McMahon guessed that the worm's designer had released the different versions at slightly different times. Maybe the creator released the worm, and then discovered a bug. He fiddled with the worm a bit to correct the problem and then released it again. Maybe he didn't like the way he had fixed the bug the first time, so he changed it a little more and released it a third time.
In northern California, Kevin Oberman came to a different conclusion. He believed there was in fact only one real version of the worm spiralling through HEPNET and SPAN. The small variations in the different copies he dissected seemed to stem from the worm's ability to learn and change as it moved from computer to computer.
The worm circumnavigated the globe. It had reach into European sites, such as CERN - formerly known as the European Centre for Nuclear Research - in Switzerland, through to Goddard's computers in Maryland, on to Fermilab in Chicago and propelled itself across the Pacific into the Riken Accelerator Facility in Japan.
NASA officials told the media they believed the worm had been launched about 4.30 a.m. on Monday, 16 October.
They also believed it had originated in Europe, possibly in France ..
The WANK worm left a number of unanswered questions in its wake, a number of loose ends which still puzzle John McMahon. Was the hacker behind the worm really protesting against NASA's launch of the plutonium-powered Galileo space probe? Did the use of the word 'WANK' - a most un-American word - mean the hacker wasn't American? Why had the creator recreated the worm and released it a second time? Why had no-one, no political or other group, claimed responsibility for the WANK worm?
One of the many details which remained an enigma was contained in the version of the worm used in the second attack. The worm's creator had replaced the original process name, NETW_, with a new one, presumably to thwart the anti-WANK program. McMahon figured the original process name stood for 'netwank' - a reasonable guess at the hacker's intended meaning. The new process name, however, left everyone on the SPAN team scratching their heads: it didn't seem to stand for anything. The letters formed an unlikely set of initials for someone's name. No-one recognised it as an acronym for a saying or an organisation. And it certainly wasn't a proper word in the English language. It was a complete mystery why the creator of the WANK worm, the hacker who launched an invasion into hundreds of NASA and DOE computers, should choose this weird word. The word was 'OILZ'.
It is not surprising the SPAN security team would miss the mark. It is not surprising, for example, that these officials should to this day be pronouncing the 'Oilz' version of the WANK worm as 'oil zee' .. nor that they hypothesised the worm's creator chose the word 'Oilz' because the modifications made to the last version made it slippery, perhaps even oily.
Likely as not, only an Australian would see the worm's link to the lyrics of Midnight Oil.
This was the world's first worm with a political message, and the second major worm in the history of the worldwide computer networks...
Yet, NASA and the US Department of Energy were half a world away from finding the creator of the WANK worm. Even as investigators sniffed around electronic trails leading to France, it appears the perpetrator was hiding behind his computer and modem in Australia ...
Underground can be ordered online (all countries) via Dymocks, the COOP-Bookshop, Randomhouse Australia and others. See the Underground ordering page for details.
