0 ratings0% found this document useful (0 votes)
117 views224 pagesSecrets of A Super Hacker
Uploaded by
joe silverCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0 ratings0% found this document useful (0 votes)
117 views224 pagesSecrets of A Super Hacker
Uploaded by
joe silverCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
. aa a a Pec SEL a cen eel ele
SECRETS
~ ¢ introduction by Gareth Branwyn.
Sound Bytes from Reviews of
Secrets of a Super Hacker
"Secrets of a Super Hacker is a fascinating hacker cookbook that reveals the ease of penetrating even the
‘most stalwart computer system.”
—The San Francisco Chronicle
“Not often do the contents of a book match its cover hype, but here is one book that comes closer than most.
Secrets of a Super Hacker, by The Knightmare, is billed as ‘every security manager's worst nightmare.’ It
does, indeed, descend into the realm of security managers’ darkest fears.”
—Infosecurity News
* step-by-step instructions in meaningful hacking [using] a personal computer."
— Booklist
"Excellent. This work will appeal to many, especially business professionals as the networks and e-mail
become more commonplace.”
—The Reader's Review
"..the most specific, detailed, general-purpose guide to electronic shenanigans I've seen. Recommended.”
—Reading for Pleasure
“All 205 pages are loaded with clear, concise, and very devious information. It is well-written, sprinkled
with wit and the Knightmare's own personal experiences.”
—Selected Book Reviews
“Sysops may find it necessary to read this one, especially if their callers read it first.”
— BBS Magazine
“It’s readable, interesting, informative, balanced, and accurate, with a nice spirit of fun and swashbuckling!"
— on alt.books.reviews
"Secrets of a Super Hacker...should be read by anyone who has the crazy notion that his data is safe."
— ComputerWorld
Secrets of a
Super Hacker
by The Knightmare
Loompanics Unlimited
Port Townsend, Washington
Contents
Introduction: Hackers: Heroes or Villians?, by Gareth Branwyn
PART ONE
Before Hack
Chapter One: The Basics.
Reading vs. Doing # Opening Remarks @ Equipment # Pp
Software ¢ Handy Features ¢ Data Capture Past and Future # Days of Yore Live On ¢ Computer
Crime @ Stealing Money # Sabotage @ Various Thieveries ¢ The Seventh Crime # Hacker
Motivations
Chapter Two: The History Of Hacking....
First Came Hardware ¢ YIPL and TAP + Computer Crime ¢ 2600 # WarGames and Phrack ¢ Shadow
Hawk # The Electronic Frontier Foundation
Chapter Three: Researching The Hack
‘Targeting + Collecting Information # Some Unusual Research Methods # On-line Computer Simu-
lators and Tutorials ¢ Sorting Through Trash ¢ GIRK # Found Disk Analysis ¢ Check Up # Dam-
age to One Side # Rips and Tears Imperfections # Examining Screenshots # Snooping
Chapter Four: Passwords And Access Control 35
Passwords # Passwords Supplied by the User # Possible Password Investigation # Password Stud-
ies # Password Restraints ¢ Computer Generated Passwords: Fakery and Analysis of Machine-
Generated Passwords # Non-Random Machine-Generated Passwords ¢ Programs are People Too #
Brute Force Methods ¢ Foiling the Brute Force Assault # Conclusion
Chapter Five: Social Engineering .. 49
The Noble Form # Hacker as Neophyte # Hacker in Power * Hacker as Helper # Peak Hours ¢
Other Hints # Sample Social Engineering Situations @ Miscellaneous Social Engineering Tips #
Other Roles # In-Person Engineering # Written Engineering # Request for Information Message
From God ¢ Trouble in Paradise?
Chapter Six: Reverse Social Engineering.
‘Overcoming Social Engineering Draw!
Case Study: The Translation Table # Solving the Sabotage # RSE Advertising Methods Trouble for
Nothing?
PARTTWO
During Hack
Chapter Seven: Public Access Computers And Terminals
Introduction to the Three Kinds ¢ CD-ROM Databases an mput
Terminals (PATS) # The Bar Code Hack « Hidden Commands « College PATS © Doing it the E-Z
Way ¢ Shoulder Surfing ¢ Doing it BASICally # Hardware Methods @ General Purpose
Microcomputers # Breaking Free ¢ Freedom Means Free Roaming ¢ PACK ¢ Menu Simulation and
Other Sneakiness # Hiding Your Goody Basket ¢ Things to Watch Out For
‘Chapter Eight: On-Site Hacking: The Trespasser-Hacker.. 89
Closed-Cireuit Television # Biometric Systems Always a Way @ Acting for the On-Site Hack #
Piggybacking # Other Successful Tricks & Antics Electronic Passive Computing ¢ Radiation
Comprehension # Van Eck and Britton ¢ Ups and Downs
‘Chapter Nine: Hacking At Home: Dialing Up Computers With Your Modem. 99
Reality ¢ Who to Connect to @ Paying for the Pleasure @ Packet Switched Networks # Other Net-
works Finding Dial-Up Numbers # Dial-Up Security Measures @ Scrutinize the Login Environ-
ment
‘Chapter Ten: Electronic Bulletin Board Systems 105
Finding BBS Numbers # Finding Hacker Boards # Making Connections # BBS Features BBS Ex-
ploitation # Getting to Know You # Bypassing BBS Security ¢ Running a BBS ¢ Midnight Masquer-
ade # Hackmail ¢ Crashing BBSs # Trojan Horses ¢ Covering Up Trojan Horse Activity ¢ While it
is Running ¢ Before & After # A Few Tips for the Do-It-Yourselfer
119
Chapter Eleven: Borderline Hacking
Hacking for Ca$h ¢ Filthy Tricks ¢ Bribery ¢ Booze and Broads # Bad Feelings
Chapter Twelve: What To Do When Inside 123
Hacker Motivations Revisited # Operating Systems ¢ Looking Around ¢ Commands to Look For
and to Use ¢ File Transfer Protocol (FTP) Fun 'N Games # The User Network @ Becoming a
Superuser # Spoofing # Cryptography and DES ¢ Bit by Bit Program Employment # Viruses #
Covert Channels ¢ Get Out of Jail Free # Returning to the Scene Mission Accomplished... Almost!
PART THREE
After Hack
‘Chapter Thirteen: This Lawful Land
State Computer Crime Laws @ Traditional State Crime Laws # Criminal Mischief ¢ Burglary ¢
Fraud ¢ Larceny # Theft of Trade Secrets ¢ Receipt of Stolen Property # Theft of Services or Labor
Under False Pretenses # Interference With Use Statutes ¢ Traditional Federal Crime Laws #
Conspiracy # 661, 2113, 641, 912, 1343, 1361, Etc. # Federal Computer Crime Laws, Or: It’s 10:30, Do
‘They Know Where the Hackers Are? ¢ Conclusion
Chapter Fourteen: Hacker Security: How To Keep From Getting Caught 145
In Researching In Social Engineering # Dialing In ¢ Laptop Hints # Your On-the-Road Kit
System Tiptoeing # Lessons From the Hospital ¢ BBS Protection ¢ Other On-line Security Steps #
Security Logs @ In Public and On-Site ¢ While Off-Line: Minimizing Losses ¢ Maintaining Your
Computer ¢ Keeping Your Other Stuff Conclusion: How to Get Caught
Chapter Fifteen: Conclusion. 161
‘The Hacker's Ethic ¢ My Code of Ethics ¢ Combining Principles ¢ My One-Person Tiger Team @
Principles Combined ¢ Concluding Thoughts ¢ Some Thoughts to the Concerned Administrator @
Some Thoughts to the Concerned Hacker
169
173
APPENDICES
185
Appendix A: Explanation of Some ASCII Codes.
Appendix B: Common Defaults...
Appendix C: Common Commands . 191
Appendix D: Novice Word List. 193
Appendix E: Job-Related Word List
Appendix F: Technical Word List.
Appendix G: Social Security Number Listing and ICAO Alphabet.
Appendix H: Additional R/SE Role Playing Situations ..
7 ittodiietion: Hackers: Heroes or Villains? i
Introduction:
Hackers: Heroes or Villains?
by Gareth Branwyn
Hacking in the Village
“Where am I?"
“In the Village.”
"What do you want?"
“Information.”
“Whose side are you on?”
"That would be telling. We want... information...
information... information
“Well you won't get it.”
“By hook or by crook, we will!”
Remember the '60s TV show The Prisoner? Cre-
ated by and starring Patrick McGoohan, this sur-
realist. series was’ basically a platform for
‘McGoohan to explore his own fears of modern sur-
veillance/spy technology, behavioral engineering,
and society's increasing ability to control people
through pacifying pleasures. He was convinced
that all this might soon mean the obliteration of the
individual (expressed in the defiant opening shout:
“I am not a number, I am a free man!").
McGoohan's #6 character became a symbol of the
lone individual's right to remain an individual
rather than a numbered cog in the chuigging ma-
chinery of the State. McGoohan, a Luddite to be
sure, despised even the TV technology that brought
his libertarian tale to the masses. He saw no escape
from the mushrooming techno-armed State short of,
out-and-out violent revolution (it was, after all, the
“60s!). As prescient as The Prisoner series proved to
be in some regards, McGoohan failed to see how
individuals armed with the same tech as their
warders could fight back. The #6 character himself
comes close to revealing this in a number of epi-
sodes, as he uses his will, his ingenuity, and his
own spy skills to re-route #2's attempts to rob him
of his individuality.
One doesn’t have to stretch too far to see the
connection between The Prisoner and the subject at
hand: hacking. With all the social engineering, spy
skills, and street tech knowledge that #6 possessed,
he lacked one important thing: access to the higher
tech that enslaved him and the other hapless vil-
lage residents. Today's techno-warriors are much
better equipped to hack the powers that be for
whatever personal, social or political gains.
In the last two-part episode of the series, #6 fi-
nally reveals why he quit his intelligence job: "Too
many people know too much.” Again, this ex-
presses McGoohan's fear that the powers that be
were holding the goods on him and everyone else
who was bucking the status quo at that time. He
probably didn't mean “people” as much as he
meant "governments." It is this fact, that "too many
Igovernments/megacorps/special interest groups}
know too much" that has provided an imporiant
motivation to many contemporary hackers and has
fueled the rampant techno-romantic myths of the
hacker as a freedom of information warrior.
Let's look at a number of the mythic images of
the hacker that have arisen in the past decade and
explore the reality that they both reflect and distort:
The Hacker as
Independent Scientist
The first image of hackerdom to emerge in the
“60s and '70s was of the benevolent computer sci-
ence student pushing the limits of computer tech-
nology and his/her own intellect. Computer labs at
MIT, Berkeley, Stanford and many other schools
hummed through the night as budding brainiacs
sat mesmerized by the promise of life on the other
side of a glowing computer screen. These early
hackers quickly developed a set of ethics that cen-
tered around the pursuit of pure knowledge and
the idea that hackers should share all of their in-
formation and brilliant hacks with each other. Ste-
ven Levy summarizes this ethic in his 1984 book
Hackers:
“To a hacker a closed door is an insult, and a
locked door is an outrage. just as information
should be clearly and elegantly transported within
the computer, and just as software should be freely
disseminated, hackers believed people should be
allowed access to files or tools which might pro-
mote the hacker quest to find out and improve the
way the world works. When a hacker needed some-
thing fo help him create, explore, or fix, he did not
bother with such ridiculous concepts as property
rights.
While this ethic continues to inform many
hackers, including the author of the book you are
holding, it has become more difficult for many to
purely embrace, as the once-innocent and largely
sheltered world of hackerdom has opened up onto
a vast geography of data continents with spoils be-
oe]
yond measure, tempting even the most principled
hackers. The Knightmare weaves his way in and
out of these ethical issues throughout Secrets of a
Super Hacker.
The Hacker as
Cowboy
The cowboy has always served as a potent
American myth of individuality and survivalism in.
the face of a harsh and lawless frontier. It is no ac-
cident that William Gibson chose cowboy meta-
phors for his groundbreaking cyberpunk novel
‘Neuromancer (1984). Case and the other “console
cowboys" in the novel ride a cybernetic range as
data rustlers for hire, ultimately sad and alone in
their harsh nomadic world. They are both loner he-
oes and bad-assed predators of the law-abiding
cyber-citizenry they burn in their wake. I don't
think I need to tell readers here what impact Gib-
son's fictional world has had on fueling hacker fan-
tasies or what potent similarities exist between
Gibson's world and our own.
Like the cowboy tales of the wild west, the
myth of the hacker as cowboy is undoubtedly more
image over substance (as are most of the myths we
will explore here), but there are some important
kernels of truth: a) hackers are often loners, b) there
are many nomadic and mercenary aspects to the
burgeoning cyberspace of the 1990s, and c) it is a
wide-open and lawless territory where the distinc-
tions between good and bad, following the law and
forging a new one, and issues of free access and
property rights are all up for grabs (remember the
Indians?). Not surprisingly, Electronic Frontier
Foundation co-founder John Perry Barlow (a
‘Wyoming cattle rancher himself) chose frontier
metaphors when he wrote his landmark essay
"Crime and Puzzlement" (Whole Earth Review, Fall
1990). The first section of this lengthy essay that
lead to the birth of the EFF was entitled,
“Desperadoes of the DataSphere.”
The Hacker as
Techno-Terrorist
When I was a budding revolutionary in the
70s, with my Abbie Hoffman and Jimi Hendrix
ae
“Introduction: Hackers! Heroes or Villains? ib
posters and my cache of middle class weapons (.22
caliber rifles, .12 gauge shotgun, hunting bows), I,
like McGoohan, was gearing up for the Big Con-
frontation. With a few friends (who seemed more
interested in firearms than revolutionary rhetoric), I
used to do maneuvers in the woods near my house.
We would fantasize how it was all gonna come
down and what role we (the "Radicals for Social
Improvement") would play in the grand scheme of
things. It doesn't take a military genius to see the
futility of armed force against the US. military on
its own turf. The idea that bands of weekend rebels,
however well trained and coordinated, could bring
down "The Man" was pure romance. Part of me
knew this — the same part of me that was more in-
terested in posture than real revolution and in get-
ting laid more than in fucking up the State. My
friends and I were content to play-act, to dream the
impossible dream of overthrow.
‘One of the first "a-ha's" I had about computer
terrorism in the late '80s was that the possibilities
for insurrection and for a parity of power not based
‘on brute force had changed radically with the ad-
vent of computer networks and our society's almost
complete reliance on them. There was now at least
the possibility that groups or individual hackers
could seriously compromise the US. military
and/or civilian electronic infrastructure. The reality
of this hit home on November 2, 1988, when Robert
Morris, Jr., the son of a well-known computer se-
curity researcher, brought down over 10% of the In-
temet with his worm (a program that
self-propagates over a network, reproducing as it
goes). This event led to a media feeding frenzy
which brought the heretofore computer under-
ground into the harsh lights of television cameras,
and sound-bite journalism. "Hacker terrorists,”
viruses," "worms," "computer espionage"...all of a
sudden, everyone was looking over their shoulders
for lurking cyberspooks and sniffing their com-
puter disks and downloads to see if they had con-
tracted nasty viruses. A new computer security in-
dustry popped up overnight, offering counseling,
virus protection software (sometimes with anti-
dotes to viruses that didn’t even exist!), and work-
shops, seminars and books on computer crime.
Hysteria over hacker terrorism reached another
plateau in 1990 with the execution of Operation
Sundevil, a wide-net Secret Service operation in-
tended to cripple the now notorious hacker under-
ground. Like a cat chasing its own tail, the busts
and media coverage and additional busts, followed
by more sensational reportage, created a runaway
loop of accelerating hysteria and misinformation.
One radio report on the “stealing” (copying, actu-
ally) of a piece of information "critical to the opera-
tions of the Emergency 911 system" for Bell South
opined: “It's a miracle that no one was seriously
hurt.” Of course, the truth turned out to be far less
dramatic. The copied booty was a very boring text
document on some management aspects of the Bell
South system. For a thorough and lively account of
this and many of the other arrests made during
Operation Sundevil, check out Bruce Sterling's The
Hacker Crackdown (Bantam, 1992).
Whatever the truth of these particular incidents,
computer crime is here big time and the boasts of
even the most suspect hacker/cracker are usually
at least theoretically possible. Computer terrorism
hhas yet to rear its head in any significant fashion,
but the potential is definitely there. This is very un-
settling when you think how many people can gain
access to critical systems and how many loony
tunes there are out there armed with computers,
modems, and _less-than-honorable intentions.
Wireheads of every gauge would do well to study
volumes like Secrets of a Super Hacker to stay abreast
of the game and to cover their backsides should the
proverbial shit hit the fan.
The Hacker as
Pirate
Next to "cowboy," the most potent and popular
image of the hacker is that of a pirate. Oceano-
graphic and piracy metaphors are equally as com-
mon in cyberculture as ones about lawless frontiers
and modem-totin’ cowboys and cowgirls. People
talk of "surfing the edge,” and the "vast oceans of
the Internet.” Bruce Sterling's near-future novel
about data piracy was named Islands in the Net. In
it, third world countries and anarchist enclaves op-
erate data havens, buying and selling global infor-
mation through the world’s wide-bandwidth com-
puter networks.
Anarchist theorist and rantmeister Hakim Bey
penned an essay called "Temporary Autonomous
Zones (or T-A.Z.)" inspired by Sterling's data is-
lands. Bey sees in the rapidly growing techno-
sphere of our planet the possibilities for a new form.
of nomadic anarchic culture that might resemble
the sea-faring pirate societies of the 18th century.
Using all the resources of the global nets, individ-
ual cybernauts can come together to form tempo-
rary and virtual enclaves. These bands can wreak
havoc, throw a party, exchange intelligence, or
whatever else they want. Once the deed is done, the
party over, the nomadic bands simply disappear
‘back into the dense fabric of cyberspace. While de-
Cidedly romantic, the TAZ idea is attractive to
many hackers and cyberspace residents who daily
feel the fluidity of movement and the potential for
invisibility offered on "the nets.”
Of course, let's not kid ourselves, pirates were
mainly concerned with stealing things. In cyber-
space, piracy becomes a more ambiguous and con-
tested can of worms. Are you really taking some-
thing if you're simply looking at it or making a
copy of it? If you copy copyrighted material — let's
say an image — and then alter it significantly, to
the point that it is almost unrecognizable, have you
violated the copyright? What if you're using it as,
raw materials in a piece of art, like collage? What
does stealing mean when what is stolen is nothing
more than a particular assemblage of electrical im-
pulses? I regularly download recognizable audio
bytes from networks, process them in a sound edi-
tor, and then use them in various audio art projects.
‘Am I stealing? If I publish the work commercially,
THEN is it plagiarism? All of these questions about
sampling, copying, cutting, pasting, re-purposing,
and altering have become the thomy legal and
ethical issues of our cybernetic age. Hackerdom is
one of the domains that is rapidly fueling the fire.
The Hacker as
Biblical David
When liberal and fringe media want to feel
good about hacking and cracking they start invok-
ing images of the hacker as a do-gooder David
against a military /industrial Goliath. This myth of
the hacker, based on the "parity of power" theme
discussed above can bring comfort to those of us
who are paranoid about megacorporate and gov-
ernment big brothers. However over-romanticized
this myth is, there is comfort to be found in the
knowledge that individuals can penetrate even the
most behemoth systems. If big brother gets too big,
for his britches, "Davidian" (2) hackers are standing
by to do some necessary tailoring.
The Hacker as
Security Informant
Another do-gooder myth revolves around the
hacker as an either self-appointed or hired security
checker. Many hackers, true to their ethos of simply
wanting to push the limits of their ability and not
to cause harm, will report holes in security after
they've breached them. To the hacker who is inter-
ested in the gamesmanship and challenge of pene-
trating a system, tipping off the system's adminis-
trators means a new level of challenge should they
ever return. Hackers who are hired for purposes of
testing system security, called "tiger teams," also
work to compromise the security of a system to
find weaknesses. Often times, these hired guns are
convicted computer criminals who "go straight.”
Several members of the legendary Legion of Doom,
caught in the Operation Sundevil busts, formed
COMSEC, a computer security team for hire. While
many hackers bristle at such turncoat maneuvers,
other more politically neutral hackers point out
that it doesn't really matter to them who they're
working for as tong as they get to hack.
The Hacker as
U.S. Cavalry
Just as Hollywood movies raised the lowly
dirt-lickin' cowboy to mythic status, it is now pre-
senting hackers as a tech-mounted US. Cavalry, a
cyberpunk version of Mighty Mouse, here to save
the day — and save the movie — in the final sec-
onds. Movies such as WarGames, Sneakers, Jurassic
Park, and TV shows such as Mex Headroom
glamorize hackers, often portraying them as
misguided geniuses who finally see the light and
prevent calamities they're often responsible for in-
itiating. At the same time that the mainstream me-
dia has demonized hackers, Hollywood has ro-
manticized them. John Badham's 1983 film
WarGames probably did more to stimulate interest
in hacking and phone phreaking among young
people than anything before or since. Numerous
oo i
legendary hackers have credited that film as their
chief inspiration and raison d'etre. All these films
have also played into the myth of the evil govern-
ment and megacorps who deserve the harassment
that the hacker protagonists dish out. As this intro-
duction is being written, rumors are flying fast and
furious that’ a number of _ near-future
hacker/cyberpunk TV shows are in the works. It
will be very interesting to see how Hollywood con-
tinues to re-invent the hacker.
The Hacker as
Cyborg
Ultimately computer hacking and net navigat
ing, and the images and fantasies surrounding
them, represent something greater than the sum of
the parts outlined here. It is this writer's opinion
that hackers represent the scouts to a new territory
that is just now beginning to be mapped out by
others. Hackers were the first cybernauts, the first
group of people to understand that we as a species
are about to disappear into a cyberspace at least
similar in function to that posited by William Gib-
son in his 80's fiction. As Manuel De Landa ex-
plains in his book War in the Age of Intelligent Ma-
chines (MIT, 1991), we are forging a new symbiotic
relationship with machines via computers. The na-
ture of this relationship and the level of individual
freedom afforded by it has a lot to do with how
hackers, visionary scientists, and the first wave of
cyber-settlers go about their business. While De
Landa is very laudatory toward the "freedom of in-
formation” ethic and developmental ingenuity of
hackerdom, he cautions those who wish to make
too much trouble for individuals and organiza-
tions, leading to retaliation, escalation of tensions,
and increased paranoia. He writes:
*SJome elements of the hacker ethic which
were once indispensable means to channel their
energies into the quest for interactivity
(system-crashing, physical and _logical
lock-busting) have changed character as the once
innocent world of hackerism has become the mul-
timillion-dollar business of computer crime. What
used to be a healthy expression of the hacker
maxim that information should flow freely is now
in danger of becoming a new form of terrorism and
| Tatyoduction: Hackers: Heroes of Villains? _v)
organized crime which could create a new era of
unprecedented repression.”
De Landa argues elsewhere in Machines that the
US. government's, especially the military's, desire
to centralize decision-making power has been seri-
ously compromised by the personal computer
revolution. He speculates that those outside the
military-industrial machinery have only a few
years to develop a new and truly decentralized sys-
em of networks before the military devises a new
tactical doctrine that subsumes the distributed PC.
The images of hacking: coming in under the
wire of mainstream society, cobbling together tech-
nology for individual and group purposes, over-
coming limitations, and all the other real and
imagined dimensions of hacking, have become part
of a new academic trend that uses the sci-fi image
of the cyborg as a model of late twentieth century
humanity. These academics have embraced cyber-
punk sci-fi, the politicized image of the hacker, and
postmodern ideas about posthumanism (a future of
human/machine hybridization). Anyone who
spends most of their waking hours patched into a
PC and the Internet or in hacking code has felt the
margins between themselves and their machines
getting very leaky. Hackers were the first to experi-
ence this, many others are now following in their
digital footsteps. Hacking has become trendy and
chic among people who, if pressed, couldn't even
define an operating system. The "idea" of hacking
has migrated far from the actual act of hacking. It
has become a cultural icon about decentralized
power for the turn of the millennium.
The Knightmare's Vision
Behind all these lofty notions lies the tedious
and compelling act of the hack itself.
Hacker-monikered "The Knightmare" presents his
complex view of hacking in Secrets of a Super
Hacker. In this classic hacker cookbook, the author
hhas gone to great pains to explain the massive
width and breadth of hacking, cracking, and com-
puter security. With Sherlock Holmes-like compul-
sion and attention to detail, he presents the history
of hacking, the how-tos of hacking, the legal and
ethical issues surrounding hacking, and his own
personal reasons for hacking. Numerous examples
and “amazing hacker tales" take the reader inside
each level of the hack. Reading Secrets will change
the way you look at computers and computer se-
curity. It has already been very valuable to me. I
am a smarter computer/net user now and much
more attuned to computer security.
When Patrick McGoohan conceived of The Pris-
‘oner he wanted to create a show that would de-
mand thinking. He wanted controversy, argu-
ments, fights, discussions, people waving fists in
his face. You might love the show, you might hate
the show (or both), but you would HAVE to talk
about it. Computer hacking and the wooly frontiers
of cyberspace are similar domains of controversy.
In the true spirit of freedom of information, Secrets
of a Super Hacker is being made available to anyone
who cares to read it. It is my hope that it will help
keep the debate alive and that those who make use
of its privileged information will do so responsibly
and without malice.
Be Seeing You,
Gareth Branwyn
‘August 29, 1993
Nantucket Island, Mass.
eee
Chapter One: The Basics 3]
“Given that more and more information about individuals is now being stored on computers,
often without our knowledge or consent, is it not reassuring that some citizens are able to
penetrate these databases to find out what is going on? Thus it could be argued that hackers
represent one way in which we can help avoid the creation of a more centralized, even
totalitarian government. This is one scenario that hackers openly entertain.”
—Tom Forrester and Perry Morrison in Computer Ethics
Chapter One:
The Basics
Reading vs. Doing
There are two ways to write a book about com-
puter hacking.
The first is to write an encyclopedic account of
every known system and its dialup numbers,
passwords, loopholes, and how to increase one's
access once inside. There is nothing particularly
wrong with this approach except that by publica-
tion time much of the contents will likely be out-
dated. And surely, after word leaks to the computer
sites of the world the remaining information will be
rendered non-functional. Such a specific approach,
while exciting, is best left to periodicals, which can
keep readers updated on the constantly changing
security frontier. Indeed, there are both print and
on-line publications which attempt to do just that.
The second way to write a book about com-
puter hacking is to write an encyclopedic account
of the methods by which security is breached and
systems penetrated. This is a much more agreeable
solution to the problem of how to distribute
changing information. The readers of such a book
can then follow those methods, those algorithms,
add some of their own creativity, and will never
end up facing a situation drastically different from
the ones the text has prepared the hacker to en-
counter. Naturally, way-to-write-a-book Number
‘Two is the way this book has been written.
‘At some points during the course of writing this
book I've found that to talk about certain informa-
tion requires knowledge of another aspect of
hacking entirely. I tried to keep this book flowing
in a logical order, conducive to understanding, but
occasionally you will find ripples in the flow.
If you come across a term or situation that the
book hasn't yet prepared you for, forget about it.
‘You'll learn soon enough. Or look in the glossary —
you might find the answer you seek there. Com-
puter hacking is a subject which contains a volu-
minous amount of information. Repeatedly, as I
prepared the manuscript, I had to decide whether
or not to go into great detail in a particular area, or
allow you to discover certain inside tricks on your
own. Sometimes I compromised, sometimes I did-
n't. Some things I left out because they were too
scary. When ail is said and done, the important
part isn't the writing of the book, it's the reading of
it, and the actions that result from the reading.
Hacking is about doing something, for yourself and
‘on your own. It's not about reading about doing
something. I will gladly point you in the right di-
| Secrets of a Super Hacker _
rection, but I won't be your guide once you're on
your way.
Speaking of books being read, it is often a won-
der that they ever do get to that readable finished
state at all. Thank you RS. and J for critiquing se-
lections from this book; thanks to the people at
Loompanics for recognizing that the Constitution
does, after all, allow freedom of the press; and to
the many hackers and crackers who offered sug-
gestions: Morris, Janet, Sex Pack, Carl Fox and the
happy Gang Of Demon Street.
Opening Remarks
This book will show you various methods you
can use to break into computer systems.
In some ways this is harder to do than it used to
be. Nowadays people are more strict, more cau-
tious about security. That's how it seems, anyway.
But there are plenty of holes still left in any sys-
tem's armor. System managers can tighten up com-
puter security as much as they want but there will
always be ways to get around their efforts. Re-
member the first rule of hacking: Whatever a hu-
man mind can achieve, another can also achieve.
Whatever one mind can hide, another can discover.
People tend to think and act alike, and it is this
sameness of thought that you, the hacker, will ex-
ploit.
What is a hacker? I'm going to give a definition
now, and if you don't fit the description I give, you
can just close this book and throw it away:
A hacker is a person with an intense love of
something, be it computers, writing, nature or
sports. A hacker is a person who, because he or she
hhas this love, also has a deep curiosity about the
subject in question. If a hacker loves computers,
then he or she is curious about every aspect of
computers. That curiosity extends also to the ways
other people use their computers. Hackers have re-
spect for their subject. For a computer hacker that
means he respects the ability of computers to put
him in contact with a universe of information and
other people, and it means he respects those other
people and does not intentionally use this knowl-
edge of computers to be mischievous or destruc-
tive. That sort of thing is for social-outcast junior
high school kids. The serious computer hacker
simply wants to know everything there is about the
world, and the world of computers. The True
Computer Hacker is a computer enthusiast and
more importantly, a Universe enthusiast.
‘You should already be enthused. Are you ready
to learn?
Equipment
There is only one piece of equipment you need
tobea successful computer hacker... a brain.
That's right — you don't even need a computer.
In fact, you might be better off not having one as
you will see later on. However, to start out you will
want to have a computer, a modem, and a tele-
phone line close by so you can connect to the out-
side.
It's inconsequential what kind of computer it is.
What's more important are the modem and the
communications software you use with it.
Modems And Speed
Remember the old puzzler, "Which weighs
more: a pound of feathers or a pound of lead?"
Well, here's the same puzzler with a modern twist:
"Which transmits data faster: a 600 baud modem,
or a 600 bits-per-second modem?"
The answer, of course, is "Both transmit data at
the same rate!”
But the real answer gets a little more
complicated. Let me explain.
"Baud" is the measure of the rate at which a
modem sends and receives information. Below
speeds of 600 baud, the baud rate is equal to bits-
per-second. Due to the restrictions of telephone
equipment, high speed modems may transmit far
fewer bits-per-second than their baud rate. For
example, a 2400 baud modem may only be sending
1200 bits-per-second.
For traditional reasons, modem speed is still
stated in baud. While a hacker should be aware of
the difference between baud rate and bits-per-
second, the important thing to remember about
modem speed is: the faster, the better. Just don't
expect a 9600 baud modem to be four times as fast
asa 2400 baud modem.
Five years ago, 300 baud modems were quite
popular. Today, 9600 baud modems are fairly
common. Higher speed modems, such as 14,400
al
baud and 19,900 baud, are now available in fairly
inexpensive models. Many of the services you
connect to will not be able to accomodate these
higher speeds; however, a high-speed modem can
always "step down" and connect at a slower speed
when necessary.
Hacking is a hobby that requires little equip-
ment; when it is necessary to buy something, you
should try to buy the best available. This doesn't
mean you should get what the salesperson or a
magazine review says is best. It means, get what is
best suited to your needs. You will want your mo-
dem to be fast. When I got my first modem, I
thought of 140 baud as being the slowpoke. Now I
look at the 300 baud crawler I used to use and
wonder how I ever managed to stay interested
when the words dribble across the screen at such
an agonizingly slow pace.
Realize that whatever speed modem you get, it
will usually run even slower than, advertised.
When there is static on the line, the modem is
forced to resend data over and over until it has
been sent or received correctly, Modems may run at
half their listed speed, or even slower if they're in a
particularly bad mood. They get even more snailish
when you're calling long distance, or you're calling
one computer through another through another (to
make your call harder to trace back to its source), or
if the remote computers are getting heavy usage.
For all of these reasons it's crazy not to get a fast
modem. It will make every bit of electronic com-
munication much more enjoyable.
Communications Software
It's hard to find truly splendid communications
software, and yet it is the software (in conjunction
with a fast, high-quality modem) which will de-
termine how much enjoyment or frustration you
get from your on-line interactions.
There are lots of communications software
(terminal emulators” or "term programs") out
there. Just because a particular package comes with
your modem doesn’t mean you should fee! obli-
gated to use it. A good piece of telecommunications
software will have many of the following features.
For the hacker, it is necessary to have all these fea-
tures. Well, maybe it's not necessary, but it will
ae
sure make your hacking experience more pleasur-
able.
Handy Features
The monitor on your computer was probably
specially designed for your computer. When you
dial who-knows-where over the phone, you can
easily be talking to some computer with a com-
pletely different screen design than your own. Con-
sequently, certain standards (rules of behavior for
monitors to follow) have been devised. If you call
up a hundred different computers, there will be
many differences between the characters each can
display, the control codes used to perform various
screen functions, and so on. Your communications
program, or "comm program," should be able to
adjust to a wide range of these codes and charac-
ters. This feature is known as terminal emulation.
Software that can't do that will often represent data
from the remote computer in peculiar ways, or as
garbage characters. Your comm program must be
able to emulate a good number of terminals, such
as ANSI, VT52 and VT100. It is also handy for the
software to have a translation table — the ability to
translate incoming and outgoing characters to other
characters.
The terminal program you choose should be
able to send and receive files using the Xmodem,
‘Ymodem, Zmodem, and Kermit protocols. A proto-
col is a set of rules. You see, if you're trying to move
files between two completely dissimilar computers,
those machines need to know how to talk to each
other. These file transfer protocols set up specific
guidelines for the two computers to follow regard-
ing how the file should be sent and received. Each
protocol has its own set of advantages and applica-
tions. The Zmodem protocol transfers files fast, and
with good error recovery, but it isn’t as prevalent as
the original Xmodem. Ymodem is another im-
provement on Xmodem, but its exror detection isn't
as keen — only use it on clean phone lines. Kermit
is used on many university mainframes for speedy,
efficient file transfer. Make sure your terminal
software has at least these four protocols.
Choose software that allows you to enter "AT"
commands. ATtention commands were developed
by Hayes to allow the user to control the modem.
They have been adopted for most makes of modem.
AT commands allow you to program the modem to
dial, go on line, go off line, and perform various
other functions.
You should also be able to shell to your
computer's operating system while maintaining the
connection — sometimes you will want to run
another program while or-line.
The software should allow you to be able to
store many phone numbers, names, and comments
for a large number of dialups. You should be able
to store more than just the ten digit phone number
— extensions and special codes should be pro-
grammable, as well as sign-on macros for faster
connections. It is also helpful to have auto-dial ca-
pacity, which repeatedly calls a busy phone num-
ber until the line is free.
Overall, the program you use must be pleasant
and easy to use. If one program doesn't suit all your
needs keep several on hand and use whichever you
need when you need its special services. Generally
I tend to stick with the PC Tools Desktop comm
program. It doesn't have too many advanced
features, but its ease of use more than makes up for
that. ProComm Plus for the IBM and Macintosh is
the Lotus 1-2-3 of communications software. It’s a
huge package that includes every conceivable
feature you'll ever need. There are also many low
price (free) alternatives in the world of shareware
and public domain software. QModem is one good
shareware communication program for IBM
computers.
There is one final necessity for the hacker:
Data Capture
Your terminal program should have a data cap-
ture feature. This means that as information gets
sent through your modem and put onto the screen,
you should be able to capture it in a disk file.
It’s important for you to keep the data capture
feature on whenever you're using your modem.
‘You do this for several reasons. When I'm logged in
somewhere, I like to poke into all the text files I can
find, but I don't like to waste my time on the sys-
tem by actually reading them while on-line. In-
stead, I tun on my data capture, store what can be
hundreds of pages of text in separate files, then sort
through the data later, offline, at my leisure. (At
other times it is more appropriate to simply trans-
fer the files; what one does depends on circum-
stances.)
Data capture is also handy to pick up control
codes and text that scrolls off the screen too fast for
you to read. And sometimes text is immediately
‘erased after it's put on the screen, either for security
reasons or due to faulty software. With data cap-
ture you retain a permanent record of that text. In.
any event, it's nice to have an official record of your
hacking activities that you can use for reference
and research.
One time I called up a bulletin board (BBS) that
was run by a local company, mostly for the pur-
pose of advertising its products. The modems con-
nected, I pressed Enter a couple times, and I got the
usual random characters on the screen, then the
login prompt came on. It took a little longer than
usual to get to the login prompt, and I was wonder-
ing about that, but nothing seemed really unusual
sol went about my business.
Later, I was going over the print outs I made of
the break-in and I took a second look at what at the
time seemed to be just normal login garbage. In the
middle of the nonsense symbols was this: "d-b".
And on the next line, sandwiched between two
plus signs, this: "ye!". On the surface this doesn't
look too interesting, but think about it: put "d-b"
and "ye!" together and you get "d-bye!”. What I was
looking at was the last half of the word "good-
bye!”.
From using the BBS I knew that "good-bye!"
was the last thing one sees before logging off. In
other words, I had called the system just after
someone else had logged off, and I had gotten the
tail end of their log-off message. This meant there
was something wrong with the way the remote
software handled disconnections. This meant there
was a bug that could be exploited.
T logged onto the system again, and the first
thing I did was go to the "User Log" to find the re-
cord of my last login to the system. The person who
had been using the BBS before me was a regular
user of the system and, sure enough, according to
the log she had logged off just seconds before I was
recorded as having logged in.
Later I was able to incorporate my knowledge
of this flaw to make myself a system operator by
calling up and connecting soon after the real sys-
tem operator had finished a scheduled mainte-
nance check. I wrote a letter explaining to him what
Thad done, and how. Over the next few days we
corrected the problem.
So you see, sometimes weird things happen
while you're logging on or off, but anomalies can
occur at any time. The moral of this story is be pre-
pared to capture this weirdness, and be prepared to
analyze it when you find it.
You never know when _ something
out-of-the-ordinary is going to happen, like the sys-
tem operator (sysop) coming on and doing system
maintenance while you watch. I've had that hap-
pen to me more than once. In fact, there was one
‘week in which it happened twice.
When I was in high schooi there was one day
near the end of September that I was sick, so I was
staying home from school. Instead of rushing off to
the bus stop, I was on my computer, dialing BBSs.
The first day I was sick, I had just finished logging
conto a system and was about to read my e-mail
when the sysop interrupted. "I have to do some-
thing real fast," he typed, "and I'm late for school
Then he went about doing whatever it was he had
to do. He went into the back screens of the bulletin
board system program, then shelled out to his hard
drive, and came back in again. He was doing every-
thing so fast I couldn't keep track of what was go-
ing on, but later, after I'd logged off, I was able to
go through the file I'd made of the event, and ana-
lyze it thoroughly. The information I learned from
watching that sysop fix his system did not help me
break in’ anywhere, but it taught me more about
how telecommunication systems work. And that’s
the whole purpose of hacking.
‘A few mornings later, I was on another system
and almost the same thing happened. Another sy-
sop was late to an appointment, but before he went
he just had to do some last minute rearranging.
This time I was able to understand as J watched
what was going on: one of the things the sysop did
was to validate a new user's password (a dumb
thing to do in front of somebody, but maybe he
didn’t realize I could see what he was typing). Since
Iwas capturing the event in a text file as I watched
it, there was no need for me to scramble for a pen to
write down the passwords as I saw them scroll
across my screen.
An alternative to data capture is to have your
printer running continuously. There are people
who do this, but it's always seemed to me to be a
complete waste of ink, paper, time (especially if
TT chapter Ones tie Basics” 7]
you have a slow printer) and electricity. Also, a
printer won't be as efficient as your communica
tions program at capturing strange control codes
and foreign symbols. You're better off capturing
data in files, then using a word processor to sort
through those files, erase what you don’t need, and
then perhaps print out the rest.
Past and Future
‘As you read about the many facets of hacking,
you will be introduced to more equipment, tools,
software and hardware that will be of interest to
hackers who wish to try their expertise in more
specialized areas of interest. For now though, all
you need is the understanding that...
Days Of Yore Live On
When you start reading through the literature
of data security, you begin to get worried.
Gone, it seems, are the days of "Joshua doors" as
in the movie WarGames. Gone are the system bugs
and loopholes, the naively entered "PASSWORD"
used as a password. Gone, it seems, is the reverent
awe people once held for the lone hacker, cracking
secret government databases in the middle of the
night. Gone are the lone hackers.
Itseems.
But all of this really isn’t true! As recently as
just a few years ago, Robert Morris, Jr., was hacking
into computers using system bugs that he himself
had discovered. These weren't even new bugs —
they were old ones that no one had ever noticed or
bothered to correct before! Who knows how many
more similar bugs like it are out there, waiting to be
manipulated? And the trap doors will always be
there as well: it is the programmer's vanity that
leads him to stylize otherwise joint or corporate
software by inserting covert code, either for benign,
"jokey," Easter Eggs purposes — or to wreak havoc
later on.t
‘And don't forget all the stupidity: the test ac-
counts and demo modes, the default security
1 An Easter Egg in the computing sense is some
unexpected, secret thing you can do with a piece of
software that the programmer put in but doesn’t tell
anyone about.
measures that nobody bothers to delete or change.
In July 1987, a bunch of Chaos Computer Club
members hacked their way through the network,
from an entry in Europe, to NASA's SPAN system
(Space Physics Analysis Network). These crackers
exploited a flaw in the VMS infrastructure which
DEC Corporation had announced was remedied
three months earlier. There must be hundreds of
VAX computers still out there, still running the
faulty parts of the operating system. Even with the
patch in place, the Chaos members reportedly were
laughing themselves silly over the often trivial
passwords used to "protect" the system. Some of
the passwords were taken straight from the manu-
facturer's manuals! On the one hand we have a top
secret VAX 11/785 computer with the full power of
NASA to protect it; but on the other hand there are
approximately four thousand users of that com-
puter. Never can you get 4,000 people together and
still keep secrets hushed up.
Hacking may seem harder than ever before, but
it really is not. The culture may have gotten more
security-aware, but the individual user still lives in
a world of benign indifference, vanity,
user-friendliness and friendly-userness. Users who
are in-the-know will always want to help the less
fortunate ones who are not. Those who aren't will
seek the advice of the gurus. And so Social Engi-
neering and Reverse Social Engineering live on, as
you shall discover within these pages.
Ease of use will always rule. The "dumb" pass-
word will be a good guess for a long time to come.
‘After all, people just_ don't choose
"6FK%810(@vbM-34trwX51" for their passwords!
‘Add to this milieu the immense number of
computer systems operating today, and the stag-
gering multitudes of inept users who run them. In
the past, computers were only used by the
techno-literate few. Now they are bought, installed,
used, managed, and even programmed by folks
who have a hard time getting their bread to toast
light brown. I'm not downgrading them — I ap-
plaud their willingness to step into unfamiliar wa-
ters. I just wish (Gort of) that they would realize
what danger they put themselves in every time
they act without security in mind.
It is a simple and observable fact that most
computer systems aren't secure. If this isn't clear
now, it certainly will be once you've read a few
chapters of this book. Ironically, many of the peo-
ple who operate computer installations understand
that there is a problem with system security; they
just don’t do anything about it. It seems incredibly
naive, but it's true.
There are lots of reasons why companies don't
increase computer security. Publicly or privately,
they say things ike:
Extra security decreases the sense of openness
and trust which we've strived to develop.
+ Security is too much of a nuisance.
+ Extra security just invites hackers who love a
challenge.
+ It would be too costly or difficult to patch exist-
ing security loopholes.
+ The reprogramming could open up new secu-
rity problems.
+ We've never had a security problem before!
+ The information we have here is not important
to anyone but ourselves; who would try to
break in here?
+ But we just had a security breach; surely they
won't come back!
+ Didn't all those computer hackers grow up and
goon to better things?
There are different reasons why each of these
statements is either wholly or partially incorrect.
‘The last one is certainly false as any reader of this
book should be quick to point out. Computer
hacking (as well as the misuse of computers) will
always be a contemporary issue because of the
great value computers have in our daily lives.
Some of these sayings also have their validity.
In any case, the people who run computer installa-
tions (call them sysops, system managers, com-
puter operators or whatever) very often believe in
these things, and so the window of opportunity is,
left open. With a little work we can often ride the
breeze inside.
Computer Crime
I would iove to honestly be able to say that
computer crime does not exist in the world — but I
can't, because it does. When you're talking about
the bad stuff that people do with computers, hack-
ing truly is at the bottom of the list, and it certainly
is the farthest removed from traditional crimes —
things like murder and burglary which we feel in
our hearts are wrong. True hacking is victimless, so
it is in my way of thinking only vaguely a crime.
Perhaps it is immoral or wrong, but there is much
worse that can be done.
‘Computer crimes come in seven basic catego-
ries, all of which are related to the concept of
“hacking” in some way. The seven categories are fi-
nancial theft, sabotage, hardware theft, software
theft, information theft, and electronic espionage.
The seventh "crime" is computer hacking.
Stealing Money
Financial theft occurs when computer records
are altered to misappropriate money. This is often
done by programming the computer to route
money into a particular bank account, usually by
the use of a salami technique.
A salami technique is a method used to steal
small sums of money over a long period of time,
with the assumption that such small sums won't be
missed. The criminal reprograms the computer at a
bank or some other financial institution so that
fractions of pennies will be given to a dummy ac-
count.
For instance an account might hold $713.14863,
where the "863" occurs because of the multiplica-
tion involved to figure interest rates. Normally the
computers would say this person has $713.15 in the
bank, rounding up the 4 to a 5. However, a com-
puter programmed with salami in mind would
slice off those extra digits and put them into a sepa-
rate account. Now the person may only have
$713.14 in the account, but who's going to notice or
complain about a missing penny?
The computer is not generating new money, it's
only shifting valid money to an invalid account.
This can make salami thefts hard to detect. Once
the criminal’s account has grown big enough on
those fractions of pennies, he or she can withdraw
the money and most likely will get away with the
crime. Many thieves have tried this form of bank
robbery, and many have been caught, but dozens
or hundreds of such operations could be going on
today without anyone's knowledge (or so the
“experts” claim).
‘The way investigators check to see if a salami
technique is being used is to have the computer
make a list of all accounts, and how many times per
day over a period of days a transaction has oc-
curred with that account. Next, any account that is
accessed an exorbitant number of times per day is
checked to see how much money each of these
transactions represent. If it's tiny sums, someone's
up to something!
While I don't condone such thievery, I feel obli-
gated to point out where computer criminals have
gone wrong in the past and how to avoid future
mishaps. Instead of reprogramming the computer
to immediately transfer those fractions of pennies
to an account, they would have been wiser to sim-
ply subtract the amounts and keep track of how
much money is collected in an area separate from
the account files. Then, the portions of code which
print out total bank holdings should be altered to
include that hidden figure in its summation, so
those minuscule amounts aren't missed. Once the
figure reaches a certain point (for instance, some
random value over one hundred or two hundred
dollars) only then should it be transferred to the
thief’s account. I say some "random" value so every
transaction on the thief's account won't be exactly
the same and thus suspicious.
Such thievery requires access to a computer;
usually these crimes are committed by employees
of the institution at which the crime occurred, and
so true hacking is not necessary. However, when an
employee with limited computer access or a com-
plete outsider pulls off a financial theft, computer
hacking will surely be involved.
Sabotage
Computer sabotage is the physical destruction
of computer hardware or firmware, or the tamper-
ing or erasure of information stored on a computer.
The point of sabotage may be to force a competitor
out of business, or, as is sometimes done with ar-
son, to get the insurance money. Computer hacking,
has only limited involvement with sabotage, since
it is the goal of most hackers to keep computers se-
cure, not to destroy them. Still, sometimes sabotage
does creep into hacking in limited ways. Reverse
social engineering uses what is called sabotage, but
it is actually just a bit of tomfoolery used to get a
computer to temporarily misbehave. You will read
about reverse social engineering later on.
Computer vandals frequently sabotage the in-
formation stored on computers after first using
hacker's methods to gain entry to them. Vandals
should not be confused with hackers, however.
10 SecretsofaSuperHacker
Neither should those folks who introduce incorrect
or misleading data into a computer system, or oth-
erwise sabotage the data stored therein. An illus-
tration of such data tampering is given by Thomas
Whiteside in his book Computer Capers (Crowell,
1978). Between 1968 and 1972 the FBI planted false
adverse information on radicals and other people
who had wild political views into the computers of
credit reporting agencies, "the idea being to harass
those citizens by making it difficult, if not im-
possible, for them to obtain loans or other forms of
credit." For all we know various agencies may be
continuing this practice. Want your own file
verified for accuracy? Hacker to the rescue!
Various Thieveries
Hardware theft is either the stealing of the ac-
tual computer or its peripherals, but it can also in-
clude the piracy of a computer's internal design. It
is related to hacking in that stolen or "borrowed"
hardware may be used to procure access codes. In
the case of design piracy, a hacker might clandes-
tinely monitor the private e-mail and other com-
puter files of a hardware designer in an effort to
steal innovative ideas.
Software theft or piracy is the unauthorized
copying of programs protected by copyright. Often
hackers will make personal copies of software they
find on a computer system, so they can learn how it
was programmed and how it works. As with
hardware piracy, there is also the aspect of wanting
to get an edge on a competitor's new line of soft-
ware, and so there is the hacking connection.
Information theft may include stolen credit card
numbers, TRW reports, new product specs, lab re-
sults, patient or client data, or any other data that
might be potentially valuable. Electronic espionage
occurs when that information is sold to a third
party, making the hacker a spy for either another
country or company. In both cases hacker tech-
niques are used to steal the information, and pos-
sibly even to make contact with the spy agency in
the first place.
The Seventh Crime
Finally, there is hacking. Hackers have the abil-
ity to do any of the above, but they choose not to.
Read that again carefully, and see if you can detect
the paradox.
The person who perpetrates the seventh of
seven computer crimes — hacking — has just been
described as a person who chooses not to commit
any crimes at all.
Of course, there is that small matter of illegally
breaking into other people's computers before that
choice is made. But we conveniently disregard that
because we don't see any harm in the simple act of,
"breaking ii
Where other computer crimes are concerned,
motivations are obvious. It is obvious why a person
would steal a computer, or engage in a financial
crime, or a crime of vengeance.
But with pure hacking, essentially a peaceful,
harmless act, motivations might not be as apparent.
The traditional motivation for a hacker was the
quest for knowledge. But nowadays that quest may
be ruled by higher motives — like money. There
are hackers who see their talent not as a hobby, but
as a trade. In fact, there are a number of both moral
and immoral reasons one would provide one's
hacking services for a fee. Before we get further into
the How's of hacking, let's take a brief look at the
Why's.
Hacker Motivations
The IRS has a bad reputation — and it deserves
it. Sure, they pretend to play fair (I have a friend
who received a refund check from the IRS for one
cent; so apparently they can be honest at times),
they pretend to do things in our interest, but under-
neath it all they do a lot of cheating, conniving
things.
For instance, the IRS has a computer selection
program called the Discriminate Function System.
DFS is a system used by the IRS to select over 80
percent of the income tax returns which will be
audited. When the DFS selects a return for audit, it
is because the program believes there is a high
probability the citizen made improper deductions,
or hasn't reported all income, or for some other rea-
son believes the filer has lied.
Now, as citizens of the United States, we are
entitled to know all the laws and regulations of our
country, right? Not so, according to the IRS. The
decision-making formula (algorithm) used by the
DFS to select which returns will be audited is kept
secret from us (so we can never really know to
what extent an action of ours breaks the IRS's re-
tum-selection laws).
Itseems logical and fitting for the IRS to not re-
veal this secret, because doing so prevents a lot of
fraud. But it also restricts our rights, and several
years ago, two outraged citizens sued the IRS to re-
veal their selection formula. The citizens won and
the IRS was ordered to reveal the formula, The IRS
was not ready to reveal their secrets, and they ap-
pealed their way up to the Supreme Court and still
lost in favor of the Freedom of Information Act.
But since the IRS is a crying, whining, wily
baby, they refused to obey the court orders, and ran
to Congress for help. Congress, of course, immedi-
ately enacted a statute which made the IRS's audit
selection algorithm immune to the Freedom of In-
formation Act.
Now, I ask you: Can you think of a better rea-
son to hack than to get back at the IRS? I'm sure
that someday some hacker will surreptitiously
stroll into the IRS's computers and make off with
their Discriminate Function System, and publicize
it widely for all to see and file by?
Even if that doesn't happen, and even if that's
not a hacker's main goal (which I wouldn't expect it
to be), there are plenty of motivations from which
to choose.
Dissemination of information is always an hon-
orable incentive to hack. According to Tom Forester
and Perry Morrison in their book on computer eth-
ics (listed in the bibliography), following the Cher-
nobyl nuclear disaster, hackers in the Chaos Com-
puter Club "released more information to the pub-
lic about developments than did the West German
government itself. All of this information was
gained by illegal break-ins carried out in govern-
ment computer installations.” Certainly that was a
nobie and just act on their part, from our point of
view.
2 This has already happened in Australia. A computer
professional working for the Australian Taxation
‘Commission wrote up a guide to the confidential
computer program which the commission used to
determine the legitimacy of a taxpayer's income tax
form. Taxpayers could use his guide to safely overstate
the amount of deductions they claimed.
Hackers also see themselves as preventers of
disasters — computer disasters that is. There have
been several recent examples of computer security
companies from all over the world putting their se-
curity products to the test. They did this by publi-
cizing a phone number hackers could call to try to
beat the system. Sure this is done for advertising
hype, but itis aiso a good idea, and it gives hackers
a chance to do some computer cracking in a benign
setting.
Hackers who maintain a high degree of virtue
will use their illegal hacking to prevent disasters.
Once they have discovered (and misused) a secu-
rity loophole in a system, they will wamn the system
‘operator of that fact. Hackers are thus beneficial to
the world in that they act to keep the world in-
formed and secured.
But we can only be assured of these traits if the
hackers themselves conform to ethical behavior.
Unfortunately, due to the exciting/risky /devilish
nature of hacking, the people involved are often
immature and play around in juvenile activities
such as vandalism and carding (mail ordering stuff
on other people's credit cards). These are the sorts
of activities that True Hackers should strive NOT to
be associated with, as they degrade the word
“hacker.”
Many hackers, even some very good hackers,
have done their part to give hacking a bad name by
having skewed motivations. There have been
plenty of destructive hackers, and those who just
did not know when to quit.
‘There are also hackers-for-hire. Private citizens
are willing to pay hackers to change computerized
information for them — grades, ratings, bills, access
levels. Or there are the people who want informa-
tion about themselves deleted from the record, be-
cause they are in hiding. Private investigators can
always use the skills of the hacker to find addresses
and phone numbers, credit ratings, and other pri-
vate concerns of clients and suspects which are con-
tained on computers. Office workers have hired
hackers to scope out the personal electronic mail
and files of coworkers and competitors, to gain an
edge when making a proposal or a bid. There is not
only industrial, but governmental espionage. All of
the above has been done and is being done RIGHT
NOW, by hackers who hack for money.
Hackers tend to look down on other hackers
who fall into this line of work. Maybe a
‘once-in-a-while job is okay, but to do it extensively
and exclusively is to sell out one's integrity.
1 like to think that all people reading this book,
and all hackers, will use their talents to good ends:
to promote public awareness, prevent tragedy, and
to learn new technologies and new innovations for
one's own self-growth.
Chapter Tivo: The History of Fiacking 13]
Chapter Two:
The History of Hacking
First Came Hardware
‘Where does one begin a history of hacking?
Do we start with the creation of the computer,
by J. Presper Eckert and John Mauchly? During
World War I this pair of engineer and physicist
approached the US Army with a proposal for an
electronic device that would speedily calculate
gunnery coordinates — a job that was then tedi-
ously being done by hand. With the government
backing their way, the Electronic Numerical Inte-
grator And Calculator (ENIAC) was born in 1946. It
‘was a year after the war's end — the machine's de-
signed function was now superfluous — but the
dream behind its imagined future uses lived on.
Of course, the origin of the computer — the
computer for god’s sake — the most revolutionary
invention since the telephone, can not be so easily
summed up in a tidy paragraph of wartime patri-
otic stupor. The real story goes back further, to
Konrad Zuse, whose patent for a general-purpose
electromechanical relay computer in 1938 was
tumed down by the Patent Office as being not spe-
cific enough. It may have been ENIAC that
spawned the next generation of computers, but
ENIAC was a one-task machine. Zuse's contraption
had the feel of modernity to it; a machine that
would do... anything.
But is that where hacking began? Certainly not.
‘The longing to do... anything has been in the human
psyche for ages. Perhaps we should begin with the
revolutionary creation of the telephone, culminat-
ing with Alexander Graham Fell’s historic "acci-
dent” on March 10, 1876. The telephone was not an
immediate best seller. After all, you couldn't simply
buy one and place it in your house and use it. Lines
had to be installed. Networks had to be created to
link home to home, business to business, and fi-
nally, state to neighboring state. Almost thirty
years of growth for the phone to spread throughout
the country.
YIPL and TAP
So, there was the telephone, there was the com-
puter, and there was an undaunted inquisitiveness
in the collective human subconscious. It took an-
other war to shake that curious imagination loose
onto the world, and on May Day, 1971, the Youth
International Party Line became the newsletter of the
fun-seeking, disenfranchised riffraff of New York
City's Greenwich Village. Abbie Hoffman and a
phone phreak who went by the handle Al Bell used
YIPL to disburse information about cracking the
phone network. It was the first instance of subver-
sive information of its kind finding a wide audi-
‘ence. Subscriptions to the journal spread the word
of this arm of the und far away from
Bleecker Street to people of all walks of life. Today
this distribution would be done by computer, and
indeed, a great deal of hacker/phreaker /anarchist
material surfs around the world on the invisible
waves of cyberspace.
A few years after YIPL’s inception, it became
TAP — Technological Assistance Program — when
the goals of the phreaks collided with the more po-
litically-minded members of YIPL. TAP was more
technical than partisan, and more suited for hack-
ers and their kin,
Computer Crime
‘The first recorded computer abuse, according to
Donn B. Parker, a frequent writer on computer
crime, occurred in 1958. The first federally prose-
cuted crime identified specifically as a computer
crime involved an alteration of bank records by
computer in Minneapolis in 1966. Computers were
not so widespread then as they are now, and the
stakes weren't quite so high. It's one thing to have
money controlled and kept track of via computer;
it’s quite another to have power controlled in this,
way. In 1970, many criminology researchers were
stating that the problem of computer crime was
merely a result of a new technology and not a topic
worth a great deal of thought. Even in the mid-
1970s, as crimes by computer were becoming more
frequent and more costly, the feeling was that the
machines themselves were just a part of the
environment, and so they naturally would become
‘a component of crime in some instances. It doesn't
matter if a burglar carries his loot in a pillow case
or a plastic bag — why should the props of the
crime determine the way in which criminologists
think about the case?
This was an unfortunate mode of thought for
those charged with preventing computer crimes,
because while research stagnated, the criminals,
crackers and hackers were actively racking their
brains to come up with more ingenious methods of
doing things with computers they were not sup-
posed to be able to do. The criminologists could not
have realized then that the computer really was an
integral part of the crime, and that the existence of
these machines — and the systems built around
them — led to whole new areas of crime and think-
ing about crime that had never before been
explored.
Lawmakers and enforcers, however, finally did
sit up and take notice. In 1976 two important de-
velopments occurred. The FBI established a 4-week
training course for its agents in the investigation of
computer crime (and followed it up with a second
course for other agencies in 1978). Also in 1976,
Senator Abraham Ribicoff and his U.S. Senate Gov-
emment Affairs Committee realized that something
big was going on, and it was important for the gov-
ernment to get in on it. The committee produced
two research and Ribicoff introduced the
first Federal Systems Protection Act Bill in June,
1977. These reports eventually became the Com-
puter Fraud and Abuse Act of 1986. Florida, Michi-
gan, Colorado, Rhode Island, and Arizona were
some of the first states to have computer crime leg-
islation, based on the Ribicoff bills that had devel-
oped into the 1986 Act.
A year before, a major breakthrough was an-
nounced at the Securicom Conference in Cannes by
a group of Swedish scientists who had invented a
method of silently eavesdropping on a computer
screen from a far-off distance. But let's save this
story for later. Much later.
2600
Tom Edison and Cheshire Catalyst, two phone
phreaks who had been interested in the nether side
of technology for ages, took over TAP in the late
"70s. The journal came to an end before its time in
1983 when Tom Edison's New Jersey condominium
burned to the ground, the victim of a professional
burglary and an amateurish arson. The burglars
had gotten all of Tom's computer equipment, the
stuff from which TAP was born. The arson, perhaps
an attempt to cover the burglary, did not succeed. It
was a sloppy fire, one which Tom and Cheshire
hypothesized had been engineered by some irate
phone company officer. A few months later, the
original TAP printed its final issue. The following
year, in 1984, hacker Eric Corley (aka Emmanuel
Goldstein) filled the void with a new publication:
2600 Magazine, Ironically, Goldstein is more a
thetorician than a hacker, and the magazine is less
technical and more political (like the original YIPL).
Networks were being formed all over, enabling
hackers to not only hack more sites but to exchange
information among themselves quicker and more
easily. Who needs published magazines? The City
University of New York and Yale University joined
together as the first BITNET (Because It's Time
NETwork) link in May 1981. Now there are net-
works of networks (such as Internet) connecting the
globe, putting all hackers and common folk in di-
rect communication with one another.
WarGames and Phrack
A hacker named Bill Landreth was indicted for
computer fraud in 1983, and convicted in 1984 of
entering such computer systems as GTE Tele-mail's,
electronic mail network, and reading the NASA
and Department of Defense correspondence within.
Naughty boy! His name will come up again. 1983
also saw the release of WarGames, and all hell broke
loose. Certainly there had been plenty of hacker ac-
tivity before the movie came out, but previous to
WarGames those hackers were few in number and
less visible. The exciting story of David Lightman
(played by Matthew Broderick), a school-age whiz
kid who nearly starts World War Ill, became the
basis for many modems for Christmas presents that
year. Suddenly there was a proliferation of people
‘on the hacking scene who were not really hackers
in expertise or spirit. Bulletin board systems flour-
ished, and a large number of boards catering to
hackers, phreaks, warez d00ds (software pirates),
anarchists, and all manner of restless youth sprung
up.
The online publication Phrack was founded on
November 17, 1985, on the Metal Shop Private BBS
in St. Louis, Missouri, operated by Taran King and
Knight Lightning, The term "online" referred to the
fact that this magazine was distributed, not at
newsstands and through the mails, but on the
“news racks" of electronic bulletin board systems,
where collections of files are available for the tak-
ing. Later, when the journal's founders went off to
college and received Internet access, the publication
was distributed through list servers which can
automatically e-mail hundreds of copies of the pub-
lication throughout the world. Phrack is still dis-
tributed in this way. As the name implies, Phrack
deals with PHReaking and hACKing, but it also is
pleased to present articles on any sort of mischief-
making, Annual conventions, hosted by Phrack,
called SummerCons, are now held in St. Louis.
Shadow Hawk
Bill Landreth, who had been arrested in 1983,
was let out on parole and there are reports of his
mysterious disappearance following publication of
his guide to computer security called Out of the
Inner Circle, He left a note stating that he would
commit suicide "sometime around my 22nd
birthday..." There was much discussion about all
this. Was it a publicity'stunt, or for real? Eventually
Landreth reappeared in Seattle, Washington, in
July, 1987, and he was hastily carted back to jail for
breaking probation.
The month before — on the anniversary of
D-Day — a cracker named Shadow Hawk (also
identified by some press reports as Shadow Hawk
1) had been discovered by an AT&T security agent
to be bragging on a Texas BBS called Phreak
Class-2600 about how he had hacked AT&T's com-
puter system. Shadow Hawk (really Herbert Zinn
of Chicago) was an 18-year-old high school drop-
cout when he was arrested. He'd managed to get the
FBI, the Secret Service, the Defense Criminal Inves-
tigative Service and the Chicago U.S. attorney on
his tail for not only the above mentioned hack, but
also for invading computers belonging to NATO
and the US Air Force, and stealing a bit over $1
million worth of software. Shadow Haw's case is
important because in 1989 he became the first per-
son to be prosecuted under the Computer Fraud
and Abuse Act of 1986.
Shadow Hawk is just one example of how this
hobby has gotten people in trouble with the law.
‘Around this time there were a lot of hackers being
brought down by all manner of cops: security offi-
cers for the telephone companies and other organi-
zations, the FBI, local police and concerned citizens.
This was the time when the investigators got smart.
Not that they suddenly knew more about comput
ers and hacking, but now they understood that to
catch a lion, one must step into its den. These police
agents started logging onto hacker BBSs and
amassed huge dossiers on the people who normally
used those boards. Many warnings were issued,
and many arrests were made.
In August, 1986, Clif Stoll first set out to find
out why there was a 75¢ imbalance in the computer
accounts at the Lawrence Berkeley Laboratory in
California. Stoll's efforts led to the discovery of a
group of German hackers who had broken into the
computer system. In October, 1989, a book about
Stoll’s exploits called The Cuckoo's Egg was pub-
lished and became an instant best seller.
Organized and independent hacker activity
continued for the next few years with little public
interest. There were threats in early 1988 by the
West Berlin Chaos Computer Club that they would
trigger Trojan horses they had implanted into
NASA's Space Physics Analysis Network, thus
causing the chaos of their name. The threats never
materialized but minor havoc was wrought
anyway, as many computers were temporarily
pulled from the net until the threat could be
analyzed.
The end of 1988 — November 2, to be exact —
marked the beginning of a new surge in anti-hacker
sentiment. It was then that Robert Morris Jr.'s com-
puter worm began its race through the Internet.
Exploiting an undocumented bug in the sendmail
program and utilizing its own internal arsenal of
ticks, the worm would infiltrate a system and
quickly eat up most or all of the system's process-
ing capal and memory space as it squiggled
around from machine to machine, net to net.
The Electronic Frontier Foundation
The birth of the Electronic Frontier Foundation
was announced July 10, 1990. EFF is a group dedi-
cated to protecting our constitutional rights; it was
created as a response to a series of rude and unin-
formed blunderings by the Secret Service in the
witch hunt known as Operation Sundevil. By May,
1989, this "hacker hunt” had led 150 Secret Service
agents to serve 28 search warrants in 14 cities. They
seized 23,000 disks and 42 computers, often for in-
appropriate reasons. E-mail was left undelivered.
Public postings never made it to the screens of the
computer community. Many innocent bystanders
(as well as criminals) were arrested.
John Perry Barlow (author, retired cattle
rancher, and a lyricist for the Grateful Dead), and
computer guru Mitch Kapor, best known for writ-
ing Lotus 1-2-3, were outraged by these events (and
by their own run-ins with the FBI over stolen
source code that was being distributed by the
NuPrometheus League). They teamed up with
attorney Harvey Silverglate who was known for
taking on offbeat causes. Some yellow journalism
by the Washington Post provided the publicity
needed to attract Steve Wozniak (co-founder of
Apple) and John Gilmore (of Sun Microsystems)
who offered monetary support for the enterprise.
Tt was at this point that the Steve Jackson inci-
dent made the headlines. An Austin, Texas, pub-
lisher of role-playing games, Jackson's business
was raided by the Secret Service because one of his
games, called GURPS Cyberpunk, had to do with a
kind of futuristic computer hacking. The Secret
Service called Jackson's game "a handbook for
computer crime." This was ludicrous, akin to arrest-
ing Milton Bradley because they sell Chess, which
teaches kids how to wage war.
Jackson's office equipment was confiscated, he
was forced to lay off half his staff, and he very
nearly went into bankruptcy. "Eventually," Jackson
later wrote, "we got most of our property back
(though some of it was damaged or destroyed). The
Secret Service admitted that we'd never been a tar-
get of their investigation.” Jackson sued the US.
government (the Secret Service, two of its agents,
and a Bellcore official were named in the suit) on
charges that the Secret Service had violated his
right to free speech during the office raid. Justice
prevailed and the SS was held guilty. Jackson has
since made a role-playing game about the incident.
The summer of 1990 was filled with all sorts of
similar surprises. There are the famous stories, the
infamous ones, and the ones that barely made the
back page. In the middle of August, thirteen New
York young adults and minors were charged with
felonies involving computer tampering, computer
trespassing, and theft of services. They had broken
into the Pentagon's computers, among others, and
ae
got a whole load of law enforcers on their tail.
$50,000 worth of computing equipment was seized,
said to have been used by the hackers to do the
break-ins. Dozens of stories like this were reported
then quickly faded. Other tales and other hackers
held more interest, like Acid Phreak and Phiber
Optik, who became "celebrity hackers,” speaking
‘on behalf of the hacker community for various
media. Phiber Optik was eventually arrested and
sentenced to thirty-five hours of community service
in February, 1991.
‘And the Craig M. Neidorf story made head-
lines. We have already mentioned Neidorf (Knight
Lightning) as one of the co-founders of Phrack. Nei-
dorf published an (edited) internal BellSouth paper
in Phrack and was quickly charged with interstate
transport of stolen property, with a possible sen-
tence of 60 years in jail and $122,000 in fines. What
was particularly absurd was that the document
was easily and legally available (though BellSouth
declared it to be full of company secrets), and it
talked about the BellSouth bureaucracy as it per-
tained to 911 lines. Sixty years in jail for copyright
infringement?
‘The EFF helped Neidorf through these troubled
times (as they'd helped Steve Jackson, and would
come to aid many hackers and crackers who'd been
treated unfairly or with ignorance by the law). The
US. dropped its case against Neidorf at the end of
July, 1990.
There are dozens or hundreds of stories about
hackers every year, and there have been for quite
some time. Some are quickly forgotten; others pro-
voke controversy. Such was the case on November
6, 1992, when a group of hackers, peacefully con-
vening in the food court of the Pentagon City Mall
outside Washington, D.C,, were bullied and man-
handled by mall security personnel, Secret Service
and FBI agents.
Hacking has had a long past and will continue
to enjoy a prosperous and successful future because
of people like us who enjoy seeing what secrets are
out in the world, waiting to be unearthed.
eit ar The story of Hacking]
Chapter Three:
Researching The Hack
Any serious hack will involve some prepara-
tory research long before the hacker sets foot near a
computer. This is simply because to hack intelli-
gently, one must have knowledge of certain facts
and ideas.
With computer hacking, you should obviously
have some knowledge about computers and tele-
communications (ideas) but to actually carry cut a
hack requires just one fact: a phone number. Or if
not a phone number, at least one way of accessing a
computer. Either case requires some research. Once
you've called the computer for the first time, some
on-line research is required to tell you how you
should proceed with the hack. And finally, there is
the ongoing research you will do once you've
gained access to a system, to help you make full use
of the facilities you've conquered. The “after re-
search" is discussed in the chapter "What To Do
When Inside.” For now, let us discuss what to do to
get started.
Targeting
By targeting, I'm referring to the process by
which a hacker will decide which of all possible
computer installations to attempt to breach. This
may seem like a trivial topic for many reasons, but
in fact itis a topic well worth discussing.
Let's suppose you are a rookie at this game. You
have gotten — through research of some kind, or
just plain luck — a piece of information you feel
will be helpful in entering a specific system. For ex-
ample, suppose you've discovered through the
computer crime grapevine the phone number of a
large governmental espionage database. Naturally,
it seems reasonable to call the number and see if it
actually is what you've heard it to be. On the other
hand, it might be better to first research your target
to see if it's worth the time and the risk, and the
phone bill. Look up the number in a criss-cross
telephone directory for that region. Criss-cross di-
rectories, which are available at many libraries, are
books (usually non-ticensed by the phone com-
pany) which list the names and addresses that go
with phone numbers. Unlike regular phone books,
criss-cross directories are sorted by number rather
than name. If you can't get this sort of directory,
call the operator and ask who the number belongs
to. Naturally it is preferable to use a directory on
your own, eliminating extraneous interaction with
phone company employees ("witnesses"). If the
phone number is publicly available, it probably
isn'ta computer line after all, let alone a secret one.
It may seem crazy to you to go out of your way
to look up a number before dialing it, but remem-
ber, it is important to get as much information as
you can about a system before you make the first
‘all. IF it really is a top-secret database, it's reason-
able to assume that your call will be traced, or at
the very least, will arouse suspicion. As a novice
one tends to get excited with one's first big break —
and tends to do stupid, dangerous things. You may
not yet have the expertise to alter phone company
data, or call from a pay phone, or in some other
way make it seem like you are not the person
placing the call. The rookie who calls a number of
this kind after doing a bit of research might be
taking a stupid risk, but that's a few steps higher on
the professional hacker's scale than the one who
calls without any preparation at all. That's just be-
ing stupid, period.
So, as far as targeting is concemed, you may not
want to follow up that first big lead right away. It
may be preferable to wait awhile, until you have
the expertise to do it properly. If you know some-
thing about a system no one else knows, it's very
likely going to remain a secret unless you spill the
beans. If you try to act on your inside knowledge
and fail, you are ruining your chances of getting in
later, as the system managers might see their mis-
takes and correct them.
‘My word of caution is this: Don't get in over
your head. Get familiar with floating on your back
bbefore trying to scuba dive for sunken treasure or
else you may end up being the one who's sunk.
Targeting also involves other research. What if
you do have some exciting secret that will let you
{get in somewhere? Perhaps you should think about
the best way of reaching that system in the first
place. For instance, if the system you're stalking is
on the Internet, you would have to determine a
Way to access the Internet disguised as someone
else before you could proceed to your main goal.
If you are enrolled at a college, or live near one
and have access to your own Internet computer ac-
count, it is a trifling matter to log in as yourself
and, from there, attempt to connect to other
systems. It's not only trifling — it's dumb!
Regardless of whether you have mischief in mind,
it’s irresponsible and lazy to do hacking logged in
as yourself. Before you can move out of the few
directories allowed by your minimal access level,
you will have to figure out a way to disassociate
yourself with what you do. That is — and I can't
repeat it enough — you will have to find a way to
connect as somebody else, and through that
connection go on to bigger things.
Breaking into major league computer systems is
very often a matter of, first, personal hacking, and
second, institutional hacking. That is, first you hack
a person (figure out a way of masquerading as that
person), and then you hack the institution (figure
out a way of disguising that person as a legitimate
user of the protected system).
Time, money and effort can be spent needlessly
on attempts to access systems that ultimately turn
out to be dead ends. Maybe your target is a school's
computer, because you want to change your grade
from an F to A. You may think your target indi
ual would be the dean or some other school head,
but as it turns out, in many instances you would be
wrong. School heads often have little or no access
to the computers which hold grades, unless they
themselves teach classes. In this case you would
‘want to target a professor or more likely, a teaching,
assistant (T.A.). They're the ones who have to do
the actual inputting of grades. Consequently you
‘would want to research the professor or T.A. to get
a handle on what their passwords might be,
Then there's the matter of the computer. Which
computer should you target for your hack? Teach-
ers, especially in math and computer science
courses, will usually tell you their computer ad-
dress so you can send them e-mail. But that isn't
necessarily where you need to go to change your
grade. More likely there is some hush-hush admin-
istrative computer which carries out those func-
tions, and it is that computer you would want to
hack.
It seems logical to assume that the president of
a university has the highest level of computer ac-
cess. But does he or she really? Does the president
actually have a computer account AT ALL? You're
probably better off targeting individual professors.
One English teacher I had mentioned Kojak a cou-
ple times in class, and on several occasions made
references to things that could be interpreted as
having some relation to that television show
(sometimes he would use phrases that Kojak used
"1 Ghiapter Three: Researching The Hack 21]
in the series). Obviously, Kojak is the place to start,
if one is interested in forcing one's way into this
guy's account (especially since he's an English pro-
fessor, and therefore less likely to understand the
value of non-real-word passwords). And trying
Kojak-related words like "Telly Savalas,” “lollipop,”
“bald,” for passwords is the obvious way of per-
sonally targeting that English teacher's account.
But is he REALLY the one you want to use in the
first place? If I had been failing that class and
‘wanted to get into his account to change my grade,
Kojak wouldn't have helped me; as far as I was ever
able to determine, it was the teaching assistants
who had control over the grading, not the profes-
sors! This is why it's necessary to target in order to
achieve your intended purposes. If you have goals
in mind, do the necessary research to find out if
you are targeting the right PEOPLE, as well as the
right computers.
Potential targets can often be found by reading
publicly available documents about a site. Docu-
‘ments pertaining to “ethical use" of the system, and
articles encouraging "preventative security” are
often particularly enlightening. For instance, here's
a little quote I picked up from an outdated memo-
randum about security policies. This is one sugges-
tion taken from a list of what was felt to be neces-
sary improvements in security. By the time I read
the article the improvements had already taken
place, but thoughts of needing security were long
gone from the minds of those who had written the
memorandum, and so security was lax. Here's the
one suggestion from the list that stuck out:
Net 19 must be isolated completely by gateways
‘from PCs and from the broadband. Terminal
server logins must be strictly enforced on all
machines. PCs should be implemented which
will run software that will monitor the network
{for signs of misuse and/or unethical usage.
Look at the goldmine of information that is given
here. We have these suggestions for improvement,
so now it should be a simple task to determine
which software was purchased to implement the
suggestions. From there we can see what the soft-
ware will and will not do, find out about bugs or
loopholes, and use other means to discover ways
around that software. But most interesting of all
(and the point that is related to this discussion of
targeting) is the mention of "Net 19." What is Net
19? Obviously it is something that the administra-
tion wants to go out of their way to protect. Clearly
it's something well worth hacking. If you had been
the hacker to first read these words, clearly Net 19
would be the target of your hack.
Keep in mind that I read this document from a
public terminal, without having to log in as any-
body. It was accessed from a public information
system. It is information available to anybody, and
look at the wonderful clue it holds for all who see
it! Now, when I read this I didn't know what Net 19
was, but I knew immediately to target all efforts to
finding that system and penetrating its security.
This is an example of accidentally found knowl-
edge being put to good use. But don't forget — I
was reading through every publicly available
document for the SOLE PURPOSE of breaking into
the system. The specific bit of information I found
‘was accidental, but my finding it wasn't.
In a way, doing this kind of on-line research —
exploring every inch of the system available to you
before going after the private regions —is a kind of
targeting. If your goal is a specific private computer
system, target all public systems related to it before
you begin. This can only help you in the long run.
It might lead to helpful hints, such as the mention
of Net 19, or it might at least familiarize you with
various aspects of the system.
Things you should be looking for when you
target a public system in this way, with the intent
of going after a correlated private system, are: how
ithandles input and output; if any bugs are present
and how the system reacts to them; what the com-
mand format is (three letters? control sequence?)
and what kinds of commands are available; and
machine specifications and hardware. Of course,
there are numerous other things you should either
be looking for, or will unconsciously be picking up
anyway as you look around, like what the visual
display is like and how long it takes the computer
to process commands. These are things that will be
helpful later on, because when you actually are
trespassing, you won't want to spend hours trying
to find the help command or how to log off.
Targeting may seem not just trivial, but dis-
tracting as well. After all, a scientist can analyze a
rainbow using specific technical terms that explain
what a rainbow is, how it is formed, and why it
displays its colors as it does. But in a way, this
[22 Secrets of'a Super Hacker
complicated description of a rainbow is completely
unrelated to the rainbow being described. The ex-
planation ignores the beauty of it. The techno-jar-
{gon shuns the poetic connotations that we associate
with the rainbow we are so interested in describing.
You may use similar arguments to complain
that targeting and pre-thought and planning of
hhacking attacks distract from the pleasure of the
hack itself. If you are a hired hacker you will need
to get the job done if you expect to get paid. But
otherwise, why should we bother to discipline our-
selves with such nonsense as targeting? You're
right! Certainly you're correct! There is no reason to
feel obligated to apply these suggestions that I pre-
sent. There is no pressing need to think carefully
about what you do before you do it, but you should
bbe aware of these things as you start. At least, if
you break the rules, you should understand how
following them might have helped.
Targeting specific computers that hold interest
to you, and that you are sure hold the information
you seek, and targeting people who have specific
access levels and abilities — all of this is like ana-
lyzing a rainbow and ending up with nothing but
gobbledygook. But in the long run, if you really
want to end up at a position further from where
you started, if you want to hack for the enjoyment
of it and maintain high pleasure levels throughout
the endeavor, I suggest you do these things. They
will help lessen the amount of frivolous searching
and brute-force monotony needed to get in, and
will help you stay out of trouble. So, set up a gen-
eral plan of action. Make sure the goals you've out-
lined are really the ones that apply to your case.
That way you'll know that what you are hacking
won't turn out to be a series of blind alleys.
I keep bringing up the point of “intentions,” and
"goals," but unless you're a private investigator or
some sort of muckraker, you're probably willing
and happy to break into any computer available —
any and all opportunities that present themselves.
This is fine too, and many hackers are so devoted
(fanatical?) in their pursuits that even if they know
a computer system will offer them nothing exciting
once they get inside, they persevere because it is
the thrill of the break-in itself that drives them.
But as you can well imagine, it is much more in-
teresting to break into a system that holds secrets,
than one whose contents are worthless to you. Is it
worth it to spend months trying to get into a sys-
tem that contains statistics on the copulation pat-
terns of lab rats? (Not unless you happen to have
an interest in that sort of thing.) Choose your
targets carefully. Getting into the system is half the
fun; once you're inside, the other half can be more
exciting.
Collecting Information
Before you begin researching you should know
what kind of information you should be trying to
find out. There are three topics a hacker should be
concerned with: Telecommunications in general,
computer systems in general, and specific systems,
There is a certain level of understanding you
should have about computers, modems, the tele-
phone and human nature. Hopefully this book wi
‘Prepare you with most of the information in these
categories that you will make use of. If not — and I
readily admit this is not an all inclusive Bible of the
Universe — then go around to some local or special
libraries and find out what you need to know.
Maybe there isn't anything you specifically
need to know. You will still want to keep up with
the latest developments in technology as well as the
organizations who run the computers you intend to
hack. Even if you think you know everything there
is to know, it can be most helpful to do a bit of
reading to make sure you really are an expert in
your field, especially when dealing with such rap-
idly changing fields as computer hardware, soft-
ware and telecommunic
So go to your local library. Go to the shelves
with the computer books, and the shelves with the
criminal justice books, and the shelves with the
business management books. That's where you'll
find the "legit" books about hacking and computer
crime. Every once in a while, take out some books
on telecommunications and look through them.
‘You want to start getting familiar with the various
situations you'll be encountering, so look through
books on the different information services, or-line
databases, computer crime, operating systems,
BBSs, and anything else that pertains to what you
can do with a computer and a modem. Look up
“telecommunications’ in the card catalog. Also,
“computers,” "hacking," "telephones,"
and anything else you can think of
that's relevant. Also, remember to look through the
[chapter Tiree: Researching the wack
books in the reference section; you will find the
‘most useful materials there. Hacking is best learned
by doing, but many good tricks and leads can be
found in the literature.
By the way, do you know who the biggest book
publisher in the world is? The United States gov-
emment. If your library is a government deposi-
tory, read through all the relevant government
publications that interest you. You'll learn a lot
from that stuff.
Tm not saying you should read every book in
the library, and I'm certainly not saying you should
read all this before you begin your hacking ex-
ploits. What I am saying is that very often people
don't realize the wealth of information that is avail-
able to them free for the asking — no need to hack.
And by reading these things you will get familiar
with what different computer systems look like
when you log onto them. You will get to know the
kinds of commands that are available to you, and
what formats the systems use for names and pass-
words. Also, you will often find toll free numbers
listed in these books — lines you can call to test out
various systems, or to get information on the sys-
tems. All this information will be helpful to you as
you proceed.
While you're at the library go to the periodicals
section and take out some computer magazines and
newspapers. Borrow some that you don't normally
read, or that you've never heard of before. It is use-
ful to write away for information from the maga-
zines, and to send in the Reader Service postcards
to get free information. It’s amazing what compa-
nies will send you, and it's further amazing to think
about all the great tips this information offers to the
hacker. I'm now on several perpetual mailing lists
from various computer security companies. I know
everything I need to know about all their products,
their upgrades, what businesses use their software
—and from that information, I can hack my way
around their products. Knowing how they go about
catching hackers, I know how to avoid getting
caught.
Another, sometimes more practical way to use
the library is to find out about donated books.
Many libraries get donations of books, either for an
annual book sale or for their shelves. A lot of those
books are old technical and company manuals for
computers, software, and operating system proce-
dures. The librarians who deal with donated mate-
rials will probably look at this sort of thing and
throw it out as useless. If you make friends with
them, surely they would prefer giving such
"useless" items to you, rather than discarding them.
Tve gotten many valuable guidebooks, reference
guides, operating systems manuals, and disks this
way. I even have a very nice and very current set of
AT&T security books.
Sometimes the books you pick up have notes
scribbled in the margins or on the cover. My favor-
ite note was the one that gave a phone number and
group ID access code. The access code had since
been deleted, but the phone number still worked —
and so did the sample visitor's password listed in
‘that manual.
Some Unusual Research Methods
They aren't really all that unusual, because after
all, anything that works — works! Any time you
get an idea for a new way of discovering more
about an online system or the people who run it
you should do your best to act on that idea. In the
jong run every bit of data is potentially useful.
Anything you manage to find will either help you
get in your present target computer, or get in an-
other one some time in the future.
Besides, it's always a delight to find confidential
data or insider secrets about a system. Share that
knowledge with other hackers and you will be re-
warded with interesting tips that will be beneficial
toyou.
Here are five further research methods: online
computer simulators and tutorials; sorting through
trash; found disk analysis; examining screenshots;
and snooping. Remember — these research meth-
ods work. Use them to your advantage.
Online Computer Simulators
And Tutorials
Computer-based simulators and tutorials are
often employed in teaching the ways of the com-
pany computer system. These programs mimic the
computer screens users would see if they were to
log in to the actual network. Tutorials and simula-
tors differ from the actual network in that they talk
the user through a typical use of the system, per-
24 Secrets of a Super Hacker
haps showing off special features available to the
user. If the user isn't given a guided tour, there is
often a workbook that is to be used with a
scaled-down version of the actual system, often one
with extensive help facilities to teach the new user
the ropes.
Tutorials and simulators give new users
hands-on experience with the problems and poli-
ies of software they will encounter. They are very
often used for training purposes instead of the ac-
tual system, or as a supplement to it. There are sev-
eral reasons for this. What if the system is still be-
ing installed, or undergoing a renovation? Or per-
haps not enough terminals are connected yet for all
employees to access the actual system. Using
simulators eliminates these problems since they can
be set up on any computer.
Temporary employment agencies may use
software from a specific company to pretrain their
workers, especially if the agency gets a lot of jobs
from a specific company. Or regular employees
may want the convenience of being able to borrow
a tutorial disk from the company library to practice
on at home. Finally, a good tutorial program or
simulation can ensure that everyone receives the
same quality instructions, without leaving out im-
portant details which a human instructor might
forget to teach.
‘How to get them? Simulation programs may be
available from corporate, special or even academic
libraries. You may also get hold of one from the
publisher. Write to a software publisher, saying
you're interested in making a large purchase and
ask if a demonstration disk is available. And you
may be able to procure one from a friendly member
of the company’s computer department (do some
social engineering! — pretend you're a company
manager or supervisor).
Simulators and tutorials are great things for a
hacker to come across; the usefulness of them
should be self-evident. They will help you learn the
systems, and perhaps reveal default entry-words,
and might even come with descriptions of system
bugs.
1 Social engineering is the act of talking to a system user,
pretending that you are also a legal user of the system, and in
the course of the conversation, manipulating the discussion so
that the user reveals passwords or other good stuff.
Sometimes you have to use your imagination to
find other ways in which oniine simulators can
help. I was waiting in an office one day to see
someone. The receptionist stepped out for a mo-
ment and I stepped behind her desk and borrowed
a computer disk I'd noticed stuck in a book. The
disk held a program called ARRSIM
(ARRangement SIMulator) which was actually a
copy of a program they used on-line, only with a
minuscule database of names. The program was
used to teach employees how to use the computers
to arrange and schedule meetings between custom-
ers and potential contractors.
When I got home I booted it up and started
playing around. At one point I tried changing an
address and the computer responded, "Supervisor
Approval Required" and put a cursor on the screen.
Apparently it wanted a password. I tried the one
that was used to log into the simulator (which was
scribbled on the disk label) but that didn't work. I
scanned through the disk with a file maintenance
utility, but could find no text (ie., hidden pass-
word) that I had not already seen.
Now, it occurred to me that address changes
were probably something that everyone had to do
every once in a while. So why had it asked for a
password when I tried to change an address? Ob-
viously the program had been designed by your
usual paranoid manager who did not trust a recep-
tionist to change a name or address by herself.
So I called my favorite receptionist at the com-
pany, and after some suave insider gossip about
company matters ("So Sheila's a grandma! Was it a
boy or a girl?" I had heard her discussing this with
1 coworker the day I was there), I popped the
question: "Gaye, do you know what to type when it
says ‘Supervisor App'—"
“Oh isn’t that silly!" she laughed. “It's really
horrible. Type ‘morris.’ I don’t know why they have
that there. Nobody's supposed to know about it but
we use it every day!" I thanked her and — you
know what? — ‘morris’ didn't work as a password
on the simulator (I don't think anything did). But it
was the password used to get into the actual net-
work. Apparently only supervisors were supposed
to be able to log on the terminals scattered
throughout the offices.
Sorting Through Trash
It isn't really a dirty job, and nobody has got to
do it, but serious investigators will. By
“investigators” I reier to hackers who are research-
ing a company or computer. It really isn't all that
messy going through the garbage of most places.
Often you'll find a separate bin for white paper.
Some may be shredded, but mostly not. Try to plan
your trips to the trash on days following a few days
of sunny weather. You want your garbage to be in
tip-top shape.
While I'm inside the dumpster I like to make
stacks of the papers I find and load them into gar-
bage bags. Then I bring it home to examine what
Tve collected. You'll find internal phone directories,
names of public and private individuals, training
manuals, outdated files, letters, information about
projects being worked on, and sometimes even
mention of the computer system. Much of itis help-
ful, and most is interesting too.
Even the regular trash is usually a pretty clean
place to be (somewhat). Rummaging around in the
garbage bins of various companies, office centers
and other institutions, I have come across: micro-
fiche, computer cards, entire boxes of business
cards, books, a dead cat (really gross), broken elec-
tronic junk, and lots and lots of, well, garbage. Of
course most of it isn't helpful for the hack, but often
there is knowledge to be gained. You can find out a
Jot about how an organization functions by its
trash, and the way in which that trash is organized.
The first time I did this, I took a single green
trash bag from the bin behind a bank. Bank bags,
by the way, are stapled shut with a paper receipt
that tells the name of the bank, and the time and
date of disposal of the bag. The trash within is of
two types. There are smaller bags containing refuse
from each individual's office in the bank, and then
there is the cytoplasm of crumpled forms and dis-
carded paper tapes from behind the counter. The
interesting parts are the bags from individual of-
fices. In my first garbage heist, one banker was
Japanese — he was throwing out a Japanese
newspaper and a Japanese candy wrapper in
addition to his bank-related stuff. There was also
the woman onthe _—_—diet,_—the
struggling-to-make-ends-meet single mother, and
the assistant bank director. Now the bank director
Chapter Three: Researching The Hack 23)
—her garbage was very interesting. It contained a
discarded lock from the vault, a box of orange "key
hole signals (style ‘c),” some vaull-key envelopes, a
slip of paper with the combination to a safe
scrawled across it like a clue in a parlor mystery
(12R-32L-14R in case you care), and a
memorandum to "Branch Managers” from the
woman in charge of "Branch Automation,” which
apparently had accompanied a disk. From that let-
ter I was able to get the name, address, and room
number of the bank's Branch Automation Depart-
ment and from there evolved a social engineer
through the mails (see chapter on Social Engineer-
ing) which resulted in myself getting a copy of the
disk in question as well as some other very useful
information.
If you were caught hacking a trash bin, you
used to be able to say that you were “just looking
for cans to recycle." Now offices pretty much recy-
cle everything, so that won't do for an excuse. The
old "school" or "community project” ploy is always
a good bet: Say you are rummaging around in there
doing research for a report on government or busi-
ness waste.
Before you even step out of your house the first
time, do a bit of phone work to find out what the
garbage situation will be like. Call up the Solid
Waste Department and ask when garbage collec-
tion is for the street you have in mind to plunder. If
pickup is Monday morning, that's good, since
you'll be able to go at night over the weekend,
‘when no one is around. You don't want to end up
going the day after collection, so make that call be-
fore you hop in your car.
‘As for recycled white paper, if there aren't any
outside bins devoted specifically to it, you might
want to go to the office during the day (if it has a
publicly-accessible area) and take a casual look at
the level of white paper in the recycling cans inside.
Do this at different times of day for a few days, and
you'll get their recycling schedule. Again, you'll
want to nab white office paper when the bins are at
their fullest.
GIRK
Of course, you can go out scavenging unarmed
through the trash bins of the world, but to facilitate
and quicken results, you will most likely want to
\ 4 ft
\ To: \ Branch anager
| To mmo: Ley
SUBJECT: oe Diskettes
“an Disk Version 1.0.1.
Enclosed, please. finda copy
x branch, to verify
— Please check the box of diskette:
there is no copy in your branch, please!
ur box of software. i
If there is a Destran Disk aiceady in your box q
Please, return that disk to #e in the envelope c
Ene foitowing. Locacation, anc, add the new_Destrimpiak
—-~ Feliz’ box of software. (
\
Should, you have any questions, fee free to calt’ze oh «
SWA-S@@@. Thank you.
RETURN DISKETTE TO
TJ Aemeis “a
BRANCH AUTOMATION DEPARTMENT
ROOM 245
A memo retrieved from the garbage contains valuable information.
___Giiajler Tiree: Researching The Hack 27]
prepare beforehand for your excursion into the
trash of white collar America!
Here are the things you should consider includ-
ing in your GIRK — Garbaged Information Re-
trieval Kit:
Rubber gloves. Either surgical gloves, or the kind
you use while washing dishes. Though most
garbage you'll be rummaging through is “clean”
(white paper bins for recycling) it's a good idea
to wear some sort of thin gloves anyway. You'll
also want to wear gloves when you're at home
sorting through the bags you lifted.
Ladder. I'm not talking about real ladders here, al-
though you may want to use one. Some dump-
sters are very high, or are vertically-oriented,
and so climbing out of them may be difficult.
Find yourself an old chair or hassock some-
body's throwing away, and take it in the trunk
of your car. Then you can either put it into the
bin from outside if it looks like you'll have
trouble climbing out, or you can use it to climb
into the bin in the first place. Either way, if you
have to leave in a hurry for some reason you
can safely leave it behind — after all, it was
garbage to begin with, right?
Flashlight. Take a piece of rope or a strip of denim
or something and fashion a strap. Make the
strap just big enough so you can easily slip the
flashlight on and off your hand. Especially if
you'll be rummaging at night, you will need a
powerful flashlight to guide you through the
garbage. Make sure the batteries are okay —
best thing is to use rechargeables.
Garbage bags. Not the clear kind. You must use
black, brown, or similarly colored bags for this.
After all, you don't want people to see what
you've got in them. If you're just pulling
manuals, memos, etc,, out of the trash and are
not bringing home whole, intact bags, you
should bring along at least one of your own
dark-colored garbage bags, to put everything
in. You might want to take two bags, placing
one inside the other, to insure against breakage.
Appropriate clothing. Don't go rummaging
through garbage bins in your Sunday finery!
Wear shoes you'll be able to climb and jump
with. Wear clothes that won't snag, old clothes,
clothes that you don't care if they get destroyed.
You might want to wear a custodial type
outfit, if you have it. If you know the company
maintenance staff tends to wear baseball caps,
or a certain color shirt or jacket, then by all
means dress similarly. Wear dark colors, not
bright pinks, reds, or yellows that everyone's
going to be staring at.
Empty soda cans. Some hackers tell security guards
or other onlookers that they're searching for
aluminum cans to recycle. You might want to
fill up the bottom third of one of your garbage
bags with cans, or maybe leave an open bag of
cans outside the bin so bypassers will be able to
figure out for themselves that you're collecting
cans for charity.
One time I told a stodgy old guard, "The sci-
ence classes at my school are competing to see
how many cans we can recycle. For every
pound of cans we bring in, our school gets three
dollars. The class that brings in the most cans
wins a prize. Right now we're in second place,
so I want to bring us up to first!" He walked
away and came back with a handful of empty
beer cans and bottles. "Are you doing glass
too?" he asked.
Remember: don’t carry unnecessary things in
your pockets, or things like watches that are going
to fall off your wrist. You don't want to lose money,
wallets, credit cards, notebooks or anything else to
the hungry stomach of a garbage bin, so leave all
that at home. Before you leave the house, do a
pocket check. Make sure you have nothing that
could identify you and nothing you can't afford to
lose. This seems like obvious advice but I can recall
at least four different messages posted by hackers
on private BBSs where they said things like, "Jeez! I
just came back from the CompuPhone dump and I
forgot to put my ring back on after I climbed out of
the can! Now T'll have to go back there tomorrow!"
On the other hand, you might want to take
along a cheap watch or something that didn't cost
much but looks expensive. Then if some curious
person comes along you can jump up and say,
“Here's that stupid watch! I knew that idiot janitor
threw it out with the trash!"
‘Also, another good idea: Take a shower when
you get home!
1s
Found Disk Analysis
When you hack you begin to find disks every-
where. Some have been discarded, mangled,
warped, bent; some have been carelessly lost, in the
drive of a public computer, under a keyboard, be-
hind a desk; and others you will find in their natu-
ral place — lying around on people's desks, in disk
boxes, in library reference books, in file cabinets.
You will want to be able to read data files off these
disks and rerun any programs on them.
Tam not going to suggest that you actively steal
disks that you find in an office or wherever, but if
you can manage to sneak one away for a few days
or overnight without it being missed, then the best
of luck to you!
Before I go into what should be done with
found disks, let's get our terminology straight. Here
Twill be talking about microcomputer disks, which
come in two varieties: 54" and 3%" disks. A disk is
composed of two parts. There is the square plastic
outside, which I will refer to as the envelope, and the
circular mylar disk inside. The square envelope is
simply a means of protecting the flimsy and fragile
disk within, and can be horribly mutilated without
damaging data on the disk itself. 344" disks have a
small plastic or metal door that slides open to re-
veal the disk inside. 54" disks are unprotected in
this way; their disks are exposed through an oval
hole.
WARNING!
Never put a disk of unknown origin, especially
a physically damaged one, into a good disk drive.
Before examining found or damaged disks, you
should get ahold of a cheap, second-hand drive and
use that for found disk analysis.
ining bad disks can easily damage your
disk drive. Never use bad, damaged or found disks
on a good quality drive!
Check Up
Begin a found disk analysis by removing the
disk from its paper sleeve if there is one, and eye-
balling both sides for any distinct problems such as
grooves, coffee stains or wrinkles. It is amazing
what disasters disks can live through. During the
early ‘80s when home computers first hit the mar-
ketplace, there were warnings everywhere: "Don't
put disks by magnets, by your monitor, on your
printer, or near your telephone. Don't bend disks,
don’t let your fingers stray from the label..." And on
and on. Certainly you should treat disks carefully,
but as we've learned since floppy drives became in-
expensive enough for anyone to afford, disks just
aren't as fragile as they were once thought to be.
‘And cerlainly the plastic and Teflon they are made
of are cheap enough to throw away, meaning dis-
cards are common. So if you are rummaging
through a company’s trash bin and you see a man-
gled disk, take it — you might be able to get some-
thing interesting off it.
If there is nothing visibly wrong with the (54")
disk, but you're still wary (because you found it in
a garbage can or in a dusty place or something) you
should carefully hold the envelope with one hand
while rotating the disk with the other hand (using
the hub ring). Look at the disk through the oval
window as you do the rotation. Then turn the disk
over and inspect the other side the same way. For
3%" disks, you will have to hold open the sliding
door with a finger as you rotate the disk using the
‘hub ring.
If you suspect that a 5%" disk is filthy, or if
there is any dirt at all inside, rotating the disk may
scratch it. Instead of rotating it, do this: Push the
disk to the bottom of the envelope with your finger.
‘Take a pair of sharp scissors or a knife and cut off a
very thin strip of plastic from the top (label) edge of
the envelope. With thumb and fingers, puff out the
envelope, and ease out the disk. Don't wipe dirt off
the disk — you don't want to scratch it. Try to blow
away dust and dirt, or use a hair dryer set on low
heat, or a can of compressed air.
‘Now look inside the plastic envelope. You will
see a lining of a white gauze-like material. If that's
dirty, throw away the envelope. Take a different
disk (that contains data you don't need any more),
slit the envelope open the same way, remove the
disk and replace it with the other round floppy.
Make sure the reinforced hub ring (if it has one)
faces front. Now you can try using this disk on your
cheap second-hand disk drive.
You might also like
- Secret of A Super Hacker by Knightmare (PDF) (01qlt) PDFNo ratings yetSecret of A Super Hacker by Knightmare (PDF) (01qlt) PDF238 pages
- How To Hack Computers - How To Hack Computers, Hacking For Beginners, Penetration Testing, Hacking For Dummies, Computer Security, Computer Hacking, Hacking Techniques, Network Scanning (PDFDrive)100% (2)How To Hack Computers - How To Hack Computers, Hacking For Beginners, Penetration Testing, Hacking For Dummies, Computer Security, Computer Hacking, Hacking Techniques, Network Scanning (PDFDrive)150 pages
- p22 - 0x04 - A Novice's Guide To Hacking (1989 Edition) - by - The MentorNo ratings yetp22 - 0x04 - A Novice's Guide To Hacking (1989 Edition) - by - The Mentor13 pages
- Hacking Secrets To Becoming A Genius Hacker - How To Hack Smartphones, Computers-WebsitesForBeginners by Steven E. Dunlop100% (1)Hacking Secrets To Becoming A Genius Hacker - How To Hack Smartphones, Computers-WebsitesForBeginners by Steven E. Dunlop45 pages
- Hacking Secrets To Becoming A Genius Hacker How To Hack Smartphones - Computers - Websites For Beginners81% (16)Hacking Secrets To Becoming A Genius Hacker How To Hack Smartphones - Computers - Websites For Beginners55 pages
