KGB hack

The KGB hack is the name of a series of break-ins into various Western computer systems between 1985 and 1989. It was the act of a German hacker group around Karl Koch and Markus Hess .

history

At the hacker meetings that regularly take place on Tuesday evenings in the Hanoverian restaurants Spektakel and Sesam (later also Bistro Casa and Bö 29 ), Karl Koch , who called himself Hagbard Celine (character from the Illuminatus novel trilogy! ), Met the hacker Dirk in 1985 -Otto Brezinski aka DOB know. After they had carried out some hacks together, Koch got through him to the croupier Pedro (bourgeois Peter Carl ), who was in notorious money worries and saw in the skills of both of them an opportunity to earn money. The idea of selling their discoveries to the KGB on the hacked computers came from Pedro.

Together the three drove to the Soviet embassy in East Berlin to offer themselves to the KGB. After they had laughed at them there because of their concerns and almost sent them away, an employee of the East Berlin KGB residence by the name of Sergej was ready to listen to them. First of all, the hackers should provide test material in order to prove their skills and seriousness to the KGB. For a year, Koch, DOB and other hackers who were not necessarily informed about the KGB connection and the KGB's money flows penetrated various computers of companies and organizations in Germany and around the world. Pedro acted as a middleman between the hackers and the KGB: he delivered the results to East Berlin and brought with him money (several tens of thousands of DM ) and new orders from the KGB.

In April 1986 the Chernobyl disaster struck . Karl Koch, who had been heavily addicted to drugs for a long time and was often in a dubious mental state, saw this as a direct result of one of his hacks, as he had just broken into the computer of a nuclear power plant. His condition deteriorated to the point that he was expelled from the KGB group and a friend eventually took him to a mental hospital for rehab . The other members of the group did not allow themselves to be dissuaded from their work.

In 1986, Clifford Stoll , a systems administrator at the University of California at Berkeley , noticed that a mainframe he was co-responsible for had a cost of 75 cents for computing power that was not assigned to a billing account could. Since this was an indication of an unauthorized intruder, he investigated the matter despite the small amount and thus finally got on the trail of Koch's group. Through months of detailed detective work and the setting of traps, Stoll and others managed to trace the hackers back to Germany. (Stoll later wrote the book Kuckucksei about these incidents .) On June 23, 1987, the apartment of Markus Hess alias Urmel was finally searched, but no arrest warrant was issued . Since the interception circuit used was not approved by the court, the investigative process even had to be discontinued later.

Since Koch was in financial trouble in mid-1988, he offered a NDR reporter a deal: for 10,000 DM he wanted to break into the computer at the Jülich nuclear research facility in front of the camera . He also presented the reporter with confidential documents about the terrorist manhunt from a police computer (which were genuine, but not obtained by himself). Information about this fact came from the NDR to the investigating authorities, whereupon a house search in the radio house in Hamburg took place. Those responsible denied having offered Koch money for criminal activities. On July 5, 1988, Koch turned himself in to the Office for the Protection of the Constitution and gave extensive evidence in months of interrogation about his activities, not just in the KGB.

On March 2, 1989 - after months of shadowing by the police and the Federal Intelligence Service - the KGB hack group was smashed in a nationwide operation. In the ARD focal point on the same evening, it became “the biggest espionage case since Guillaume ”. Karl Koch was initially assured of impunity. On May 30, 1989, the police found the charred body of the 23-year-old in a forest near Ohof . Suicide by self-immolation was suspected . The actual circumstances of his death have never been fully clarified, but it is believed that Koch could not withstand the psychological pressure of the months of interrogations, in connection with the effects of his drug addiction and mental decline. Even if the murder of Koch could not be proven, it could not be ruled out beyond any doubt. On February 15, 1990, two of those involved in the KGB hack - Dirk-Otto Brezinski (DOB) and Markus Hess (Urmel) - were sentenced to probation between 14 months and 2 years.

Technical background

In their break-ins, the KGB hackers often exploited a security hole in the movemail program . The only task of this small Emacs component was to move incoming mail from the directory / var / spool / mail to the user directory of the respective recipient. In 1986 the program was modified in such a way that it could also pick up e- mails using the POP3 protocol . For this it was necessary to run movemail with SUID root, i.e. the rights of the local administrator ( root ). However, movemail contained a weak point in this configuration: the user whose mail was moved was able to read and write every file on the local system, as the program ran with root rights. Without the root rights, only the files of the executing user (and some explicitly released files) could have been changed via the program and therefore no system or security-relevant files. The security gap only became public when a number of computers (including militarily sensitive systems) were compromised. The protective patch was just three lines long.

People involved in the hack

Film adaptations

23 - Nothing is as it seems (feature film about Karl Koch and the KGB hack)
The KGB, the Computer and I ( The KGB, the Computer and Me ). The television film first aired in the United States on October 3, 1990. It was shot on location with Clifford Stoll, produced by the WGBH Educational Foundation for the US television documentary series NOVA directed by Robin Bates and Catherine White. The episode is about 60 minutes long and also contains a short interview with the hacker Pengo ( Hans Heinrich Hübner ) and some recordings of Markus Hess , the hacker whom Clifford Stoll had followed. The recordings of Hess were made during the trial against him in Celle.

literature

Thomas Ammann, Matthias Lehnhardt, Gerd Meißner, Stephan Stahl: Hackers for Moscow. German computer spies in the service of the KGB . Wunderlich, Reinbek near Hamburg 1989, ISBN 3-8052-0490-6 .
Katie Hafner , John Markoff : Cyberpunk. Outlaws and Hackers on the Computer Frontier . Simon & Schuster, New York NY et al. 1995, ISBN 0-684-81862-0 ( A Touchstone Book ).
Hans-Christian Schmid , Michael Gutmann : 23. The story of the hacker Karl Koch . Deutscher Taschenbuch-Verlag, Munich 1999, ISBN 3-423-08477-4 ( dtv 8477).
Clifford Stoll : Cuckoo's Egg . The hunt for the German hackers who cracked the Pentagon . With a recent afterword by the author. 5th edition, updated new edition. Fischer, Frankfurt am Main 2001, ISBN 3-596-13984-8 ( Fischer 13984).

Web links

Marc Backhaus and Udo Hülsmann: Press review of the events processed in the film '23' , detailed compilation of the facts as they were reported in the German media in 1989
20 years of the “KGB hack” - How 75 cents were fatal , Stern from June 22, 2007
Die Hacker from Hanover , Sueddeutsche Zeitung from June 22, 2007
NSA magazine Cryptolog from 1997 (PDF; 2.7 MB) , article "The Cuckoo's Nest" (p. 27) about the KGB hack

Individual evidence

↑ Der Spiegel 43/1989. June 12, 1989 pp. 87-94

[1] Der Spiegel 43/1989. June 12, 1989 pp. 87-94