Read Underground: Tales of Hacking, Madness and Obsession from the Electronic Frontier for Free Online Page A

This made things harder for the SPAN team; getting a worm exterminating program out to JPL, like other sites which had cut their connection to SPAN, was going to be that much tougher. Everything had to be done over the phone.

    Worse, JPL was one of five routing centres for NASA’s SPAN computer network. It was like the centre of a wheel, with a dozen spokes branching off--each leading to another SPAN site. All these places, known as tailsites, depended on the lab site for their connections into SPAN. When JPL pulled itself off the network, the tailsites went down too.

    It was a serious problem for the people in the SPAN office back in Virginia. To Ron Tencati, head of security for NASA SPAN, taking a routing centre off-line was a major issue. But his hands were tied.
    The SPAN office exercised central authority over the wide area network, but it couldn’t dictate how individual field centres dealt with the worm. That was each centre’s own decision. The SPAN team could only give them advice and rush to develop a way to poison the worm.

    The SPAN office called John McMahon again, this time with a more urgent request. Would he come over to help handle the crisis?

    The SPAN centre was only 800 metres away from McMahon’s office. His boss, Jerome Bennett, the DECNET protocol manager, gave the nod.
    McMahon would be on loan until the crisis was under control.

    When he got to Building 26, home of the NASA SPAN project office, McMahon became part of a core NASA crisis team including Todd Butler, Ron Tencati and Pat Sisson. Other key NASA people jumped in when needed, such as Dave Peters and Dave Stern. Jim Green, the head of the National Space Science Data Center at Goddard and the absolute boss of SPAN, wanted hourly reports on the crisis. At first the core team seemed only to include NASA people and to be largely based at Goddard.
    But as the day wore on, new people from other parts of the US
    government would join the team.

    The worm had spread outside NASA.

    It had also attacked the US Department of Energy’s worldwide High-Energy Physics’ Network of computers. Known as HEPNET, it was another piece of the overall SPAN network, along with Euro-HEPNET and Euro-SPAN. The NASA and DOE computer networks of DEC computers crisscrossed at a number of places. A research laboratory might, for example, need to have access to computers from both HEPNET and NASA SPAN. For convenience, the lab might just connect the two networks.
    The effect as far as the worm was concerned was that NASA’s SPAN and DOE’s HEPNET were in fact just one giant computer network, all of which the worm could invade.

    The Department of Energy keeps classified information on its computers. Very classified information. There are two groups in DOE: the people who do research on civilian energy projects and the people who make atomic bombs. So DOE takes security seriously, as in ‘threat to national security’ seriously. Although HEPNET wasn’t meant to be carrying any classified information across its wires, DOE responded with military efficiency when its computer managers discovered the invader. They grabbed the one guy who knew a lot about computer security on VMS systems and put him on the case: Kevin Oberman.

    Like McMahon, Oberman wasn’t formally part of the computer security staff. He had simply become interested in computer security and was known in-house as someone who knew about VMS systems and security.
    Officially, his job was network manager for the engineering department at the DOE-financed Lawrence Livermore National Laboratory, or LLNL, near San Francisco.**

    LLNL conducted mostly military research, much of it for the Strategic Defense Initiative. Many LLNL scientists spent their days designing nuclear arms and developing beam weapons for the Star Wars program.9
    DOE already had a computer security group, known as CIAC, the Computer Incident Advisory Capability. But the CIAC team tended to be experts in security issues surrounding