Summary

Chapter 24: The Dead End in McLean

Cliff talks with Dan Kolkowitz at Stanford, who thinks he has found their hacker, a high school student who leaves his calculus homework on the system. His name is Knute Sears and the professor is Maher. Dan says there is no such student or teacher there. Cliff wonders if the student is in a school near McLean. He asks his sister, who lives in the DC area, to get McLean High School. She reaches there and finds that it is an elite school of rich kids. There is a teacher named Maher who teaches history, but no student of the name Knute. Cliff gets in touch with Mike Gibbons, an FBI agent who understands computers and Unix.

Chapter 25: Becoming the Hacker

When the hacker disappears for two weeks, Cliff decides to act like a hacker himself to test his ideas about Mitre. He finds that Mitre’s network is indeed insecure, letting anyone make calls across the country at Mitre’s expense. While investigating, he discovers a Trojan Horse program on their Aerovax computer that has been stealing passwords since June. Cliff realizes that Mitre is being used to hide the hacker’s real location, so he asks Bill Chandler at Mitre to send him their long-distance phone bills for analysis. Cliff gets the Mitre phone bills and sees that the call costs were worth thousands of dollars. He uses correlation analysis and writes a program on his Mac to match the hacker’s Berkeley sessions with calls from Mitre. He finds that the hacker has broken into more than a dozen important military and research sites across the U.S.

Chapter 26: The Keck Telescope Program & New Revelation about the Hacker

Cliff’s boss, Roy Kerth, asks him to write a program to model their telescope output. Cliff thinks of putting the hacker investigation on the back burner since it is not his main job. He needs to spend at least a week to learn a programming language in the new “object-oriented paradigm” and then write the program. But after talking to Jerry and Terry, he learns that a professor in Pasadena has already written a similar program. Cliff contacts the professor, gets the program, adapts it for his needs, and has it working by 2 AM. Then he returns to his investigation. After Cliff sees no activity for some time, he checks and finds that Mitre has plugged their security hole. Cliff worries the trail has gone cold. His review of the phone bills leads him to Ray Lynch at a Navy data center in Norfolk. There, he learns the hacker created an account called “Hunter” months before. Cliff realizes the hacker is skilled in both Unix and the VMS operating system, often using default passwords like SYSTEM/MANAGER. This changes Cliff’s view of the hacker: the hacker is not a kid, but a professional or system administrator. He feels that

“he had been following someone in his twenties who smoked Benson and Hedges cigarettes and broke into military computers, searching for classified information.”

Chapter 27: Thanksgiving and the Hacker is back after a 30-day hiatus

Cliff had Thanksgiving at his home with roommates and friends who were mostly musicians or professors. The hacker had been gone for a month, and he wondered why. While he was presenting his graphics display program to the astronomers, his pager alerted him that the hacker was back. He could not publicly say that he was still working to find the hacker, since the 3-week period had passed. So he wrapped up the presentation and went from there. He is unable to trace the hacker, but he is glad the hacker is back.

Chapter 28: Why does the hacker always work around noon?

Cliff asks the key question: why does the hacker work during the day, since he almost always works around noon Pacific Time? The telephone connection would cost more, and generally, hackers work at night. Is he so brazen? Even Martha says that it is unusual. Professional burglars always keep odd hours. Then Cliff realizes that the hacker might be dialing in from abroad. His distance analysis in the past comes back to his mind.

Chapter 29: The Satellite Trace

One Saturday, Cliff searches Usenet and other forums for clues but finds nothing. While looking out over the bay from his roof, his pager goes off. He calls Ron Vivier to trace the call and learns that the hacker is dialing in through an ITT IRC satellite downlink. He also discovers that the hacker tried to access 42 military computers. Ron then connects him with Steve White, an international specialist at Tymnet.

Chapter 30: The German Connection

Steve traces the call and finds that the hacker has the calling address DNIC-2624-542104214, which corresponds to the Datex network in West Germany. Datex is the Tymnet equivalent in Germany. They need to call Bundepost since the post office handles the telephone lines in most countries. Cliff realizes that Mitre was being used to foot the bill for expensive transatlantic calls and to mask the hacker’s identity. He concludes that he isn’t chasing a “mouse” (a curious student), but a rat, a spy systematically searching for military secrets.

Thoughts

Most computer breaches occur because accounts with default passwords are left unchanged. This was true in the 1980s, where the hacker uses default credentials like SYSTEM/MANAGER and gained super-user privileges, and it remains true today. I was reminded of a passage from a book chapter that I wrote in 2018 -

“The moment someone places a device on the internet without changing the default password, it gets added to the army of vulnerable machines used for DDoS attacks. A report from ‘welivesecurity.com’ [27] mentions that ESET tested more than 12,000 home routers to find 15% of them being unsecured. In the article ‘10 things to know about Oct 21 IoT DDOS attack’ [28], Stephen Cobb lists default password as the leading cause. A mashable.com report in 2014 [29] mentions that 73,000 webcams were discovered on the internet because people did not change default passwords.”

Moh, M., & Raju, R. (2019). Using machine learning for protecting the security and privacy of Internet of Things (IoT) systems. Fog and Edge Computing: Principles and Paradigms, 223-257.

While the early days of the Internet opened access to many networked computers, the IoT era opened it even further (same issue, different types of devices). And now, AI agents are exposing it even more. As of now, tens of thousands of people are installing agents like OpenClaw (Clawdbot/Moltbook) on their machines, and there have been so many reports of privacy issues and security threats from these devices. Convenience and the promise of access to a personal AI assistant trump security, I guess.

“Researcher Jamieson O’Reilly went one further, managing to gain access to Anthropic API keys, Telegram bot tokens, Slack accounts, and months of complete chat histories. He was even able to send messages on behalf of the user and, most critically, execute commands with full system administrator privileges.”

Kaspersky. (2024, June 5). OpenClaw vulnerabilities exposed: How attackers can take over smart locks. Kaspersky Daily. https://www.kaspersky.com/blog/openclaw-vulnerabilities-exposed/55263/

Most people probably still think “Why would anyone want to hack me? I’m not that interesting”.