Markus Hess, a German citizen, is best known for his endeavours as a hacker in the late 1980s. Hess was recruited by the KGB to be an international spy with the objective of securing U.S. military information for the Soviets.
Lawrence Berkeley Laboratory
Hess's hacking activities were discovered by Clifford Stoll, an astronomer turned systems administrator of the computer center of the Lawrence Berkeley Laboratory (LBL) in California. Stoll's first job duty was to track an accounting error in the LBL system. Early in his investigation, Stoll determined that the LBL computer system was compromised and that the hacker had obtained "root" or systems privileges. Such a security compromise was more important than the accounting error. Stoll eventually determined how the hacker broke in and identified the hacker's activities on the system. LBL management considered attempting to seal off the system from this hacker, but Stoll and his colleagues convinced LBL's management that this would not be effective. Ultimately, they installed a honeypot to ensnare the hacker.
Hess's initial activities started at the University of Bremen in Germany through the German Datex-P network via satellite link or transatlantic cable to the Tymnet International Gateway. Tymnet was a "gateway" service that a user called into that routed him to any one of a number of computer systems that also used the service. Tymnet was one of a number of services available that provided local telephone numbers, where directly accessing the computer would have been a long distance call. Users normally used packet switching services like Tymnet for their lower costs. Once he accessed Tymnet, Hess branched out to the Jet Propulsion Laboratory in Pasadena, California and to the Tymnet Switching System. It was through this switching system that he accessed the LBL computers.
Hess was able to attack 400 U.S. military computers by using LBL to "piggyback" to ARPANET and MILNET. ARPANET was a civilian wide area network created by the Department of Defense which would later become what is now known as the Internet. MILNET was its military counterpart.
The facilities that Hess hacked into included:
- SRI International - Menlo Park, California
- U.S. Army Darcom - Seckenheim, West Germany
- Fort Buckner, Camp Foster - Okinawa, Japan
- U.S. Army 24th Infantry - Fort Stewart, Georgia
- U.S. Navy Coastal Systems Computer - Panama City, Florida
- U.S. Air Force - Ramstein Air Base, West Germany
- MIT MX Computer, Cambridge, Massachusetts
- OPTIMIS Database - The Pentagon
- United States Air Force Systems Command - El Segundo, California
- Anniston Army Depot - Anniston, Alabama
Tracking Hess and his capture
Stoll, with the help of local authorities, traced the call to a Tymnet switch in Oakland, California. Because the call came from Oakland rather than Berkeley, it was obvious that the hacker was not working locally. Tymnet officials helped LBL trace the various calls, even though the hacker attempted to conceal their origin. Enlisting the aid of AT&T and the Federal Bureau of Investigation (FBI), Stoll eventually determined that the calls were being "piggybacked" across the United States, but originating from Hanover, Germany.
Stoll trapped Hess by creating records of a bogus military project conducted on LBL computers; according to The Cuckoo's Egg, he and his girlfriend conceived this plan while showering, giving it the unofficial name of "Operation Showerhead". While the bogus information was convincing, the primary goal was simply to keep the hacker connected long enough to trace his connection, and with the hope that the hacker might send a written request for further information listed as available in hard copy. This simple technique worked: A request for the additional information was received from a Pittsburgh, Pennsylvania address.
At the time, this type of hacking was new and it was a considerable challenge to get the cooperation of the FBI and the West German government. Eventually, the German authorities were able to break in and arrest Hess. Hess went to trial in 1990 and Stoll testified against him. Hess was found guilty of espionage and was sentenced to a one- to three-year prison sentence. He was eventually released on probation.
Literature and films
After Hess's capture, Stoll wrote about his efforts to track and locate Hess in a technical paper, Stalking the Wily Hacker, and a book for the general public, The Cuckoo's Egg. The Cuckoo's Egg was adapted into a 1990 Nova episode, "The KGB, The Computer, and Me".
- Apprehending the Computer Hacker...
- The Internet Incident (ISBN 0-7534-0027-8)
- VTK Productions March The Second Movie Page