------------------------------ Date: Wed, 10 Jul 1991 19:37:22 -0400 From: Brendan Kehoe Subject: File 3--_CYBERPUNK_ Review A capsule & review by Brendan Kehoe. "Cyberpunk", by Katie Hafner and John Markoff, provides the reader with a peek inside the very real world of the computer "hacker". Labeled members of a "counterculture", these people, generally in their teens and early twenties, have added a sharp tint to the normally bland design of the computing world. Divided into three contrasting sections, "Cyberpunk" provides an insight into what drives a hacker, from the extreme to the accidental. (To allay any complaints, I'll use hacker in its common vernacular; as Steven Bellovin said a couple of years ago, "the battle is over, and the purists have lost." For our purposes, "hacker" will imply "criminal".) Kevin Mitnick, a overweight and markedly shy youth, satisfied many of the stereotypes that have been developed over the years regarding hackers. He ran the full gamut of "evil deeds," from altering credit ratings to turning off telephones at will. Remarkably adept at social engineering, Mitnick could talk himself into (or out of) nearly any situation. In one escapade, Mitnick and his compatriots ("Roscoe", "Susan", and a third phreak) managed to enter, raid, and leave a PacBell COSMOS center (where much of PacBell's main computing takes place for things like billing), leaving with a wealth of door-lock codes and, more importantly, manuals. All with the PacBell guard's unwitting permission. (They were later turned in by Susan, who is described as a very vindictive and dangerous young woman.) All adventure aside, Kevin had a serious problem. He was, by clinical definition, addicted to hacking of any sort. It became impossible for him to stop. Even after incidents with USC, GTE, Pierce College, and the Santa Cruz Operation (makers of SCO Unix), Mitnick kept following the endless road of systems to be conquered. He disappeared for a year (purportedly to Israel, but in reality only a few miles outside of San Francisco), to return after his warrant for the SCO incidents had been dropped. He immediately looked up his friend Lenny DiCiccio, who had spent a number of his teenage years following Kevin as a trainee might follow a mentor. Lenny found himself increasingly unhappy, as the fevered hacker's hold upon him returned. Mitnick insisted that he be allowed to come to Lenny's office (a small software company) after hours to hack. Under normal circumstances, such constant imposition would lead to some sort of objection---but Lenny couldn't help himself. Kevin appealed to the criminal in him that normally lay dormant. With Kevin, he could do things he had previously only schemed about. After a few months, Kevin and Lenny happened upon a virtual gold mine: Digital's Star development cluster in Nashua, New Hampshire, where their most proprietary systems development takes place. Since DEC's VMS operating system was their favorite, they couldn't have been happier. Or more greedy. "Kevin had always approached his illicit computing as a serious project [ ... his ] project for 1988 was downloading Digital's VMS source code." In the course of following Mitnick's tale, Hafner and Markoff do an excellent job of drawing the reader into Kevin's never-ending search for the "perfect hack." The eventual outcome of their Digital exploits, and the end of their (illegal) hacking careers (to slip out of the vernacular for just a moment), is nothing short of amazing. The authors' depiction is both disturbing as it is riveting. By now, many people are acquainted with the story of the "Wily Hacker", the electronic intruder that skyrocketed Cliff Stoll, an astronomer by degree who found himself a system manager, into wide-spread notoriety as an authority on computer security. Stoll's paper in the Communications of the ACM, "Stalking the Wily Hacker", graduated to become the book "The Cuckoo's Egg", which was on the best seller lists for weeks, and also took the form of a Nova documentary. This all, however, was presented from Stoll's point of view. Hafner and Markoff now afford people the opportunity to see the "other side" of the whole affair---from the world of Markus Hess, Pengo, and the German hacking underground. Hans Huebner went by the name "Pengo" in his youth, and is the main character in the second part of "Cyberpunk". Pengo grew from a Commodore 64 and BASIC programming to a network "cowboy" in a matter of months. Video games (including the one that provided his namesake) were his first passion---he could spend hours upon hours completely engrossed in the tiny world that exposed itself before him. Then a friend introduced him to using a modem, and the vast web of computers only a phone call or network connection away. He found in hacking an excitement and adrenaline rush normal video games could only attempt to equal. Pengo's world was strewn with drugs---one of his fellow hackers, Karl Koch (nicknamed "Hagbard Celine", for the protagonist in the Illuminatus! trilogy), regularly abused hashish and LSD. All members of their small group (with the exception of Markus Hess) spent a substantial amount of time in a chemical haze. Peter Carl and Dirk-Otto Brzezinski (aka "Dob") also played a major role in Germany's hacking scene. It was ultimately Carl who introduced a new angle to their computer crimes---the potential for making money by selling their knowledge to the Soviets. Starved for technology, the pre-Glastnost Russian republic absorbed the booming computer industry with relish at every opportunity. Members of the KGB worked with agents around the world, smuggling electronics and high-tech computers into the Soviet Union. The hackers, particularly Carl and Dob, wanted in. Carl approached one KGB agent with an offer to provide the fruits of their hacking ventures in exchange for one million German marks. After small rewards, it became clear that they would never reach their lofty goal---they received at best a few thousand marks for a copy of the source code to Berkeley Unix. Often, they sold what was otherwise public domain software, much to the Soviets' chagrin. Eventually, internal struggles drew the hackers apart---Pengo, for not being able to "produce" often enough for Carl; Hagbard, falling further and further into an incoherent world only he knew; Dob, who went to prison for weeks because Pengo forgot to pay a bill; and Hess, who became increasingly wary about how much he should share with the others, until he rarely heard from them. Pengo, growing weary of the entire KGB ordeal, let the secret slip during a routine interview with the local media. The German press was habitually interested in the darkly intriguing German hackers. When the reporters realized the magnitude of the story that Pengo mentioned so casually, they felt society draw its breath at the idea that espionage, considered inevitable by many, had actually been demonstrated in the computer underground. "Cyberpunk" spends a good deal of time describing the aftermath of the exposure of the KGB dealings. The arduous ordeal of deciding who was responsible for what crime(s), trying to educate a computer illiterate court in the intricacies of computer networks and use in general, and the conflicting stories of each of the hackers would make a normal writer's head spin. Hafner and Markoff demonstrate an ability to organize the entire matter into a sensible, and interesting, counterplay. At the closing of the final section, we learn of a truly unexpected casualty of the entire affair. Finally, probably the most widely known case of computer malfeasance, the story of Robert Tappan Morris (aka "RTM") and his Internet worm of 1988 is described. The section begins in a room at Berkeley called the "fishbowl", where Phil Lapsley notices a strange process running on his system. It soon becomes clear that many of the computers on the campus display similar characteristics to Phil's. They later discover that it's not confined to Berkeley---it's happening all over the Internet. Morris, a Cornell graduate student in computer science, had written a program that would "reproduce" itself from computer to computer, in a relatively benign way (inasmuch as it didn't destroy any information). He made some careless errors, however, which made the program go out of control. He released it on Wednesday afternoon, November 2, 1988. Rather than replicate itself only after a long period of time on the same system, it did so at a rate so fast that the computer soon became unusable. When Morris returned from dinner only an hour later, it had already ground hundreds of systems to a halt. It traveled the network by exploiting holes in certain Unix systems' software. Teams at Berkeley and MIT spent all night studying a copy of his program, trying to return it to its original source form. Slowly "patches" for the holes were worked together, and sent out to system administrators and posted to the Usenet news network. Unfortunately, many systems had completely disconnected themselves from the Internet as soon as the worm hit, so they didn't get the fixes until days later. Robert Morris, RTM's father and a computer scientist for the National Security Agency, stood by his son while he went to trial and faced reprimand for the results of his actions. Hafner and Markoff portray the young Morris as an extremely bright student who probably only now realizes the full effect of his relatively small programming errors. What happened behind the scenes of the whole incident completes the story given by the news media and various technical and electronic journals. (As a note, also included is the story of how the senior Morris came to work for the NSA.) "Cyberpunk" brings to the forefront an issue facing computer professionals and enthusiasts alike---the legal systems of the world are sorely lacking in appropriate investigation and treatment of cases like the three detailed in this book. Oftentimes the punishments and results of captures are far too harsh--other times, they're lenient enough to be laughable. "Do young people who illegally enter computers really represent such a menace? We hope that from reading the following stories readers will learn that the answer isn't a simple one." Throughout the book, the authors never let the reader forget that they're describing real people and real consequences, not fictional events. In all, I found "Cyberpunk" to be an excellent read (I devoured it in about 4 days, coupled with work and other things) that anyone remotely connected with computers, or intrigued by the computer underground in general, will find truly fascinating. As an aside, I think the first section on Kevin Mitnick would make an absolutely fantastic docu-drama. Downloaded From P-80 International Information Systems 304-744-2253