The Strange Case of the World's Biggest Internet Invasion
By David H. Freedman and Charles C. Mann
Simon & Schuster 315pp $24
A computer network "isn't like a house with windows, doors, and locks," says Open Source Systems Chief Executive and former CIA analyst Robert David Steele. "It's more like a gauze tent encircled by a band of drunk teenagers with lit matches."
Guess what? Some of those kids are packing flamethrowers. From March, 1991, to December, 1992, a hacker known as Phantomd, a.k.a. Phantom Dialer and Infomaster, went on a joyride through the Internet, hijacking computers at the Defense Dept.'s Ballistic Research Laboratory, Massachusetts Institute of Technology, the National Institutes of Health (NIH), and hundreds, perhaps thousands, more. He planted password-grabbing programs on the "backbones" that carry the Net's torrents of data, giving him, in the words of David H. Freedman and Charles C. Mann, "access to everything"--military secrets, corporate data, your E-mail, the works. After a nine-month stakeout in cyberspace, the feds caught the culprit--but, weirdly enough, declined to prosecute.
This cyberfable is the subject of the authors' absorbing page-flipper, @Large: The Strange Case of the World's Biggest Internet Invasion. The account focuses on the FBI National Computer Crime Squad's first major probe, and it's an Internet newbie's nightmare. The electronic frontier, as delineated by Freedman and Mann, contributing editors at Discover and The Atlantic Monthly, respectively, is a borderland too sprawling to police and populated mostly by smash-and-grab artists and easy marks. Internet security is a contradiction in terms: The barricades are so ill-defended that Phantomd, a third-rate doorknob-twister, was able to steal an operating system from Sun Microsystems Inc. and tunnel into NASA's computers.
The "world's biggest Internet invasion"--the biggest yet known, it should be noted--drew scant media attention. It was overshadowed by higher-profile types such as Kevin Mitnick, the supercracker who broke into computer-security guru Tsutomu Shimomura's files. Some of the players in Takedown, Shimomura's account of that case, reappear here, but @Large is the better book. Its authors sketch recognizably human beings caught in negotiating the discontinuity between cyberspace and "the so-called real world." One fearsome hacker, for example, is revealed as a school janitor who lives with his parents, while one hackee is likened to "a convenience-store owner who had been robbed a dozen times by the same slow, inept criminal."
The inept criminal, Phantom Dialer, was an outcast even among his fellow nerds of prey. He was dismissed as "a wannabe, a lamer, a poser" on hacker bulletin boards. So pathetic were his attempts to break into systems that they were detected almost immediately. But Phantomd was oblivious to threats from besieged systems administrators, who watched in awe at "the weird, bread-mold tenacity with which he operated." He was like cyber kudzu, a prodigy of persistence who spent hours "typing random combinations of letters in what looked like an attempt to learn Unix [the operating system underlying the Net] by brute force.... Crazily resolute, the cracker managed to get into almost every system he tried."
And what did he want, once inside? Well, nothing really. Behind the melodramatic Phantom Dialer and Infomaster monikers was a human catalog of infirmities the authors call Matt Singer. (Names were changed at the family's request.) He was variously diagnosed as schizophrenic, mildly retarded, and learning disabled, and he was effectively housebound by bad eyes, asthma, and chronic hepatitis. In one of @Large's odder passages, suggestive of two alien species trying to communicate, Singer is dragged by his brother to Portland State University to confront a computer honcho, Janaka Jayawardene, whose system he had crashed the day before. "`Why do you do this?' Janaka asked.... `Why are you breaking into all these systems? What do you want?'
`Access,' Matt said.... `I want access.'
`If we give you an account for free,' Janaka said, `an account with total Internet access, will you stop cracking?' Matt turned his face to the wall. `No,' he said."
Such a "brain-damaged twenty-year-old" wasn't exactly the Professor Moriarty the Justice Dept. lawyers were looking to build a reputation and a precedent-setting case against, the authors suggest; "He'd last all of fifteen minutes behind bars." So Phantomd remains @large but, one assumes, on a watch list.
Freedman and Mann do a creditable job of hiding the arcana of Internet protocols behind a reader-friendly interface. And where they have no actual computer carnage to report, the authors recount the potential for mayhem in appropriately dropped-jaw style. A break-in at an NIH computer suggests the potential for priceless research to be destroyed and for prescription-tampering at hospitals. When the Bureau of Land Management's dam-control system for Northern California is invaded, an FBI agent realizes that "the Internet was so insecure that some amateur could create one of the biggest calamities in American history by mistake."
If that's not enough to make you want to rip out your modem, the news gets worse. An epilogue notes that where Phantom Dialer had to rely on persistence and dumb luck, mid-1990s vandals have heavier artillery: a hacking-for-dummies suite of point-and-click tools that sniff out network vulnerabilities, snatch passwords, provide other entry points, and erase all tracks. All of these tools are freely available and easily downloaded from the Internet. Where do you want to go today?