The solution was to capture the identity of legitimate users, especially ones with high privileges. Then hackers could roam through the system secretly, masquerading as authorized users.
To this end Weihruch had developed a special tool to capture IDs and passwords as they were entered. This tool--in reality, a program--replaced the real entry screen with a phony, a complete replica that was indistinguishable to a user. On seeing the screen, the unsuspecting user would enter his ID in the normal way, followed by his password. The program captured that information, saving it on a secret file. Then, because it wasn't able to allow entry, the phony screen displayed the message INVALID--PLEASE REENTER. The user would think he had simply miskeyed his password. For his next attempt, the user would be presented with the proper screen; if all was in order, he would be able to gain access.
The hacker could then pick up the secret file, containing all the IDs and passwords that it had collected, on his next visit. It was like using traps to catch rabbits, except that the rabbit felt no pain. The program had automated hacking, and with legitimate IDs and the back-door entry system, hacking became simply a matter of finding VAX computers, going in through the back door, leaving the trap program to function until it had captured some legitimate identities, then taking the real IDs and passwords from the file.
With the back door and the trap program, Pengo and Koch were able to supply the Soviets with better material. Koch passed Kahl computer log-ins and passwords to military systems. In return, Kahl passed back money.
But despite the success with VMS, the KGB was upping the ante again. The Soviets wanted Koch and Pengo to hack into computers that used the UNIX operating system. UNIX was becoming increasingly popular because it could be used on a wide range of computers; many VAX users preferred UNIX to DEC's VMS. much to the computer giant's chagrin.
However, neither Koch nor Pengo knew anything about UNIX; they needed to recruit yet another hacker to their team. Once again, Kahl and Koch made the rounds of various hacker meets. and soon found Marcus Hess, who at the time was working for a specialist UNIX systems company in Hannover. He was an ideal choice: local, experienced, and with an addiction almost as potent as drugs--he loved fast sports cars.
Now they were three. Hess soon became invaluable; shortly after becoming a member, he was able to download a copy of the UNIX source code. Kahl took it to the Soviets, who seemed impressed; they paid Kahl DM25,000, about $16,000, the most he had ever received from them.
Hess soon discovered that many American computer users were relaxed about security. Indeed, if their computers contained nothing secret or classified, some U.S. sites actually tolerated an occasional visiting hacker; sometimes system operators would even have time for a chat. In America, the nucleus of the mythical Worldnet, the concept of the "Global Village," where everybody would be friendly neighbors, courtesy of the computer networks, was born. It was easy to forget that computers, which themselves don't contain classified information, can provide entry points to a network with more interesting machines--and that was what Hess was looking for.
He soon found a particularly hospitable computer in California, which contained no classified material but did provide a convenient launching pad to other systems. For the cost of a domestic phone call, Hess could hack into the University of Bremen, where computer security was slack, hop across the Atlantic by satellite at the university's expense, and due to the hospitality of the computers at Lawrence Berkeley Laboratories, at the University of California in Berkeley, travel to other sites.
Some system operators tolerate hackers, some threaten them, but most don't even know they've got them. Very few actually chase them: it's a very time-consuming and generally unrewarding task. Clifford Stoll, the system administration manager at Lawrence Berkeley Laboratories, detected the activities of Hess in August 1986, after investigating a seventy-five-cent discrepancy in the accounting records of the lab's computers. (The seventy-five cent fee couldn't be attributed to an authorized user, so the charge had to have been run up by an outsider.) Other system operators might not have bothered, but Stoll was an astronomer by voca- tion and was only filling in time until grant money could be found to allow him to pursue his chosen career. To Stoll, chasing a hacker seemed exciting.
