Enforcing the Net

When breaches of the Net's code of conduct occur, The Enforcers swing into action. But are these guys really doing us a favour? Simon Cooke finds out...

There are two ways that one can look at the Internet. One way is as the frontier of the computer and communications revolution, a great challenge to be met in the fashion of the Wild West of old. The other image is that of a police state; Big Brother constantly watching with all-seeing eyes, leaving no email unturned, no talk-request unscanned in the search for anti-government plots and views. Fortunately the former is now the accepted view, but during the late seventies and throughout the eighties it was common practice for provide food for Big Brother by putting "sensitive" words at the end of an email, so as to overload these snooper systems with a deluge of otherwise innocuous text. The hackers at MIT and spanning the globe were a paranoid breed; ever fearful of the government invading their privacy over their almost revolutionary -- definitely anti-establishment -- new form of communication.

This fear still persists, in one form or another. Phil Zimmerman invented the US Munitions List rated Pretty Good Privacy, which is now regarded by many as the de facto standard for email and data file encryption. Rather than use the Clipper Chip as proposed by the US Government (the first level of encryption of which was cracked by hackers within two weeks of getting hold of the chip), with which the NSA purportedly has a back-door into the encoded data, PGP provides a near crack-proof public key encryption system. Sporting three levels of encryption (User, Commercial and Military), it aims to resolve once and for all the problem of Government snooping -- even though in the course of doing so, Zimmerman has served a jail term, and is still in trouble with the US authorities. The fact that PGP is still freely available from hundreds of FTP sites world-wide is testament to the dream of hackers the world over -- not only does information want to be free, but now a perfect mechanism exists through which its liberation is possible.

In amongst the PGP public keys, although less common now, you can still find the Big Brother food. It seems that the Usenet reflector sites themselves seem to be doing what the Big Brother machines were expected to -- I've seen posts which have ended with fodder such as "We obtained the plastique from the Iranians at 6am, and have set the bomb for midnight tonight", to the end of which has been tagged a disclaimer from the site itself -- which explains that this message probably contains Spook Fodder, and that the views of this user are not those necessarily held by the sysadmins themselves.

But the practice is dying out. Today most people recognise that due to the sheer volume of information which passes through the collection of machines that we describe as the Net, there is no way that a policy of examining all data traffic could work. However, consultants at a conference in Washington on "National Security" in October 1993 claimed that the US Department of Defence intercepts and stores all material passing over the Internet. They also point out that the same Department of Defence appears not to understand exactly what it is that it has been looking at.

The Internet is a big place, a seething mass in which sites are born and die, constantly shifting and rearranging itself. It is no wonder that the Big Brother system was doomed to fail -- even if it ever existed. This leads to a problem of course -- with an entity as large as the Internet, how is it possible to police the system?

To a greater or lesser extent, the Internet is self policing. Netiquette is the guiding force in this, as the Green Card Lawyers learned to their cost. Decisions are quick, punishments severe in much the same way as the Drumhead battlefield court-martials of old. Yet there are situations where the protocol of Netiquette is inadequate. In these situations a vigilante system of justice has arisen where hackers mete out the punishment to those who transgress the accepted bounds of netiquette and morality. These "Net Equalisers" appear to be normal users on the surface; some run their own Talker systems, some are sysops, others are merely hackers who use the Internet in their spare time. One is a Network manager in Seattle, another is a lecturer in Sydney. It is not their occupations that allow them to keep the bad guys in check, but their extensive knowledge of how the net operates at a technical level.

One example of the Net Equalisers' actions is in the case of a janitor at an American university. The university leased him a SLIP line to which he connected a NeXT machine. Then using code based on Neil Robertson's NUTS talker system, he set up his own string of Talker sites. Three of these were "normal" sites, however there were a further twelve talkers which were invitation only. These were specialist boards devoted to subjects such as bondage and domination. Normally this would have been ignored -- the Equalisers are not concerned with enforcing their views on what is essentially the private pursuits of consenting adults -- and the sysop would have been left to his own devices. But the sysop didn't stop there -- he began to annoy and in some cases harass other members of the Internet community.

At first it was just isolated incidents; the sysop would become friendly with women he met on the normal talkers, and would get close to them. When things turned sour, he would start to hound them across the network, spreading vicious rumours about them. He began to distribute digitally edited pictures of the women, with their heads pasted onto other bodies. When they tried to fight back he would ban them and their entire Internet sites from his Talkers so that they could not defend themselves on his system. This was what first aroused the interest of the Net Equalisers, who waited and watched how the situation began to evolve. The sysop began to claim that people were hacking into his talkers and were deliberately crashing his system, to which he would retaliate by attempting to crash their systems. Rumours were spreading fast that on his system Wizards (sysops and semi-sysops) could record text and listen in to conversations in private rooms, which is a very serious invasion of privacy. More ominously, it appeared that he was using his site as a child pornography repository. It was at this point that the Net Equalisers moved in.

By working with the Equalisers, I was able to find out some of their many different tactics. The sysop claimed that there were also two other sysops on his system, who could be found on his talkers from time to time. By interrogating his system, the found that the other sysop accounts on his machine did not exist. Later, as he began to grow suspicious over the increased attention that these "sysops" were attracting, he did set up accounts for them, but they were never logged in.

Using multiple aliases is not uncommon on the Talker scene. I once sat in on a conversation where there were sixteen users logged in -- all of them generated by myself and a friend at Loughborough University on an otherwise totally empty talker system. With practice it is easy to hold a conversation with yourself and at the same time convince others that you are two or more separate people -- and the results are often incredibly amusing. The janitor in question would use the other aliases to find out what people thought of him and to find out more details about his female victims, but the Equalisers had been able to find out that his aliases, as many people had suspected, were really just that -- aliases.

Once they were certain that he was the only user of the machine and that there were no superiors to which he could be directly reported without revealing their own existence, the Equalisers switched to the offensive. A catalogue of his talker sites was made using a utility called "ISUP" which invisibly interrogated his machine to produce a list of open connections -- the talkers. These addresses were then hacked and attacked, the aim being to crash them and to cause him inconvenience. To slow down his machine, the PING command was used as a background process, large data packets which demand a reply being repeatedly sent to his machine, in an attempt to increase the load on his system to unmanageable levels. A lot of these tools are freely available from FTP sites, and if necessary existing version of them can be rewritten by anyone with a healthy knowledge of C and of the nature of the Internet.

At this point the janitor hit out again, harassing people and trying to crash even more systems. Ideas were thrown around as to how to stop him, and this is where the Net Equalisers' technical skill came to the fore. They quite happily threw around ideas from removing his site from existence to finding the guy and pouring brake fluid over his car... In the end, it was only necessary to crash his site repeatedly for the janitor to get the message.

I don't know all the details of what happened to the janitor; I do know some of the things that were planned for him...

"It is ridiculously easy to remove a site from the Internet. All you have to do is fake a message to the name server and routers claiming that the site's down. It'll wipe it from existence."

The technical validity of such a claim is dubious, but the mechanism is there. Router systems hold information regarding how to make a data connection between your machine and someone else's. A testament to the flexibility of the way the Internet actually works, if you were logged into a machine in the US, your entry point into the US network would be most likely via the Fat Pipe (a large volume data connection from the UK at Imperial College, which most of the Euro-American data traffic passes through). When your data reaches the US, its actual path can vary from moment to moment -- it's the Internet's way of trying to spread the load and to make sure that even if a section of the network goes down there is some way of getting the data through. At times it fails -- for some reason central routers in the US seem to go down quite often -- and one Christmas, thieves hacked their way through the cables of the Fat Pipe while they were in the process of stealing the contents of the computer room at Imperial College. When that happened, connections to the US were down for three days. But the system does its best.

Each router has a table of alternative pathways to the different sites on the net. When one pathway becomes unavailable, it tries another, and then another. If there is no way at all through to a site, a site unreachable message is sent. Sometimes for diagnostic purposes, sites mark themselves as shut-down or unreachable. This is where the Equalisers came in -- they planned to fake a message from the janitor's site, which would inform the routers that his site was not available. Ergo, it ceases to exist and all traffic to his machine would stop.

They didn't actually do this of course, but it was one of a number of plans at the front of their minds. Another was based on the fact that our janitor friend was incredibly homophobic and that they had his home telephone number.

It is an old prank that has been used by phreakers the world over to get back on people who have annoyed you by publishing their home phone number as a BBS that has all the latest Kool Warez -- knowing how people react when they find a site offering all the latest pirated and cracked software, the recipient of the prank will find themselves receiving a deluge of phone calls at all hours of the day and night. There are other variations to this of course -- the traditional pizza deliveries, refuse skips and mounds of slowly setting ready-mixed concrete smeared all over their drive way are just a few of the more innocuous ones. The idea with the janitor was to fake a posting on alt.sex.wanted and alt.motss (members of the same sex) from him, leaving his home phone number and claiming that he had qualities akin to a Martini -- any time, any place, any where... What would also be claimed was that his boards were all totally gay friendly and that he would welcome the attention -- it would be a place where people could act as they pleased. While there are a few talker sites like this, the janitor's was not one of them. To someone as homophobic as him, it would verge on the terrifying to be confronted in such a way.

While it may not seem nice or fair, it was something that they could very easily do. Learning how to send fakemail and how to make fake postings to Usenet is one of the first things that a hacker learns to do when confronted with the Internet, and it is stupendously easy -- in my time I have sent many a message from God, signed Yours Faithfully. The difficulty is in making it look to even the most well- trained eye that the message has come from where it claims. Something that most people never look at is the message headers, which gives a detailed breakdown of the machines that the email or Usenet posting has passed through on its way to your machine. This is the way that most people are caught out -- a while ago in the autumn of 1993 someone posted to alt.fan.douglas-adams claiming to be Douglas himself, and generally being rude and abusive, and claiming to have entered a whole lot of people into his killfile. Right at the top of the header chain was where the message had actually originated from. Rather than Adams' home site, it was that of a university in America.

The janitor eventually got the message after a month of persistent prodding, and nothing more has been heard from him since; his presence is suspiciously absent from his Talkers, even though they are still up and running from his machine. He has been under investigation by the FBI because of the paedophile FTP site he was running since early 1994, and for a while his connection to the university systems was shut down.

One thing that comes to mind about this whole business is that it's a good thing that these vigilantes are on the side of good and morality. One can't help but feel that they are wannabe's, wanting to act like God over the Net, keeping the talkers safe from the scourge of immoral (evil?) sysops everywhere. Their heyday may be over now -- when they started out, there were only a few Talkers systems around -- the most notable of which were Hectic House run by Neil Robertson (Boltar) and the Virtual Campus run by Charlie Vald. Now there are more and more starting every day as system administrators and network managers become more lenient to what many consider a waste of system resources. As time goes on and the volume of talker traffic increases it may be impossible to police the systems any more -- in much the same way that the Big Brother systems of the Department of Defence and the NSA cannot check your emails, the Net Equalisers may be in the process of becoming obsolete.

But one thing is sure; if you are on a talker and you need help, never fear. Big Brother may be dead, but somewhere, somehow, the Net Equalisers are watching over you.

Simon Cooke (simonc@jumper.mcc.ac.uk) is a freelance computer journalist, programmer and hardware designer.