The login environment is the area of the remote computer which you are allowed to access before identifying yourself as a valid user of the system. The login environment of most computers is limited to a username and password prompt. Some environments are more expansive, giving a general command prompt, at which you can type any number of instructions. Those instructions won't necessarily be carried out (you probably have to log in first) but they can be helpful.
There are a number of common commands that one can type at a board command prompt, and a list of these is given in Appendix C. Try typing "help" or "T' first, and see if that does anything. A command like "users," "show users," or "who" will be helpful, in that you can see the names of people who are on the system and try to guess their pass-words. The advantage of having certain other conunands may not be as apparent, nor will there necessarily be any advantage at all to the hacker. One good thing about general command prompts is that often one is reverted back to them after failing a login. Thus if three incorrect user-name/passwords are
entered, instead of discon-necting you, the computer will bring you back to the command prompt for another go-round.
When you find yourself at a general command prompt with no help available, try doing different things, paying attention to the error messages you receive. Try entering commands in all upper or all lower case, then mixed cases. Look at the maximum and minimum lengths of commands. See which characters are recognized. All of this is helpful in that it narrows down the number of unknowns. It helps you more easily figure out what you should be doing to get things moving.
If every time you
type "HELP" you get a "Line too long" error, then you know the system is probably looking for three-letter commands. That is useful information.
If you type "CONNECT," and the system re-sponds, "The verb CONNE is not available" it im-plies that only the first five characters of input are examined.
If, on the other hand, your entire entry is examined, advanced help may be available. For ex-ample, if by typing "HELP" you get a list of com-mands, typing "HELP COMMANDNAME" may give you help with that one particular command. Such help systems are common.
Let's look at the actual entering of usemarne and password. Some terminals tell you you're wrong when you enter a bad name, others wait until you've given both name and password to in-form you. The first way is preferable, as it is less se-cure and requires substantially fewer guesses to crack than the latter. The IBM VM/370 was inse-cure in this regard; it immediately informed you that the username was no good with a "userid not in cp directory" error message. One system that I know of (Dynix) follows the same format. First it helpfully prompts for your "Nine digit ID code" (hint, hint, what could that be? A social security number perhaps?) and when the correct one is en-tered, it will say, "Good morning Samantha. Now type your
password." This particular computer allows you to easily break into one of several command languages and reprogram the menu inter-face. It also comes equipped with dial-in ports. Dynix is a joy to hack.
If you get a computer of the second type (one which asks you for name and password before saying if your login is accepted), then time how long it takes to display the password prompt on the screen. This can help you decide if a usemame you're entering is valid or not. Let's say you try the name "Jim," and it takes two
seconds for the computer to respond with the password prompt. Every time you type "Jim," it takes that long. Now try the usemame "Zzzzzzz." This is obviously a madeup name that the computer won't be able to find in its files. If it consistently takes longer for the password prompt to appear after typing the name "Zzzzzzz,"
you know that "Jim" is a valid usemarne, and you .;hould continue guessing passwords for him. That is, on systems where sequential search is in effect, it takes longer for the computer to search for a nonex-istent entry in its data files than an existent entry.
In any case, source codes are often available, espe-cially for UNIX files, and so you can look them up to see how the inner workings of the login prompts function. If you have no idea what kind of username and/or password is required on a particular system, do the same kind of checking you would do at a general
command prompt, checking for which characters and lengths are recognized.
A completely different way you might like to research the login prompt is by control codes. Pressing certain keys, or combinations of keys, delivers codes to a remote computer which may force it to act in ways that it was not meant to behave. For example, you can send an ASCII code to command the remote computer to stop reading a password file. Sometimes it is then possible to quickly retype the password you entered, and make the computer believe it has found your input as part of the password file, thus letting you into the system. Sometimes pressing Control-Z (the end-of-file command) at the right time will bring strange results too. Look up all abbreviations, weird letters and other things that appear on the screen. Any decent library will have an encyclopedia of acronyms. (Any indecent library will have this book.) Very often you will call up a packet switching network, find a valid address, then get something like "Welcome to VHMSD! Password?" on the screen.
So, you do your research and find out that VHMSD stands for Viking Horn Manufacturers of South Dakota, and the whole task of hacking the place be-comes infinitely simpler. Remember, when you are hacking a computer, you are really hacking the people that run the computer. Thus, if you can find out who is running
the show, you have a multitude of resources at your disposal, including all the research tools mentioned earlier. Otherwise you're just taking random stabs at a computer identified only by some strange abbreviation.
Showing posts with label Chapter 9. Show all posts
Showing posts with label Chapter 9. Show all posts
Thursday, 15 December 2011
Hacking At Home: Dial-Up Security Measures
Some security directors get themselves into a bind. They recognize the important value of having direct dial-up lines for easy access, but they also understand that anytime a person is able to call a computer directly, a security breach is not only possible - it's unstoppable.
To overcome this, security-minded folk will not allow direct dial-up access to the real computers. They will only allow access to an intermediary de-vice or computer which firewalls important data from potential hackers.
For example, one may dial-up a computer whose purpose is only to check authorization codes. When access is confirmed, the caller is trans-ferred to a line connected to the actual computer. There, the caller may have to identify his or her private account by username and password. As long as the password to the initial
computer is kept secure and changed frequently, the important data on the actual computer is free from harm.
In states where Caller-ID service is legal (and even in those states where it is not, or isn't avail-able) it is possible to set up a modem to only hand-shake with a user who is calling from an authorized phone number. The system administrator keeps a list of the home phone numbers and office numbers of legitimate users, and if the computer sees that the incoming call is not from one of those, there is an immediate disconnect. The call would also be disconnected if the caller had enabled Call-Blocking, which disallows the Caller-ID from reading one's phone number.
Where Caller-ID is unavailable or unknown, a ring-back feature may be put to use. Once a caller inputs correct identifying information, the host computer disconnects and calls back a stored tele-phone number which goes with the identity that has been entered. This is the normal way ring-back works, but in some instances (such as the RBBS-PC electronic bulletin board system) the ring-back op-tion means that a caller lets the phone ring X times, then hangs up and calls back again. This time the BBS will answer the phone. If the caller had origi-nally let the phone ring more than X times, the computer would have ignored the call completely, thus providing a layer of security. So if you have a number you know belongs to a computer, but there is no answer, try letting it ring a different number of times, then call back immediately.
A host computer may also not connect a caller until a certain code is played on a Touch Tone phone. Since the code would ordinarily be played by the terminal program of the calling computer, this code may be very long and complicated, thus difficult to crack by chance or force.
As you can see, all of these dial-up security measures make life difficult for the hacker. One may social engineer the knowledge out of a legiti-mate user of the system, but often the hacker won't even know that such extreme security measures are in effect to begin with.
You may be randomly dialing through a range of phone numbers because you have reason to sus-pect that a computer line exists within that range. If one of the numbers is never answered no matter how often you call, you can surmise a ringback or similar device is connected to the other end. If you call one number and
hear a computer at the other end but aren't connected, suspect that the computer is looking at your phone number and seeing if it's valid.<A knowledgeable hacker could temporarily change his phone number to one that the computer recognizes, by hacking the telephone system mainframes. However, it is still necessary to
know that phone number.> (Either that, or what you're really trying to connect to is a fax machine.) Caller-11)
type sys-tems, and those which call back a phone number, will be especially common on computer systems whose users are situated within a close regional area. The remote system may also be trying to de-tect special tones encoded in the modulation. Though it is a dial-in line, special equipment may be needed to connect with it.
Sometimes the system managers get so tricky as to disguise the fact that they have a dial-up com-puter available at all. When a user calls up to use the computer, a special device answers the phone. Instead of hearing the characteristic modem noises, a user might get a recorded voice, static, or nothing at all until a specific password is sent from the calling modem to the remote system. You can see how this would easily foil any WarGames dialer.
AD in all, devices which inhibit access to the ac-tual computer are nothing more than one more layer of security to get by. Luckily, the majority of computers do not employ such tactics, and are easier to crack than a hard boiled egg.
To overcome this, security-minded folk will not allow direct dial-up access to the real computers. They will only allow access to an intermediary de-vice or computer which firewalls important data from potential hackers.
For example, one may dial-up a computer whose purpose is only to check authorization codes. When access is confirmed, the caller is trans-ferred to a line connected to the actual computer. There, the caller may have to identify his or her private account by username and password. As long as the password to the initial
computer is kept secure and changed frequently, the important data on the actual computer is free from harm.
In states where Caller-ID service is legal (and even in those states where it is not, or isn't avail-able) it is possible to set up a modem to only hand-shake with a user who is calling from an authorized phone number. The system administrator keeps a list of the home phone numbers and office numbers of legitimate users, and if the computer sees that the incoming call is not from one of those, there is an immediate disconnect. The call would also be disconnected if the caller had enabled Call-Blocking, which disallows the Caller-ID from reading one's phone number.
Where Caller-ID is unavailable or unknown, a ring-back feature may be put to use. Once a caller inputs correct identifying information, the host computer disconnects and calls back a stored tele-phone number which goes with the identity that has been entered. This is the normal way ring-back works, but in some instances (such as the RBBS-PC electronic bulletin board system) the ring-back op-tion means that a caller lets the phone ring X times, then hangs up and calls back again. This time the BBS will answer the phone. If the caller had origi-nally let the phone ring more than X times, the computer would have ignored the call completely, thus providing a layer of security. So if you have a number you know belongs to a computer, but there is no answer, try letting it ring a different number of times, then call back immediately.
A host computer may also not connect a caller until a certain code is played on a Touch Tone phone. Since the code would ordinarily be played by the terminal program of the calling computer, this code may be very long and complicated, thus difficult to crack by chance or force.
As you can see, all of these dial-up security measures make life difficult for the hacker. One may social engineer the knowledge out of a legiti-mate user of the system, but often the hacker won't even know that such extreme security measures are in effect to begin with.
You may be randomly dialing through a range of phone numbers because you have reason to sus-pect that a computer line exists within that range. If one of the numbers is never answered no matter how often you call, you can surmise a ringback or similar device is connected to the other end. If you call one number and
hear a computer at the other end but aren't connected, suspect that the computer is looking at your phone number and seeing if it's valid.<A knowledgeable hacker could temporarily change his phone number to one that the computer recognizes, by hacking the telephone system mainframes. However, it is still necessary to
know that phone number.> (Either that, or what you're really trying to connect to is a fax machine.) Caller-11)
type sys-tems, and those which call back a phone number, will be especially common on computer systems whose users are situated within a close regional area. The remote system may also be trying to de-tect special tones encoded in the modulation. Though it is a dial-in line, special equipment may be needed to connect with it.
Sometimes the system managers get so tricky as to disguise the fact that they have a dial-up com-puter available at all. When a user calls up to use the computer, a special device answers the phone. Instead of hearing the characteristic modem noises, a user might get a recorded voice, static, or nothing at all until a specific password is sent from the calling modem to the remote system. You can see how this would easily foil any WarGames dialer.
AD in all, devices which inhibit access to the ac-tual computer are nothing more than one more layer of security to get by. Luckily, the majority of computers do not employ such tactics, and are easier to crack than a hard boiled egg.
Hacking At Home: Finding Dial-Up Numbers
To "direct connect" with computers, you will need their phone numbers. Very often you can call up a company and ask the switchboard operator for the computer department and/or computer lines. If that doesn't work, try calling individual offices at the firm and ask if they know how to access the company computer from their home computers. If they don't know the phone numbers, perhaps they have a terminal program on their office com-puter which has the phone number stored for use.
Phone books are a big help. First there are the internal kind: companies and other organizations will have a directory of people who work there, with their extension numbers. Internal directories might also be of the kind that list numbers for the different departments; some go so far as to list home phone numbers and
addresses of the people who work there. Names can be used to pretend familiarity with the people you speak to when you call. But you won't even have to call and ask for dial-up lines if those numbers are listed in the di-rectory.
A second useful source is phone company data grade line directories....
When a person speaks on the telephone, it doesn't matter if every once in a while the voice on the other end gets a bit fuzzy, or if the tone gets momentarily higher or lower. When you're trans-ferring data between computers, however, audio noise can be a problem. So the telephone company has special lines which offices can install (for a price) to ease the flow of data between telecom-munications devices such as moderns. If you can et a data grade line telephone book, you will have 9 found a huge and wonderful collection of computer phone numbers (and fax numbers too). Many hack-ers get theirs by scavenging.
The third way phone books can be helpful is by looking in the public white pages and yellow pages that every phone owner gets for free. Large corn-Panies will own big blocks of telephone numbers, with each office or extension being one digit differ-ent from the preceding one. To call the different departments at Company J,
you would dial 390-WXYZ. The 390 stays the same for every de-partment, but the last four digits change for each phone line. So turn on your computer and type up a text file listing every occurrence of those last four digits you see listed for that company in the phone book. Then sort the list and try calling everything in that
exchange that is not on your list.
It can be helpful to use a criss-cross directory for this task. Criss-cross directories are sorted by number, not name, so if you know that Company J's numbers fall into the 390- range, using such a direc-tory you will have an even bigger list of numbers to avoid. This makes the job of calling every potential number much quicker and easier.
Software is available to repeatedly dial up a se-ries of phone numbers, reporting on whether a mo-dem is connected. These programs, often available on hacker and cracker BBSs, are known by many names: "WarGames Dialers," "autodialers," or "demon dialers." If you can't find such a program, write one for yourself; it's simple to do and will cost you only a few hours of time.
Once you have your autodialer, be very careful how you use it. The phone company security patrol knows what you're doing when you make that many calls that quickly, and with such precision. I've often thought it would be a good idea to com-bine one of those computerized telemarketer ma-chines with an autodialer. That way everything looks legit: if a person picks up, they get a short re-corded message: if a modem picks up, they get a callback later.
Phone books are a big help. First there are the internal kind: companies and other organizations will have a directory of people who work there, with their extension numbers. Internal directories might also be of the kind that list numbers for the different departments; some go so far as to list home phone numbers and
addresses of the people who work there. Names can be used to pretend familiarity with the people you speak to when you call. But you won't even have to call and ask for dial-up lines if those numbers are listed in the di-rectory.
A second useful source is phone company data grade line directories....
When a person speaks on the telephone, it doesn't matter if every once in a while the voice on the other end gets a bit fuzzy, or if the tone gets momentarily higher or lower. When you're trans-ferring data between computers, however, audio noise can be a problem. So the telephone company has special lines which offices can install (for a price) to ease the flow of data between telecom-munications devices such as moderns. If you can et a data grade line telephone book, you will have 9 found a huge and wonderful collection of computer phone numbers (and fax numbers too). Many hack-ers get theirs by scavenging.
The third way phone books can be helpful is by looking in the public white pages and yellow pages that every phone owner gets for free. Large corn-Panies will own big blocks of telephone numbers, with each office or extension being one digit differ-ent from the preceding one. To call the different departments at Company J,
you would dial 390-WXYZ. The 390 stays the same for every de-partment, but the last four digits change for each phone line. So turn on your computer and type up a text file listing every occurrence of those last four digits you see listed for that company in the phone book. Then sort the list and try calling everything in that
exchange that is not on your list.
It can be helpful to use a criss-cross directory for this task. Criss-cross directories are sorted by number, not name, so if you know that Company J's numbers fall into the 390- range, using such a direc-tory you will have an even bigger list of numbers to avoid. This makes the job of calling every potential number much quicker and easier.
Software is available to repeatedly dial up a se-ries of phone numbers, reporting on whether a mo-dem is connected. These programs, often available on hacker and cracker BBSs, are known by many names: "WarGames Dialers," "autodialers," or "demon dialers." If you can't find such a program, write one for yourself; it's simple to do and will cost you only a few hours of time.
Once you have your autodialer, be very careful how you use it. The phone company security patrol knows what you're doing when you make that many calls that quickly, and with such precision. I've often thought it would be a good idea to com-bine one of those computerized telemarketer ma-chines with an autodialer. That way everything looks legit: if a person picks up, they get a short re-corded message: if a modem picks up, they get a callback later.
Hacking At Home: Packet Switched Networks
There are corporations an government agen-cies all across the country that have computers you will want to get your hands into. But you're not going to want to get your hands into your wallet to pay for all those long distance calls. The solution? Public Data Networks (PDNs).
A PDN is a network of hundreds of computers scattered nationwide. You call up one local to you, then type the address of the computer system you want to connect with. The "address" is usually something like a phone number. When you enter a valid address, the login display for the desired sys-tem will appear. You are then
able to interact with the system as if you were directly connected to it, when in reality everything you type is being bro-ken down into chunks of text (packets), possibly compressed and encoded, then shipped across the country, from one computer to the next, until it reaches its destination.
There may be hundreds of other sessions going on simultaneously from points throughout the net-work, as thousands of users interact with the many computers on the net. Sending messages this way is known as packet switching. The intermediate computers that do all the work are called PADs, or Packet
Assembler/Disassemblers, because they take incoming packets of data, strip away the en-coded insulation which tells that PAD where the packet is headed, then reassemble the data with new directional
information, sending it further along the route.
Hackers take great glee in connecting with a PDN. Once there, a hacker can try out various ad-dresses at random. In a matter of minutes, he will find himself with a wide variety of login prompts to crack, all made through a local phone call. The most well-known PDNs are Telenet and Tymnet, and there are also
international packet networks, and networks in other countries as well. Generally you can call any one of these services to get a list of PADs in your area you can dial in to.
Other Networks
The only other network that counts is the Internet.
Internet is an international network of net-works. There are academic networks, government networks, businesses and organizations throughout the world, all connected together (by PDNs) to ex-change ideas, software, technologies, gossip and guacarnole recipes.
Before Internet there was ARPANET, a military network which has since been replaced by MILNET (a well-guarded network of United States military sites) and other smaller networks used by the US military. Altogether, these make up DDN, the De-fense Data Network. DDN is now just one of many networks participating in the Internet.
Others include the National Science Foundation NETwork (NSFNET), which includes supercom-puter centers and other research sites funded by the NSF. CSNET is a network established to encourage cooperation between sites doing development work in computer science. JANET is the United Kingdom network, one of many national networks around the world that is bridged with the Internet. Internet is
truly a global community.
Some of the pay-for-play services offer access to the Internet. Many university computer accounts are connected to it. Basically, having an "in" with the Internet allows one to travel around the world and back without leaving your armchair. We were talking before about packet switched network addresses. An Internet address is a series of code words punctuated with periods, and refers to one particular computer in the millions that make up the Internet. A typical Internet address might be "danielk@cs.zowie4.uboulder.edu." We can deduce that at the University of Boulder there is a computer in the computer science department
called zowie4, and on that computer there is a per-son whose first name is Daniel, and last name be-gins with K. The "edu" is a standard thing stuck at the end of educational computer addresses. Other identifying components used are:
COM for commercial sites,
MIL for military sites,
GOV referring to governmental organizations,
ORG for non-profit organizations, and
NET meaning Internet administrator sites.
An Internet address may also end in a two-character country abbreviation. Some exam-ples of these are:
AUAUstralia
IL Israel,
US United States
JP Japan
UK United Kingdom
DE Germany (tricky! DE is for DEutschland).
A PDN is a network of hundreds of computers scattered nationwide. You call up one local to you, then type the address of the computer system you want to connect with. The "address" is usually something like a phone number. When you enter a valid address, the login display for the desired sys-tem will appear. You are then
able to interact with the system as if you were directly connected to it, when in reality everything you type is being bro-ken down into chunks of text (packets), possibly compressed and encoded, then shipped across the country, from one computer to the next, until it reaches its destination.
There may be hundreds of other sessions going on simultaneously from points throughout the net-work, as thousands of users interact with the many computers on the net. Sending messages this way is known as packet switching. The intermediate computers that do all the work are called PADs, or Packet
Assembler/Disassemblers, because they take incoming packets of data, strip away the en-coded insulation which tells that PAD where the packet is headed, then reassemble the data with new directional
information, sending it further along the route.
Hackers take great glee in connecting with a PDN. Once there, a hacker can try out various ad-dresses at random. In a matter of minutes, he will find himself with a wide variety of login prompts to crack, all made through a local phone call. The most well-known PDNs are Telenet and Tymnet, and there are also
international packet networks, and networks in other countries as well. Generally you can call any one of these services to get a list of PADs in your area you can dial in to.
Other Networks
The only other network that counts is the Internet.
Internet is an international network of net-works. There are academic networks, government networks, businesses and organizations throughout the world, all connected together (by PDNs) to ex-change ideas, software, technologies, gossip and guacarnole recipes.
Before Internet there was ARPANET, a military network which has since been replaced by MILNET (a well-guarded network of United States military sites) and other smaller networks used by the US military. Altogether, these make up DDN, the De-fense Data Network. DDN is now just one of many networks participating in the Internet.
Others include the National Science Foundation NETwork (NSFNET), which includes supercom-puter centers and other research sites funded by the NSF. CSNET is a network established to encourage cooperation between sites doing development work in computer science. JANET is the United Kingdom network, one of many national networks around the world that is bridged with the Internet. Internet is
truly a global community.
Some of the pay-for-play services offer access to the Internet. Many university computer accounts are connected to it. Basically, having an "in" with the Internet allows one to travel around the world and back without leaving your armchair. We were talking before about packet switched network addresses. An Internet address is a series of code words punctuated with periods, and refers to one particular computer in the millions that make up the Internet. A typical Internet address might be "danielk@cs.zowie4.uboulder.edu." We can deduce that at the University of Boulder there is a computer in the computer science department
called zowie4, and on that computer there is a per-son whose first name is Daniel, and last name be-gins with K. The "edu" is a standard thing stuck at the end of educational computer addresses. Other identifying components used are:
COM for commercial sites,
MIL for military sites,
GOV referring to governmental organizations,
ORG for non-profit organizations, and
NET meaning Internet administrator sites.
An Internet address may also end in a two-character country abbreviation. Some exam-ples of these are:
AUAUstralia
IL Israel,
US United States
JP Japan
UK United Kingdom
DE Germany (tricky! DE is for DEutschland).
Hacking At Home: Reality
When I say "Hacking at Home" I don't really mean it. Most computer hackers nowadays won't hack from their houses for fear of Caller ID, line tracers, tricks, traps and federal agents. When I say "Hacking at Home," what I'm really referring to is the phenomenon of dial-in lines. Ways in which, if you are so inclined, without even leaving your house, you can connect yourself with the world.
Who can you expect to connect to, calling from home? Lots of places. There are other home com-puters,
mainframes, minicomputers, companies, government offices, clubs - you will be able to call any organization or individual who owns a computer, and has need to communicate via computer with other entities.
You might also find yourself calling on-line databases and pay-for-play services.
A hacker named Rebel was recently telling me how enthralled he was with CompuServe, except for one aspect - the stiff price one pays for using the service. For this reason, CompuServe is often known as Compu$erve, with an oversized dollar sign replacing the S. CompuServe is not the only vendor charging the public a fortune to pay back their huge advertising budget. There are literally hundreds of on-line services to which one may sub-scribe, or hack one's way in if that's more your style.
Databases are available to look up any sort of data: census data, news, stock market information, results of government research, science and tech-nology reports, books, personal information, his-tory, and popular culture. There have been times late at night when I needed one crucial piece of in-formation for something I was writing, or just to satisfy my curiosity. Anybody can access one of these databases and find what he or she needs any time of the day or night. Of course, we must be prepared to pay through the nose. There is usually a charge to subscribe to the service, then there may be any number of the following charges:
A display charge for each piece of data pre-sented on the screen, or a search charge for each query made to the database. Minute-by-minute charges as long as you stay connected to their computers. High-speed surcharge for using a faster modem (thus gaining the ability to grab more info per minute).
Long distance phone charges if the service doesn't have an access number in your local-dialing area.
Many hackers refuse to pay the inflated bills these services can run up, though they also refuse to give up the service, particularly when so many special and useful features can be gained by dialing in. On-line gaming, electronic mail, multiple-user chatting, bulletin boards<Many of the fee-based services which offer bulletin boards even have a message base or two devoted to hacking.>and a plethora of other goodies make the services attractive to the hacker. The many ways to get past paying for them are also very attractive.
You will find many ideas through-out this book.
You'll be interested to hear about one trick a pair of high-school-age New Jersey crackers used to get some service for free. One brand of personal computer was being sold in a special package that included several pieces of software, along with a trial membership to one of the on-line services. They hacked the system of one of the stores that sold the computers and obtained a list of customers who had bought it. Many of those customers were individual people or families, but a good number of the computers had been bought by stores and busi-nesses. They went to these businesses and snuck around in their back rooms and offices. Sure
enough, pushed aside on bookshelves, unopened and untouched, lay the envelope that included the "Getting Started With StarBase On-line" manual and trial access codes that had been included with the computer. They helped themselves.
Who To Connect To
Who can you expect to connect to, calling from home? Lots of places. There are other home com-puters,
mainframes, minicomputers, companies, government offices, clubs - you will be able to call any organization or individual who owns a computer, and has need to communicate via computer with other entities.
You might also find yourself calling on-line databases and pay-for-play services.
Paying For The Pleasure
A hacker named Rebel was recently telling me how enthralled he was with CompuServe, except for one aspect - the stiff price one pays for using the service. For this reason, CompuServe is often known as Compu$erve, with an oversized dollar sign replacing the S. CompuServe is not the only vendor charging the public a fortune to pay back their huge advertising budget. There are literally hundreds of on-line services to which one may sub-scribe, or hack one's way in if that's more your style.
Databases are available to look up any sort of data: census data, news, stock market information, results of government research, science and tech-nology reports, books, personal information, his-tory, and popular culture. There have been times late at night when I needed one crucial piece of in-formation for something I was writing, or just to satisfy my curiosity. Anybody can access one of these databases and find what he or she needs any time of the day or night. Of course, we must be prepared to pay through the nose. There is usually a charge to subscribe to the service, then there may be any number of the following charges:
A display charge for each piece of data pre-sented on the screen, or a search charge for each query made to the database. Minute-by-minute charges as long as you stay connected to their computers. High-speed surcharge for using a faster modem (thus gaining the ability to grab more info per minute).
Long distance phone charges if the service doesn't have an access number in your local-dialing area.
Many hackers refuse to pay the inflated bills these services can run up, though they also refuse to give up the service, particularly when so many special and useful features can be gained by dialing in. On-line gaming, electronic mail, multiple-user chatting, bulletin boards<Many of the fee-based services which offer bulletin boards even have a message base or two devoted to hacking.>and a plethora of other goodies make the services attractive to the hacker. The many ways to get past paying for them are also very attractive.
You will find many ideas through-out this book.
You'll be interested to hear about one trick a pair of high-school-age New Jersey crackers used to get some service for free. One brand of personal computer was being sold in a special package that included several pieces of software, along with a trial membership to one of the on-line services. They hacked the system of one of the stores that sold the computers and obtained a list of customers who had bought it. Many of those customers were individual people or families, but a good number of the computers had been bought by stores and busi-nesses. They went to these businesses and snuck around in their back rooms and offices. Sure
enough, pushed aside on bookshelves, unopened and untouched, lay the envelope that included the "Getting Started With StarBase On-line" manual and trial access codes that had been included with the computer. They helped themselves.
Hacking At Home: Dialing Up ComputersWith Your Modem
Now we get to the stuff of which dreams are made. You flick the switch on your computer and a few moments later it's purring away.
You press a few keys, type in a phone number and after some beeps you hear the wonderful shriek of connection. The handshaking is fine, but you're looking for a lot more than a handshake.
You press Enter a few times.
"What's your name?" it asks. You respond - not with your own name of course - with someone else's.
Then you let your fingers whisper that sweet secret word through the keyboard and the screen lights up with a luscious display.
Menus! Options! Choices to be made! Files to read and to learn from, software to run, games to play. You let the directories sift past you, letting yourself be mesmerized by their framework. So much to do, and then you see connections to other sites, and more sites, and more secret files to read! You smile as you realize
something: every hack, no matter its size, leads to new hacks, new computers, new horizons of exploration and gain.
You press a few keys, type in a phone number and after some beeps you hear the wonderful shriek of connection. The handshaking is fine, but you're looking for a lot more than a handshake.
You press Enter a few times.
"What's your name?" it asks. You respond - not with your own name of course - with someone else's.
Then you let your fingers whisper that sweet secret word through the keyboard and the screen lights up with a luscious display.
Menus! Options! Choices to be made! Files to read and to learn from, software to run, games to play. You let the directories sift past you, letting yourself be mesmerized by their framework. So much to do, and then you see connections to other sites, and more sites, and more secret files to read! You smile as you realize
something: every hack, no matter its size, leads to new hacks, new computers, new horizons of exploration and gain.
Subscribe to:
Posts (Atom)