HACKING A HISTORY AND GUIDE BOOK


INTRODUCTION

I got my first Personal Computer at the age of ten. The year was 1992. The web was a new phenomenon. Top-notch web addresses were still up for grabs as the business world had yet to jump on the E commerce bandwagon. Besides that I had absolutely no idea of what the web was or where it was going to take me. I started where most people did back then, editing my own computer, learning everything I could about my system. When I was completely sure I had nothing else to learn about my DOS based Win 3.11 operating system I moved on to the internet. Starting out on news servers and mail bots I learned that almost all publicly run internet systems were operated by robots. Robots brought to mind pictures of 1960's horror classics but in fact I soon found out these were nothing but files inside the computer or computers that ran the server. Soon after being online I realized I needed a nickname, what some people were calling a "handle". I needed this to identify myself from others without giving out my actual name. If your going to rename yourself why pick an average name? Something like super duper god man didn't seem too attractive either. So I though what do I know about computers? I know that almost everything is named after an abbreviation or an acronym. Examples of this? Modem: Modulator - Demodulator which is a fancy way of saying phone. Another example is DOS, which stands for disk operating system. Knowing this it made sense to me to choose a name using this rule. Keep in mind I still knew almost nothing about computers but I knew that a program called a terminal helped you call other computers and that there was a terminal called a kermit terminal. I thought of that famous green frog and my name soon became the abbreviated version for this type of terminal, K99. After being online for a year or so and picking up on more and more information on how things worked, I realized this was a pretty stupid name. If I was going to be taken seriously I would need something more dynamic. After all, this wasn’t the 1980’s anymore. So I jumped into the dictionary searching for words arcane, esoterical, lich, pith, roke. Roke had a nice ring to it but I needed more. I finally decided on Roke the wizard. A wizard was thought of as an expert. Windows wizard meant windows expert. Unix wizard meant Unix expert and so on. So I thought Roke the wizard would make me sound like an expert. Under this name I would do some of the most illegal and notorious hacks of my online underground career.

In the 1990s I started to learn how to hack. I read everything I could get my hands on. I tried to learn not only about hacking, phreaking, virii, and cracking but also about other hackers and their crews. Back then there weren't that many. Actually more and more would pop up over the years, but since I didn't know any and no one I knew in my real life had any real interest in computers, I decided to start some of my own. The first name I came up with was Legion of Demons. You can imagine my embarrassment when I was informed by what seemed like thousands of hackers that LOD stood for Legion of Doom which was one of the most infamous hacking crews of all time. The LOD had an all star membership. These guys had done it all. I abruptly changed my crew name. DHC. There was no DHC yet. I searched everywhere, but what did it stand for? Demonic hacking clan, devils hacking crew? I didn't really care. I searched chat servers on IRC (internet relay chat) for anyone willing to join. Before I knew it I had a crew of over two hundred members and absolutely none of them had any idea of how to hack. Most of them just wanted their nickname listed on a website. After shortening the list down to about twenty members, it became more of a status feature. I could say I am the founder of a crew. I have a website. I offer how to hack tutorials written by other people as well as all sorts of programs I downloaded off of other crew’s sites. One day it finally hit me. I had turned into what was referred to as a lamer.

I decided to change the idea of this group I had started. I would be proud of what I was in the underground community and not only when telling people in my "real" life about it. The DHC got revised. Only users with real credentials would be members: they would be subject to regular meetings via IRC chat channels or encrypted messenger services. The crew got refined, less than ten members at any given time. People joined up who knew people. These people would invite people they knew and so the DHC became an actual hacking, cracking, phreaking, crew. My nickname Roke was however getting into trouble. I had started shit with people who you shouldn't start shit with. I tracked IRC cops, snitches and FBI agents. I then released this info to the masses through global messages and mass emails. I decided I would do as I pleased online. Cocky behavior got the best of me. Some pranks I pulled were creating my own AOL keywords (mostly about how to exploit AOL services), then global messaging everyone I could on AOL to visit them. I hacked AOL accounts changing info and such. I did a lot of stupid pranks. Mass kicking people off line, mail bombing, flooding, and nuking servers. These are things respectable hackers do not do! This is a big nono, not only will you be thought of as a lamer which fancies himself as a 31it3 d00d (Elite Dude). It is also against everything a hacker stands for.

The way I got out of these fates was simple I would resign as the dhc founder, cancel all my affiliations and memberships with other crews and pass my DHC founder position to the most respected and most talented hacker I could of ever met. His name was Super Axe Hacker. He took over and Roke went away. Little did my crew or anyone else knows that I was both Super Axe Hacker and Roke. I confused the obvious by cloning myself. In crew meetings I would spoof my IP address and make it appear that Super Axe and Roke were connecting from two different locations and two different states. Meanwhile I talked for both of them sometimes talking to myself to keep the charade up. I chose the name from the Dr. Seuss book "The Lorax" plus I thought it sounded cool. I soon shortened it to Saxe and the DHC members soon decided to change the name of the crew now that Roke was gone. The new crew minus a few old dhc members would be called SysRq, which stood for System Request. The crew was the best I had ever been in, members with talent and knowledge. I knew non-of them needed this crew but I also knew we all wanted it. The line up was pretty good in my opinion. Sonic_Borg a kid from the UK knew a bit about everything. Linux, bsd, proxy, telnet. If I didn't know, I would ask him. He was what a hacker was supposed to be; very security minded. Mr.B1onde had an unfamiliar nick. The most he had to offer was knowing everything about web programming. Html and Java isn't what I'm talking about C+ and VB were useful in knowing how web servers were running. He also designed some nice sites. Phorzen_Entry was another new kid. He mostly chatted and ran exploits on NT servers to knock down web sites. Last is Stealth Killa. He had an edge, which I still don't understand. I could give him a nickname and within a week he would come back with the real name, home address, home phone, and any other information he could find. This was extremely useful when getting into wars with other crews. For example how would you feel if you said something egotistical like "I will take down your whole crew lamer." And I replied "really -their real name-? Don’t you live in -real-home-address-?" This was an extremely effective scare tactic. SysRq had been formed and was a real force to reckon with.

SysRq hadn't been around long before it started getting heat. I don't know exactly what the other members where up to but any of us could of been attracting it. Paranoia started to set in I kept finding feds every where I went. In many cases when I entered a chat room or even sometimes a BBS, other hackers in the system or room would tell me that feds entered when I did. I started to watch entries after I logged in to any given system. In many cases the hackers warning me were right. Every time someone in real life said "Hi you like computers?" I got funny. At this point my email was being sent out anonymously and being re-routed five to eight times deleted everywhere it went, with servers on four continents I felt a little secure. When paranoia sets in it really sets in. I think everyone in the crew felt it. It went on like this for awhile but it wasn't long before we had run out of things to do. Call it a decision point. For me it ran down like this. I had been in a crew, accessed numberless servers illegally, authored online zines, been tracked by feds, written programs, authored tutorials, gained status, destroyed enemies, and had ran out of things to do. Well there is always something to do but the stakes do go up. With this amount of heat and with reaching this decision point the crew decided it best to take a break and get into the real world for awhile. For most this lasted between a month and a year off the underground. For me it's lasted almost four years. My nickname has changed and so has the underground.

The basic run down of these changes are simple to explain, but in order to explain them I must first quickly explain the make up of the internet. I think most people would say the internet is simply multiple computers connected together through phone lines, which is the same as any network, it's simple international. Well they'd be right but I need to explain what is ran on the internet. Let’s start with the familiar, web sites. Everyone has seen the http:// before a Universal Resource Location (url = site address). This http stands for Hyper Text Transfer Protocol. It is one of many different protocols run online. Being only one protocol it makes sense that there are other protocols you can connect to. Many like the web are open to the public for surfing. The reason these other protocols remain obscure is that there is little to no money to be made on them, simply because the web is the most user friendly medium on the internet. Ftp or file transfer protocol is one of these less recognized protocols. Instead of web sites full of pictures and color they are file servers which resemble file manager or explorer in windows. You can download and sometimes send files to these. Other common places to connect are newsgroups, BBS, chat rooms and messenger services. Here is a run down of how they changed. Newsgroups which are commonly connected to through Microsoft's Outlook Express are full of make money fast and penis enlargement ads, which are sent in by spam robots. Bulletin Board Systems which were connected to via your terminal and a phone number are basically non existent, chat servers are mostly based off of websites now so IRC or Internet Relay Chat servers although still active are not nearly as popular as they once were. Finally messenger services like AOL instant message and ICQ are so unsafe and open for attack there is no way I would ever connect to them.

The web is now so easy to exploit that many underground sites wish to do nothing that could upset anyone, out of fear of being attacked. This common problem has lead many sites to host nothing but security news and patches. I fear this isn’t only to avoid being attacked or even prosecuted. It is a lot easier for an underground site to download a news file off of another site and upload it to theirs, than to actually write anything themselves. I tell you right now that it wasn’t always like this. There have been extreme stories and happenings online in the underground that almost no one will ever know about. Things that changed public life. The media mostly used a sinister word "hacker" to describe scary virus, trojan horse, & worm attacks. Seldom to never reporting any of the protections or ethics of the actual hacker.

The term hacker which probably sounds malicious to the common or public ear is in a sense anything but dangerous. A common misconception is that hacker means anyone who does anything illegal on a computer. It might mean this somewhere but in the underground community it doesn't. A hacker is someone who gains access to systems and servers hosted on computers they aren't suppose to be in with the sole purpose to learn how the system or server works and show the owner the security holes or exploits in their system. People who break in just to cause problems are referred to as either dark hacker, which has become an obscure term or a cracker. Virus and worm attacks are always released by crackers, because to release a worm or a virus is in nature something a hacker can't do.

Another common problem I run into while discussing the ethics of hacking with common people is the misconception that hackers haven't contributed anything worthwhile to computers or society as a whole. I will now give some arcane examples and stories of the internet and what hackers have contributed. Also I will tell who these hackers are, their nicknames, organizations and the underground makeup past and present.



Chapter One - old school

To start off I think it is critical to gain some familiarity with the different crews, and to examine exactly what an underground crew is. Underground online organizations are made up of people who for the most part have nothing better to do. In the beginning of cyber crime, people who were into electronics would get into what is now called hacking as a way to further their studies. The only way for a teenage computer geek to learn about a company's private systems was to gain entry into those systems. You could go down to any library or book store and get a sling of books related to teaching all about how different computer systems work. However in the 1970’s and 1980’s these books didn’t exist. Imagine you were not allowed to learn about the subject which you are most passionate about. For computer enthusiasts this problem equaled having no art or music books for artists and musicians. These crews are made up by people who know a little and will share what they know with the group to learn more, until they all know a lot. The more the crew learns the better a crew they are and the more respected online. The best ways for you to join a crew or to contact the crew you’re in was through dialing into servers. Servers are simple systems set up that allow dialog. Most meeting places were either Bulletin Board Systems (BBS) or loops. A loop is a phone number set up to transfer your call. Example: if you were calling California from New York your call would be pure static if sent directly. So it is sent in packets to your local switchboard which uses loops to send on your phone call. If you dialed directly into a loop that ten other people called you could all talk for free from anywhere and all talk at once. In the underground online community this phenomenon was called a party line. However phone companies have gotten wise since those days and you will be charged now. A bulletin board system is now called a message board and instead of being hosted on private computers for the most part are hosted on websites by robots. Since most people know what a message board is I won't be going into detail to explain.

Possibly the most famous zine (online magazine) that was posted on bbs's was called Phrack. Phrack issue one was released November 17th 1985 and was written with eight contributors. The introduction was authored by Tara King. The issue contained articles like Knight Lightning's "how to use MCI international calling cards". This made phrack noticeably different from other online zines. The bbs that phrack was posted on was Metal Shop, a bbs run by the infamous crew LOD. Metal Shop was open 24 hours a day and was ran on a 300/1200 baud. It's phone number was 314-432-0756. In the second issue phrack released a listing for other bbs's. The purpose of this was so people who got a copy could connect using what they learned about MCI calling cards and call free into the other bbs systems. This list went as follows. Broadway Show -718-615-0508, Newsweek Elite - 617-341-2535, & Kleptic Palace AE/Catfur - 314-527-5551. The odd news coming out in this issue was that Spitfire (a phreaker who had contributed in the first issue of phrack) had broken his pc so he was out of the underground and that a phreaker named Dr. hack who was from the 314 area code (the same as Knight Lightning aka Craig Neirdorf) had been questioned by MCI who had confiscated his Atari computer. As you can see hacking wasn't only going on in the mid 80's (a time when most people didn't know what a pc was), but hacking was thriving.

The most active and feared online underground group at the time was the LOD or Legion Of Doom. Named after the panel of villains from the DC comic books, The LOD had some of the most infamous hackers of all time. Compu-Phreak of the LOD was at this time getting pissed at a bbs called Stronghold East Elite for hosting some LOD files on their system. Stronghold was run by a crew called 2600. The phone number for Stronghold was 516-751-2600. Little did Compu-Phreak know that fighting with other bbs's would be the least of his problems, but well get into that later.

Now since Tara King was the sysop (system operator) of Metal Shop, which means he owned it, and phrack was posted on Metal Shop, then he could basically write what he wanted. He wrote somethings that now wouldn't be acceptable. I guess he never thought that the transcripts of his bbs could be used against anyone. For instance if you were a FBI agent and you wanted a place to start in the underground world, you could find out that phreaker Crimson_Death owned bbs Hell Phrozen Over, he lived in Philadelphia, PA in the area code 215, he went by the nickname Sorcerer, his real name is Robert, born February 17th 1970, and at the age of sixteen (the age he was when this was posted) he was 5'3", 110lbs, hazel eyes, & had dark brown hair. He was tutored by Videosmith, his girl friend was named "the silver fox" real name Krista. The girl he had his eyes on was named Denise aka Schoolgirl. He likes metal music, and rap. Favorite car was a 1935 Dusenberg; he liked standup comics, and has had leukemia. Now why would an FBI agent care to know any of this? Well one reason could be that Crimson_Death was part of a crew called PhD, which stood for Phreak Hack Destroyers. PhD turned into Camorra. Members included The Executioner (301), Red Devil, Silver Saber, and Scorpion. Now if you wanted to get to someone like Scorpion aka Paul Stira how better than to approach his friend Crimson_Death in Philadelphia? With this example in ind you could understand why people who are in the underground community today do not post any personal data anywhere.

Since hackers were so frequently giving out their personal data it was pretty easy to get information on different hackers. You could almost make a board game out of it. What hacker was born on April 22nd 1965 with a height of 6'2", hazel eyes, brown hair, and lives in Brooklyn New York 718. The answer is Broadway Hacker real name Michael. Of coarse just as Crimson_Death, Broadway Hacker had ties with some of the top hackers in the net. Personally meeting with Dr. Who, King Blotto and Lex Luthor of the LOD. In case you wonder what happened to these people most of them are now either security experts or career criminals. If you were so bold as to look them up yourself, you could start with Knight Lightning. Knight Lightning is now thirty five years old. The last time he posted to phrack he was twenty three. He was undeniably the underground reporter and a strong voice in the underground. His frequent posting of "phrack world news" articles made his name well known. I last found his email to be knight@well.sf.ca.us.

This underground world however was not all fun and games. Hiding from feds, breaking into obscure systems, and feeling like you belong isn't all there was or is to offer. With this status of "hacker underground guy" comes a bit of an ego. Soon after hacking crews began hacking wars followed. The most infamous hacking war was between the two most infamous hacking crews. I am speaking of the legendary LOD vs. MOD war. The MOD took it's name as M is the next alphabetical letter after L. A sort of out-with-the-old, in-with-the-new taunt to the LOD. Not to forget that one of the star members was an ex- LODer named Mark Abnes aka Phiber Optik. Abnes was either kicked out or quit the LOD depending on who you get the information from. Chris Goggans aka Cyber Christ aka Erik Bloodaxe who had proclaimed himself leader of the LOD at the time, got into an argument with Mark and that's how it ended.

The MOD was clearly not impressed with the LOD and after one member of the LOD called MOD member Wing aka John Lee a Nigger all out war broke loose. The all star line up of these crews reads like a dream team of the underground. On the MOD side you had; Phiber Optik, Scorpion, Acid Phreak aka Eli Ladopoulous, Corrupt, Crazy Eddie, Wing, Hac, Nynex Phreak, Red Knight, Zod, Seeker, Outlaw, and The Plauge. With affiliations with the Decepticons. Which was another hacking crew. On the LOD side you had Lex Luthor, Dr. Who, Mentor, Lord Digital aka Patrick Kroupa, MaleFactor, Control C, Urvile, Doc Hoilday aka Scott Chasin, Prophet aka Robert Johnson, Karl Marx aka James Salsman, Expose, and Eric Bloodaxe. With affiliations with TPM, LOG, FOD, TMP, KOS Extasy Elite, Hich 4ikers, 2300, 2600, TOK, Apple Mafia, Force 1, Metal Communications, Fargo 4a-, and Warlords.
The outcome of this war is still like most things online, a mystery. According to the book "Masters Of Deception" by Joshua Quittner the MOD won, but according to phrack and the LOD, the LOD came out victorious. The reason for this war in the first place is equally hard to pinpoint. The MOD states that the crew Force 1 (ran by Expose and assisted by Hellrat) stated quote "You guys (MOD) should stay out of the hackin' buziness 'cuz none of my fellas are 'fraid of you. I'll take all of you out myself". After this the LOD declared official war on them. The date was February 1990. After a few weeks the MOD tried to downplay the war by stating "The only thing that has happened in the great hacker war is a few login attempts to modnet." The war however did go on for two more years. It consisted mostly of jamming phone lines, monitoring calls, and trespass into each others computers. To the average internet user, the years between 1990 and 1992 were felt. If you thought the reason you couldn't log in or got kicked offline a lot was because your internet company's servers weren't big enough you were wrong. They simply weren't secure enough.

To give you a more detailed but brief description of what I'm talking about, here is a list of some events that went on in 1990. Martin Luther King Day crash strikes At&t long-distance network nationwide; Chicago Task Force raids Knight Lightning in St. Louis twice; Secret Service and NYPD raid Phiber Optik, Acid Phreak, and Scorpion; Secret Service arrest Terminus, Prophet, Leftlist, and Urvile; Chicago Task Force raids Steve Jackson Games Inc. (The Mentors and Chris Goggans company in Austin); Secret Service and Arizona Organized Crime & Racketeering Buerau conduct "Operation Sundevil" with the aid of phone companies PacBel, ATT, Bellcore, Bellsouth, MCI, US Sprint, Mid America, South West Bell, NyNex, and US West.

The Secret Service used one hundred and fifty different agents to raid hacker's homes.
They raided 42 computer systems, issued 28 search warrants, and seized 23,000 computer disks. This operation spread across the country hitting cities like San Jose, Chicago, Cincinnati, San Diego, Detroit, Los Angeles, Miami, Newark, Pittsburg, Richmond, Plato, and New York. The most interesting thing about Operation Sundevil is that for all their effort the Secret Service made no arrests for computer crimes.


Just as unclear as the outcome of the infamous LOD vs. MOD cyber gang war is the cause of the At&t crash of 1990. Neither the MOD or LOD ever claimed responsibility, but this crash coincided with the activities of the MOD in the At&t mainframe. Many members of the MOD had been dialing into the At&t network for awhile, and among other things they had been using commands to which they didn't know the meaning. On January 15 1990 At&t suffered a major crash of their phone systems on the east coast. For hours calls didn't go through. Kennedy, La Guardia, and Newark airports were grounded. At almost the exact same time Phiber Optik was raided by the Secret Service. They accused him of the crash and the millions of dollars worth of damage. After that idea fell through, At&t stated it was an internal error that had already been fixed. Basically they said it was the code and that the 4ESS switch boards couldn't correct it properly so they all went down. This could have happened. What caused the error though? If the code was flawed who or what exploited the code to error itself? At&t stated they didn't know the answer to this question. After awhile they released this as being the problem.

do{ switch expression { ...
case(Value):if(logical){sequence of statements
break} else{another sequence of statements} statements after if...else statement}
statements after case statement} while(expression) statements after do...while statement.

I realize this probably makes no sense to you. I understand a lot of programming and it doesn't really make sense to me. It's answers like this that keep the origin of the crash a mystery. The truth of the underground hacking world is that there are no facts. Everything is based on what people believe. Maybe that is the way it should be? To give another example of this contradiction, columnist Robert Cringley of INFOWORLD once stated that the fact of the At&t crash of 1990 was due to Legion Of Doom sabotage. To break it down the MOD was suspected by the government, The LOD wasn't, and At&t ended up claiming responsibility.

Another enigma is if the LOD actually possessed the E911 source code document that Prophet claimed to download from a bellsouth computer. Underground folklore states that Prophet downloaded it, sent it to Knight Lightning, and Knight Lightning published it in phrack magazine. The problem with this is that it never appeared in phrack. What did appear was a detailed and specific explanation of how the 911 system works in conjunction with telephone systems. The file was written by Eavesdropper in March of 1988. This is what a hacker named Smj had to say about this document. "The publication of this article supposedly tipped off Operation Sundevil that the E911 document had indeed been appropriated from Bell South. CB and RA, both friends of mine, had their places raided and their machines (mostly At&t 3B2 Unix systems) taken or 'unplugged' because they only wanted to find out how this document made it out. No one realizes the great loss many of us experienced and what little faith we had left in our government's role to protect our own privacy. We lost our primary UUCP links, communication with our friends, and a wonderful public access Unix system that was killer.dallas.tx.us 'iczer' and I have tried our best over the past 12 years to replace killer, and although we have exceeded it in storage, capacity, GFLOPS, bandwidth, and a user base 20 times it's size, we still and will always stand in it's shadow. - 2002 sdf.lonestar.or" Most underground enthusiasts think that the hacker tales are true and the governments fear of them id the proof. Not to mention that shortly after Prophet, Knight Lightning, and Urvile were raided by the Secret Service.

The Masters Of Deception didn't steal the E911 document. They may or may not have crashed At&t, but with all of this uncertainty there are hacks they did do with no doubt. The proof of the MOD being a great hacking crew was out there just less celebrated. Two of the more notable hacks were of Altos and Wnet. Wnet was a local New York television station. One day Wnet found the message "Happy Thanks Giving All you Turkeys, from all of us at the MOD". Altos was a bbs which found its password had been changed to MODmodMOD. When At&t found an illegal free phone number had been activated they tried to look up where it was and who had done it. All they found was 'Acid Phreak MOD'. The proof of these hackers capabilities is there, it's just not completely certain what they did and what they didn't hack.

Besides hacking crews or groups, there are quiet a few hackers and phreakers that leave themselves without an organization. The most common reason for this is, you can still know everyone in a crew but you don't have to do what they want you to do. Often being alone is also much more secure. Many of the most famous hackers of all time were rouges. Robert Morris for example was the son of a chief scientist at the National Computer Security Center. Which is a division of the National Security Agency or NSA. He was a first year graduate from Cornell University. He claims that the first internet worm of all time being released was an accident. If it was or wasn't it still happened. In 1988 he was responsible for crashing six thousand computers within eight hours. This might not seem like a big deal by today's standards, but in 1988 six thousand computers
Was equal to ten percent of the internet. The net in 1988 was made up of mostly college, library, hospital, and government computers. For this Robert Morris was the first person convicted under the Federal Fraud Abuse Act of 1986. He made the worm at the University to find security loopholes in Unix networking.

Another "old school" rouge was John Draper aka Cap n Crunch. If you’re familiar with the Yippies, Abbie Hoffman, or TAP magazine you probably already know of Mr. Draper. He is renowned in the underground online community as one of the original phone phreaks. Mostly active in 1971 Draper helped start YIPL and TAP magazines. He found he could use a plastic whistle he found in a ceral box of Cap n Crunch to make a 2600 khz tone. Held up to the phone he could gain access to At&t's switching system and he could make free long distance calls.

The "old school" days are defined by the type of hacks and the type of hackers. Many hackers who were active in the 80's didn't break out and make a name for themselves until the 90's. The ones who waited would be known as gurus, and the ones who didn't, old school. Out of the old school hackers few would become famous for their contributions to the net. Robert Morris and John Draper were both recognized for their abilities to see flaws in software and systems. The Mentor however is remembered for his contributions to the net. The Mentor is the author of the most popular underground text of all time. "The Mentors Last Words" or "The Hackers Manifesto". is widely recognizable especially after parts of it were in the hit movie "Hackers". Ever since then it has appeared on countless sites of kids trying to get into the underground culture. This text is as follows.

“Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering." "Damn kids. They're all alike." But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world. Mine is a world that begins with school. I'm smarter than most of the other kids, this crap they teach us bores me. "Damn underachiever. They're all alike." I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head." "Damn kid. Probably copied it. They're all alike." I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me, or feels threatened by me, or thinks I'm a smart ass, or doesn't like teaching and shouldn't be here. Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetence's is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.”
-End of Hackers Manifesto, by Lloyd Blankenship aka The Mentor

The second and probably less known although an equal achievement of the Mentors was the Phoenix Project BBS. This bbs was setup as a place for government agents and hackers to meet. The only rule was no illegal files were to be posted. This rule was necessary so that the FBI and Secret Service agents could concentrate on debating with the hackers instead of busting them. The most interesting outcome of this was that many hackers and agents became friends. Instead of being a good thing this would prove detrimental to the underground. Alliances and false alliances were being made. I have a feeling this could have played a role in why the bbs was shut down. Even though it was errored from the start. The Phoenix Project did offer a place for some real dialogue to be spoken from two opposing sides. The transcripts of the bbs are still online and if you want to know more about this project you can download them on the net. Just do a search in yahoo, google, or altavista.

You may wonder exactly what happened to the MOD and the LOD after reading this far. Well quite frankly I don’t know what happened to the MOD. They basically faded out. Last I heard, Phiber Optik was working for a magazine. The LOD basically faded out also. The only real remnant of this crew is www.lod.com which is a computer consulting company. They were founded in 1990 and incorporated in Florida in 1993. Their phone number is 1-800- 959-6641 and their general email account is support@lod.com if you’re curious. The company and site although, aren’t too impressive, so don’t get your hopes up. This is a prime example that nothing lasts.

The only common question I may of left unanswered in this chapter is a really simple one. How was hacking even possible in the 1980’s before interest service providers were around? Well the answer is pretty simple to. You need an ISP to call computers that otherwise would be long distance. You don’t need them to call local ones. If you scan for computers or call companies and trick them into telling you the numbers and access codes you can connect from your house through your terminal or telnet. If you learn to phreak and make free long distant calls you can hack anywhere without an ISP. Of coarse instead of committing one crime your committing two. This is why many 1980’s hackers learned as much as possible about the phone systems and in many cases dived directly into it.


Chapter Two - 1990 - 2000

In the 1990's the most famous hacks of all time were conducted. With the coming of online giants like AOL, Prodigy, Earth link, MCI, and At&t, millions of people were getting connected every month. New terms started to pop up, new servers, new sites, and new systems. After the movie "Hackers" came out, there were millions of "newbies". A newbie was a person looking to become the next famous hacker but had no idea where to start. Newbies knew nothing about bbs's or crews like 2600. They just wanted to know how to write a virus and make cool looking websites. Most of them were satisfied when they downloaded someone else's virii and learned how to nuke users off of IRC (icmp flood or nuke is a way to kick someone offline). Internet Relay Chat is a popular chat service generally running on port 6667 or 6668. Few of these newbies would become respected hackers and phreakers. Since there were literally millions of new internet users every month, the underground community grew at a rapid rate. The problem with all of this was an overflow of newbie crews. The crews had two major problems. They would either be so unorganized that the members would never speak or contribute and the founder would end up running everything, or they would learn too much too fast, end up doing a run of the mill or brilliant hack and not cover their own asses and end up in jail. (These are mostly who you read about in the papers).

Some of these newbie crews would go on in tradition to become full-fledged hackers and phreakers. The old school boys who were still floating around the net would accept them and welcome them with arms wide open into the underground of the net. The outcome of this was that in this new internet age hackers would not only prove that the net was theirs, but that they would protect it. In some cases even for the public. Hackers have been scaring corporations and governments for some time now. Mostly because the hacking community has made it clear that if they find anything that is illegal or could potentially hurt a consuming citizen they will release it to the media. If the media won’t report on the story or concern then hackers will of coarse release it all over the internet, either way millions of people will find out.

This was around the time that I got into computers and the net. I recall being a newbie all inspired and full of excitement. In the early 90’s the crews who were big were the Cult of the Dead Cow, L0pht Heavy Industries, and Hack Net Computers. The most interesting thing about these crews were that they all were pretty much web based, all owning websites that were updated regularly. These like most well know crews of the 90’s were gaining fame by telling people how to hack and what hackers are like, instead of actually hacking themselves. Some people would say this is a prime example of hacker ethics, not bragging about their hacks and instead sharing knowledge. This could be the case and it has been proven that many of the members of these groups had extremely gifted computer skills. But it also makes a person cautious whether hackers online were actually hackers or just a person who likes to read about hacking. I mean when some one can answer a question you might have was it because they had done the type of hack and therefore knew about it, or was it simply because they read about it? This dilemma made it hard to recruit for crews and to join crews. I myself joined up with crews that weren’t anything but readers. I also met many of these types of “hackers”. The one advantage to this whole mess was that many of these crews and individuals thought that they had done their home work. In reality they were just going off what some one else had typed at one point in time. Many of the files you’ll read online about hacking are wrong or outdated. So when you crossed paths with them in many cases they would spout off and think they’re all that. Let me tell you it feels really good to kick the crap out of someone online every once in awhile. Plus depending on how good their reputation your own handle could be boosted. For instance if a fake hacking crew is made up of ten members and they together have convinced 1,500 people online that they are real hackers. Then once you kick the crap out of them and their ego you’ve gotten 1,510 people who think your a cool elite dude. On second thought I dunno if you’d want people to think you’re a cool elite dude. After getting into a war with another crew me and two other members from the crew I was in at the time received a formal apology and a plea to stop attack. Once I made the mistake to post this around the net I got 60 to 200 emails a day asking to join up with my crew. The hard part of this is 99% of these emails were from newbies and script kiddies and the 1% of mail I actually did want was hard to find. With this kind of atmosphere plus Secret Service and FBI snooping where ever they could you can see why a lot of 1990 hackers either left to write books, (not that there’s anything wrong with that) went to jail, or became a security analysis. Out of the newbie swarms came some infamy also. Stars of the new decade were in the mist.

One of the stars of this era was Mudge. Mudge wasn't exactly a newbie. I don't think he ever was one, he seems to have an understanding of computer systems rivaled by few. Mudge was the founder of two of the undergrounds beloved sites, unfortunately neither of them are still in existence. The sites www.L0pht.com and www.hackernews.com now both re route to www.atstake.com which is a computer security company. Mudge now is a renowned computer security analyst and vice president of research and development for AtStake. In addition he is in the Cult of the Dead Cow online security and hacking crew. As the founder of L0pht Heavy Industry and a member of CDC his name appears with three of the best hacking programs ever invented. Back Orifice and Net bus exploited window’s flaws and made it as simple as sending someone a file and when they open it you get access to their computer. These programs were initially made in order to display the security flaws of the windows operating systems. On the net these programs were seen as the anyone hacker tools. With Back Orifice in your corner, you could break into anyone’s computer who you could get to trust you. At least to trust you enough to open a file you send them. The only other really celebrated program released by L0pht was “L0pht Crack”. L0pht Crack is nothing more that a well coded program cracker. Cracking a program is when you take a shareware or demo version of a program and turn it into the full version for free. This is of coarse illegal. Most people who need a program cracked just search for an existing crack or serial (serial number is also called a key - it does the same as a crack). If you wanted to crack something and you couldn’t find an existing crack online, you could use a program like L0pht Crack and try to make one yourself.

Kevin Poulsen is another well known and renowned hacker. Poulsen is indeed a an interesting character. When he was seventeen he was caught hacking the NSA. Since the laws couldn’t prosecute a minor under the current law. The NSA hired him instead. In addition to being a respected hacker, Poulsen dedicated his time to developing his lock picking and key making skills. in the 90’s Poulsen was caught rigging California radio contests. He rigged it so that he would be the only one that could get through. By doing this he “won” himself a new car and cash prizes. At the time of arrest they caught him with multiple alter id’s that he had made by taking his driving test under dead peoples names over and over. Besides the id’s they found keys to sixty different NSA field offices. (something he was defiantly not authorized to have.). Poulsen spent five years in jail and went by the nick name “Dark Dante”.

Mudge unlike Poulsen was in hacking crews and released programs and files. I mentioned these crews as L0pht Heavy Industries, Hacker News Network, and Cult of the Dead Cow. It’s the last one i’d like to explain more. CDC besides releasing Net bus hasn’t done much. CDC is more of a club than a crew. The most interesting thing to me about CDC is that they have an always changing member list, and they have some very respected members. Unlike L0pht or HNN the CDC’s web site is still online. It’s located at www.cultdeadcow.com if you’d like to check it out. You’ll find a navigation page offering you three different sites to visit. I recommend the CDC main page and the “hacking” site which is located at hacktivismo.com

Since I brought up the CDC site another site comes to mind that was very important. It’s name is Attrition. At www.attrition.org you’ll find all sorts of things. Mostly completely useless, and un-related to hacking. The important aspect of attrition was it’s mirror database. The sites are still up but are no longer updated. So it’s kind of a historic piece of the internet now. When it use to be an active part. To put it simply if you hacked a website anywhere on the web and defaced it. (wrote your own messages on it) Attrition would upload it to it’s database and give you credit for the hack. The main reason as I see it that this site was so popular. Was through it you could boost your own hacking ego. If you wanted to get noticed this was an easy way to go about it. Most of the time the hackers who defaced any given site would sign their crew name instead of their own, and once you viewed the hacked page you would see who exactly in the crew did it. The web address for the defacements are www.attrition.org/mirror/attrition/. These examples of places on the web that hackers flock are still alive in a sense. The ones that aren’t and should be mentioned are as follows. Pharse hack/phreak was an online live feed television show dedicated to hacking and phreaking news. It was broadcasted over the web page Pseudo. The other phenomenon that is sadly gone now was the hacking radio station broadcasted by Hack Net Computers and hosted by Armageddon. The reason why the television feed and radio station aren’t up and running anymore are unknown to me. I would guess it due to lack of interest and cost. These two hacking forms of media offered a sense of community which has been lacking ever since they’ve been gone.

If anyone who is remotely familiar with the online hacking and phreaking scenes is reading this, I know they have all wondered one thing by now. “When is this book going to talk about Kevin Mitnick’s Case?” Well you no longer have to wonder. Kevin David Mitnick aka Condor, Anton Sherdnof, and Thomas Case is undoubtedly the most promoted hacking case ever to see the internet. There have been articles written about this case in Entertainment Weekly, Time Magazine, and the U.K.’s Guardian. Mitnick spent 49 months in federal detention with out a bail hearing. According to his defense team’s research this has never been done to another US citizen in the United States. Mitnick was also denied release on bail. Mitnick stated that pleading guilty to nine of the original twenty seven charges against him was his only realistic choice. Especially after learning of the prosecutors promise to keep Mitnick in prison without bail and to keep retrying the case in different jurisdictions until convicted. Mitnick states that he never committed eight of these charges. Mitnick asks “What threat did I present when I hacked into Sun Microsystems' computers?“ The answer came from Sun’s vice president of finance who claimed that my alleged downloading of Sun's source code cost the company $80m, even though they never reported the loss to the federal Securities and Exchange Commission. Sun offers that very same source code to their educational buyers for $100. With all of this court costs became incredible for Mitnick. Hackers on the net responded by opening The Kevin Mitnick Legal Defense Fund at Wells Fargo, branch #6501, account # 672-190-1177. The companies Motorola, Fujitus, Nokia, Sun, Novell, and NEC were all claiming extraordinary loss due to Mitnick’s hacks. The strange thing about all of this is that most if not all of these companies are considered 12-G corporations under SEC regulations. As a 12-G corporation any entity that suffers a material loss is required by law to report such losses to their stockholders and to the SEC. Failure to report any material loss violated federal law and can subject the corporation to civil penalties and a lawsuit by their shareholders. SO it would seem that if they prosecuted Mitnick they could suffer prosecution from their shareholders. The problem with this scenario is that big business doesn’t play by the same laws as private citizens. Mitnick was arrested in Feburary 15th 1995 and released in February of 2000. Mitnicks own site was defaced when he was released. It had a single message from the hacker vandal bugbear. “Welcome back to freedom Mr. Mitnick”. Tsutomu Shimomura gets the credit for tracking Mitnick down after suffering an attack on him personal computer. The movie rights to this case were sold by Shimomura to Miramax Films who casted Skeet Ulrich as Mitnick. After a bombardment of calls, email and threats by the hacking community Miramax stopped the project. Eric Corley of 2600 stated once that “He’s experiencing alot of frustration over what he can’t do”. Mitnick was banned from computers for three years. Since January 2003 Mitnick has been off of parole and now is a highly regarded computer security analyst. Mitnick was order to pay 4,000$ of the 80,000,000$ once sought. He is reported as saying “I deserve to be punished for the illegal transactions, but not to the degree I was”. Mitnick is a professional speaker, expert security analyst, and a computer consultant. In Mitnick’s words “"Hacker" is a term of honour and respect. It is a term that describes a skill, not an activity, in the same way that "doctor" describes a skill. It was used for decades to describe talented computer enthusiasts, people whose skill at using computers to solve technical problems and puzzles was - and is - respected and admired by others possessing similar technical skills. “

HDC or www.hackers.com is one of the oldest hacking related websites. It was started in 1994 by HackingWiz as a home on the world wide web for his underground dial-up BBS. The Hackers Haven BBS has been in operation since 1983. One year before 2600 or the LOD were founded. Hyper Viper was soon hired to be the sites webmaster. Revelation then used Hackers.com to host his hacking organization the Legion Of Apocalypse named in honor of the legendary LOD. The two parts of the site soon realized they needed to join to make one underground domain. They experienced coding problems and asked a hacker called Silicon Toad to help. Silicon since having problems maintaining his own site “The Infinite Void” decided to join up. They merged Silicon’s site with hackers.com to make the site truly unique. The Hackers Dot Com ideal is. “Destruction and unethical ignorance has plagued the underground too long, let's bring back the old school ways of creation and system penetrating for the knowledge that it is holding, not for the destruction of that knowledge nor the possessors of it. No, we don't consider ourselves to be the saviors of the hacking world, and we know this site isn't going to change the realm of hacking and the underground. All we want to do is our part, whatever that ultimately turns out to be. The goals that we strive for are not only the backbone of HDC, but the backbone of the entire underground community.” The Hacker Haven BBS is located at 216.55.176.193 or by going to www.hackers.com

In conclusion the 1990’s seem to be hackers most defining decade. Corporations, governments, personal, legal, servers, systems, and ethics all come to mind when thinking of this decade. If you are wondering the next chapter is not going to speak of the 2000’s challenges. It is going to speak of the differences between hackers, warez, crackers, and phreakers. There are also going to be definitions of what virii, malicious codes, worms, and other common terms mean. The reason I feel this is important to define at this point is that many people have preconceived ideas on what a hacker is brought on by media coverage.
Even if you haven’t made up your mind on what hacking is you will gain some familiarity with commonly used terms through out the online underground.
























HACKING
A history and guidebook.

Chapter Three - definitions

We’ve talked all about hackers but we haven’t talked at all about what a hacker is. You might think you know but do you? Terms like hacker are commonly used to mean anything illegal or complex relating to computers. This is not what this term means. If you search online you will find many definitions to explain terms. Depending on where you search you will find different peoples ideas on what these terms mean. Use this as a reference guide to the underground.

A hacker is an individual who seeks computer knowledge. A person who learns as much as possible about programming as possible. Systems, servers, and programs are all coded multiple ways. If you try to find out and understand how they work you are a hacker. The means of finding out how systems work defines hacking. Hacking is when your looking for answers that no one knows or will tell you. When your in the system you find out why it is running the way it does and what commands do what. You do not destroy this system or harm it’s components. If you gain access for vanity or to vandalize you are a cracker.

A cracker is a person who uses exploits (weakness in codes) to gain access to a system or server in order to either tag it with your nickname (handle), or to steal or vandalize it. With these definitions in mind you understand why the practice of making shareware or demo versions of programs into full versions for free is called “cracking”. These rules of cracking verses hacking shows how hackers cannot ever be blamed for releasing virii or worm attacks simply because to do so is not hacking.

A phreaker is something entirely different. A phreaker is someone who tries to understand everything they can about phones. Phone systems, switches, loops, and boxes contain enough mystery to make people curious to understand how they operate. Phreaks or phreakers do not necessarily have to be ethical like hackers. Many phreakers use what they know to alter and exploit the phone system.

Malicious codes are used by crackers and are commonly confused with each other.
A virus is a code that damages a system when opened by the systems user. A worm is code that opens itself and before causing damage tries to crack itself into other computers. If it is successful it sends a copy of its self to the next computer system in order to keep the damage going on. Massive virus attacks are sent to thousands or millions of emails at once to cause massive damage. Massive worms attacks sent to thousands could spread to millions on it’s own. Trojans are programs sent to be opened in order to gain access and can be used by hackers or crackers. Trojan horses usually send password information back to the person who sent it. They can however open a connection line straight to the sender’s computer. Other than these three common terms for malicious code, there are literally countless un-termed types of code. Web sites allow multiple languages to work together to make dynamic sites. These languages can be used to do all sorts of things on the sites users. Most internet explorer errors come from malicious java or vb programming in web sites. These programming languages are known as scripting languages. People who exploit them to do harm or steal are known as “script kiddies”.

Warez are free programs of all kinds ranging from games to operating systems that weren’t meant to be free. A warez dood is a person who offers cracks to software and already cracked software for free. Most warez doodz are crackers also.

With these definitions in mind you may realize most hackers are completely harmless. The ones that aren’t are more than just a hacker. You don’t have to pick what you are you know. An individual might be a hacker, phreaker, cracker or a cracker/warez/script kiddie. A hacker who is also a cracker may find out how things work spread the knowledge of what they find in the systems they aren’t suppose to be in. Then decide to paste their name all over the system and destroy a few files they shouldn’t on their way out. These practices give real hardcore hackers a bad name.

I think it is important to go over what some terms used in the hacking community mean. I may have even used some terms in this paper that may of confused you. I realize that most people have absolutely no idea what technical terms mean, let alone hacker slang. I’m going to do my best at making this section understandable, without making it dictionary like.

Let us start off with terms I have already used. A server is simply any computer hooked online all the time. Servers can host all kinds of things, websites to chat rooms and everything in between. A News Server is a computer hooked up online that hosts nothing but newsgroups. A newsgroup is a system you can log into to look at postings left by other users. Newsgroups are a lot like BBS or message boards. Telnet is one of the most important terms used in this paper. Telnet stands for telephone network, and is included with just about ever operating system out there. You can try to telnet into any system but mostly college systems are hooked up for easy connection. You can surf the net for connection addresses. A proxy in simple terms is a connection. When hackers refer to proxies, they are usually speaking in connecting anonymously. I am sure most readers know what spam is but if not it’s basically junk mail, popup ads, and online scams. A robot or bot is nothing more than a simple program engineered to perform tasks. Protocol in computer terms can be explained as a way to send information. Commonly used protocols are Hyper Text Transfer Protocol, File Transfer Protocol, Internet Protocol, and Client To Client Protocol. In other words these protocols are HTTP, FTP, IP, and CTCP. Another service offered online that I mentioned briefly was ICQ. If your familiar with AOL’s Instant Messenger program then you’ll grasp this concept with ease. ICQ simply let’s you know when your friends are online and allows you to chat with them. It’s a free download and is offered all over the net. The ICQ web site is www.mirabilis.com for anyone interested. I talk about programming and programming languages from time to time. I’d like to mention what the names of these different languages are just incase you stumble across them and get confused. C or C++, VB or Visual Basic, Perl, Pascal, Java, JS1, Java Script, HTML or Hyper Text Multipurpose Language, and finally ASCII or American Standard Code for Intelligent Interchanges. There are more but this list could get long and confusing quickly. A port is what it sounds like, a plug in. There are physical ports like your keyboard, mouse and modem. Non physical ports plug into the internet. They are all numbered so a port number is a way of telling what a computer or system is open to. An example would be if you port scanned a computer and the response was 80, 23, 25,21 you would know the computer was on the web, telnet, FTP, and email.

All the terms I have tried to explain so far are all used by everyone. The following terms are used by hackers and online underground enthusiasts, think of them as hacker slang.
Brute force is a term used to describe password crackers. Brute force programs almost never work and are a big waste of time. DOS to the common Joe means Disk Operating System and comes with Microsoft’s Windows Operating System. To hackers DOS stands for Denial Of Service. DOS attacks simply kick computers offline. Used on a server they kick everyone connecting to the internet through that server offline a nuke and a flood are two common names for these types of attacks. Exploits are errors in programming. If you can find a good exploit you can use the programming error to get what you want. Exploits can do just about anything from giving you access to a system to crashing the system, simply put an exploit is a system or program’s vulnerability. A war dialer sounds pretty sinister. All it is actually is a program designed to call multiple phone numbers in hopes of finding computers to connect to. Linux and Unix are nothing more than advanced operating systems. Hackers would say they put Windows and Mac operating systems to shame. There are only two more definitions that I feel are important to understand, root and PGP. Root to a hacker is the main account on a system. To put it differently if you gain root you own the computer and can do what ever you want on the system. PGP is an acronym for pretty good privacy. It is an encryption method used to make email secure. I think those cover the basics. The reason we are only covering the basics are because if we got more detailed this list would span ten or more pages.

I had been toying with the idea of listing websites to visit, bbs’s, email addresses, and hackers in this paper, but if anyone reads this in a year or two , these lists will be worthless. I remember how much I hated worthless data when reading. I will be discussing some simple tricks of the trade. Things that everyone who knows assumes everyone else knows them. These won’t get you into much trouble at all.

Right click disabled on web sites.
Remedy is simple try left clicking on the site then hit the windows button on your keypad. Choose the “view source” option. Notepad will popup with a lot of text in it. The text is what the webmaster typed to make this page of the website. If you are looking to download an image look in the text for anything that starts with img. usually followed by src. The image address will follow it. An example is the address can be typed into your browser to view the picture directly without the site. Viewing it this way disables the no right click option.

Finding an IP address
This is extraordinarily easy. If you want a website’s IP address search for an internic site. To do a whois search on. If you go to a few you will find it. The easier way is to go to www.mircx.com and download mirc.exe you could crack it into full version by going to any crack site or by searching for “mirc crack” but to do so would be illegal. One you open mirc, which is an Internet Relay Chat program you can connect to what seems like an unlimited list of chat servers and rooms. The nice thing about it is you can also perform commands that you cannot elsewhere. If you type (/dns www.domain.com) you will get the IP address to any site you want. If you type (/dns nickname) you’ll get the IP address to anyone on IRC to whom you ever their nickname.

Other IRC commands
Common commands for IRC are as follows “/whois nickname”, “/clear”, “/msg nickname”, “/memo nickname”, “/join #channel name”, and “/part #channel name”. You can search for IRC scripts and tutorials for a more in depth look at how to use pings, fingers, and nukes.

These tricks seem simple to anyone who knows them and are hardly worth mentioning. but to people who are online aimlessly and have no direction on what anything online is. They may prove to improve your odds of existing online. Real tricks shouldn’t be learned until after you get some of these basics anyways. Once you think you’re ready search for exploits and tutorials online.

This is the way I got started at least, after learning about my own system of coarse.
If you don’t even know your own computer I think you should start there. All most everyone reading this is running some form of Windows. Personally I think Windows 98 was Microsoft’s best operating system. It almost never errors if ran right and isn’t full of dumb-dumb help programs. If I was starting out now, and I wanted to learn about my system. I would probably open file manager or explorer and search every directory on my computer. Including the hidden directories. Then I would delete was extra and get familiar with basic programming and file extensions. For instance, if a program is named notepad.exe the exe is the extension. Exe means program, txt means text, gif means picture, sys means system, and so on. After completing these tasks I would go online and search of operating system tweaking tools. Windows favorites include Tweaking Toolbox, Tclock, and Tweak UI control panel add on.
You can find these online all over, once again do a simple little search. If you want to get into programming look for a resource editor. Keep in mind when you download a program try to find out what it’s doing. What I mean to say is if you downloaded a program to change your splash screen, which is the windows logo you see when you turn your computer on. Then you could realize that the program is editing an rle file in your computer. Then you could add rle to the file extensions you know. This doesn’t make you a hacker but it gets you started towards the type of thinking you need to posses in order to become one.

It was this kind of thinking that compelled me to spend most of my adolescence in the 1990’s hacking scene. During this time every night was a new adventure. I wasn’t satisfied with a night online if I didn’t accomplish anything. I was always active, always looking to gain status. I was always busy; managing a crew, sending out newsletters, writing code, scanning, authoring tutorials, and of coarse hacking. Between the ages of twelve and seventeen most kids are wrapped up in relationships and school. Since I hardly attended class and dropped out at the age of fourteen school wasn’t really on my mind. I had my fair share of relationships but they always took second place to my hacking career. At the highest point of recognition my nick name Roke, was known by almost everyone in the scene. If hacking status was a game of chess I had reached bishop status. I wasn’t the king or queen, but I had grown from a pawn to sit right next to royalty and found myself befriended by the knights and castles. From time to time in meetings between me and other crew founders, hackers at my own status level would pop in and say hi to both of us. This was a way to show recognition, to let other hackers know you knew who they were and respected that. This also made it hard for me to give this nickname up. It’s also hard to resist the temptation of messing with things respectable hackers don’t mess with. Which led me to giving up my name. These pranks look stupid and immature to me now, but back then they were fun. To illustrate the lameness of these kinds of pranks I should describe how to do them. AOL for anyone in the underground community is the worst Internet Service Provider out there, sure it’s great for the common computer user but for a hacker or anyone interested in hacking it’s quite useless and insulting. So let’s attack AOL was a common though among script kiddies and lamers. When ever lameness popped up in me I thought this way to. Now keep in mind there were and maybe still are always attacks against AOL going on, they were a high profile target that for some reason instilled hate in hackers. So from time to time twenty or so lamer hackers would nuke several different AOL servers in hopes of kicking tens of thousands of people offline at once. At this time Master AOL was released online. Now there were always programs set up to target AOL but Master AOL was the staff member version of AOL and had many options in it to change AOL’s settings. If you wanted to bust into an AOL chat room or send instant messages to someone who ignored you then a program like AOL Fire Toolz or AOL Ice would do you just fine. Master AOL wasn’t exploiting programming flaws it was program options only staff members have access to. Now, just incase this ever got released AOL took some steps of precaution. If you installed Master AOL your login name needed to be recognized as a staff member in their home systems. Well the hacking world came to the rescue of this dilemma when a crack was offered. However after you were in, you needed specific codes to use any of the staff features. I quickly wrote a crude brute force password cracker and spent the next few days hoping for a code that worked. I came up with a few that checked out. Soon I had changed all the AOL information in my account. I changed my name to Roke the Wizard and threw DHC tags all over the place. The most recognizable thing I did on occasion was making my own AOL keywords designed to show other people how to hack AOL. After they were done being created and registered with AOL’s computers I would send global messages to people and invite them to visit it. Every time AOL found one of these they of coarse destroyed it. After doing this from-time-to-time and getting in an email conversation with Steve Case himself, who was the owner of AOL I decided to call it quits and pursue other aspects of lameness. I learned all about IRC and soon wrote my own versions of the chat program which would make it extremely simple to nock people offline. In addition to this I found myself compelled to deface multiple websites mostly using NT exploits. These kinds of attacks attract all sorts of attention. The best kind of attention came from a Singapore news paper who wanted me to answer questions about hacking and add to some articles. I did this briefly but soon got board, I didn’t like answering questions as much as I liked having my questions answered. In addition to a few media outlets contacting me, lamers who wanted to know how to be lame were constantly on the nag. I usually deleted the messages they sent but every once in awhile I would send out a series of test questions. If they could find the answers and tell me I would tutor them. I only got a handful of pupil this way and almost all of them weren’t worth my time. Finally one found me who was really interested in hacking. He reminded me of a newbie form of myself. His nickname was KingNoth named after the hit Metallica song. This was a really stupid name but I had to remind myself of my K99 days. After tutoring him for a few months he was added to the DHC which was my main crew of the time. KingNoth stayed an active member for almost a year after joining then suddenly dropped out of sight. I didn’t know what to think except that he probably was getting wrapped up in his real life, I found out I was wrong. Months went by and I received an email from KingNoth’s mother. She said that he had died in a plane crash and she was going through his email lists on his computer to see let all of his friends know. I had a feeling that she thought me another friend from a different state. I made the decision to tell her I was a hacker and so was her son. She visited our home on the web and said it was a side of her son she didn’t know existed. I made him sound like a better hacker than he was and posted a memorial on our site. Hackers from the net soon gave their condolences in a massive out pouring of support for a fallen comrade. This happening made me stop all tutoring, I didn’t want to go through it again. This may of also made me more daring I severed ties with Last Computer War. Which was a group set up to end wars between hacking crews. Although around this time I had turned into the ethical hacker Saxe, I also was hacking unethically as Roke. I started fights and took no crap from anyone. On IRC I soon got my whole domain Klined, which means no one from my domain was allowed on IRC. My nickname Roke was also taken from public use. I took me about two days to get back on IRC and about a month to get my name back. In the mean while I was using Roke- as my handle. To get the IRC servers who Klined me back, namely Dalnet and Efnet. I decided to attack all IRC cops. An IRC cop is nothing more than a user who has the power to Kline, kick, moderate, and delete other users and chat rooms. I scanned the networks and soon had a complete listing of all IRC cops on Dalnet and Efnet. One night I took all the IP address of these IRC cops and any other information I was able to get and released it to the masses on IRC. Stating I was about to attack. I kicked as many as I could offline, nuking their servers. I used every lame trick in the book. I had even gotten a few of them to accept Back Orifice and Netbus trojans. Which gave me access to their home computers. I kicked as much ass as I could, then retreated. Needless to say Roke disappeared again and Saxe emerged. I attended some 2600 meetings in Seattle at the convention center. I learned a little about how to hack satellites and smart cards in an attempt to keep myself occupied. Online I was getting into trouble. I had installed a kill button on my computer. Which was a big red digital button which if pressed would erase my entire computer. It was designed incase the secret service ever knocks on your door. Scanning local systems and diving in had become boring, as none of them held anything of great interest. I was never interested in credit card fraud or releasing virii or worms, and I never seriously harmed a system. I learned a lot about phreaking but and dabbled in it but I never made illegal calls. The furthest I went was scanning AT&T’s systems. There are phone numbers set up for everything from lineman testing numbers to news reader. I thought it was interesting on a day away from my computer to call hundreds of numbers and see where they go. With this profile of the type of hacker I was, you may be able to understand why there wasn’t much more to do. It’s True that there are always systems to hack and code to learn, but I was at a point where I was happy with the amount I knew. Online the heat was growing. I knew I had most likely attracted some with my antics but I knew other members had been up to some of the same. With the talent of the SysRq crew and the abilities of it’s members the feds could of been attracted to any or all of us. I started encrypting all messages sent from my computer. I even wrote my own encryption program in addition to using programs like Crypto Chat. I started tracking feds set up to track me. Honestly I was scared of them. I spoofed my IP, cloned myself, and change my nick. I would try to talk to them but they would seldom talk back. I watched their movements from a distance and watched them track myself and other hackers by following them into chat rooms. Some of these chat rooms would be open just for the day or week in order to stay secretive. When feds entered I would alert the person attracting them to watch their back. Then the users of the room would organize a quick exit. We would all change our names by adding something like a positive or negative symbol behind it then enter a brand new chat room of a previously decided name. This made it much harder for a fed to find the channel. As long as all the users were in no other chat rooms. This was about the time that I reached a decision point. I could either go on and fight the feds and dive into top level systems or become a normal teenager. People I knew online had been getting busted, some got jail time. I knew I was either going to go as far as I could before getting caught or cash in my chips. I cashed in my chips and called it quits. Deleting all records of my hacks and previous mischief. I was no longer in the hacking world. I dedicated my spare time to skateboarding, tagging, and drawing. My computer time was spent developing web skills and programming. I learned computer graphics and just about everything about web design and development. Recently I have been browsing through the hacker world in preparation of this book. I have been going by the nickname Gsys or Gsys101. General System or Global System I thought it was a cool egotistical name. Most places I visited hacks thought I was a fed. I had to tell them how to tell if I was or not and plead with them that the reason I could find out about them is because they weren’t careful. Not because I was some super duper fed. The hacking world, it creates so much fear and mystery when in reality it represents neither.


























HACKING
A history and guidebook.

Chapter Four - 2000 and beyond

This chapter is going to layout what his happening online now. Where crews are and what they are doing. Why hacker attacks are in the papers. I will also answer the question “where can I find a hacker online?” The crews of the 2000 are one of two. One is very sophisticated and defined. Two is very lame and full of pride.

The chat room #2600, which is located on IRC server dalnet (irc.dal.net) is ran by a crew named Kn0wledge. Kn0wledge once went by the name of R00t Team but decided that most of their members were crackers who mostly did defacements listed on attrition and the crew needed an overhaul. Users include Psaux (psaux@mail.com), X-government agent who is 28, Fris who lives in the Dallas area, Socket_A who’s real name is Arren, Cryptic_Smurf who runs a FTP some times which is his IP address of the day, HexMaster who is Brian Jensen born 1974 from Denmark, Princess Lizzy who is nineteen, Fire eyes, and Kn0wledge (kn0wledge@hushmail.com). Their crews chat room is #kn0wledge. They are affiliated with RootShellHackers (RSH), Hackweiser, Pentaguard, Death Knights and are against Anti-Scurvy, R00t.br, Prime Suspectz, VUGO, and LTDA. This crew is mostly made up of lamers as far as I can tell. With some prime members that carry the whole crew.

Digital R00t, is mostly a web based crew. It offers an archive of exploits, text files, and programs which have been collected from the net. Founded January 1st 2000, digital r00t is not much more than an archive for the hacking world. Members of this crew are all assigned different tasks on maintenance of the site. These members include Active Force from the Netherlands, ICQ #726699, admin@digital-root.com - Electro Sphere, 30 years old from USA, electro-sphere@digital-root.com - and Evolution-X, 36 years old from USA. It seems like anyone who really wanted to could join this crew.

2600 and CDC are still around but their focus is more on preserving the hacking world that doing anything else. 2600 concentrates on it’s magazine and CDC on it’s papers. It seems all experienced hackers have turned into reporters. Leaving the net open for the newbie crews.
The threat of hackers it seems in the years to come will not come from hacking or cracking crews. It will come from individuals. The only crews that may have an impact still are sponsored by governments or corporations. Hacking it would seem has become a real scapegoat for high power entities to get information. Blame a hacker or hire one. Either way you can make it so your corporation isn’t blamed.

One thing I would like to add to this book is a brief definition and demystification of binary code. Sounds technical and kind of boring doesn’t it? Ever see a bunch of 0’s and 1’s on a poster, tv show, or movie? something like this 00101011010010101. This is binary code. Every six digits is a different character. I don’t remember binary code off hand but if the code was 001010101010101001 you would first separate ever sixth letter. 001010 101010 100101 and then you’d use a character converter to convert these numbers to letters. So as you can see it’s just a way to write things and it’s not some super complex code. This is the same as encryption but encryption takes ever character you write and instead of converting it to a six digit zero and one number it converts it to usually 128 characters which are then scrambled in an order defined by the person who scrambles it. Some times people to thing multiple times making it literally impossible to decipher.

After reading this you may still wonder why a hacker becomes a hacker? Millions of people have home computers and nothing compels them to commit cyber crime. What if you have a child and they spend a lot of time of time on their computer. Could they be hacking? To tackle these questions let’s think of a common out look about the internet. I would go so far as to say this is what all hackers think of prior to doing their first hack. Most people on the internet limit themselves to the world wide web, they think this is basically all the internet has to offer and even if it isn’t why would you need anymore when the web is so big? If you think the web is big think about this. When you log on to the internet your computer is connected to every online computer in the world. Every business, government, phone, library, hospital, school, military, and home system. You have the possibility to access anything on these systems. It may be a top secret business merger or a grade school kid’s report card. When you think of the internet being as vast as it is you could begin to imagine the different types of adventures you can have through the keyboard in your house. Wall street, television, radio, weather, ATM, and all kinds of personal records are literately at your fingertips. Just seeing the possibility of all of this isn’t enough though. If you really think you could access any of these systems even if you don’t know how sooner or later you will. After considering the size of the internet it is hard to think of websites as an endless phenomenon. They just don’t seem so exciting anymore. You’ve got to ask yourself, if you could access systems like these or had enough time to learn would you? It would beat the hell out of watching another sitcom on television wouldn’t it?

Now how do you know if someone is a hacker? What if your own teenage kid is, how would you tell? Let’s review what we know about most hackers. Well we know a lot just by their nicknames. Most hackers nicknames come from comic books, electronics, or hacker movies. For instance comic book names would include Lex Luthor and Knight Lightning. Electronics like 2600 and Phiber Optik. Hacking movies like Wargames spawned such names like Thomas Case and Professor Falken. So hackers must like comic books, electronics and hacker related movies. Since I was a hacker and hung around them for years here are some more common interests and topics of discussion. Dungeons and Dragons, Magic the Gathering, massive amounts of soft drinks, video games, and japanimation. Sounds like any teenage boy doesn’t it? If you add bad sleeping habits and more time on his computer than time spent with friends chances are your kid is a hacker. You might be thinking “that’s all well and good but what about spotting a hacker in real life”? Hacking tags are actually all over you’ve probably seen many of them and didn’t know it. Some common tags, symbols, and slogans on t-shirts and stickers are, Hack Net Computers, CDC owns yoo, Got R00t?, 2600 the hackers quarterly, Free Kevin, Jinx Hackwear, and LOD vs MOD. You may also notice that hacker related movies usually have references to real life hackers or crews. The movie Anti Trust has CDC tags in the credits if you look close and the movie Hackers has a character nicknamed cereal killer. In the movie he states his real name is Emmanuel Goldstein. Emmanuel Goldstein is the nickname of the real editor for the 2600 magazine. If you ever decided to approach a hacker on the street keep in mind that most hackers use an alternate nickname in real life apposed to the net. For instance if your nickname was Roke the Wizard you might say your name is Broke Blizzard. If your name is Saxe Malice call yourself Axe Alice. It keeps you more anonymous. I mean your hacking, breaking countless laws on a weekly basis and someone you don’t know wants to know your name. How would you react? Remember hackers aren’t as they are portrayed.

The media hasn’t helped to calm hackers nerves either, as it has molded the common opinion on hackers as master criminals or digital terrorists. In a way news coverage on hacking has defined what a hacker is, or at least what a hacker is to the common person. I feel the reason for the media’s slant on the facts of hacking cases is a quite simple one. Although many online hacks and phreaks are convinced they are out to get them because they are owned by big business I think it is a little simpler. I think that since hacking is such an arcane subject to most individuals writers for papers and news coverage simply don’t know any better. They write based on what they’ve read or been told by officials set up to catch hackers. Irresponsible reporting isn’t that hard to imagine, especially when you consider the source, plus it makes a better story. Headlines like “Hacker caught breaking into Whitehouse” or “Online Terrorism is at an All Time High” catches the eye’s of readers more than a headline like “Hacker tests White house security and offers solution”. People who are reading this might be thinking that hacking the Whitehouse no matter how or why is a big deal. If you read this story you would realize that the hacker going by the name Zyklon who did this actually just broke into the Whitehouse website. When they caught him he confessed and was quoted as saying “I didn’t think it was that big of a deal”. Not just because it was an easy thing to do, but because no real damage had been done. Most web site hacks don’t even deny the site from coming up. You just have to click one time more to get through the hackers page explaining why the hack was done, how the hack was done, how to fix the hole, and a few shout outs to their hacker buddies. Fixing this would literately take a few minutes. So the question is what is the damage in a case like this? Well the hacker doesn’t own the site and denied it to run properly until the owner found out and took the few minutes to fix it. The hacker does however in many cases show how to fix it so it won’t happen again. This is a give take relationship. The only wrong doing I can see in this is that the hacker initiated the relationship. The site’s owner or operator didn’t ask for the security to be tested. So if the owner is a prick and doesn’t understand the service done there should in my opinion be a law protecting his or her rights. The embarrassment of the owner shouldn’t be taken into account because the embarrassment of the hacker being called a cyber terrorist in the papers is equal. The common punishment for a crime like this (that is hacking into any kind of government ran system) is three to five years in prison. Having felonies on your record isn’t a nice thing to think about but spending a few years in a maximum security prison is what most people in this scenario worry about first. Think about it your a computer kid, you like technology and get something most people don’t. You make a mistake and spend the next few years with murderers and rapists. I can understand if law enforcement is trying to send a message that they take hacking seriously, but consider the damage this is the same as if someone painted on your front door that your back door was unlocked knowing that you would be home in a few minutes to lock it, and to make sure you have a clear conscious you leave a better lock and some paint to fix your door. If someone did this in real life they could get arrested for vandalism and destruction of private property. They would not spend the next few years of their life with rapists and murderers. So why are there such tough laws? Because the media tells people to be afraid. People believe them because they don’t know any better. Zyklon who I had the pleasure to meet online a couple weeks before his arrest wasn’t a well-established hacker. He was a seventeen year old kid form the Shoreline district of Seattle
who had been searching for a crew to join up with. I even turned his membership down to the crew I was running at the time. He join up with the crew Global Hell which was notorious for irresponsibility. This type of hacker can hack the Whitehouse web site, which should illustrate the simplicity of the hack and reason why he felt it was “no big deal”.

People might still be wondering “if there is such a big risk why would a hacker try to explain security holes to operators, especially like the Whitehouse, common the kid was showing off?” The explanation is simple and crude. The risk was un-apparent and the kid was showing off as kids do. So what purpose do hackers have besides offering security tips to operators of sites and systems who may or may not end up putting the hacker in jail? The contributions of hackers to society are mostly unnoticed. Better encryption methods for protecting data would be something that most people could think of but some larger scale contributions might be the ones mostly unnoticed.

The four largest contributions to society that come to mind are all world class and in my eyes deserve awards not persecution. The MPAA or Motion Picture Association of America is responsible for rating movies, R, G, PG you get the idea. They also own the copy right on DVD’s. Many computers come with DVD players. The only operating systems that would operate these players were Windows and Macs. So if you wanted to run an operating system like Linux the DVD player you bought with your computer wouldn’t work. This made it so people who wanted to use DVD’s had to run in most cases Microsoft Windows. The explanation was that no one could figure out how to make it compatible with other operating systems. So the hacking underground solved this problem and released the code for linux and unix users for free. Keep in mind they only wanted to use what they had bought. The MPAA soon sued every site hosting this file. It turned out that the MPAA was capable of writing the code themselves they just weren’t going to until the makers of linux and unix paid millions for the code like Microsoft and Macintosh had done. Incase you didn’t know although you can go to a software store and buy Linux you can also download it legally for free. It has always been a free operating system which in my opinion is better in many ways that Windows or Macintosh.
The main site the MPAA was suing was 2600, remember them? In the end the MPAA loss their law suit, I myself had a big “Stop the MPAA” sticker which was passed out with 2600 magazines on my car.

I am going to try to be a little more brief on the following three as I don’t wish to drag this topic on as long as it can go. Remember when Microsoft was found having installed software that could pull out personal information on a person’s system? This is called a backdoor, it is illegal and if it wasn’t for hackers no one would know about it. Maybe you remember when the phone companies started to rave about the new services they had like *69 and *70? the reason they could offer these new services is because they had set up ESS or the Electronic Signaling System. Remember old school cops and robbers movies where in order to tap a phone a cop had to break into your house or climb up a telephone pole outside? ESS made it possible to simply call the phone company and say “I need a tap at this address”. This was all released in the late 1980’s by Lex Luthor of the LOD far before the services were released to the public. Finally you may recall all the problems people were having with an organization called the WTO? I am not going to turn this into a political topic but there was something called the GAT treaty which was going to make it possible for business to sue countries that they felt were interfering with their right to make as much money as possible. If you want to read up about this you can some where else but for now take my word on the fact that this would make it possible to throw out all world environmental laws and the reason people were so pissed other than the obvious WTO supports sweatshops slogan was that in Seattle they were trying to pass an amendment to the WTO making this possible. The reason they had to do this was that the GAT treaty was discovered by hackers and released to the public in France causing such outrage that the WTO had to retreat from it. In Seattle the outrage stopped the passing of the amendment, at least for awhile. After reading this consider just consider the world with out hackers. What would it be like? I for one am glad that there is an online underground keeping the rich fat white guys in check.

As you should be able to see by now the stereotypical view of a hair sprayed kid listening to techno typing on his keyboard when graphic colors swirl around it is not close to what a hacker is. A hacker at best learns about computers and when they find something note worthy they share it. A hacker at worst is a cracker and steals system info, credit card numbers, free phone time, and damages computer networks with out prejudice. The next time your on your computer waiting for your internet server to connect you think about all the things that have happened, all the things that will happen, and all the things that can happen. If you dedicate yourself you just like anyone can learn about computers and call yourself a hacker. You do not need to know arcane codes or be able to type a million words a minute. All you need is a drive. A drive that will compel you to understand. There are limitless stories about the net and the people who use it. E Commerce, business, governments, dating, and gaming are all stories that could be told. Going on around the clock and never stopping. The most interesting tales of the net are those of hackers. Now you’ve read some and I hope you’ll bring some understanding away from this book that you didn’t have when you opened it. The physical world should always remember that the cyber world is all around them. In the air and the phone lines the digital revolution is never ending.

This Document was authored by me.. Saxe Malice aka Roke the Wizard aka Gsys101 - Shouts to all ex members of DHC, M0S, and SysRq..