|
"Sleep well, your Air Force is protecting you."
...the true story of my experiences as a paid hacker for the
US military.
By Ward Shrake |
Most people aren't technical wizards, and they don't
want to be. Most people are happy to understand the technology they have
to use in everyday life; like their VCR's for example. Some of us live for
technological joys and toys, but we're a smaller group. There is an even
smaller, rarer third group; new, eager computer users, anxious to be techies,
but who aren't there yet. One such individual was a Lt. Colonel I knew during
my years with the U.S. Air Force.
Don't get me wrong, no one hated the guy. Far from it;
he was friendly and well-liked. He just had too much time on his hands. His
retirement was just months away. All his official duties had already been
assigned to others. He went from office to office, trying to help people,
while filling his time by playing with their computers. He would give them
public domain programs, reorganize their hard drives, whatever struck his
fancy. Sometimes he actually helped. Sometimes it didn't quite work out that
way. As long as he didn't do any real damage, no one had the heart to tell
the guy to quit trying to help them. Besides, he was a Colonel; you don't
tell Colonels to stay the bleep off your computer!
One day the Colonel "helped" everyone out by reassigning
all their function keys, without asking their permission, or even telling
them about it. That was the last straw. Colonel or no, something had to be
done. Everyone had work to do (usually in a hurry) but no one knew how to
anymore; all their accustomed keypresses were no longer valid. The Colonel
had standardized keypresses to match his favorite word processor, assuming
everyone else knew and loved that word processor. No one else had any experience
with it. Being technophobic, they weren't about to learn anything new
either!
At first the poor users just called me, their resident
techie, to have me quietly undo what the Colonel had done. They just wanted
their computers to work like they used to. One brave (and very ticked off)
Sergeant, though, installed a password program on his computer specifically
to keep certain people from "helping" him anymore. Everyone told him he was
crazy and he'd get in trouble. Time went by. When he didn't get in trouble,
everyone else wanted password protection too. Until then the stand-alone,
non-networked computers did not have passwords. Since you had to be physically
there, on a guarded military base, to get info from them, no one worried.
We didn't anticipate problems from within our own ranks, though!
Suddenly, nearly everyone had password protection. It
wasn't super serious protection but it didn't have to be. It just had to
keep honest people honest. Remember, though, that these were non-technical
people, who resisted learning anything new.
As strange and foreign as the idea may seem to most
techies, within two weeks people had forgotten their passwords. Yes, they
had locked themselves out of their own computers! These were simple, obvious
passwords, too, made up by the users themselves, not some super hard-to-break
computer generated codes.
I was used to being called in to fix other people's
computer problems, since I was the official technical whiz in residence.
I've seen some pretty strange problems, too, but this one took the cake!
I had to break into their computers, find out where the password program
was hidden on their computer's hard disk drive, and read its computer codes.
All this, just to tell them what their own password was! Unbelievable.
The first time it happened, I mentally wrote it off
as someone's hangover. The second time, I was starting to reconsider general
stupidity as an option, but I was still in denial and considered it another
fluke. Two patterns became clearer as time went on. One, that they weren't
going to learn. Two, that all their computers had enough similarities to
make it possible to automate the breaking-in process, which I had been doing
by hand until then.
One afternoon (when the rest of my office left me alone
while they went on an extended lunch break -- the bastiges!), I took the
opportunity and hacked up a better solution. Mostly, I just wanted to see
if I could do it. I told no one about it, in case I couldn't make it work.
Why shoot your mouth off and be embarrassed later? Besides, I wasn't sure
I wouldn't get in trouble for doing this, since I didn't have any sort of
permission to do it. So, quietly, secretly, I wrote up a program, testing
it on my own computer first.
Next, I needed to test it on someone else's computer.
I had a whole building to pick from. I wanted a real challenge. I wanted
to be extra careful, though. I trusted one coworker, another techie, who
I knew would appreciate my sense of humor in all this. I asked him to pick
a computer for my test, one that he knew would be difficult to crack.
He chose one, and I went to that office, asking to use
their computer. Incredible -- they waved me into their private computer area,
not even getting up or asking why I wanted to use it! I did my little automated
cracking routine, saw the password on the screen, and wrote it down by hand
on scratch paper. I covered my tracks, thanked them, left, and showed my
friend. Once he got over the initial shock, he told me that if it were a
"real" program, it would print out the password, using their printer. What
a smart ass -- I knew all along that he had the right sense of humor for
this!
I went back to my office, added that feature, then added
a few more just in case he upped the stakes on me again. The new version
could not only print its output, but could show it three different ways.
One was for normal text (easy) passwords, and two were computer-only codes
for harder passwords. I guess I had overdone it. Instead of being merely
impressed and amused, my friend was starting to worry about all this. I was
disappointed to hear that. He quit before I got to show him the countermeasures
I had devised, to protect my own computer from my program. I wanted to show
him how my computer would trick my program into displaying a phony password.
We both agreed to quit while we were ahead, though, disappointment or not.
One morning, just minutes after I arrived at work, I
got a call. Another forgotten password. No big deal; I was prepared. Not
taking it too seriously, I grabbed my cracking disk and headed down there.
Great! When I arrived, the place was full of big shots, and everyone's stressing
out, trying to get this one important computer going. The Colonel himself
was there working on it. He saw me come in, and stepped aside to let me try
it. Normally, no one cared what I did to fix things. This time, when I least
needed it, I had a super-attentive audience.
I'm silently cursing my luck. I reluctantly get out my
password-busting diskette, insert it in front of everybody, and make the
program do its thing. Seconds later, there's the password. The in-joke prompt,
asking me if I want a printout of the password, doesn't look so funny right
now. "I'm in deep trouble now, for sure," I think. "And I've only been to
work for fifteen minutes!"
I try to act nonchalant as I get the computer going
again, hoping no one thinks to ask where I got that disk. No one asks. I
leave and go back to my normal tasks, wondering if I'm going to get called
into some big shot's office to explain all this.
He comes to me. The Colonel himself shows up, right
at my desk, and waves me into the hallway. At first I panic. I don't really
hear what the Colonel is saying; I'm too busy looking around for the military
cops! Slowly, when they fail to show up, I start listening closer. It seems
that the Colonel just wants a copy of the program for himself. "Sure, Colonel,
all the copies you want! What? Keep the program a secret? No problems there,
either!" Talk about relief. I'm probably shaking a little by now, thinking
about how many big rocks I almost had to break into little ones, or something
like that.
Life went on pretty much normally after that, except
for the funny awed stares I got from time to time. I had the impression that
the Colonel had been bragging to some of his high-placed friends, about this
guy he had working for him. Once I figured out that I wasn't in trouble,
and that the powers-that-be actually seemed to like what I had done, I relaxed
quite a bit. I was even proud, in a strange sort of way, to have my program
all but classified as a government secret.
And the Colonel loved his new toy, too! The other computer
users weren't exacty thrilled, but I was too safe and happy to care.
Everything was pretty sweet until I came back from lunch one
day, and saw the Colonel sitting at my computer desk. Suddenly, I remembered
the counter-measures I had put on my computer and then forgot about. Panic
time again!
I walked up quietly and peeked over his shoulder. Sure
enough, my computer's screen was displaying the message: "This computer's
password is: 'Try harder, a**hole!' Do you want a printout?" I leaned over,
quickly typing in the real password for him. Lucky for me the man had a sense
of humor!
Story by Ward Shrake. First printed in "2600 magazine", Autumn 1995.
Commodore fans will be pleased to know that I got the idea for my
modified password, thanks to the copy protection code found in
an early game for the Commodore 64; Epyx's "Sword of Fargoal".
That game had a similar (but nicer) message buried within its code.
|