Zardoz had been a difficult conquest, but Deszip would prove to be even more so. While dozens of security experts possessed complete Zardoz archives, far fewer people had Deszip. And, at least officially, all of them were in the US.

The US government banned the export of cryptography algorithms. To send a copy of Deszip, or DES or indeed any other encryption program outside the US was a crime. It was illegal because the US State Department's Office of Defense Trade Controls considered any encryption program to be a weapon. ITAR, the International Traffic in Arms Regulations stemming from the US Arms Export Control Act 1977, restricted publication of and trad in `defense articles'. It didn't matter whether you flew to Europe with a disk in your pocket, or you sent the material over the Internet. If you violated ITAR, you faced the prospect of prison.

Occasionally, American computer programmers discreetly slipped copies of encryption programs to specialists in their field outside the US. Once the program was outside the US, it was fair game—there was nothing US authorities could do about someone in Norway sending Deszip to a colleague in Australia. But even so, the comp-sec and cryptography communities outside the US still held programs such as Deszip very tightly within their own inner sanctums.

All of which meant that Electron and Phoenix would almost certainly have to target a site in the US. Electron continued to compile a hit list, based on the Zardoz mailing list, which he gave to Phoenix. The two hackers then began searching the growing Internet for computers belonging to the targets.

It was an impressive hit list. Matthew Bishop, author of Deszip. Russell Brand, of the Lawrence Livermore National Labs, a research laboratory funded by the US Department of Energy. Dan Farmer, an author of the computer program COPS, a popular security-testing program which included a password cracking program. There were others. And, at the top of the list, Eugene Spafford, or Spaf, as the hackers called him.

By 1990, the computer underground viewed Spaf not just as security guru, but also as an anti-hacker zealot. Spaf was based at Purdue University, a hotbed of computer security experts. Bishop had earned his PhD at Purdue and Dan Farmer was still there. Spaf was also one of the founders of usenet, the Internet newsgroups service. While working as a computer scientist at the university, he had made a name for himself by, among other things, writing a technical analysis of the RTM worm. The worm, authored by Cornell University student Robert T. Morris Jr in 1988, proved to be a boon for Spaf's career.

Prior to the RTM worm, Spaf had been working in software engineering. After the worm, he became a computer ethicist and a very public spokesman for the conservatives in the computer security industry. Spaf went on tour across the US, lecturing the public and the media on worms, viruses and the ethics of hacking. During the Morris case, hacking became a hot topic in the United States, and Spaf fed the flames. When Judge Howard G. Munson refused to sentence Morris to prison, instead ordering him to complete 400 hours community service, pay a $10000 fine and submit to three years probation, Spaf publicly railed against the decision. The media reported that he had called on the computer industry to boycott any company which chose to employ Robert T. Morris Jr.

Targeting Spaf therefore served a dual purpose for the Australian hackers. He was undoubtedly a repository of treasures such as Deszip, and he was also a tall poppy.

One night, Electron and Phoenix decided to break into Spaf's machine at Purdue to steal a copy of Deszip. Phoenix would do the actual hacking, since he had the fast modem, but he would talk to Electron simultaneously on the other phone line. Electron would guide him at each step. That way, when Phoenix hit a snag, he wouldn't have to retreat to regroup and risk discovery.

Both hackers had managed to break into another computer at Purdue, called Medusa. But Spaf had a separate machine, Uther, which was connected to Medusa.