drafted a letter to CERT. To make the thing look official, he added the case number 'for reference'. The letter went something like this:

'In regard to incident no. x.x.xXX, reported on this date, we have since carried out some additional investigations on the matter. We have discovered the security incident was caused by a disgruntled employee who was fired for alcoholism and decided to retaliate against the company in this manner.

'We have long had a problem with alcohol and drug abuse due to the stressful nature of the company environment. No further investigation is necessary.'

At his computer terminal, Anthrax smiled. How embarra.s.sing was that going to be? Try sc.r.a.ping that mud off. He felt very pleased with himself.

Anthrax then tidied up his things in the company's computer, deleted the sniffer and moved out.

Things began to move quickly after that. He logged into System X later to check the sniffer records, only to find that someone had used his login patch pa.s.sword on that system as well. He became very nervous.

It was one thing goofing around with a commercial site, and quite another being tracked from a military computer.

A new process had been added to System X, which Anthrax recognised. It was called '-u'. He didn't know what it did, but he had seen it before on military systems. About 24 hours after it appeared, he found himself locked out of the system. He had tried killing off the -u process before. It disappeared for a split-second and reappeared. Once it was in place, there was no way to destroy it.

Anthrax also unearthed some alarming email. The admin at a site upstream from both System X and the company's system had been sent a warning letter: 'We think there has been a security incident at your site'. The circle was closing in on him. It was definitely time to get the h.e.l.l out. He packed up his things in a hurry. Killed off the remaining sniffer. Moved his files. Removed the login patch. And departed with considerable alacrity.

After he cut his connection, Anthrax sat wondering about the admins.

If they knew he was into their systems, why did they leave the sniffers up and running? He could understand leaving the login patch.

Maybe they wanted to track his movements, determine his motives, or trace his connection. Killing the patch would have simply locked him out of the only door the admins could watch. They wouldn't know if he had other backdoors into their system. But the sniffer? It didn't make any sense.

It was possible that they simply hadn't seen the sniffer. Leaving it there had been an oversight. But it was almost too glaring an error to be a real possibility. If it was an error, it implied the admins weren't actually monitoring the connections in and out of their systems. If they had been watching the connections, they would probably have seen the sniffer. But if they weren't monitoring the connections, how on earth did they find out his special pa.s.sword for the login patch? Like all pa.s.swords on the system, that one was encrypted. There were only two ways to get that pa.s.sword. Monitor the connection and sniff it, or break the encryption with a brute-force attack.

Breaking the encryption would probably have taken millions of dollars of computer time. He could pretty well rule that option out. That left sniffing it, which would have alerted them to his own sniffer. Surely they wouldn't have left his sniffer running on purpose. They must have known he would learn they were watching him through his sniffer. The whole thing was bizarre.

Anthrax thought about the admins who were chasing him. Thought about their moves, their strategies. Wondered why. It was one of the unsolved mysteries a hacker often faced--an unpleasant side of hacking. Missing the answers to certain questions, the satisfaction of a certain curiosity. Never being able to look over the fence at the other side.