CUCKOO'S EGG ← We Can Solve This

Roy treated his students and staff much as his subatomic particles: keep them in line, energize them, then shoot them into immovable objects.

Years of ham radio had taught me to solder, so Paul and I had at least one common denominator. I picked up his spare soldering iron and earned his grudging respect after a few minutes of burning my fingers and squinting.

Collect raw data and throw away the expected. What remains challenges your theories.

Along with hot tubs, leftist politics, and the free speech movement, Berkeley is known for its Unix implementation.

Of course, our lab used Berkeley Unix, as do all right-thinking folks.

East Coast people were said to be biased towards AT&T Unix, but then, they hadn’t discovered hot tubs either.

This variety of software meant that no single attack could succeed against all systems. Just like genetic diversity, which prevents an epidemic from wiping out a whole species at once, diversity in software is a good thing.

In the mid 1950s, the Federal government started building the interstate highway system, a twentieth-century marvel of pork-barrel public-works politics. With memories of wartime transportation shortages, military leaders made certain that the interstate system could handle tanks, military convoys, and troop carriers. Today, few think of interstate highways as a military system, though they’re just as capable of sending tanks across the country as trucks.

I didn’t see how trust had anything to do with it. “Networks are little more than cables and wires,” I said. “And an interstate highway is just concrete, asphalt, and bridges?” Dennis replied. “You’re seeing the crude physical apparatus—the wires and communications. The real work isn’t laying wires, it’s agreeing to link isolated communities together. It’s figuring out who’s going to pay for the maintenance and improvements. It’s forging alliances between groups that don’t trust each other.”

“Our software is fragile as well—if people built houses the way we write programs, the first woodpecker would wipe out civilization

At the LBL cafeteria, Luis Alvarez sat down across from me. Inventor, physicist, and Nobel Laureate, Luie was the twentieth-century Renaissance man. He didn’t waste time on bureaucracy; he demanded results.

“But what do I do when I hit a brick wall?” “Like Livermore’s system manager?” asked Luie. “Or the telephone company withholding a phone trace. Or the FBI refusing a court order. Or our laboratory shutting me down in a couple days?” “Dead ends are illusory. When did you ever let a ‘Do Not Enter’ sign keep you away from anything? Go around the brick walls. When you can’t go around, climb over or dig under. Just don’t give up.”

“But who’s going to pay my salary?” “Permission, bah. Funding, forget it. Nobody will pay for research; they’re only interested in results,” Luie said. “Sure, you could write a detailed proposal to chase this hacker. In fifty pages, you’ll describe what you knew, what you expected, how much money it would take. Include the names of three qualified referees, cost benefit ratios, and what papers you’ve written before. Oh, and don’t forget the theoretical justification. “Or you could just chase the bastard. Run faster than him. Faster than the lab’s management. Don’t wait for someone else, do it yourself. Keep your boss happy, but don’t let him tie you down. Don’t give them a standing target.”

To make sure it doesn’t make mistakes, the sending Kermit pauses after each line, giving the listener a chance to say, “I got that line OK, go on to the next one.” The sending Kermit waits for that OK, and goes on to send the next line. If there’s a problem, the sending Kermit tries again, until it hears an OK. Much like a phone conversation where one person says “Uh huh” every few phrases.

This guy wasn’t the problem. Elxsi was. They sold their computers with the security features disabled. After you buy their machine, it’s up to you to secure it. Just plow through a dozen manuals to find a paragraph saying how to modify the permissions granted to the UUCP account. If you know that account exists. Right. The same thing must be happening all over. The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.

Something strange was happening to me. In a daze, I sat down on the hallway floor, still staring up at the pipes. For the first time in my life, something important was entirely up to me.

My attitude at work had always been like my days as an astronomer—I’d write proposals, observe at the telescope, publish papers, and stand cynically apart from the struggles and triumphs of the world around me. I didn’t care if my research led anywhere.

he’d write a program at school, send it to a computer center,

He grew up in Dorset, England, and first learned to program a computer by mail: he’d write a program at school, send it to a computer center, and receive the printout a week later. Steve claims that this makes you write good programs the first time, since each mistake wastes a week of your time.

“Sprechen Sie Deutsch?” “Not in twenty years,” Aletha said. “But I’ll haul out the old Berlitz tapes.” Sunday morning, Aletha called back. “Hey, my German isn’t so bad. A few problems with the future tense, but not bad. Not bad.” “Yeah, but what did you learn?” “Well, I learned all sorts of things about reflexive verbs

“But we did tell them,” I objected. “More than two months ago.” “Prove it.” “Sure. It’s in my logbook.” Roy wanted to see it, so we walked over to my Macintosh and brought up the logbook. Sure enough, on November 12th, my logbook said that I’d informed DOE. I’d written a summary of our conversation and even included a phone number. DOE couldn’t complain—we could prove that we’d informed them. Saved by my logbook.

“Damn. We told them. Twice.” I wasn’t sure if I should be listening. “If it makes any difference, he’s not going to get back on their system. He’s locked himself out.” I told him about the password expiration. “That’s fine for the Systems Command,” Jim said, “but how many other computers are just as wide open? If the Space Division screws up like that, even after we warn them, then how are we ever going to get the word out?” “You warned them?” “Damn straight. We’ve been telling systems operators for six months to change all their

I passed the message back to Steve at Tymnet, who forwarded it to Wolfgang. The bureaucrats might not be able to communicate with each other, but the technicians sure did.

Things are easier in grad school. Just call everyone with a tie, “Professor,” and anyone with a beard, “Dean.” When in doubt, just say “Doctor.”

If you pester an organization long enough, eventually they’ll hold a meeting.

Claudia greeted me with a teasing smile. “Where have you been—running around with loose women, I bet!” “Nope. Meeting dark, handsome spies with trench coats, in dark alleys.” “Did you bring one home for me?”

Pet is an acronym for Positron Emission Tomography. It’s a medical diagnostic technique to locate where oxygen is consumed in people’s brains. By injecting a patient with an activated isotope, LBL’s scientists create images of the brain’s interior. All you need is a particle accelerator to create radioactive isotopes, a hypersensitive

I called Livermore; it took five minutes to convince them to erase the message from all of their systems. But how do we prevent this kind of leak in the future? Well, I could start by keeping my officemates better informed. From now on, every week I told them what was happening and why we had to keep quiet. It worked remarkably well … tell people the truth, and they’ll respect your need for secrecy.

How many other security holes were lurking in my system? The NCSC might know, but they weren’t saying. NSA’s motto, “Never Say Anything,” seemed to come into play. Yet by keeping silent about these computer security problems, they hurt us all. I could see that the hackers had long ago discovered and exploited these holes. Why wasn’t someone telling the good guys?

We constantly check our results. For instance, when we solve a mathematical problem by theoretical means, we check the result on a computer. Then another section might try to solve the same problem with a different technique. It’s all a matter of abstraction.” “Think anyone will mind that I don’t have a tie?” I’d worn a clean pair of jeans, figuring there might be some important people. But I still didn’t own a suit or tie. “Don’t worry,” Bob said. “At your level of abstraction, it doesn’t make any difference.”

The more I thought about it, the more impressed I was with the military people. They’d zeroed in on the weak points of my talk, and understood both the details and importance of what I’d said.

How far I’d come. A year ago, I would have viewed these officers as war-mongering puppets of the Wall Street capitalists. This, after all, was what I’d learned in college.

So long as you think of someone ripping you off as a “penetrator,” you’ll never make any progress. As long as they remained impersonal and detached, the NSA people would never realize that this wasn’t just a computer being penetrated, but was a community being attacked.

As a scientist, I understood the importance of remaining detached from an experiment. But I’d never solve the problem until I got involved; until I worried about the cancer patients who might be injured by this guy; until I became angry that this hacker was directly threatening all of us.

These NSA spooks spoke in morally null jargon, while I felt genuine outrage. Outrage that I was wasting my time following a vandal instead of doing astrophysics. Outrage that this spy was grabbing sensitive information with impunity. Outrage that my government didn’t give a damn.

“It would be easier if you were a defense contractor,” one spook told me. “NSA shies away from academics. There seems to be a kind of mutual distrust.” So far, my total outside support was $85, an honorarium for speaking at the San Francisco Bay Technical Librarians’ Association.

Yet another note described tests of a new supercomputer, complete with parallel processors. I tried to conceal my utter lack of knowledge of these subjects by filling the letters with jargon.

What’s wrong with this picture? These are the very people that are designing, building, and testing secure systems. Yet hackers traipse freely through their computers

I wondered if the FBI was feeding some false information through Laszlo Balogh. “Ever reply to the Pittsburgh letter?” I asked. “Hey, how about them Yankees winning another game?”

When you run an experiment, you take notes, think for a while, then publish your results. If you don’t publish, nobody will learn from your experience. The whole idea is to save others from repeating what you’ve done.

Darren liked punk music, Unix networks, laser typography, and friends with spiked haircuts—in that order.

After five, when the normal folks left, he cranked up the stereo in his cubicle, and wrote programs to the sound of U2. “The louder the music, the better the code.”

“OK, Sally,” I said. “I’ll make sure that I don’t even mention your agency. If anyone asks, I’ll just say, ‘No comment.’ ” “No, don’t do that. Then those pigs will sniff around and pick up more. Tell them that we had nothing to do with it.” “Look, I’m not gonna lie, Sally. And anyway, isn’t the National Computer Security Center a public, unclassified agency?” “Yes, it is. But that’s no reason to let the press prowl around.” “Then why don’t you send one of your people to my press conference?” “None of our employees are authorized to talk to the media.” With this attitude, it’s no wonder her agency gets such bad press.