From postnews Wed Apr 1 21:35:07 1992 Newsgroups: comp.risks Subject: WAR GAMES II v.2 Message-ID: <1fzVpj#1kvhwr3KkdVR0Brp4k8cVMWp=eric@snark.thyrsus.com> Date: 2 Apr 92 02:34:18 GMT Status: RO [A few changes to the part after TO BE CONTINUED; these strengthen the ending and give a bit better picture of the estimable Lt. Miller.] -- WAR GAMES II or How I Learned To Start Worrying and Hate The Bomb [posted to comp.risks; an incomplete version previously went to other groups] Some of my friends call me an `improbability vortex' --- the kind of person weird stuff just naturally happens around. Occasionally I manage to to forget why; my life doesn't seem bizarre to *me*. Then, something happens to remind me... Wednesday, March 25 1992: a fairly ordinary day in the life of Eric Raymond, Boy Hacker. Shower, read netnews, phone calls, some revision on the clone hardware buyer's guide I've been working on for comp.unix.sysv386. Will the top ten vendors go for my idea of a competitive "UNIX Dream Machines Bake-Off"? Hmm...well, Swan Tech wants to sign up, that's a start. Ah, the mail's in. Riffle, riffle. What's this? Forwarded from MIT Press. Something about the book, no doubt... The Book: if you don't know it already, I edited a lexicon called _The_New_Hacker's_Dictionary_ (MIT Press, 1991, ISBN 0-262-68069-6). It's all about hacker language and folklore. Sold 14,000 copies in its first seven months, got rave reviews everywhere, good stuff like that. Got my first nut-case letter about a month back --- always heard that was supposed to happen to authors. Some of the fallout has been weird. Ouch, fallout --- *bad* choice of words. Back to our story. Hm. From ISPNews. INFOSecurity Product News. Eh? Never heard of them; sounds like some trade rag for professional paranoids. Computer form on the inside; addressed to ERIC RAYMOND EDITOR, THE MIT PRESS, MASS INST OF TECHNOLOGY, CAMBRIDGE MA 02142. I see what happened; the Press's editorial address miscegenated with my book credit in someone's mailing-list software, and some clerical droid at the Press didn't look at content and forwarded a piece of mail that should have stayed in-house. What we've got here is, oh, yeah, must be a report from the magazine's bingo card. Reader service; they circle numbers, you get a bunch of product info requests. OK, who wants to know about my book? Maybe I'll give them a surprise and answer it myself. They probably all think the book is a how-to manual for crackers. Damn all journalists for what they did to the word "hacker", anyhow... There were four. First one: DAVID CARGILL SYSTEMS A GUARDIAN LIFE INS STE 201 888 SEVENTH AVE NEW YORK NY 10106 Oh, boring, I thought to myself. Actually he turned out not to be; I spoke with him, later, and the guy turns out to be an old UNIX hand who, when I explained what the book is really about, cheerfully expatiated on Cargill's Theory of Fat Electrons. See, Con Edison sucks its line current out of the big generators with a pair of coil taps located near the top of the dynamo. When the normal tap brushes get dirty, they take 'em off line to clean up, and use special auxilliary taps on the *bottom* of the coil. Now (sez Cargill) this is a problem, because when they do that they get not ordinary or `thin' electrons, but the fat'n'sloppy electrons that are heavier and so settle to the bottom of the generator. These flow down ordinary wires OK, but when they have to turn a sharp corner (like in an IC via) they get stuck. This is what causes computer glitches. I laughed, said "You sound like a man who wants to hear about {quantum bogodynamics}" and directed him to the on-line version of the book at prep. Back to our story... Next guy... BRADLEY H EDWARDS SEC SPE SECURITY-SAFETY CONSULTS PO BOX 536 TOPEKA KS 66601 Well, the phone number attached to this one was out of service. Security Specialist, eh? For sure he's got the cracker/hacker bug on the brain. Then my eyeballs tripped over the third address PAMELA D MILLER CHIEF USSPACE COM STOP 4 J2C/SS0-C CHEYENNE MTN AFB CO 80914 and I went into the mental equivalent of TILT TILT TILT. Now, any of you who ain't congenital idiots raised in a rain barrel somewhere on the butt-end of nowhere will already have decoded that address to "U.S. Space Command, Cheyenne Mountain Air Force Base". Yeah, that's right. NORAD; the big tunnel complex under the mountain from which they be plannin' to fight World War III if it ever goes down. Huge walls of blinkenlights, 30-foot-thick blast doors, "We could tell you, sir, but then we'd have to kill you", the whole weird trip. Cornpone accents with their fingers on the pulse of the Apocalypse. Oh, *man*, I said to myself. I have to talk to this woman. I haven't forgotten the nationwide media flap after _War_Games_ came out. You remember, that silly movie where the kid with the voice-controlled IMSAI (snort) cracks into NORAD's computers and accidentally damn near starts a nuclear war? God damn; I'll bet the plot of that sucker is seared into the collective psyche of every security officer at Cheyenne Mountain, they probably screen the video every couple months just to keep the newbies on their toes. What kind of hideous Federal heat could land on me if PAMELA D MILLER has hacker/cracker confusion on the brain? I imagine some steel-eyed amazon in a blue suit exuding grim determination to Nip This Menace In The Bud. *Bad* scene for a guy who is, after all, better known in some circles for practising witchcraft and stone anarchist-loony politics than for The Book. Yiiiii ... visions of sinister limos and Men In Black pulling up to my front porch. "We want to ask you a few questions, sir." So I called my editor Terri and Guy Steele (credited coauthor) and told them all the proceedings so far. Nervous laughter all around. Lugubrious jokes. I need to convince this woman and her unknown masters that I'm a *harmless* lunatic. Time to track PAMELA D to her lair. (Yes. Think of her that way, Pamela D., like one of those impossible anonymous synthetic blondes in an upscale skin magazine. "Well, I'm into sailing Sunfishes and I really like kids, you know?". Good. A *much* less threatening mental tableau.) I limber up my phoning fingers and call the number blazoned above her address. "NORAD operator ten. What extension?" Gulp. "Uh, I'm trying to reach Pamela D. Miller? I got a product information query from her." "Do you have an extension, sir?" "Um, no I don't. Just this number. And her address." I reel it off. "Try the base locator at Peterson, sir. 554-4020." "Thanks", I said, and hung up." Ohhh-kay. NORAD for sure. Hail Eris! PAMELA D's hanging out somewhere under a couple of cubic miles of rock, likely in some cramped little office with 1950s-era furniture and walls painted institutional puke-green. And an old-style black phone. (How long has it been since you've seen a black phone?) (Trust me, this is what the military version of bureaucratic rabbit warrens looks like.) Or maybe at some gleaming console watching telemetry from all those KH-11s we're supposed to pretend don't exist. Hah. Heads up, Pammy; constructive chaos is about to enter your life. All hail Discordia! This is about where things started to get really Kafkaesque. The base locator is their directory information desk. I ask for Pamela D. Miller's extension and get 3247 (remember that number). I call it. Some guy who sounds exactly like Andy Griffith answers: " Morrow", I say I'm looking for Pamela D. Miller and he says "You want 3427". O.K. I call 3427. Busy signal. Bummer. The thrill of the hunt having took hold, I feel rather frustrated. I go off and do other things for fifteen minutes or so --- polishing the draft rules for the Dream Machines Bake-Off. I call again. Busy signal. Bummer again. Lunch, some code-bashing, and about six or seven cycles of this later I begin to suspect evil things. Either this woman spends more continuous time on the phone than your average Hollywood lawyer or I've got a wrong number. Or she doesn't actually exist. In your typical government agency she could have died with the phoneset in her hand in 1974 and nobody'd have got around to noticing it was off the hook yet. On the other hand, *somebody* had to fill out that product-bingo card. On my next try, when the operator says "Busy, sir." I explain that the number's been continuously so for several hours, and this seems unlikely. "I'll check for an alternate. Try 3052." Right. No one answers at 3052. I hang up and answer some email. I try again. No answer. Again, fifteen minutes later. No answer. Oy vey. Isn't this where I got on? So I try 3247 (the *original* number) again. Busy. Foo. I call the base locator people again and explain that there appears to be some confusion in the air. Is it 3247 or 3427? And what's with this 3052 jazz? "I have 3247 listed, sir. I'll double-check. It says 3427 on her card." Silence. "Well, which is it?" I say. "3427. But it says 3247 on the roster." "Well", I say with enormous gentleness, "don't you think you ought to consider *fixing* it?" The silence of blank incomprehension on the other end. Never ask a droid to exceed its programming; it wastes your time and annoys the droid. I hang up. And try 3427 again. Busy... A few cycles later I conclude this isn't working; it's time to drop back and punt. I consider everything I know about bureaucracies, call the locator people and confidently ask for the US Space Command main administration number. "Um, there doesn't seem to be one, sir. Oh, wait, you can try this one." She gives out with a string of numbers. "Can you transfer me?" "Stand by." (...only in the military) "AF Space Command." I go into my spiel about PAMELA D. and her inquiry and her address. "Uh, that's a Cheyenne Mountain address. Can't help you with that." "Um", I said, "this *is* US Space Command?" "No sir, this is AF Space Command. Separate organization. We're on the base; they're under the mountain." "Two *separate* Space Commands?" I said. "Why two?" I can't tell you what he said, because I didn't understand the resulting freshet of bureaucratese. A couple of requests for clarification just got me in deeper. I caught something about "functional separation" and strings of building numbers about as intelligible as so many Egyptian hieroglyphs. Struggling my way out of this verbal morass, I said, "Well, where do I go from here?" "Lemme see if I can send you over to someone that'll help", he says, and gives me another number. It's mid-afternoon now and I'm starting to lose it. Fifteen hundred miles from these people and I feel as thoroughly trapped in their maze as though I was physically under that bloody mountain. Theseus with no Ariadne and a nuclear-security Minotaur lurking around the next bend. (I like my mixed metaphors shaken, not stirred, thank you.) PAMELA D, where are you? But I call this guy's number and get the most human-sounding voice yet. "Base information", it says. Young, female, black, rather pretty if that lilt isn't out of sync with her looks. Quite a change from the depersonalized midwestern/southern whitebread twangs I've been hearing. She listens sympathetically as I recount my tale of woe. "Well, let's see what I can do for you." "That's strange. I have no listing for a Pamela Miller." If there were any justice in the world there'd have been eerie, sinister music on the soundtrack just then. Slowly building towards the Moment of Discovery. Wait for it. At the time, a slight but definite premonitory chill ran down my spine. "Well. Does this mail code mean anything to you? J2C/SSO-C?" "Yes sir, it means she's in J2 section." "O.K., what does J2 do? What does that say about her job?" Long pause. "She's in intel, sir." Jangling chords and screaming brass from the unseen orchestra. Oh, *great*. All the paranoid fantasies that'd been slowly graying out as I threaded my way through the labyrinth sprang back to full and colorful life. The *intelligence* group. Better and better. I thought about buzzing Guy and asking him if he was on good terms with any of his overseas relatives. "A spook!" I said, and laughed rather hollowly. "No wonder I've had trouble reaching her. What do I try next?" Perhaps ominously, the woman did not elect to contradict my choice of terms. "I'll see if I can reach anyone at J2 who knows her", she said. Long pause. Long, long pause. Background noises; people coughing, murmured speech, file doors banging. Finally, anticlimax. "I found her. That's 2nd Lt. Miller, sir; I don't know why she'd have "CHIEF" after her name. Her extension is 3433, but she's on detached duty and won't be back till Monday." And there you have it. It's 2:39 the following morning and I look like an out-take from the "Nightfly" cover --- but if I disappear mysteriously, y'all will *know* where to start. TO BE CONTINUED... (Interlude, Friday morning. My father reads an uploaded version of the above and asks if I intend to post it. Upon learning that I already have, he soberly advises against offending the entire U.S. Air Force. "After all," he observes, "they could drop a smart bomb down your chimney." Gee. Thanks, Dad.) Monday morning, March 30th: Once more into the breach --- and Pamela D. Miller is real! Got her first time. Neither amazon nor bimbo, of course, but a bright and generous-minded lady with a sense of humor. And a *1st* lieutenant now. She turns out to be (no less) chief of computer security at NORAD; and (mirabile dictu) she *knows* the difference between a hacker and a cracker. *Vast* sigh of relief --- no snatch teams in my future and I can unstop my chimney now. She was hip enough to laugh when I told her something of my travails last Wednesday, laugh harder when I told her the title of this posting, and hardest when I volunteered to autograph her copy of TNHD with an inscription reading "I will not start World War III. I will not start World War III. I will not start World War III...." She's not allowed to have a direct phone line, much less an Internet address (think about it) so this mini-epic is going to have to go to her by snail-mail. But I've been invited to tour NORAD and (yes, it is possible) visit the War Room if I'm ever out Colorado way... --- RISKS moral. Gotta have a RISKS moral for this story. Well, there are a couple. The trivial one is, watch out for aliasing problems if you ever edit a book; we've only got one word for several different kinds of `editor', and that high-level difference may not be visible to computers or the clerical help. A less trivial one is "Don't be paranoid; it encourages paranoia in others.". I had fun writing the above; I've always enjoyed the mad-genius-on-speed style as practised by Robert Anton Wilson, Tom Robbins, Hunter Thompson at. al. --- but if Lt. Miller were that wiggy or I'd really approached her with The Fear dripping from my every vocal overtone, things could've got ugly (hah! little did she suspect that I kept her on the phone only long enough for my insidious infrasonic acoustic virus to escape from her earpiece and set up *sinister resonances* in any nearby electronic equipment...) The least trivial of all is that *human* networking is still our most effective tool for some important kinds of risk reduction. Mutual trust, when you can establish it, is the best security. You guess; am I more or less worried now about the risks inherent in having something like NORAD exist, having got a little acquainted with Lt. Miller? Are *you* more or less worried after reading this story? And, which is the real point, does this posting make it more or *less* likely that someone with the requisite skills would actually try to crack NORAD? -- Eric S. Raymond = eric@snark.thyrsus.com (breathing easier in Malvern)