The photographs of computers you see in books, magazines, system documentation, promotional literature such as posters and pamphlets, government publications and booklets, as well as the pictures of computers available on television documentaries, news shows and commercials -can all contain valuable hacking information.
Computer photos might show just the screen (or monitor), or the entire computer, including keyboard, CPU and accessories. Or the picture might depict an actual computer in its natural envi-ronment with perhaps an operator visible.
The first group, essentially "screenshots," can be helpful in showing you what it looks like to be in-side a particular system that you have never really accessed. This can clue you in on what accessing style the system uses, if the password is displayed on-screen as it is typed, username and password styles, what features
are available, and much more, depending on what the photographs are attempt-ing to illustrate. Similarly, in user manuals and other instructional aids, drawings of screens are often found containing the same information, also default login codes, text specifics, error messages, and other handy stuff.
Knowing error messages and knowing the lay-out of the screen will make you a more believable system administrator or low-level user when you attempt some of the social engineering tricks men-tioned later in this book, especially if the computer system in question is one that is closed to outsiders. Seeing examples of
logins will give you ideas on how to go about a brute force attack. If a user name is shown or illustrated, it may be a valid one. Even if lower down on the screen all you get for pass-word information is a row of asterisks ("password: it will still help you in determining the length passwords are required to be. If in
separate photos taken from separate sources, both pass-words are shown being covered by eight asterisks, that is a good indication that either there is a de-fault eight-character password used to demonstrate the system, or that passwords are a maximum length of eight-characters.
Style of usernarne is important too, and will usually be visible. Seeing examples of usernarnes lets you know if first and last names are required, if uppercase letters are needed, whether abbrevia-tions or company names or group names are used for usemames.
Photographs that include more than just the screen often show the keyboard being used (look for misplaced or special keys), keyboard overlays, the kind of computer setup, and possibly messages taped to the CPU or monitor. A more generalized shot may show the computer's surroundings. Is it in a closed office, or are many
terminal operators working together in close proximity? What books are there on the shelves? You may be able to see things of interest hanging on a wall, or lying around on the desk. A user might be in the picture; is he or she wearing a name tag? Are pictures of a family present, or items suggesting a hobby, such as a
mounted baseball or a fishing rod? All avail-able data can be put to use by a hacker.
When I refer to the computing environment, I am, of course, only referring to pictures of comput-ers in their natural environments, as opposed to staged photos in advertisements, like the kind showing a Macintosh in your typical teenager's room. Newspaper and magazine articles are often accompanied by the kind of
computer photo you will want to analyze.
Seeing these things - signs of family life, books and hobbies, a typical user and what he or she is wearing - gives clues to passwords. The specific kind of computer may suggest ways of breaking in using known bugs or loopholes. The computing environment also will allow the social engineer to pretend familiarity with an
otherwise private room or office inside a building.
An additional way computer photographs can help is by looking to the bottom, usually in the caption, to where the source of the photo is listed. The source may give a photographer's name, in which case that photographer may be discreetly pumped for information, or it may give clues as to a relevant city, business or
organization. This can help in determining phone numbers, means of ac-cess, and also passwords.
These are just some of the ways in which close magnifying glass work will help you find out more about your intended target system. You can see why it is a good idea to videotape as many corn-puter-related TV shows as you can; you can always fastforward through the boring parts. Freeze framing a specific scene may help give insight into the hidden side of a system and the people who run it.
If you get a lot of static on your television when you freeze a frame, try cleaning the VCR. If that doesn't clear up the problem, it may be the audio component of the tape that is interfering with the video picture. Try taping just the video part of the tape you want to freeze. One way to do this is to connect two VCRs together
using just the Video In/Video Out cable, ignoring the audio link. Copy the relevant portion of the tape, and you will have a picture without accompanying sound to muddy the screen. You should only have an audio problem like this if there's a lot of background sound to begin with, like loud narration or loud music going on.
Here's an example of how this kind of photo-graphic detective work pays off: A hacker named Bellee was watching a behind-the-scenes-at-the-police-station show on her local cable channel. A close-up on a computer screen re-vealed the last three digits of a phone number that was being dialed by modem. The rest of the num-ber was invisible due to glare on the screen. Bellee knew the police databank being called was head-quartered in a specific town in Maryland, because the officer giving the tour had mentioned it. Some of the access codes being typed to get into the da-tabank were easily visible or inferable by all who watched the
show, but some weren't. A bit of h-brary research got Bellee the three-digit exchanges that were local to the township the cop had men-tioned. Bellee then dialed each of those exchanges until she found the correct phone number. (Because she had the last three digits from the television Just seeing the computers can be a
boon, and show, she only had to call each exchange 10 times to fill in the missing digit.)
Once she got through, she was able to use the login information she knew (a precinct number, municipality and state were needed) and hack the part she didn't (she knew she needed an eight-letter password from the TV show). So watching televi-sion paid off for Bellee.
Even widely syndicated shows can mess up by inadvertently revealing important clues to an observant audience. Anyone who happened to be watching a certain episode of Geraldo Rivera's Now It Can Be Told news show in late 1991 would have seen a story on a group of hackers and how they broke into a military computer. Several times dur-ing the course of the story the camera came close to the computer's screen, where the electronic address of the computer they had hacked was visible. The story also reported that the hackers had added an account to the system under the name "dquayle," with no password. As you can imagine, soon after the segment aired the account was closed up. As of this writing there is definitely no "dquayle" account on the system (I just called and checked), and some of the more common ways of gaining access to the system have been noticeably shut down. For ex-ample, it is no longer possible to call up anony-mously and retrieve files from that system.
