Computer at Nuclear Lab Used for Access to Porn

Dramatically illustrating the security problems posed by the rapid growth of the Internet computer network, one of the nation’s three nuclear weapons labs confirmed Monday that computer hackers were using its computers to store and distribute hard-core pornography.

Embarrassed officials at Lawrence Livermore National Laboratory, which conducts a great deal of classified research and has highly sophisticated security procedures, said the incident was among the most serious breaches of computer security at the lab in Livermore, Calif.

The computer, which was shut down after a Times reporter investigating Internet hacking alerted lab officials, contained more than 1,000 pornographic images. It was believed to be the largest illicit cache of hard-core pornography ever found on a computer network.

Computer hackers once were primarily mischief-makers aiming to prove their computer prowess, and they devoted their efforts to disrupting computer systems at large organizations or stealing technical information. But today, a new breed of hackers has developed methods for seizing partial control of Internet-linked computers and using them to store and distribute pornography, stolen computer software and other electronic information--often for profit.

The Internet, a “network of networks” originally designed to connect computers at universities and government research labs, has grown dramatically in size and technical sophistication in recent years. It is now used by many businesses and individual computer users, and is often viewed as the prototype for the information superhighway of the future.

But the Internet has an underside, where so-called “pirates” with code names such as “Mr. Smut,” “Acidflux” and “The Cowboy” traffic in illegal or illegally obtained electronic information. The structure of the Internet means that such pirates can carry out their crimes from almost anywhere in the world, and that tracing them is nearly impossible.

The FBI late last week confirmed that it was investigating software piracy on the Internet. A Times reporter discovered a number of sites at prestigious institutions that were being used to distribute stolen software, including one in the office of the UC Berkeley chancellor and another at Lawrence Berkeley National Laboratory.

Pirate sites, which carry exotic monikers such as “3 Days Till Death,” “Impact of Chaos” and “Field of Dreams,” can generally be found only by highly sophisticated computer users who are well-schooled in the intricacies of the Internet. The pirates use a new and relatively obscure method for transferring information, known as the “file service protocol,” and they often change the location of their sites every few weeks to avoid detection.

In April, MIT student David LaMaccia was arrested on felony conspiracy and wire fraud charges for allegedly using the protocols to distribute more than $1 million worth of commercial software. The protocol allows files to be sent to large numbers of computer users easily with minimal disruption of other computer functions.

Pirates also have their own “chat” lines, a series of channels within a service called the Internet Relay Chat. An elaborate pecking order determines who will be allowed to take part in these conversations--newcomers can often wangle their way in if they have a particularly hot piece of software to offer.

Garden-variety copyrighted software is known as “warez” on these channels, while especially good software is called “kewl,” and brand-new software that has not even reached stores is called “zero-day software.” At the Lawrence Berkeley pirate site, the offerings last week included Power Japanese, which retails for $395, as well as IBM DOS 6.3 and a game called Alien Legacy, which is not yet available in stores.

Sandy Merola, deputy director of information and computing at the Berkeley lab, said the pirate site was shut down last week after The Times investigation revealed its existence. Merola said the Department of Energy, which oversees lab operations, as well as the FBI, had been notified of the incident.

At Lawrence Livermore, officials said Monday they believe that at least one lab employee was involved in the pornography ring, along with an undetermined number of outside collaborators. Chuck Cole, deputy associate director of computing at the lab, said that nearly 2,000 megabytes of unauthorized graphic images have been found in a Livermore computer. He confirmed that they were pornographic.

The employee has been placed on “investigatory leave” and his or her security badge confiscated while an investigation is under way, the lab said. It was unclear whether the pornographic images were being sold or how many people had gained access to them. The pictures were sufficiently graphic that they could be considered obscene by courts in some jurisdictions, in which case transmitting them over the Internet might be illegal.

The massive amount of storage capacity used in the Livermore scheme shows how Internet hacking could be quite profitable. Seizing partial control of large and sophisticated computer systems at universities or government laboratories can save unscrupulous entrepreneurs large sums of money.

There were indications that the person operating the pornography database had become aware of possible scrutiny. On June 27, a message left in a file labeled READ ME!!! said: “It appears that news about this site has escaped. In the past two weeks, I have had 27 unauthorized hosts attempt to access my server. This does not give me a warm-fuzzy feeling. I would hate to have to shut this down, but I may have no choice.”

One computer expert, who requested anonymity, said there might be more to the incident than meets the eye. The expert suggested that the hard-core pornography may be a cover for an ultra-sophisticated espionage program, in which a “sniffer” program combs through other Livermore computers, encodes the passwords and accounts it finds, and then hides them within the pornographic images, perhaps to be downloaded by foreign agents.

But Cole said there was no possibility of a computer intruder gaining access to classified data at Livermore Labs. “We use an air gap security method in which no electronic connection of any kind is maintained between the classified computer world and the unclassified computer world.”

Cliff Stoll, a former computer systems manager at Lawrence Berkeley who chronicled his experiences with a computer hacker in the book “The Cuckoos Egg,” said there would be easier ways to conduct espionage over the Internet than to use pornographic pictures as an encoding method.

Still, the computer penetrations at Livermore and Lawrence Berkeley “show very poor management on the part of the national labs,” Stoll said.

The problem of pirate sites extends far beyond U.S. government laboratories and universities: Many popular sites discovered by The Times are located in Mexico, France, Britain and other countries. One system operator of a pirate site in Istanbul, Turkey, openly bragged on-line that his country has no laws preventing the distribution of copyrighted software; thus, he claimed, he was breaking no laws by doing so.

The Software Publishers Assn., a trade association representing major software manufacturers, has made software piracy on the Internet a major priority. Peter Beruk, the association’s litigation manager, said: “We are currently tracking over 1,600 pirate sites on the Internet in a joint investigation with the FBI. It is a very serious and costly problem.

“In the case of David LaMaccia, we estimate over a million dollars of software was downloaded from his site in a two-week period. We will start going after the universities next. . . . The Internet, in our view, is now getting a very bad name.”

Hal Hendershot, manager of the fraud and computer crime abuse initiative of the FBI, though declining to give any details, acknowledged that the bureau was cooperating with the association in regard to Internet piracy. As the popularity of the Internet surges, the problem of net piracy will increase, Hendershot said.