DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [44]
Part IV
14
THE ICEMAN COMETH
Santa Clara, California, October 1998
Max Vision was surprised when Chris and Mike, his two contacts from the FBI office in San Francisco, turned up at his front door in Santa Clara. He didn’t recognise the third man, although later he learned that this was the FBI’s computer-crime boss. But then this was not a social call. ‘We’re building a case on you, Max,’ they said. ‘You’ve really screwed up on this one.’
In a state of mild shock, Vision turned over his computer and everything else – he did not want to appear to be obstructing justice and, at the same time, he was not yet sure what the problem was.
His life was good – great, even. After putting a torrid adolescence behind him, he had moved from Iowa into a region where neither geeks nor unkempt long hair and ponytails were considered unusual or inelegant. Nor would they find it odd that he had changed his name to Vision from the more prosaic Butler. He had quickly become accustomed to the lotus-eating lifestyle of the West Coast and, to top it all, he was deeply in love with his intended bride, Kimi.
In his mid-twenties, Max Vision was a computer-security genius and one of the most respected and highly valued consultants in the Bay Area. He was also a civic-minded chap, who set up the website whitehats.com, which was dedicated to helping people and companies ensure themselves against malicious cyber attacks. Mr Vision would post the latest ‘vulnerabilities’ to which popular software was prone and explain how to patch them up.
Vulnerabilities were meat and drink to hackers, offering one of the main routes into third-party computers. They were digital holes in the armour of software and computer systems, which the manufacturer had failed to spot. Once a company like Microsoft or Adobe noticed that a hacker had penetrated Windows or a ubiquitous application like PDF Reader by using a particular vulnerability, it was then able to close it or ‘patch it’ by writing a specific security fix, as it is known. Next, it would alert its customers to download the fix and install it, thus blocking that route into the customer’s computer. If the user failed to update the fix, the computer could still fall foul of a virus exploiting that particular vulnerability, should it come calling.
Super security hackers like Vision would often spot vulnerabilities before anybody else and so, in the spirit of good neighbourliness, he offered practical advice to users on how to protect themselves.
But his good deeds went further. He also gave his services free of charge to the FBI station in San Francisco, and the Feds were only too happy to accept the help.
No challenge on the Web was too great for Max Vision, no vulnerability too small for him to spot. But of course in order to seek out those vulnerabilities, he needed to probe computer systems all the time. He knew this put him at the centre of a profound dilemma that affected the computing industry with serious ramifications. In order to protect yourself from criminal or ‘blackhat’ hackers, it was sometimes necessary as a ‘whitehat’ hacker to ascertain how to break into systems – an act that might in itself have been illegal.
It is almost unavoidable for ‘whitehats’ to sniff around large public computer systems, just as ‘blackhats’ do. The difference is that the ‘whitehats’ will not exploit for personal gain any vulnerability they find. The ‘blackhats’ probably will.
Operating out of the little house he shared with Kimi, Vision found that whenever he came across a network anomaly or problem, he could not resist the urge to correct it. In 1998 he discovered a dangerous vulnerability on the networks serving a series of government agencies, including parts of the Pentagon. This was a hole in their defences through which all manner of mischievous worms could wriggle.