Approaching Zero Part 8

The publicity increased Chaos's notoriety; its first annual congress was organized as a result of the coverage engendered by the Btx hack. Chaos became a byword for high-tech mischief, and its congresses became an important breeding ground for the German computer underworld. These congresses were always held during the week after Christmas at the Eidelstedter Burgerhaus on Hamburg's Elbgaustra.s.se. The events lasted for three days, and press and visitors were welcome, provided they paid the entrance fee.

In 1985 one of the paying visitors was Karl Koch. Steffen remembers seeing him there and being introduced briefly. He is also certain that they also met on one other occasion, at a hacker conference at an exhibition in Munich. Koch was an unmistakable figure: tall, emaciated, and invariably s.p.a.ced out.

For the next three years their lives would crisscross in a complex dance. If Koch had seen the pattern, he would have understood. It was the Illuminati, faceless, unknown, all-powerful, conspiring to take control of Steffen's life.

Koch's purpose in visiting the 1985 Chaos congress was to seek out certain information on computer systems and networks. Despite his years of practice, he himself was a second-rate hacker. He had come to realize that he was not a born computer wizard; he needed a.s.sistance. He was coming under increasing pressure from Kahl to find and copy cla.s.sified material from computers in the West, and his money was running out just as his dependency on drugs was increasing: from the relatively harmless hashish favored by many hackers, he had graduated to LSD and cocaine.

At first the Soviets had seemed incredibly naive: Koch was able to pa.s.s Kahl public-domain software, programs he had simply downloaded for free from electronic bulletin boards. The KGB had accepted the software, and Koch had received payment. It seemed very simple, and he a.s.sumed he wasn't doing anything illegal: after all, public-domain software is freely available to anyone who wants it.

But then the Soviets became more demanding. The KGB had produced lists of programs it wanted to obtain and sites it wanted cracked. They also wanted dial-ups, user IDs, pa.s.swords, and instructions on how to gain system-operator privileges in computer systems. In short, the KGB wanted to learn how to become hackers.

The Soviet secret service's list of sites included the Pentagon, NORAD, the research laboratories at Lawrence Livermore and Los Alamos, Genrad in Dallas, and Fermilab in Illinois, as well as MIT, Union Carbide, and NASA's Jet Propulsion Laboratory. It was a shopping list of top-secret defense contractors and installations. The list continued with names of companies in the U.K. and j.a.pan. The KGB stipulated that it was interested in micro- electronics projects for military and industrial purposes--specifically in programs for designing megachips, the electronic brains that were responsible for the military strength of the Western allies. Two French companies in particular attracted the KGB's attention: Philips-France and SGS-Thomson, both known to be involved in megachip research.

Koch knew that on the sites picked by the KGB he would be confronted with VAX computers, which were made by DEC, but he had no experience with VMS, the proprietary operating system used by VAXen. It was VAX expertise he was hunting for at the Chaos congress: someone to make up for the skills he lacked.

It was lucky, then, that he met a seventeen-year-old hacker from West Berlin named Hans Hubner. Hubner, a tall, slender young man with the paleness that comes from staring at a computer screen too long, had been fascinated by computers since he was a child. He was also addicted to an arcade game that involved a little penguinlike character called Pengo. He liked it so much that he adopted Pengo as his handle.

When he met Koch, Pengo was unemployed and desperately needed money. He also shared Koch's liking for drugs, but more important, he had experience with VMS.

Since 1985 he had been playing on Tymnet, an international computer network run by the American defense contractor McDonnell Douglas, and had learned to use the VAX default pa.s.swords--the standard account names that are included with the machines when they're shipped out from the manufacturer. Pengo was also one of the first German hackers to break into CERN, the European Nuclear Research Center in Geneva, Switzerland, and was a caller to the Altos bulletin board in Munich--where, coincidentally, he had met Fry Guy, the Indiana hacker.

Koch befriended the young Berliner, invited him to Hannover, and introduced him to Peter Kahl. Before long Pengo had become the second member of the gang, operating from what was then West Berlin, while Koch continued his activities in Hannover. Kahl later involved a contact in West Berlin, Dirk Brescinsky, whose job it became to run Pengo.

Koch and Pengo had some early successes hacking into VAX machines. They discovered that DEC's Singapore computer center was exceptionally lax about security. From there they were able to copy a VMS program called Securepack, which allowed system managers to alter user status.

It was a useful piece of software for the KGB. But it wasn't military data. To get into defense sites, Pengo and Koch knew they needed to find a more certain way into VAXen.

They didn't have long to wait: within six months security on VAX systems worldwide would be blown wide open.

Steffen Wernery became entangled in the conspiracy because of his peripheral involvement in compromising VAX security. In the autumn of 1986 Hans Gliss, the editor of Datenschutz-Berater who had been so helpful to Chaos over the Btx affair, contacted Steffen. Gliss needed help and told the young hacker the following story: Gliss had been working as a consultant for SCICON, one of the largest computer software companies in Germany. SCICON had been awarded a lucrative contract by the government for work that was "very important, high security, requiring maximum reliability." It involved three networked VAX computers in three locations, with the head office in Hamburg.

During the final phase of testing SCICON was contacted by a computer manager in northern Germany and asked to explain the messages--short bursts of characters and digits in no discernable order--that had been seen on his computers. From the computerized routing information it was clear that the messages were emanating from SCICON in Hamburg, but they made no sense to him or anyone at his inst.i.tute, or to anyone at SCICON.

The SCICON researchers checked through their security logs--computer files that record all the comings and goings of users on the system--and quickly realized that the dated and timed messages had all been originated "out-of-hours," at times when no authorized users would be active. Further investigation showed that some new user IDs and pa.s.swords had been added to their system that no one could account for. The implications, Gliss said, were all too obvious: hackers had penetrated SCICON security and were using their computers as a launching pad to other systems.

What Gliss now needed to know was if Steffen had any idea who might be involved. If SCICON couldn't guarantee the security of the system, the entire contract with the German government would be at risk. Gliss needed to find out who the hackers were, how they got on, and how to stop them. Contacting Steffen was a long shot, but he was a leading member of Chaos and knew most of the hackers in Germany. Perhaps he could make some calls.

Steffen thought about it: He reasoned that because the hackers were breaking into the SCICON site in Hamburg, they were probably based in the city. It made sense to call a nearby computer; that way the phone bills were cheaper.

Two days later he called Gliss and said that he had identified the hackers--two Hamburg students. They had agreed to meet Gliss and help--provided that he promise not to prosecute, so Gliss gave his word.

Later that week he met the two students, code-named Bach and Handel, in Hamburg. Their story was worrying: the two students had exploited a devastatingly simple flaw in the VMS operating system used on VAX. The machines, like most computer systems, required users to log in their ID and then type their pa.s.sword to gain access. If the ID or the pa.s.sword was wrong, the VMS system had been designed to show an "error" message and bar entry. But the two hackers told Gliss that if they simply ignored all the "error" messages, they could walk straight into the system--provided they continued with the log-on as though everything was in order. When confronted with the "error" message after keying in a fake ID, they would press Enter, which would take them to the pa.s.sword prompt. They would then type in a phony pa.s.sword, bringing up a second, equally ineffectual "error" message. By ignoring it and pressing Enter again, they were permitted access to the system. It was breathtakingly easy, and left the VAX open to any hacker, no matter how untalented.

For SCICON staff the situation was disastrous. To deliver their contract on time, they would need to find the flaw in the operating system and fix it. At first they turned to DEC for help, but with time running out, SCICON's programmers began looking for a solution themselves, tearing apart the VAX operating system line by line. They were looking for a bug in the program that would prevent it from operating correctly, or an omission in the commands that would allow hackers to simply ignore the "error" message.

To the SCICON team's surprise, they didn't find one. What they discovered instead was a piece of program code that appeared to have been deliberately added to the operating system to provide the secret entrance. To the SCICON researchers it looked like a deliberate "back door."

Back doors are often left in computer programs, usually to facilitate testing. Generally, they allow writers of things like computer games to jump quickly through the program without having to play the game. For example, in the mid-1980s a game called - Manic Miner involved maneuvering a miner level by level from the depths of his mine up to the surface, the game becoming progressively harder at each level. The programmer whose job it was to test the game needed a shortcut between levels, so he introduced back doors that would take him directly to any one of his choosing. Inevitably, some players stumbled onto the hidden routes, which--ironically--increased the game's popularity.

Often back doors, or "cheat modes," are deliberately built into games, encouraging the player to try to break the rules. Some computer magazines give tips on how to find the cheat modes; some games, such as the popular Prince of Persia, are said to be impossible to win without using them. Back doors might also be introduced for more mercenary reasons: legend has it that programmers include back doors on arcade games they create, and then supplement their incomes by playing the games at venues such as nightclubs and casinos, which offer prizes.

Some arcade back doors are well known. Occasionally, players stumble across them by making some noninstinctive move: for example, on certain computer gaming machines the instinct is to "hold" two lemons (if three lemons wins a prize) and then spin for the third lemon. But this strategy almost never wins. However, if the player doesn't hold the two lemons and simply respins, the three lemons will automatically come up. On another arcade game, one which offers a sizable jackpot, it is said that the player brave enough to refuse it and start the machine again will be rewarded by winning two jackpots.

On a more sophisticated level, back doors are also provided on operating systems for emergencies. Access to these back doors is reserved for the computer manufacturer; procedures for gaining entry to the system from the emergency back doors are highly confidential, highly complex, and not the sort that could be stumbled over by accident.

The back door on the VAXen, though, was out in the open. It wasn't simply for emergencies; its security was far too trivial.

The VAX operating system, VMS, had been subjected to stringent tests and was supposed to comply with the exacting "orange book" security standards established by the U.S. Department of Defense. Under the orange-book testing program, technically qualified intruders attempt to break through the security features of a computer; the tests can take up to six months, depending on the level of security required. It strained belief that VMS could have gone through such testing without the back door being discovered.

Responding to complaints from its users, DEC issued a "mandatory patch," a small program designed specifically to close the back door, in May 1987. But despite the "mandatory" order, many users didn't bother to install it, and for a short time, VAX computers across the world provided hackers with an open house if they knew about the security gap.

Back doors are, of course, deliberate. They aren't simple bugs in the program or errors in the system: they are written by a programmer for a specific purpose. In the case of the VAX back door, the who and why remains mysterious, though it is clear that whoever created it had to have access to the VMS source code, its basic operating instructions. One rather farfetched, though not impossible, idea is that hackers broke into DEC and amended VMS to make it more hospitable. Or perhaps a programmer put the commands in without the knowledge of the company so that he could access VAX machines throughout the world without IDs or pa.s.swords. Another more intriguing theory is that the back door was built by the National Security Agency for its own use, though this presupposes that the NSA is in the business of spying on computer users.

Yet some people do suppose precisely that. In their view it is a myth that the NSA is interested in protecting computer security. Instead, it may be actively engaged in penetrating computers or more bluntly, hacking--all over the world by exploiting back doors that only the agency knows about.

It is likely, though, that had the NSA been involved in the VAX scheme, it would have chosen a more devious means of access. Whoever put the back door in, and for whatever purpose, it was probably not intended for Gerrnan hackers. But by 1986, when Koch and Pengo were trawling for information about VAX, the secret of the back door had traveled across the Atlantic and had become known by a small group of hackers in Germany. Bach and Handel, the two students who broke into the SCICON company's VAX, are generally thought to have been among the first to exploit the trick. It was later discovered that their mentor was a student at Karlsruhe University named Steffen Weihruch.

That same year, Karl Koch made contact with Weihruch as well. He had managed to track down the VAX wizard to Karlsruhe and had prevailed on him to tell him his technique. It wasn't dificult: Weihruch was known to be obliging and was rather pleased that his discovery was useful.

Weihruch had also perfected a "tool" to make hacking VAXen even easier. The problem with the back door was that it didn't entirely bypa.s.s all security checks: a would-be hacker still had to contend with the security log, which collated the IDs of all users as they entered the system. It was this log-- which was kept on a computer file and could be examined by the system operator- -that had alerted SCICON to Bach and Handel. A hacker coming in the back door would be conspicuous because the ID and pa.s.s- word used--the ones entered in the log--could be any combination of random characters; they wouldn't necessarily be a real ID and pa.s.sword, and their inclusion in the log was a clear sign of an intrusion.

The solution was to capture the ident.i.ty of legitimate users, especially ones with high privileges. Then hackers could roam through the system secretly, masquerading as authorized users.

To this end Weihruch had developed a special tool to capture IDs and pa.s.swords as they were entered. This tool--in reality, a program--replaced the real entry screen with a phony, a complete replica that was indistinguishable to a user. On seeing the screen, the unsuspecting user would enter his ID in the normal way, followed by his pa.s.sword. The program captured that information, saving it on a secret file. Then, because it wasn't able to allow entry, the phony screen displayed the message INVALID--PLEASE REENTER. The user would think he had simply miskeyed his pa.s.sword. For his next attempt, the user would be presented with the proper screen; if all was in order, he would be able to gain access.

The hacker could then pick up the secret file, containing all the IDs and pa.s.swords that it had collected, on his next visit. It was like using traps to catch rabbits, except that the rabbit felt no pain. The program had automated hacking, and with legitimate IDs and the back-door entry system, hacking became simply a matter of finding VAX computers, going in through the back door, leaving the trap program to function until it had captured some legitimate ident.i.ties, then taking the real IDs and pa.s.swords from the file.

With the back door and the trap program, Pengo and Koch were able to supply the Soviets with better material. Koch pa.s.sed Kahl computer log-ins and pa.s.swords to military systems. In return, Kahl pa.s.sed back money.

But despite the success with VMS, the KGB was upping the ante again. The Soviets wanted Koch and Pengo to hack into computers that used the UNIX operating system. UNIX was becoming increasingly popular because it could be used on a wide range of computers; many VAX users preferred UNIX to DEC's VMS. much to the computer giant's chagrin.

However, neither Koch nor Pengo knew anything about UNIX; they needed to recruit yet another hacker to their team. Once again, Kahl and Koch made the rounds of various hacker meets. and soon found Marcus Hess, who at the time was working for a specialist UNIX systems company in Hannover. He was an ideal choice: local, experienced, and with an addiction almost as potent as drugs--he loved fast sports cars.

Now they were three. Hess soon became invaluable; shortly after becoming a member, he was able to download a copy of the UNIX source code. Kahl took it to the Soviets, who seemed impressed; they paid Kahl DM25,000, about $16,000, the most he had ever received from them.

Hess soon discovered that many American computer users were relaxed about security. Indeed, if their computers contained nothing secret or cla.s.sified, some U.S. sites actually tolerated an occasional visiting hacker; sometimes system operators would even have time for a chat. In America, the nucleus of the mythical Worldnet, the concept of the "Global Village," where everybody would be friendly neighbors, courtesy of the computer networks, was born. It was easy to forget that computers, which themselves don't contain cla.s.sified information, can provide entry points to a network with more interesting machines--and that was what Hess was looking for.

He soon found a particularly hospitable computer in California, which contained no cla.s.sified material but did provide a convenient launching pad to other systems. For the cost of a domestic phone call, Hess could hack into the University of Bremen, where computer security was slack, hop across the Atlantic by satellite at the university's expense, and due to the hospitality of the computers at Lawrence Berkeley Laboratories, at the University of California in Berkeley, travel to other sites.

Some system operators tolerate hackers, some threaten them, but most don't even know they've got them. Very few actually chase them: it's a very time-consuming and generally unrewarding task. Clifford Stoll, the system administration manager at Lawrence Berkeley Laboratories, detected the activities of Hess in August 1986, after investigating a seventy-five-cent discrepancy in the accounting records of the lab's computers. (The seventy-five cent fee couldn't be attributed to an authorized user, so the charge had to have been run up by an outsider.) Other system operators might not have bothered, but Stoll was an astronomer by voca- tion and was only filling in time until grant money could be found to allow him to pursue his chosen career. To Stoll, chasing a hacker seemed exciting.

Once he had detected Hess, he was faced with the cla.s.sic dilemma: should he lock him out or watch him? If he were to lock him out, there was a chance that he might sneak in some other way and not be noticed; it was also likely that he might penetrate some other system. Stoll decided to keep a watch, setting up an intricate alarm system that would tip him off whenever the hacker appeared. On some occasions, he even slept at the lab. His princ.i.p.al intruder was Hess, whom he knew only through his various aliases--but he also noted the presence of both Pengo and Hagbard (Koch) on other occasions. These two, with their interest in the VAXen that used VMS, would not be a major source of worry for Stoll on his UNIX site.

It eventually became obvious that Lawrence Berkeley had nothing to interest Hess; it was just a convenient jumping-off place. Stoll tried to make things look a bit more exciting and concocted a "secret" file as bait, and the hacker gobbled it up.

Stoll subsequently recounted his experiences in an academic paper ("Stalking the Wily Hacker," 1988) and a best-selling book, The Cuckoo's Egg (1989). He would record the heavy artillery that was eventually wheeled out to deal with his German hackers: the FBI, the CIA and, the superspooks themselves, the National Security Agency.

The reaction of the various agencies at first ranged from apathy to annoyance. Stoll was hard-pressed to interest the authorities at all: losses in hacking incidents are generally estimated in nice large numbers, and chasing seventy-five cents seemed like a joke. But he persisted, and eventually the authorities became nervous and mounted an operation to catch the intruder. Finding him was a matter of tracing his calls back to their source. However, the calls were routed through several different computer networks, a practice known as network weaving, so that each time the authorities traced the calls back, they realized they had farther to go--from one network to another, across the country, and across the Atlantic.

Slowly, the calls were traced back to Germany, down to the University of Bremen, across to Hannover, and eventually to Marcus Hess's address. Under pressure from the Americans, the German authorities arrested and questioned Hess in June 1987. The Germans had little to go on--the loss of seventy-five cents didn't appear to be an extraditable offense--but they decided to tap his phone just in case.

But while the police were watching Hess, the Illuminati were moving in on Steffen Wernery.

The saga began when Bach and Handel, the two student hackers who broke into the SCICON computer, decided to set up a hacker gang known as the VAXbusters. The team used the backdoor technique to get into VAX computers throughout Europe and North America. They traveled on SPAN, NASA's s.p.a.ce Physics a.n.a.lysis Network, which links computers involved in physics research around the world. From the ever-obliging Steffen Weihruch they were also able to get a copy of the "trap" program, giving them legitimate ident.i.ties on the systems they hacked.

For ten months the team wandered through VAX sites with impunity. Unlike Koch and Pengo, the VAXbusters weren't spying, nor were they interested in damaging hacked computers. They were just tourists, browsing through the network, looking for sites of interest.

Despite their precautions and their benign intent, no hack is entirely undetectable. In July 1987 the curtain came down on the VAXbusters. Roy Omond, the particularly diligent manager of a VAX system in Heidelberg, discovered from a routine scrutiny of his security logs that he had been hacked. Even though the hackers had been using legitimate IDs, Omond guessed from the noc- turnal timings that many of the entries in his visitors' book had not been posted by authorized users. Furious, he mounted his own investigation, and by sounding out various people he believed might be in contact with the hackers, he discovered the real names of Bach and Handel. He immediately posted an electronic message to all other users on SPAN, and named the two students involved.

Bach and Handel panicked. They a.s.sumed they would be prosecuted by the German authorities and called Steffen at Chaos for advice; Steffen who called Hans Gliss, who in turn contacted the Verfa.s.sungsschutz, the German secret service.

The agency said it would be interested in talking to the two hackers.

Prior to meeting the agents, Bach and Handel prepared a report, dated August 17, 1987, detailing all the installations that had been penetrated by the VAXbusters. The list comprised 135 sites in total, all on SPAN, and included nineteen installations at NASA, including two VAX sites at their headquarters in Washington, D.C., six at the G.o.ddard s.p.a.ce Flight Center, and ten at the Marshall s.p.a.ce Flight Center. It also included a large number of systems at CERN in Switzerland, and others at the European s.p.a.ce Agency in the Netherlands, the Meudon Observatory and the Inst.i.tut d'Astrophysique in Paris, and various Max Planck Inst.i.tute sites in Germany.

There was a full exchange of information at the meeting, and in return for Bach and Handel's cooperation, the authorities declined to prosecute. The secret service then contacted the CIA in Bonn, as well as NASA, DEC, and other groups that the agency felt should be informed.

In the hope of defusing the situation for the VAXbusters, it was decided that their story should be released to the press on September 15th. The delay, it was thought, would give all the affected sites enough time to repair their defenses. Gliss would cover the technical aspects in the Datenschutz-Berater and two journalists who were known to Wernery would handle the media. On the designated day, the journalists told the full story on the evening news; the next morning it made newspaper headlines around the country.

A few days later the two journalists had a second chance at the story when it was realized that NASA had still not removed the VAXbusters' programs (the "trap" programs) from its two computers at its Washington headquarters. Nor had it installed the mandatory patches. So another event was staged for German television audiences. This time, in front of the cameras, Bach and Handel broke into the two NASA computers in Washington, D.C., and installed the mandatory patches that DEC had issued four months earlier. It took a matter of minutes in each case. The hackers had fixed the security flaw that NASA could not be bothered to fix for itself.

A spokesman for NASA in Washington, D.C., was not impressed. The loophole in the operating system was not a "security flaw," he insisted. The information on the computers was not cla.s.sified: it was just scientific data, for the use of scientists. The two computers were, he said, "like a public library."

The VAXbusters knew differently. With the higher privileges they had been able to manipulate from the mult.i.tude of IDs and pa.s.swords they had copied, they had the authority of the chief librarian in NASA's library. They had roamed through the offlimits sections of the shelves; one of the files they had copied was a fifty-two-page doc.u.ment outlining the security within the entire NASA computer system.

The story, despite the Americans' professed indifference, got heavy play. Steffen found himself on television more than once, explaining the arcana of hacking and his own role in the VAXbuster saga. Eventually the media interest waned; and that, Steffen a.s.sumed, was that. He was not aware of the Illuminati.

The French were less phlegmatic than the Americans They had been suffering some "very serious" hacking incidents that had begun in 1986 and were still continuing in 1987. The incidents included the theft and destruction of important programs and data from VAX computers at Philips-France and SGS-Thom son--the two French companies targeted by the KGB. Their total losses, they claimed, reached an astronomical level, some hundreds of millions of dollars.

When the French authorities were told about the VAXbusters they became convinced that the German hackers were the culprits. The penetration techniques used on the French VAXen were the same as those described in the August report made by the German secret service. The same back door and the same sort of program to collect legitimate user IDs and pa.s.swords were used.

At the instigation of the French, Germany's federal police raided the homes of a number of known Chaos Computer Club members in Hamburg on September 27th and 28th, impounding their computer equipment. Ironically, the police overlooked the VAXbusters, who were not Chaos members. To a large extent, Chaos had become a victim of its own publicity: the police, not aware the VAXbusters were a separate group, had simply raided the homes of the most notorious hackers in Germany. It was a case of rounding up the usual suspects--one of whom was Steffen Wernery, who told them about his own role in the matter and of his previous cooperation with the secret service. Within four months the police had completed their investigations. They concluded that Steffen was simply a "switching center"--a conduit for information--and nothing more. Neither he nor the other Chaos members were involved in hacking into the French computers.

This information was pa.s.sed to the French--who didn't believe it. The methods used to hack into the French sites were too similar to the techniques employed by the VAXbusters to be mere coincidence. And even though the gang's list of all the VAX computers it had hacked did not include either Philips-France or SGS-Thomson, the French authorities remained convinced that the trail from the two companies led back to Hamburg.

At about the same time, the secret service contacted Hans Gliss about the incidents in France and asked if he could help. Gliss discussed the matter with Steffen, and suggested that they both go to Paris for the forthcoming annual Securicom conference, in March 1988, and present a report on computer security- -particularly VAX security. Securicom was the ideal forum: it attracted the top computer security specialists in the world. Steffen could tell the delegates about the back door on the DEC machines and how to fix it.

Steffen acquiesced; he had found the limelight agreeable, and the visit to Securicom would give him another chance to bask in its glow. He arranged to go to Paris with a colleague from Chaos. Gliss would drive to Paris from his holiday home in the south of France.

Steffen also offered to meet representatives of Philips-France, one of the companies. .h.i.t by the unknown hackers. Philips agreed, and asked Steffen to confirm the names so that security pa.s.ses could be arranged.

Steffen arrived at Paris's Orly Airport on March 14th. He approached immigration control and handed his German pa.s.sport to one of the officers on duty, a woman. She looked at the photo and his name and hesitated.

'There has been a problem," she said. "Please wait a moment." She reappeared a few minutes later with three men in civilian clothing who claimed to be from the Brigade Financiere, France's revenue service. Steffen now suspects that they were from French Intelligence.

"Where is your friend?" they wanted to know. His friend, the colleague from Chaos, was coming in later by train. Steffen was immediately concerned: how did they know about his friend? And why should he tell them where he was? Steffen was arrested and taken to the police cells.

Under French law an investigating judge can order the deten- tion of a suspect for twenty-four hours and then for an additional twenty-four hours if necessary. During that period the suspect is not allowed to make contact with anyone at all, not even a lawyer. The police began interrogating Steffen: they asked him about Chaos, about the VAXbusters, and about the two sites in France. They also went through his belongings and papers, looking at names and addresses. In his diary they found the Paris contact address for Hans Gliss.

Gliss had checked into the Pullman St. Jacques Hotel, having driven up from his house in the Dordogne. When he arrived at the hotel, he found three members of the "Brigade Financiere" waiting for him. Fortunately for Gliss he was with his wife, Ursula, who, seeing her husband arrested and escorted away, started telephoning for help.

Gliss was taken to the police station, and his pa.s.sport was impounded. The police began asking him about the Chaos Computer Club. Gliss, whose French is poor, demanded an interpreter. The police told Gliss they had arrested Steffen- -unnecessarily, as it happens, because Gliss could hear him being questioned in a nearby cell.

Gliss was interrogated for two and a half hours before his pa.s.sport was returned. Half an hour after that he was set free. On his return to the hotel, Ursula told him she had phoned their friends in Paris, who had contacted the German police, who in turn had called the secret service. The agency, it was presumed, had prevailed on the French authorities to release him.

Steffen wasn't so lucky. He was held in the police cells for two days, under continuous interrogation. He says he was allowed to sleep for only three to four hours each day. Steffen told them all he knew, including the fact that a full list of computers penetrated by the VAXbusters had been presented to the German authorities and didn't include the two French sites. He also insisted that all Chaos members had stopped hacking.

While Steffen was being interrogated, Gliss told the five hundred delegates at Securicom of his experience and of Steffen's incarceration. He also read Steffen's paper, which had been written to help the French improve their computer security. Later he contacted the German authorities on Steffen's behalf, but they were powerless to intervene: the French were holding Steffen as an "accessory" to the break-ins at Philips-France and SGSThomson.

Three times Steffen was brought before a judge, and each time he was remanded in custody for further questioning. The German foreign office discreetly pressured the French government over the case, until finally Steffen's dossier reached the desk of the French president.

Mitterand presumably had enough problems: he ordered the German hacker's release. On May 20th, at five minutes past midnight, Steffen was driven to the airport and unceremoniously bundled aboard the night plane to Hamburg. He had spent over two months in a French jail.

While Steffen was incarcerated in Paris, the real culprits remained in Germany, safely beyond French jurisdiction.

Despite the French authorities' suspicions about Chaos and the VAXbusters, despite the raids in Hamburg, it was in reality the Soviet hacker gang-- ensconced in Hannover and Berlin--who had penetrated the sites at Philips-France and SGS-Thomson. They were looking for information on megachip research, just as the KGB had requested. Surprisingly, in view of the importance the French authorities attached to the sites, Pengo remembers them as simple systems to get around in once they had been breached.

Koch and Pengo had penetrated the security at Philips-France and SGS-Thomson using the back door and the trap program they had learned about from Weihruch, the Karlsruhe student. It was understandable that the French would blame the VAXbusters: both teams had used the same techniques, having learned them from the same source.

Koch and Pengo had downloaded data from the two French companies, and supposedly pa.s.sed a computer tape to the KGB in East Berlin. Without revealing exactly what was on the tape, Pengo has suggested that it might have contained details of a design program for advanced microprocessors. But although the hackers were able to pa.s.s on the French material to their Soviet paymasters, the KGB was again demanding more. By the end of 1987 they wanted information on Western military computer networks, including the operating specifications of the interconnected machines. It appeared that the KGB wanted to infiltrate the military systems.

However, the pressure was beginning to tell on Pengo and Koch, and the two had other things on their minds. They were frightened by the arrests of the Chaos members in Hamburg; they felt that it wouldn't be long before the police stumbled over their own operation. And they had also heard about Steffen's interrogation in Paris, which meant that the French were also chasing them.

In the summer of 1988 both Pengo and Koch independently approached the authorities, hoping to take advantage of an amnesty provision in German espionage legislation. This provision guaranteed lenient treatment to those who had not previously been under suspicion and now confessed, provided they cooperated fully. The two confessed to espionage, the only offense covered by the amnesty. Paradoxically, confessing to any lesser offense could have resulted in a severer penalty.

Both were interrogated regularly and at length by the authorities. By early 1989 the Germans felt that they had enough evidence to support a case against the other members of the Soviet hacker gang. On March 2nd, eighteen people were interrogated and eight arrested. The latter included Hess, Pengo, and Koch, as well as Dirk Brescinsky and Peter Kahl. The others were local hackers caught up in the wide-ranging investigation. All the hackers were released after a few days; Kahl and Brescinsky were dispatched to a high-security prison in Karlsruhe. Pengo and Koch could expect to escape prosecution due to their earlier confessions under the amnesty.

Just two months after his arrest Karl Koch would be found dead, his burned body Iying in a wood on the outskirts of Hannover.

In January 1990 Marcus Hess, Dirk Brescinsky, and Peter Kahl stood trial in Celle, in northern Germany. Clifford Stoll and Pengo were witnesses for the prosecution. The problem facing the court was establishing proof that anything of value had been sold to the KGB. That was compounded by the fact that the German police had neglected to apply for a judge's consent for the wiretapping of Hess. None of the material they had recorded "just in case" could be admitted in court.

Without concrete proof that espionage on any significant scale had actually occurred, the sentences were light. Hess received twenty months plus a fine of about $7,000, Brescinsky fourteen months and about $3,500, and Kahl two years and about $2,000. All the jail sentences were suspended and subst.i.tuted with probation.

Steffen Wernery is now thirty, an intense, outspoken man. He is calm about the man whose activities caused him to spend sixty-six days in a French prison. His ire is reserved for the French authorities, who, he says, have "no regard for people's rights." His time in jail, he says, cost him $68,000 in lost income and legal fees--roughly what the Soviet hacker gang earned in total from the KGB. But he doesn't blame Koch, and he doesn't believe that he committed suicide either: Suicide did not make sense. It was unbelievable. Karl Koch had disclosed himself to the authorities and had cooperated fully. He had provided them with some good information and they had found him accommodations and a job with the Christian Democratic party. He was also getting help with his drug dependency and seemed on his way to rehabilitation. Murder seemed much more likely than suicide. And there were many people who could have had a motive.

There was much speculation. He was murdered to prevent him testifying; it was a warning to other hackers not to disclose themselves; perhaps it was even to embarra.s.s Gorbachev, who was due for a visit. Or perhaps to protect people in high places.

After the unification of Germany the authorities gained access to police files in what had been East Germany. According to Hans Gliss, who maintains close contacts with the intelligence services, there was "a strong whisper" that the Stasi--East Germany's secret service--was responsible for Koch's death. The motive remained a mystery, though there were any number of arcane theories: that the agency was jealous of Koch's ties to the KGB; that they were protecting the KGB from a source who was proving too talkative; that they wanted to embarra.s.s the KGB; that they had also been getting information from Koch, and so on.

The Staatssicherheit, or Stasi, has acquired a formidable reputation. Its foreign service, led by the legendary Marcus Wolf, was reported to have planted thousands of agents in West Germany's top political and social circles, most notoriously Gunther Guillaume, who became private secretary to Chancellor w.i.l.l.y Brandt. The revelation caused the fall of the Brandt government.

The Stasi has become a convenient villain: since the collapse of East Germany the shadowy secret service's reputation for skulduggery has grown to mythic proportions. In mysterious cases, such as the death of Karl Koch, the sinister hand of Stasi will be detected by all those who want to see it.

Nonetheless, murder can't be ruled out. There is the evidence--the missing shoes, the controlled fire--that suggests that another party was involved in Koch's death. Then there is the motive. Koch had little reason to kill himself.

He had a job; he was getting treatment for his drug problem. He was in no danger of being prosecuted for his part in the "Soviet hacker" affair: like Pengo, he would have been a witness for the prosecution, protected from punishment by the terms of the amnesty provision. After the trial he would have resumed his life (like Pengo, who is now married and living in Vienna).

Some who knew Koch think the young hacker got in over his head. He, Pengo, and Hess were p.a.w.ns in the espionage game, amateur spies recruited by the Soviets to break into Western computers. It is now thought possible that the Soviets were running other hackers at the same time, testing one gang against the other. For the KGB, it was low-risk espionage: they paid for programs, doc.u.ments, and codes that would otherwise have been inaccessible--unless of course their own operatives were prepared to sit for days or even weeks in front of a computer, learning the rudiments of hacking.