As Pat learned his way around the switch, he began to play little jokes, such as resetting the time. This, he says, was absurdly simple: the command for the clock was Time. Pat would reset the clock from a peak time--when telephone charges were highest--to an off-peak time. The clock controlled the telephone company's charges, so until the billing department noticed it was out of kilter, local telephone users enjoyed a period of relatively inexpensive calls. He also learned how to disconnect subscriber's phones and to manipulate the accounts files. The latter facility enabled him to "pay" bills, at first at the phone company and later, he claims, at the electric company and at credit card offices. He would perform this service for a fee of 10 percent of the bill, which became a useful source of extra income.
He also started to play on the Defense Department's Advanced Research Projects Agency (ARPA) computer network. ARPANET was the oldest and the largest of the many computer nets--webs of interconnected mainframes and workstations--that facilitated the Defense Department's transfer of data. ARPANET was conceived in the 1950s--largely to protect the ability of the U.S. military to communicate after a nuclear strike--and finally established in the late 1960s. It eventually linked about sixty thousand computers, or nodes, and interacted with other networks, both in the United States and elsewhere in the world, making it an integral part of Worldnet. Most universities, research centers, defense contractors, military installations, and government departments were connected through ARPANET . Because there was no "center" to the system, it functioned like a highway network, connecting each node to every other; accessing it at one point meant accessing the whole system.
Pat used to commune regularly with other hackers on pirate bulletin boards, where he exchanged information on hacking sites, known computer dial-ups, and sometimes even stolen IDs and passwords. From one of these pirate boards he obtained the dial-up numbers for several ARPANET nodes.
He began his hack of ARPANET by first breaking into Sprint, the long-distance phone carrier. He was looking for long-distance access codes, the five-digit numbers that would get him onto the long-distance lines for free. In the old days he could have used a blue box, but since then the phone system had become more sophisticated. Blue boxes were said to have been killed off once and for all in 1983 when Bell completed the upgrading of its system to what is called Common Channel Interoffice Signaling (CCIS). Very simply, CCIS separates the signaling--the transmission of the multifrequency tones--from the voice lines.' To get the codes he wanted, Pat employed a technique known as war-dialing, in which a program instructs the computer to systematically call various combinations of digits until it finds a "good" one, a valid access code. The system is crude but effective; a few hours spent war-dialing can usually garner a few good codes.
These long-distance codes are necessary because of the timeconsuming nature of hacking. It takes patience and persistence to break into a target computer, but once inside, there is a myriad of menus and routes to explore, to say nothing of other linked computers to jump to. Hackers can be on the phone for hours, and whenever possible, they make certain their calls are free.
Pat's target was an ARPANET-linked computer at MIT, a favorite for hackers because at that time security was light. In common with many other universities, MIT practiced a sort of open access, believing that its computers were there to be used. The difficulty for MIT, and other computer operators, is that if security is light, the computers are abused, but if security is tight, they become more difficult for even authorized users to access.
Authorized users are given a personal ID and a password, which hackers spend a considerable amount of time collecting through pirate bulletin boards, peering over someone's shoulder in an office, or "dumpster diving." But exploiting a computer's default log-ins and passwords can often be even simpler--as Nick Whiteley discovered when he hacked in to the QMC computer for the first time. A common default is "sysmaint," for systems maintenance, used as both the log-in and the password. Accessing a machine with this default would require no more than typing "sysmaint" at the log-in prompt and then again at the password prompt. Experienced hackers also know that common commands such as "test" or "help" are also often used as IDs and passwords.
