Approaching Zero Part 3

Breaking into a switch through a maintenance port shouldn't have been easy, but in those days security was light. "For years and years the phone company never had any problems because they were so secret," Pat says. "They never expected anyone to try to break into their systems." The switch used an operating system called UNIX, designed by the phone company, that was relatively simple to use. "It had lots of menus," recalls Pat with satisfaction. Menus are the lists of functions and services available to the computer user, or in this case, the computer hacker. Used skillfully, menus are like a map of the computer.

As Pat learned his way around the switch, he began to play little jokes, such as resetting the time. This, he says, was absurdly simple: the command for the clock was Time. Pat would reset the clock from a peak time--when telephone charges were highest--to an off-peak time. The clock controlled the telephone company's charges, so until the billing department noticed it was out of kilter, local telephone users enjoyed a period of relatively inexpensive calls. He also learned how to disconnect subscriber's phones and to manipulate the accounts files. The latter facility enabled him to "pay" bills, at first at the phone company and later, he claims, at the electric company and at credit card offices. He would perform this service for a fee of 10 percent of the bill, which became a useful source of extra income.

He also started to play on the Defense Department's Advanced Research Projects Agency (ARPA) computer network. ARPANET was the oldest and the largest of the many computer nets--webs of interconnected mainframes and workstations--that facilitated the Defense Department's transfer of data. ARPANET was conceived in the 1950s--largely to protect the ability of the U.S. military to communicate after a nuclear strike--and finally established in the late 1960s. It eventually linked about sixty thousand computers, or nodes, and interacted with other networks, both in the United States and elsewhere in the world, making it an integral part of Worldnet. Most universities, research centers, defense contractors, military installations, and government departments were connected through ARPANET . Because there was no "center" to the system, it functioned like a highway network, connecting each node to every other; accessing it at one point meant accessing the whole system.

Pat used to commune regularly with other hackers on pirate bulletin boards, where he exchanged information on hacking sites, known computer dial-ups, and sometimes even stolen IDs and pa.s.swords. From one of these pirate boards he obtained the dial-up numbers for several ARPANET nodes.

He began his hack of ARPANET by first breaking into Sprint, the long-distance phone carrier. He was looking for long-distance access codes, the five-digit numbers that would get him onto the long-distance lines for free. In the old days he could have used a blue box, but since then the phone system had become more sophisticated. Blue boxes were said to have been killed off once and for all in 1983 when Bell completed the upgrading of its system to what is called Common Channel Interoffice Signaling (CCIS). Very simply, CCIS separates the signaling--the transmission of the multifrequency tones--from the voice lines.' To get the codes he wanted, Pat employed a technique known as war-dialing, in which a program instructs the computer to systematically call various combinations of digits until it finds a "good" one, a valid access code. The system is crude but effective; a few hours spent war-dialing can usually garner a few good codes.

These long-distance codes are necessary because of the timeconsuming nature of hacking. It takes patience and persistence to break into a target computer, but once inside, there is a myriad of menus and routes to explore, to say nothing of other linked computers to jump to. Hackers can be on the phone for hours, and whenever possible, they make certain their calls are free.

Pat's target was an ARPANET-linked computer at MIT, a favorite for hackers because at that time security was light. In common with many other universities, MIT practiced a sort of open access, believing that its computers were there to be used. The difficulty for MIT, and other computer operators, is that if security is light, the computers are abused, but if security is tight, they become more difficult for even authorized users to access.

Authorized users are given a personal ID and a pa.s.sword, which hackers spend a considerable amount of time collecting through pirate bulletin boards, peering over someone's shoulder in an office, or "dumpster diving." But exploiting a computer's default log-ins and pa.s.swords can often be even simpler--as Nick Whiteley discovered when he hacked in to the QMC computer for the first time. A common default is "sysmaint," for systems maintenance, used as both the log-in and the pa.s.sword. Accessing a machine with this default would require no more than typing "sysmaint" at the log-in prompt and then again at the pa.s.sword prompt. Experienced hackers also know that common commands such as "test" or "help" are also often used as IDs and pa.s.swords.

Pat first accessed ARPANET by using a default code. "Back then there was no real need for security," he says. "It was all incredibly simple. Computers were developed for human beings to use. They have to be simple to access because humans are idiots."

ARPANET became a game for him--he saw it as "a new frontier to play in." He jumped from computer to computer within the system, accessing everything from the main computers regulating the network to mainframes at the Pentagon, air force, and army installations and research centers. "It was like going through an electronic road map, trying to get somewhere, without knowing where," he says. Pat talks in vague terms about downloading information from the computers he accessed, but is evasive about what he did with it. He says that some of it was sold, although what he sold and to whom and for how much remains unclear.

It is more likely that selling the data was of secondary concern; he was merely "fascinated" by the intricacies of the new technology - "This is the information age," he says. "Knowing about computers made me feel more intelligent. Very few people had access to them, and even fewer understood them."

At about the time that he was first hacking into ARPANET, a new program called Super Zap appeared which could bypa.s.s copy protection on IBM PC-type software.

Pat thought that its function mirrored his own activities, so he decided to call himself Captain Zap.

By 1980 Captain Zap was becoming more and more adventurous. He had learned the dial-ups for the White House computer network, which he accessed regularly over the next year, and had also dialed directly into the Pentagon. He was going for prestige hacks.

He used to download information from the White House, reams and reams of computer paper, and bring it home to his wife. "Look what I've found!" he would shout, but she was less interested in what he had found than in the fact he could get caught. And whatever it was that he had discovered, he himself can't remember. "There was all sorts of bulls.h.i.t," he says. Some of it was encrypted, some not, but none of it seems to have been very memorable.

There was another use for the White House phone number, however. He would sometimes call the central operator number--a voice number, not a dial-up--and in his best bureaucratic style say something like, "This is Mr. McNamara, admin counsel. I need a secure line to the American emba.s.sy in Germany." He swears that the operators would patch him through, and that once connected to the American emba.s.sy--on a secure line, from the White House--he could request another secure line to whatever local number he wanted to call. He claims that Mr. McNamara was just a name that he had made up, and that whether or not there was such a person, the operators never turned him down.

Captain Zap was a believer in "knowing the lingo"--the lingo being the language necessary, whether computer-speak, telcospeak, or even bureaucratese--to obtain information or to persuade people to help you. This practice, known as social engineering, is a by-product of hacking, simply getting information from someone by pretending to be someone else.

It works like this. Say you need the dial-up for a particular computer. You call the voice number of the target company and ask to speak to the computer operator. When you get through, you put on your best telco repairman's accent and say, "We're doing a few repairs on the computer lines in your area. Have you been having trouble with your terminal?" The answer is invariably yes. "Yeah, I thought so," you say. "Look, we need to check the line. Can you start up your system and run me through it? What's your dial-up?" And so on. In most cases the operator will volunteer not only the dial-up, but the log-in and pa.s.sword as well.

Social engineering takes a lot of the ha.s.sle out of hacking, And for adolescent hackers it has an additional attraction: it gives them a chance to put one over on an adult. Deceiving grown-ups has always been a youthful pastime; social engineerg demands it.

While Captain Zap was hacking the White House and the Pentagon, he was also putting his skills to a more profitable se--theft. He and his friend, Doctor Diode, had learned how to rack the sales and invoicing systems of a number of large comuter companies and equipment wholesalers. The system they had worked out was surprisingly simple. First they would create dummy corporations by hacking into a credit agency, listing their company on the register, and giving it a "triple-A" credit rating--the highest. Then they would hack into a supplier's computer and create a real-paper trail: they would connect themselves to the sales department and cut an order, jump to the accounts department and "pay" the invoice, then skip over to shipping and write out a delivery manifest. The delivery address would be a mail drop the address of an answering service, say, which would also receive all doc.u.mentation from the target company. From the supplier's point of view the paper trail was complete: they had an order, a paid invoice, and a delivery manifest. The paperwork made sense. If they checked with the credit agency, they would find that the buyer had a triple-A credit rating. Of course the company didn't actually have the money to cover the equipment it had just delivered, but that wouldn't be discovered until they tried to balance their books.

The supplies that Captain Zap and his friend ordered included portable terminals, a Hewlett-Packard computer, peripherals, cameras, walkie-talkies, and other supplies. According to the authorities, the total amount of goods stolen in the scam amounted to over $500,000.

Pat insists that hacking into the supplier's computers was simple: "There was no security," he says. Using guesswork and knowledge of the default settings, they could make their way past the log-in and pa.s.sword prompts. For more recalcitrant computers they rigged up an adapted "war-dialing" system that would keep pounding at the door with one ID and pa.s.sword combination after the other until they got in. Even if a computer operator has a.s.siduously removed default codes, there are still common combinations that people use over and over. There are said to be just a few of these combinations--such as name and surname, or company name and department--that, in a large system, someone will use. Knowing the names of employees and where they work greatly speeds up the process of hacking. People pick simple combinations for an obvious reason: they need to remember them. Choosing something completely off-the-wall increases the chance of forgetting the ID or pa.s.sword just as the prompt is flashing. And writing them down defeats the object.

The surveillance of Captain Zap began in May 1981. Pat knew he was being watched because he noticed a van with two men in it outside his apartment. By then his unorthodox buying spree had gone on for almost two years. Though each "order" was relatively small, the companies that had been robbed had been able to isolate the accounts that appeared to be paid but for which there was no corresponding check. Then they called the police.

There was a trail of connections the authorities could follow, which led from the companies that had sold the goods to the mail drops, and from there to Pat and the others he worked with. The bust came at ten A.M. on July 2, 1981. Agents from the FBI accompanied by state police from the White Collar Crime Unit, Bell Security representatives and two military policemen raided Pat's parents' home. The maid answered the door.

He lived in one of the wealthiest suburbs of Philadelphia; the homes are substantial, the residents well established. Pat's father owned and managed one of the largest and oldest shipping companies on the East Coast. When the newspapers carried the story, Pat and his friends would be castigated as "children of privilege."

The FBI presented Pat's mother with a thirty-seven-page doc.u.ment. "We have a search warrant," they said.

"For what?"

"For Pat. He's accused of computer fraud."

His mother looked aghast. "He couldn't pa.s.s mathematics. You're telling me he's a computer genius?"

The agents proceeded to tear apart Pat's room. They packed up alll the computers, modems, and communications gear they could find. They went through the files, stuffing them in boxes. When Pat came home that night, he found that all of his equipment had been taken away.

Pat was indicted on September 21 in both Harrisburg, Pennsylvania, and Washington, D.C., for a number of offenses, including theft of equipment--the $500,000 worth of computers and supplies--and theft of telephone services. He was twenty-four years old at the time. In 1981 there was no comprehensive computerfraud law, so Pat was "shoehorned"--his expression--into the existing criminal statutes.

There are advantages to being a child of privilege. Though Pat's colleagues were also arrested (there were five arrests in total, including Pat and Doctor Diode) and some turned state's evidence in exchange for a light sentence, Pat's father's money bought him the services of two of Philadelphia's biggest law firms. After looking at the evidence, one of the lawyers turned to Pat and said, "No jury will ever understand what you did and no jury will ever convict you for ripping off the phone company."

The lawyer's words were not put to the test. The charges against Pat were plea-bargained down to a $1,000 fine and two and a half years' "phone probation"--meaning that Pat had to report to his probation officer by calling in. He still finds it ironic that a convicted phreaker and hacker was required to report in by telephone.

In the wake of the Captain Zap case the American authorities quickly woke up to the threat of computer hacking. By the mid 1980S almost every state had criminalized "theft by browsing"--that is, hacking into computers to see what's there. The first federal law on computer crime, the Computer Fraud and Abuse Act, was pa.s.sed in 1986.

The contrast between the leniency shown Captain Zap in the U.S. courts for what was, in the end, hacking for profit, and the judgment given to Nick Whiteley in England for schoolboyish pranks nine years later is ill.u.s.trative of the changes in the authorities' perception of hacking over the decade. In 1981, when Cap- tain Zap was arrested, his lawyer was probably correct in a.s.suming that no jury would have understood the prosecution's case. In 1990, however, Nick was almost certainly right in saying the courts were determined to throw the book at him.

Over the course of a decade, both the authorities' awareness of hacking and the technological underground that committed this crime had grown. Hacking--though probably only dimly understood by most of the public--had become a fashionable threat, explained in long, a.n.a.lytical newspaper articles and described in detail by stylish magazines. Computer security experts (and some hackers) were invited onto TV talk shows to paint the threats to computer security in lurid terms. The sense of impending technological apocalypse was heightened by a number of well-publicized hacking cases during the 1980S, of which the best known was probably the Kevin Mitnick affair.

Mitnick was said to be obsessed with computers. In 1979 he and a friend had successfully hacked into the NORAD (North American Air Defense command) mainframe in Colorado Springs. Mitnick has since said that they didn't tamper with anything, but simply entered the system, looked around, and got out. He first ran afoul of the law in 1981, when he and three friends were arrested for stealing technical manuals from the Pacific Telephone Company: he was convicted and served six months. In 1983 he was caught by the University of Southern California while trying to hack one of their computers. Later, he was accused of breaking into a TRW computer (the TRW Credit Information Corporation holds data on 80 million Americans nationwide). In 1987 he was arrested for stealing software from a southern California company and sentenced to thirty-six months' probation.

Mitnick belonged to a group of Los Angeles-area hackers called the Roscoe Gang.

He and the gang allegedly used PCs to hara.s.s their victims, break into Defense Department computers, and sabotage businesses. He was also accused of breaking into a National Security Agency computer and stealing important information. More seriously, he was charged with defrauding the computer company Digital Equipment Corporation (DEC) and the long-distance phone company MCI, and with transporting proprietary software across state lines. The software was alleged to be a copy of DEC's Security Software System, which made it possible for Mitnick to break into DEC's computers and cause $4 million worth of damage.

Mitnick was again arrested in late 1988. He was refused bail by several federal judges, who said there would be no way to protect society if he were freed. He was also denied access to a phone while in jail, for fear that he may have preprogrammed a computer to remotely trigger off damaging programs. In 1989 he was sentenced to two years in prison.

The decision to deny Mitnick access to a phone was greeted with alarm by an increasingly nervous hacker community. "We must rise to defend those endangered by the hacker witch-hunts," wrote an unnamed contributor to 2600, the hacker journal. The U.S. Attorney's office in Chicago, then in the midst of its own hacker case, responded by saying it intended to prosecute "aggressively."

The Chicago case, though less publicized than the Mitnick affair, was the first test of the federal Computer Fraud and Abuse Act. In 1987 local law enforcement agencies began watching a sixteen-year-old hacker and high school dropout named Herbert Zinn, Jr., who used the handle Shadow Hawk. The law enforcement officials spent two months investigating Zinn, auditing his calls and monitoring his activities on computers.

He was subsequently accused of using a PC to hack into a Bell Laboratories computer in New York, an AT&T computer in North Carolina, another AT&T computer at Robbins Air Force Base in Georgia, an IBM facility in New York, and other computers belonging to the Illinois Bell Telephone Company. He was also accused of copying various doc.u.ments, including what were called highly sensitive programs relating to the U.S. Missile Command.

Shadow Hawk was arrested in a raid involving the FBI, AT&T security representatives, and the Chicago police. He was eventually sentenced to nine months in prison and fined $10,000.

The Mitnick and Shadow Hawk cases fueled the growing concern among U.S. Iaw enforcement agencies about hacking. By the end of the decade, the Secret Service--which is now charged with investigating computer crime, a responsibility partly, and not entirely amicably, shared with the FBI--was said to have established a unit for monitoring pirate bulletin boards. A number of state and local police forces had organized their own computer crime sections, while separate investigations of the underground were mounted by U.S. Attorneys' offices and local prosecutors. By the beginning of the 1990s, American law enforcement agencies had begun paying extraordinary attention to computer crime.

Across the Atlantic, away from the prying eyes of the American authorities, the biggest international gathering of hackers ever organized took place in Amsterdam in early August 1989.

The a.s.sembly was held in the seedy confines of the Paradiso, a former church that had been turned into a one-thousand-seat theater. The Paradiso was the home of Amsterdam's alternative culture; it specialized in musical events, underground exhibits, and drug parties. The Galactic Hacker Party--or, more grandly, the International Conference on the Alternative Use of Technol- gy brought together some 400 to 450 hackers, hangers-on, journalists, and, inevitably, undercover cops, to swap stories, refine techniques, gather information, or simply enjoy themselves.

The conference took place on all three floors of the Paradiso. On the top floor, above what had been the nave of the church, partic.i.p.ants were provided with computers to play with. (Their popularity decreased after one wag programmed them to flash, THIS MACHINE IS BEING MONITORED BY THE DUTCH POLICE, when they were turned on.) The ground floor, the theater itself, was reserved for speakers and demonstrations; across the back of the stage drooped a white banner emblazoned with the words GALACTIC HACKER PARTY. The crypts in the bas.e.m.e.nt of the Paradiso were reserved for partying.

At ten A.M. on Tuesday, August 2nd, the opening day, a large monitor displayed a computer-generated image of a head of a hacker. "Keep on hacking," urged the head in an American accent, as the multinational gathering milled about in the disorganized way of a crowd that clearly lacked a common language. Then, a bearded, bespectacled, balding figure shuffled unheralded onto the stage. He was the keynote speaker, the man who, more than anyone, had given rise to the whole hacking phenomenon.

At forty-six, Captain Crunch looked strangely out of place among the younger hackers. It had been eighteen years since he had first come to symbolize the new technological underground, ten years since he had last been jailed for a second time for phone phreaking. And here he was in Amsterdam, on a month's vacation in Europe, still spreading the word.

He began with a rambling discourse in English about the phone system in the former Soviet Union, information gleaned on an earlier visit there. Their phone network, the Captain reported, was old, of mixed origin, and, he suspected, had been continuously monitored by the KGB. He then began the slow process of demonstrating the newly established Sov-Am Teleport Union, a telephone link that connected San Francisco to Moscow via satel lite. Using a phone on the stage the Captain first dialed San Francisco, where he linked to the Teleport, and then jumped via satellite to Moscow. Unusually for the Captain, he had a purpose to his call. He dialed a number in Moscow, where a group of ten hackers were waiting to address the conference about the underground in Russia.

The Russians then joined a multilingual babble of hackers on the line from a number of other countries, including Germany, France, Kenya, New Zealand, and the U.S. The Captain, reveling in his role as prophet for the whole movement, fielded calls about technology and the ethics of hacking--one caller wanted to know if it would be right to hack into South African computers at the behest of the African National Congress--and then related his own phreaking experiences.

The Captain was in Amsterdam representing what has been called the second generation of hackers. The kids he was talking to, the visitors to the Galactic Hacker Party, were dubbed the fourth generation. Though they had been separated by more than a decade in time and by thousands of miles in geography, the Hacker Party was their meeting place.

The concept of hacker generations was first suggested by Steven Levy, the man who also outlined the philosophy of "hacker ethics." In his book Hackers, he argued that the first generation of hackers was a group of students at MIT in the 1960s who had access to big, expensive mainframes; worked together to produce useful, new software; and, in doing so, bent the rules of the university. More than anything, they believed in freedom of information and unfettered access to technology. They abhorred security to the extent that they made sure they could pick every lock in the building they worked in.

The second generation of hackers, according to Levy, were people like Captain Crunch and Steve Wozniak, as well as the other members of the Bay Area's Personal Computer Company and its successor, the Homebrew Computer Club. These were the people who intuitively believed that the way to drive technology forward was to make the specifications for their machines freely available, a concept known as open architecture. They were hardware hackers, and their achievement can now be seen everywhere in the generality of the ubiquitous PC standard.

Each decade has brought a different twist of geography and motivation to the various generations of hackers: the 1960s hackers, the first generation, were based on the East Coast, developing software; the second-generation, 1970s hackers were on the West Coast, developing hardware.

The next generation, the third, was based both in North America and Europe. These were the kids who had inherited the gift of the personal computer and were copying and selling the first computer games. Their motivation was often a fast buck, and their instincts entirely commercial.

The Captain's audience, the fourth generation, had inherited a world in which technology was rapidly converging around the new standard-bearer, the IBM PC. This new generation shared the same obsessions as their predecessors, but now that they had everything that technology could offer, they hacked merely for the sake of hacking. Hacking had become an end in itself.

For many of the fourth generation, technology was merely a relief from boredom and monotony. Hacking was a pastime that varied the routine of school or university, or a dead-end job. To become proficient, they would typically devote most of their waking hours--80 to 100 hours a week was not uncommon, more time than most people give to their jobs--to working on PCs and combing the international information networks. Hackers, for the most part, are not those with rich and rewarding careers or personal lives.

Of course, hacking is also a form of rebellion--against parents, schools, authority, the state, against adults and adult regulations in general. The rebellion is often pointless and unfocused, often simply for the sake of defying the system. Ultimately there may be no point at all; it has simply become a gesture to ward off boredom or, perhaps, the ba.n.a.lity of ordinary life in a structured society.

The higher principles of hackers were summed up in a draft declaration prepared by the Galactic Hacker Party's organizers and circulated among delegates for their signatures. "The free and unfettered flow of information is an essential part of our fundamental liberties, and shall be upheld in all circ.u.mstances," the doc.u.ment proclaimed. "Computer technology shall not be used by government and corporate bodies to control and oppress the people."

The language echoed the beliefs of the second generation of hackers. But the conversation among the kids in the crypt and in the halls belied the rhetoric of the organizers. For Lee Felsenstein, an American visitor, it was a disturbing experience. Lee was a confirmed second-generation hacker, one of the original founders of the Homebrew Computer Club. He remained a staunch believer in freedom of speech and an avid supporter of individual rights. But he felt that the fourth-generation hackers were "underage and underdeveloped"; they displayed "negative social att.i.tudes." Hacking, he said, had degenerated from being a collective mission of exploration into an orgy of self-indulgence.

For Lee, evidence of degeneracy included the hackers who boasted about breaking into American computers to steal military information and then selling it to the KGB. He was also disheartened to learn about the exploits of the VAXbusters, a German group that had broken into NASA and over a hundred other computers worldwide by exploiting a loophole in the operating system of Digital Equipment Corporation's VAX computers. The VAX, very powerful but small machines, are widely used in science laboratories, universities, and military installations.

More to the point, from Lee's point of view, the fourth generation of hackers was becoming involved in a new facet of computer programming, one that threatened everything he believed in. Far from increasing access and creating freedom for computer users, this new development could only cause the door to be slammed shut on access, for freedom to be replaced by fortresslike security.

During the Galactic Party, a number of hackers had been demonstrating new programs called computer viruses.

Lee left Amsterdam muttering about Babylon and ancient Rome. John Draper, alias Captain Crunch, was less bothered. He spent the remainder of his vacation traveling around Germany, taking his hacking road show to eighteen different cities.

There was, in fact, nothing new about computer viruses except their existence. Viruses had been foreseen in science fiction; the earliest use of the term has been traced to a series of short stories itten in the 1970s by David Gerrold. In 1972 Gerrold employed virus theme for a sci-fi potboiler called When HARLIE Was. HARLIE was an acronym for Human a.n.a.logue Robot Life Input Equivalents computer, which meant simply that the ficional creation could duplicate every function of the human brain--a sort of mechanical equivalent of Dr. Frankenstein's monster. This robot could also dial up other computers by telefone and reprogram them or modify data. In so doing, HARLIE was emulating a computer program called simply virus, which dialed up telephone numbers at random. When it found another computer at the end of the line, it loaded a copy of itself onto the new machine, which started dialing other comlters to transfer copies of the program, and so on. Soon hundreds of computers were tied up randomly calling numbers.

The Virus program was fictional, of course, and simply part of Gerrold's convoluted plot, but the concept of a computer program reproducing itself had been foreseen as early as 1948. In that John van Neumann, a Hungarian-born mathematician and computer pioneer who had designed one of the world's first comruters, quaintly called Maniac, began theoretical work on what was then thought of as electronically created artificial life, which he termed automata. He predicted that the reproduction process for such automata would be fairly simple.

Later, in the 1960s, before the advent of computer games, university engineering students sometimes amused themselves by seeing who could write the shortest program that could reproduce an exact copy of itself. These were called self-replicating programs, but van Neumann would have recognized them as versions of his concept of electronic automata.

The first attempts to use self-replicating programs for something useful were made at Xerox's Palo Alto Research Center in the late seventies. Two researchers, John Shoch and Jon Hupp, devised what they called a worm program to help with the management of the center's computer network, which linked over one hundred medium-sized machines. They envisaged the program working automatically, archiving old files, making backup copies of current files, and running routine diagnostic checks; they hoped that it would be able to perform the endless housekeeping tasks that the researchers at Palo Alto were too busy to keep up with. They named the new program a worm, the two later said, in honor of their inspiration--another work of science fiction by the English writer John Brunner called The Shockwave Rider, published in 1975. Brunner's book heralded the existence of a computer program, which he called a "tapeworm," that reproduced itself endlessly and couldn't be killed.

Something very similar happened to Shoch and Hupp. Their worm program was expected to sit quietly on one computer during the day, then emerge at night to roam the computers in the research center, carrying out housekeeping ch.o.r.es.

Because it worked only at night, skeptical colleagues nicknamed it the vampire program.

In their first test, Shoch and Hupp left the worm program "exercising" on half a dozen designated machines in the lab. It wasn't programmed to do anything; it was just expected to travel to the designated machines and leave copies of itself. The next morning, though, when the two arrived back at their office, they found that the worm had escaped and had rampaged through all the hundred-plus networked computers in the center. More disturbing it had reproduced so quickly that it had brought every machine to a halt, seemingly strangling them by taking up all available s.p.a.ce in the computers' memory.

Worse, when they attempted to restart one of the computers, the worm was reactivated and proceeded to strangle the machine again. To destroy the worm, they had to write another pro- gram--a killer program. Fortunately, unlike Brunner's tapeworm, their program was not indestructible, but Shoch and Hupp later called its behavior "rather puzzling," and simply abandoned the experiment, leaving unsolved the problem of "controlling [its] growth while maintaining stable behavior."

In the early 1980s a number of computer science students suc- - ceeded in writing self-replicating programs for the new Apple II computers. Joe Dellinger, a student at Texas A&M University at the time, became intrigued by the idea that computer programs could become modified when copied. He had no trouble writing a self-replicating program for the Apple II, even though he didn't consider himself a particularly clever programmer. His biggest problem was in writing a program that wouldn't cause damage; he was surprised at how quickly the program could propagate, moving rapidly from computer to computer by diskette, eventually traveling to machines outside the A&M campus.

Though Dellinger was intrigued by the notion that programs change as they replicate and travel from computer to computer, there is nothing metaphysical about it. It is simply a computer error. The longer and more complex a program is, the more likely that a line of instruction, a command within the program, will be skipped or altered in the copying process. These tiny modifications rarely cause problems, but the potential for error is there.

What is more important is that Dellinger discovered that any self-replicating program, no matter how benign, carried with it the potential for damage, just as a fly buzzing about a room carries the possibility of disease. Unlike the software sold by commercial houses, self-replicating programs are untested, un- tried and generally unstable. The changes created when these programs transfer themselves from machine to machine can cause them to be damaging, and their very presence on a computer is inherently risky.

Equally intriguing is the speed at which they propagate. In an environment like a university campus, where anyone has access to any computer and programs are routinely carried from machine to machine on diskette, they can multiply exponentially. They are, after all, designed to replicate, so that one copy quickly becomes two, two become four, four become eight, and so on. Dellinger found that once let loose, the program's spread was almost unstoppable.

It was another four years, however, before self-replicating programs became "viruses." In 1983 and 1984 a graduate student at the University of Southern Califomia named Fred Cohen was experimenting with these programs and, at the suggestion of his adviser, decided to call them computer viruses. It was a catchier name, and also became the t.i.tle of his 1985 doctoral thesis, in which he offered an explanation of viruses. A virus, he wrote, is "a program that can infect other programs by modifying them to include a slightly altered copy of itself." Further, "every program that gets infected can also act as a virus and thus the infection grows." Cohen also indicated that viruses presented a threat to computer security and could modify or damage data.

The thesis did not break any new ground in terms of computer science: in essence, Cohen took the known characteristics of selfreplicating programs and renamed them viruses. The term itself suggests that the programs are created in some kind of wild electronic biosphere and are capable of spreading incurable diseases from computer to computer--the high-tech equivalent of the biological viruses to which they are often compared. The sensationalistic use of the word would later prove to be fortuitous to computer security experts and have an irresistible appeal to rogue computer programmers. Though the word was perhaps chosen innocently, the metaphor was not entirely apt. Computer viruses, like biological viruses, are spread unknowingly, and they can mutate while spreading, but they are not created in the same way. Biological viruses are carried by small, natural organisms, over which man has little control; computer viruses, however, are simply programs--and computer programs are written by people.

Cohen's work quickly attracted attention, not least from a German computer system engineer named Ralf Burger. At the time, Burger was twenty-six and living in a small town near the Dutch-German border, not far from the city of Bremen. Burger became fascinated by the concept of viruses, and in July 1986 he had succeeded in creating his own, which he called Virdem. It was, to all intents and purposes, a simple self-replicating program, but with a small twist. For Burger, the "primary function of the virus is to preserve its ability to reproduce." After being loaded onto a computer, Virdem was programmed to hunt down and infect other files in the machine. When there were no more files to infect, the virus would begin "a randomly-controlled gradual destruction of all files."

In December 1986 Burger decided to attend the annual convention of the Chaos Computer Club in nearby Hamburg. The club had been founded in 1981 by Herwart Holland-Moritz--who prefers to be known as Wau Holland--and is a registered nonprofit organization. Holland, who was a thirty-two-year-old computer programmer at the time, set up the club as a hobby; despite the sinister implications of the name, it was chosen only because "there is a lot of chaos in the application of computers." According to the club's const.i.tution, it is dedicated to freedom of information.

Since its foundation the club has proven itself adept at organizing media events, and this ability together with the connotations of its name have given the group a high profile. Like many clubs, Chaos unites people with a wide range of interests: there are members who see computers as a weapon for sociological change, others who simply want to play computer games, those who want to know how computer systems work, and those concerned with making a fast buck, legally or illegally. The Chaos members refer to themselves as data travelers, rather than hackers, but they all share the same obsession with computers and all vaguely subscribe to a vague notion of "hacker ethics." Their own unique understanding of that term is that they have a mission to test, or penetrate, the security of computer systems. Early Chaos Clubbers were allied with the VAXbusters, the group that sought to break through the security of VAX computers around the world. The club's first brush with notoriety, though, occurred in 1984, when they broke into Btx, or Bildschirmtext, an on-line text and information service patterned after Britain's Prestel. In 1986 they captured the media's attention again when, after the meltdown of the Soviet nuclear reactor in Chern.o.byl, they provided alternative information on contamination levels by hacking into government computers and releasing the data that they found. Their findings were sufficiently at odds with official rea.s.surances to make them the darlings of Germany's Green movement.

The annual conferences of the Chaos Club were held in Hamburg, always in December. They attracted the cream of the German hacker community, as well as observers from throughout Europe and elsewhere; were always well covered by the media; and, without a doubt, were carefully watched by the local police. Each conference was given a theme that was designed to excite media attention, and in 1986 the theme was computer viruses.

Even though little was known about viruses at the time, the conference organizers hoped piously that the publicity given to the subject would help dispel myths. The organizers also declared: "The problem isn't computer viruses, but the dependence on technology," and they blamed the writing of viruses on "bad social condition(s) for programmers."

The star performer at the conference was Ralf Burger, simply because he had actually written a virus, which in those days was something of a feat. To prove that his virus, Virdem, would work, Burger handed out copies to some two or three hundred interested delegates. He said it would "give users a chance to work with computer viruses."

Technically, any virus is little more than a self-replicating program with a sting in its tail. This sting, usually known as the payload, is what the virus actually does to the computer, which is often nothing at all--apart from replicating, or performing a harmless joke, such as making a ball bounce around the screen or instructing the computer to play a tune. At another level, how- ever, the payload can cause the destruction of data.

Computer viruses are carried from computer to computer by diskette or, in networked computers, by the wires that link them. they can also be transmitted on telephone lines, through modems, like ordinary computer programs. Viruses do not fly through the air and cannot jump from computer to computer vithout being carried by a physical medium. Moreover, all viruses are man-written: they aren't natural, or caused spontaneously by computer technology. The only "artificial life" inherent in a virus is its tendency to modify itself as it is copied, but that's possible with any computer program.

This explanation may seem simple to the point of absurdity, but when viruses first began to garner mentions in the press, and breathless reporters began to write lurid stories about "technological viruses," their properties were exaggerated into the realm of science fiction. Viruses made a good story--even when there was no evidence that they had actually damaged anything.

In 1986, when Burger made his presentation to the Chaos conference, there were almost no viruses in existence. Few people in the computer industry had ever seen one, despite increasing interest in the subject from security experts, who were touting them as the next big threat to computer systems. The simple fact was that Burger's Virdem was probably the only virus that most of them had even heard about.

The properties of viruses and the damage that they could cause were widely known, however. Even the nightmare scenario had been posited: that a plague of viruses would move swiftly through the computers of the world, wiping out data and devastating corporations, government agencies, police forces, financial inst.i.tutions, the military, and, eventually, the structure of modern society itself. By 1986, however, actual attacks by viruses on computer systems had yet to occur.

The next year, 1987, Burger's book about computer viruses Das Grosse-computervirenbuch, was published by Data Becker GmbH of Dusseldorf. In the book Burger warned: "Traveling at what seems the speed of moving electrons, comical, sometimes destructive programs known as viruses have been spreading through the international computer community like an uncontrollable plague." There was in fact no hard evidence for this statement, and later in the book, contradicting the apocalyptic tone of the first section, Burger admitted: "So far it has been impossible to find proof of a virus attack."

Later that year, two new viruses appeared. The first was created by the Greek computer magazine Pixel, which had hired a local computer wizard named Nick Na.s.sufis to write one. The magazine published the virus as a list of BASIC-language instructions in the April 1987 issue. Readers who keyed in the instructions found themselves with a fully functioning virus on their comput- ers. It didn't do much apart from replicate, but from time to time it would display a poorly written English language message on the computer screen: PROGRAM SICK ERROR: CALL DOCTOR OR BUY PIXEL FOR CURE DESCRIPTION. Three months later Pixel published instructions for wiping it out.

Then, as Burger was preparing the second edition of his book he received a copy of a virus found in Vienna by a local journalist. This virus, now known as Vienna, was said to have appeared at a local university in December 1987. Its writer is unknown, as are the writers of most viruses.

Burger described Vienna as "extremely clever." But by the standards of virus writing today, it wasn't, though it was certainly the most advanced virus in existence at the time. Vienna is known as a file virus because it attaches itself to what are known in the computer industry somewhat tediously as executable files (i.e., the software, such as a word-processing program, that actually enables a computer to do something useful). When an infected program is loaded onto a computer from a diskette (or transferred through a network), Vienna comes with it and slips itself into the computer's memory. It then looks for other executable files to infect, and after infecting seven it damages the eighth, simply by overwriting itself onto the program code.

Although the payload of the Vienna virus was destructive--the eighth program that was damaged was irreparable--by presentday standards it wasn't particularly malicious. More dangerous was Burger's decision to publish a reconstruction of the Vienna program code in the second edition of his book. It became the recipe for writing viruses.

Programmers with access to the code could quite easily adapt it for their own purposes--by altering the payload, for instance. That's what eventually happened with Vienna. Though Burger had deliberately altered his reconstruction to make it unworkable, programmers had little trouble finding their way around the alterations. Variants of Vienna have been found all over the world: in Hungary, a Vienna clone carries a sales message that translates roughly as POLIMER TAPE Ca.s.sETTES ARE THE BEST. GO FOR THEM. A Russian version was adapted to destroy the computer's hard disk, the internal memory and storage area for programs, after infecting sixty-four files. A Polish variant displays the message MERRY CHRISTMAS on infected computers between December 19th and 31st. A version from Portugal carries out the standard overwriting of the eighth program, but also displays the word AIDS. In the US a group of unknown American virus writers used Vienna as the basis for a series of viruses called Violator, all intentionally damaging to computer systems.

It is ironic that a book written to warn about the dangers of viruses should be the medium for distributing the recipe for writing them. But even though no one had yet doc.u.mented a proven virus attack on a computer system anywhere in the world, and the predicted plague of computer viruses had not yet materialized, the potential threat of viruses was being aggressively hyped by computer engineers like Burger and by a small group of computer security consultants in America-- and many people appeared remarkably eager to believe them. In what was probably the first press report of viruses, in February 1987, the editor of the interna- tional computer trade journal Computers de Security wrote, "Computer viruses can be deadly.... Last year a continuous process industry's computer crashed causing hundreds of thousands of dollars' damage. A post mortem revealed that it had been infected with a computer virus. Another nationwide organization's computer system crashed twice in less than a year. The cause of each crash was a computer virus.... A computer virus can cause an epidemic which today we are unable to combat."

It has never been possible to trace either the "continuous process" corporation or the "nationwide organization" whose computers had been so badly damaged by viruses. Like so many aspects of computer viruses, investigation only reveals myth and legend, rarely fact. But myth is self-perpetuating, and prophecies are often self-fulfilling.