A Bold Raid on Computer Security

By Philip Elmer-DeWitt

For months the computer intruder moved like an invisible man -- until one day Clifford Stoll saw the footprints. The frizzy-haired Stoll, 37, a systems manager at California's Lawrence Berkeley Laboratory, knew something was amiss when one of the computers in his care revealed that an electronic trespasser was trying to use the lab's machines without providing a billing address. Suspecting the intruder might be a student prankster from the nearby University of California campus, Stoll launched a novel experiment. Instead of shutting out the interloper, he allowed him to roam at will through the system while carefully recording his every keystroke.

Thus began a game of cat and mouse that led Stoll and half a dozen investigative agencies far beyond the Berkeley campus. For ten months, they followed the hacker as he wended his way through the networks that link U.S. military and industrial computers all over the world. By the time the hacker was tracked to a ground-floor apartment in Hannover, West Germany, he had accomplished perhaps the most extensive breach of U.S. computer security to date. While no top secrets appear to have been uncovered, the incident shows how easy it can be to go fishing for sensitive information via phone lines and personal computers.

The case first came to light in the West German weekly Quick, which identified the suspect as a 24-year-old computer-science student with the pseudonym Mathias Speer. In a press conference last week, his pursuer, Stoll, described how the young hacker used the Lawrence Lab computer as a gateway to Internet, a U.S. Government-owned network that connects some 20,000 computers handling scientific research and unclassified military work. While Speer used fairly standard techniques for cracking passwords, he showed uncommon persistence. He attacked some 450 different computers and gained access to more than 30. Victims ranged from the Navy Coastal Systems Command in Panama City, Fla., to the Buckner Army Base in Okinawa.

The intruder's appetite for military data is what eventually did him in. To trick him into staying connected long enough to effect a telephone trace, Stoll dangled an irresistible lure: a file of bogus Star Wars information titled SDI Network Project. The sting worked. The hacker stayed on the line for more than an hour, greedily loading the phony data into his home computer. (The information was booby-trapped as well, containing an address in Berkeley for more information on the fictitious project.) West German authorities, working with the FBI, traced the call to the Hannover apartment, questioned its occupant, and later confiscated his machine.

The intrusions came to an abrupt halt, but the mystery persists. Was Speer % simply a clever hacker? Or was he a would-be mercenary or even an East bloc spy? Speer is apparently not telling, and the West Germans lack sufficient evidence to haul him into court. But back in Berkeley, an intriguing new lead has surfaced. Three months after Speer took the Star Wars bait, the lab received a request for more information on the bogus project. Postmarked Pittsburgh, it was signed by a reputed arms dealer with ties to Saudi Arabia. How could he have got the address? The only way, lab officials insist, was to have been in cahoots -- or at least in contact -- with the Hannover hacker.

With reporting by Rhea Schoenthal/Bonn and Dennis Wyss/San Francisco