Once he had detected Hess, he was faced with the classic dilemma: should he lock him out or watch him? If he were to lock him out, there was a chance that he might sneak in some other way and not be noticed; it was also likely that he might penetrate some other system. Stoll decided to keep a watch, setting up an intricate alarm system that would tip him off whenever the hacker appeared. On some occasions, he even slept at the lab. His principal intruder was Hess, whom he knew only through his various aliases--but he also noted the presence of both Pengo and Hagbard (Koch) on other occasions. These two, with their interest in the VAXen that used VMS, would not be a major source of worry for Stoll on his UNIX site.
It eventually became obvious that Lawrence Berkeley had nothing to interest Hess; it was just a convenient jumping-off place. Stoll tried to make things look a bit more exciting and concocted a "secret" file as bait, and the hacker gobbled it up.
Stoll subsequently recounted his experiences in an academic paper ("Stalking the Wily Hacker," 1988) and a best-selling book, The Cuckoo's Egg (1989). He would record the heavy artillery that was eventually wheeled out to deal with his German hackers: the FBI, the CIA and, the superspooks themselves, the National Security Agency.
The reaction of the various agencies at first ranged from apathy to annoyance. Stoll was hard-pressed to interest the authorities at all: losses in hacking incidents are generally estimated in nice large numbers, and chasing seventy-five cents seemed like a joke. But he persisted, and eventually the authorities became nervous and mounted an operation to catch the intruder. Finding him was a matter of tracing his calls back to their source. However, the calls were routed through several different computer networks, a practice known as network weaving, so that each time the authorities traced the calls back, they realized they had farther to go--from one network to another, across the country, and across the Atlantic.
Slowly, the calls were traced back to Germany, down to the University of Bremen, across to Hannover, and eventually to Marcus Hess's address. Under pressure from the Americans, the German authorities arrested and questioned Hess in June 1987. The Germans had little to go on--the loss of seventy-five cents didn't appear to be an extraditable offense--but they decided to tap his phone just in case.
But while the police were watching Hess, the Illuminati were moving in on Steffen Wernery.
The saga began when Bach and Handel, the two student hackers who broke into the SCICON computer, decided to set up a hacker gang known as the VAXbusters. The team used the backdoor technique to get into VAX computers throughout Europe and North America. They traveled on SPAN, NASA's Space Physics Analysis Network, which links computers involved in physics research around the world. From the ever-obliging Steffen Weihruch they were also able to get a copy of the "trap" program, giving them legitimate identities on the systems they hacked.
For ten months the team wandered through VAX sites with impunity. Unlike Koch and Pengo, the VAXbusters weren't spying, nor were they interested in damaging hacked computers. They were just tourists, browsing through the network, looking for sites of interest.
Despite their precautions and their benign intent, no hack is entirely undetectable. In July 1987 the curtain came down on the VAXbusters. Roy Omond, the particularly diligent manager of a VAX system in Heidelberg, discovered from a routine scrutiny of his security logs that he had been hacked. Even though the hackers had been using legitimate IDs, Omond guessed from the noc- turnal timings that many of the entries in his visitors' book had not been posted by authorized users. Furious, he mounted his own investigation, and by sounding out various people he believed might be in contact with the hackers, he discovered the real names of Bach and Handel. He immediately posted an electronic message to all other users on SPAN, and named the two students involved.
Bach and Handel panicked. They assumed they would be prosecuted by the German authorities and called Steffen at Chaos for advice; Steffen who called Hans Gliss, who in turn contacted the Verfassungsschutz, the German secret service.
The agency said it would be interested in talking to the two hackers.
