The Soviet secret service's list of sites included the Pentagon, NORAD, the research laboratories at Lawrence Livermore and Los Alamos, Genrad in Dallas, and Fermilab in Illinois, as well as MIT, Union Carbide, and NASA's Jet Propulsion Laboratory. It was a shopping list of top-secret defense contractors and installations. The list continued with names of companies in the U.K. and Japan. The KGB stipulated that it was interested in micro- electronics projects for military and industrial purposes--specifically in programs for designing megachips, the electronic brains that were responsible for the military strength of the Western allies. Two French companies in particular attracted the KGB's attention: Philips-France and SGS-Thomson, both known to be involved in megachip research.
Koch knew that on the sites picked by the KGB he would be confronted with VAX computers, which were made by DEC, but he had no experience with VMS, the proprietary operating system used by VAXen. It was VAX expertise he was hunting for at the Chaos congress: someone to make up for the skills he lacked.
It was lucky, then, that he met a seventeen-year-old hacker from West Berlin named Hans Hubner. Hubner, a tall, slender young man with the paleness that comes from staring at a computer screen too long, had been fascinated by computers since he was a child. He was also addicted to an arcade game that involved a little penguinlike character called Pengo. He liked it so much that he adopted Pengo as his handle.
When he met Koch, Pengo was unemployed and desperately needed money. He also shared Koch's liking for drugs, but more important, he had experience with VMS.
Since 1985 he had been playing on Tymnet, an international computer network run by the American defense contractor McDonnell Douglas, and had learned to use the VAX default passwords--the standard account names that are included with the machines when they're shipped out from the manufacturer. Pengo was also one of the first German hackers to break into CERN, the European Nuclear Research Center in Geneva, Switzerland, and was a caller to the Altos bulletin board in Munich--where, coincidentally, he had met Fry Guy, the Indiana hacker.
Koch befriended the young Berliner, invited him to Hannover, and introduced him to Peter Kahl. Before long Pengo had become the second member of the gang, operating from what was then West Berlin, while Koch continued his activities in Hannover. Kahl later involved a contact in West Berlin, Dirk Brescinsky, whose job it became to run Pengo.
Koch and Pengo had some early successes hacking into VAX machines. They discovered that DEC's Singapore computer center was exceptionally lax about security. From there they were able to copy a VMS program called Securepack, which allowed system managers to alter user status.
It was a useful piece of software for the KGB. But it wasn't military data. To get into defense sites, Pengo and Koch knew they needed to find a more certain way into VAXen.
They didn't have long to wait: within six months security on VAX systems worldwide would be blown wide open.
Steffen Wernery became entangled in the conspiracy because of his peripheral involvement in compromising VAX security. In the autumn of 1986 Hans Gliss, the editor of Datenschutz-Berater who had been so helpful to Chaos over the Btx affair, contacted Steffen. Gliss needed help and told the young hacker the following story: Gliss had been working as a consultant for SCICON, one of the largest computer software companies in Germany. SCICON had been awarded a lucrative contract by the government for work that was "very important, high security, requiring maximum reliability." It involved three networked VAX computers in three locations, with the head office in Hamburg.
During the final phase of testing SCICON was contacted by a computer manager in northern Germany and asked to explain the messages--short bursts of characters and digits in no discernable order--that had been seen on his computers. From the computerized routing information it was clear that the messages were emanating from SCICON in Hamburg, but they made no sense to him or anyone at his institute, or to anyone at SCICON.
