 It started for today. Thanks everyone for coming this early, early Friday morning. Any questions before we get started? Questions, comments? So when we left, last left our story. We were talking about Captain Crunch, who found that a toy inside of a cereal box that was sold here produced a sound exactly at the frequency that he needed to be able to use and authorize long-distance calls. So he then went and created this, what they call a blue box, a box that would, you could press different buttons on it to produce different Hertz frequencies and different sounds. And so that you could use it to mimic the inbound signaling of the telephone network. So in this way, they could bounce, they could route their calls through different switches in different countries so they could say, transfer this call from here to a switch in Paris and then to a switch in Canada and then to somewhere in New Zealand and then finally call this number. And so this is something like, obviously AT&T does not like. Back then, they were one company, right? It was just AT&T that you called everything. So he was eventually sentenced to five-year probation for phone fraud. He was caught. Eventually, he was found out and caught. What other things were, anybody have any experience with phone freaking? What are you going to call him here? Because you're talking about it, actually. Well, what do you, I mean, what did I say? What do you want me to? Oh, I don't know what you're, so have you heard about it? Did you know about it? What was the goals, what were people doing? So as I've already kind of let everybody know I'm really old. This was back when I was in high school, no. Sorry, eighth grade. Had a, my second computer by then, but there were programs you could get off bulletin boards. So we didn't have the whole internet. You had to actually dial into a specific place to connect and talk and do whatever download programs. One of them was this thing called the thief that you could use to auto-dial your modem. And it would try different long-distance codes. And you'd keep doing it until you actually randomly hit a number that would give you free access to long distance. So I could call my girlfriend in Germany. So there were other ones that were free. For free. Yeah. There were other ones that were loops so that you could loop in. I don't remember exactly what they'd do, but they basically blocked. It wasn't caller ID back then. It was more A and I, which was automatic number indicator. But you could block that by calling a number and then it'd drop another dial tone as soon as you called the number and then you dial on. What else? There were all sorts of boxes. Blue box, brown, I remember, black, pink. There were just all different colors. I didn't have the know-how or the engineering capability to ever build one. But the war was out there. But you could get so much stuff that was just completely unregulated from anarchist cookbooks today. Cool. Pretty much anything else that was available, but it's probably free pay phone calls. Free pay phone calls, right? Oh, yeah, free phone calls. I mean, Captain Crunch, that's what I remember about it. You could use it for free phone calls from a pay phone when we had those. Anybody remember pay phones? You can see them every now and then. It's like really sad like an airport where there used to be like a whole row and there's like one. So why do we care? Why do we care about phone free calls? Yeah, so it's a major security vulnerability in the phone networks, right? The fact that all of their command signals were being sent over the same thing that transmitted their voice signal, right? And all you had to do was mimic those sounds and you could control the entire phone network system. Why else? Kind of showed a flaw in our assumption, our assumption being that it was maybe didn't think about it, but that it was secure that people wouldn't think of or understand or uncover how to exploit these things. Right, yeah, so from the flip side, right? So there's all these stories about they, you know, because these systems are publicly documented, right, about how to make a free call or how to transfer calls, right? But people put the time in, reverse engineered. They borrowed or stole manuals from AT&T employees so they could get the information and they, in my mind, they're kind of one of the first cool, big, really hacking things. Not because they've got free phone calls and that's illegal or whatever, but because they on the outside completely understood this system and they were able to manipulate it to do whatever they wanted to do, right? To get free phone calls, to transfer various things. We even had, there's people who could actually whistle these signals correctly to be able to make these calls. So yeah, that kind of, yeah. Was this device ever known to be built maliciously for this purpose or what did just happen to be exactly the same frequency? Oh, you mean the whistle thing? Yeah. The whistle thing, no, but this blew box, definitely. The purpose of the box was to defraud. I mean, I'm sure it came with some kind of instruction and it's like, these are what these frequencies do or that kind of stuff, right? Maybe they just slightly tried to hide it or something, I don't know that much about it, but. But yeah, but I mean, I can see from their perspective. I guess the question is, is it really, are they really malicious? Getting it worth five years in, I don't know, why? He deserves an award. Good luck. He deserves an award. He deserves an award? Why? Found out the flaw in the system. Yeah? What else, what does that real say? Your first penetration testers. First penetration testers? You can see that, yeah. Did they have the authorization to do that? They did a service. They did a service. 18T, would you think they did do a service? Did they break any of all intentionary? Did they break any laws intentionally? Well, you got phone, had free phone calls without paying any money. Right, there's a law that says, if you're going to make a break in, there was more law which exactly prevented it. Well, can you go, I don't know, you went and took a muffin without paying from the store downstairs, right? If there is a way to pay it. If there is a way to pay it. If there is a way to pay it. If there is a way to take it. As long as you don't get caught on me. The lawyers in the room. One of the differences would be that the larcenator, when you're taking something, you have this tangible thing. We're talking about something that's intangible and it creates, I mean, from music sharing to everything else creates a whole different world because of how negative externalities actually work and getting people to internalize internalize that they're taking something versus when you take a physical object, it's gone, it's lost use of it. But you don't lose use of it in this context. But wire fraud would definitely have fallen in this category under federal law to, that would probably have even been before they had computer fraud on the book, so I would guess. We'll see. Wire fraud was to prevent tampering with wires, you know, federal or wires of money that went across different network type communications. And so, yeah, they wanted to apply it to this and now it's construed very broadly. Part of the thing is, how does the telephony network or how did it work back then? What kind of a network was it? For people who are networking, it was what? The line switching, the circuit switching thing. Yeah, circuit switching, what does that mean? They physically route the wires. Yeah, even if they physically route it, the point is that when I want to call somebody else, the switches in between say, hey, we want to make a connection between these two, and they reserve that voice bandwidth for us on all of those switches so that we can make that call. So if I was ATT, my argument would be, you are taking from us, right? You are conserving bandwidth that can't be used by our paying customers for this. And you could possibly be degrading the quality of the network for everyone else, right? If other people can't place phone calls, if you've figured out how to do it for free and you're talking to your significant other in a different country, right? I can see them being upset about that. But anyway, so yeah, there's the legal aspect. There's the, for me, the coolest factor, like if I was a kid back then, I would probably be doing that. If I knew about it, I know what kind of kid I was. I definitely would have been doing that. But to me, it is more about that they use their knowledge and they understood the system and understood it so well, they got to do whatever they wanted to do, which is pretty cool. Okay, but it has kind of, not nothing to do with computers, but they were kind of the first hackers in some sense. Okay, so now we get into the kind of early warnings right before there starts to be big security problems. So 1973, Bob Metcalf wrote an RFC. So what was an RFC again? I think we talked about it on Wednesday. Request for comments. Yeah, so it's basically a publication to the community requesting for comments. The title is The Stoppings Were Hung by the Chimney with Care, which is a strange title. He's clearly not proposing a new email protocol or anything like that. And so his point was he was trying to warn the community about the impending security problems. He foresaw that, hey, security is really going to be a problem. We as a community have to start thinking about it and have to start doing it. Have to start, you know, taking that into consideration. So he, you know, some excerpts from here that were good. So he said, the hardback computer network is susceptible to security violations for at least the three following reasons. Sites used to physical limitations on machine access have not yet taken significant precautions toward securing their systems against unauthorized or above use. For example, I have three from here because, for example, many people still use passwords which are easy to guess. Their first names, their initial, their host names go backwards, a string of characters which are easy to type in sequence. What's that, X, Z, X, C, V, V, N, M? Yeah, the lower left of the keyboard just going right. So is this still a problem? Yeah, is that crazy? In 1973, he realized, part of the problem was there was literally ignorance, right? And not many sense of that people were stupid, it's that they just weren't aware. They weren't used to thinking and realizing I just connected this machine to the harpoonet. That means anybody else on the harpoonet can try to access my machine, right? Whereas before, these were just machines that you had to be physically present to use, it's a lot easier to secure access when you only have to worry about 20 people maybe using it. So this is still a problem. Easy guessable passwords, right? Still a crazy problem. Right, and he went on, he said, the TIP allows access to the harpoonet in a much wider audience than is thought or intended. Phone members are posted, like those scribbly hastled on the walls of phone booths and men's rooms. The TIP required no user identification before giving service. Thus, many people, including those who used to spend their time ripping off Mavel, so who's he talking about there? What is AT&T? Oh, so he's talking about the phone freakers we just learned about. So he specifically calls out these same people who are, in his mind, ripping them off, get access to our stockings in a most anonymous way. This actually goes back to Eric's story, right? He's saying that to have numbers, phone numbers that you could use to dial into machines, and he's saying that there's no, absolutely no authentication checks or authorization. It's just if you knew that phone number, then you can access that machine. And as Eric demonstrated, at the time they had programs that would just enumerate all possible phone numbers in your zip code, or in your area code, probably so you wouldn't get charged long-distance calls until you found one that would let you make long-distance calls and then you could try to go out to more machines, right? And he says, the third problem is there's lingering affection for the challenge of breaking someone's system. This affection lingers despite the fact that everyone knows that it's easier to break systems and even easier to crash them. So what is this talking about? What is this, what point is he trying to make here? Learning respect in the hyper-community. Yeah, does he see it as a good thing or a bad thing? He doesn't like people who are passionate of hacking even that thing. Yeah, so yeah, there are people who are really passionate. He feels like lingering affection, right? And actually, I think he's talking not just about on the hackers part, but also the other people, right? So like we saw, you know, it's kind of cool that somebody built a blue box to allow you to like make phone calls for free, right? So even on the part, I think of the administrators, too. So what about that last sentence? Do you believe that? Maybe back then and probably now for bad systems, but yeah. Maybe back then and even now. What do you think? Is it easy? Are there still security problems? How many updates do you have to install a month on your system? A lot. A lot of those are security vulnerabilities, right? I guess this leads to an interesting point. So is it easier to, is it easy to break up system versus security system? Because security personnel has to be right every time and like attacker has to be right only one time. Yeah, exactly. That's actually why I love hacking, I love vulnerabilities, fighting vulnerabilities and that kind of stuff. But what I like even more is defending, thinking about how do we defend this? Because you have to cover all possible attacks, right? The attacker only has to find one weakness to be able to get it, right? Whereas the defender, you have to defend it. If you think about it like a castle, right? All they have to find is one brick in the castle that they can poke and it falls out and then now they're into your system. Whereas you have to make sure that all the bricks are good, the mode's good, wherever the waste of the castle's going, somebody can't come into it, right? All these kind of things, yeah. It's worse than that because you don't get to monitor the castle anymore most of the time. You give them the castle, say don't break in and they can do whatever they want to. Yeah, that's tricky. Yeah, you may not even know who's trying to get into your castle, right? You may not have the resources, you may not have the logging, they may be really good. Maybe they can fly, you have to worry about like dragons coming, like dropping people into your castle. So then at the end, you kind of concludes and he says, all of this would be quite humorous and you can see his RFC is a little bit humorous, right? He's talking about stockings, it was published in December, so they said all this would be quite humorous and cause for raucous, am I pronouncing that word right? Raucous, eye-winking and elbow-nudging. If it weren't for the fact that in recent weeks at least two major serving hosts were crashed under suspicious circumstances by people who knew what they were risking. And on the third system, the system wheel password was compromised. What's the wheel password? For some systems? Admin. What was it? Admin. Admin, yeah, it's the same as root on some systems, so the wheel account, the root account. By two high school students in Los Angeles no less, we suspect that the number of dangerous security violations is larger than any of us know is growing. You are advised not to sit and quote, or not to sit, quote, in hope that St. Nicholas will soon be there. So it's a pretty prescient RFC, right? We saw all the things that were in combination there. We saw where everything was going. Anyone exactly the way he was talking about or now we're going to have to worry about security? We still, you can still have two teenagers in LA, compromise your system, right? It happens all the time. So this was in 1973. This was well before the internet exploded, right? This is much more in the early days. And they were still having security incidents, right? People bringing new computers even back then. So the next famous incident is actually one that's really cool because it reads like a, I mean it reads like a novel and it actually is a novel that you can read. So it starts in 1986. Cliff Stoll was a systems administrator at LBL. What's LBL? I think it's the Livermore Berkeley Labs. It's the labs that's associated with Berkeley in Berkeley. So he was a physics PhD student and he then like getting the computers, getting the C, using them to do physics modeling and he also was a systems administrator for their system. So on his very first day he got there on his job, his very first day and at the time he had to pay through use of the computer per CPU time. So the first thing you do, he noticed that there was a 75 cent accounting discrepancy between, per CPU time. So what would you have done? Start a new job, you show up there's 75 cents difference. I would just be like it's not my deal, I just started like I maybe tell my boss and I'm like never think about that 75 cents ever again because it's 75 cents and who would care about that? Would you have looked into it and investigated it? Something to ask yourself. So he found out, he started digging he saw the 75 cents and he found out that an account, somehow an account had been created with no billing address. This is impossible, you have to the administrators create accounts we build people, we have kind of a billing address in there otherwise going to the system. So he digs and he digs and he digs and then he finally figured out that there was an intruder on his system. And so what do you do at this point? So you're a cliff what do you do? Find the vulnerability that let him in. Find the vulnerability that let him in? Kick him out? What are the pros and cons of those approaches? So you kick him out, right? But it could still exploit, I mean if the vulnerability isn't fixed. So the hacker got in, set up a trap, what's that? Example transaction and see when he is going to attack or more time is going to attack. Understand more about the intruder. So you want to understand more about the intruder? So I think from a security perspective right trying to find your network you could kick this guy out this person out, we don't know who it is yet. Kick this person out, delete their account and maybe you could somehow figure out what phone number they're coming from so you block access to that phone number. But then you should identify how he did that and fix it. Exactly, you don't know how they got in, right? Somebody else is going to get in, right? If that one attacker could find something somebody else definitely can. And that attacker themselves could just use a different phone number and get in. So what he did he contacted the FBI and the intruder to find out who they were and how they gained access and what they were trying to do. Because it's not like today where we kind of know what attackers are trying to do on our systems, right? In fact, I mean this was one of the first incidences, right? He saw some weird discrepancy and some weird thing on the computer and he wanted to find out more about it and the FBI when he contacted the government agencies they were like, yeah you should do that so we can actually maybe try and catch this person. What's the risk here though? I mean is that say you're working for Facebook, right? And you find out that a hacker is broken to one of Facebook's database servers. Do you tell them just let the person keep going so we can find out more about them and find out how they got in. You don't know what they could do, right? They may damage your system completely. They may wipe all your data they could mess with the user accounts, right? So by doing this you're accepting a big risk that, hey, something could go horribly, horribly wrong and this person who's on your machine could do something incredibly malicious. Could even, I mean, damage hardware if that's possible or something like that. I mean, they spread throughout your network, right? Because if they're on one machine who's to say they can't get to another machine and are you monitoring everything so you're certain 100% of everywhere they are going, right, if you miss one then they're still in your network and it's your fault because you've let them in there for that long. But, you know, if you have encouragement by the FBI it gets a little bit easier to make that decision, right? You go to your boss and they're like, ah, the FBI really wants me to do this. Plus, you'd be like, Cliff stole it and he wrote a book about it so maybe I'll write a book about this. So it turns out, so what he did is he, he had an incoming phone line and he set it up to trace all of the commands and everything that was coming from that phone number. So he could see and he had computer printouts of everything that was happening. So what he found out was that there was a configuration problem in their version of Emacs. And so Emacs worked as a mailer and then he used this move mail program to move users' e-mail from bar school mail or the system got it in through the user's home directory. Which I do not spell directory. And so there's, so this, in and of itself is not a vulnerability. There's nothing wrong here. But it turns out that their specific configuration, they had the move mail print, move mail had, I don't know the details here, but it had root privileges, it had advanced privileges, so it could move and touch any directory on the entire system. So once again, like the software is the specific configuration on this specific machine that was the problem. So what the hacker did is basically with this configuration, move mail could allow anybody to move files to any directory of the system. So let's say I give you access to my machine right here, can move any files to any directory. What are you going to do? Take over my machine. Don't actually do it. How did the user respond? How did they create an account with the user respond? Yeah, so like, I don't know, take the MAC UTC password for that, but I'm not actually sure. Back then it would have been a little more simplified. Yes, a lot easier. What else? Mess with your passwords, like UTC password part. Yeah, you could mess with UTC password. You could add, if I had access on my machine, you could add your key to my SSH authorized user's file and you could just SSH into my machine. Add another GUID or GUID. Yeah, you could add another group ID, you could create a whole new user, right? You could change the root user so that it allows logins and changes the root user's password. Right, the keyboard listener that sends me across all your keystrokes. Yeah, you could inject a program that runs on startup, right? So you don't need remote access, so you don't even need to modify the system settings. You just have whatever I boot up my MAC, your program runs and now you can just connect to it anytime, you can turn on the camera, you can screenshot the desktop, all this kind of stuff. So what he did is he used this bug to substitute a new version of the at run program and this program basically is run every five minutes, I believe. And with high privilege. So basically it just means that in five minutes from now, whatever program he wants is going to get executed. Because yeah, this is the trick, right? So if you can just move a file anywhere, how do you know that that file is actually going to be executed by the operating system? Right, so that's why, you know, if it was Windows, you could put it in the startup items folder or whatever that gets executed and that's how a lot of viruses and malware does that. And so, that would be very tricky. After this program executed it moved the legitimate at run program back, right? So why did the attacker do this? To do what? To cover up. To cover up. Yeah, to remove the traces, right? So you had to actually see this in the act otherwise you'd never know that this thing happened. So, from there, once on the system the hacker had administrative access or root access to the system. They created accounts and put in some backdoor programs. So it would be easier to get back in. Then the LBL was also connected to military systems in the MillNet, the military net. Remember back at this time they were both, they were computers I could talk to each other. So then, he finds out that this attacker would use that machine. You don't really care too much about that machine. But he used that machine to then try to connect to military systems on MillNet and they were able to do that and once in there they were searching for keywords such as SDI for the strategic defense initiative, word stealth strategic air command and nuclear NORAD. Pretty serious stuff, right? It's not just looking for credit cards to try and save some money or trying to get some free phone calls to talk to your girlfriend boyfriend, right? This is like pretty heavy stuff. This is when he really even kind of insulted with the FBI and up to this point they've been like, yeah, yeah, whatever like, yeah, yeah, go ahead and do that. But this was like a huge, now I turned into a big deal because now he realizes this isn't a couple teenagers at UCLA or in whatever in California. This looks like some nation state government level hacking stuff which maybe as you could tell by the title maybe I should change this title later. I feel like this gives it away. At this point I'd be freaked out. So they debated, do they want to pull the plug, do they not want to pull the plug, do they want, because now you can see that just, you know, they still want to catch this person because they want to find out more information about that. So they finally, so what they would do, so this is actually pretty crazy, what he had to do, he had to like first he had to like live at the lab because they had to start the trace, the telephone trace back to where the call was coming from when the person was on the line. And so to do that he had to like physically be there in the lab and he'd wait until that machine started printing out which pulled in that the attacker was there using the system but like that was a huge problem because they were maybe a different time zone because you're going to hack into a system, you want to hack into it at 9 to 5 on a Tuesday no, you want to hack into it at 3 a.m. on Christmas Eve when you know nobody's going to be there and so you're going to have free reign. So then he actually hooked up a thing so that it would page him when the, when the attack, every note a page there is more or less, like primitive text message, a dedicated device. Yeah, so it would page him when the attacker was on so then he could set up, call the company and set up the trace. So that's what they did and they were able to trace it a few hops. They traced it to somebody in Hanover, in Germany with the help, they had to get help from FBI and AT&T people and they had to ask the the German, I don't know, this intelligence agency or their version of the FBI maybe from Germany here. So it finally ended three years later in 1989 so they finally arrested somebody in Germany who apparently worked for the eastern block at that time and so he was literally part of a hacker crew where their job was to go search for and hack into US information and US computer systems to look for strategically important information. So yeah, so he was sent into here in eight months in prison and had 10,000, I don't know what DM, Deutschmarks probably. I have no idea what that is in today's dollars. So yeah, there are other hackers that they found through here. So why is this story interesting? So I'm just trying to hack into the military, right? So I think this is definitely one of the instances that led the military to begin to court on the Milnet arbitration to say, we have access into our systems. Why else? The sentence is much less than the Whistle example. Different legal system though, so I don't know, I don't know that this is Germany, this is not us. So yeah, the guy wasn't just knocking on military institutions trying to break in, right? The hacker, he first used exploitation of one system to essentially cover their traces, right? To then try and break into military systems. Because the military systems knew they would trace it back to the Lawrence Littlemore Berkeley lab and then be like, why are you guys hacking into our systems? And they'd be like, what are you talking about? Nobody does that. And then they'd have to finally trace it back, right? And realize that something's happening again. The source of threat was configurations in Emacs and it led to something like that. Tiny, tiny configuration error of one system in a lab that nobody really should care about because it's a bunch of scientists using it, right? That was probably the administrator's idea is just a bunch of professors and scientists on here doing research, like why did the security of this system be important? But it shows that with the internet and the interconnection of networks the security of every system really becomes important. Anything else interesting? I think it shows that even a single person has the power to access even the biggest of amenities in the world. Yeah, one person, I mean, he had a group, but yeah, one person, right? And it's actually really interesting. So I highly recommend there's a book called The Cuckoo's Egg that's by Cliff Stoll and it talks about his account of the incident. It's really, really good and it's good technically, like he includes enough good technical details that's interesting. It talks about his experience with the military because honestly a lot of the agencies just brushed him off because at this point he didn't even know who to go to, like who do I go to about this? It wasn't until he could prove that it was actually affecting military systems that they started taking him seriously and really wanted to do something about that. But even then, even when he found that out so he would say, hey, I have something on my system an attacker on my system was trying to access this Air Force server and he called that administrator up and they wouldn't really know what was going on or the problem was some default password on the, I don't know if it was a VAC system or whatever that they were running to the military like the basic, basic security things were not being followed so it's a it's like, it's good from a historical standpoint but it's also actually a good read like I like the way he writes you actually feel like you kind of know Cliff Stoll and now he's like a crazy guy who makes Klein bottles but like what a Klein bottle is well now we're only at Cliff Stoll's website yeah, it's kind of on so it's like, I don't know mathematician, anybody here know what a Klein bottle is it's like a surface that like it's like a what's that, Mobius strip the 3D I think is the idea here so it's got like one surface so you can't actually make that do the thing or something like that but he makes things that are like that let's see if I have yeah, I think that's him and it is stylish oh yeah, this is crazy, not crazy but like, it's centric I would say Cliff Stoll and there's a video of him where he has all of these bottles underneath his house and so he built a robot like a controllable robot to like go pick up bottles and stuff so he's like driving around and so, weird but any more questions, comments on the German hacking incident? did they ever figure out how the guy who was prosecuted ever found that worm in that one not the one with the the bone? oh, that's a good question um I don't know I have to look more closely at it it was probably available in both worlds back then I would guess there was a lot of fax BMS stuff if that's what the underlying system was which it probably could have been it could have been an IBM I think it was running Berkeley Unix because I think he specifically talked about that but I don't know what the hardware was I don't know if the 360 could run the way out of my down here he has, he talks about it in the book I don't know it could have been a known thing or it could have been a just a thing, I don't know I could have gotten lucky you can check for an unsystem yes, so that was actually the thing Cliff talked about in the book is from looking at what he was doing incredibly methodical so he would like, when breaking passwords he'd have his own list of try, try, try, try, try and he saw him get on a new system and just try, try, try, try stuff, you know fail, fail, fail, fail, fail, fail until something worked I don't think it was, I think because he sent it it was like keystrokes look at your dialogue so you'd have a dialogue like Telex was one of them back then and you could actually write scripts on the back end for Telex and it would send various commands after you were connected could have been, I don't know I don't know, I think it came across as more of like a just, they had this very regimented thing of like this is what they would do, and they do it like daily could have been an urban legend I can't remember now, Germany that somewhere around that point was still all analog switching, so tracing was incredibly difficult oh because the tech would have to go out and look at the thing part of what helped, why you were why they were even in Germany yeah, but interesting cool, alright so now we move forward a little bit in time, it's also kind of concurrent which is weird move forward to the first internet worm so it's the worm now we know but then they don't really know we're not talking about it yet thank you for putting it on the end of the picture what's a worm? the dance thing on the ground some sort of duplicates in sales form in this work yeah, so something that, some kind of malware it's usually malicious or not good normal software doesn't do this access is another system copies itself out of there and executes a new version of this system and then that one does the same thing tries to find other people so what happened is on December 2nd, 1988 the internet worm who we found out later was developed by Robert Tappan Morris who at the time was a first year I think it was in the PhD program the first year a PhD student at, I'm forgetting, it's Cornell I think so Intagrar alias is RTN so what happened is administrators woke up on I don't know, woke up on December 2nd and found out that their machines were not working really no line and they'd go and look and they'd look at the process list and there'd be a lot of zombie weird garbage processes and so they'd try to shut up you know, do what, what do we do and there's a problem yeah, reboot, that's exactly what I did here my stupid mic wasn't working so I unplugged the USB thing, plug it back in and I had to do work somehow so that's what I did, they shut off all their machines turned it back on and be like, okay great, everything's working fine and you know, a short time later it's again down and unresponsive and they couldn't figure out what was going on and so it was groups at Purdue and Berkeley that really kind of dug in and found out what was going on so it turns out that there was a worm the first worm was released into the wild and unfortunately so there's a mistake or bug in the replication procedure so when it would decide to replicate itself so it proliferated throughout the network a lot more unexpectedly than it shouldn't have or the author intended it to so it the bug was it would check for other instances of the same worm on the same hose, right because really, if you're trying to spread you don't want to infect the same hose twice actually this has a lot of analogies to biology, right so the problem is if just one worm is on your system that's fine, right, you're using a little bit of the resources but if you end up getting 20 or 50 or 100 on there, the system is going to grind to a halt, right just like in your body or I don't know, I'm not a biologist but like the virus or whatever wants to spread it doesn't want to kill the host really it wants to spread first so this is actually a bad virus, bad worm behavior because you don't want to knock the host off because if the host is off you can't spread anymore so you have a little mistake where I think it was one out of every seven times but it wouldn't check if another worm was running it would just run indefinitely it doesn't seem so bad one out of seven but this is an exponential effect you have machines infecting machines and then that machine infects you back and then one out of every seven times you have something running permanently on there and then everything goes crazy so how do you fix this? fix the bug, fix the vulnerability I don't know, what is it? so you fix the vulnerability and then what? I mean you make sure that any process that runs needs some set of permissions to run it it's hard though it was disguising itself it was constantly changing itself it was actually constantly forking and killing its parent over and over so it had different process IDs all the time so so you have to somehow kill the program like kill the starting of the program you really want to fix the vulnerability so that we don't get reinfected otherwise you just reboot same thing happens so part of the problem is this worm had multiple exploitation strategies multiple vulnerabilities not just one so even just fixing one is not really enough? what? and it was also doing password cracking and password guessing so that's not really even a vulnerability so if you had poor passwords on your home networks or it would exploit trust between different systems so if you were able to not SSH because it wasn't that but the equivalent without a password and another machine it would do that and use that to spread so you have to close out all those loopholes too so what happened was so the researchers figured out what was the problem they figured out patches but now how do you distribute patches? the internet's down oh sorry the internet's down right so they did they were trying to close our molten board but it's almost unbelievable to think about now but literally the entire internet was down because there was all this worm traffic the worms were making traffic the machines themselves were down so they called each other they organized and they played all the patches and they just turned off the internet they turned off all the machines on the internet they unplugged, they cleaned all the computers and then they brought it back up when they knew the machines were playing like that's how they got rid of it pretty crazy there's some movie stuff nowadays you watch a terrible movie and they're like oh no the virus is loose we gotta reboot the internet how do you even do that so the damages were on the order of several hundred thousands of dollars because you had estimates but you know I mean this was in 1988 there was still a decent amount of people using the ARPANET and so you had all these machines all these people who had spent time to fix this thing all these machines that weren't available by the users and you think about what would happen if Amazon itself was down for a day how much lost business would that be then that's just Amazon, that's one thing I think about everything on the internet stops for one day pandemonium, like go buy like water and other supplies because I don't know, it's like close to anarchy and so they found out it was RTM he's actually a professor so actually he himself has an interesting story so he was the first person prosecuted under the computer fraud and abuse act so he was the very first person and he got off kind of light I think in my opinion, not that I think it should have been more but compared to some other people he only had to do he was doing in jail time he did three years probation $10,000 fine and 400 hours of community service and so he is now so he started a company called Bioweb in the Boston area which sold to Yahoo for a good amount of money in like 98, 99 I think it was I would say in the $40 million range and then he and some other of his friends anybody heard of the startup incubator, Y Combinator yeah so he's one of the founders of that with Paul Graham so he founded that and now he's a professor actually he's a professor at MIT should have looked it up so he's also a professor at MIT and at the time his dad when he released this form his dad was the science director of the NSA also another funny reference to this story there's all these theories like oh he's doing it it's like a subconscious rebellion against his dad or something this is a company movie story this is why he's talking about it this is cool part of what the community realizes hey we need a way to communicate when there's a massive problem like this so that's why they started CERT which is the computer emergency response team alright and we'll stop here but when we come back so don't come to class on Monday I'd like to have you here no class on Monday because I'm a generous when we come back we'll learn more details about the actual work that's it that's it that's the first time that's the first time