Read The Blue Nowhere Page 10


  CHAPTER 00001011 / ELEVEN

  Wyatt Gillette settled himself in the cheap office chair. He was in a dim workstation cubicle in the back of the CCU, quiet, away from the others on the team.

  Staring at the blinking cursor on the screen, he rolled the chair closer and wiped his hands on his pants. Then his callused fingertips rose and began pounding furiously on the black keyboard. His eyes never left the screen. Gillette knew the location of every character and symbol on the keyboard and touch-typed 110 words a minute with perfect accuracy. When he was starting to hack years ago he found that eight fingers were too slow so he'd taught himself a new keyboarding technique in which he used his thumbs on certain keys too, not just reserving them for the space bar.

  He was weak otherwise, but his forearms and fingers were pure muscle; in prison, where most inmates spend hours lifting iron in the yard, Gillette had done only fingertip push-ups to stay in shape for his passion. Now, the plastic keyboard danced under his hammering as he prepared to go online.

  Most of today's Internet is a combination shopping mall, USA Today, multiplex cinema and amusement park. Browsers and search engines are populated with cartoon characters and decorated with pretty pictures (plenty of those damn ads too). The point-and-click technology of the mouse can be mastered by a three-year-old. Simpleminded Help menus await at every new window. This is the Internet as packaged for the public through the glossy facade of the commercialized World Wide Web.

  But the real Internet--the Internet of the true hacker, lurking behind the Web--is a wild, raw place, where hackers use complicated commands, telnet utilities and communications software stripped bare as a dragster to sail throughout the world at, literally, the speed of light.

  This is what Wyatt Gillette was about to do.

  There was a preliminary matter to take care of, though. A mythological wizard wouldn't go off on a quest without his magic wands and book of spells and potions; computer wizards have to do the same.

  One of the first skills hackers learn is the art of hiding software. Since you have to assume that an enemy hacker, if not the police or FBI, will at some point seize or destroy your machine, you never leave the only copy of your tools on your hard drive and backup disks in your home.

  You hide them in a distant computer, one that has no link to you.

  Most hackers store their stash in university computers because their security is notoriously lacking. But Gillette had spent years working on his software tools, writing code from scratch in many cases, as well as modifying existing programs to suit his needs. It'd be a tragedy for him to lose all that work--and pure hell for many of the world's computer users since Gillette's programs would help even a mediocre hacker crack into nearly any corporate or government site.

  So he cached his tools in a slightly more secure location than the data-processing department of Dartmouth or the University of Tulsa. With a glance behind him now to make sure that no one was "shoulder surfing"--standing behind him and reading the screen--he typed a command and linked the CCU's computer with another one several states away. After a moment these words scrolled onto the screen:

  Welcome to the United States Air Force Los Alamos Nuclear Weapons Research Facility

  #Username?

  In response to this request he typed Jarmstrong. Gillette's father's name was John Armstrong Gillette. It was generally a bad idea for a hacker to pick a screen name or username that had any connection with his real life but he'd allowed himself this one concession to his human side.

  The computer then asked:

  #Password?

  He typed 4%xTtfllk5$$60%4Q, which was, unlike the username, pure, stone-cold hacker. This series of characters had been excruciating to memorize (part of his mental daily calisthenics in prison was recalling two dozen passwords as long as this one) but it would be impossible for someone to guess and, because it was seventeen characters long, would take a supercomputer weeks to crack. An IBM-clone personal computer would have to work continuously for hundreds of years before it spit out a password this complicated.

  The cursor blinked for a moment then the screen shifted and he read:

  Welcome, Capt. J. Armstrong

  In three minutes he'd downloaded a number of files from the fictional Captain Armstrong's account. His weaponry included the famous SATAN program (the Security Administer Tool for Analyzing Networks, used by both sysadmins and hackers to check the "hackability" of computer networks), several breaking and entering programs that would let him grab root access on various types of machines and networks, a custom-made Web browser and newsreader, a cloaking program to hide his presence while he was in someone else's computer and which would delete traces of his activities when he logged off, sniffer programs that would "sniff out"--find--usernames, passwords and other helpful information on the Net or in someone's computer, a communications program to send that data back to him, encryption programs and lists of hacker Web sites and anonymizer sites (commercial services that would in effect launder e-mails and messages so that the recipient couldn't trace Gillette).

  The last of the tools he downloaded was a program he'd hacked together a few years ago, HyperTrace, which could track down other users on the Net.

  With these tools downloaded onto a high-capacity disk Gillette logged out of the Los Alamos site. He paused for a moment, flexed his fingers and then sat forward. Pounding on the keys with the subtlety of a sumo wrestler once more, Gillette entered the Net. He began in the multiuser domains because of the killer's apparent motivation--playing a Real World version of the infamous Access game. No one Gillette queried on the subject, however, had played Access or knew anyone who had--or so they claimed. Still, Gillette came away with a few leads.

  From the MUDs he moved to the World Wide Web, which everyone talks about but few could define. The WWW is simply an international network of computers, accessed through special computer protocols that let users see graphics and hear sounds and leap through a Web site, and to other sites, by simply clicking on certain places on their screen--hyperlinks. Prior to the Web most of the information on the Net was in text form and navigating from one site to another was extremely cumbersome. The Web is still in its adolescence, having been born a little over a decade ago at CERN, the Swiss physics institute.

  Gillette searched through the underground hacking sites on the Web--the eerie, Tenderloin districts of the Net. Gaining entry to some of these sites required an answer to an esoteric question on hacking, finding and clicking on a microscopic dot on the screen or supplying a passcode. None of these barriers, though, barred Wyatt Gillette for more than a minute or two.

  From site to site to site, losing himself further and further in the Blue Nowhere, prowling through computers that might have been in Moscow or Cape Town or Mexico City. Or right next door in Cupertino or Santa Clara.

  Gillette sped through this world so quickly that he was reluctant to take his fingers off the keys for fear of losing his stride. So rather than jotting notes with pen and paper, as most hackers did, he copied material he thought was useful and pasted it into a word-processing window he kept open on the screen.

  From the Web he searched the Usenet--the collection of 80,000 newsgroups, in which people interested in a particular subject can post messages, pictures, programs, movies and sound clips. Gillette scoured the classic hacking newsgroups like alt.2600, alt.hack, alt.virus and alt.binaries.hacking.utilities, cutting and pasting whatever seemed relevant. He found references to dozens of newsgroups that hadn't existed when he'd gone to jail. He jumped to those groups, scrolled through them and found mention of still others.

  More scrolling, more reading, more cutting and pasting.

  A snap under his fingers and on the screen he saw:

  mmmmmmmmmmmmmmmmmmmmmmmmmmmmm

  One of his powerful keystrokes had jammed the keyboard, which had often happened when he'd been hacking. Gillette unplugged it, tossed it on the floor behind him, hooked up another one and started typing again.

&n
bsp; He then moved to the Internet Relay Chat rooms. The IRC was an unregulated no-holds-barred series of networks where you could find real-time discussions among people who had similar interests. You typed your comment, hit the ENTER key and your words appeared on the screens of everyone who was logged into the room at that time. He logged into the room #hack (the rooms were designated by a number sign followed by a descriptive word). It was in this same room where, as a young hacker, he'd spent thousands of hours, sharing information, arguing and joking with fellow hackers around the world.

  After the IRC Gillette began searching through the BBS, bulletin boards which are like Web sites but can be accessed for only the cost of a local phone call--no Internet service provider is required. Many were legitimate but many others--with names like DeathHack and Silent Spring--were the darkest parts of the online world. Completely unregulated and unmonitored, these were the places to go for recipes for bombs and poisonous gases and debilitating computer viruses that would wipe out the hard drives of half the population of the world.

  Following the leads--losing himself in Web sites, newsgroups, chat rooms and archives. Hunting . . .

  This is what lawyers do when they paw through hoary old shelves searching for that one case that will save their client from execution, what sportsmen do easing through the grass toward where they thought they heard the snarl of a bear, what lovers do seeking the core of each other's lust. . . .

  Except that hunting in the Blue Nowhere isn't like searching library stacks or a field of tall grass or your mate's smooth flesh; it's like prowling through the entire ever-expanding universe, which contains not only the known world and its unshared mysteries but worlds past and worlds yet to come.

  Endless.

  Snap.

  He had broken another key--the all-important E. Gillette flung this keyboard into the corner of the cubicle, where it joined its dead friend.

  He plugged in a new one and kept going.

  At 2:30 P.M. Gillette emerged from the cubicle. His back was racked with pure fiery pain from sitting frozen in one place. Yet he could still feel the exhilarating rush from that brief time he'd spent online and the fierce reluctance at leaving the machine.

  In the main part of the CCU he found Bishop talking with Shelton; the others were on telephones or standing around the white-board, looking over the evidence. Bishop noticed Gillette first and fell silent.

  "I've found something," the hacker said, holding up a stack of printouts.

  "Tell us."

  "Dumb it down," Shelton reminded. "What's the bottom line?"

  "The bottom line," Gillette responded, "is that there's somebody named Phate. And we've got a real problem."

  CHAPTER 00001100 / TWELVE

  "Fate?" Frank Bishop asked.

  Gillette said, "That's his username--his screen name. Only he spells it p-h-a-t-e. Like p-h phishing, remember? The way hackers do."

  It's all in the spelling . . .

  "What's his real name?" Patricia Nolan asked.

  "I don't know. Nobody seems to know much about him--he's a loner--but the people who've heard of him're scared as hell."

  "A wizard?" Stephen Miller asked.

  "Definitely a wizard."

  Bishop asked, "Why do you think he's the killer?"

  Gillette flipped through the printouts. "Here's what I found. Phate and a friend of his, somebody named Shawn, wrote some software called Trapdoor. Now, 'trapdoor' in the computer world means a hole built into a security system that lets the software designers get back inside to fix problems without needing a passcode. Phate and Shawn use the same name for their script but this's a little different. It's a program that somehow lets them get inside anybody's computer."

  "Trapdoor," Bishop mused. "Like a gallows too."

  "Like a gallows," Gillette echoed.

  Nolan asked, "How does it work?"

  Gillette was about to explain it to her in the language of the initiated then glanced at Bishop and Shelton.

  Dumb it down.

  The hacker walked to one of the blank white-boards and drew a chart. He said, "The way information travels on the Net isn't like on a telephone. Everything sent online--an e-mail, music you listen to, a picture you download, the graphics on a Web site--is broken down into small fragments of data called 'packets.' When your browser requests something from a Web site it sends packets out into the Internet. At the receiving end the Web server computer reassembles your request and then sends its response--also broken into packets--back to your machine."

  "Why're they broken up?" Shelton asked.

  Nolan answered, "So that a lot of different messages can be sent over the same wires at the same time. Also, if some of the packets get lost or corrupted your computer gets a notice about it and resends just the problem packets. You don't have to resend the whole message."

  Gillette pointed to his diagram and continued, "The packets are forwarded through the Internet by these routers--big computers around the country that guide the packets to their final destination. Routers have real tight security but Phate's managed to crack into some of them and put a packet-sniffer inside."

  "Which," Bishop said, "looks for certain packets, I assume."

  "Exactly," Gillette continued. "It identifies them by somebody's screen name or the address of the machine the packets're coming from or going to. When the sniffer finds the packets it's been waiting for it diverts them to Phate's computer. Once they're there Phate adds something to the packets." Gillette asked Miller, "You ever heard of stenanography?"

  The cop shook his head. Tony Mott and Linda Sanchez weren't familiar with the term either but Patricia Nolan said, "That's hiding secret data in, say, pictures or sound files you're sending online. Spy stuff."

  "Right," Gillette confirmed. "Encrypted data is woven right into the file itself--so that even if somebody intercepts your e-mail and reads it or looks at the picture you've sent all they'll see is an innocent-looking file and not the secret data. Well, that's what Phate's Trapdoor software does. Only it doesn't hide messages in the files--it hides an application."

  "A working program?" Nolan said.

  "Yep. Then he sends it on its way to the victim."

  Nolan shook her head. Her pale, doughy face revealed both shock and admiration. Her voice was hushed with awe as she said, "No one's ever done that before."

  "What's this software that he sends?" Bishop asked.

  "It's a demon," Gillette answered.

  "Demon?" Shelton asked.

  "There's a whole category of software called 'bots,'" Gillette explained. "Short for 'robots.' And that's just what they are--software robots. Once they're activated they run completely on their own, without any human input. They can travel from one machine to another, they can reproduce, they can hide, they can communicate with other computers or people, they can kill themselves."

  Gillette drew a second diagram, to illustrate how Trapdoor worked. "Demons are a type of bot. They sit inside your computer and do things like run the clock and automatically back up files. Scut work. But the Trapdoor demon does something a lot scarier. Once it's inside your computer it modifies the operating system and, when you go online, it links your computer to Phate's."

  "And he seizes root," Bishop said.

  "Exactly."

  "Oh, this is bad," Linda Sanchez muttered. "Man. . . ."

  Nolan twined more of her unkempt hair around a finger. Beneath the fragile designer glasses her eyes were troubled--as if she'd just seen a terrible accident. "So if you surf the Web, read a news story, read an e-mail, pay a bill, listen to music, download pictures, look up a stock quotation--if you're online at all--Phate can get inside your computer."

  "Yep. Anything you get via the Internet might have the Trapdoor demon in it."

  "But what about firewalls?" Miller asked. "Why don't they stop it?"

  Firewalls are computer sentries that keep files or data you haven't asked for out of your machine. Gillette explained, "That's what's brilliant about this:
Because the demon's hidden in data that you've asked for, firewalls won't stop it."

  "Brilliant," Bob Shelton muttered sarcastically.

  Tony Mott drummed his fingers absently on his bike helmet. "He's breaking rule number one."

  "Which is?" Bishop asked.

  Gillette recited, "Leave the civilians alone."

  Mott, nodding, continued, "Hackers feel that the government, corporations and other hackers are fair game. But you should never target the general public."

  Sanchez asked, "Is there any way to tell if he's inside your machine?"

  "Only little things--your keyboard seems sluggish, the graphics look a little fuzzy, a game doesn't respond quite as quickly as usual, your hard drive engages for a second or two when it shouldn't. Nothing so obvious that most people'd notice."

  Shelton asked, "How come you didn't find this demon thing in Lara Gibson's computer?"

  "I did--only what I found was its corpse: digital gibberish. Phate built some kind of self-destruct into it. If the demon senses you're looking for it, it rewrites itself into garbage."

  "How did you find all this out?" Bishop asked.

  Gillette shrugged. "Pieced it together from these." He handed Bishop the printouts.

  Bishop looked at the top sheet of paper.

  To: Group

  From: TripleX

  I heard that Titan233 was asking for a copy of Trapdoor. Don't do it, man. Forget you heard about it. I know about Phate and Shawn. They're DANGEROUS. I'm not kidding.

  "Who's he?" Shelton asked. "TripleX? Be good to have a talk with him in person."

  "I don't have any clue what his real name is or where he lives," Gillette said. "Maybe he was in some cybergang with Phate and Shawn."

  Bishop flipped through the rest of the printouts, all of which gave some detail or rumor about Trapdoor. TripleX's name was on several of them.

  Nolan tapped one. "Can we trace the information in the header back to TripleX's machine?"

  Gillette explained to Bishop and Shelton, "Headers in newsgroup postings and e-mails show the route the message took from the sender's computer to the recipient's. Theoretically you can look at a header and trace a message back to find the location of the sender's machine. But I checked these already." Nodding at the sheet. "They're fake. Most serious hackers falsify the headers so nobody can find them."