Secrets of a Super Hacker

Radiation Comprehension

noreply@blogger.com (SUPER HACKER) — Tue, 15 Jan 2013 06:51:00 -0800

If you like to watch television while you use your computer, you may have noticed something funny happening when the channel is turned to certain stations. With the computer on, channel two on my television is complete static, while channels 3 and 4 get decreasingly snowy. This happens when electromagnetic fields radiating
from my computer and cables are picked up by the televi-sion antenna. If I'm watching channel 2, 1 can even make out a very fuzzy representation of what I see on the computer screen.

There is a simple reason for this happening. The various components of a computer - amplifiers, cables, the coupling between cables, the power supply to power line coupling, switching transis-tors, the ground loop, internal wires, and even printed circuit boards - all act as antennae to con-duct electromagnetic radiation. The
components, cables and whatnot will not only pick up the radia-tion, but transmit it as well, sometimes re-emitting it at some distance from the source equipment. Nearby electrical wiring and metal pipes can further act as antennae. Computers operate at radio frequencies and so they are also radio transmitters.
That's why the Federal Communications Commission must ap-prove all computers (and many other electronic appliances) before they can be sold in the United States. The FCC wants to make sure those radio emissions aren't strong enough to interfere with other licensed radio receivers (such as television sets). In fact, there
have been cases of unregistered computer monitors whose screens have been picked up on the next-door-neighbor's television set. This sort of thing is more likely to occur when the neighbor has a black and white television and the computer has a composite monitor, because a black and white set can more easily adapt the syn-chronization signals that it picks up from a com-posite monitor (especially if the TV has an antenna amplifier attached).

When my television receives computer fre-quencies, it is doing so accidentally. Imagine the consequences of someone setting out to purposely receive radiated information. Indeed, such a thing is possible, and has been going on for quite some time. For years the Department of Defense has stashed away its most hush-hush
computers and communications devices in copper-lined rooms to prevent radiation leakage. They have also pro-duced guidelines for a security standard called TEMPEST ( Transient Electromagnetic Pulse Emanation Standard. ) which defines how military computers are to be constructed so that the radiation leaking from
them is minimal.

Special military computers might be well pro-tected, but your run-of-the-mill PC or terminal is not. The FCC ensures that equipment won't inter-fere with other equipment; it makes no promises that equipment is safe from prying eyes. In fact, those eyes don't even have to be at the scene of the crime. There is an electronic
marvel called the Van Eck device which picks up your favorite leaked radiation and projects it onto a television screen. Hook up a VCR to the television and you've got a living document of everything that goes on in your target's computer account.

Radiation Comprehension

noreply@blogger.com (SUPER HACKER) — Tue, 15 Jan 2013 06:50:00 -0800

Always A Way

noreply@blogger.com (SUPER HACKER) — Tue, 15 Jan 2013 06:50:00 -0800

Think about the enormous amount of power government possesses over us. Think of the billions of dollars it can spend to pry into our lives, to pho-tograph us, record our movements and our daily activities. Think of all the expertise available to such a powerful entity. Anything that government - or big business, or anyone in power for that matter -wants to know about, wants to happen, or wants to change, will become known to it, will happen, or will be changed.

When we start to think about all the covert ac-tions going on around us, and all the myriad ways in which we don't even know we are being ma-nipulated or spied upon, we begin to think of gov-ernment agencies as unbreakable, unstoppable... unhackable. And even if we think we have a chance at hacking it, we know we will end up in prison.

But all of that is simply untrue!

Government agencies are limited in what they can do and in what they know. You only have to look as far back as Operation Sun Devil a few years ago, when Steve Jackson got his games taken away because they were thought to be a menace to socl-ety. Sure, the Secret Service and the FBI may be powerful, but maybe they arefeeble-minded too.

We read about all these scary spy gadgets that have been developed that can read our lives like a README.DOC. We hear about the "impenetrable" government computer systems that have been set UP, and we are scared away because they sound so hermetically protected. For example, we know that any transmission of an interesting nature has a 100% chance of being intercepted. Therefore, all those spy guys in Washington have set up ul-tra-secure network links in an effort to protect their valuable secrets. Their most safeguarded lines are fiber-optic cables buried deep below the surface of the earth and sealed in gas-filled pipes. These are strictly isolated systems - no connections to outside phones or computers, so no hackers can gain access by dialing in. Even if a hacker were to dis-cover where the (unmarked) underground lines are, and even if that hacker were to manage to dig down undetected, and cut open the pipe to tap the cable, the drop in gas pressure instantly sounds an alarm.

This is heavy protection, and sounds like it would be impossible to hack, especially when you realize that even if there were some way to get at those lines, you still need various levels of permis-sions, passwords and access codes to reach the highest and most secret classifications of data.

But think again. Never forget that behind every complicated system, is nothing more than some human beings. And what are human beings if not fallible? In the case of this seemingly impenetrable system, we can imagine the humans who sit night after peaceful night, watching their TV monitors, waiting for the alarm to sound that signals a breach. They're probably asleep more often than awake, especially if the temperature and humidity is high in their work area. If ever the alarm did sound, they probably would ignore it, or wouldn't know what to do. Or they would take a quick look out the window and go back to sleep.

Even if the guards did go out and check the wires to make sure everything was okay, do you think they would continue checking them after five or six false alarms? "The boy who cried wolf' trick always works, especially on a dark and stormy night. No guard is going to go out sloshing through the mud and rain to investigate an intruder he knows won't be there. There is always a way. Don't be fooled by first appearances.

And here are some more ways you can beat the security:

General Purpose Microcomputers

noreply@blogger.com (SUPER HACKER) — Tue, 15 Jan 2013 06:50:00 -0800

Now we come to the third We of Public Access Computer from that list I gave several pages back: the General Purpose Micro. I'm going to be talking here about IBMs and MS-DOS machines, although nowadays we're seeing more and more Macs out in the open for public use. Of course, all techniques I discuss can be translated to any computing envirorunent.

Let's say you call up your local library and make an appointment to use a computer there, for word processing or business or whatever. Ordinar-ily these are nonnetwork machines, although if there's more than one they may be connected to the same printer, or to some other peripheral. At col-leges, the word processing software may be on a non-writable disk - on some sort of mainframe or minicomputer. There are also businesses set up now where people can go to rent time on a com-puter to type up their r6sum6s or reports, and have them printed out on a good quality printer. Set-ups such these can be exploited to the hacker's benefit.

The Popular Methods of Cyber Hacking Smartphones

noreply@blogger.com (SUPER HACKER) — Mon, 3 Dec 2012 16:20:00 -0800

The losses, which amount to millions of dollars from malware and toll fraud attacks on smartphones, stem from illegal access of applications from unofficial sources than trusted ones such Apple or Google.

There are several kinds of hacker known and they are not limited to phone hacking. Computers, tablets, phablets and notebooks are also vulnerable to hacking, which has become a relatively easy task, according to this YouTube posting.

Classifications of Hackers

In the underground of hacking, hackers are classified depending on their skills, knowledge, and capabilities.

White Hat - Breaks security without malicious reasons to test their personal skills or work with a company that needs intensive security assurance.

Black Hat or Cracker - Violates computer security with malicious intent for personal gain, destruction of data, and to make network unstable. This hacker type takes time and patience in doing their illegal work.

Grey Hat - Hacks system to notify administrators that it is vulnerable and offers repair service for a fee.

Blue Hat - Tests system for bugs prior to launch.

Neophyte - Newly turned hackers with full understanding of how computers, networks, and programs work. Usually, this is the starting stage for future classification to other hats.

Script Kiddies or Skiddie - Breaks computer systems using automate tools with no understanding or care of how they work.

Hacktivist - Regardless of classification, the hacktivist uses technology vulnerabilities to announce his social, ideological, religious or political message.

Elite Hacker - Considered the most skilled hacker, regardless of classification. Newly discovered exploits will circulate within this group.

Methods of Phone Hacking

1. Caller ID Spoofing: A system which masks the caller from its recipient by displaying a different phone number on the caller ID. Similar to e-mail spoofing which uses different e-mail address as a mask.

2. Location Eavesdropping: Commonly used in social medias like Facebook and Foursquare which allows location check-ins. Hackers may target checked in locations and eavesdrop the conversations. In a worst case scenario, a hacker may work with burglars after confirmation that the target is not home and the house is vacant.

3. SMS Spoofing: New hacking technology to mobile technology which allows the sender to replace his/her mobile number with alphanumeric text. SMS spoofing have legitimate uses but can cause great damage to the recipient.

a. The recipient of the SMS spoofing my incur termination charges as if received from a foreign network

b. The SMS spoofing may use a real subscriber's number incurring sending charges as if they were in a foreign country

c. Recipients may complain about spamming and possibly deflects sending of messages unless repaired

4. Malicious Software: Still being used by hackers as a technique to break security and cause multiple illegal functions such as intercepting calls or sending information (SMS, emails and passwords) and then transmitting it to another device. Having security software installed increases protection to user's private information stored in the smartphone.

5. Identity Stealing: Apps are very popular in smartphones and users may have tens to thousands of this installed. Fake apps give hackers the opportunity to access and steal all sorts of information about the phone, messages and data. Security programs are highly encouraged to prevent malwares and apps but should only be downloaded from trusted sources.

6. Pretexting or Blagging: Act of creating invented scenario such impersonation to engage targeted victim to divulge information or perform actions unlikely to happen in ordinary circumstances. Data that can be divulged includes addresses, phone bills, bank statements and health records.

7. Wireless Hijack: Wireless devices are great ways for transferring data files and can also be used for hacking. Wi-Fi and Bluetooth are vulnerable to hacking which can expose personal information of the target.

8. Cloning: Phone cloning allows hackers to receive calls and messages of the original device once turned-off. It requires special kits and techniques; it is not easy but can be done.

9. FlexiSpy and Phone Tapping: Normally, landlines are hacked by physical connection through terminal boxes and cables. However, more modern methods use a software called FlexiSpy to eavesdrop messages and voice calls to a Web site which allows access to stored data. Although banned in some networks, it has been used by parents to monitor their kids' calls.

10. Mobile Phone Tap: Various software allow remote listening to all phone conversations which are picked up through broadcast signals. Hackers may find these software difficult to obtain but it definitely exist.

Mobile Phone Pinging: Pinging a cell phone traces what cell tower the device is in. It is used by an agency by triangulating the approximate location of the mobile phone. It is not open for public use but hackers can tap into it and GPS makes it more dangerous for it can be used to trace a mobile phone even the device is turned off.

New Site Online With New Slot Save 40%

noreply@blogger.com (SUPER HACKER) — Thu, 3 May 2012 11:36:00 -0700

IOSHackZ.Com
Root-Hacks & IOSHackZ.com One Team To Provide Siri Service

We Build New Server For Customers You Can Buy From Here .

Thanks

20% off linux OpenVZ

noreply@blogger.com (SUPER HACKER) — Tue, 17 Apr 2012 12:14:00 -0700

Servers provided by AlmightyServers.com Get 20% off linux OpenVZ and Windows VPS provided by RootHack Promo Code ROOTHACKS while offer last

Is Hacking Ethical?

noreply@blogger.com (SUPER HACKER) — Sun, 4 Mar 2012 11:23:00 -0800

Most of you think that hacking is illegal, an immoral activity. Hacking is defined as increasing capacity of a device such that it can perform actions other then those defined and intended. It may also mean to take control of other machines. A hacker is a person who initiates this action and is extremely knowledgeable in computer programming.

Hacking has got bad name due to few people, organizations and media. Some of the hackers chose to use their knowledge to disrupt computers, steal information and gain illegal access. The motive was to hurt and steal. Most of the genuine hackers are ethical and are put in their skills to find new ways and means to use software or hardware. Also Ethical hackers are used to test any vulnerability in software and plug them before non ethical hackers find it.

Some hackers cross the line but do not stray too far and are called Grey Hackers. Hacking has been around since computers came to use. People who hack into computers live in almost every country in the world. Hackers are normal people with extraordinary ability and knowledge. They succeed where other programmers fail. They find ways to twist rules, bend rules, break them and define new ones. They set new boundaries in software and hardware usage. Let us look at various types of hacking.

Types of Hacking:

1. Hacking for user information
2. Web based hacking.

Hacking for user information involves taking control of computer to extract information without the knowledge of actual owner. Web based hacking involves playing with a website. It will be interesting to look in each type of hacking.

Hacking for user information: To gain information most hackers use Phishing, Brute Force Method, Key loggers and Trojans. While phishing, hackers make a web page which is exact clone of the website their target will visit. When the target keys in, they redirect him / her, to their own web page. This new web page captures the details and passes it to hackers.

Brute Force Method involves attack using automated scripts which will try all possible combination. It takes time and computing power to succeed. This technique was used earlier for email passwords but now Image Capture trick used by most websites has rendered it useless.

Key loggers and Trojans are similar in action. These programs are sent to user computers and installed discretely. They send the information back to hacker. Once hacker receives your private information they use it for their personal benefit.

Web site hacking: Hackers use SQL Injection, XSS and Shells. SQL injection works for website which have SQL database at their backend. Using a parse command one can get in the information stored in these databases. Shells and XSS techniques work by twisting the content and cookies.

Though this information my sound malicious but it is presented so that you can safeguard your website and information against these basic attack types and use Internet without any problems.

Ethical hacking methodology

noreply@blogger.com (SUPER HACKER) — Sun, 4 Mar 2012 11:20:00 -0800

One must be wondering how hacking and ethical can go together. Well, why not when there are bad things, there is always a prominent presence of good things around. There are many things, these days possible at just one single click, all thanks to the Internet. Like as said earlier, there are good and the bad, with increasing knowledge of the Internet, the crimes and risks related to the web has also increased and one of the most is hacking.

Hacking is talking about entering a computer network of any companies to gather data/information. This is absolutely dangerous and illegal of exposing the data/records for any reason. In statute to prevent such intrusion, several companies are employing expertise personnel's who are skilled in averting hacking and, these skilled people are known as "ethical hackers" or "white hat hackers". Sneaking and entering into the system to check for any culpability within the system, the performed act is known as ethical hacking. On the surface, ethical hacking appears to be rosy like any straight forward process.

Measure the reasons behind deploying ethical hacking

This is very crucial part about explaining, why an individual is thinking to do so. If the reasons are not virtuous, there comes the question of morality and, if it is for the company's benefit, deploying the same will be highly beneficial package. The key thing is what it brings that it grows into an urgent urge of deploying an ethical hacking.

The significance of hiring an ethical hacking professional

The foremost thing is necessary to know that, what kind of stuff one is searching and why it is has become imperative to hire an outsider to hack the system since; hacking is one of those dropped in banter to prove management is on the top of the issues when it comes to computer security. Computer security breaches are everyday news and, even occur in high controlled environments for two main reasons: people are not trained in identifying the mission and, people are not trustworthy and there is when the need of hiring ethical hacker arises. The core task of ethical hacking features involves about checking the loop holes, testing of the flaws and giving protection against such flaws.

What are the ethical hacking features that one should look for?

Any company cannot know that, if their security system is rock solid unless it is tested. The techs of the company cannot every now and then go at the system to know the mischievous and malicious motives of an illegal hacker. The below mentioned points are just a start, but not exhaustive ones.

• High qualification is essential in this highly technical area. The professional should be thoroughly certified and known to ethical hacking standards.

• There are individual security testers' professionals, not necessarily that an ethical hacker has all the understanding of every security flaws. So pick according seeing what exactly is required.

• The core ethical hacking feature is about its skills, along with the technical knowledge, there candidate should be competent, resourceful and, able to adapt to varied situations.

• Perseverance, patience and persistence are important ethical hacking feature that an expert ethical hacker has.

• Highly knowledgeable about security related issues, that can prevent flaws from happening.

What benefits does an organization can expect from ethical hacking features?

The top benefit that, an organization can expect is safety of their network. The professional hacker with above key features helps demonstrate the security of the organization or can discover the loopholes. Once the flaw is known, the professional offers a report stating the same and how the system can be made safer.

[ Free SiriProxy Server ]

noreply@blogger.com (SUPER HACKER) — Fri, 17 Feb 2012 11:15:00 -0800

[ Free SiriProxy Server ] By @im0hamed And @alawy103

A - To Use Siri For Free

Certified link : http://goo.gl/EA3vu
Spire host : https://root-hack.no-ip.biz/

see server info here http://root-hack.no-ip.biz
User : admin
Pass : admin

Write Feedback in tweet please @im0hamed And @alawy103

B - Feed The Server

We Need Iphone 4s Feeders to keep server up

Certified link : http://goo.gl/EA3vu

DNS : 184.82.101.198

Follow @im0hamed And @alawy103 For More Info

Google Speech Free

noreply@blogger.com (SUPER HACKER) — Mon, 13 Feb 2012 08:14:00 -0800

Google Speech Free

Here you go : http://bit.ly/xriCZA

Siri Private Subscription

noreply@blogger.com (SUPER HACKER) — Tue, 24 Jan 2012 11:42:00 -0800

We have two packages for siri Subscription :

Siri Subscription ( 1 Year )

Siri Subscription ( 1 Month )

Features :

-Faster server

-More secure

-Uptime 99.9

-Private connection

More information about price visit our shop
Here

Public server work with more performance

noreply@blogger.com (SUPER HACKER) — Mon, 23 Jan 2012 05:33:00 -0800

Siri work With more performance

1- If you have Iphone4s and you want to share siri with other people do this :

From (settings) --> (Wi-Fi)
do like the picture in dns box
(Only change the DNS )

From safari browser type this link and install the certificate

http://siri-bh.no-ip.org/blog.crt

after install try to speak with Siri it Should work Greater .

2- If you have Iphone4 and you want use siri do like below :

from (settings) ---> (Spire)

In Host box type : https://siri-bh.no-ip.org

From safari browser type this link and install the certificate

http://siri-bh.no-ip.org/blog.crt

And Good luck with Siri

Note :

1- This is public server (More Iphone4s More Client)

2. Subscription with private server will be open again

Siri work great in our public server

noreply@blogger.com (SUPER HACKER) — Sun, 1 Jan 2012 04:08:00 -0800

Siri Work Great with our server

1- If you have Iphone4s and you want to share siri with other people do this :

From (settings) --> (Wi-Fi)
do like the picture in dns box

From safari browser type this link and install the certificate

http://siri-bh.no-ip.org/blog.crt

after install try to speak with Siri it Should work Greater .

2- If you have Iphone4 and you want use siri do like below :

from ( settings) ---> (Spire)

In Host box type : https://siri-bh.no-ip.org:1000

( its https not only http )

or others ports

6 ports

you can chose one of them

1000-1001-1002-1003-1004-1005-1006-1007-1008-1009

From safari browser type this link and install the certificate

http://siri-bh.no-ip.org/blog-4.crt

And Good luck with Siri

Note :

1- This is public server ( subscription server Will be here soon with price )

The Hacker's Ethic

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 21:12:00 -0800

Many hackers and non-hackers have given their versions of the "Hacker's Ethic." The versions are all pretty much the same. What's different is the de-gree to which the ethic is followed. Smart people, like many hackers, start out by following the rules, the moral codes - the Ethic - but then they get sidetracked. They begin to get the feeling that be-cause they know about the law, they have the authority to break it: "It's not like we're blindly acting without discretion." That's what smart people do - because they know they're smart, and be-cause of it, they forget that even smart people, even smart hackers, are often very, very dumb.

What I'm about to do is give my own version of the Hacker's Ethic. This is a set of beliefs that I have about the world of computers. It may not be what you believe, but that's all right. Hacking has to do with independence.

However, I urge you to understand why it's important that you formulate a hacker's code of ethics and live by them. Having a code of ethics will help keep you out of trouble. Now, I'm not saying that if you're caught, a judge and jury are going to base their verdict on whether or not you behaved according to your beliefs -
especially since some of your beliefs likely involve illegal activities.

What I'm saying is, I like to think that if you have formulated a moral code, and it is well known that you abide by that code, and if all members of your hacker's circle sign affidavits testifying to their loyalty to the code, then in some instances it may allow a judge or jury to honestly say to themselves, "Gee, he meant no harm by it -the damage was not intentional." If you remember our previous discussions of law, many offenses require that, for a criminal action to have occurred, the suspect's conduct must have been intentionally criminal. Well, I would like to think that's the way it would turn out. In real life one can't count on others seeing things from
your point of view.

At the very least, one would hope that by providing a code of ethics, you could more easily weed out undesirables from your group, and keep your members safe and happy. More importantly, I feel there is some indescribable underlying goodness about having a code to guide you. If I sound preachy, fine. I'm done.
This is my Hacker's Ethic. These are my beliefs about computers and hacking, as I attempt to live them.

My Code Of Ethics

Computers have enabled a great deal of infor-mation to be available to anyone, and quicker and cheaper than ever before. The free flow of informa-tion is good, but not when it violates human rights. There are two kinds of human rights. There are rights which pertain to individual humans, and rights which pertain to humanity as
a group.

All of humanity should have the ability to access virtually any known information. There should be a free flow of information, and informa-tion and technology should be used in moral ways. People should know how things work, if they choose to know, and such information should not be kept from them. New ideas should be heard, and there should be the capability for ideas to be discussed, and questions answered, from multiple viewpoints. People should be made aware that all this knowledge exists, and can be brought to them. Technology should be used to this end, not for profiteering or political gain.

Individually, people should have the right not to have data pertaining to them available for use in ways which are adverse to them. People should have the right to be notified when information about them is added to a database, when and to whom it is sold or given. Because it is their own personal information, individuals
should have the right to control how information about them is dis-tributed. A person should have the right to examine in-formation about him or herself in a computer file or database, and should be able to do so easily. The person should have the right to easily correct inac-curacies in that data, and to remove information that is offensive to that person. People should be guaranteed that all makers and suppliers of data-bases will enable these rights to be granted, in a timely fashion.

All of this is what should be the case, and in some situations these rights are currently acknowl-edged. However, most of these rights are almost unanimously ignored. Therefore it is necessary to hack. Hacking is using computers (or whatever) to live according to these ideals. Hackers have these ideals about individuals in general and humanity in general, and I have a set of ideals which I personally follow so that the general ideals may be carried out:
• Never harm, alter or damage any computer, software, system, or person in any way.
• If damage has been done, do what is necessary to correct that damage, and to prevent it from occurring in
the future.
• Do not let yourself or others profit unfairly from a hack.
• Warm computer managers about lapses in their security.
• Teach when you are asked to teach, share when you have knowledge to spread.
This isn't neces-sary, it is politeness.
• Be aware of your potential vulnerability in all computing environments, including the secret ones you will
enter as a hacker. Act discreetly.
• Persevere but don't be stupid and don't take greedy risks.

I am not suggesting that following a code of ethical conduct of this sort makes my hacking moral or right. But I'm also not saying that my hacking is immoral. Don't even raise any argu-ments along those lines with me because I simply do not care about them. We know what's legal and what- isn't. Hacking is something that I am going to do regardless of how I feel about its morality. It is pointless to raise the issue of "Do you honestly think you can justify snooping with your loopy code of ethics?" because if you must consider that issue, you must not have hacking in your blood.

Combining Principles

Throughout this book I've tried to offer general guidelines on the various topics that will prepare you for any computing situation you happen to find yourself in. When it comes to so broad an undertaking as "hacking," there can obviously be no one specific set of steps to follow to achieve one's objectives. Rather, one must call
upon a vari-ety of general ideas, overlay them when appropri-ate, and just hack away until something comes of it.

From knowing what to expect you should know how to react to a new challenge - and your ability to hack will improve.

I want to tell you one final story. This is a story which demonstrates many of the principles you have learned from this book: research, scavenging, shoulder surfing, persistence and logical reasoning, programming methods, brute force, general computing knowledge, social engineering, reverse social engineering, screen analysis, system simula-tors. It shows how each is played off the other for the final triumphant result of a successful hack.

My One-Person Tiger Team

Recently I was given the opportunity to try my hand at hacking into a newly set up computer system at a special library. The library director was concerned because they had recently transferred to this new system which, unlike previous ones, allowed dial-up access from outside lines. The director wanted to know if it was
possible to break out of the search facility, into the restricted areas hav-ing to do with overdue fines, patron names and addresses. Or would it be possible to escape en-tirely from the library program to the operating system and perhaps do some damage?

I told him I would be happy to look into the matter.

Now, he offered to give me one of the dial-in numbers, but I told him there was no need for that. I was a hacker after all! (Actually, I was acting cocky to impress him - I already knew the phone number from watching him give me a demonstration of how the public part of the system worked.)

I called up the system from my home and explored every inch of it. It was a command-run system. The opening screen allowed one to select a function by entering commands such as CAT to search the library catalog, or HOL to place a hold on an item. The proper way to end a session was with the END command. I
tried other, unlisted commands to see if any would work. More than you nught realize, this is a very common practice on computer setups where part of the system is public and part is private. Almost always the public part of the system will have at least one secret command to allow entry into the private side. So I tested a whole slew of key words: EXIT, BYE,LATER, START, LEAVE, LOGIN, QUIT, USER, PASS, LOG, LOGI, CIRC, and the like. Some of these I have seen used in actual applications. (For example, CIRC is often used to enter the part of a li-brary program that takes care of circulating mate-rials. I discovered LEAVE on a computer that was situated in a museum - typing it in allowed one to exit the menu arrd enter a special area for museum curators and employees.) None of these, no any of the other words I tried, worked.

Since it was a brand spanking new system, I was sure there would be lots of bugs hanging around that I could exploit. Indeed, when I spoke to the director, he bemoaned the fact that certain function keys on the terminals had not been set up yet, and that pressing them would exit one to an incomprehensible programmer's
environment. Aha! This is what I needed! But when you're calling in over the phone lines, you don't have access to the function keys that are available on the computers in the company offices.

I thought perhaps the function keys were mac-ros for commands which a user would otherwise have to type in by hand, but I didn't know what those commands were. I was doing nightly excavatings of the building's garbage bins to see if anything would turn up, and finally something did - a badly mangled reference card
from the com-pany which had supplied the software package. I painstakingly searched every last inch of the trash that night, but could only come up with half of the card.

At home, I saw that among the things listed on the card were indeed the names of commands mapped to the function keys. Only two of them were legible, and the rest were either torn off or smeared beyond readability, but those two turned out to be enough.

What was immediately apparent was that I had made a wrong assumption - not ALL the commands were standard English words or abbrevia-tions of words, like CAT or END. There were two-letter commands and dot commands, too. When you input a dot command you type a period (.) followed by an alphanumeric
command. They are often used in applications where entering the alphanumeric command by itself would be misinterpreted as inputted data. For example, let's say you're using this library system, and at the prompt where it asks for an author to search for, you decide to search for books by title instead. So you type the TITLE command. What's going to happen? The computer thinks that "Title" is the name of the author
you want, and starts a search for someone with that name. To get around that sort of problem, this system allows a period to be typed before a command. Now if you type ".TITLE" at the author prompt, the system sees the leading period and recognizes that what follows should be treated as a command.

Programs often use a period before the com-mand because a period is a small, undistracting character and is also very easy to type. But occasionally you will run into "dot" commands which use other characters, most notably, slashses (/ or or an apostrophe (').

Anyway, the reference card told me that press-ing function key F1 was akin to the QUIT com-mand, and F2 was the HELP command. Both seemed promising -.QUIT because it might allow me access to the nether regions, and HELP because since this was a newly set up system, help was very likely not yet implemented - and might be one of those functions which the director was complain-mg would crash the system if someone used it.

I was dialing in to the computer from the out-side world, and there really isn't any way to transmit a function key press through a modem (function keys are not in the ASCII lineup), so I had to hope that either QUIT or HELP would work. Of course I had tried their undotted counterparts be-fore to no avail, but maybe, just maybe, one of them with the dot would work....

Nope!

.QUIT simply terminated my session and dis-connected me. When I typed HELP, the screen cleared, and the following line was printed:
<EOF \txt\hlp\help000>
I presumed this meant that the End Of File helpOOO in the \txt\hlp directory had been reached; in other words, the file existed but was blank. I was temporarily licked, I thought, though it was interesting that now I knew about a \txt direc-tory which apparently contained various text files, and a \hIp directory within it which held help files. Something else I noticed: every time the screen was redrawn, a line at the top was displayed which read something like this:
<<< J. Smith Co Special Library On-Line >>>
(000)U/SYS v55.6

The three digits in parentheses changed de-pending on which part of the program I was using. "(000)" presumably signified the opening screen, where I was attempting to launch these unlisted commands. If I tried the HELP command at, let's say, screen number (013), 1 figured the system should then search for the file
`\txt\h1p\he1p013.` Indeed, that is exactly what happened.

Now, every program has its own style of input and output. One of the things this system used to take input was a cornmand followed by a number. For example, if a search turned up fifty books, you might type "BR12" to see a brief citation for book number 12. 1 wondered if the same format would apply to the help command as well. I tried ".HELP99999," hoping that 99999 would be a num-ber too big for the system to handle (certainly there was no screen that high). What happened was I got a message informing me that the command was not valid. I tried other variations, such as ".HELP 99999" and ".HELP < 99999" but none of them were valid either. Finally I gave ".HELP99999" one last try and this time it worked! I guess I had made a typo when I tried it the first time, perhaps inserting a space between the "P" and the "9," or whatever. The system crashed, and I found myself launched into the programmer's debugging environment.

It was like a mini-editing system for the text and batch files that the database used. I fooled around a bit with it and came up with nothing much of value except for a copyright notice that gave the initials of the company that made the program. I looked through various directories of soft-ware companies, trying to come up with
actual words to go with the initials, and finally I found two that fit. I called up the first and found out that they were the ones who had written the program I was interested in. I asked about obtaining replacement documentation for the package. They said sure - all I had to do was supply the serial number that came with my software and they would send me the book for a nominal fee. I tried some bull-shitting: "Well, I don't know the serial number because I don't have the instructions." No good; the receptionist informed me that the serial number could be found on a label stuck to the original disks. "I don't have the disks near me right now -I'm calling from my car phone. I'm sure I sent in my registration card, perhaps you could check that? My name is Jonathan Smith from J. Smith Co..." I prayed that the real J. Smith had sent in his card. He had not. I thanked the receptionist and told her I would call back the next day.

I figured the company library must have the documentation, but I couldn't just show up there and ask the director if I could peruse it for a while. Besides, I wanted to do this whole thing as if I were an outside hacker, unconnected with the company, trying to get in; special favors were out of the ques-tion.

That meant it was time for some serious social engineering. The only person at the library who really knew anything important about the system was the director himself, and he was out of the question since he would recognize my voice. Anyway, all I needed was this serial number. I called up the library reierence desk, and
made up a story about how I was a programmer from the company that had installed the new computer system and I was wondering if they had version 8 of the program? Naturally she didn't know, but I kindly ex-plained to her that to find out she would have to look for some disks with labels stuck to the front of them.... She found the disks in the director's office, and told me that the number eight wasn't printed any-where, just one long serial number. I had her read it to me, and one of the twelve digits was an eight, so I told her yes, everything was fine, that I just wanted to make sure she had the newest version, and that I would send her version nine if we ever got around to releasing it. She couldn't have cared less.
Anyway, I paid extra for overnight delivery of the debugger documentation, and got it late the next day. Poring through it I found out how to move around in the programming environment and - more importantly for my purposes - to exit from it.

(All the important commands were ab-struse things like KLOO and EE61. This editor was clearly a rush job, created by programmers, for pro-grammers.) Exiting the debugger got me to a login prompt. I quickly found that typing in "circ" at this prompt, and "JSC" at the following password prompt, would bring me one step
closer inside. (Here JSC stands for J. Smith Co. Of course that is a fictitious name.) After entering the password correctly I was brought to a second level of security - apparently the circ/JSC was a general login combination thatanyone with legitimate access to the system knew. I know how to put in "your personal 9-digit ID code." Okay, well we know what nine digits means - a social security number!

I knew that the director had been born and raised in Kentucky, so I knew the first three digits of his social security number. I wrote up a program to continuously spit out possibilities for the last six digits, and it wasn't too long before I found one that worked. When it did, I was greeted with, "Good evening Jane Thombuckle! Please enter your personal password." Jane Thombuckle was not the library director. Now I needed Jane's password. I went back to brute forcing for a while, looking for Thombuckle's personal password by trying out the obvious possibilities, until I got sick of it.

I didn't know who Jane Thornbuckle was, but one of the things I had pulled from the garbage was a stack of discarded company newsletters. Buried deep in the stack was the answer: Thornbuckle was a figure in the company's Management Information Services Department (i.e., a computer programmer). I did some more
hacking away at her password, but that was fruitless. Finally I restarted my program to try social security numbers, and eventually came up with the library director's. Hacking his password by chance was, like Thornbuckle's, getting me nowhere.

I decided to look back at what I already knew. The programmer's environment was an interesting thing, and I played around with it awhile until I had learned enough about it to use it to edit files to my liking, as well as a few other tricks. I was able to use one of the debugger's find commands to locate every occurrence of the
word "circ" in the system files. One of these files contained a bunch of gibberish, the word "minicirc," some more gibber-ish, and then "cirOt followed by more gibberish. I tried analyzing the gibberish after the second circ to see if it could be unencrypted to read "JSC." If it could, then I would be able to use the same procedure on the gibberish following "minicirc." This tactic was to no avail.

Back I went back to that initial login prompt and tried typing "minicirc" with various passwords. The problem was I didn't know what the "mini" part meant. My best guess was that it was some sort of small version of the actual library system - a simulator or training module. I was trying passwords like TRAIN, MINI, MCIRC,
MINICIRC, TUTOR, LEARN, and after a lot of trouble, finally came up with T.CIRC1. This got me
to my favorite little message: "Please enter your personal 9-digit ID code." Within a few seconds I had discovered that the number "555555555" worked like a charm on this mini circulation system. The screen cleared.

"Good morning New User!" my glowing computer screen exclaimed - it must have been three or four in the morning. "Please enter your personal password." This was, I hoped, the last level of security. Yes it was: a few moments later I was in the minicirc under the password "TRAIN." I was proud of myself. I had managed to get out of the public side of the dialup system and into the behind-the-scenes area. But my journey was not over yet, because I still had not gotten into the ac-tual circulation system - just the simulated one used for training purposes.

The minicirc was helpful, but it lacked certain features which, if I were an industrial spy, I would have liked to have had access to. I could use minicirc to check out books to patrons, register new patrons, search the databases, etc., but the database contained only imaginary names and addresses. Many of the other features of the system were unimplemented, but just knowledge of their presence helped me. There was a bulletin board service, which would display messages after log-ging in. A few standard messages had been left by the installers: "Hi, welcome to the system...... From examining these messages carefully, I came up with some
important tidbits of information.

Each message began by listing who had sent the message, and who could receive it. Part of the sender data included the word "minicirc," which implied that it was possible to send messages from the minicirc to the circ and vice versa (otherwise, why would they bother putting that in there?). The second important fact was that
although messages were apparently sent by default to all users, one could specify a particular user who would be the only one to read a posted message.

I used the editor to write a letter and send it to myself. Then I logged off, called back and broke out to the programming environment as I had been doing. Pushing the debugger to its limits, I was able to use its file editors to find the letter I had written, and alter its contents. Instead of being directed to me on the minicirc, I
changed it to be sent to the library director. And where originally the file had stored my own name - "New User" - I altered it to say that it came from some fictitious rep-resentative from the database company that had written the software. The bulletin instructed the di-rector to call this person about some new improvements that could be gotten for free now that version nine had been released (reverse engineer-ing!). I supplied a phone number to call. The num-ber I gave him was that of a friend of mine, a fellow hacker named Morriskat, whom I had thoroughly briefed on how to act when the library director called. We set up Morriskat's answering machine so that if the director called when he wasn't there, a convincing song-and-dance would tell about the new products this company was offering at the time.

When the director did make the call, Morriskat talked about some upcoming features, then asked him some technical questions about the particular way the software had been installed for his library. The director didn't know the answers but, he said, he had a terminal right in front of him - he could log on... "Perfect," Morriskat said. "Just go through your usual stuff. Circ. JSC. Uhm, Social Security Number 402-66-0123. Are you still using the personal pass-word we originally set you up with?"

"Yeah, 'Firebird.'Okay I'm in......
Knowing three out of the four security controls, projecting an air of omniscience, and having the spoofed e-mail as support, getting that final pass-word was easy as pie.

For the last phase of the project, Morriskat and I sat down to see what we could do with the library director's system access. It turns out we could do plenty. We made up new superlevel accounts for ourselves. We were able to toggle access to virtually every aspect of the software to any other user. And we could print out
personal information about every employee at the company - because every employee, whether they ever stepped into the company library or not, had a record in the library's computer. We knew what materials they had borrowed, their home and office phone numbers and addresses, and year of birth. Exiting from this level to the network server was simple to do, and from there we could login to one of the host computers using the library direc-tor's name and his password "firebird."

As the coup de grace, and to prove conclusively that I had done what I had set out to do, I used the programmer's interactive debugger editor to alter the library program's opening screen so that in-stead of giving an explanation of commands, it told a dirty joke. Then I left a file inside the library di-rector's directory which explained how I had bro-ken in. This story as I've told it here is pretty much that file, although here I've expanded more on the hackerish side of things. Principles Combined If you are to be a truly successful hacker, one who can hack on demand like this, then you must be a hack-of-all-trades.

It's not enough to be a spontaneous and smooth-talking social engineer. It's not enough to be a programming genius. It's not enough to have the perseverance of a marathon runner. You must have all of it and an imaginative, goal-oriented mindset as well. And the ethic. I truly believe that a hacker who lacks the hacker's
ethic will be going nowhere fast, because if you don't show an honesty and compassion in what you do, others will not act kindly toward you and that quickly leads to trouble.

Did I display the hacker's ethic when I carried out the hack I've just described? Yeah - I had done nothing more than rename the file that contained the system's opening screen, and put the dirty joke in a new file with the old name. And I showed the library director how to go about switching them back. Later the two of us, along with members of the computing staff of the company held a meeting to discuss what actions would be taken to close up the security holes I had found. And, I should add, they have done so.

Concluding Thoughts

Ask any enlightened sage about the purpose for the existence of our universe - or ask any burning, age-old philosophic question of the kind - and the response will invariably be something like this:
"I can not say it in words. I know the answer -I can feel it, and I can feel myself knowing it. But to simply use words to describe an indescribable sen-sation is impossible."
Your natural reaction to this bull is, "What a phony!" And of course, he is a phony.
But he's also sincere. He truly believes he understands all the mysteries of the universe, and those many and varied teachings that make up the answers to those mysteries are things that must be experienced first hand. Things can be explained to you, but they can't be felt unless you yourself have felt them. So here is your passport to the world of hacking outside this book. You now know the ideas, the methods, the information and facts that will allow you to begin a hack in a systematic way, and you know what can be done to minimize mistakes and wasted effort, and reduce your chances of getting caught. But naturally, that is not enough. As with any hobby/game/education/occupation it takes trial and error, practice and experience, lots of time and patience and practice and more practice, before things work out as you would like

Other On-line Security Steps

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 20:48:00 -0800

In real life and detective fiction, the real enemies to a person's well being are patterns in that person's life. Having a regular schedule of activity may make life easier for you, but it also allows others to find you when you are trying to hide, and notice you when you are trying to remain inconspicuous.

As an example, consider the case of the oilman who would ask the system manager to mount tem-porary backup tapes every time he began a com-puting session. The oilman would then read from the tapes posted by the system manager before starting his work. The manager got suspicious fast: it was pretty evident that the
oilman was looking for data that others before him had backed-up onto those tapes. That industrial spy, like many other hackers and crackers, was caught because he followed a pattern.

Criminals (and hackers) like to formulate plans of action. But remember, any plan you conceive should have elements of randomness to it. Don't allow yourself to always call at a certain time, from the same workstations or telephones, because one day you will arrive at your favorite hacking loca-tion and find someone standing there with a pair of handcuffs.

Once I got a list of Social Security numbers from sitting in on a computer class on the first day: the professor handed around a sign-up sheet for stu-dents to list their name and number so that ac-counts could be made for them on the computer system. I waited until the accounts were made, then I had to go in and try them
out. But trying them all at one time would have been too suspi-cious. Instead, I tried a new one every few hours, a different name each time, so it would look as though different people were trying it out.

The system was secure in that it asked me to change my password upon first login. After doing so I was able to use the operating system's pass-word-changing command to go back to the Social Security number so the original user could get in.

But in each user's directory I left behind a hidden program that I could use for remote file viewing and playtime later on.

If you ever get into a situation where you can't change the password back to its original form, try re-entering the password as some variation on the Social Security number. For 123-45-6789 you might enter 123456789 or 123-45-6780 or 123-45- 67890, as if the typist's finger has slipped. If security precau-tions require a capital letter or something, use one that is close to the last digit in the ID.

It is equally important that your modus operandi change as you move from one hack to the next. As you know, once you're into a system you should do what you can to create a new account for yourself. But make sure you always use a different name and password, and make anything you input about your fictional persona as noncommittal as possible. It is a minor point, but one of the things investigators noticed when tracking down computer cracker Kevin Mitnick was that the words he used were often identifiable American vernacular, thus implying that he was in fact American (i.e., a spy from a Third World country probably wouldn't use the password "RENANDSTIMPY").

Security Logs

It is easy to get manufacturers of security prod-ucts to mail you everything you would ever want to know about the things they sell. Here I am con-cerned mostly with software which quietly moni-tors the activity on a system, audits the system re-sources for misuses and irregularities, and keeps a disk-based or printed log of
usage. Someone at the company takes a look at the log, then says to him-self, "Hey! Mr. Poultry has been logging on every night at three in the morning. That seems unusual... Better have a chat with him..." Suddenly you're in an unsafe position, and you never even knew it was coming.

From your research into a particular computer you are looking to hack, you will know which se-curity products are in force (by calling system op-erators feigning that you are a computer consult-ant, or by looking through the company's library of reference manuals). Get the descriptive literature from the manufacturer so you'll know what silent enemy you are up against.

Security logs - if they are in place and actually attended to - will alert administrators to any pat-terns which you create. Well, you're not going to create any patterns, but you're probably going to create some problems, and those too, will show up on the security log's report.

If you plan to stay on a given computer for any length of time, for instance if you plan to use that computer as a springboard from which to jump around through the network, you must discover the security auditor and render it useless.

Don't destroy the auditor, simply reprogram it to ignore you when you log on. Or find out how it keeps a record of events and see what can be done to eliminate your own tell-tale traces. This should be piece of cake, considering that if you're in the position to do these sorts of things, you most likely already have root access.

If you have been logging on in a similar way for a while, you might want to change previous log en-tries to reflect a more random login schedule. You may also be able to use a date or time setting cornmand to control how the security monitor judges your behavior.

WARNING!
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

There have been many, many instances of hackers carefully editing out personal sections of audit records, only to find to their horror that they've deleted more than they should have. Or hackers who were trying to be helpful by cleaning up a messy program or fixing a typo in a memo, and having some disaster occur. You know you should always keep backups. The backup rule applies every time you use a computer, especially computers which aren't yours. If you feel you must alter a file that doesn't belong to you, alter a backup of that file. When you're done, make certain your changes are perfect, delete the original file and then rename the
backup.

One simple task that most auditors and many secure operating systems will perform is the re-cording of unsuccessful login attempts. Again, re-search is needed to see how your particular target computer responds to inaccurate logon inputs. Some programs will let you try three or four user-name password combinations before resetting and saving the last attempt. In that case you would try to always make your last login attempt something innocuous. Or to be safer, don't type anything for your last allowed login attempt. Instead, press Con-trol-C or Control-Z or whatever it is you can use to break back to the previous level of interaction.

Auditing programs can be a nuisance if you're running a big job, such as a brute force password generator. If you're able, try to write these pro-grams so that they get around the security logs. Going directly to the hardware may be one solution to this problem. Another, depending on what kinds of things the log is keeping track of, would be to rename suspicious commands, so that the log either won't know to record those commands under their new name, or if the supervisor reads through the log printouts, he or she won't notice any question-able activity going on. Printed logs are a big problem. Any hacker worth his salt, can go in and fiddle with records which have been stored on a tape or disk. But what if the security monitor makes a real-time printout of events as they occur? Then, my friend, you are stuck. Once a deed is done, it is trapped on that page for life.

The thing to do is catch any mistakes before you make them. Limit the number of illegal or questionable activities you perform until you can find a way to disable the printer. You may be able to use software switches to program the printer to print everything in a nonexistent font, or if it's a multi-color printer, in a color that has no ink car-tridge or ribbon. Of course, since you're probably doing all this over the phone, you might not know what equipment is being used. However, it might be possible to reroute print jobs to an electronic storage medium, or to an unused port; that is, tell the computer to print stuff out on a printer that doesn't exist. At times it may even be possible to trick the computer into thinking it's printing to the printer when actually it's printing back through its own modem - and so you end up receiving re-Ports of your own activities as you go about your business.

A more troublesome form of paper log is some-times used by organizations to keep track of who does what, when, and why. Some companies insist that each employee enter telephone calls in a log. A monthly review and a comparison of the log with phone bills is done - and if anything doesn't match up, well, you can figure
out what happens next. If you sneak into an office to make long dis-tance calls, you can be easily trapped with such a log, since you probably won't know about it. Even if you're dialing in from home (or a phone booth), a log can trip you up. If you use a company's corn-puters to call other computers, that might be a toll call which would show up on the phone bill, but not in the employee log.

Companies may keep logs to verify employee comings and goings, and use of equipment. Stay on top of things because the littlest errors lead to the biggest downfalls.

In Public And On-Site

Doing any sort of hacking-related function in public or on-site - altering public access comput-ers (PACs) or public access terminals (PATs), sabo-taging for reverse social engineering (RSE), doing in-person social engineering (SE), using a university's computing facilities, or simply doing research at a library - is riskier
than doing the same sorts of things at home. Not only do you have all the threats that a home-based hacker has, you have the additional concerns of whether or not you will be recognized or apprehended.

Use proven burglar's techniques when selecting spot to do public hacking. When a burglar enters a house, the first thing he does is scope out all the exits. Don't sit down at a computer from where you won't be able to escape easily in more than one di-rection. And just as a burglar is always glad to see tall shrubbery to hide
behind, you should try to sit at computers that are hidden in some way; with people or objects sitting in front of you, and hope-fully a wall behind you, so no one can look over your shoulder.

Always be ready to leave a public hack at a moment's notice, and never get so involved with your work that you forget where you are. Remem-ber, that's what happens to regular users when shoulder surfing takes place - they forget where they are and they let people see the secret things they're doing. A hacker must always be more secu-rity-aware than a regular user.

Take care to have a decent story prepared if youre trespassing, or if your actions will seem fishy to a passer-by. Make sure you dress the part of your story. Regardless of your story, clean dressy clothes are always a plus.

Finally, one should always keep in mind that a computer room is very likely occupied by at least one hacker or cracker at any given moment. Be alert to shoulder surfers, and to other tricks of the trade. When I sit down at a public terminal I always press the Break key a few times, and log off several times before logging in - just in case someone has set up a simulation trap.

Be cautious, too, upon log out. Some terminals, such as the Tektronix 4207 and others, maintain a buffer of the screen display. Often that buffer is not cleated, even after log out. What that means is, some unsuspecting soul walks away from the ter-minal, but leaves behind a record of every action taken during his or her
session. Anyone can go over to that terminal now and access, read, even print out dozens or hundreds of screenfuls of data.

While Off-Line: Minimizing Losses

Okay, so what if all of this doesn't help you? What if you still get caught? It's good to be pre-pared for such an emergency so if the feds do catch up to you they at least won't have any evidence on which to base a trial.

Maintaining Your Computer

You should routinely look at the files stored on your computer and destroy those which you ille-gally acquired. When I say "destroy" I mean it -don't just delete those files: overwrite them with a single repeated character, encrypt them with the lengthiest, twistiest key you can fathom, and only then erase those files. You can use a "Wipefile" or "Wipedisk" program to write over data. That way you won't have compu-cops poking around in your secrets.

Also keep in mind that sometimes pieces of files get lost or unattached from the files to which they belong, or parts of files get duplicated elsewhere on your disks. It's a good idea to regularly check for these orphan text strings and eradicate them if they contain incriminating evidence.

Any computer file which you simply can't de-stroy must be encrypted and, ideally, hidden under an inconspicuous filename, such as PACMAN.EXE.

There are other matters to consider, other things about your computer that might not directly con-vict you, but can lead to evidence that will: termi-nal programs, autodialers, databases of modem numbers and account codes, lists of BBS numbers (especially pirate, phreak or hacking boards), and any other program that could
even remotely be linked with a crime.

To play it safe, I use physical locks on my com-puters along with software "locks." I programmed all my computers to check for a particular key be-ing pressed during the start up procedures. If the computer goes through its entire start up mode without detecting that key, it knows that something's wrong. It will then call a time-and-date sub-routine. The routine shows the correct time and date, and gives me the opportunity to correct them. I must input a certain time and date, otherwise the computer will display a "LOADING MENU"
mes-sage and remove the directory in which I keep all my naughty stuff. There is an opening menu too, which one can not enter or exit without inputting the proper password.

Luckily, I've never had my computers seized. If I ever do, I pity the untrained lummox who gets to go through my stuff; my systems are all booby trapped to destroy incriminating evidence. And even if he's prepared for that, he still won't know how to prevent it from happening!

Keeping Your Other Stuff

Once a law enforcement official has a warrant for your arrest, he or she can legally steal all of your computers and peripherals, blank disks and audio cassettes, commercial software and documentation, printouts and operating logs, telephones and answering machines, any piece of electronic equip-ment as well as any papers
indicating that you are the owner or user of that equipment, wires and loose parts, model rockets, disk boxes, radios, soldering irons, surge protectors, books, journals, magazines, et cetera. These things I've listed are all things that have been seized in past raids. Also, if the crimes which you are suspected of committing are related to a specific place or person, they will seize any papers or evidence with which a connec-tion may be made between that place or person and the crime. They purposely write their warrants to allow seizure of a wide range of items, and believe me - they will take all of it.

And don't expect to get any of it back in one piece, either. This is yet another reason why, as I said in the beginning, it may not be such a great idea for hackers to even own a computer. It's sad but true, and so you should do your best to hide anything when you're out of your house or not us-ing your equipment. If you have
printouts or notes lying around, keep them in folders marked "SCHOOL HOMEWORK" or "CHURCH GROUP". Make the marks big and visible, and innocuous, and maybe they'll overlook the folders' contents.

it is a myth commonly heard that computer printouts can not be used as evidence in court, since they are so easily forged. The truth is, a print-out is just as valid as any other piece of written evi-dence, as long as it can be shown to have been made at or near the time of the criminal act, or during preparation for the act. If a Secret Service thug, after taking your computer, makes a printout of a file contained on it, then that printout is invalid evidence, since he made it and not you. On the other hand, if there is in fact some accessible in-criminating evidence stored on your computer, the prosecuting attorneys will know how they can le-gally present it to the court (I presume by bringing your computer into the courtroom, plugging it in and firing away). On the other hand, the feds are so good at smashing up seized computer equipment that you probably have nothing to worry about!

It is important that when you hide stuff, you make it look as if the stuff has no connection with computers or electronics. Law enforcement officers are smart enough to get warrants that let them take anything even remotely connected to electricity. Let's look at a hypothetical example. Suppose un-derground information were routinely distributed on audio cassettes. Naturally we would resort to putting that information on store-bought tapes with legitimate names -Beatles, Grateful Dead, whatever. The cops would know that, and thus would want to get their hands on every tape we own, including ones that look as harmless as rock and roll.

As hackers, we do exchange information and keep records on disk. So if you have a box of disks containing all your hacker stuff, you can't simply label the disks with names like "Space War" and Pac Man." They will suspect either that the disks have been labeled misleadingly, or that the games themselves are real. (Think of Steve Jackson.) Be-sides, in their raid they won't stop to sort seemingly irrelevant belongings from the obviously illegal ones. So you'll have to hide the disks themselves, and hide them in a way that is unrelated to tech-nology. The same goes for your other electronics equipment, and anything else that might reasonably
be stolen by the feds. For example, I keep my backup disks in a graham cracker box. Am I being paranoid? I don't think so. I store my laptop in a big corn flakes box up in the closet - it's just as easy to keep it there as anywhere else, and doing so makes me feel more secure. You already know how companies leave help-ful information in their garbage bins, but you should realize that your garbage is just as helpful to someone investigating you for computer crime. Anything incriminating you want to discard should be destroyed beyond recoverability first, and discarded from somewhere other than your home. When I say "destroyed" I don't mean putting it through a shredder - I mean completely de-stroyed. If the Secret Service finds shredded paper in your trash, they WILL piece it back together.

Paper printouts should be soaked in water to wash away the lettering, and then shredded. Disk contents should be encrypted, then deleted. Disks should then be zapped with a strong magnet (bulk erasers, called degaussers, are available to do just that) and the disks themselves chopped up.<This behavior is not paranoid
enough for the US Department of Defense, which according to Lance Hoffman in his Modern Methods for Computer Security and Privacy (Prentice-Hall, Inc., Englewood Cliffs, NJ: 1977) "feels that there are techniques for electronically retrieving overwritten information and thus requires destruction of the recording
medium.">These items can be anonymously deposited in some public garbage can, or in the case of paper, a public re-cycling bin. I'm serious! You do this and you've just blown away any "theft of trade secrets" indictments they wanted to hang on you!

Conclusion: How To Get Caught

This is a book of methods after all, and so here is a list of methods NOT to follow. If you do these things, you will definitely get in trouble. Because, you see, there are five ways you, the hacker, can get caught hacking:
1. by traces or technical means,
2. by being finked on,
3. by getting many agencies ganged up against you,
4. by making a mistake, or
5. by being made (recognized).

You will get caught by phone line traces and other technical means, such as audit logs. So don't keep a routine. Switch the phones and computers you call from all the time.

You will get caught by getting ratted on. Maintain contacts with other hackers, but do so discreetly. Don't tell anyone who doesn't need to know about what you're up to. Above all, be nice to the people you come into contact with while sharing hacking tales, doing research, or while performing the hacking itself. Be nice to them, and hope-fully they will be nice to you.

You will get caught by getting many agencies ganged up against you. Don't steal or destroy or vandalize. These things make you look bad, and downgrade hacking in the eyes of those investigat-ing it. Hackers have a bad enough image as it is, mainly because hacking's most public practitioners are nerdish eighth grade heavy
metal pseudo-anarchists with skin problems. If you re-main true to hacking ethics, you will fare better than if you demolish what you hack - because fewer agencies will be willing to pursue you. Tiptoe.

You will get caught by making a mistake. It is a mistake not to take all of these precautions. Always think before you act. Never reveal anything about yourself. Remember to delete backup files. One of the things that tripped up Lt. Col. Oliver North -according to Donn B. Parker in his Computer Crime: Criminal justice
Resource Manual - was that he: did not understand that using the ERASE command in the White House Executive E-mail system merely removed the name and storage address of an E-mail message from the directory of messages; it did not destroy the contents of the message. In addition, frequent backup copies of all messages were made and stored for later retrieval in the event of a com-puter failure. As a result, much of his corre-spondence was retrieved as evidence of possi-ble wrongdoing. You need to be especially vigilant about timed backups which are made automatically, without your consent.

If you're careful, you will make few mistakes. But the most careful hacker can be tripped up by the mistake of assuming a course of action is infal-lible when there are, in fact, gaping holes in it. For example, in 1974 a criminal in Tokyo tried to use one of the fundamental properties of electronic transmission of data in his favor - the delay that comes about from data being shuffled through ca-bles or telephone lines.

The criminal opened a bank account using the false name S. Kobayashi, then proceeded to with-draw small amounts of cash from automatic teller machines (ATMs) scattered around Japan. Each time, after he withdrew some money, he would telephone the bank to find out the status of his ac-count. By doing so,
Kobayashi found that it took twenty minutes for the bank's central computer to register a withdrawal from a remote cash-dis-pensing machine.

Later, Kobayashi used this information after carrying out a kidnapping. He demanded a ransom of 5 million yen to be paid into his account, figur-ing he would have twenty minutes of getaway time while bank officials waited for the main computer to receive the information regarding from which dispenser the sum had been withdrawn. The plan backfired because of this one assumption. What Kobayashi didn't realize was that programmers at the bank were able to reprogram the central com-puter to immediately identify which machine the criminal was using. Police were stationed close by to each of the bank's 348 ATMs, and when the kid-napper retrieved the money, he was caught.

Look out for the unexpected twists in your plans, and remember that there probably are peo-ple on the other side trying to find ways to foil you. Finally, you will get caught by being recog-nized. In public places, make sure you stay unob-trusive.

The surest way to NOT get caught is to NOT start hacking. But then, the surest way not to die is to live an inactive life. Part of your life is computers and the things you can do with computers. Without hacking, all you have to do with computers is busi-ness stuff or school stuff, a little game playing, and possibly some programming.

But WITH hacking, you have instantaneous control of the world. Enough said. May we all have a good many peaceful, happy hacks!

Hacker Security: How To Keep From Getting Caught

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 20:11:00 -0800

Hacking is fun. Hell, it's exhilarating. But it's also illegal, sometimes immoral, and usually punishable. Even if what you're doing is perfectly inno-cent you'll be hard pressed to find an acceptable ex-cuse for it in court. The very least that might happen is the security holes you utilized the first time around might get patched up.

More serious pun-ishments inflicted by the courts can include com-munity service, fines and even prison, as we've seen. Informal punishments include the unofficial destruction of your equipment by law enforcement officers, and being blacklisted from tech-related jobs.

Consequently, the prudent hacker has two goals in mind while hacking. Number one: don't get caught. Number two: if you do, don't make it count. This chapter will present strategies the care-ful hacker will follow to ensure both situations are true.

Hacking - to use one's curiosity about corn-puters to push them beyond their limits - involves not just techrrical knowledge but also the hacker's mindset. Part of the mindset must deal with keep-ing oneself safe, or else the rest of it has been all for naught. Accordingly, the strategies here should not just be known rotely and followed, but expanded upon to apply to new situations. Remember, there have been many computer criminals who've been sent to prison. True, some have even hacked while in prison. Some even learned to hack in prison. But you don't want to go to prison. So when you're on-line, in public, in private, or just living through your life, make sure you apply these guidelines.

In Researching

There may be local ordinances in your area forbidding machines or people to continuously dial up numbers and disconnect, as with an autodialer program which searches for dial-in lines. If you make the calls yourself it's better to say a simple, "Sorry, wrong number," than just hanging up and annoying all those people.
Remember the 'Itpers-prosit rule: The more people you get angry at you, the more likely it is you'll be persecuted, and the more likely it is you'll be prosecuted.

In Social Engineering

Some social engineering and most reverse engi-neering requires authorized user contact over the telephone or through the mail. This is obviously risky since you are giving out your address or tele-phone number to people whom you are about to defraud. Hackers have utilized several ingenious methods to overcome this problem.

Once I found a small business with a technical-sounding name that would be closed for a few weeks over the summer. By doing some hacking, some research, and rubbing my lucky rabbit's foot I was able to come up with the code that released messages left on their answering machine. That gave me a way to have people
contact me without them knowing who I was.

I put up some phony advertising for a com-puter network, instructing people to call and leave their name and vital data. I could call up the ma-chine whenever I wanted, punch in the magic code and listen to those messages. When the store reopened, I called them up, saying I was from the phone company. I told the store
owner that some lines got crossed, so they n-dght get some weird calls.

Some hackers will simply change a pay phone to residential status and work out of there.

In order to work a social engineer through the mails, you could rent a private mail box or mail drop. One hacker found a cheaper solution. He noticed that the P.O. Box underneath his in the college mail room was always empty. Apparently it was unassigned. The mailboxes are open in the back so workers can stuff the mail into them. This hacker took an unbent clothes hanger and a metal clip, fashioned them together into a grabber that he could slide into his box and go fishing into the mailbox below his. Later I showed him how to de-termine the combination of the box, so he wouldn't have to do all that. For a long while the box re-mained unused, and he was able to get all the se-cret mail he wanted sent there.

Dialing In

"If you don't want it known, don't use the phone."
- Nelson Rockefeller
When you're new it may be okay to dial up re-mote computers from your house, but once you've been around a while you'll never know if your phone is being tapped or your computer usage be-ing monitored. So when you're past your hacking childhood, make sure to never make an illicit call from your own house, or
from any number that can be traced to you.

Even when you are new to hacking, you could be in trouble. Imagine if you become a regular on the TECHRIME-USA BBS, right about the time an FBI officer is planning to bust the sysops for con-ducting illegal business on their board! You don't want to get involved with that, especially if you haven't done anything illegal. Even scarier than that are serni-reliable rumors which have been cir-culating through
branches of the technical under-ground which imply that the phone companies routinely monitor and record modern conversations which pass through their lines. This is supposedly done automatically by detectors which listen for modem tones, and will then turn on a recording device to keep a record of the call. Even if the
gos-sip turns out to be false, consider this: (1) We obviously have the technology to do such a thing and, (2) it is well known that the NSA records many, many phone calls.

So... If you must associate with known com-puter culprits, or with established hackers, do so as covertly as possible. Not calling from your house means calling from someplace else. That means you may want to splurge for a portable laptop computer. While you're at it, buy an acoustic coupler and an external modem to go with it. All this should run you about one or two thousand dollars - a lot less than the cost of retaining an attorney to defend you in court.

The acoustic coupler is necessary because not every place you hack will have a telephone jack to plug into. The external modem is needed to plug the coupler into. While many laptops come with mo-dems included, they are generally internal models, and so can not be coupled to a telephone handset. Now that you have your equipment, where should you take it? There are plenty of places. At night and over the weekend you can sneak into many big office buildings and, if the right door happens to be unlocked, sit yourself down at a cu-bicle and chug away.

Two summers ago, I was walking past my local municipal center a little past 9 p.m., and I noticed that every office had their windows open. Every of-fice - at night! Their air conditioner must have malfunctioned during the day, as it had been incredibly hot. Needless to say, if I'd been in the hacking mood I would've scrambled
through a window and hooked up my portable to a tele-phone. I could have been making illegal computer B & Es while making a physical B & E, all just a few doors down from a bustling police station - and with no one being the wiser.

If you have money laying around, or if you have a hacking expense account, you can always hole up in a hotel or motel to do your hacking.

The money problem is one which gets to hackers in other ways. Phone bills add up fast, which is why most serious hackers are phreaks too. A phreak is someone who hacks the telephone net-works. One of the major aspects of phreaking is the producing of code tones which signal the telephone system to perform special
functions, such as place long distance calls for free. Phreaking is definitely a major area for hackers to investigate, and the tele-phone system - and especially the computers which run the system - is something which all hackers should become intimately familiar with.

Many hackers will say that any hacking other than hacking the computers which run the telephone system is child's play. This is true to some extent. The telephone computer networks are incredibly large, sprawling, wonderful masses of intricate functions, enormous databases, technical operations and blinding wizardry which makes hacking anything less look pitiful.

Once the phone line leaves your house it goes to a local switching center. This center controls all phones in your neighborhood, which may mean as many as 15,000 telephone lines. Each neighborhood switch is managed by its own computer. These computers are the essential targets of the phone company hacker; if you can access the computer, you can access every phone that it switches. You can turn phones on and off, reroute calls, change numbers. You could, if you were not a hacker, wreak quite a lot of havoc.

There are also switched networks which con-nect the computers that run switches. From there you can go to regional maintenance systems such as COSMOS (which sends out instructions to create and HI phone numbers among other things) and MIZAR (the local MIZAR actually does the work that COSMOS sets up).

Once you've gotten familiar with the intricacies of these telephone computers, you can use them in ways to protect yourself. For instance, you know you probably don't want to place hacking phone calls from your house. What you can do is connect to a neighborhood switching computer, take the phone numbers of some
local pay phones, and de-activate their need for coins. You then use the pay phones to call or hack any place in the world.

Or you can use a MIZAR - which, as far as is known, does not keep records of its activities, unlike COSMOS - to temporarily change your pre-sent phone number to that of a nearby church. If your call gets traced, you'll be sending the feds on a wild goose chase.

I want to make the point that dialing in to a re-mote computer is not as safe as it feels. Communi-cating through a telephone or through a computer sometimes gives you a false feeling of protection, especially when you become good at hacking and phreaking, and turn from confident to cocky. Don't let that happen to you.
Remember to always follow these safety rules.

Don't set up patterns of behavior. Always call from a different place, at different times of day.

When is a good time to call? Ask hackers this and each one will give you a different answer. Late night is good because system administrators will probably have gone home already - but then, so too have most valid users, so you'll stand out like a clown at a funeral. You can try hiding yourself within the bustle of heavy usage
times, like mid-morning and afternoon, but then the main-frames will be at their slowest, your activity can easily still be noticed, and the account you've hacked may be unavailable for your usage. There really isn't any perfect time to call. Some research into how the company structures its computer guard duty may help.
Time how long you're on the phone with a ma-chine. A phone trace is instantaneous if you're lo-cal, and takes just a half a tweak longer if you're calling from far away. But it's still not wise to stay on a single line half the day. Move around a lot, calling from different phone numbers, to different access numbers. If your target has multiple dial-in lines, randomly choose from all of them.

Laptop Hints

Since you'll be calling from who-knows-where on your portable laptop, here are some suggestions to help you get connected.

When in unfamiliar domain, such as an office, hotel, schoolroom after hours, or otherwise, your laptop is of infinite value - so long as you can get it to work. Never plug your modem into an unfa-miliar phone setup until you've verified that doing so won't bum out your equipment. Many offices have installed their own electronic
phone systems, called PBXs, to facilitate special functions such as in-house dialing and phone menus, or to block certain phones from making long distance calls. Some of these PBXs place a current into the telephone wires that is powerful enough to damage your delicate modem. To see if the line you have in mind is safe, try plugging in a really cheap phone first. If it works, your modem should, too.

PBX-networked phones may not work with your modem because of special audible or numeric codes used in local routing procedures. If you get a dial tone on your cheap test phone but your mo-dem won't work, you can assume that it's the PBX system at fault.

To correct the problem you have to plug the modem into the phone jack, and connect the room phone (not your cheap one) to the modem (you may need a special double port for this). To use the modem you place the call using the room tele-p . hone, and when you hear remote computer ringing, turn your modem online
and hang up.

Alternatively, devices can be bought to process signals as they go between the telephone handset and the modem. The device converts ordinary mo-dem signals so they will work on digital systems such as a PBX. This may be a more suitable alter-native if you find yourself having to bypass PBX phones a lot.

Sometimes you can find yourself in a place with a telephone, but no plug-in jack for your modem. For instance, if you are using the phone from a public fax or automatic teller machine. In these cases, unscrew or pry Off the mouthpiece of the phone and use a cable with attached alligator clips to connect the red and green
wires from your modem wire to the two silver mouthpiece contacts in-side the telephone handset. This can easily generate a poor signal, so if you have the actual telephone (not just the handset) available for vandalism, take apart the entire case and clip your red/green mo-dem wires to the red and green cable leads from the
telephone's transformer. You will then have to hold down the switchhook on the telephone to place the call.

Your On-The-Road Kit

Make sure you have this stuff with you when you go hacking on the road:
• A laptop, or otherwise portable, computer. Must have a modem. Preferably two: an internal, and an
external with acoustic coupling cups.
• One small, cheap, reliable telephone for testing line voltages. You can use a commercial tester for this, but
the phone comes in handy in places like motels, where you may want to connect to a telephone but the
acoustic coupler won't fit on the phone they supplied.
• An extra phone cord, with an RJ-11 modular clip at one end (the standard, square telephone plug-in
thingy) and with alligator clips at the other end.

Wire cutters, screwdrivers, and assorted coil cords with various size ports.

System Tiptoeing

Even the best intentioned, the most honorable and nondestructive of hackers are thought of as evil by the managerial population. This means that if you're caught breaking into computers that don't belong to you, expect some trouble. Even if the hacking you were doing is completely benign you are likely to be punished in some way. I've seen re-Ports that estimate the cost of computer crime per year is $3 billion to $5 billion dollars - and that's on the low end. Other sources list figures as high as $100 billion.

Even the $3 billion figure, to me, seems pumped up for insurance purposes, but the people who run businesses and government don't see it that way. Government and industry people will realize that most computer crimes go unreported, and so the true cost is likely to be much higher than the official estimate. Even if these dollar amounts are bogus, that's what people believe, and so they will be even more inclined to prosecute someone who they believe is contributing to that multi-billion loss every year.

Let's take a brief interlude here and examine the case of the Greenwood Family Hospital BBS.

"Pretty Theft" is the name of a hacker I used to communicate with infrequently. One day she sent me a message on a BBS asking if I knew how to get into the computers of a certain hospital that was in my area. I was puzzled, because that hospital was the easiest thing in the world to get into - in fact, it was one of my
earliest successful hacks.

When you logged onto the system, you were greeted with this informative message (names and numbers are fictitious, of course).

Welcome to GFH-NET!
300-2400 baud (123)456-7890
GREENWOOD FAMILY HOSPITAL
GFH-NET IS MAINTAINED BY ROGER CORNWALL AND HAROLD LIPNICK QUESTIONS
OR COMMENTS? E-MAIL TO THEM!!!

WHAT IS YOUR NAME? TYPE IN FIRST AND LAST:
WHAT IS YOUR PASSWORD? TYPE <RETURN> ON A

BLANK LINE IF YOU DON'T HAVE ONE:
A few months after I began actively hacking, I was using my computer and watching the evening news when a story came on about the governor breaking his arm and being rushed by helicopter to a hospital. I thought to myself, "Hey, hospitals must use computers, right? I can probably get into one!" So I got the supposedly private number for the Greenwood Family Hospital Network, and I called up, and I got that welcoming screen. Guess what I did next? It's not too hard to figure out what I did! Natu-rally, I typed in ROGER CORNWALL for my name. Unfortunately, the real Roger Cornwall had a password of some sort; pressing Return on a blank Me just got me an error message. So I tried HAROLD LIPNICK. Again, no go.

I went into the kitchen, got out the phone book, looked up the telephone number of
Greenwood Family Hospital, and I called it. A woman an-swered:
"Greenwood, may I help you?"
"Yes, please," I said, "Is Tom there?"
'Who?"
"Uhm.... There's some guy there I spoke with earlier... Your supervisor or somebody?"
"Lee Brown., you mean?" she asked.

"Oh yeah, I guess that's it. I don't know where I got Tom from. Uh, is he there?"
"Nope. Lee left at five."
"All right, thanks."
"Bye-bye."

I went back to my computer and called back GFH-NET and tried LEE BROWN for the name. Once again, I was out of luck. However, after a few more phone calls to the various numbers listed for the hospital, I came up with a guy (a resident) who had not bothered with a password.

GFH-NET turned out to be nothing special after all. It had nothing to do with hospital billing, pa-tient records, or anything else pertaining to the ac-tual running of the place. Mostly it was like a doc-tor BBS. From what I could make of it, it was medi-cal students discussing problems with the doctors on the system. No file
transfers or anything; just a very simple messaging system. It was no big deal, but it was fun to get into.

The next day I looked through the doctors in the yellow pages, and I found about eight listed who had Greenwood Hospital addresses. Out of those names, three had no password.

So anyway, I was puzzled as to why Pretty Theft couldn't get on there. I called it up for the first time in years, and to my surprise found this nasty logon screen awaiting me:
USE OF THIS SYSTEM IS
RESTRICTED
TO AUTHORIZED PERSONNEL
ONLY!
EVERYONE ELSE MUST HANG UP
NOW!

All useful information was gone! AU that re-mained was an angry note and a nonuseful arrow prompt.

I tried some of the old names I'd figured out way-back-when, and found that all of them had passwords now. I tried some more social engineer-ing, but everyone I spoke to kept their mouths shut about everything. (Later I was able to get onto the real hospital system with the help of some nice re-ceptionists in the administration
department.)

I e-mailed a letter back to Pretty Theft. I asked her what had happened there. The next day I got her reply:
Last month a friend of mine was in the hospital, so I wanted to see if I could change his bill. I remembered you giving me the number two years ago or something, so I looked it up in my book and I was surprised I still had it. I knew the name of my friend's doctor, and when I was there visiting him, I got the names of lots more
from the paging system (you know, "Calling Dr. Bower...") and from charts on the walls. Then I went on the system and was try-ing all these names, when the sysop came on and threw me off. Every time I tried getting on after that he kicked me off. Next morning at about 8:00, 1 finally got on. One of the doctor's names I tried
had the name as a password too. Well as I guess you know, I couldn't change my friend's hospital bill, but I couldn't do any-thing much else either... after giving my name and password, it just froze. That night I tried it again, and there was a message before it asked for your name. It said, MOST OF THE IM-PORTANT FILES HAVE BEEN DELETED BY SOMEONE OR SOMETHING. THE SYSTEM WILL BE DOWN
FOR A WHILE - ROGER. A week later I tried it again, and the phone just rung. I didn't do anything to it, but I guess the sysop thought I or someone else deleted the files. A few days ago I called back for no reason, and, well, you know. I guess they got smart?

Yes, Pretty Theft was right. They had gotten smart, and because of it, security was tightened. It is for this reason that hackers should not announce their arrival to a system, nor do anything to attract anyone's attention. There is only one case, really, when you would want to show yourself to the system operator, and that is when you've found out everything there is to know about a system and are never going to call back again.

Incidentally, Roger and Harold had gotten smart in some respects, but remained dumb in oth-ers. Through continued perseverance I was able to get onto GFH-NET again. As it turns out, I'd gotten smarter too; the medical conversations between doctors and students seemed a lot more compre-hensible than they had been just two years before. Maybe it was the students getting dumber?

There was also an old bulletin posted from one of the sysops. It explained as much as he knew about what had happened (which wasn't much). mostly it said that certain files were deleted, and many of the bulletins were replaced with obscene musings on female anatomy. From what he said, it sounded like the files could
have been erased by either a clumsy system operator, or perhaps a ma-lignant hacker. I did a little investigating, and found that although it was not listed in the main menu, pressing 'T" brought me to a defunct file transfer system. With a few minutes of thinking, it was easy to see how someone could've uploaded a program that would delete whatever files were in the root directory after a rebooting of the system.

The next day I typed up a long letter to the sy-sops at the hospital, explaining everything, what they could do to correct the problem, and how other security breaches could be curtailed. I signed it, "Sincerely, Polly Wanza Hacker." Then I called back the BBS and uploaded it to them. Soon after, I got this message from
Pretty Theft:
"There's a new logon screen at the hospital. It says: "THANX POLLY! - SIGNED R.C.
& H.L."
I couldn't have been happier.

Lessons From The Hospital

You already know system operators don't want you on their system. That's why you have to hack in the first place. But if you make it known that you're there, you will compound your difficultiesconsiderably. On GFH-NET, the sysops went crazy when they realized their computers were being abused, and they made it a lot harder to get into. On a little BBS like that, you might not care whether or not you get in, but if you're dealing with something big - like some government agency - you don't want to start messing around. If you do show yourself in any way - like by a million log entries of "USER FAILED LOGON PROCEDURE" from when you tried every word in the dictionary as a password - the sysops are go-ing to get concerned, at the very least. Concerned sysops mean no information will be given out over the phone. It may mean changing every legitimate user's password, or cleaning up dead accounts that might otherwise facilitate entry.

Alternately, if you have a nice feeling about a certain system, and don't want to see it get hurt (and you don't mind possibly eliminating your chances of ever getting back on it), you would be wise to consider informing the system operators about all the little quirks you know about their precious system.

Many times, they won't believe you. They won't even bother trying what you suggest they try, either because they have a huge ego that can't be wrong, or because they think it's some kind of a trick, or god knows why else. But if they do believe you, and they take your advice, they will be quite grateful and, if you ask,
might give you a low-level account on the system, or some handy tips. Tell them you'll be their unofficial security advisor. Some of them can be quite good about it, though others will think you're up to no good no matter what.

BBS Protection

This section deals with the two issues of secu rity for the hacker involved with BBSs: hacker as -user, and hacker as sysop. These are actually inter-twined issues, as sysops of one BBS will generally be users of other BBSs. You should take these safety precautions on all BBSs you use and run, and should not hang around
systems which do not employ a high degree of hacker security.

Do not post messages concerning illegal activi-ties on any BBS where you don't feel completely se-cure. This means it's bad practice to brag about your hacking exploits in private e-mail as well as public message bases. If you are actively involved with BBSing, by all means become good friends with non-deviant systems, if only to maintain a balanced perspective of your computorial existence. But make sure that what you say on those boards does not implicate you in any way with any crime.

Don't get me wrong. I don't want to imply that posting messages about hacking on a hacker BBS guarantees safety, because it doesn't, of course. When you start sharing secrets on a hacker BBS, you'd better make sure the sysop takes all of the following safety precautions: user screenings, a false front and hidden back boards, double blind anonymity, encryption, and affidavits of intent.

The most important aspect of any hacker group, club, or BBS, is secrecy. A true hacker BBS will not advertise, because it does not need new members. A hacker BBS will seem to be a very homey, fam-ily-style BBS up front, but type a code word from off the menu, enter a password or two, and you en-ter the hidden realm. Hacker BBSs should further protect themselves by only allowing specified users to enter the secret parts of its domain, to prevent unauthorized hackers or pseudohackers from breaking in to your meeting place.

Any hacker BBS which does not take this mini-mal precaution of pretending to be legitimate, is ju-venile, dangerous, and not something you want to be a part of. Going up the scale of stupidity just a bit, I've seen plenty of "hacker" BBSs which allow access to the hidden part by entering words like "DEATH" and, yes, even "PASSWORD" as passwords. Need-less to say, the information found on such boards is very low content, and usually consists of the vari-ous users calling each other dickheads.

No new users should be allowed on a hacker BBS unless one or several existing members can verify that the potential user is not a cop, will abide by the club's law of conduct, has information to share, and will not be a big blabbermouth. As a sysop, you will enjoy composing the list of rules that govern the way the BBS takes in
new members. Remember, any new member should not even know that the BBS exists until the time when he or she is accepted into it. That will keep out law enforcement people, and keep in only the best hackers available.

Once a member has been verified as clean, his or her private information should be destroyed from the computer records. In fact, think about the BBSs on which you are a current member. Are there any which are likely to be busted in a raid? Even if you aren't doing anything wrong on the system even if nobody on the system is doing anything illegal you know very well how mixed-up the feds get when it comes to computers. You don't want your name brought into a computer crime trial, even if the case is thrown out of court before it begins. So if you're a member of any subculture BBS, tell the sysop, to replace your personal infor-mation (name, address, phone number) with false-hoods.

If you ever register with a BBS but decide not to call back, make sure to inform the sysop that you want your information deleted. (Verifying that such information has been altered or deleted is one legitimate reason for hacking a BBS. Legitimate, that is, from a hacker's ethical point of view.) It is important to do all this, because
there are impos-tors out there who are very good at catching hack-ers when they least expect to be caught. In June of 1987, an AT&T security official logged onto a Texas BBS and found messages from a hacker boasting about how he'd gotten into a certain company's computer system. This led to the hacker's arrest.

Note that since the hacker undoubtedly used a handle on the BBS, and it was a hacker board, the official might have hacked himself to get the hacker's real name. In any case, make sure your real name, address and other identifying data never stray to unsafe waters.

Before we start talking more about what you can do as the sysop of a hacker BBS, let's conclude with a real life example of what happens when hackers DON'T follow the advice I've listed above. In 1986 a BBS called simply and arrogantly, "The Board," came into being in Detroit. The Board was run off an HP2000 computer,
and attracted hackers and crackers (and would-be hackers and wannabe crackers) from all over. On August 20, the follow-ing ominous message appeared on The Board when oneloggedin:
Welcome to MIKE WENDLAND'S I-TEAM
sting board!
(Computer Services Provided by BOARDSCAN)
66 Megabytes Strong
300/1200 baud - 24 hours.
Three (3) lines = no busy signals!
Rotary hunting on 313-XXX-XXXX

If you called up that day and read the newest messages posted, you would have been surprised to find these little darlings staring you in the face:
Board: General Information & BBS's
Message: 41
Title: YOU'VE BEEN HAD!!!
To: ALL
From: HIGH TECH
Posted: 8/20/86 @ 12.08 hours
Greetings:
You are now on THE BOARD, a "sting" BBS operated by MIKE WENDLAND of the WDIV-TV I-Team. The purpose? To demon-strate and document the extent of criminal and potentially illegal hacking and telephone fraud activity by the so-called "hacking community."

Thanks for your cooperation. In the past month and a half, we've received all sorts of in-formation from you implicating many of you in credit card fraud, telephone billing fraud, vandalism, and possible break-ins to govern-ment or public safety computers. And the beauty of this is we have your posts, your E-Mail and - most importantly - your REAL names and addresses.

What are we going to do with it? Stay timed to News 4. 1 plan a special series of reports about our experiences with THE BOARD, which saw users check in from coast-to-coast and Canada, users ranging in age from 12 to 48. For our regular users, I have been known as High Tech, among other IDs. John Maxfield of Boardscan served as our consultant and pro-vided the HP2000 that this "sting" ran on. Through call forwarding and other conven-iences made possible by telephone technology, the BBS operated remotely here in the Detroit area.

When will our reports be ready? In a few weeks. We now will be contacting many of you directly, talking with law enforcement and se-curity agents from credit card companies and the telephone services.

It should be a hell of a series. Thanks for your help. And don't bother trying any harassment. Remember, we've got YOUR real names.
Mike Wendland
The I-team
WDIV, Detroit, MI.
Board: General Information & BBS's
Message: 42
Title: BOARDSCAN
To: ALL
From: THE REAPER
Posted: 8/20/86 @ 3.31 hours
This is John Maxfield of Boardscanl. Welcome! Please address all letter bombs to Mike Wend-land at WDIV-TV Detroit. This board was his idea.

The Reaper (a.k.a. Cable Pair)
Is any comment required?
You can see from this that the people who come after hackers - the people who will be coming af-ter YOU - are not all Keystone Cops. Maxfield knew enough to pick '1001" handles like The Reaper and Cable Pair. The newuser password to get into The Board was HEL-N555,Elite,3 - a quite hip password considering its origin. Maxfield, and others like him, are as into hacking as we are. They are knowledgeable of the culture and the lingo and the way we think. This last is particularly hurtful, and it means you can't allow yourself to think like everyone else. You won't become an elite hacker without the strength of your entire common
sense working for you. When you call up BBSs, be sure and exercise that strength. Now let's talk about exercising First Amend-ment rights.

We do have the right to run our own BBS, and to exchange information on it. On a hacker board, that information is likely not going to be the kind of thing you'd read to your mother.

Disclaimers, such as, "This BBS will not tolerate any unlawful discussion of blah blah blah..." are Boardscan is a company headed by John Maxfield, which seeks out and destroys hackers and their ilk.

worthless, but you may want to throw them around anyway to complement my next sugges-tion: Many of the traditional laws which hackers get nailed on have to do with "harmful intent." That is, can it be shown that the hacker or cracker will-ingly caused damage to a computer?

If you are running a hacker BBS or club, you might then consider having members sign an affidavit which makes their good intentions known. Members should sign an agreement stating that they would never willfully damage another's computer or its contents, that any information ex-changed on the BBS was for knowledge
value only and that none of the illegal activities discussed will be actively pursued, etc. Basically this should be a way to let the members feel they are actively participating in your code of ethical hacker conduct which should be prominently displayed upon login to the BBS. Signing such a goody-two-shoes affi-davit may
not get you out of legal trouble, but it will do two things. It will stress the point that a member who does not follow the agreement is un-worthy to be a part of your hacker BBS or club. And to a jury, it will help convince them that you all are just a bunch of innocent hobbyists being persecuted by the Big Bad System.

It has been suggested that sysops should have their members sign an agreement that, in the event of a raid by law enforcement officials, users would join a lawsuit against the officials to win back mo-nies to pay for destroyed equipment, lost time, false arrests, the hassle, and everything else that goes along with being persecuted by Big Brother.

Current e-mail should always be kept on-hand, so that you can use the terms of the Electronic Communication Privacy Act to your favor. The ECPA ensures that electronic mail that was sent within the past 180 days is private and requires a warrant for an official to search and read it. Note that individual warrants are required for each user who has e-mail stored on your BBS, thus increasing the amount of paperwork required by The Law in going after you and your gang of happy hackers.

So, if your users have signed an agreement, and sample e-mail is stored for each user (it may be fudged e-mail whose time and date of origination gets automatically updated every 180 days), you want to make all of this known to invading offi-cials. Make a message such as the following available to all users when they log in for the first time, and every time they use the system:
A SPECIAL MESSAGE TO ALL
LAW ENFORCEMENT AGENTS:
Some of the material on this computer system is being prepared for public dissemination and is therefore "work product material" protected under The First Amendment Privacy Protec-tion Act of 1980 (USC 42, Section 2000aa).

Violation of this statute by law enforcement agents is very likely to result in a civil suit as provided under Section 2000aa-6. Each and every person who has such "work product ma-terial" stored on this system is entitled to re-cover at least minimum damages of $1000 plus all legal expenses. Agents in some states may
NOT be protected from personal civil liability if they violate this statute.

In addition, there is e-mail which has been in storage on this system for less than 180 days. Such stored electronic communications, as de-fined by the Electronic Communication Pri-vacy Act (ECPA), are protected by the ECPA from unauthorized accesses - such as seizure by government officials - without warrants specific to each person's e-mail. Seizing the computer where this BBS resides would represent
such an unauthorized access. There are civil actions which may be taken against law enforcement agents under provisions of the Act. You can find them in USC 18, Section 2707. On this system you can expect up to X people to have stored e-mail. Each of them is entitled to collect a minimum of $1000 plus all legal
expenses for violations of Section 2700 and 2703. Note that all users of this system have already agreed in writing that their pri-vacy is well worth the hassles of court. We will sue YOU.

Perhaps the agency you work for might pay your legal fees and judgments against you, but why take chances? If you feel the need to go af-ter our private and legally protected e-mail, or take actions which would deny e-mail access to our users (such as seizing our hardware), get appropriate warrants.

It is the policy of the sysop of this system to cooperate with law enforcement agents -though we will not be involved in entrap-ments, and will not respond to idle threats. Please bring it to my attention if you discover illegal activities on this board, because as cura-tor of this museum I will not tolerate it.

"Hacking the hacker is the ultimate hack," John Maxfield has said. Maxfield is a computer security consultant well known as a hacker tracker, and the one who helped organize The Board sting de-scribed above. John scans BBSs looking for hacker activity, and when he finds it, he informs the com-pany that is being hacked
about the problem. You know how insecure computers can be, and when you post messages or send e-mail on a BBS you are in effect opening yourself up for the world to see. Don't let some hacker tracker see something about you that you'd rather keep private. When you roam around cyberspace, do so discreetly.

AFTER HACK

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 19:23:00 -0800

This Lawful Land

There are lots of fraud investigators, special agents, Secret Service people, FBI guys and all manner of local, state and federal enforcement officials roaming around cyberspace, waiting to trip you up. There are also private citizens who love hacking but don't love the idea of being criminals, so they hack the hackers, building up dossiers, which they then turn over to the authorities.

Getting caught can make you famous, maybe even throw some money your way. It can also take away a good part of your life, your money, your reputation, your computing equipment, and your hopes for the future. Let's take a look at the laws that cause this state of affairs.

State Computer Crime Laws

Every state except Vermont has explicit laws forbidding computer crime. They are all pretty much alike in that they start out by defining what a computer is, and defining various terms relating to computers and computer crime. Then they list the specific offenses the law prohibits, and the penal-ties associated with those illegal activities.

You can easily find out what the situation is for your state. just so you know what kind of things cops and lawyers are talking about when they talk about state computer crime laws, let's take a look at a typical anti-hack statute.

The Wisconsin statute on computer crimes ("Chapter 293, Laws of 1981, 943.70" for you law-book gurus) lists eight possible naughty things a person can do with a computer. The first six have to do with "computer data and programs," the sixth being the willful, knowing, and unauthorized disclosing of "restricted access codes or other restricted access information to unauthorized person[s]." The first five bits of software naughtiness detail the willful, knowing, and unauthorized modification, destruction, accession, possession, or copying of computer data, computer programs, or "supporting documentation."

The final offenses have to do with the hardware aspect. "Whoever willingly, knowingly and with-out authorization," either modifies, destroys, uses, takes or damages a computer, computer system, network, equipment or supplies related tocomput-ers, is guilty under this statute.

There are eight different penalties listed, depending on whether the act in question is considered a misdemeanor or a felony under the law. The magnitude of the crime is based on how much damage was caused money-wise, how much threat to others there was, and whether the hacker did the deed with intent to defraud or obtain property. Penalties range from life imprisonment (sheesh!) to various fines in the
$500410,000 range.

Traditional State Crime Laws

just because your state doesn't have a law that specifically forbids snooping around in someone else's computer, doesn't mean what you're doing is completely legal. Prosecutors will try to convict hackers on violations of any law, even if there's a large void between the hacker's actions and the original intent of the law. In some circumstances, the prosecutors may feel there is not a good enough case against a hacker using the computer laws. For other reasons - such as a rural jury - prosecutors will press the issue of guilt, but try to sidestep the technical aspect of it. They will charge a hacker with infractions of traditional crime laws, such as
malicious mischief, burglary, larceny, and what-ever other nasties they can squeeze into play.

There are problems applying traditional laws to modern "crimes," and the focus changes from whether Hacker X is guilty or innocent, to whether Hacker X is guilty of that particular crime. Can hacking be considered a kind of burglary? In a blue collar computer crime, such as the theft of the ac-tual hardware, there is no
question whether or not a law has been broken. On the other hand, if a hacker steals records from a database, do the bur-glary statutes still apply? What if the hacker didn't actually deprive anyone of their information, but only made a copy of it for him or herself? Is this a different issue?

These topics have been addressed differently in different court cases. If you are ever unfortunate enough to be tried for hacking-related offenses, the judge's decision will be based on the exact defini-tions of "software," 'burglary," and other key words for your particular state. If the state has no com-puter crime statutes,
then "software" may not be defined; in that case it is up to the judge entirely to decide what these terms mean.

Since we do have 50 states worth of laws to consider, in addition to federal laws, space constraints dictate that we not list every single statute and definition that might apply to a hacker's trial. For the specifics you will have to do your own research into your state's laws. Here is a generalized overview of traditional crimes, and how they can be applied to convict you of computer hacking. I want to stress this point of "generalizations." All the definitions of law to fol-low are simplifications of the laws throughout the land. Individual states add their own personal quirks and nuances to these laws - minutiae on which both surprise verdicts and legal loopholes are based.

Criminal Mischief

Also called malicious mischief, this is the will-ful destruction of someone else's property. You may say to yourself, "Gosh, as long as I don't pur-posely go around acting like a jerk, how can they convict me on that one?" Good question. To be able to say that malicious mischief has occurred, three things must be present: a real hu-man action, evidence that the action has caused damage to someone else's property, and that the damage is observable to a bystander. That's the traditional definition. Well, any bystander can see a smashed storefront window, but how many "average bystanders" can easily see how an algo-rithm has been changed in a program to allow ac-cess to anyone named "Borges"?

The thing is, a hacker may change software or password files to gain entry to a system, but it is often hard to determine whether or not such an action has caused "willful destruction" of that file. Indeed, the software may not actually have been altered to any detectable degree, and the hacker him-self may not have done any
noticeable actions at all. Can one then honestly say that criminal mischief has occurred? And yet, the hacker may have left the software in an altered, "destroyed" state.

The answers to such questions remain to be adequately determined.

Burglary

For most states, burglary is the unauthorized breaking and entering of the real property of an-other with intent to commit a crime. Again there is a problem, in that we have to decide whether or not to accept an operating
computer network as prop-erty. The act of entering one's usemame/password is often metaphorically associated with that of un-locking and opening a door to one's house, but does that analogy exist to such a degree that the unauthorized entry into a computer directory is committing a burglary?

It is generally conceded that the attempt to prosecute such an act under traditional burglary statutes becomes futile. It may become slightly less futile if there is a clear intent on the hacker's part to commit a crime. Again, make sure the world knows your intentions are benign, and be sure to follow that path. Of course, the physical breaking and entering of a building, with the intention of using the comput-ers there to hack, is a more clear-cut matter. Don't expect to wiggle out of that one on as many techni-calities.

Fraud

Fraud is easy to define: any sort of deception, cheating or unfair behavior that is used to cause injury to another person. Using someone else's password is fraud, since you are falsely represent-ing yourself, and the "injured person" (computer) reasonably believes you to be that person to the ex-tent that you are given
privileges you should not have received.

But to be convicted of fraud it must be shown that because of the deception, the victim had dam-age done to him or her. What happens in the case where a computer manager knows it's a hacker on the line, and yet the manager is unable to prevent damage from occurring? Since there is no deception, there is no fraud.
That may be intent to defraud, and perhaps not fraud itself.

Social engineering is clearly fraud if informa-tion gained from the exchange is used to enter a computer, and some injury can be proven. Actu-ally, fraud is universally cited in any instance of computer crime, no matter what methods were used or what the outcome of the "crime." You can see then the importance of not causing
"injury" to a computer. In all of these cases, it is essential that it can be established that no damage (or alteration) was done, and none was intended.

Larceny

Larceny occurs when two conditions hold true: A piece of property has been criminally taken and carried away from another person, and the inten-tion of so doing was to permanently deprive the owner of his or her property.

Again, problems arise when applying this to computer hacking. Think about a case where a hacker inserts a GOTO statement in a program to bypass the section where the program asks for login information. Has the hacker effectively deprived the administrators on that system of that section of code - that piece of property?
Addi-tionally there is the problem of determining if the intent was to leave the GOTO in permanently, and not only that, whether or not such an action consti-tutes "taking" away of property. After all, the in-termittent code is still there, only the access to it has been temporarily eliminated.

Larceny may be applied to the stealing of time on a computer, to stolen telephone service or elec-trical power. In these cases it would seem the law-yers are doing their best in a trying situation - a situation in which they realize the hacker has not done any harm, and yet they want to symbolically punish the hacker for invading their computers.

Theft Of Trade Secrets

Theft of trade secrets - also called "misappropriation" of trade secrets - may be contained in the larceny laws of the state if a trade se-cret is defined as a kind of property, or it may be the principal construct of its own statute. Misap-propriation of trade secrets might be the better of the two names, as it more accurately reflects
the na-ture of the law: either the physical taking of secrets, or the unauthorized copying of them, may be viewed as a violation.

So if a hacker has printouts of some top secret laboratory reports, that information has been misappropriated, copied by an individual unauthor-ized to do so. If this law is subsumed into the general larceny statute, a prosecuting complication might arise. We are then back to the question of whether or not it can be shown that the hacker intended to perma-nently deprive the owner of his property. We both know that computer hackers generally don't have any intention of deprivation - just learning. We know that, but we can't expect judges and juries to understand.

Finally, let's end this section on a good note. If the accused hacker leaves no trace of his or her entering a system, then it is typically the case that theft of trade secrets can not be seriously considered as having taken place. Thus, hackers should make certain that all files and printouts which contain data that one might
regard as trade secrets, are either purged, burned or hidden very well.

Receipt Of Stolen Property

Let's describe this one by mentioning its three parts: (1) The stolen property must have been re-ceived by (2) someone who knows or should rea-sonably suspect that the property was stolen, and (3) the receiving has been done with the intent of permanently depriving the owner of his property.

As with trade secret theft, ROSP may be in-cluded in the larceny laws, or it may have its very own statute to call its own. Regardless, ROSP is a good crime to catch hackers by. Here's w :
ROSP is applicable for almost any stolen prop-erty or "property," including trade secrets, infor-mation, goods and services, high credit ratings (been hacking TRW lately?), computer time, pass-words, and files. If you've got any of these, or anything else for that matter, you've got ROSP to deal with.

Theft Of Services Or Labor Under False Pretenses

Theft of Services Under... Boy, I thought I had to abbreviate when discussing Receipt of Stolen Property! TOSOLUFP is basically a form of larceny whereby you trick someone into letting you have something. For instance, TOSOLUFP might occur when a hacker gets access to an on-site computer by showing a guard a fake ID badge.

Similarly, any false representation of a fact with the intention of obtaining the property of another is TOSOLUFP. Additionally it must be shown that the victim's judgment relied on acceptance of that false representation and because of that reliance, suf-fered some injury - such as loss of computer time or monies which would be paid by a legal user of the system.

Interference With Use Statutes

If someone does something so another person can't use his or her property (with a resulting loss to the property owner) then it is said that an "interference with use" statute has been broken. In the hacking sense, if a cracker were to change password files so others couldn't log on, or tamper with a piece of source code, or
use another person's usemame and password, an IWUS may be said to have occurred. Sometimes these are called anti-tampering laws.

As we have seen with the other traditional laws as they apply to hacking, there are of course no clear ways to overlay centuries old terminology onto modem situations. An IWUS can apply even if there is no visible damage as a result of tampering. Even the installation of a back door may be pun-ishable, regardless of whether other users know this illegal mode of entry exists.

Traditional Federal Crime Laws

A crime may become a federal crime if it takes place on or involves federal property, or if there is a vested federal interest in the crime. There are federal laws which don't necessarily refer to computers, yet are acceptable for use in the prosecution (persecution?) of computer hackers. Note that these laws, as well as
the laws described in following sections, are applicable only when the computers you hack are related to the federal government in some way.

Conspiracy

Conspiracy (aka 18 USC #371, if you like numbers) takes place when two or more individuals combine to agree upon or plot an unlawful act, or to commit a lawful act in an unlawful manner. The law goes on to state it is unlawful for these two or more people to plan to defraud the US government, or any federal agency.

This means that a bunch of criminals who use hacker's techniques to make money appear in their checking accounts will be accused of conspiracy if the bank or financial institution involved is a mem-ber of the Federal Deposit Insurance Corporation.

In any case, if you are a member of any sort of group which discusses hacking, or if you've ever discussed hacking or other illegal activities with anyone, you are a potential victim of this law.

661, 2113, 641, 912, 1343, 1361, Etc.

Other federal laws may also apply in select cases of computer hacking. Applicability of these laws depends on the nature of the "crime," what computers were being hacked, where the hacking took place, and how the hacker went about break-ing in. For example, laws 18 USC 661 & 2113 have to do with thefts committed within a special maritime jurisdiction and burglary of a bank respectively. Other laws deal with post offices, fortifications, harbor-defense areas, and federal property in general. These are special laws that will apply only if you have, let's say, "burglarized" the information in a post office database, or committed some other special-area offense.

United States Code 641 applies to the theft of federal property (is information property?) or re-cords. USC 912 makes it unlawful to obtain "a thing of value" by impersonating a federal officer or employee. I would guess entering a federal employee's password is considered impersonation.

Number 1343 on the books says you can't use wire communications to execute or attempt to de-fraud or scheme to obtain property under false pre-tenses, when the message crosses state lines. 1361 prohibits malicious injury to federal property, and 2071 disallows the concealment, mutilation or re-moval of public records. All of which a computer cracker is likely to do, if on a federal computer.

There is law after statute after law, all dealing with specific issues like these. It doesn't seem worthwhile to go through every last one of them. Suffice it to say, if you get caught by the feds, they have a lot of legalese they can use to say why what you were doing was wrong. I'm not saying you should go out and memorize
every bill that's ever been passed that might have some remote connection to computer law. I'm saying you should realize that computer hacking can be a risky business. Use your head. Don't make the mistakes that others have made. If you're lucky, you'll be hacking with-out harm for as long as you want.

Federal Computer Crime Laws, Or:
It's 10:30, Do They Know
Where The Hackers Are?

Finally, there are the federal laws which specifi-cally relate to computer crime that one must be wary of. The Counterfeit Access Device and Com-puter Fraud Act of 1984 (18 USC 1030) was the first law that explicitly talked about computer crime. As you might expect, it is a law that can be applied to just about any government hack. It prohibits un-authorized access to data stored on any "federal in-terest computer," and specifically mentions finan-cial records and national secrets as info not to mess around with. This law allows for fines up to $10,000 or up to 10 years imprisonment if it's a first offense.

Two years later, two computer crime acts were passed by Congress. The Computer Fraud and Abuse Act of 1986 defined more situations in which hackers could be prosecuted, by talking more about financial houses and medical records, targeting computers involved with interstate crimes, com-puters belonging to certain financial institutions, and other federally owned computers. There are also provisions for the trafficking in passwords with intent to defraud computer owners. Most in-teresting to the hacker, I believe, is that The Com-puter Fraud and Abuse Act of 1986 makes it illegal to use other people's passwords, or even to use one's own password improperly - that's where the "fraud" part of the title comes from.

One sort of strange requirement that this law makes is that it can only be applied to crimes where the victim has lost $1,000 or more due to the crime. Since you are going to be hacking under a set of ethical constraints, this law doesn't apply to you at all then (i.e., no computer you hack will lose any-thing from your explorations).

This facet of the Act is made even more interesting when you realize that the Senate Judiciary Committee, in their report on the Act, explained that a cracker doesn't have to actually steal data to be prosecuted under the law he or she only has to read the data. Makes you wonder what they're thinking since it's beyond my comprehension how anyone can prove that reading some data caused $1,000 worth of damage. But then, I'm no lawyer. The Computer Security Act of 1987 is a do-nothing law that requires security standards to be developed for classified and unclassified federal data, and requires that security plans and periodic security training be implemented on federal computer systems containing sensitive information.

Conclusion

I was going to apologize to all the lawyers out there, for the way I've manhandled these descrip-tions of all the above laws. But really, why should I apologize to lawyers?
Now let's talk about what we as hackers can do to protect ourselves; then we won't have to worry about any of the above.

Returning To The Scene

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 19:05:00 -0800

The prudent hacker will build himself or herself a trap door to allow easy entry if further penetrations are required. Mainly this means setting up a dummy account to use in successive hacks. After all, there is no guarantee that the account you used the first time will still be valid the next time you login, or that the password or some other critical item won't have been changed, barring your entrance. If you have gained access not through a password, but through some fluke hidden command or technical means, you will definitely want to add a trap door just so you don't have to go through all that rigmarole the next time you want to get in.

On many operating systems, programs can be set to run even after the user has logged off. Sometimes the program can be put on a timer, to begin execution at a specified future time. Writing a suitable program and then running it under one of these commands can make your return easier to accomplish.

Mission Accomplished... Almost!

Hey! Look at what you've done!

You've done your research, found your computer, broken in, and now, you've dabbled around inside. These four components are what hacking is all about. This is what it means to be a hacker.

But there is also a fifth level of hacking to consider.

These first four parts had to be done in linear order, one following the other. The final part is really not final at all. It is something you should be doing from the very beginning, thinking about every step of the way.

Because you see, this thing you've done, this hacking, is illegal. And so you must protect yourself.

So now let's look at what exactly it is about hacking that our society considers wrong. Then we will see how we can keep on hacking forever unscathed. Finally, we will tie up loose ends and look ahead to your future as a hacker.

Get Out Of jail Free

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 19:03:00 -0800

Okay, all of that is fine if you've broken in by discovering someone's username and password but what if the only access you've found to a machine is that of a command account or information setup? Then you have to see what can be done to break out of this jail of a program and get down to the level of the operating
system. Probably this will be difficult to do. It will be less so if you've done any serious programming in the past.

As a programmer, you know what kind of bugs and errors crop up, and what kinds of things to look for to make them appear. If you're stuck in an account that runs an info program, let's say, you will want to try every unconventional, unexpected thing you can think of, in the hopes that you'll find something the programmer
didn't think to guard against. Then hopefully you'll get an error in . essage and crash out to the OS prompt.

Things to try:
Give bad, inappropriate, unrequested, or extremely long input to prompts, especially alphabetic answers to numeric questions. Or when asked to supply a number, that will be analyzed by a function, try an incredibly small or large one. Try responding with break signals, either Control-Z, Control-C, or possibly Control-
P. Try executing "Find" commands that will search out of bounds of available resources, or that will look beyond the alphabet. See if it's possible to set up programs for nonexistent hardware or memory capabilities.

If there is any sort of text editing facility, such as a program to send mail to sysops, do what you can to compose a batch file, and see if it's possible to send your message as a command that must be executed. Also with text editors, try to compose excessively long letters. If the editor has special text revision functions,
write up a huge paragraph then cut and paste a copy underneath it. Then cut and paste those two paragraphs underneath, etc., until the program either crashes or doesn't allow you to continue. If the latter, see what happens when you try saving or sending the whole mess.

You may be in a program that is made to look like a simple operating system or control program, essentially a menu with the list of options either unavailable, or callable with a HELP command. Thus, you're given a prompt and asked to enter a command. Some application commands allow appending to them the name of a file on which you intend to work. For instance, to edit STORY.DOC with a word processor, you might type the cornmand "WORD PROC STORY.DOC,` to run the word processor with STORY.DOC already loaded in it. On an on-line system, try to crash a program that allows such execution by giving it too much data, ("WORDPROC STORY.DOC FILEONE FILETWO...") or by giving it inappropriate data. Some
examples:

WORD PROC WORD PROC WORD - PROC \directoryname WORD - PROC
nonexistent-filename
WORD-PROC /etc/date [or other command]

The "inappropriate data" tactic has been used successfully in the recent past.

Another bug that's been exploited is excess command stacking. Command stacking is the placing of multiple commands on one line. Commands may be separated with spaces, semicolons, slashes, or a number of other punctuation symbols. The parser which interprets the stacked commands may break down if too many
commands are given it. The line editor may not allow you to enter so many lines that this occurs, but through programming tricks you can probably get an unwieldy stack of commands sent as though from the keyboard.

If there is a language or compiler available, then it should be possible to POKE some values into places that would be better left unprodded. Alternatively, you might find yourself able to compile code into specific areas of memory, overwriting the code which is impeding your progress. Or your code might cause the program
to jump to a new location, where further instructions can be carried out.

Finally, see if you can load a program into a mail writer or other editor, or into a superzap program, and alter it so that when it rum, it will crash.

Bugs in software are most likely to occur if the software in question:
• Is new (i.e., version one or thereabouts, or being Beta tested).
• Was hastily slapped together to make some fast money or to comply with the advertisements or demands.
• Has remained the same for years despite hardware or other changes.
• Is being renovated.
• Is not commercially available.

When you're hopping around on the networks you encounter, stop and read the notes that accompany new versions of old software. These will generally list, not just the improvements made, but sometimes the reasons for the improvements (i.e., if there was an exploitable bug in the earlier version). By the time you read the upgrade note, most sites will probably have already upgraded to the new version, but given the tremendous number of computers running today, more than a few won't have heard that a new version of their software has been released.

Viruses

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 19:00:00 -0800

A virus is born from the cross breeding of three other families of programs: the Trojan horse, the worm, and the logic bomb.

A logic bomb is a piece of code hidden within a larger program. Usually it is no more than a simple IF/THEN statement. IF such-and-such is true, THEN do something. Judging by the name, logic bomb, you can guess what that "something" usually entails.

The classic example of a logic bomb being put to use is when a system programmer is fired for in-adequate job performance, or for some other hu-miliating reason. A few days after he walks away, the head honchos at the firm get a message from the programmer: "Pay me X thousand dollars be-fore July 31st and I'll tell you how to save your software and records from total annihilation." The programmer has, you see, implanted a logic bomb that will detonate at that certain date. A worm is a program with one purpose: to rep-licate itself. All it does is look at its environment, see where it can make a copy of itself, and it does so. Then there are
two copies of the worm. Each of those reproduces, and there are four. Four quickly become eight, and so on. Soon an entire computer or network is clogged with hundreds or even thou-sands of unstoppable reproduction machines.

Then there's the virus. A virus comes from the mating of these two other breeds. When a worm takes on a logic bomb aspect to it, you get a pro-gram that will replicate as much as it can, and then explode when "something" happens. The whole thing hides itself within an application program, as a Trojan horse.
Logic bombs are dangerous, but at least they are contained. Worms and viruses on the other hand, are unpredictable. Therefore, I say a true hacker will never release a worm, because they are too destructive with no purpose. A true hacker may release a virus if it can move harmlessly throughout a system, erasing itself as it goes, mak-ing sure it never backtracks to where it's been be-fore.
A virus can be programmed to e-mail pass-words to a specific address, or it can be used as a battering ram to brute force new passageways into computer systems. There are lots of ways in which hackers can use viruses, but it is difficult to use them safely.

There have been rumors of a microcomputer virus which, if it exists, would gladden the heart of many a hacker. The virus is called the AT&Tack Virus. Once it copies itself onto a computer, it tries to find a Hayes brand or compatible modem. If one exists, it silences the modem's speaker and dials a Preprogrammed number.

Apparently then whoever is at the telephone number it calls has remote access to your computer.

To me, this seems like nothing more than a rumor. Indeed, as of this writing none of the commercially available virus detection software makes any mention of an AT&Tack Virus. Besides, it seems to me this sort of thing would work better as a Trojan horse in a graphics display program, rather than as a virus.

Covert Channels

One of the fun things about using Trojan horses and viruses is the designing of covert channels to get the data they collect back to you in some read-able form. Consider a virus that attaches itself to the login program and thus collects passwords. It does no good to have this virus halfway across the world with no way to get back that list of pass-words it is reaping. One method has already been mentioned: the virus can periodically e-mail you a list of passwords. Take heed not to have that e-mail sent to any account where you can be identified.
It would also be a good idea to encrypt the mail before it is sent. One problem with encryption is that a key is required. Anyone finding your virus or Trojan horse will easily figure out what the key is and be able to interpret e-mail or temporary files that the virus/Trojan horse produces. So you have to encrypt the key... which requires another key... which means more hiding needs to be done... an-other key.... Well, this could go on forever. Make the best of the situation. If you're going to be encrypting anyway it may be easier to have your virus or Trojan horse send the encoded data to an unmoderated newsgroup. Disadvantage:
You have to spoof the post, or some-one may notice that this user (who is unknowingly activating your virus or Trojan horse) is posting a lot of "garbage" to the group.

You may also have the encrypted file uploaded to the incoming directory of an anonymous FIT site somewhere. Make certain files can be downloaded from that directory, because as mentioned earlier, often the ability to download from such directories is turned off for security reasons.

To send short messages (like a single password)(Normally a Trojan horse or virus would send back to you three pieces of information: username, password, and the address of the computer where that usemame-/password was valid. However, if you targeted a,spe-cific individual by giving that individual sole access to your Trojan horse, then only a password would be needed.

Of course, viruses and Trojan horses don't have to be messengers for only password information. You may be a hacker, but you may also be a spy, a crasher, or whoknows- what-else. As far as I know, the informa-tion you need covertly passed back to you could be virtually anything.) you may have your rogue program rename a world-changeable file to that message. By "world-changeable," I am referring to the security protections placed on that file - set it to very low protection, so that anyone can change its attributes. Your Trojan horse/virus will come into your directory under the disguise of various users from all around the network, and attempt to rename that file to that message. You don't want your Trojan horse/virus to
generate an error message. (You can set up a process to constantly run in the back-ground, monitoring the state of that file. As the file's name changes, the background process stores the new name, then gives the file its original name, thus allowing another copy of your Trojan horse or virus the opportunity to send its
message.)

Other short messages can be sent a bit at a time. For example, the existence of file X in a certain directory means that your rogue program is sending the digit one. If the directory is empty, the file deleted, a zero bit is being transmitted. A background process is running in your home directory to monitor the appearance
and disappearance of that file. When enough zeros and ones accumulate, the program translates them into a character of the message.

The extended ASCII code uses eight bits to define a character. For instance, 01000001 represents the capital letter A. 01000010 is B ', and so forth. For your virus or Trojan horse to send an eight character password, 64 deletions and creations of file X would be needed. Those bits would be sent one at a time,
whenever the rogue program had the opportunity to do so unnoticed.

Program Employment

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 18:56:00 -0800

Most programs that are employed by hackers are of the Trojan horse variety. And the classic Trojan horse example is one which uses the faults of others to achieve its goal. Generally this means using undisciplined PATH commands.

Most modem operating systems allow you to arrange your files in an organized fashion by the use of directories and subdirectories. This makes finding where you left a file easy, but it causes problems when you get sick of typing in long pathnames to change from one directory to an-other.

The solution is in PATH commands. A PATH command says to the OS, "if you don't find that file in the current directory, look over there... Thenlook there.... And there." In other words, you specify a path which the OS can follow to find files. That way you don't have to be in a file's directory to ac-cess that file.

PATH commands are usually put into batch files which are run at login. They are especially used on big machines which contain lots of files and tons of directories. In those cases, especially if the user is a maintenance operator and needs ac-cess all over the place, there might be a lot of direc-tories specified in the PATH.

Sloppy search paths, especially ones which look at all or most of the directories on a system are of extreme importance to the hacker. The hacker starts by rewriting a program that gets used often and putting a Trojan horse into it. The program is then put into a directory that is likely to be in a super-user's path. A privileged
user or program, such as a superuser shell script, may innocently chance upon, let's say, your "date" program instead of the It official" version stored in the OS directory. It is ac-cessed, and your hidden code does its thing. Trojan horses can do a lot of things. They can collect passwords, simulate login prompts ( Also, think about Trojan horses in terms of the multi-user games discussed earlier - obtaining those pass-words, etc.) remove read/write protection from files, or fake system crashes (and when the user shuts off his terminal and
walks away, you type in the secret control code which causes the Trojan horse to uncrash back to the user's account). Trojan horses should definitely make up the majority of a hacker's tool kit. But there is another, different means of gaining higher access by employing programs, and that is with the use of computer viruses.

Bit By Bit

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 18:54:00 -0800

Let's say you find yourself in some rinky-dink little account one evening, with just about zero ac-cess to anything interesting. On this hypothetical system you are able to read the passwords file, but of course to change it is out of the question.

You can see that your account's password has been encrypted (in the file) as "fg(kk3j2." If you had the ability to load the password file into a text edi-tor, you could replace the sysadmin's encrypted password with yours ("fg(kk3j2"), then save the file. Well, naturally you can't do that. You could get as far as loading the file
into a text editor and chang-ing it: but to save like that is impossible without superuser status. Or is it?

The system security may be such that it only makes validation checks at the highest level of in-teraction. So the high level commands to delete, move, execute, or alter files are disallowed if the user does not have a certain security clearance; the actual machine level commands to move the read/write head to a particular
location, let's say, may not be halted in the least. If this were true for the whole available storage arena, every file could be completely read or rewritten bit by bit. If pro-gramming or disk maintenance software is avail-able to you on-line, you might then be able to use it to alter individual storage locations - to change the
system administrator's encrypted password to your own.

On the other hand, you might find that security prevents even low level instructions from being performed. Don't give up too soon! It may be that onl parts of the storage arena have been protected, while others - due to forgetfulness, bugs, impossibility or impracticality - have been left unsecure. If so, you may not be able to change the passwords file, but perhaps it would be possible to move files to another user's private directory, or to change files that are already there. This opens up a whole world of possible Trojan horses and back doors. If security seems to prevent all illegal access from taking place, perhaps it is possible to trick a process with superuser security clearance into doing the work for you. A simple program, such as a game, could be written, containing instructions to secretly alter passwords.

Compile and save the program, making access to it available only to superusers. Then move the file into a public directory. Eventually some superuser will come along and execute it, thus enacting the portions of your program which, if you had run them yourself, would have resulted in error messages and perhaps a few more
ticks on the security log.

Cryptography And DES

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 18:22:00 -0800

Reverting to old tricks, brute force attacks can allow you to decrypt password files on your own time, on your own terms. Even with your meager account you should be able to copy an encrypted password file off a machine you've hacked and onto a safer one. At the very least, you should be able to view the contents of a password file, even though it is encrypted.

Then you compile a copy of the decryption software, altering it so it will read in a word from a specially-prepared dictionary file, use that as a key, and print the result. UNIX source code listings are available for every facet of the OS. Even if you can't get a decryptor of the type used by the computer to code the password (and other) files, you can still go to the manual, see which encryption algorithm is used, and write a program yourself that follows that algorithm. Brute forcing encryption keys on a password file is much faster than forcing one's way onto the system in the first place. Soon you should have found a key that unlocks the code, and soon you will have the superuser password!

Brute force may not always be a necessity. There is reportedly a well-known inversion to the encryption algorithm used on certain OSs, includ-ing older versions of VMS. Sorry to say, I don't know exactly what this inversion method is. I do know there are ways to algorithmically reverse the effects of a "crypt" command in
UNIX. That com-mand uses the World War 11 Enigma coding algo-rithm, which was devious for its time but no match for modern supercomputers. Sure, it still takes a while to do the inversion, but it is possible to do it if you have a computer with enough horsepower.

However, the crypt command isn't used all that much because everyone knows how vulnerable it is. Mostly "crypt" is left around for sentimental rea-sons. The encryptor that is most often used to en-code passwords is a version of the federal Data En-cryption Standard (DES). The UNIX variation of DES is "defective" in that
brute force attacks for en-cryption keys are close to impossible. How does it defeat brute force attacks?
As we all know, UNIX password files are openly available for anyone to read, copy, or print out, but the passwords themselves are stored in an encrypted form. Well, that's not exactly right. The password file actually does NOT contain any passwords at all. What happens is, when a user logs in for the first time and enters a password, UNIX uses the first eight characters of the pass-word as an encryption key to encode some constant (say, a long random number).

Another reason why DES was chosen to encrypt passwords is that when the DES algorithm is implemented in software form, it is slow. This means it will take more time to run a brute force attack.

Staying with this topic a bit, it's unsettling to note that the Data Encryption Standard also may not be as secure as it was once believed to be. DES was based on a security system called Lucifer, de-veloped by IBM for the National Bureau of Stan-dards in 1973. Before being released as the USA's official (standard) code,
the top-secret National Se-curity Agency had their say in the matter, reducing the complexity of the encoding algorithm and keeping certain aspects of its design under wraps. This looked mighty suspicious! Why would the NSA go out of its way to proclaim the code secure while simultaneously making it less secure? Critics
warned that a back door had probably been built into the system.

In early 1992, two Israeli scientists announced that they had found a way to beat the system. If someone knows the encoded message, certain mathematical techniques can be applied to infer the key used to encrypt the message. Then other coded texts which use the same key can be easily read. In any case, it is well known that much better codes have been produced since the 1970s.

Some systems make it difficult to brute force the plaintext out of an encrypted file, because the en-cryption key supplied by the user is not what en-codes the text. Rather, it is used to encode some random sequence of characters. Those characters encode the text.

You don't have to be smart to be a hacker, you just have to be clever. But to crack data encryption algorithms you must be clever, smart and mathematically-inclined. Lucky for us people who don't have calculators for brains, there are so many other ways to read encrypted files than by breaking the code! I'll stick with Van Eck and his cronies, thank you.

Spoofing

noreply@blogger.com (SUPER HACKER) — Thu, 15 Dec 2011 18:20:00 -0800

Spoofing usually refers to sending electronic mail in such a way that it looks like someone else was the one who sent it. Spoofing can also refer to any act whereby a hacker impersonates another user. Let's stick with the first, more common definition for a while, and look at some ways in which spoofed e-mail can benefit the
low-level hacker who wants to make good for himself.

One prototypical scam is to spoof an e-mail letter from the system operator. Susie User, a highly powerful person on the system, is on-line, going about her usual business. She checks her mailbox and is surprised to find a letter has just been mailed to her from the system administrator. The letter talks about how, because
of security breaches, they will now be issuing new passwords every six weeks. "Your new password is D4YUL," says S.U.'s e-mail. "You can change it yourself with the 'SET - PASS' command. Remember it! Don't reveal it to anybody! Computer security is an important issue that can not be taken lightly!"

A few moments later you notice that Susie has issued a SET-PASS command, and a few moments later you log on in her name, thus achieving her higher security privileges. It works every time! The trick is, you have to know how to spoof to do it.

Before you can spoof e-mail, you have to understand how such a thing is possible. Now, if you've ever used any sort of electronic mail program, whether on a mainframe or local BBS, you know that to send mail, the user enters basically three pieces of information: destination, subject and the body of the letter. Some mail
programs allow fur-ther complexities, such as the inclusion of other text files or programs, return receipts, etc., but let's just concern ourselves with the most primitive of mail-ing programs, as those are the ones that get the most usage. When you send electronic mail to another user, the computer automatically places a heading on top of the letter, which identifies it as having come from you. To spoof e-mail you will want to some-how change that heading, so it looks as though the letter was written by the person in charge of the system.

Usually one sends mail by running a mail pro-gram. The mail program includes a text editor and facilities to send mail to other users. But in many cases you don't have to use a special mailing program to send mail. There is usually a fundamental shell progran-uning command that allows you to send text or a file, into a file on
another user's direc-tory. This is what the mailing program does: it sends the text of your message into a file called MAIL.TXT or something similar, and when Susie U. executes her mail program, it will display the contents of the file MAIL.TXT.

As you can imagine, it is a simple task to open a text file, type in a header that looks like a header from a superuser's letter, then add your own text to the bottom of the file. Next you use the "send file" command to put this file into another user's direc-tory. Make sure the directory you put it in is one with higher access privileges than your own!

Sometimes the operating system itself foils this scheme. For example, one of the Internet protocols requires the two computers involved with the mail transfer to compose the letter headers. To spoof on the Internet, one would connect to a host through port 25, which is how e-mail is transferred to a site. Normally only two
computers connect in this way; there may be security safeguards in place, but if there are not, you can pretend to be a computer sending the commands to generate an e-mail mes-sage. This includes "mail from" and "rcpt" which establish who the sender and recipient are. Use "help" to get yourself through this.
Earlier I mentioned that spoofing is also con-sidered to be any form of on-line impersonation of another.

Many multi-user systems let users chat with each other by way of a command called TALK or WRITE, or something similar. When you issue a TALK command, a message appears on the recipi-ent's screen, saying that you wish to talk. If the other user wants to talk with you, he or she issues the TALK command also. Then
whatever you type appears on the other one's screen and vice versa. It may also be possible to filter the contents of a file onto another's screen by way of a TALK command. The hacking possibilities are endless!

One popular trick is to TALK a message like, "SYSTEM FAILURE. SHUT OFF YOUR TEW41-NAL WITHOUT DISCONNECTING TO PREVENT FURTHER DAMAGE. SYSADMIN," onto another person's screen. When they hang up, you piggy-back a ride on their account. As with e-mail spoofs, you can't actually use the TALK command to put text on another user's screen. You have to go into the source code of the TALK program, see how it writes to another screen, and use those commands. This bypasses the
safety features inherent in the TALK command. (If you use the actual TALK command to send this sample error message, the other party will see that it's you sending the message, not the Sysadmin. You have to emulate the TALK header which announces the name of the user sending text. You also want to go down to
the fundamental "send text" statements because you don't want the user to have the option of not talking with you.)

It's a recognized fact that spoofing accounts for a good majority of system security failings, mainly because they're so easy to do once you've gotten on-line and taken a look at the software source codes and manuals. Another trick relies on TALK-ing a message that an intelligent terminal will un-derstand. When you use a TALK command you aren't putting words into the OS prompt's mouth - the OS is simply putting what you type onto the remote terminal's screen. One way to get around that depends on the remote hardware. Some intel-ligent terminals have a Send or Enter escape se-quence that tells the terminal to send the current line to the system as if the user had typed it in from the keyboard. You can use TALK to send a message that contains a suitable escape sequence to do naughty things like email confidential documents back to you and the like.

Not only e-mail and TALK, but other com-mands are also known to be rife with ways they can be misused to a hacker's benefit. Anytime you come across a command which allows interaction with another terminal, study it closely to see how it can be manipulated.

Look at programs, too, to see if they can be used to communicate out of your own directory. The GNU-EMACS text editor (used on UNIX computers) allows you to send the file you are working on to another person's directory. If you happened to name that file ".login",(Under UNIX, "Jogin" is the name of the batch file that gets executed once a user logs into his or her account.) then whenever that user logged on, that ".login" batch would execute. And if part of that "Jogin" included mailing the user's secret stuff to your account, so much the better.