Breaking into computers for a living

One heck of a lot of fun!

Gather ye round, youngsters, and the old man will tell you a story.

Once upon a time, I broke into computers for a living. The USAF has a squadron that provides this service to AF bases and other organizations. Let’s say the wing commander wants to know how secure his systems are. He arranges a visit. There will be just one or two other people, called “Trusted Agents” who’d know we were coming. They’d provide a room and an access point into the base network. Then, the team does their magic. They usually “own” the base systems within 24 hours. That means gaining administrator level privileges on the base’s Windows domain and on the of the Windows domain of the major organizations. Always within a few days. They have never failed.

God, I miss that job.

Before you do anything, the one essential is the “get out of jail pass”–the letter from the base commander authorizing the activity. Until one with my name and his or her signature was in my pocket, there was no way I’d touch a keyboard. That way, if the man with the M-16 say “take your hands off the keyboard” (it has happened, but not to me, thank God) you don’t go to jail. Without the letter, it’s a felony.

It’s fun learning how to pick locks and crack passwords (well, I was cracking passwords back in 1989, so I already knew that). It’s a riot to roam through a building, checking out systems. Look! This guy has his user name and password written on a paper taped to the bottom of his keyboard. How thoughtful. Oh, and this system has no password on the screen saver. Hmm…who am I logged in as here? “Ima Loser,” I’d guess.

Once you have domain admin, you’ve got access to the SAM (and thus the passwords file). Time to run a crack! Let’s see, who has weak passwords…? The Comm Squadron commander has “Dallas#1” as his? For shame. “ILuvChevy” is is cute. Those come forth in minutes. Give it a few hours to work through the dictionary and you get a lot–a LOT–of passwords.

Never base your password on a real word or a name.

The out-brief is a gas. You have the Wing commander there sometimes, but almost always the Com Squadron commander and his staff. They almost always have crackable passwords. One of the slides will be a list of passwords we’ve found, but with no names attached. Most people in the room see their password up there. The looks on their faces are priceless.

God, I miss that.

Sometimes, it’s just some individual organization that wants an assessment. That’s how I learned about the Airborne Laser. I played a small part–I helped secure the systems of those building it.

Ah, the good old days.

One aspect was having a clearance. Never did anything with classified, but we might touch systems bound to be used for classified work, so had to have a clearance. That means filling out a Form 398, PERSONNEL SECURITY QUESTIONNAIRE (PSQ). God, back in the 1970s and 1980s (I’ OLD, I tell ya!) you did it on a typewriter. It was HARD! Now, it’s computerized. What’s your mother’s date and place of birth? Detail each place you have lived for the last ten years. List all employers, with points of contact, and describe the jobs. Provide the bra size of every girl you managed to “feel up” in high school…. It just goes on and on.

God help you if you have close and continuing contact with foreigners, like say, family in China. There is only one thing worse: drugs. If you’re on a psycho-active drug, even by prescription, they look at you very carefully. Wellbutrin? How often do you take it? Two weeks later: how often have you refilled the prescription? A week after that: Sorry to bother you again, but what was this for, exactly? Yes, you told us before, but could you clarify that? The next week: Hello again. Exactly when do you increase or decrease how much you take? Your doctor said you could do that? Could you just clarify….?

It would be easier to have a mistress who was provided by the Chinese embassy. Then it’s be simple: A Chinese mistress? OK. Is she hot? Oh, she is. Getting it on, are you. Well, of course, I’ll just bet you are. Telling her any secrets? No, you aren’t? Really? That’s good. Hmm…OK–Here’s your clearance, you lucky dog!

Of course, MyLovelyWife is a bit less forgiving than the adjudicators. She’s just too good a shot. I never went visiting the Chinese embassy….