Many hackers and non-hackers have given their versions of the "Hacker's Ethic." The versions are all pretty much the same. What's different is the de-gree to which the ethic is followed. Smart people, like many hackers, start out by following the rules, the moral codes - the Ethic - but then they get sidetracked. They begin to get the feeling that be-cause they know about the law, they have the authority to break it: "It's not like we're blindly acting without discretion." That's what smart people do - because they know they're smart, and be-cause of it, they forget that even smart people, even smart hackers, are often very, very dumb.
What I'm about to do is give my own version of the Hacker's Ethic. This is a set of beliefs that I have about the world of computers. It may not be what you believe, but that's all right. Hacking has to do with independence.
However, I urge you to understand why it's important that you formulate a hacker's code of ethics and live by them. Having a code of ethics will help keep you out of trouble. Now, I'm not saying that if you're caught, a judge and jury are going to base their verdict on whether or not you behaved according to your beliefs -
especially since some of your beliefs likely involve illegal activities.
What I'm saying is, I like to think that if you have formulated a moral code, and it is well known that you abide by that code, and if all members of your hacker's circle sign affidavits testifying to their loyalty to the code, then in some instances it may allow a judge or jury to honestly say to themselves, "Gee, he meant no harm by it -the damage was not intentional." If you remember our previous discussions of law, many offenses require that, for a criminal action to have occurred, the suspect's conduct must have been intentionally criminal. Well, I would like to think that's the way it would turn out. In real life one can't count on others seeing things from
your point of view.
At the very least, one would hope that by providing a code of ethics, you could more easily weed out undesirables from your group, and keep your members safe and happy. More importantly, I feel there is some indescribable underlying goodness about having a code to guide you. If I sound preachy, fine. I'm done.
This is my Hacker's Ethic. These are my beliefs about computers and hacking, as I attempt to live them.
My Code Of Ethics
Computers have enabled a great deal of infor-mation to be available to anyone, and quicker and cheaper than ever before. The free flow of informa-tion is good, but not when it violates human rights. There are two kinds of human rights. There are rights which pertain to individual humans, and rights which pertain to humanity as
a group.
All of humanity should have the ability to access virtually any known information. There should be a free flow of information, and informa-tion and technology should be used in moral ways. People should know how things work, if they choose to know, and such information should not be kept from them. New ideas should be heard, and there should be the capability for ideas to be discussed, and questions answered, from multiple viewpoints. People should be made aware that all this knowledge exists, and can be brought to them. Technology should be used to this end, not for profiteering or political gain.
Individually, people should have the right not to have data pertaining to them available for use in ways which are adverse to them. People should have the right to be notified when information about them is added to a database, when and to whom it is sold or given. Because it is their own personal information, individuals
should have the right to control how information about them is dis-tributed. A person should have the right to examine in-formation about him or herself in a computer file or database, and should be able to do so easily. The person should have the right to easily correct inac-curacies in that data, and to remove information that is offensive to that person. People should be guaranteed that all makers and suppliers of data-bases will enable these rights to be granted, in a timely fashion.
All of this is what should be the case, and in some situations these rights are currently acknowl-edged. However, most of these rights are almost unanimously ignored. Therefore it is necessary to hack. Hacking is using computers (or whatever) to live according to these ideals. Hackers have these ideals about individuals in general and humanity in general, and I have a set of ideals which I personally follow so that the general ideals may be carried out:
• Never harm, alter or damage any computer, software, system, or person in any way.
• If damage has been done, do what is necessary to correct that damage, and to prevent it from occurring in
the future.
• Do not let yourself or others profit unfairly from a hack.
• Warm computer managers about lapses in their security.
• Teach when you are asked to teach, share when you have knowledge to spread.
This isn't neces-sary, it is politeness.
• Be aware of your potential vulnerability in all computing environments, including the secret ones you will
enter as a hacker. Act discreetly.
• Persevere but don't be stupid and don't take greedy risks.
I am not suggesting that following a code of ethical conduct of this sort makes my hacking moral or right. But I'm also not saying that my hacking is immoral. Don't even raise any argu-ments along those lines with me because I simply do not care about them. We know what's legal and what- isn't. Hacking is something that I am going to do regardless of how I feel about its morality. It is pointless to raise the issue of "Do you honestly think you can justify snooping with your loopy code of ethics?" because if you must consider that issue, you must not have hacking in your blood.
Combining Principles
Throughout this book I've tried to offer general guidelines on the various topics that will prepare you for any computing situation you happen to find yourself in. When it comes to so broad an undertaking as "hacking," there can obviously be no one specific set of steps to follow to achieve one's objectives. Rather, one must call
upon a vari-ety of general ideas, overlay them when appropri-ate, and just hack away until something comes of it.
From knowing what to expect you should know how to react to a new challenge - and your ability to hack will improve.
I want to tell you one final story. This is a story which demonstrates many of the principles you have learned from this book: research, scavenging, shoulder surfing, persistence and logical reasoning, programming methods, brute force, general computing knowledge, social engineering, reverse social engineering, screen analysis, system simula-tors. It shows how each is played off the other for the final triumphant result of a successful hack.
My One-Person Tiger Team
Recently I was given the opportunity to try my hand at hacking into a newly set up computer system at a special library. The library director was concerned because they had recently transferred to this new system which, unlike previous ones, allowed dial-up access from outside lines. The director wanted to know if it was
possible to break out of the search facility, into the restricted areas hav-ing to do with overdue fines, patron names and addresses. Or would it be possible to escape en-tirely from the library program to the operating system and perhaps do some damage?
I told him I would be happy to look into the matter.
Now, he offered to give me one of the dial-in numbers, but I told him there was no need for that. I was a hacker after all! (Actually, I was acting cocky to impress him - I already knew the phone number from watching him give me a demonstration of how the public part of the system worked.)
I called up the system from my home and explored every inch of it. It was a command-run system. The opening screen allowed one to select a function by entering commands such as CAT to search the library catalog, or HOL to place a hold on an item. The proper way to end a session was with the END command. I
tried other, unlisted commands to see if any would work. More than you nught realize, this is a very common practice on computer setups where part of the system is public and part is private. Almost always the public part of the system will have at least one secret command to allow entry into the private side. So I tested a whole slew of key words: EXIT, BYE,LATER, START, LEAVE, LOGIN, QUIT, USER, PASS, LOG, LOGI, CIRC, and the like. Some of these I have seen used in actual applications. (For example, CIRC is often used to enter the part of a li-brary program that takes care of circulating mate-rials. I discovered LEAVE on a computer that was situated in a museum - typing it in allowed one to exit the menu arrd enter a special area for museum curators and employees.) None of these, no any of the other words I tried, worked.
Since it was a brand spanking new system, I was sure there would be lots of bugs hanging around that I could exploit. Indeed, when I spoke to the director, he bemoaned the fact that certain function keys on the terminals had not been set up yet, and that pressing them would exit one to an incomprehensible programmer's
environment. Aha! This is what I needed! But when you're calling in over the phone lines, you don't have access to the function keys that are available on the computers in the company offices.
I thought perhaps the function keys were mac-ros for commands which a user would otherwise have to type in by hand, but I didn't know what those commands were. I was doing nightly excavatings of the building's garbage bins to see if anything would turn up, and finally something did - a badly mangled reference card
from the com-pany which had supplied the software package. I painstakingly searched every last inch of the trash that night, but could only come up with half of the card.
At home, I saw that among the things listed on the card were indeed the names of commands mapped to the function keys. Only two of them were legible, and the rest were either torn off or smeared beyond readability, but those two turned out to be enough.
What was immediately apparent was that I had made a wrong assumption - not ALL the commands were standard English words or abbrevia-tions of words, like CAT or END. There were two-letter commands and dot commands, too. When you input a dot command you type a period (.) followed by an alphanumeric
command. They are often used in applications where entering the alphanumeric command by itself would be misinterpreted as inputted data. For example, let's say you're using this library system, and at the prompt where it asks for an author to search for, you decide to search for books by title instead. So you type the TITLE command. What's going to happen? The computer thinks that "Title" is the name of the author
you want, and starts a search for someone with that name. To get around that sort of problem, this system allows a period to be typed before a command. Now if you type ".TITLE" at the author prompt, the system sees the leading period and recognizes that what follows should be treated as a command.
Programs often use a period before the com-mand because a period is a small, undistracting character and is also very easy to type. But occasionally you will run into "dot" commands which use other characters, most notably, slashses (/ or or an apostrophe (').
Anyway, the reference card told me that press-ing function key F1 was akin to the QUIT com-mand, and F2 was the HELP command. Both seemed promising -.QUIT because it might allow me access to the nether regions, and HELP because since this was a newly set up system, help was very likely not yet implemented - and might be one of those functions which the director was complain-mg would crash the system if someone used it.
I was dialing in to the computer from the out-side world, and there really isn't any way to transmit a function key press through a modem (function keys are not in the ASCII lineup), so I had to hope that either QUIT or HELP would work. Of course I had tried their undotted counterparts be-fore to no avail, but maybe, just maybe, one of them with the dot would work....
Nope!
.QUIT simply terminated my session and dis-connected me. When I typed HELP, the screen cleared, and the following line was printed:
<EOF \txt\hlp\help000>
I presumed this meant that the End Of File helpOOO in the \txt\hlp directory had been reached; in other words, the file existed but was blank. I was temporarily licked, I thought, though it was interesting that now I knew about a \txt direc-tory which apparently contained various text files, and a \hIp directory within it which held help files. Something else I noticed: every time the screen was redrawn, a line at the top was displayed which read something like this:
<<< J. Smith Co Special Library On-Line >>>
(000)U/SYS v55.6
The three digits in parentheses changed de-pending on which part of the program I was using. "(000)" presumably signified the opening screen, where I was attempting to launch these unlisted commands. If I tried the HELP command at, let's say, screen number (013), 1 figured the system should then search for the file
`\txt\h1p\he1p013.` Indeed, that is exactly what happened.
Now, every program has its own style of input and output. One of the things this system used to take input was a cornmand followed by a number. For example, if a search turned up fifty books, you might type "BR12" to see a brief citation for book number 12. 1 wondered if the same format would apply to the help command as well. I tried ".HELP99999," hoping that 99999 would be a num-ber too big for the system to handle (certainly there was no screen that high). What happened was I got a message informing me that the command was not valid. I tried other variations, such as ".HELP 99999" and ".HELP < 99999" but none of them were valid either. Finally I gave ".HELP99999" one last try and this time it worked! I guess I had made a typo when I tried it the first time, perhaps inserting a space between the "P" and the "9," or whatever. The system crashed, and I found myself launched into the programmer's debugging environment.
It was like a mini-editing system for the text and batch files that the database used. I fooled around a bit with it and came up with nothing much of value except for a copyright notice that gave the initials of the company that made the program. I looked through various directories of soft-ware companies, trying to come up with
actual words to go with the initials, and finally I found two that fit. I called up the first and found out that they were the ones who had written the program I was interested in. I asked about obtaining replacement documentation for the package. They said sure - all I had to do was supply the serial number that came with my software and they would send me the book for a nominal fee. I tried some bull-shitting: "Well, I don't know the serial number because I don't have the instructions." No good; the receptionist informed me that the serial number could be found on a label stuck to the original disks. "I don't have the disks near me right now -I'm calling from my car phone. I'm sure I sent in my registration card, perhaps you could check that? My name is Jonathan Smith from J. Smith Co..." I prayed that the real J. Smith had sent in his card. He had not. I thanked the receptionist and told her I would call back the next day.
I figured the company library must have the documentation, but I couldn't just show up there and ask the director if I could peruse it for a while. Besides, I wanted to do this whole thing as if I were an outside hacker, unconnected with the company, trying to get in; special favors were out of the ques-tion.
That meant it was time for some serious social engineering. The only person at the library who really knew anything important about the system was the director himself, and he was out of the question since he would recognize my voice. Anyway, all I needed was this serial number. I called up the library reierence desk, and
made up a story about how I was a programmer from the company that had installed the new computer system and I was wondering if they had version 8 of the program? Naturally she didn't know, but I kindly ex-plained to her that to find out she would have to look for some disks with labels stuck to the front of them.... She found the disks in the director's office, and told me that the number eight wasn't printed any-where, just one long serial number. I had her read it to me, and one of the twelve digits was an eight, so I told her yes, everything was fine, that I just wanted to make sure she had the newest version, and that I would send her version nine if we ever got around to releasing it. She couldn't have cared less.
Anyway, I paid extra for overnight delivery of the debugger documentation, and got it late the next day. Poring through it I found out how to move around in the programming environment and - more importantly for my purposes - to exit from it.
(All the important commands were ab-struse things like KLOO and EE61. This editor was clearly a rush job, created by programmers, for pro-grammers.) Exiting the debugger got me to a login prompt. I quickly found that typing in "circ" at this prompt, and "JSC" at the following password prompt, would bring me one step
closer inside. (Here JSC stands for J. Smith Co. Of course that is a fictitious name.) After entering the password correctly I was brought to a second level of security - apparently the circ/JSC was a general login combination thatanyone with legitimate access to the system knew. I know how to put in "your personal 9-digit ID code." Okay, well we know what nine digits means - a social security number!
I knew that the director had been born and raised in Kentucky, so I knew the first three digits of his social security number. I wrote up a program to continuously spit out possibilities for the last six digits, and it wasn't too long before I found one that worked. When it did, I was greeted with, "Good evening Jane Thombuckle! Please enter your personal password." Jane Thombuckle was not the library director. Now I needed Jane's password. I went back to brute forcing for a while, looking for Thombuckle's personal password by trying out the obvious possibilities, until I got sick of it.
I didn't know who Jane Thornbuckle was, but one of the things I had pulled from the garbage was a stack of discarded company newsletters. Buried deep in the stack was the answer: Thornbuckle was a figure in the company's Management Information Services Department (i.e., a computer programmer). I did some more
hacking away at her password, but that was fruitless. Finally I restarted my program to try social security numbers, and eventually came up with the library director's. Hacking his password by chance was, like Thornbuckle's, getting me nowhere.
I decided to look back at what I already knew. The programmer's environment was an interesting thing, and I played around with it awhile until I had learned enough about it to use it to edit files to my liking, as well as a few other tricks. I was able to use one of the debugger's find commands to locate every occurrence of the
word "circ" in the system files. One of these files contained a bunch of gibberish, the word "minicirc," some more gibber-ish, and then "cirOt followed by more gibberish. I tried analyzing the gibberish after the second circ to see if it could be unencrypted to read "JSC." If it could, then I would be able to use the same procedure on the gibberish following "minicirc." This tactic was to no avail.
Back I went back to that initial login prompt and tried typing "minicirc" with various passwords. The problem was I didn't know what the "mini" part meant. My best guess was that it was some sort of small version of the actual library system - a simulator or training module. I was trying passwords like TRAIN, MINI, MCIRC,
MINICIRC, TUTOR, LEARN, and after a lot of trouble, finally came up with T.CIRC1. This got me
to my favorite little message: "Please enter your personal 9-digit ID code." Within a few seconds I had discovered that the number "555555555" worked like a charm on this mini circulation system. The screen cleared.
"Good morning New User!" my glowing computer screen exclaimed - it must have been three or four in the morning. "Please enter your personal password." This was, I hoped, the last level of security. Yes it was: a few moments later I was in the minicirc under the password "TRAIN." I was proud of myself. I had managed to get out of the public side of the dialup system and into the behind-the-scenes area. But my journey was not over yet, because I still had not gotten into the ac-tual circulation system - just the simulated one used for training purposes.
The minicirc was helpful, but it lacked certain features which, if I were an industrial spy, I would have liked to have had access to. I could use minicirc to check out books to patrons, register new patrons, search the databases, etc., but the database contained only imaginary names and addresses. Many of the other features of the system were unimplemented, but just knowledge of their presence helped me. There was a bulletin board service, which would display messages after log-ging in. A few standard messages had been left by the installers: "Hi, welcome to the system...... From examining these messages carefully, I came up with some
important tidbits of information.
Each message began by listing who had sent the message, and who could receive it. Part of the sender data included the word "minicirc," which implied that it was possible to send messages from the minicirc to the circ and vice versa (otherwise, why would they bother putting that in there?). The second important fact was that
although messages were apparently sent by default to all users, one could specify a particular user who would be the only one to read a posted message.
I used the editor to write a letter and send it to myself. Then I logged off, called back and broke out to the programming environment as I had been doing. Pushing the debugger to its limits, I was able to use its file editors to find the letter I had written, and alter its contents. Instead of being directed to me on the minicirc, I
changed it to be sent to the library director. And where originally the file had stored my own name - "New User" - I altered it to say that it came from some fictitious rep-resentative from the database company that had written the software. The bulletin instructed the di-rector to call this person about some new improvements that could be gotten for free now that version nine had been released (reverse engineer-ing!). I supplied a phone number to call. The num-ber I gave him was that of a friend of mine, a fellow hacker named Morriskat, whom I had thoroughly briefed on how to act when the library director called. We set up Morriskat's answering machine so that if the director called when he wasn't there, a convincing song-and-dance would tell about the new products this company was offering at the time.
When the director did make the call, Morriskat talked about some upcoming features, then asked him some technical questions about the particular way the software had been installed for his library. The director didn't know the answers but, he said, he had a terminal right in front of him - he could log on... "Perfect," Morriskat said. "Just go through your usual stuff. Circ. JSC. Uhm, Social Security Number 402-66-0123. Are you still using the personal pass-word we originally set you up with?"
"Yeah, 'Firebird.'Okay I'm in......
Knowing three out of the four security controls, projecting an air of omniscience, and having the spoofed e-mail as support, getting that final pass-word was easy as pie.
For the last phase of the project, Morriskat and I sat down to see what we could do with the library director's system access. It turns out we could do plenty. We made up new superlevel accounts for ourselves. We were able to toggle access to virtually every aspect of the software to any other user. And we could print out
personal information about every employee at the company - because every employee, whether they ever stepped into the company library or not, had a record in the library's computer. We knew what materials they had borrowed, their home and office phone numbers and addresses, and year of birth. Exiting from this level to the network server was simple to do, and from there we could login to one of the host computers using the library direc-tor's name and his password "firebird."
As the coup de grace, and to prove conclusively that I had done what I had set out to do, I used the programmer's interactive debugger editor to alter the library program's opening screen so that in-stead of giving an explanation of commands, it told a dirty joke. Then I left a file inside the library di-rector's directory which explained how I had bro-ken in. This story as I've told it here is pretty much that file, although here I've expanded more on the hackerish side of things. Principles Combined If you are to be a truly successful hacker, one who can hack on demand like this, then you must be a hack-of-all-trades.
It's not enough to be a spontaneous and smooth-talking social engineer. It's not enough to be a programming genius. It's not enough to have the perseverance of a marathon runner. You must have all of it and an imaginative, goal-oriented mindset as well. And the ethic. I truly believe that a hacker who lacks the hacker's
ethic will be going nowhere fast, because if you don't show an honesty and compassion in what you do, others will not act kindly toward you and that quickly leads to trouble.
Did I display the hacker's ethic when I carried out the hack I've just described? Yeah - I had done nothing more than rename the file that contained the system's opening screen, and put the dirty joke in a new file with the old name. And I showed the library director how to go about switching them back. Later the two of us, along with members of the computing staff of the company held a meeting to discuss what actions would be taken to close up the security holes I had found. And, I should add, they have done so.
Concluding Thoughts
Ask any enlightened sage about the purpose for the existence of our universe - or ask any burning, age-old philosophic question of the kind - and the response will invariably be something like this:
"I can not say it in words. I know the answer -I can feel it, and I can feel myself knowing it. But to simply use words to describe an indescribable sen-sation is impossible."
Your natural reaction to this bull is, "What a phony!" And of course, he is a phony.
But he's also sincere. He truly believes he understands all the mysteries of the universe, and those many and varied teachings that make up the answers to those mysteries are things that must be experienced first hand. Things can be explained to you, but they can't be felt unless you yourself have felt them. So here is your passport to the world of hacking outside this book. You now know the ideas, the methods, the information and facts that will allow you to begin a hack in a systematic way, and you know what can be done to minimize mistakes and wasted effort, and reduce your chances of getting caught. But naturally, that is not enough. As with any hobby/game/education/occupation it takes trial and error, practice and experience, lots of time and patience and practice and more practice, before things work out as you would like
