He beckons me over to one of his eight computers and presses several keys, activating Blockfinder. In less than 30 seconds, the program lists all of the Internet Protocol address allocations in the world — potentially giving him access to every computer connected to the Internet. Appelbaum decides to home in on Burma, a small country with one of the world’s most repressive regimes. He types in Burma’s two-letter country code: “mm,” for Myanmar. Blockfinder instantly starts to spit out every IP address in Burma.
Blockfinder informs Appelbaum that there are 12,284 IP addresses allocated to Burma, all of them distributed by government-run Internet-service providers. In Burma, as in many countries outside the United States, Internet access runs through the state. Appelbaum taps some keys and attempts to connect to every computer system in Burma. Only 118 of them respond. “That means almost every network in Burma is blocked from the outside world,” he says. “All but 118 of them.”
These 118 unfiltered computer systems could only belong to organizations and people to whom the government grants unfettered Internet access: trusted politicians, the upper echelons of state-run corporations, intelligence agencies.
“Now this,” Appelbaum says, “is the good part.”
He selects one of the 118 networks at random and tries to enter it. A window pops up asking for a password. Appelbaum throws back his head and screams with laughter — a gleeful, almost manic trill. The network runs on a router made by Cisco Systems and is riddled with vulnerabilities. Hacking into it will be trivial.
It’s impossible to know what’s on the other side of the password. The prime minister’s personal e-mail account? The network server of the secret police? The military junta’s central command? Whatever it is, it could soon be at Appelbaum’s fingertips.
So will he do it?
“I could,” Appelbaum says, with a smile. “But that would be illegal, wouldn’t it?”