Markus Hess, a German citizen, was a computer prodigy and particularly effective hacker. Hess was recruited by the KGB to be an international spy with the objective of securing U.S. military information for the Soviets.
Contents |
Lawrence Berkeley Laboratory
Hess's hacking activities were discovered by Clifford Stoll, an astronomer turned systems administrator of the computer center of the Lawrence Berkeley Laboratory (LBL) in California. Stoll's first duty at his job was that of tracking an accounting error in the LBL system. Early in his investigation, Stoll was able to determine that the computer system at LBL had been compromised and that the hacker had obtained “root” or systems privileges. Such a security compromise was more important than the accounting error. Stoll was eventually able to figure out how the hacker had broken in and what the hacker's activities on the system were. LBL management considered attempting to seal off the system from this hacker, but Stoll and his colleagues convinced LBL’s management that such an approach would not be effective. Ultimately, they installed a honeypot to ensnare the hacker.
Getting in
Hess’s initial activities started at the University of Bremen in Germany through the German DATEX-P Network via satellite link or transatlantic cable to the Tymnet International Gateway. Tymnet was a "gateway" service that a user called into that routed him to any one of a number of computer systems that also used the service. Tymnet was one of a number of services available that provided local telephone numbers, where directly accessing the computer would have been a long distance call. Users normally used packet switching services like Tymnet for cost reasons. Once he accessed Tymnet, Hess branched out to the Jet Propulsion Laboratories in Pasadena, California and to the Tymnet Switching System. It was through this switching system that he accessed the LBL computers. Hess was able to attack 400 U.S. military computers by using LBL to “piggyback” to ARPANET and MILNET. ARPANET was a civilian wide area network created by the Department of Defense which would later become what we know now as the Internet. MILNET was its military counterpart.
Targets
The facilities that Hess hacked into included:
- SRI International - Menlo Park, California
- U.S. Army Darcom - Seckenheim, West Germany
- Fort Buckner Army Base - Okinawa, Japan
- U.S. Army 24th Infantry - Fort Stewart, Georgia
- U.S. Navy Coastal Systems Computer - Panama City, Florida
- U.S. Air Force - Ramstein Air Base, West Germany
- MIT MX Computer, Cambridge, Massachusetts
- OPTIMIS Database - The Pentagon
- Air Force Systems Command - El Segundo, California
- Anniston Army Depot - Anniston, Alabama
Tracking Hess & his capture
Stoll, with the help of local authorities, was able to trace the call to Tymnet switch in Oakland, California. Because the call came in from Oakland rather than from Berkeley, it was obvious that the hacker was not working locally. Tymnet officials helped LBL trace the various calls even though the hacker attempted to conceal where his calls originated from. Enlisting the aid of AT&T and the FBI, Stoll was eventually able to determine that the calls were being “piggybacked” across the United States though the origin of the call was from Hannover, Germany. Stoll was able to trap Hess by creating records of a bogus military project conducted on LBL computers. While the bogus information was convincing, the primary goal was simply to keep the hacker connected long enough to trace his connection, with the remote hope that the hacker might send a written request for further information listed as available in hard copy format. This simple technique worked. A request was received from a Pittsburgh address requesting the additional written information. At this time, this type of hacking was new and it was a challenge to get the cooperation of the FBI and the West German government. Eventually, the German authorities were able to break in and arrest Hess. Hess went to trial in 1990 and Stoll testified against him. Hess was found guilty of espionage and was sentenced to a one to three year prison sentence. Eventually, he was released on probation and currently writes networking software for a computer company in Germany. After Hess's conviction, Stoll wrote a book entitled The Cuckoo's Egg ISBN 0-7434-1146-3 about his efforts to track and locate Hess.
