From Visual Developer Magazine #37, April/May 1996
Medusa Mail
Medusa spends virtually all of its time sending out packets and bringing back packets. Who has to know if a few percent of those packets are never really accounted for?
It's 1998, and Renaissance hacker Phil Sydney (see "Citizen of the Earth," April/May 1994) has been busy. High-speed direct-cable connections to the Net are now commonplace, and for over a year Phil has been building his masterpiece. It's a mail/news client, written mostly in assembly, implemented as a tightly integrated collection of mini-interpreters that run completely within on-CPU cache. The internal architecture is peculiar, and designed to make execution tracing nearly impossible. On May 1, Phil posts Medusa Mail on thirty-five different newgroups from a public-access PC at a public library in Pittsburgh, signing the name "Mike Johnson."
Medusa is an "intelligent agent." It runs on Windows NT, and once configured with keywords and search parameters, it runs in the background, scanning the Net looking for things of interest to its users. It knows how to subscribe to list servers. It knows how to parse HTML. It brings back megabytes of stuff, most of which its users never bother to look at. That's ok—Medusa's first job, as Phil sees it, is to look busy all the time.
Back in North Carolina, Phil fires up Mama Medusa (his own custom version), and turns it loose to search the newsgroups for files uploaded by a select group of individuals—fictitious people who live only inside Medusa's command interpreter. An internal script in every copy of Medusa uses the newsgroups to "phone home." It secretly chooses a binary image file at random from one of the picture groups, performs a set of color optimizations on it, and then uploads it back to the group under one of Medusa's fictitious names and a nonexistent email addresses. The machine's owner never knows what's happening—Medusa is connected to the Net all the time, and spends virtually all its time sending out packets and bringing back packets. Who's to know if a few percent of those packets are never really accounted for?
Mama Medusa knows all the fictitious names, and downloads any image uploaded under one of the names. One "optimization" on the images imposes a data stream hidden as occasional oddly-colored pixels. These pixels comprise a compressed, encrypted message summarizing whose machine Medusa is installed on, summaries of hard drive directories, and anything else Medusa decides Phil might want to see. There is no connection between installed Medusas and Phil—all traffic is handled by postings to newsgroups.
The first image is posted scant hours after Medusa is released. Mama Medusa begins building a database of her "clients," who begin appearing at the rate of dozens per day. Phil is pleased. These are high-end people, powerful people, connected to the Net all the time through high-speed links. Some might be of use—and some will be "taken out."
Phil can "talk back" to the Medusas by going to public libraries and posting pictures of supermodels containing encrypted messages. Like many Americans, Medusa has a fondness for Cindy Crawford—and knows before downloading more than the first hundred bytes of a photo whether it's a "hot" one. The messages are targeted by serial number, and a Medusa ceases a download as soon as it reads a serial number not its own.
Phil has created numerous "data weapons," to be downloaded to selected Medusas on his command. Bogus records of drug transactions, kiddy porn, plots for insider trading scams, databases of stolen credit card numbers, all manner of incriminating data, easily customizable to the eavesdropped details of a lucky "client." One anonymous tip to the FBI can then ruin an enemy forever.
Sooner or later, some sharp hacker will blow Medusa's cover. Phil's looking closely, because the ultimate weapon is ready: Medusa's own source code and build records, ready to be tucked away in the corner of the cybersleuth's hard drive as hidden files. The man who reveals Medusa will be framed as the man who created her—and Phil will "turn off" the Medusa network to begin his next project.
There are CEOs, lobbyists, judges, senators, and congressmen at the ends of Medusa's tendrils. 1998 is an election year, and Phil Sydney suspects it will be the most interesting in American history.