Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [40]
This laid the groundwork for what would prove to be a goldmine for me.
While searching through Goldstein’s emails, I found one that contained a full analysis of a clever patch for “Loginout,” the VMS log-in program. The patch was developed by a group of German hackers who belonged to something they called the “Chaos Computer Club” (CCC). A few members of the group focused on developing patches for particular VMS programs that enabled you to take full control of the system.
Their VMS Loginout patch also modified the log-in program in several ways, instructing it to secretly store user passwords in a hidden area of the system authorization file; to cloak the user with invisibility; and to disable all security alarms when anyone logged in to the system with a special password.
Newspaper stories about the Chaos Computer Club mentioned the name of the group’s leader. I tracked down the guy’s number and called him up. By this time, my own reputation in the hacking community was starting to grow, so he recognized my name. He said I should talk to another member of the group, who, sadly, turned out to be in the end stages of cancer. When I called him at the hospital, I explained that I’d obtained an analysis of the club’s backdoor patches for the VMS Loginout and “Show” programs and thought they were wickedly clever. I asked if he had any other cool tools or patches he’d be willing to share.
The guy was both supercool and talkative, and he offered to send me some information. Unfortunately, he said, he’d have to send it by snail mail, since the hospital didn’t have a computer. Several weeks later, I received a packet of printouts detailing some of the hacks the group had created that weren’t already in the public domain.
Expanding on the Chaos Computer Club’s work, Lenny and I developed some improved patches that added even more functionality. Essentially, the CCC created a framework that we then built upon. As new versions of VMS came out, Lenny and I kept adapting our patches. Because Lenny always worked at companies that had VMS systems, we were able to test our patches on his work systems and deploy them into systems we wanted to maintain access to.
After some major DEC clients were compromised, the company’s programmers wrote a security tool that would detect the Chaos patch. Lenny and I located the detection software and analyzed it, then simply modified our version of the Chaos patch so DEC’s tool wouldn’t be able to find it anymore. It was quite simple, really. This made it easier for us to install our patch into numerous VMS systems on Digital’s worldwide network, known as Easynet.
If locating the code wasn’t hard, transferring it was. This was a lot of code. To reduce the volume of code, we compressed it. Each directory contained hundreds of files. We’d compress all of them in a single file and encrypt it, so that if anyone found it, it would look like garbage.
The only way to retain access to the files so we’d be able to study them at leisure was to find systems on DEC’s Easynet that connected to the Arpanet, giving us the ability to transfer them outside DEC’s network. We only found four systems on Easynet that had Arpanet access, but we could use all four to move the code out piece by piece.
Our original plan to store a copy of the code at USC proved a little shortsighted. First of all, we realized we should use more than one storage location for redundancy, so all that work wouldn’t go to waste if the code was discovered. But it turned out there was an even bigger issue: the code base was humongous. Trying to store it all in one location would run too big a risk of being detected. So we began spending a lot of time hacking into systems on the Arpanet, looking for other safe “storage lockers.” It began to feel like getting the code from DEC was the easy part, while the big challenge was figuring out where to stash copies