The IRS has a bad reputation - and it deserves it. Sure, they pretend to play fair (I have a friend who received a refund check from the IRS for one cent; so apparently they can be honest at times), they pretend to do things in our interest, but underneath it all they do a lot of cheating, conniving things.
For instance, the IRS has a computer selection program called the Discriminate Function System. DFS is a system used by the IRS to select over 80 percent of the income tax returns which will'be audited. When the DFS selects a return for audit, it is because the program believes there is a high probability the citizen made
improper deductions, or hasn't reported all income, or for some other rea-son believes the filer has lied.
Now, as citizens of the United States, we are entitled to know all the laws and regulations of our country, right? Not so, according to the IRS. The decisionmaking formula (algorithm) used by the DFS to select which returns will be audited is kept secret from us (so we can never really know to what extent an action of ours breaks the IRS's re-turn-selection laws).
It seems logical and fitting for the IRS to not re-veal this secret, because doing so prevents a lot of fraud. But it also restricts our rights, and several years ago, two outraged citizens sued the IRS to re-veal their selection formula. The citizens won and the IRS was ordered to reveal the formula. The IRS was not ready to reveal
their secrets, and they ap-pealed their way up to the Supreme Court and still lost in favor of the Freedom of Information Act.
But since the IRS is a crying, whining, wily baby, they refused to obey the court orders, and ran to Congress for help. Congress, of course, immedi-ately enacted a statute which made the IRS's audit selection algorithm immune to the Freedom of In-formation Act.
Now, I ask you: Can you think of a better rea-son to hack than to get back at the IRS? I'm sure that someday some hacker will surreptitiously stroll into the IRS's computers and make off with their Discriminate Function System, and publicize it widely for all to see and file by. <This has already happened in Australia. A
computer professional working for the Australian Taxation Commission wrote up a guide to the confidential computer program which the commission used to determine the legitimacy of a taxpayer's income tax form. Taxpayers could use his guide to safely overstate the amount of deductions they claimed.> Even if that doesn't happen, and even if that's not a hacker's main goal (which I wouldn't expect it to be), there are plenty of motivations from which to choose.
Dissemination of information is always an hon-orable incentive to hack. According to Tom Forester and Perry Morrison in their book on computer eth-ics (listed in the bibliography), following the Cher-nobyl nuclear disaster, hackers in the Chaos Computer Club "released more information to the pub-lic about developments than did the West German government itself. All of this information was gained by illegal break-ins carried out in govern-ment computer installations." Certainly that was a noble and just act on their part, from our point of view.
Hackers also see themselves as preventers of disasters - computer disasters that is. There have been several recent examples of computer security companies from all over the world putting their se-curity products to the test. They did this by publicizing a phone number hackers could call to try to beat the system. Sure this is
done for advertising hype, but it is also a good idea, and it gives hackers a chance to do some computer cracking in a benign setting.
Hackers who maintain a high degree of virtue will use their illegal hacking to prevent disasters. Once they have discovered (and misused) a secu-rity loophole in a system, they will warn the system operator of that fact. Hackers are thus beneficial to the world in that they act to keep the world in-formed and secured. But we can only be assured of these traits if the hackers themselves conform to ethical behavior. Unfortunately, due to the exciting/risky/devilish nature of hacking, the people involved are often immature and play around in juvenile
activities such as vandalism and carding (mail ordering stuff on other people's credit cards). These are the sorts of activities that True Hackers should strive NOT to be associated with, as they degrade the word "hacker." Many hackers, even some very good hackers, have done their part to give hacking a bad name by having skewed motivations. There have been plenty of destructive hackers, and those who just did not know when to quit.
There are also hackers-for-hire. Private citizens are willing to pay hackers to change computerized information for them - grades, ratings, bills, access levels. Or there are the people who want informa-tion about themselves deleted from the record, be-cause they are in hiding. Private investigators can always use the skills of the hacker to find addresses and phone numbers, credit ratings, and other private concerns of clients and suspects which are con-tained on computers. Office workers have hired hackers to scope out the personal electronic mail and files of coworkers and competitors, to gain an edge when making a proposal or a bid.
There is not only industrial, but governmental espionage. All of the above has been done and is being done RIGHT NOW, by hackers who hack for money. Hackers tend to look down on other hackers who fall into this line of work. Maybe a once-in-a-while job is okay, but to do it extensively and exclusively is to sell out one's integrity.
I like to think that all people reading this book, and all hackers, will use their talents to good ends: to promote public awareness, prevent tragedy, and to learn new technologies and new innovations for one's own self-growth.
Showing posts with label Chapter 1. Show all posts
Showing posts with label Chapter 1. Show all posts
Sunday, 27 November 2011
The Seventh Crime
Finally, there is hacking. Hackers have the abil-ity to do any of the above, but they choose not to. Read that again carefully, and see if you can detect the paradox. The person who perpetrates the seventh of seven computer crimes - hacking - has just been described as a person who chooses not to commit any crimes at all. Of course, there is that small matter of illegally breaking into other people's computers before that choice is made. But we conveniently disregard that because we don't see any harm in the simple act of "breaking in." Where other computer crimes are concerned, motivations are obvious. It is obvious why a person would steal a computer, or engage in a financial crime, or a crime of vengeance. But with pure hacking, essentially a peaceful, harmless act, motivations might not be as apparent. The traditional motivation for a hacker was the quest for knowledge. But nowadays that quest may be ruled by higher motives - like money. There are hackers who see their talent not as a hobby, but as a trade. In fact, there are a number of both moral and immoral reasons one would provide one's hacking services for a fee. Before we get further into the How's of hacking, let's take a brief look at the Why's.
Various Thieveries
Hardware theft is either the stealing of the ac-tual computer or its peripherals, but it can also in-clude the piracy of a computer's internal design. It is related to hacking in that stolen or "borrowed" hardware may be used to procure access codes. In the case of design piracy, a hacker might clandes-tinely monitor the
private e-mail and other com-puter files of a hardware designer in an effort to steal innovative ideas.
Software theft or piracy is the unauthorized copying of programs protected by copyright. Often hackers will make personal copies of software they find on a computer system, so they can learn how it was programmed and how it works. As with hardware piracy, there is also the aspect of wanting to get an edge on a
competitor's new line of soft-ware, and so there is the hacking connection. Information theft may include stolen credit card numbers" TRW reports, new product specs, lab re-sults, patient or client data, or any other data that might be potentially valuable. Electronic espionage occurs when that information is sold to a
third party, making the hacker a spy for either another country or company. In both cases hacker tech-niques are used to steal the information, and pos-sibly even to make contact with the spy agency in the first place.
private e-mail and other com-puter files of a hardware designer in an effort to steal innovative ideas.
Software theft or piracy is the unauthorized copying of programs protected by copyright. Often hackers will make personal copies of software they find on a computer system, so they can learn how it was programmed and how it works. As with hardware piracy, there is also the aspect of wanting to get an edge on a
competitor's new line of soft-ware, and so there is the hacking connection. Information theft may include stolen credit card numbers" TRW reports, new product specs, lab re-sults, patient or client data, or any other data that might be potentially valuable. Electronic espionage occurs when that information is sold to a
third party, making the hacker a spy for either another country or company. In both cases hacker tech-niques are used to steal the information, and pos-sibly even to make contact with the spy agency in the first place.
Sabotage
Computer sabotage is the physical destruction of computer hardware or firmware, or the tamper-ing or erasure of information stored on a computer. The point of sabotage may be to force a competitor out of business, or, as is sometimes done with ar-son, to get the insurance money. Computer hacking has only limited involvement with sabotage, since it is the goal of most hackers to keep computers se-cure, not to destroy them. Still, sometimes sabotage does creep into hacking in limited ways. Reverse social engineering uses what is called sabotage, but it is actually just a bit of tomfoolery used to get a computer to temporarily misbehave. You will read about reverse social engineering later on.
Computer vandals frequently sabotage the in-formation stored on computers after first using hacker's methods to gain entry to them. Vandals should not be confused with hackers, however.
Neither should those folks who introduce incorrect or misleading data into a computer system, or oth-erwise sabotage the data stored therein. An illus-tration of such data tampering is given by Thomas Whiteside in his book Computer Capers (Crowell, 1978). Between 1968 and 1972 the FBI planted false adverse information
on radicals and other people who had wild political views into the computers of credit reporting agencies, "the idea being to harass those citizens by making it difficult, if not im-possible, for them to obtain loans or other forms of credit." For all we know various agencies may be continuing this practice. Want your own file
verified for accuracy? Hacker to the rescue!
Computer vandals frequently sabotage the in-formation stored on computers after first using hacker's methods to gain entry to them. Vandals should not be confused with hackers, however.
Neither should those folks who introduce incorrect or misleading data into a computer system, or oth-erwise sabotage the data stored therein. An illus-tration of such data tampering is given by Thomas Whiteside in his book Computer Capers (Crowell, 1978). Between 1968 and 1972 the FBI planted false adverse information
on radicals and other people who had wild political views into the computers of credit reporting agencies, "the idea being to harass those citizens by making it difficult, if not im-possible, for them to obtain loans or other forms of credit." For all we know various agencies may be continuing this practice. Want your own file
verified for accuracy? Hacker to the rescue!
Stealing Money
Financial theft occurs when computer records are altered to misappropriate money. This is often done by programming the computer to route money into a particular bank account, usually 'by the use of a salami technique.
A salami technique is a method used to steal small sums of money over a long period of time, with the assumption that such small sums won't be missed. The criminal reprograms the computer at a bank or some other financial institution so that fractions of pennies will be given to a dummy ac-count.
For instance an account might hold $713.14863, where the `863" occurs because of the multiplica-tion involved to figure interest rates. Normally the computers would say this person has $713.15 in the bank, rounding up the 4 to a 5. However, a computer programmed with salami in mind would slice off those extra digits and put them into a sepa-rate account. Now the person may only have $713.14 in the account, but who's going to notice or complain about a missing penny?
The computer is not generating new money, it's only shifting valid money to an invalid account. This can make salami thefts hard to detect. Once the criminal's account has grown big enough on those fractions of pennies, he or she can withdraw the money and most likely will get away with the crime. Many thieves have tried this form of bank robbery, and many have been caught, but dozens or hundreds of such operations could be going on today without anyone's knowledge (or so the ##experts" claim).
The way investigators check to see if a salami technique is being used is to have the computer make a list of all accounts, and how many times per day over a period of days a transaction has oc-curred with that account. Next, any account that is accessed an exorbitant number of times per day is checked to see how much money each of these transactions represent. If it's tiny sums, someone's up to something!
While I don't condone such thievery, I feel obli-gated to point out where computer criminals have gone wrong in the past and how to avoid future mishaps. Instead of reprogramming the computer to immediately transfer those fractions of pennies to an account, they would have been wiser to sim-ply subtract the amounts and keep track of how much money is collected in an area separate from the account files.
Then, the portions of code which print out total bank holdings should be altered to include that hidden figure in its summation, so those minuscule amounts aren't missed. Once the figure reaches a certain point (for instance, some random value over one hundred or two hundred dollars) only then should it be transferred to the thief s account. I say some "random" value so every transaction on the thief s account won't be exactly the same and thus suspicious.
Such thievery requires access to a computer; usually these crimes are committed by employees of the institution at which the crime occurred, and so true hacking is not necessary. However, when an employee with limited computer access or a com-plete outsider pulls off a financial theft, computer hacking will surely be
involved.
A salami technique is a method used to steal small sums of money over a long period of time, with the assumption that such small sums won't be missed. The criminal reprograms the computer at a bank or some other financial institution so that fractions of pennies will be given to a dummy ac-count.
For instance an account might hold $713.14863, where the `863" occurs because of the multiplica-tion involved to figure interest rates. Normally the computers would say this person has $713.15 in the bank, rounding up the 4 to a 5. However, a computer programmed with salami in mind would slice off those extra digits and put them into a sepa-rate account. Now the person may only have $713.14 in the account, but who's going to notice or complain about a missing penny?
The computer is not generating new money, it's only shifting valid money to an invalid account. This can make salami thefts hard to detect. Once the criminal's account has grown big enough on those fractions of pennies, he or she can withdraw the money and most likely will get away with the crime. Many thieves have tried this form of bank robbery, and many have been caught, but dozens or hundreds of such operations could be going on today without anyone's knowledge (or so the ##experts" claim).
The way investigators check to see if a salami technique is being used is to have the computer make a list of all accounts, and how many times per day over a period of days a transaction has oc-curred with that account. Next, any account that is accessed an exorbitant number of times per day is checked to see how much money each of these transactions represent. If it's tiny sums, someone's up to something!
While I don't condone such thievery, I feel obli-gated to point out where computer criminals have gone wrong in the past and how to avoid future mishaps. Instead of reprogramming the computer to immediately transfer those fractions of pennies to an account, they would have been wiser to sim-ply subtract the amounts and keep track of how much money is collected in an area separate from the account files.
Then, the portions of code which print out total bank holdings should be altered to include that hidden figure in its summation, so those minuscule amounts aren't missed. Once the figure reaches a certain point (for instance, some random value over one hundred or two hundred dollars) only then should it be transferred to the thief s account. I say some "random" value so every transaction on the thief s account won't be exactly the same and thus suspicious.
Such thievery requires access to a computer; usually these crimes are committed by employees of the institution at which the crime occurred, and so true hacking is not necessary. However, when an employee with limited computer access or a com-plete outsider pulls off a financial theft, computer hacking will surely be
involved.
Computer Crime
I would love to honestly be able to say that computer crime does not exist in the world - but I can't, because it does. When you're talking about the bad stuff that people do with computers, hack-ing truly is at the bottom of the list, and it certainly is the farthest removed from traditional crimes -things like murder and burglary
which we feel in our hearts are wrong. True hacking is victimless, so it is in my way of thinking only vaguely a crime. Perhaps it is immoral or wrong, but there is much worse that can be done.
Computer crimes come in seven basic catego-ries, all of which are related to the concept of "hacking" in some way. The seven categories are financial theft, sabotage, hardware theft, software theft, information theft, and electronic espionage. The seventh "crime" is computer hacking.
which we feel in our hearts are wrong. True hacking is victimless, so it is in my way of thinking only vaguely a crime. Perhaps it is immoral or wrong, but there is much worse that can be done.
Computer crimes come in seven basic catego-ries, all of which are related to the concept of "hacking" in some way. The seven categories are financial theft, sabotage, hardware theft, software theft, information theft, and electronic espionage. The seventh "crime" is computer hacking.
Past and Future
As you read about the many facets of hacking, you will be introduced to more equipment, tools, software and hardware that will be of interest to hackers who wish to try their expertise in more specialized areas of interest. For now though, all you need is the understanding that...
Days Of Yore Live On
Men you start reading through the literature of data security, you begin to get worried. Gone, it seems, are the days of "Joshua doors" as in the movie WarGames. Gone are the system bugs and loopholes, the naively entered "PASSWORD" used as a password. Gone, it seems, is the reverent awe people once held for the lone hacker, cracking secret government databases in the middle of the night. Gone are the lone hackers. It seems. But all of this really isn't true! As recently as just a few years ago, Robert Morris, Jr., was hacking into computers using system bugs that he himself had discovered. These weren't even new bugs -they were old ones that no one had ever noticed or bothered to correct before! Who knows how many more similar bugs like it are out there, waiting to be manipulated? And the trap doors will always be there as well: it is the programmer's vanity that leads him to stylize otherwise joint or corporate software by inserting covert code, either for benign, "jokey," Easter Eggs purposes - or to wreak havoc later on. < An Easter Egg in the computing sense is some unexpected, secret thing you can do with a piece of software that the programmer put in but doesn't tell anyone about.> And don't forget all the stupidity: the test accounts and demo modes, the default security measures that nobody bothers to delete or change. In July 1987, a bunch of Chaos Computer Club members hacked their way through the network, from an entry in Europe, to NASA's SPAN system (Space Physics Analysis Network). These crackers exploited a flaw in the VMS infrastructure which DEC Corporation had announced was remedied three months earlier. There must be hundreds of VAX computers still out there, still running the faulty parts of the operating system. Even with the patch in place, the Chaos members reportedly were laughing themselves silly over the often trivial passwords used to "protect" the system. Some of the passwords were taken straight from the manu-facturer's manuals! On the one hand we have a top secret VAX 11 / 785 computer with the full power of NASA to protect it; but on the other hand there are approximately four thousand users of that com-puter.
Never can you get 4,000 people together and still keep secrets hushed up. Hacking may seem harder than ever before, but it really is not. The culture may have gotten more security-aware, but the individual user still lives in a world of benign indifference, vanity, user-friendliness and friendly-userness. Users who are
in-the-know will always want to help the less fortunate ones who are not. Those who aren't will seek the advice of the gurus. And so Social Engi-neering and Reverse Social Engineering live on, as you shall discover within these pages. Ease of use will always rule. The "dumb" pass-word will be a good guess for a long time
to come.
After all, people just don't choose 116Fk%8l0(@vbM-34trwX51" for their passwords! Add to this milieu the immense number of computer systems operating today, and the stag-gering multitudes of inept users who run them. In the past, computers were only used by the techno-literate few. Now they are bought, installed, used,
managed, and even programmed by folks who have a hard time getting their bread to toast light brown. I'm not downgrading them - I ap-plaud their willingness to step into unfamiliar wa-ters. I just wish (sort of) that they would realize what danger they put themselves in every time they act without security in mind. it is a simple and observable fact that most computer systems aren't secure. If this isn't clear now, it certainly will be once you've read a few chapters of this book.
Ironically, many of the people who operate computer installations understand that there is a problem with system security; they just don't do anything about it. It seems incredibly naive, but it's true. There are lots of reasons why companies don't increase computer security. Publicly or privately, they say things like:
• Extra security decreases the sense of openness and trust which we've strived to develop.
• Security is too much of a nuisance.
• Extra security just invites hackers who love a challenge.
• It would be too costly or difficult to patch exist-ing security loopholes.
• The reprogramming could open up new secu-rity problems.
• We've never had a security problem before!
• The information we have here is not important to anyone but ourselves; who would try to break in here?
• But we just had a security breach; surely they won't come back!
• Didn't all those computer hackers grow up and go on t o better things?
There are different reasons why each of these statements is either wholly or partially incorrect. The last one is certainly false as any reader of this book should be quick to point out. Computer hacking (as well as the misuse of computers) will always be a contemporary issue because of the great value computers have in our
daily lives. Some of these sayings also have their validity. In any case, the people who run computer installations (call them sysops, system managers, computer operators or whatever) very often believe in these things, and so the window of opportunity is left open. With a little work we can often ride the breeze inside.
Days Of Yore Live On
Men you start reading through the literature of data security, you begin to get worried. Gone, it seems, are the days of "Joshua doors" as in the movie WarGames. Gone are the system bugs and loopholes, the naively entered "PASSWORD" used as a password. Gone, it seems, is the reverent awe people once held for the lone hacker, cracking secret government databases in the middle of the night. Gone are the lone hackers. It seems. But all of this really isn't true! As recently as just a few years ago, Robert Morris, Jr., was hacking into computers using system bugs that he himself had discovered. These weren't even new bugs -they were old ones that no one had ever noticed or bothered to correct before! Who knows how many more similar bugs like it are out there, waiting to be manipulated? And the trap doors will always be there as well: it is the programmer's vanity that leads him to stylize otherwise joint or corporate software by inserting covert code, either for benign, "jokey," Easter Eggs purposes - or to wreak havoc later on. < An Easter Egg in the computing sense is some unexpected, secret thing you can do with a piece of software that the programmer put in but doesn't tell anyone about.> And don't forget all the stupidity: the test accounts and demo modes, the default security measures that nobody bothers to delete or change. In July 1987, a bunch of Chaos Computer Club members hacked their way through the network, from an entry in Europe, to NASA's SPAN system (Space Physics Analysis Network). These crackers exploited a flaw in the VMS infrastructure which DEC Corporation had announced was remedied three months earlier. There must be hundreds of VAX computers still out there, still running the faulty parts of the operating system. Even with the patch in place, the Chaos members reportedly were laughing themselves silly over the often trivial passwords used to "protect" the system. Some of the passwords were taken straight from the manu-facturer's manuals! On the one hand we have a top secret VAX 11 / 785 computer with the full power of NASA to protect it; but on the other hand there are approximately four thousand users of that com-puter.
Never can you get 4,000 people together and still keep secrets hushed up. Hacking may seem harder than ever before, but it really is not. The culture may have gotten more security-aware, but the individual user still lives in a world of benign indifference, vanity, user-friendliness and friendly-userness. Users who are
in-the-know will always want to help the less fortunate ones who are not. Those who aren't will seek the advice of the gurus. And so Social Engi-neering and Reverse Social Engineering live on, as you shall discover within these pages. Ease of use will always rule. The "dumb" pass-word will be a good guess for a long time
to come.
After all, people just don't choose 116Fk%8l0(@vbM-34trwX51" for their passwords! Add to this milieu the immense number of computer systems operating today, and the stag-gering multitudes of inept users who run them. In the past, computers were only used by the techno-literate few. Now they are bought, installed, used,
managed, and even programmed by folks who have a hard time getting their bread to toast light brown. I'm not downgrading them - I ap-plaud their willingness to step into unfamiliar wa-ters. I just wish (sort of) that they would realize what danger they put themselves in every time they act without security in mind. it is a simple and observable fact that most computer systems aren't secure. If this isn't clear now, it certainly will be once you've read a few chapters of this book.
Ironically, many of the people who operate computer installations understand that there is a problem with system security; they just don't do anything about it. It seems incredibly naive, but it's true. There are lots of reasons why companies don't increase computer security. Publicly or privately, they say things like:
• Extra security decreases the sense of openness and trust which we've strived to develop.
• Security is too much of a nuisance.
• Extra security just invites hackers who love a challenge.
• It would be too costly or difficult to patch exist-ing security loopholes.
• The reprogramming could open up new secu-rity problems.
• We've never had a security problem before!
• The information we have here is not important to anyone but ourselves; who would try to break in here?
• But we just had a security breach; surely they won't come back!
• Didn't all those computer hackers grow up and go on t o better things?
There are different reasons why each of these statements is either wholly or partially incorrect. The last one is certainly false as any reader of this book should be quick to point out. Computer hacking (as well as the misuse of computers) will always be a contemporary issue because of the great value computers have in our
daily lives. Some of these sayings also have their validity. In any case, the people who run computer installations (call them sysops, system managers, computer operators or whatever) very often believe in these things, and so the window of opportunity is left open. With a little work we can often ride the breeze inside.
Data Capture
Your terminal program should have a data cap-ture feature. This means that as information gets sent through your modem and put onto the screen, you should be able to capture it in a disk file.
It's important for you to keep the data capture feature on whenever you're using your modem. You do this for several reasons. When I'm logged in somewhere, I like to poke into all the text files I can find, but I don't like to waste my time on the sys-tem by actually reading them while on-line. In-stead, I turn on my data capture, store what can be hundreds of pages of text in separate files, then sort through the data later, offline, at my leisure. (At other times it is more appropriate to simply transfer the files; what one does depends on circum-stances.) Data capture is also handy to pick up control codes and text that scrolls off the screen too fast for you to read. And sometimes text is immediately erased after it's put on the screen, either for security reasons or due to faulty software. With data cap-ture you retain a permanent record of that text. In any event, it's nice to have an official record of your hacking activities that you can use for reference and research. One time I called up a bulletin board (BBS) that was run by a local company, mostly for the pur-pose of advertising its products. The modems con-nected, I pressed Enter a couple times, and I got the usual random characters on the screen, then the login prompt came on. It took a little longer than usual to get to the login prompt, and I was wonder-ing about that, but nothing seemed really unusual so I went about my business.
Later, I was going over the print outs I made of the break-in and I took a second look at what at the time seemed to be just normal login garbage. In the middle of the nonsense symbols was this: "d-b". And on the next line, sandwiched between two plus signs, this: "ye!". On the surface this doesn't look too interesting, but
think about it: put "d-b" and "ye!" together and you get "d-bye!". What I was looking at was the last half of the word "good-bye!".
From using the BBS I knew that "good-bye!" was the last thing one sees before logging off. In other words, I had called the system just after someone else had logged off, and I had gotten the tail end of their log-off message. This meant there was something wrong with the way the remote software handled disconnections.
This meant there was a bug that could be exploited.
I logged onto the system again, and the first thing I did was go to the "User Log" to find the re-cord of my last login to the system. The person who had been using the BBS before me was a regular User of the system and, sure enough, according to the log she had logged off just seconds before I was recorded as having logged in.
Later I was able to incorporate my knowledge of this flaw to make myself a system operator by calling up and connecting soon after the real sys-tem operator had finished a scheduled mainte-nance check. I wrote a letter explaining to him what I had done, and how. Over the next few days we corrected the problem. So you see, sometimes weird things happen while you're logging on or off, but anomalies can occur at any time. The moral of this story is be pre-pared to capture this weirdness, and be prepared to analyze it when you find it. You never know when something out-of-the-ordinary is going to happen, like the sys-tem operator (sysop) coming on and doing system maintenance while you watch. I've had that hap-pen to me more than once. In fact, there was one week in which it happened twice.
When I was in high school there was one day near the end of September that I was sick, so I was staying home from school. Instead of rushing off to the bus stop, I was on my computer, dialing BBSs. The first day I was sick, I had just finished logging onto a system and was about to read my e-mail when the sysop
interrupted. "I have to do some-thing real fast," he typed, "and I'm late for school." Then he went about doing whatever it was he had to do. He went into the back screens of the bulletin board system program, then shelled out to his hard drive, and came back in again. He was doing every-thing so fast I couldn't keep
track of what was go-ing on, but later, after I'd logged off, I was able to go through the file I'd made of the event, and ana-lyze it thoroughly. The information I learned from watching that sysop fix his system did not help me break in anywhere, but it taught me more about how telecommunication systems work. And that's the
whole purpose of hacking.
A few mornings later, I was on another system and almost the same thing happened. Another sy-sop was late to an appointment, but before he went he just had to do some last minute rearranging. This time I was able to understand as I watched what was going on: one of the things the sysop did was to validate a new user's password (a dumb thing to do in front of somebody, but maybe he didn't realize I could see what he was typing). Since I was capturing the event in a text file as I watched it, there was no need for me to scramble for a pen to write down the passwords as I saw them scroll across my screen.
An alternative to data capture is to have your printer running continuously. There are people who do this, but it's always seemed to me to be a complete waste of ink, paper, time (especially if you have a slow printer) and electricity. Also, a printer won't be as efficient as your communica-tions program at capturing strange control codes and foreign symbols. You're better off capturing data in files, then using a word processor to sort through those files, erase what you don't need, and then perhaps print out the rest.
It's important for you to keep the data capture feature on whenever you're using your modem. You do this for several reasons. When I'm logged in somewhere, I like to poke into all the text files I can find, but I don't like to waste my time on the sys-tem by actually reading them while on-line. In-stead, I turn on my data capture, store what can be hundreds of pages of text in separate files, then sort through the data later, offline, at my leisure. (At other times it is more appropriate to simply transfer the files; what one does depends on circum-stances.) Data capture is also handy to pick up control codes and text that scrolls off the screen too fast for you to read. And sometimes text is immediately erased after it's put on the screen, either for security reasons or due to faulty software. With data cap-ture you retain a permanent record of that text. In any event, it's nice to have an official record of your hacking activities that you can use for reference and research. One time I called up a bulletin board (BBS) that was run by a local company, mostly for the pur-pose of advertising its products. The modems con-nected, I pressed Enter a couple times, and I got the usual random characters on the screen, then the login prompt came on. It took a little longer than usual to get to the login prompt, and I was wonder-ing about that, but nothing seemed really unusual so I went about my business.
Later, I was going over the print outs I made of the break-in and I took a second look at what at the time seemed to be just normal login garbage. In the middle of the nonsense symbols was this: "d-b". And on the next line, sandwiched between two plus signs, this: "ye!". On the surface this doesn't look too interesting, but
think about it: put "d-b" and "ye!" together and you get "d-bye!". What I was looking at was the last half of the word "good-bye!".
From using the BBS I knew that "good-bye!" was the last thing one sees before logging off. In other words, I had called the system just after someone else had logged off, and I had gotten the tail end of their log-off message. This meant there was something wrong with the way the remote software handled disconnections.
This meant there was a bug that could be exploited.
I logged onto the system again, and the first thing I did was go to the "User Log" to find the re-cord of my last login to the system. The person who had been using the BBS before me was a regular User of the system and, sure enough, according to the log she had logged off just seconds before I was recorded as having logged in.
Later I was able to incorporate my knowledge of this flaw to make myself a system operator by calling up and connecting soon after the real sys-tem operator had finished a scheduled mainte-nance check. I wrote a letter explaining to him what I had done, and how. Over the next few days we corrected the problem. So you see, sometimes weird things happen while you're logging on or off, but anomalies can occur at any time. The moral of this story is be pre-pared to capture this weirdness, and be prepared to analyze it when you find it. You never know when something out-of-the-ordinary is going to happen, like the sys-tem operator (sysop) coming on and doing system maintenance while you watch. I've had that hap-pen to me more than once. In fact, there was one week in which it happened twice.
When I was in high school there was one day near the end of September that I was sick, so I was staying home from school. Instead of rushing off to the bus stop, I was on my computer, dialing BBSs. The first day I was sick, I had just finished logging onto a system and was about to read my e-mail when the sysop
interrupted. "I have to do some-thing real fast," he typed, "and I'm late for school." Then he went about doing whatever it was he had to do. He went into the back screens of the bulletin board system program, then shelled out to his hard drive, and came back in again. He was doing every-thing so fast I couldn't keep
track of what was go-ing on, but later, after I'd logged off, I was able to go through the file I'd made of the event, and ana-lyze it thoroughly. The information I learned from watching that sysop fix his system did not help me break in anywhere, but it taught me more about how telecommunication systems work. And that's the
whole purpose of hacking.
A few mornings later, I was on another system and almost the same thing happened. Another sy-sop was late to an appointment, but before he went he just had to do some last minute rearranging. This time I was able to understand as I watched what was going on: one of the things the sysop did was to validate a new user's password (a dumb thing to do in front of somebody, but maybe he didn't realize I could see what he was typing). Since I was capturing the event in a text file as I watched it, there was no need for me to scramble for a pen to write down the passwords as I saw them scroll across my screen.
An alternative to data capture is to have your printer running continuously. There are people who do this, but it's always seemed to me to be a complete waste of ink, paper, time (especially if you have a slow printer) and electricity. Also, a printer won't be as efficient as your communica-tions program at capturing strange control codes and foreign symbols. You're better off capturing data in files, then using a word processor to sort through those files, erase what you don't need, and then perhaps print out the rest.
Handy Features
The monitor on your computer was probably specially designed for your computer. When you dial who-knows-where over the phone, you can easily be talking to some computer with a com-pletely different screen design than your own. Con-sequently, certain standards (rules of behavior for monitors to follow) have been devised. If you call up a hundred different computers, there will be many differences between the characters each can display, the control codes used to perform various screen functions, and so on. Your communications program, or "comm program," should be able to adjust to a wide range of these codes and charac-ters. This feature is known as terminal emulation. Software that can't do that will often represent data
from the remote computer in peculiar ways, or as garbage characters. Your comm program must be able to emulate a good number of terminals, such as ANSI, VT52 and VTIOO. It is also handy for the software to have a translation table - the ability to translate incoming and outgoing characters to other characters.
The terminal program you choose should be able to send and receive files using the Xmodern, Ymodem, Zmodern, and Kermit protocols. A proto-col is a set of rules. You see, if you're "ing to move files between two completely dissimilar computers, those machines need to know how to talk to each other. These file transfer protocols set up specific guidelines for the two computers to follow regard-ing how the file should be sent and received. Each protocol has its own set of advantages and applica-tions. The Zmodem protocol transfers files fast, and with good error recovery, but it isn't as prevalent as the original Xmodem. Ymodem is another improvement on Xmodern, but its error detection isn't as keen - only use it on clean phone lines. Kermit is used on many university mainframes for speedy, efficient file transfer. Make sure your terminal software has at least these four protocols. Choose software that allows you to enter "AT" commands. ATtention commands were developed by Hayes to allow the user to control the modem. They have been
adopted for most makes of modern. AT commands allow you to program the modem to dial, go on line, go off line, and perform various other functions. You should also be able to shell to your computer's operating system while maintaining the connection - sometimes you will want to run another program while on-line. The software should allow you to be able to store many phone numbers, names, and comments for a large number of dialups. You should be able to store more than just the ten digit phone number extensions and special codes should be pro-grammable, as well as sign-on macros for faster connections. It is also helpful to have auto-dial capacity, which repeatedly calls a busy phone num-ber until the line is free. Overall, the program you use must be pleasant and easy to use. If one program doesn't
suit all your needs keep several on hand and use whichever you need when you need its special services. Generally I tend to stick with the PC Tools Desktop comm program. It doesn't have too many advanced features, but its ease of use more than makes up for that. ProComm Plus for the IBM and Macintosh is the Lotus 1-2-3 of communications, software. It's a huge package that includes every conceivable feature you'll ever need. There are also many low price (free) alternatives in the world of shareware and public domain software. QModem is one good shareware communication program for IBM computers.
There is one final necessity for the hacker:
from the remote computer in peculiar ways, or as garbage characters. Your comm program must be able to emulate a good number of terminals, such as ANSI, VT52 and VTIOO. It is also handy for the software to have a translation table - the ability to translate incoming and outgoing characters to other characters.
The terminal program you choose should be able to send and receive files using the Xmodern, Ymodem, Zmodern, and Kermit protocols. A proto-col is a set of rules. You see, if you're "ing to move files between two completely dissimilar computers, those machines need to know how to talk to each other. These file transfer protocols set up specific guidelines for the two computers to follow regard-ing how the file should be sent and received. Each protocol has its own set of advantages and applica-tions. The Zmodem protocol transfers files fast, and with good error recovery, but it isn't as prevalent as the original Xmodem. Ymodem is another improvement on Xmodern, but its error detection isn't as keen - only use it on clean phone lines. Kermit is used on many university mainframes for speedy, efficient file transfer. Make sure your terminal software has at least these four protocols. Choose software that allows you to enter "AT" commands. ATtention commands were developed by Hayes to allow the user to control the modem. They have been
adopted for most makes of modern. AT commands allow you to program the modem to dial, go on line, go off line, and perform various other functions. You should also be able to shell to your computer's operating system while maintaining the connection - sometimes you will want to run another program while on-line. The software should allow you to be able to store many phone numbers, names, and comments for a large number of dialups. You should be able to store more than just the ten digit phone number extensions and special codes should be pro-grammable, as well as sign-on macros for faster connections. It is also helpful to have auto-dial capacity, which repeatedly calls a busy phone num-ber until the line is free. Overall, the program you use must be pleasant and easy to use. If one program doesn't
suit all your needs keep several on hand and use whichever you need when you need its special services. Generally I tend to stick with the PC Tools Desktop comm program. It doesn't have too many advanced features, but its ease of use more than makes up for that. ProComm Plus for the IBM and Macintosh is the Lotus 1-2-3 of communications, software. It's a huge package that includes every conceivable feature you'll ever need. There are also many low price (free) alternatives in the world of shareware and public domain software. QModem is one good shareware communication program for IBM computers.
There is one final necessity for the hacker:
Communications Software
It's hard to find truly splendid communications software, and yet it is the software (in conjunction with a fast, high-quality modem) which will de-termine how much enjoyment or frustration you get from your on-line interactions.
There are lots of communications software ("terminal emulators" or "term programs") out there.
Just because a particular package comes with your modem doesn't mean you should feel obli-gated to use it. A good piece of telecommunications software will have many of the following features. For the hacker, it is necessary to have all these features. Well, maybe it's not necessary, but it will sure make your hacking
experience more pleasurable.
There are lots of communications software ("terminal emulators" or "term programs") out there.
Just because a particular package comes with your modem doesn't mean you should feel obli-gated to use it. A good piece of telecommunications software will have many of the following features. For the hacker, it is necessary to have all these features. Well, maybe it's not necessary, but it will sure make your hacking
experience more pleasurable.
Modems And Speed
Remember the old puzzler, "Which weighs more: a pound of feathers or a pound of lead?" Well, here's the same puzzler with a modern twist: "Which transmits data faster: a 600 baud modem, or a 600 bits-per-second modem?" The answer, of course, is "Both transmit data at the same rate!" But the real answer gets a little
more omplicated. Let me explain.
C IlBaud" is the measure of the rate at which a modem sends and receives information. Below speeds of 600 baud, the baud rate is equal to bits-per-second. Due to the restrictions of telephone equipment, high speed modems may transmit far fewer bits-per-second than their baud rate. For example, a 2400 baud modem may only be sending 1200 bits-per-second.
For traditional reasons, modem speed is still stated in baud. While a hacker should be aware of the difference between baud rate and bits-per-second, the important thing to remember about modem speed is: the faster, the better. Just don't expect a 9600 baud modem to be four times as fast as a 2400 baud modem.
Five years ago, 300 baud moderns were quite popular. Today, 9600 baud modems
are fairly common. Higher speed modems, such as 14,400 baud and 19,900 baud, are now available in fairly inexpensive models. Many of the services you connect to will not be able to accomodate these higher speeds; however, a high-speed modem can always "step down" and connect at a slower speed
when necessary.
Hacking is a hobby that requires little equipment; when it is necessary to buy something, you should try to buy the best available. This doesn't mean you should get what the salesperson or a magazine review says is best. It means, get what is best suited to your needs. You will want your mo-dem to be fast. When I got my first modem, I thought of 140 baud as being the slowpoke. Now I look at the 300 baud crawler I used to use and wonder how I ever managed to stay interested when the words dribble across the screen at such an agonizingly slow pace.
Realize that whatever speed modem you get, it will usually run even slower than advertised. When there is static on the line, the modem is forced to resend data over and over until it has been sent or received correctly. Modems may run at half their listed speed, or even slower if they're in a particularly bad mood. They get even more snailish when you're calling long distance, or you're calling me computer through another through another (to make your call harder to trace back to its source), or if the remote computers are getting heavy usage.
For all of these reasons it's crazy not to get a fast modern. It will make every bit of electronic communication much more enjoyable.
more omplicated. Let me explain.
C IlBaud" is the measure of the rate at which a modem sends and receives information. Below speeds of 600 baud, the baud rate is equal to bits-per-second. Due to the restrictions of telephone equipment, high speed modems may transmit far fewer bits-per-second than their baud rate. For example, a 2400 baud modem may only be sending 1200 bits-per-second.
For traditional reasons, modem speed is still stated in baud. While a hacker should be aware of the difference between baud rate and bits-per-second, the important thing to remember about modem speed is: the faster, the better. Just don't expect a 9600 baud modem to be four times as fast as a 2400 baud modem.
Five years ago, 300 baud moderns were quite popular. Today, 9600 baud modems
are fairly common. Higher speed modems, such as 14,400 baud and 19,900 baud, are now available in fairly inexpensive models. Many of the services you connect to will not be able to accomodate these higher speeds; however, a high-speed modem can always "step down" and connect at a slower speed
when necessary.
Hacking is a hobby that requires little equipment; when it is necessary to buy something, you should try to buy the best available. This doesn't mean you should get what the salesperson or a magazine review says is best. It means, get what is best suited to your needs. You will want your mo-dem to be fast. When I got my first modem, I thought of 140 baud as being the slowpoke. Now I look at the 300 baud crawler I used to use and wonder how I ever managed to stay interested when the words dribble across the screen at such an agonizingly slow pace.
Realize that whatever speed modem you get, it will usually run even slower than advertised. When there is static on the line, the modem is forced to resend data over and over until it has been sent or received correctly. Modems may run at half their listed speed, or even slower if they're in a particularly bad mood. They get even more snailish when you're calling long distance, or you're calling me computer through another through another (to make your call harder to trace back to its source), or if the remote computers are getting heavy usage.
For all of these reasons it's crazy not to get a fast modern. It will make every bit of electronic communication much more enjoyable.
Equipment Computer Hacker
There is only one piece of equipment you need to be a successful computer hacker... a brain. That's right - you don't even need a computer. In fact, you might be better off not having one as you will see later on. However, to start out you will want to have a computer, a modem, and a tele-phone line close by so you can
connect to the out-side.
It's inconsequential what kind of computer it is. What's more important are the modem and the communications software you use with it.
connect to the out-side.
It's inconsequential what kind of computer it is. What's more important are the modem and the communications software you use with it.
Opening Remarks
This book will show you various methods you can use to break into computer systems.
In some ways this is harder to do than it used to be. Nowadays people are more strict, more cautious about security. That's how it seems, anyway. But there are plenty of holes still left in any system's armor. System managers can tighten up computer security as much as they want but there will always be ways to get around their efforts. Remember the first rule of hacking: Whatever a . human mind can achieve, another can also achieve. Whatever one mind can hide, another can discover. People tend to think and act alike, and it is this sameness of thought that you, the hacker, will exploit. What is a hacker? I'm going to give a definition now, and if you don't fit the description I give, you can just close this book and throw it away: A hacker is a person with an intense love of something, be it computers, writing, nature or sports. A hacker is a person who, because he or she has this love, also has a deep curiosity about the subject in question. If a hacker loves computers, then he or she is curious about every aspect of computers. That curiosity extends also to the ways other people use their computers. Hackers have respect for their subject. For a computer hacker that means he respects the ability of computers to put him in contact with a universe of information and other people, and it means he respects those other people and does not intentionally use this knowl-edge of computers to be mischievous or destruc-tive. That sort of thing is for social-outcast junior high school kids. The serious computer hacker simply wants to know everything there is about the world, and the world of computers. The True Computer Hacker is a computer enthusiast and more importantly, a Universe enthusiast. You should already be enthused. Are you ready to learn?
In some ways this is harder to do than it used to be. Nowadays people are more strict, more cautious about security. That's how it seems, anyway. But there are plenty of holes still left in any system's armor. System managers can tighten up computer security as much as they want but there will always be ways to get around their efforts. Remember the first rule of hacking: Whatever a . human mind can achieve, another can also achieve. Whatever one mind can hide, another can discover. People tend to think and act alike, and it is this sameness of thought that you, the hacker, will exploit. What is a hacker? I'm going to give a definition now, and if you don't fit the description I give, you can just close this book and throw it away: A hacker is a person with an intense love of something, be it computers, writing, nature or sports. A hacker is a person who, because he or she has this love, also has a deep curiosity about the subject in question. If a hacker loves computers, then he or she is curious about every aspect of computers. That curiosity extends also to the ways other people use their computers. Hackers have respect for their subject. For a computer hacker that means he respects the ability of computers to put him in contact with a universe of information and other people, and it means he respects those other people and does not intentionally use this knowl-edge of computers to be mischievous or destruc-tive. That sort of thing is for social-outcast junior high school kids. The serious computer hacker simply wants to know everything there is about the world, and the world of computers. The True Computer Hacker is a computer enthusiast and more importantly, a Universe enthusiast. You should already be enthused. Are you ready to learn?
The Basics: Reading vs. Doing
There are two ways to write a book about computer hacking. The first is to write an encyclopedic account of every known system and its dialup numbers, passwords, loopholes, and how to increase one's access once inside. There is nothing particularly wrong with this approach except that by publication time much of the contents will likely be out-dated. And surely, after word leaks to the computer sites of the world the remaining information will be rendered nonfunctional. Such a specific approach, while exciting, is best left to periodicals,
which can keep readers updated on the constantly changing security frontier. Indeed, there are both print and on-line publications which attempt to do just that. The second way to write a book about computer hacking is to write an encyclopedic account of the methods by which security is breached and systems penetrated.
This is a much more agreeable solution to the problem of how to distribute changing information. The readers of such a book can then follow those methods, those algorithms, add some of their own creativity, and will never end up facing a situation drastically different from the ones the text has prepared the hacker to encounter.
Naturally, way-to-write-a-book Number Two is the way this book has been written. At some points during the course of writing this book I've found that to talk about certain information requires knowledge of another aspect of hacking entirely. I tried to keep this book flowing in a logical order, conducive to understanding, but occasionally you will find ripples in the flow. If you come across a term or situation that the book hasn't yet prepared you for, forget about it. You'll learn soon enough. Or look in the glossary you might find the answer you seek there. Computer hacking is a subject which contains a voluminous amount of information. Repeatedly, as I prepared the manuscript, I had to decide whether or not to go into great detail in a particular area, or allow you to discover certain inside tricks on your own. Sometimes I compromised, sometimes I didn't. Some things I left out because they were too scary. When all is said and done, the important part isn't the writing of the book, it's the reading of it, and the actions that result from the reading. Hacking is about doing something, for yourself and on your own. It's not about reading about doing something. I will gladly point you in the right direction, but I won't be your guide once you're on your way. Speaking of books being read, it is often a wonder that they ever do get to that readable finished state at all. Thank you R.S. and j for critiquing selections from this book; thanks to the people at Loompanics for recognizing that the Constitution
does, after all, allow freedom of the press; and to the many hackers and crackers who offered suggestions: Morris, Janet, Sex Pack, Carl Fox and the happy Gang Of Demon Street.
which can keep readers updated on the constantly changing security frontier. Indeed, there are both print and on-line publications which attempt to do just that. The second way to write a book about computer hacking is to write an encyclopedic account of the methods by which security is breached and systems penetrated.
This is a much more agreeable solution to the problem of how to distribute changing information. The readers of such a book can then follow those methods, those algorithms, add some of their own creativity, and will never end up facing a situation drastically different from the ones the text has prepared the hacker to encounter.
Naturally, way-to-write-a-book Number Two is the way this book has been written. At some points during the course of writing this book I've found that to talk about certain information requires knowledge of another aspect of hacking entirely. I tried to keep this book flowing in a logical order, conducive to understanding, but occasionally you will find ripples in the flow. If you come across a term or situation that the book hasn't yet prepared you for, forget about it. You'll learn soon enough. Or look in the glossary you might find the answer you seek there. Computer hacking is a subject which contains a voluminous amount of information. Repeatedly, as I prepared the manuscript, I had to decide whether or not to go into great detail in a particular area, or allow you to discover certain inside tricks on your own. Sometimes I compromised, sometimes I didn't. Some things I left out because they were too scary. When all is said and done, the important part isn't the writing of the book, it's the reading of it, and the actions that result from the reading. Hacking is about doing something, for yourself and on your own. It's not about reading about doing something. I will gladly point you in the right direction, but I won't be your guide once you're on your way. Speaking of books being read, it is often a wonder that they ever do get to that readable finished state at all. Thank you R.S. and j for critiquing selections from this book; thanks to the people at Loompanics for recognizing that the Constitution
does, after all, allow freedom of the press; and to the many hackers and crackers who offered suggestions: Morris, Janet, Sex Pack, Carl Fox and the happy Gang Of Demon Street.
Subscribe to:
Posts (Atom)