• Choose a category
• All
• Classic-Fiction

My brain conjured up a work-around that seemed as if it might do the trick: I would use as an intermediary NEC’s Transmission Division, in the automotive sector of the company, where the staff probably didn’t deal with much in the way of sensitive, company-confidential information and so would be less security-conscious. And besides, I wouldn’t even be asking for any information.

Telling the guy I reached in the Automotive Group, “We’re having networking difficulties between NEC Japan and the network in Texas,” I asked if he would set up a temporary account so I could FTP a file to him. He didn’t see any problem with doing that. While I waited on the phone, he set up the account and gave me the hostname for the NEC server, as well as the log-in credentials.

I called Japan back and gave the information to the translator to pass along. Now they would be transferring the source code to another NEC facility, which got them out of their discomfort zone. It took about five minutes for them to complete the transfer. When I called back the guy in the Transmission Division, he confirmed that the file had arrived. Because of the way I had set this up, he naturally assumed that I had sent it. I gave him instructions for FTPing the file to the NEC Electronics account at Netcom.

Then I went up on Netcom and transferred the source code to one of the servers at USC that I was using as a storage locker.

This hack was a big deal, but for me, it had been too easy. Where was the satisfaction?

So next I set myself an even bigger challenge: to break into NEC’s network and download the source code for all the NEC cell phones used in the United States. And while I was at it, I might as well get set up for England and Australia too, in case one day I decided to try living in either of those countries, right?

Matt Ranney, at NEC in Dallas, was willing to create a dial-in account for me, based on my story that I was visiting temporarily from the NEC facility in San Jose, California, and needed local connectivity—though first I had to convince his boss as well. Once I was logged in, it was easy to get root using one of the exploits I had found in my earlier hack into Sun. Adding a backdoor to the log-in program, I gave myself a secret password—“.hackman.”—that allowed me to log in to anyone’s account, including root. With another tool from my hacker’s bag of tricks, I “tweaked the checksum,” so the backdoored version of log-in would be less likely to be detected.

Back in those days, a system administrator would do a checksum on a system program, such as “log-in,” to see if it had been modified. After I compiled a new version of log-in, I modified the checksum back to its original value, so that even though the program had been backdoored, any check would come back as clean.

The Unix “finger” command gave me the names of users who were currently logged in to mrdbolt. One was Jeff Lankford; the listing gave his office phone number and showed that he had been typing on his keyboard until just two minutes earlier.

I called Jeff, posing as “Rob in the IT Department,” and asked, “Is Bill Puknat in?” giving the name of another engineer in the Mobile Radio Division. No, Bill wasn’t in.

“Oh, damn. He called us with a trouble ticket, saying he couldn’t create files that began with a period. Have you had any problem like that?”

No.

“Do you have a .rhosts file?”

“What’s that?”

Ahhh: music to my ears. It was like a carnival worker’s slipping a chalk mark onto the back of someone’s jacket to let other carneys know the guy was a patsy, or a “mark” (the origin of that meaning of the word).

“Well, okay,” I said. “Do you have a few moments to run a test with me so I can close this trouble ticket?”

“Sure.”

I told him to type:

echo “+ +” >~ .rhosts

Yes, a variation of the .rhosts hack. I provided him with a reasonable-sounding explanation for each step, very nonchalantly, so he thought he understood what was happening.

Next I asked him to type “ls- al” to get a directory listing of his files.