Barry, a computer enthusiast from Las Vegas, Nevada, used a quite easy way of finding out info without any programming skills or special equipment. At the university Barry attended, there was a computer lab that had Macintoshs set up in the center of the room and terminals around the perimeter. He had his own account on the system, but he wanted to do some serious hacking. He knew if he tried anything logged in under his own name he might end up in trouble. All he needed was some measly low-level account from which he could hack without risk.
The public terminals at his school worked like this. Available commands or menus were dis-played on the screen with an underline of appropriate size placed at the bottom, where the user would input his choice. You could move around on the screen with arrow keys and type elsewhere, but when you pressed Send, only the
characters written in the space where the underline had been would be acknowledged.
Barry went to the main menu of the information system. He used the arrow keys and space bar to erase all the text on the screen, then proceeded to reproduce the login screen that was used to access the mainframe. At the bottom, he put the appropri-ate prompt...
ENTER NAME/PASS IN FORM nnnnnnnn,pppppppp
... and positioned the cursor at the beginning of the underline. He switched the Caps Lock key on, and he shut off all the other terminals. Then Barry took a seat at a Mac near his prepared terminal, and waited.
Everyone seemed to want to use a Mac that day. He had to wait more than an hour until a per-son finally came in to use a terminal. As Barry had hoped, that person walked straight for the one that was already powered-up. From Barry's position at the Mac he could easily see what the person typed in.
As you can imagine, when someone uses the ac-tual login screen, the computer covers up pass-words with asterisks. The woman who was using the terminal did not seem to realize that anything unusual was going on as she typed her vital data. When she pressed Send after her password, she got the usual beep of disapproval
(because she had pressed Send without entering anything in the space that was supposed to be used for commands, which Barry had erased). The computer redrew the information system main menu, and the woman, surprised, logged in again and went about her business.
Another computer user, who had sat down be-side her shortly after she entered the room com-mented, "They've been acting weird all day." Barry was elated; on his first try, with almost no effort on his part, he had a name and password and could do all the hacking he wanted to without having it being traced back to him. Plus, the bit of strange-ness he had caused was being blamed on unrelated system malfunctions.
There are many variations of this tactic that should also be considered, depending on the nature of the command system, the terminals used, layout of the room, etc. You will want to adjust your strat-egy accordingly.
Some terminals allow you to change screen color. I've worked a ploy similar to Barry's on one such terminal. First I erased the screen and typed up a fabrication of the login screen. But it wasn't an exact reproduction - I put my underline one line below where it normally would be.
I then moved the cursor over to the place on the screen where commands were supposed to be en-tered (above my fake underline). I used a color-change function key to make the characters I entered next appear in the same color as the background. I typed "log-on." It was black letters on a black background, so only I and the computer knew it was there.
Then I repositioned the cursor at the beginning of the underline, used the function key to change the text color back to bright white, and took a seat on a nearby armchair.
I didn't have to wait long. About twenty min-utes later a group of people came in, and one sat down at my terminal. Unfortunately, he saw the screen, thought someone else was using the termi-nal, and he got up to leave. I told him, "No, no one's using that one." So he reset the terminal and pro-ceeded to log onto a totally
different system!
A couple hours later I got luckier. I set up the terminal again and took my position on the chair, pretending to study a numerical analysis book. Af-ter a long while a guy sat down, typed in his name/password combination and pressed Enter. All this I was easily able to see.
But the computer couldn't see what he was typing because he hadn't entered it in the special input space. The computer only recognized my hidden (black-on-black) "logon". The computer then connected to the ungradx machine, and asked for the user's identity. The user, thinking he had made a typing mistake, entered them again. I was already out of there, as I had the information I needed. This will only work with systems that allow you to enter all login codes on a single line, or on machines with certain appropriate capabilities and setups.
Another way is to use a text editor to simulate the login screen. If you don't have an account on the system, and therefore do not have access to the e-mail text editor, there is probably a "Send Com-ments to Sysop" section in the public information system that you are able to access. You would probably want to use a
public editor anyway, to avoid having this evil-doing being traced back to your ID. One way of using a text editor to simulate the login screen is to write up a document such as this:
>login
Enter Name:
Enter Password:
Above this you may want to have the tail end of a commonly seen menu, list of commands, or a body of text one normally sees when turning on the terminal. You position the document so the last line vis-ible on the screen is "Enter Name:". You put the cursor right after the colon, and turn off the Insert key, if there is one.
A person sitting down at the terminal will think someone else before him typed in the "login" com-mand. He will type in his name and press Enter. Pressing Enter scrolls the document up a line, making it look as though the computer is asking him to enter a password, which he then does to your utter bliss, because you are sitting
there watching this unfold.
There are some problems with this method (and all these E-Z methods, actually). What if the first person to sit down doesn't want to log onto his ac-count? Or what if he makes a typing mistake which goes unnoticed until after he presses Enter? In both cases your little deviltry may be found out. There's always the possibility that
some guardian of the computer room will switch off any terminals he sees left on needlessly, and then all your work might be lost. Additionally, if you're doing this on a university terminal that has access to lots of differ-ent computers, there might not be a reasonable way to set up the screen.
There are plenty of things that can go wrong with this ruse, but for the small investment of time to set it up, then who-knows-how-long of waiting, it's worth it. If you try this, remember these tips: Do what you can to make reading the screen from a distance easier. Switch on the Caps Lock key if it helps. Brighten up the
screen if you're able. Tilt the moni-tor a bit to reduce glare from your viewing angle. And if possible, select large fonts. Before you choose your waiting spot, make sure that when a person sits down in the chair, his or her body won't be blocking your view. While you're waiting, keep yourself busy to avert suspicion, but
don't get so involved that you miss your quarry.
