Evans was emotionally unstable. He was angry and abusive, and sometimes he raged at people. Everyone worried about it, especially the CEO. Evans was the chief technical officer at Empire Media (not its real name). If he ever decided to wreck them it wouldn't take him more than sixty seconds. One minute at his desktop and he could delete everything on all their systems, with no chance of recovery. They'd have to go to their backups, which were never current, and even then it would take them hours and hours before they'd be up again. They'd lose their weather data, news feeds, and newspaper and magazine updates. For a huge worldwide media company like they were, the losses would be astronomical. Every day he was there the risk got bigger.

But getting rid of him was just as risky; knowing it was coming might drive him over the edge. What they had to do was get him away from his machine long enough to shut him down, which was what my team and I were there for. We needed to change all the root passwords -- the ones that gave him the highest level of access to the company's computer systems. We had to find and destroy his back doors -- the hidden passages he'd created to get him back in if the front doors were locked. And we had to do it while Evans was in the building, where we could see him. If we tried it while he was away from the office there was always the chance I'd connect up and find him logged on from a personal machine. If that happened, it would be a shoot-out as to who closed down whom.

The plan they came up with went like this: They'd ask Evans to come to the CEO's office, which was in the building across the street from his. At a normal pace, that was a six-minute walk. When he arrived, the CEO would fire him as gently as possible, trying to avoid a blowup. With any luck, that could take fifteen, maybe twenty minutes. After that it would be another six minutes before he could get back to his desk. Meanwhile, as soon as he was safely inside the CEO's office, they were going to flash us the signal to start. From that point we'd have twenty or twenty-five minutes to get into his systems, change the passwords, deny him access, and shut him down permanently. I didn't think it would take more than five.

I felt like the man in black, the unseen avenger brought in to take down the bad guy. I'd been fooling with computers since I was thirteen -- seven years back, hacking since I was fourteen, working security since I was fifteen, summers, weekends, and after school. During the day I wore my white hat. At night after work I put my black hat on and went back into the underground.

A dim light filtered into our computer room where I was sitting with George and Das, two UNIX administrators who had been working at Empire as my company's consulting team. George and Das weren't security people, but they were smart and knowledgeable and we had gone over how we were going to handle this. Everyone had his assignment. Empire Media had multiple connected networks, lots of machines with lots of passwords. But we had divided them up. We were locked and loaded, ready to go the instant we got the word.

In front of our machines a fogged glass wall shielded us from anybody who might wander down the outside corridor. From the ceiling came a steady stream of bad techno music, somebody's weird idea of how to keep us relaxed, as if they thought, They're technologists, they must like techno. I tried to put it out of my head. Our machines were already logged on to our targets, windows opened to the respective servers. I was also connected with Evans's personal machine, a powerful UNIX desktop. He was very technical, unlike a lot of chief technical officers -- CTOs -- who tend to be either theory guys or business types who happen to know something about technology. Even if a CTO is technical at first, an executive career usually takes him away from it. But Evans was good. I knew all about him; I'd been watching him.

Sitting there waiting for the phone call, I tried to put myself inside his head. Angry, hostile, a really bad attitude toward his bosses, at least suspects what's about to hit him. So what's he planning? What would I be planning if I were mad and upset and knew I was about to get it? What devious ways would I use to back door the system so I could let myself in later and wreak havoc?

I ran through my mental checklist of the things we'd done over the last two hours pretending we were just the usual consultants tidying up the systems. The dial-up accounts -- did we make sure they belonged to actual people? All authorized, no phonies? The three separate firewalls -- anything added secretly to the rules, carving out a secret passage through the gateway? Any other back doors? I knew all of them -- the ones available on the internet, the ones not available on the internet, and some on top of that. I knew how you hide them. I knew how you add unauthorized accounts, and how to hide them. All the things a good hacker knows, tricks of the trade.

In the back of my mind the clock is ticking and I'm thinking that the call should come through any minute: "He's in the CEO's office! He's in the CEO's office! GO! GO! GO!" I'm imagining Evans taking his last walk, his rage building, opening the door to the CEO's office, stalking in, wondering if this is what he thinks it is, thinking about the surprises he's got in store for these bastards if they have the balls to try and fire him, the booby traps, the bombs he's going to blow them up with. Then, just as I've got this scene going in my mind, suddenly our door bursts open and one of the execs sticks his head in, shrieking, "He's on his way out!! He didn't stay there at all! He's on his way out!!!"

It's like a jolt of high voltage. For a second I feel like my mind is short circuited. I can hear Das shouting in his maximum-velocity Indian speed-accent, which I can hardly understand even under normal circumstances, when he's not panicked. He's only been in the country a couple of months and I don't think he's completely tuned in to normal English. It sounds like "WaDIDeesaywaDIDeesay?" "The guy's left!" I'm yelling. "He's going back to his office. That's what he said. He's left. He's gone. He's out of there. Start changing passwords! George, start changing the passwords." And George is going, "I'm on it, I'm on it already."

By now my fingers are flying over the keyboard. I'm nailing root passwords one after the other. Six minutes at a normal walk, though I know this guy's not walking normally. He's storming. He's so pissed he can't see straight. So how much time does that give us? Three minutes? Four? I can hear Das counting, "One ... two ... three ..." and I know he's ticking off the machines he's supposed to get. George too, "Four ... five ... six ..." I've got mine now -- seven, eight, nine. Okay, what else? The backups. We've got to get them too. Okay, you do this, you do this, I'll do that. Checking. Do we have all the roots? All the guest accounts?

Suddenly I'm aware there's activity on Evans's machine. He's back; not just back, he's on. I type in the command that lets me know what he's running: ps -aux | grep xterm. I can't actually see what he's doing, but I can see the process identification numbers for everything he's got up. I can see he has five windows open on his terminal, five "xterms," each with its own number. Since I'm logged in as root, which is the highest access, I can kill everything he's got. I can close down his machine remotely too. Shut it off like a light.

I change the root password. On the command line I enter the kill command kill 1452 for the first xterm. KILL! And I see on my screen 1452 killed. On his machine the first window closes up and disappears from his monitor. Now he's got four. kill 1453. Shhhp. Another window closes up. I'm imagining him sitting at his desk, watching his windows close, blinking his eyes. kill 1454. Pchhhtoo, a third window closes. Staring, understanding now what's happening to him. Knowing there's somebody sitting in a room, probably not too far away, logged on and taking him out. kill 1455. The fourth window closes.

Now he's trying to type in a command. We're connected, and he's got root, same as I do, which means he can see me the same way I'm seeing him, he can see my process ID number and do to me exactly what I'm doing to him, terminate my connection just like I'm terminating his. The first thing he's trying to do is change the root password back to another password of his choice. Then he'll run a kill command on the window I'm using. Or maybe he'll just barge ahead and destroy everything he can in the time he's got left. Log in to one of the main servers as root and do an rm-Rf/. "rm" for remove, forward slash for the top-level directory, "Rf" for right now, immediately, without requesting further verification. Forward slash web server, forward slash magazine server, forward slash newspaper server. Deleting everything in the system. No recovery. Serious, massive damage. Wrack and ruin.

That's why it was crucial that we change all the root passwords, and why I can't give him time to change back to a password of his choice. Already I'm typing kill 1456, killing his fifth and last open window. Getting a sudden memory flash from the time a system administrator and I were at war just like this, battling each other for control, except that time I was on the other side.

Now all five of his windows are gone, but he's still logged on and he can just as easily open another window, another xterm. So now it's time for the deathblow, the shot between the eyes. UNIX gives you the lovely ability to do a remote shutdown. I type in init 5. "Five" indicating the level of shutdown, "five" for completely off, total shutdown, as if someone pushed the man's power button. And he's there watching all of his background processes dying, one by one, all the background applications his machine is running. Shutting down this, this, this, this, this, in a mannerly way. He's sitting there watching it all happen, in my imagination he's watching it in horror. And he's seeing messages flash across his screen as each process turns off: shutting down web service, shutting down mail service, shutting down news service, shutting down nfs service. These messages are flying by on his machine, one after another. And he's a technical person. He knows exactly what's happening. And then, when it's finished killing all of the processes safely, the computer itself shuts down. Shhhhhooom, his screen goes dead in front of him. And I'm thinking, Yes! All right! Is this what I love, or what? This is what I live for!