The least difficult way to collect passwords is to have people give them to you. If you start up your own BBS, that is exactly what will happen. But being a sysop takes a lot of work, and it also involves the use of your computer, modem, tele-phone line(s) and possibly even your printer. That leaves little equipment to hack with!
The original three motivations for hacking local BBSs were for: 1) the excitement and curios-ity-satiating value of it, 2) the opportunity for low-risk practice and, 3) to obtain passwords which might also be used by the same users on other computer systems. When you set up your own,BBS, the first two of these reasons are suddenly gone. Only the third - password collection - remains, and there are more efficient ways of collecting passwords than this. However....
There are some advantages for the hacker who runs a BBS, whether or not the hacker is willing to abuse the trust users place in the sysop. For exam-ple, the hacker can set up a BBS specifically as a place for other hackers to pose questions and ex-change information. If you decide to do this, you will want to make sure
you are overly wary in your advertising and in your group's initiation proce-dures, to ensure that you're not accepting law en-forcement officials or hostile hackers onto your board. So as not to get too off the topic, I will come back to the security subject later, at the end of this chapter.
Running a BBS - or at the very least, setting one up on your system, even if you don't go public with it - will teach you more about how BBSs op-erate than anything else. It's always beneficial to a hacker, and soothing to the true hacker's mindset, to be fully conscious of how a computer system works. Also, you can try setting up a limited BBS and practice breaking into it from a friend's house, or challenge others to do so (you're best off making this challenge only to close friends). This will show you what can and cannot be done on the particular BBS software you're running, and might teach you something about hacking as well. Then you can go out and infiltrate other systems which run the same software. And you can alert other sysops to the se-curity risks inherent in their systems. I've never run a BBS by myself - I've never wanted to devote a computer and phone Me, nor my time, toward the maintaining of a bulletin board system. But I have been an assistant sysop with full operating abilities on several BBSs, and in so doing I've seen a lot of tricks that people have tried in an effort to break into those systems.
