Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.
The best story ever!!!!
April 12, 1998 The Toronto Star
How `Datastream Cowboy' took U.S. to the
brink of war
Teenage hacker wove a path through
computer systems around the world to
attack the Pentagon
By Jonathan Ungoed-Thomas
Special to The Star
On the evening of April 15, 1994, six
American special agents sat in a concrete
basement at a secret air force base
patiently waiting for an attack.
Their unseen and unknown enemy had for
weeks been rampaging across the Pentagon
network of computers, cracking security
codes and downloading secret files.
Defence officials feared the infiltrator
was a foreign agent. They were monitoring
his movements in a desperate effort to
trace him to his lair.
He had first been spotted by a systems
manager at the Rome Laboratory at Griffiss
Air Force Base in New York state, the
premier command and control research
centre in the United States. He had
breached the security system and was using
assumed computer identities from the air
base to attack other sites, including
NASA, Wright-Patterson Air Force Base -
which monitors UFO sightings - and Hanscom
Air Force Base in Massachusetts. He was
also planting ``sniffer files'' to pick up
every password used in the system.
This was a new type of warfare, a ``cyber
attack'' at the heart of the most powerful
military machine on Earth.
But the American military had been
preparing for it, and there was a new
breed of agent ready to fight back against
the infiltrator. Computer specialists from
the Air Force Office of Special
Investigations and the Air Force
Information Warfare Centre in San Antonio,
Texas, were dispatched to Rome Laboratory
to catch the attacker.
By the end of the second week of their
attempt to outwit him, their windowless
basement room was a mess of food wrappers,
sleeping bags and empty Coke cans. Sitting
among the debris, the American cyber
agents saw a silent alarm throb on one of
the many terminals packed into the
10-metre by 10-metre room.
``Datastream Cowboy,'' as he called
himself, was on-line again.
They carefully tracked him on a computer
screen as he used the access code of a
high-ranking Pentagon employee to sign on.
This gave him the power to delete files,
copy secret information and even crash the
system. As he sifted through battlefield
simulation data, artificial-intelligence
files and reports on war weaponry in the
Persian Gulf, the agents worked
frantically at their terminals, trying yet
again to establish who he was and where he
had come from.
It was futile. Datastream Cowboy always
bounced around the world before launching
an attack and it was impossible even to
establish in which country he was sitting.
Suddenly he left the Pentagon system. The
agents rapidly checked the computer
address of his new target and were chilled
by the result: He was trying to access a
nuclear facility somewhere in Korea. The
shocked agents saw a terrible crisis
coming.
In 1994, the United States was embroiled
in tense negotiations with North Korea
about its suspected nuclear weapons
program. If the paranoid North Koreans
detected a computer attack on their
nuclear facility from a U.S. air base -
because Datastream Cowboy had assumed an
American military identity by routing his
assault through the Griffiss computer -
they would be bound to believe that the
hawks in Washington had won and this was
an act of war.
Senior defence officials were hurriedly
briefed as the agents tried to establish
the exact location in Korea of the
computer that Datastream Cowboy was trying
to crack.
After several tense hours, they had their
answer. His target was in South Korea, not
North. The security alert was over, but
the damage meted out by Datastream Cowboy
was not.
In the space of a few weeks he had caused
more harm than the KGB, in the view of the
U.S. military, and was the ``No. 1 threat
to U.S. security.'' What made Datastream
Cowboy so dangerous, in the view of the
Americans, was that he wasn't alone; he
was working with a more sophisticated
hacker who used the handle of ``Kuji.''
The agents repeatedly watched Datastream
Cowboy unsuccessfully attack a military
site and retreat for an E-mail briefing
from Kuji. He would then return and
successfully hack into the site.
Both Datastream Cowboy and Kuji were
untraceable. They were weaving a path
through computer systems in South Africa,
Mexico and Europe before launching their
attacks. Over 26 days, Datastream Cowboy
and Kuji broke into the Rome Laboratory
more than 150 times. Kuji was also
monitored attempting an assault on the
computers at NATO headquarters near
Brussels.
Both America's superpower military arsenal
and its huge civilian economy had become
reliant on microchips, and in the words of
Jamie Gorelick, a deputy attorney-general:
``Some day we will wake up to find that
the electronic equivalent of Pearl Harbor
has crippled our computer networks and
caused more chaos than a well-placed
nuclear strike.''
What made the U.S. military so vulnerable
was that the Internet - the computer
communications system developed by
Pentagon scientists as a tool for survival
after nuclear war - was opening up in 1994
to anyone in the world who had access to a
cheap and powerful personal computer. And
the Internet couldn't be policed, as it
had been deliberately set up without
controls to ensure ease of access for
nuclear survivors.
According to official U.S. figures, the
Pentagon's military computers are now
suffering cyber attacks at the rate of
250,000 a year and it is retaliating with
a $5 billion (Cdn) program of computer
protection to key systems.
The attacks by Datastream Cowboy and Kuji
were the opening shots in this barrage,
and the Pentagon generals insisted they
had to be found and put out of action. It
would have been relatively simple to shut
them out of the Pentagon network, but they
would survive to attack again - and their
identities and what information they had
already stolen would have remained
unknown. The American cyber agents were
ordered to continue chasing them through
the electronic maze.
But how? They used a process called
``fingering,'' in which they tried to
detect every computer that Datastream
Cowboy had used as a stepping stone before
his attacks. A computer on the Internet
gives its own address in the first few
bytes of any communication and the agents
tried to trace Datastream Cowboy's path
backwards. The process can often be
hit-and-miss because of the vast amount of
traffic on the Internet, and the hacker's
path was simply too long and circuitous to
follow to its end. The agents almost gave
up hope.
Then old-fashioned police work was brought
to bear. In the cyber age, where do
hackers hang out? On the Internet, of
course. They ``chat'' with one another
through their screens.
The agents had informants who cruised the
Internet and one of these made the
breakthrough. He found that Datastream
Cowboy hung out at Cyberspace, an Internet
service provider based in Seattle.
Moreover, he was a particularly chatty
individual who was eager to engage other
hackers in E-mail conversation. Nave, too.
Before long, the informant had established
that Datastream Cowboy lived in the United
Kingdom. He even gave out his home
telephone number.
Jubilant, a senior U.S. agent contacted
Scotland Yard for assistance. Datastream
Cowboy's number was traced to a house in
Colindale, part of the anonymous north
London suburbs. In Cold War days it would
have been a classic address for a spy's
hideaway.
American agents flew to London and staked
out the address with British police
officers. Detectives were cautious,
however, about making an immediate arrest
because they wanted Datastream Cowboy to
be on-line when they entered the house, so
that he would be caught in the act.
At 8 p.m. on May 12, 1994, four unmarked
cars were parked outside the Colindale
house. Inside one of them, a detective's
mobile phone rang. An agent from the Rome
Laboratory was on the other end:
Datastream Cowboy was on-line.
Posing as a courier, one of the officers
knocked on the door. As it was opened by a
middle-aged man, eight police officers
silently appeared and swept into the
house.
The officers quietly searched downstairs
and the second floor. Then, creeping up
the stairs to a loft-room, they saw a
teenager hunched in his chair tapping away
on the keyboard of his $2,000 computer.
They had found Datastream Cowboy. One of
the detectives walked up silently behind
the young suspect and gently removed his
hands from the computer.
For 16-year-old Richard Pryce, a music
student, it was the shock of his life. He
looked at the police officers and
collapsed on the floor in tears.
``They thought they were going to find a
super-criminal and they just found me, a
teenager playing around on his computer,''
says Pryce now.
``It had just been a game or a challenge
from which I had got a real buzz. It was
unbelievable because the computers were so
easy to hack, like painting by numbers.''
Pryce was arrested at his home but
released on bail the same evening.
Five stolen files, including a battle
simulation program, were discovered on the
hard disk of his computer. Another stolen
file, which dealt with artificial
intelligence and the American Air Order of
Battle, was too large to fit on to his
desktop computer. So he had placed it in
his own storage space at an Internet
service provider that he used in New York,
accessing it with a personal password.
During the subsequent police interviews,
one pressing question remained unanswered:
Who was Kuji?
Pryce claimed he had only talked with his
hacking mentor on the Internet and didn't
know where he lived. U.S. investigators
regarded Kuji as a far more sophisticated
hacker than Datastream. He would only stay
on a telephone for a short time, not long
enough to be traced. ``Kuji assisted and
mentored Datastream and in return received
stolen information. . . . Nobody knows
what Kuji did with this information or why
it was being collected,'' agents reported.
During the next two years of compiling
evidence in Britain and the United States
in the case against Pryce, British
detectives and U.S. agents failed to turn
up any evidence that might lead to Kuji.
Their break finally came in June, 1996,
when the computer crime unit decided to
sift once again through the mass of
information on the hard disk of Pryce's
computer.
Mark Morris, then a detective sergeant
with Scotland Yard's computer crime unit,
took on the job. ``I was at home with my
laptop and went through every bit of that
hard disk.'' It took him three weeks. If
all the files had been printed out they
would have filled 40 filing cabinets.
At last Morris found what he wanted. ``At
the bottom of a file in the DOS directory
I saw the name Kuji. Next to the name was
a telephone number. Pryce might not have
even known it was on his system because he
downloaded so much information.''
For American agents hoping to catch a
superspy, Kuji's telephone number was a
grave disappointment. He was based in
Cardiff, Wales.
A team of officers drove up to his
address, a terraced house, and finally
discovered Kuji's identity. He was
21-year-old Mathew Bevan, a soft-spoken
computer worker with a fascination for
science fiction. His bedroom wall was
covered with posters from The X-Files, and
one of his consuming interests was the
Roswell incident, the purported crash of a
UFO near Roswell, N.M., in 1947.
He was arrested June 21, 1996, at the
insurance office where he worked. The next
day, Bevan, the son of a police officer,
was charged with conspiracy under the
British Criminal Law Act 1997. He was
later charged with three offences under
the Computer Misuse Act 1990.
Pryce had been charged in June, 1995, more
than a year after his arrest, with 12
offences under the Computer Misuse Act. He
was also charged with conspiracy shortly
before Bevan's arrest.
At the climax of one of the biggest
international computer crime
investigations and after a security scare
in the United States, law enforcers were
left with a meagre and faintly
embarrassing prize: two young hackers who
in their spare time, from the comfort of
their bedrooms, had penetrated what should
have been the most secure defence network
in the world.
To rub salt into the wounds, their
credentials were hardly impressive. At
school, Pryce had scraped a D grade in
computer studies, and Bevan had dropped
out of a computer course.
Bevan, now 23, says he would spend up to
30 hours without a break on his computer.
He claims the fraternity of hackers gave
him the friendship that he had failed to
find during his childhood. ``I was bullied
at school and I found my little community
and interaction through my computer.
``The hackers would all egg each other
on,'' he adds. ``There wasn't anything
malicious about it. . . . Some people
watched television for six hours a day. I
hacked computers.''
In March last year, Pryce was fined the
equivalent of $2,500 after admitting 12
offences under the Computer Misuse Act.
The remaining charges against him and
Bevan were dropped.
The two young men are living down their
experience in different ways.
Pryce's computer was confiscated, to his
initial dismay. ``It was quite difficult
because I had been (hacking) every night
for a year.''
Now he thinks hacking was a waste of time.
He doesn't even own a computer anymore.
Bevan, however, has put his notoriety to
good use. He has a job testing computer
security of private firms.
LONDON SUNDAY TIMES
Contents copyright © 1996-1998, The Toronto Star. ……………..
aww he doesn't even have a computer anymore…?
I don't even watch TV, its pointless and US news is completely biased… watch the Swedish stuff, it's pretty objective most of the time…
I found so many friends here… way more than in the "real" world (however you choose to define real..)
To each his own… good read, thanks mate.
//reminiscing on self_▼
For me, this is my own window into the world. Also, the sun burns my skin… badly… like, in 10 minutes (not kidding). So this is where I live. Some people think that's sad… I find them amusing :D.