Underground: Hacking, madness and obsession on the electronic frontier - Suelette Dreyfus

What the hard-liners failed to understand was that world-class hackers like Electron could read the most oblique, carefully crafted Zardoz postings and, within a matter of days if not hours, work out exactly how to exploit the security hole hinted at in the text. After which they could just as easily have written a cookbook version of the security bug.

Most good hackers had come across one or two issues of Zardoz in their travels, often while rummaging though the system administrator's mail on a prestigious institution's computer. But no-one from the elite of the Altos underground had a full archive of all the back issues. The hacker who possessed that would have details of every major security hole discovered by the world's best computer security minds since at least 1988.

Like Zardoz, Deszip was well guarded. It was written by computer security expert Dr Matthew Bishop, who worked at NASA's Research Institute for Advanced Computer Science before taking up a teaching position at Dartmouth, an Ivy League college in New Hampshire. The United States government deemed Deszip's very fast encryption algorithms to be so important, they were classified as armaments. It was illegal to export them from the US.

Of course, few hackers in 1990 had the sophistication to use weapons such as Zardoz and Deszip properly. Indeed, few even knew they existed. But Electron and Phoenix knew, along with a tiny handful of others, including Pad and Gandalf from Britain. Congregating on Altos in Germany, they worked with a select group of others carefully targeting sites likely to contain parts of their holy grail. They were methodical and highly strategic, piecing information together with exquisite, almost forensic, skill. While the common rabble of other hackers were thumping their heads against walls in brute-force attacks on random machines, these hackers spent their time hunting for strategic pressure points—the Achilles' heels of the computer security community.

They had developed an informal hit list of machines, most of which belonged to high-level computer security gurus. Finding one or two early issues of Zardoz, Electron had combed through their postings looking not just on the surface—for the security bugs—but also paying careful attention to the names and addresses of the people writing articles. Authors who appeared frequently in Zardoz, or had something intelligent to say, went on the hit list. It was those people who were most likely to keep copies of Deszip or an archive of Zardoz on their machines.

Electron had searched across the world for information about Deszip and DES (Data Encryption Standard), the original encryption program later used in Deszip. He hunted through computers at the University of New York, the US Naval Research Laboratories in Washington DC, Helsinki University of Technology, Rutgers University in New Jersey, Melbourne University and Tampere University in Finland, but the search bore little fruit. He found a copy of CDES, a public domain encryption program which used the DES algorithm, but not Deszip. CDES could be used to encrypt files but not to crack passwords.

The two Australian hackers had, however, enjoyed a small taste of Deszip. In 1989 they had broken into a computer at Dartmouth College called Bear. They discovered Deszip carefully tucked away in a corner of Bear and had spirited a copy of the program away to a safer machine at another institution.

It turned out to be a hollow victory. That copy of Deszip had been encrypted with Crypt, a program based on the German Enigma machine used in World War II. Without the passphrase—the key to unlock the encryption—it was impossible to read Deszip. All they could do was stare, frustrated, at the file name Deszip labelling a treasure just out of reach.

Undaunted, the hackers decided to keep the encrypted file just in case they ever came across the passphrase somewhere—in an email letter, for example—in one of the dozens of new computers they now hacked regularly. Relabelling the encrypted Deszip file with a more innocuous name, they stored the copy in a dark corner of another machine. Thinking it wise to buy a little insurance as well, they gave a second copy of the encrypted Deszip to Gandalf, who stored it on a machine in the UK in case the Australians' copy disappeared unexpectedly.

In January 1990, Electron turned his attention to getting Zardoz. After carefully reviewing an old copy of Zardoz, he had discovered a system admin in Melbourne on the list. The subscriber could well have the entire Zardoz archive on his machine, and that machine was so close—less than half an hour's drive from Electron's home. All Electron had to do was to break into the CSIRO.