Malicious Life Podcast: How the Internet Changed the NSA
Jeff Man was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out…
Malicious Life Podcast
On May 23rd, 1989, Karl Koch - a 23 years old West German hacker who worked for the KGB - took a drive, from which he would never return: Nine days later his charred remains were found by the police in a remote forest. Was Koch assasinated by the US or the Sovient Union, or is there another, more 'mystical' explanation for his death? – check it out...
Powered by RedCircle
The Malicious Life Podcast by Cybereason examines the human and technical factors behind the scenes that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution, with host Ran Levi interviewing hackers and other security industry experts about hacking culture and the cyber attacks that define today’s threat landscape. The show has a monthly audience of over 200,000 and growing.
All Posts by Malicious Life PodcastBorn in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.
Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:
All Posts by Malicious Life PodcastAccording to the German news outlet Der Spiegel, on May 23rd of 1989, 23 years old Karl Koch was supposed to drive, for work, to the state chancellery. (According to Wikipedia, he simply took a drive for his lunch break.) Either way, that afternoon, he didn’t end up where he was expected, and so his employer filed a missing persons report.
Nine days later, police were called to the site of an abandoned car in the forest near Celle, around 25 miles northeast of Hanover. From Wikipedia, quote, “it appeared as though it had not moved for years as it was covered in dust. The remains of Koch – at this point just bones – were discovered close by, a patch of scorched and burnt ground surrounding them, shoes missing. The scorched earth itself was controlled in a small circle around the corpse; it had not rained in some time, and the grass was perfectly dry.” End quote.
Police said in a statement that Koch had doused himself in gas, and self-immolated. Later, his friends, and conspiracy theorists with an interest in the story, debated whether he might have been assassinated.
No suicide note or further evidence was discovered at the scene, to help elucidate. Just a melted plastic gasoline canister, and Karl’s charred bones.
Karl Koch was a hacker from Hanover, Germany. Young, and handsome — very handsome, actually. Hackers sometimes get a bad rap for glasses and neckbeards, but Karl — bright-eyed, short hair, lean, with clear, pale skin — easily could’ve been an actor or a model in another life. The life he actually had, unfortunately, was far from that.
Many words have been used to describe Karl Koch. Different people have spoken of him in ways that leave you wondering: surely, they can’t have been referring to the same individual. That so much has been made of the man seems to be due to two main causes.
First: the sensational media attention he received at the young age of 23.
And, second: the wild and unfortunate trajectory of his life. It’s hard to pin down somebody who went through so much, in such a short time.
So, rather than delve right into the narratives, rumors and labels assigned to Karl by this journalist, or that government minister, or the hackers he called friends, it may be more true to hear about him in his own words.
Early in 1989, Karl Koch wrote a brief biography of his life, intended for potential therapists.
“I, Karl Koch, was born on July 22nd, 1965, in Hanover.”
Nate Nelson, the writer of our show, reading the part of Karl.
“I had difficult family circumstances; the separation of my biological parents after prolonged disputes linked to alcohol and marriage conflicts, as well as repeated suicide attempts by my older sister.”
It’s worth noting here that this letter was later published by some of Karl’s friends, as part of a huge, 68-page document they compiled with news clippings, photos, essays and commentary about his life.
At certain points in the biography, his friends provide editorial notes. Like, after this first paragraph they note how, quote, “Karl’s mother, Agnes Koch, became sick with cancer. She died on January 1st, 1976, after a three-year struggle.”
“I had acute problems with my father, Werner Koch, who shortly before the death of my mother had moved back into the family home. His alcohol consumption increased from that point to become a problem, which he did however not acknowledge.”
Karl describes similar problems with his father’s girlfriend, and his grandmother.
“From the 10th grade, I took hashish and anti-anxiety medication (Valium and Tavor) in irregular intervals. From that point on my academic performance began to decline[.]”
Karl dropped out of school the following year. At this point, another editorial note is interjected in the narrative. His friends, who clearly want to defend his reputation, point out all the organizations and activities Karl took part in: student council, organizing events. “He fought in the anti-nuclear movement,” they add at the end, “and was an active anti-fascist.”
Anyway, at age 18 Karl’s grandmother died, and he went back to high school.
“[D]uring the following spring my father married his girlfriend, shortly before his operation due to peripheral artery disease. Shortly thereafter we learned that my father as well had cancer, he died a half year later in August of 1984, from a lung tumor and multiple brain tumors[.] I failed school due to the obstacles of transferring and frequent absence (I had a sleeping disorder). From then I took hashish regularly.”
His father left around 240,000 marks in inheritance — equivalent to just under $100,000 — which Karl split with his sister. But he considered the money “dirty,” and so spent it quickly: on a private therapist, and a computer.
Karl loved computer science. It led him to the local hacking scene, where he took on the name “Hagbard,” from the protagonist of his favorite book series, “Illuminatus!” In 1985, he and some friends founded the so-called “computer regulars’ table” at a cafe on Lister Meile in Hanover, which developed into “control center 511,” a branch of the Chaos Computer Club.
“As an autodidact I quickly learned to deal with mainframe installations, which I connected to using the phone line, and was as quickly accepted into the ranks of the hacker elite.”
He’d earned his spot. Notably, in November of ‘85, Karl and a friend hacked into Fermilab, a Department of Energy laboratory specializing in high-energy particle physics.
The friend was the especially-talented Markus Hess, codename “Urmel” — a big guy with thick eyebrows and a severely receded hairline, a look of someone double his age despite being only a few years older than Karl. At conventions around the country, Karl started making friends with other such prominent German hackers.
Then at the “C” fair in Koeln, Karl and his fellow hackers are approached by, as his friends write in an editorial note, “dubious characters.” These characters ask if the young hackers are interested in doing what they do, for money. A job breaking into police and bank computers in the Netherlands. The offer doesn’t land.
But at a late-night after-party following the CeBIT expo in Hanover, the topic comes up again. According to legend, the idea came from Dirk Brzezinski — a programmer a couple years older than Markus — and Peter Carl — a croupier at a since-bankrupted Hanover casino, codename “Pedro” — who, high on weed, suggested “doing business with the East.”
“The Russians must have decent wages,” Carl added.
Together, Peter Carl, Markus Hess and Karl Koch drove to the Soviet embassy in East Berlin. It took a few hours and, according to German Wikipedia, they were just about laughed out of the place. But one employee of the East Berlin KGB — a man named Sergei — was interested. If the hackers could prove their usefulness, there might be some room to do business.
“During that year, I began to snort cocaine, as it had been given to me for free by a programmer friend, by end of the year my consumption was regular, and still free of cost. But when, in the early parts of the year 86, I also needed to pay for this my inheritance quickly vanished. Said programmer offered me lots of money, or rather drugs in exchange for information derived from my hacking activity.
I lived in strong isolation from my environment (my circle of friends), spending entire days and nights on hacking sessions as well as drug consumption[.]”
Karl mentions, in passing, a detail that journalists and litigators will focus on in nearly any discussion about him from thereon out: his “para-psychological perceptions” arising from his use of cocaine and LSD, “among others Jungian synchronicity.”
Synchronicity is, as Carl Jung described it, quote, “the coming together of inner and outer events in a way that cannot be explained by cause and effect and that is meaningful to the observer.” End quote. People do this all the time — looking for “signs,” attributing one event to another because of “karma,” and so on. Jung considered it healthy, except for its overlap with psychosis.
Karl was aware to recognize his own illness, but not enough to overcome it.
For example, among many other targets he’d penetrated with Markus Hess in 1986 was a nuclear facility. In April of that year, there was an explosion at a different nuclear facility: Chernobyl. Ill and drug-riddled, Karl interpreted it as a direct effect of his hacking.
Most of all, he found those deep, illogical connections in numbers. For example, in writing about Karl, German newspaper Der Spiegel explained that, quote,
“23 and 5 are considered sacred numbers by the world conspirators, which play a magical role in all secret writings, codes and calendars of the Illuminati – for example in the sign of the horns, by spreading the index and middle fingers into a V and folding the other three fingers down. The two, the three and their union in the five. Father, Son and Holy Devil. . . The duality of good and evil, the trinity of deity.”
The first volume of his favorite book series, Illuminatus!, makes liberal reference to the so-called “Law of Fives,” and the “23 Enigma.” Like in one case, when the character Simon — an anarchist — launches into a diatribe about how, quote,
“All the great anarchists died on the 23rd day of some month or other—Sacco and Vanzetti on August 23, Bonnie Parker and Clyde Barrow on May 23, Dutch on October 23—and Vince Coll was 23 years old when he was shot on 23rd Street.”
In all, you’d hardly say that Karl was hardly in a state to carry out international espionage. Heck, he could’ve told you so himself. But he needed money.
For a year, under Markus’ lead, he helped to break into the kind of computer systems they figured might be of interest to a KGB operative like Sergei. And in the late summer of ‘86, Peter Carl established a direct business with the agent, with an initial payment of 30,000 deutsche marks split between them.
That very same month, a systems administrator in Berkeley, California was tasked with finding a missing 75 cents.
Clifford Stoll really was living his best life. A scientist through-and-through — even down to his mannerisms and frizzy hair — he worked alongside his academic peers on the top floor of Lawrence Berkeley Labs, designing telescope optics and studying the stars. Then he ran short on funds, and was banished to the basement.
Knowing hardly anything about computer security, in an office with no windows, in a field he didn’t intend to be working in, you wouldn’t have blamed him for lacking in motivation. But when a tiny accounting error blossomed into an apparent computer hack, Cliff took to the case as if it were a calling.
In an interview with C-SPAN, he explained why this meant so much to him. Recalling discussions he had with the CIA, FBI, NSA and others, he said that:
“[I]f anything my problem with with these organizations is that they treat they treat this as a technical problem. [. . .] They gave me a list of questions to ask — questions like: How was this penetrator tracked? How do you guard against intruders breaking into computers? They’re asking me to list questions like this and I realize that these questions bothered me [. . .] but the tone of voice. [. . .] somebody who breaks into a computer is a snake, is an egg sucker, is a son of a bitch who’s breaking into my computers. Here’s somebody who’s stealing information and attacking the community that I believe in.
[. . .] So long as you see this as a technical problem you make only technical progress. But [. . .] when you perceive this as a personal affront, then you make progress not technically but more socially. Then you get involved and you’re willing to put your life into it.
[. . .] you sleep under your desk at night. You’ll spend 24 hours a day wired to your computer waiting for this guy to break in. When you’re involved, you don’t see this guy as an intruder — you see him as a bastard who’s ripping you off.”
In the months watching Sventek – the hacker’s account name – Cliff had slowly gotten closer and closer to his target. His connection line ran outside the lab, via dial-up — so he wasn’t inside the building. He used an old Unix code rarely seen around Berkeley or anywhere nearby — probably because he was on the East Coast, or even further away. The hacker usually connected around lunch hours, Pacific Coast Time. Did that mean he was working in the late afternoon, east coast time, or in the evening, after work hours, beyond the Atlantic Ocean?
At one point, Cliff and his colleague even tried to manually cross-reference the speed of light against the time it took for the hacker’s network packets to travel between endpoints. That experiment didn’t quite work out as well as the astronomer hoped, when they discovered their hacker was a bit under 300 million miles away, somewhere in the range of the moon.
But in the process of slowly inching closer and closer to Hanover, Cliff had amassed a crew of network operator contacts — local, national, and international — who helped measure relay times, and trace the intruder through each of the nodes he hopped through every time he connected in.
Then, finally, on a fateful Saturday, the case finally broke open.
Like always, Sventek logged into the Lawrence Berkeley National Laboratory computer network. This time, however, through a circuit managed by International Telephone & Telegraph. Cliff hurriedly called up the network operators and specialists along the line, one by one, until the line was traced to a satellite, flying 23,000 miles above the Earth’s surface. A Vienna-based specialist for the Tymnet communications company traced the link further, where it landed at the Deutsche Bundespost. They called the Bundespost, which traced the connection to Hanover.
But that, for now, was where they had to stop. The Bundespost switchyard was hardly upgraded from the 50s — row after row of rotary switches, lined up like a server farm, would have to be manually tested by a technician, one by one, to determine which line a particular connection was coming through. The process would take anywhere from a few minutes, to, if they weren’t so lucky, well over an hour.
Sventek, of course, only ever connected for a minute, or five minutes, precisely to avoid being traced back by guys like Cliff, or the Bundespost.
One evening, in the shower, he vexed over the problem with his girlfriend, Martha, an accomplished law student at Berkeley University. They needed Sventek on the line for at least an hour, probably, but nothing on Lawrence Berkeley’s network was interesting enough for him to stick around that long.
“If there isn’t anything he’s interested in on your machine now,” Martha suggested, “why don’t you make some up?”
They bounced the idea around. Cliff already received plenty of official-looking Department of Energy documents.
“We’ll have to be careful to keep it bland and bureaucratic,” Martha reasoned, quoting now from Cliff’s book, The Cuckoo’s Egg. “If we head a document with ‘CHECK OUT THIS TOP SECRET ULTRA-CLASSIFIED NEAT STUFF,’ then the hacker’s going to get suspicious. Keep it all low-key. Forbidden enough to keep him interested, but not an obvious trap.”
Thus began “Operation Showerhead.”
Cliff and Martha went to the lab and shuffled through the government records they already had on the network. They were, quote, “overflowing with far more turgid bureaucratese than we could ever invent[.]” End quote. Only minor modifications would be required, to help them fit the narrative.
Cliff, by now, knew his adversary well. Sventek had often searched files for the string “sdi,” short for Strategic Defense Initiative, Reagan’s Cold War-era missile defense project. Cliff and Martha would create fake memos alluding to the notion that Lawrence Berkeley had obtained a contract to manage the SDI computer network. The network would be highly classified, connecting untold numbers of government agencies and military bases across America and the wider world, with information about internal meetings and classified reports, written by lieutenants and colonels and scientists.
“I thought of another problem,” Cliff remembered. “We don’t know enough about military stuff to make sensible documents?” But Martha knew what to do. Quote:
“‘They don’t have to make sense,’ Martha grinned diabolically. ‘Real military documents don’t make sense either. They’re full of jargon and double-talk. You know, like ‘the procedure for implementing the highly prioritized implementation procedure is hereinafter described in section two, subparagraph three of the procedural implementation plan.’”
They used an idea from Martha’s roommate, too, that she’d suggested at the table, over an omelet dinner: fake forms that somebody could fill out, and send to a fake secretary, to request more (fake) information.
The plan worked. The next time Sventek logged in for an hour on the Lawrence Berkeley network, a technician at the Hanover Bundespost found the switch that corresponded with their connection.
Even the roommate’s idea worked. Weeks later, Lawrence Berkeley would receive one of their fake forms requesting more information about SDI in the mail, from one Laszlo Balogh, from Pittsburgh, Pennsylvania, an individual who’d already been scouted by the FBI as a possible KGB agent.
Cliff went home and celebrated over strawberry milkshakes.
Towards the end of 86, multiple searches of my friends’ houses throughout West Berlin led to greater fear and psychosis.
As word spread that some California IT guy managed to trace their work back to Markus Hess’ computer, Karl became increasingly paranoid.
Perhaps you’re wondering why he’d still be free, if the news of the hacks was no longer a well-kept secret. Well, in their zeal to catch the hackers, the Bundespost failed to receive a warrant for their wiretap. Thus, all the evidence they received could not be used for an arrest and trial. Now the police, and in-the-know journalists were aware of what Markus, Karl and their friends had done, but without anything to actually do about it.
Hess doesn’t talk to reporters, so they go knocking at Karl’s door. He’ll be hounded by journalists on many occasions in the coming years.
And, also, he thinks he’s being followed. A journalist friend confirms: it’s not just in his head. The BND, Germany’s CIA, is watching, and they even have a key to his apartment.
According to his friends, Karl makes multiple attempts at suicide during this period.
“[A]nd shortly afterward I developed a horror of cannibalistic conspiracy[.]”
Karl’s severe thoughts inspired him to leave the country. He went to Spain in February of 1987, through Amsterdam, where he “stocked up on drugs.”
“The former intake of cocaine, combined with years-long depression repressed by hashish, led to a paranoiac hallucinatory psychosis, which lasted for more than 14 days.
With a hellish fear I returned to Germany and let myself be committed voluntarily to the University hospital in Aachen, by the police.”
After Karl was admitted as a mental patient, his friends packed up his apartment. He would spend the following three years in and out of institutions, sometimes even with the aid of local government and police, after he and his partner Hans Hubner turned themselves into the authorities, and admitted they’d worked for the KGB.
On March 1st, 1989, Peter Carl — the KGB go-between who’d first suggested the idea back at the CeBIT conference — was arrested at the airport in Berlin, on his way to Madrid. The following day, West German police conducted searches of 14 homes, arresting 7 involved in the plot. Karl, though already having testified to what he’d done, is arrested with the others. He’s let go after a couple of hours, right in time for the airing of a documentary on the case on the country’s biggest 60 Minutes-style show, called Panorama. Journalists flood his home and office in the days that follow, so he escapes to a friend’s house.
Based on what little accounts we have from that time, the final few months of Karl’s life seems to have been spent working with authorities, and holding down a job as a driver, despite everything going on around him.
And then, on May 23rd, 1989 – Karl took a drive, from which he would never return, and nine days later his charred remains would be found by the police in a remote forest, next to an old abandoned car.
In the time since Karl Koch’s sudden and horrific passing, some have suspected foul play — that, perhaps, it was related to criminals whom he might have had business with over drugs. His friends left open the possibility of assassination by a Western intelligence agency. Or perhaps the KGB would’ve had more reason.
It’s all a bit unlikely, though. A few reasons why:
Firstly, despite his drug habit, anarchist leanings and KGB dealings, Karl was actually taken care of remarkably well by his country’s authorities. Granted, he was interrogated on multiple occasions by the BKA and the BfV, Germany’s equivalents to the FBI. “Systematically,” his friends said, “he is softened up and squeezed out.” But having turned himself in, and telling both journalists and the police what he’d done, he was taken in, in a sense, by the BfV.
The BfV noted later that, quote, “according to the status of the proceedings before his death, [Koch] did not have to fear punishment.” End quote. In other words, he would be given good treatment as a result of his behavior.
Beyond that, though, there was, quote, “not a lack of intensive efforts to help him overcome his drug addiction.” It’s difficult to imagine if you’re American, maybe, but the German FBI went so far as to help Karl find a mental clinic for treatment. They chose a poor one — meant for treating heroin addiction — but still.
Furthermore, Karl had already taken up gainful employment in the year of his death, working as a driver-slash-messenger for the lower Saxony branch of a political party called the Christian Democratic Union of Germany. The general secretary of the party later said that they hired an ex-KGB informant, quote, “because we wanted to help him.” End quote.
So, clearly, the Germans wouldn’t have wanted to assassinate Karl. Would America, for what he did? Or maybe the KGB, before he spilled all the secrets of their business?
Again, probably not. Karl and his cohort expected to steal a lot of secrets, and get a lot of money for it, in the beginning. Though they successfully breached and remained present in networks across the U.S. military and government, for months on end, those compromised computers were always connected to the MilNet, on which, according to the law, no classified material could be kept. That is why Karl didn’t end up getting much, or earning a lot for it, in the end.
That doesn’t mean they found nothing of value. “Since these computers are not regularly checked,” Cliff wrote in a postmortem analysis, “it is possible that some classified information resides on them. At least some data stored in these computers can be considered sensitive, especially when aggregated [. . .] he uncovered little information not already in the public domain, but that included abstracts of U.S. Army plans for nuclear, biological, and chemical warfare for central Europe.” End quote. So they did breach important systems, and steal useful data, but this does limit the damage they caused, and the benefit to their sponsors. Case in point: the group only received around $54,000 total for their troubles.
In the end, they simply weren’t worth assassinating. Panorama, the documentary show, called this so-called “KGB spying ring” the “largest spying case since Guillaume,” a reference to the secretary of the former chancellor of West Germany who’d turned out to be an agent of East Germany. But when Markus Hess, Dirk Brzezinski and Peter Carl were finally convicted, in 1990, they received suspended jail sentences of only two years. According to the LA Times, the three co-conspirators “smiled at each other” at the ruling, which could have allowed up to five years. The judge presiding concluded that, quote, “No serious damage to West Germany has arisen.” End quote.
So it’s just not realistic to think Karl Koch was assassinated. No capable party had the motive. Call it Occam’s Razor, or common sense, but it’s simply no stretch that a kid dealing with financial burdens and psychosis, under intense public and police attention, with multiple attempts at suicide already under his belt, would’ve taken his own life. And given Karl’s illogical fascination in numbers and the – especially the “Law of Fives,” and the “23 Enigma – there’s one more fact that would seem to support the notion that he had some hand in his own death.
The day Karl died — at age 23 — was May the 23rd. 5/23.
Jeff Man was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out…
Black Hills Infosec founder John Strand discusses The Wild West Hackin’ Fest - a unique security conference that emphasizes diversity and lowering the barriers to entering the world of security...
Jeff Man was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out…
Black Hills Infosec founder John Strand discusses The Wild West Hackin’ Fest - a unique security conference that emphasizes diversity and lowering the barriers to entering the world of security...
Get the latest research, expert insights, and security industry news.
Subscribe