BOOK MARK : The Day the Computers Crashed Because of Daemon Possession

The computer culture breeds the bad as well as the good, as the authors show in profiling “hackers” and the havoc they can create. An excerpt.

Phil Lapsley, an engineering student at UC Berkeley, was puzzled. No sooner had he logged in to a Sun Microsystems workstation than it was clear something was amiss.

Computers such as the Sun run dozens of programs at once, so it is routine for people who maintain them, like Lapsley, to peek periodically to see which programs are currently active. But on Nov. 2, 1988, he saw, hidden among dozens of routine tasks, a small program controlled by an unusual user named daemon . Daemon is not the name of any human, but a label conventionally used for utility programs that perform useful tasks. But this program was not one Lapsley recognized.

“Is anyone running a job as daemon ?” Lapsley asked the others in the “fishbowl,” room 199B at the Berkeley’s Experimental Computing Facility. People shook their heads. Then somebody else in the room pointed to one of the screens, where a program that monitored the status of other computers was displayed. Lapsley discovered that a number of people appeared to be trying to log in to other Berkeley computers.

He decided it must be an attempted break-in. At least once a year, someone tried to break into the computers in Cory Hall, the school’s electrical engineering department.

Whoever this intruder was, he was intent on getting in, trying time after time to log in to Berkeley’s computers. So Lapsley started to jot down the names of the machines the break-in attempts were coming from. But he was startled to see that they were scrolling by faster than he could write them down. In fact, they were coming so rapidly that they were scrolling straight off the screen before he could read them.

Lapsley realized it wasn’t a person who was trying to break in. It was a program. When it wasn’t running as daemon , it was running under the names of other users.

The program kept pounding at Berkeley’s electronic doors. Berkeley machines under attack were slowing down as the demonic intruder devoured more and more computer processing time. Computers started to crash or become catatonic. They would just sit there stalled, accepting no input. Even though the workstations were programmed to start running automatically after crashing, as soon as they were up and running they were invaded again. The university was under attack by a computer virus.

Lapsley called Mike Karels, a programmer a hundred yards away in Evans Hall, home to the school’s computer science faculty. Karels was the scientist most knowledgeable about Berkeley UNIX, the operating system widely adopted by universities and research institutions everywhere. If anyone would have good advice, it would be Karels. All Lapsley got from Karels was a short, stiff laugh, then “So you’ve got it, too, huh?”

After another 30 minutes of puzzling over the enigmatic intruder, Lapsley discovered the program was expanding beyond Berkeley. Peter Yee, another undergraduate working with Lapsley, logged in to a computer at NASA’s Ames Research Center 50 miles to the south and saw it there. When Lapsley logged into a computer at Berkeley’s sister campus in San Diego, he saw it there, too.

By the time a call came from a system manager at Lawrence Livermore National Laboratory to say it was on his machines, it was obvious this was no local problem. It was all over the nationwide network known as the Internet. The people who care for the networks of computers used on college campuses and scientific research centers had spent many years preparing themselves for various eventualities. For years, computer scientists had spoken theoretically of the possibility of a program running loose in the network. But no one was prepared to cope with this massive assault.

Within minutes of each other, computers nationwide felt the presence of the rogue program. Shortly before 6:30 p.m., computer managers at the RAND Corp. in Santa Monica noticed their computers were unusually sluggish. There appeared to be a program robbing the computers of speed and slowing them to a near standstill. Fifty-five minutes later, across the country in Cambridge, Mass., computers at the MIT Artificial Intelligence Lab were under attack. Then it struck Stanford, Princeton and the Los Alamos National Laboratory in New Mexico. Once inside a computer, the program propagated to other computers much like a biological virus.

Even when its attempts to get into a new computer were unsuccessful, this electronic virus’ repeated knocks on the door were often enough to cripple the machine. And even after it was killed, it would reappear almost immediately. Moreover, once it entered a workstation, the program had a mysterious way of finding other computers to attack.

Worse than what could be observed about the program was the fear that it might be a Trojan horse program--apparently innocent, but carrying a string of code instructing the computer to carry out a specific damaging instruction at some later time. System administrators at an aerospace company in San Diego got so frightened that they pulled everything off their computers and installed their most recent set of backup tapes.

When the program started entering computers at the Army’s Ballistic Research Laboratory in Maryland, system managers feared invasion by a foreign power. Since the program came in over the network, they were afraid it might also be taking Army data out over the network. Assuming the worst, the chief Ballistic Research Laboratory system programmer did what dozens of other managers across the Internet had already done: He disconnected his computers from the network.

Taking computers off the network stopped the program from coming in or leaving, but it had the unfortunate side effect of cutting off communications among people accustomed to staying in touch with electronic messages. Few people thought to pick up the telephone, and those who did were at a loss: The electronic network had become the sole form of communication for most computer experts, who seldom bothered to give out their telephone numbers.

1991, by Katie Hafner and John Markoff. Reprinted with permission from Simon and Schuster.

BOOK REVIEW: “Cyberpunk: Outlaws and Hackers on the Computer Frontier,” by Katie Hafner and John Markoff, is reviewed on Page 1 of today’s Book Review section.