What I'm about to say here will sound like her-esy to some, downright evil to others, and superfi-cially it will appear to break the very fundamentals of the hacker's code of ethics. Well, in some ways it does, but there are a lot of things I say in this book that are like that. It's true: life often breaks it's own rules. Sometimes you have to break your own rules to have some fun. So any-way, here's my warning: Watch out! Taboo subject ahead!
If you've followed my earlier advice, you have this huge list of BBS numbers, and you've been calling them all to get more numbers. Why did I say to do this? Because the people you will meet on these systems are people who are into BBSing. A lot of them have accounts on other local systems or a-tabases, or at their jobs, or schools.
If you call up Fred's BBS, and you go to the "Computers" Discussion area, and Joe Blow is there talking about CompuServe, you have just found out a very significant clue! All you have to do now is find out what password Joe uses on Fred's BBS. More than likely it's the same one he uses for Com-puServe and every other computer account he owns (not to mention, this password is probably the key he uses to encrypt files). This is easier said than done, of course.
This is what you should do. Many BBSs have a listing of which users have signed on to that BBS, where they live, what their interests are and what they do for a living. These lists are like gold to a dedicated hacker. Use your program's data capture facility to record the most useful lists you find, then edit them down and print out the essentials.
Let's say you're looking through your captured user list from Fred's BBS, and you see Joe Blow's en-try. Under interests, Joe put down "bowling, SCUBA diving, Star Trek & lacrosse." Now you have some clues. It's more than likely that Joe Blow's password is a word taken from one of these areas of interest.
When you look through these user profiles, you are learning more about these people, you are get-ting to know them. It is vastly easier to figure out the password of someone you know than the password of a complete stranger. If you've been having conversations with these people on the bulletin boards, you've found that some are computer experts and some are not. Ob-viously, it's better to try to focus on someone who is not an expert BBSer - although some expert users are so smug they become complacent and lazy, and so perhaps become better targets. Use your judg-ment. A newcomer will be more likely to choose a bad password. Newcomers (or people disinterested in computers) will tend to choose certain obvious passwords over and over again.
To sum up: If you find out what things a user (especially a new user) is interested in, it's "easy" to guess his or her password. If you know that person uses a computer at work or school, it's likely the same or a similar password is used for both sys-tems.
I'm not trying to suggest that guessing a pass-word is simple. It's not - you have to have pa-tience, and a lot of time on your hands. But there are faster, smarter - and consequently, more technical - ways of getting into Joe Blow's BBS ac-count than a brute force attack. Let's look at these.
