- Home
- Jeremy N. Smith
Breaking and Entering Page 11
Breaking and Entering Read online
Page 11
Alien flew. The ends of her naturally dark hair were freshly dyed a color called Nuclear Red that glowed under black light. She caught air as she skipped down the Building 7 steps in Rollerblades. Alien zoomed across Mass Ave, wove through a group of freshmen bunched outside the student center, and zipped down Vassar Street, where she took a left at MIT Police headquarters, and then braked at the I/S offices, a new two-story redbrick building on the far west side of campus. Alien tromped up a front flight of stairs and inside at ten p.m.
I/S employed several hundred people, divided into more than a dozen teams. Many were fellow students, night owls, or both. As Alien rolled forward under fluorescent lighting, over thin carpeting, and through a small foyer leading to a warren of indistinguishable cubicles, she saw that at least ten out of fifty desks on this side of the first floor still had someone working at them at this hour. Yet Alien was the sole network security team member present. Like physical security guards, they worked in shifts, responding 24/7 to viruses, outages, targeted attacks, and other threats.
MIT helped invent the Internet. As a consequence, it controlled vast swaths of cyberspace—far more than any other university, as much as AT&T, IBM, or major portions of the U.S. military. Unlike these other mammoth organizations, however, the Institute had long prided itself on its powerful computers and high-speed network being independent and open, absent any overriding central authority or firewalls beyond a NetID and password to block unauthorized access.
The virtue of the decentralized, open network was that it facilitated the free flow of information vital to a great research university. As a member of the MIT community, you could set up virtually whatever systems you wanted, however you wanted them, which encouraged experimentation. And you could use the network without restrictions on speed or bandwidth, which encouraged collaboration. Together, these principles inspired innovation, invention, and discovery, the goals to which the Institute was most devoted.
Freedom, however, had its liabilities, especially as the network grew. First, it was hard to manage the monumental traffic, particularly when system updates were needed or problems arose. Second, MIT’s high profile made it a major target for attackers. Thirty years earlier, a few thousand people had used the Internet. Fifteen years earlier, it was a few hundred thousand. Now it was more than 500 million. Anyone, anywhere could be a kind of hacker, doing the online equivalent of testing doors, picking locks, sneaking in, and trying to leave his or her mark.
Alien logged in at an Athena workstation when she reached her desk. CaseTracker, a Web-based program, loaded: forty-five new messages. These might come from her boss, Marie—an Indian American woman in her thirties—other network security team members, anyone else at MIT, off-campus sources, or any of a host of automated scans, internal or external.
In 2000, the so-called Love Bug virus, a malicious Windows script masquerading as a love letter, for example, had circulated via people’s email contacts, hiding or deleting certain types of files as soon as it was opened. Countless copycat viruses followed, along with “worms,” or self-propagating programs, that spread back and forth between Athena and other university networks and commercial Internet service providers, hogging bandwidth and overloading the routers that let computers communicate online. Local to MIT, there was a student-run UNIX server hijacked by someone selling email accounts to white supremacists. Actual foreign agents on the prowl for classified information from the Institute’s many defense department contractors. The random high school kid (and likely prospective applicant) in Iowa City—or Istanbul or Irkutsk—who wanted to brag that he’d hacked MIT.
“Trouble runs both ways,” Marie reminded everyone. One issue was packet sniffing, as Alien had already witnessed. Another, even more common, was copyright infringement. Students who would have howled if they’d known someone was reading their email had no qualms about storing and trading vast amounts of intellectual property online. Free-software evangelists like Jake believed computer programs should be written to be shared. Others extended the idea, claiming that if “information wants to be free,” any copyrights should be ignored.
In 1994, a Fifth East resident named David LaMacchia had been caught, arrested, and indicted by a federal grand jury for running his own secret file-sharing site to store and trade copyrighted software and games, using MIT servers. The case was ultimately dismissed, however, because LaMacchia charged nothing for his services.
Congress subsequently moved to close the “LaMacchia loophole,” as it was called, passing the No Electronic Theft Act in 1997, followed by the Digital Millennium Copyright Act in 1998. Still, Napster, the first popular music file-sharing service, had thrived at MIT before record industry lawsuits shut it down. And now many students, Alien among them, had moved to so-called peer-to-peer file-sharing services like LimeWire, through which individual users connected directly with one another, no central server necessary, essentially letting everyone online access anything online anyone had stored.
It was with a healthy sense of irony, then, that Alien started work tonight processing a half-dozen takedown notices from aggrieved music and video and computer software copyright holders, angry at MIT students for downloading and distributing their content without payment or permission.
The next two messages Alien saw were easy: new virus reports. The network security equivalent of police APBs, these described viruses by name, appearance, and behavior, including the specific systems they targeted and what countermeasures could stop them.
“Thank you for bringing this to our attention,” Alien replied in both cases. “We will investigate this notice and take appropriate action.” After moving the reports to active, open status in CaseTracker, Alien signed off: “Elizabeth, for the Network Security Team.”
The following incident was trickier. A tenured physics professor, the head of a large research group, had yet to respond to repeated warnings to update vulnerable system software. Now his desktop machine was infected, and actively attacking several multimillion-dollar supercomputers.
Alien wrote to the professor again, sharing the relevant virus report and pasting a link to a Web page where anti-virus software could be downloaded.
“Please either use this software now to remove the virus from the computer, or else disconnect the computer from the network until you have time to use the anti-virus software,” she concluded. If he did not follow her instructions, she made clear, “the network connection may be shut off at any time.”
When she finished typing, Alien checked the time—11:18 p.m.—and then her personal email.
“Are you going to poker night?” Heston wrote her via Zephyr, referring to a weekly Thursday night game a group of recent Senior House graduates hosted at their Somerville apartment.
“Yes!!” Alien replied.
They chatted briefly, and then Alien toggled back to CaseTracker.
It was now 11:23 p.m., she saw. The network security team had nine new messages. The price of a five-minute break was that she had as many cases as she had started with.
I’m playing whack-a-mole, Alien thought.
Alien liked the network security job despite—or, really, because of—its challenges. Even to sophisticated users, MIT’s network was largely out of sight and therefore out of mind. They didn’t have Alien’s level of access and inside knowledge. There was so much more risk than people realized.
More than mere workplace, the I/S office became a hangout. Marie treated Alien and the other student staffers like adults, and welcomed their help brainstorming how to do an almost impossible job better. To that end, Alien wrote new computer scripts to automate her most common CaseTracker activities, crafted Web pages and other outreach materials explaining security fundamentals to ordinary users, and learned how to log into routing equipment called switches and remotely disable someone’s port, or point of access to the Internet, if his or her machine was causing problems.
Soon, scanning the network, she had the same sensation as reaching a rooftop
and feeling like everything in sight belonged to her. Except now, she thought, it’s my job to protect it.
“I want you to join us tomorrow night,” Marie messaged Alien one evening in early December. “To observe and learn.”
The next day was Tuesday, December 11, 2001, exactly three months since the airplane hijackings that had attacked the Pentagon and destroyed the World Trade Center. In Afghanistan, the United States and its allies were now at war with international terrorism in a campaign called “Operation Enduring Freedom.” Like so many others, Alien had been stunned by the 9/11 attacks. They had a special personal dimension for her, since she had worked in the Wall Street area one summer only a few years back, when she was in high school, and was haunted by the virtual certainty that she had known some of the three thousand victims. The terrorists hadn’t used computers, but they had certainly taken advantage of other vulnerabilities. They had made the entire world feel less secure, making any kind of breach a source of anxiety.
Alien arrived in the office at eight p.m., performing CaseTracker triage while she waited for Marie. The same physics professor Alien had emailed in early September had a new computer virus. The man was a Nobel laureate, she’d discovered. Rather than change his habits after I/S pulled his port the first time, he’d called Chuck Vest, the president of MIT, personally to complain. As a result, I/S had been forced to reactivate his connection.
Maybe forty minutes in, Marie arrived at Alien’s cubicle. “Glad you could make it,” she said. “Sorry I couldn’t give you more background. Ready?”
“Sure,” said Alien without any idea for what.
She hadn’t been summoned because of anything to do with the physics professor. They crossed the campus and, at nine p.m. sharp, entered the MIT economics department lobby.
“They’ll be doing forensic acquisition,” Marie said quietly. “Watch carefully and don’t say anything.”
Four people awaited them. Clearly in charge was a handsome man in his late thirties, with sandy blond hair and a goatee, dressed in a dark suit. He conferred with a junior colleague in his late twenties. From their clothing and manner, neither looked as if he worked at MIT.
Off to the side, watching a little nervously, Alien thought, was the economics department’s IT guy, who couldn’t have been older than twenty-five. Beside him was a red-haired sixtyish employee of the physical maintenance office.
“Okay?” the older of the men in suits asked everyone. His tone was crisp and curt, his posture straight-backed in a way suggestive of military training. They had spent only a few seconds together, but his eyes were sharp and observant. Alien felt certain that the man had already committed her height, weight, age, and other identifying characteristics to memory, just in case.
Fascinated, she nodded with the others.
“Okay, then,” the man said. “Let’s go.”
The physical maintenance guy unlocked the department office door and then left. The econ IT guy entered first. Next came the younger of the men in suits, tugging a black roller suitcase behind him, and then the older, who beckoned Marie and Alien to trail him closely.
The group stopped opposite a department lounge at what looked like a closet door. Marie and the men in suits looked to the IT guy, who seemed jittery as he stepped forward. After stumbling on the first try, he unlocked the door with an electronic keycard.
Following him, the others squeezed inside one by one.
The space was approximately five by eight feet, with a white linoleum floor. As Alien crossed the threshold, her first sensation was of noise from several large fans going full blast. Since the room was already air-conditioned, her second sensation was of feeling cold. Goose bumps formed on her exposed arms. Adjusting to the new environment, Alien saw the younger of the men in suits opening his roller case in front of black metal racks along the wall.
The racks were stacked with hard drives connected by labeled cabling to MIT network ports.
This was a server room, Alien recognized. These machines were loaded with data generated by the department’s faculty and students. Typical of where she had gone hacking freshman year, it was the kind of place hundreds of people passed every day but almost everyone ignored. In Course 19, however, Alien had focused almost entirely on empty or abandoned spaces, which this most certainly was not.
On the hard drives in front of her were gigabytes of economics information and equations, the product of decades of research and analysis, humming toward thousands of results—some dead ends, some future Nobel Prizes, and all of supreme interest to those who’d put them there. And on them too, apparently, was something of interest to the men in black.
Alien watched and listened closely as the older man shouted out specific Internet addresses. The IT guy darted back and forth, seeking the cables with those labels. Meanwhile, the younger man removed external hard drives from the suitcase and mounted them on the designated machines. He controlled all he was doing from a monitor and keyboard he had also brought with him. With assistance from Marie and the IT guy, he ran the UNIX program dd, a disk duplicator that copied or “imaged” what was on the servers.
“Okay, we’re starting the imaging process,” the younger man said, looking up long enough to make brief eye contact with Alien. He made a note in a little book next to him.
Alien kept a discreet distance. Another person would have wanted to know why they were here, but she was completely focused on the technical processes. The difference between using CaseTracker and tagging along tonight was that between reading an anatomy textbook and watching a live medical procedure in an operating theater. It wasn’t the patient that interested Alien but the surgery.
“Good?” the older man in the suit mouthed silently when everything was up and running.
His associate at the keyboard signaled a thumbs-up.
They let the imaging run for a few minutes and then calculated the pace of their progress. In the meantime, the younger man snapped photos of the server room and filled out what appeared to be a detailed inventory.
“Okay—it looks like we’re good for now,” the older man shouted over the fan noise when his colleague had finished writing. “We’ll follow up at four a.m.”
They left. Outside, back in front of the department building, without any explanation, Marie told Alien to go home. “Good job. See you tomorrow” were her parting words.
Alien walked slowly to Senior House. For once, winter weather cleared rather than clouded her head. Because I/S had extraordinary access privileges, the first rule of the network security team was to respect user privacy. That they had come to the economics department at night, led by these two men, in order to copy hard drives in secret suggested something very serious. Forensic, Marie had said. It hadn’t registered until now.
Alien realized that she had just seen a computer network treated as the scene of a crime.
INTERNET PIRACY IS SUSPECTED AS U.S. AGENTS RAID CAMPUSES, read a headline in the following morning’s New York Times. “Federal law enforcement agents seized computers and raided computer networks at M.I.T., the University of California at Los Angeles and other large universities today in shutting down what they described as one of the Internet’s largest and most sophisticated software piracy networks,” the paper reported.
The pirates, collectively called DrinkOrDie, used the university servers as “drop sites,” storing and distributing huge portions of their haul via campus servers. Like David LaMacchia before them, individual participants seemed to have no personal profit motive, working instead for bragging rights, the technical challenge of being the first to crack copy protections, and access to the free software, games, music, and movies provided by fellow members. Once a file was up, though, outsiders, including organized criminal groups, could download and package it for resale.
DrinkOrDie had posted Windows 95 two weeks before Microsoft released it, the Times said. Now they had up Harry Potter and the Sorcerer’s Stone and Monsters, Inc.—films that were still in theaters. Accor
ding to federal investigators, the financial loss to the producers of all this content ran into the hundreds of millions of dollars.
Before the new year, a twenty-three-year-old computer sysadmin—systems administrator—for the MIT economics department was identified as a ringleader. In August 2002, he was sentenced to thirty-three months in prison.
Alien didn’t follow the DrinkOrDie case closely. Others could debate whether the rogue sysadmin’s punishment was merited by his actions. What intrigued her was how he had gone undetected for so long—and then how he had been discovered and tracked.
The fall semester of 2002 was Alien’s final one at MIT. Through hard work, helpful TAs, and her own talent for the types of hands-on projects required in labs, she’d escaped aerospace information systems and actually boosted her GPA in electrical engineering and computer science. She’d also sweet-talked her new adviser into letting her replace several Course 6-2 classes with credits from unified engineering, even though the topics covered were completely different. The only significant requirement standing between her and graduation was her AUP, or Advanced Undergraduate Project.
“I want to do something with security for my AUP,” Alien told Marie.
“Want to take a look at network flows?” said Marie. “Flick”—a fellow SIPB member—“wrote a script to gather the records from all our routers. We’re not really doing anything with the information, though.”
Alien nodded. “Cool!” All of MIT’s internal traffic flow records . . . now that would be an interesting extension of her desire to see inside the Institute and understand what was going on. Flow records stored the source, destination, time, and amount of information involved in any data transfer. Because the records captured traffic flow by size, not content, personal information was still protected, but a digital piracy drop site, virus-spewing supercomputer, or other significant security issue would be obvious by its imprint.