I got in trouble for a bunch of things. I wrote a utility that was supposed to cover up the "system tray" clock (with an identical one with context menu) so I could run command line apps on school computers, but the system thought it was a virus. (I guess Delphi 3 apps named iexplore.exe are suspicious? :P)
Then I embedded the Game Maker installer in a Powerpoint presentation, since it was one of the few ways to be able to run a foreign exe (along with zip files, but they are more obvious targets and they're more likely to inspect them).
Then I exposed (didn't exploit) a serious XSS issue in the school's VLE, which of course they gave me a final warning for.
Edit: The School's IT policy, previously a single A5 page, became two-and-a-half A4 pages thanks to me.
At my school for whatever reason I was able to change for whatever reason the hosts file. I changed the popular mail service to redirect my clone site to collect passwords... I got caught in a week.
I sniffed the traffic of my schools network, performing an ARP-poisoning attack, and then redirecting all traffic to https://internal.schoolwebadmin.thing.com to http://internal.schoolwebadmin.thing.com and caught the person attempting to login to update the internal web site of the school. Then I updated internal website-info, changing the https://accessitfromoutside.com link to http and started sniffing that server again. Over-night I got around 400 passwords from both teachers and students one of which was the administrators password for the local domain, where I could do many more things. But then it stopped being fun and I played counter strike again.
For some reason I still don't understand today, 9 of us in my high school programming class had read permission on absolutely everything. It was only students numbered "01" through "09" in that particular class -- I checked the border conditions in a very OCD-style.
I remember in high school, the computers where running windows 95. They used this shell hacking "protection" software called Fortress. It worked by hiding buttons and menus and trying to prevent you from opening up various apps or clicking certain files in common dialog boxes.
My first "hack" was just a boot disk that simply copied fortress.exe to another directory (a little choice.exe with autoexec.bat magic).
The second hack came later. The computers were upgraded to Windows 98 and my autoexec.bat trick stopped working because of a BIOS password. Thankfully the machines came with Word which had nice shinny feature called Visual Basic for Applications. Most of the shell was hacked to hide menues still in Fortres 2.0 but good old VBA was still accessible. Using VB I could call Win32 apis and it was just a few calls to enumerate and kill the startup entries for fortress in the registry.
The best part of this was that it was all sanctioned activities sort of. The IT department was in a central building downtown (30 minutes away from our school) and who was always a pain to work with for the teachers. Their gradebook apps failed under fortress and even their teacher passwords failed to disable all the shell hacks. Shutting off fortress was the only compatible way to get things to run correctly for the teachers.
At first when the local IT department found out, they laughed, but then later got upset when the disk of my magic word document spread. It was making it's way across the district via email lists.
At some point in the school year I got accused of spreading 'a virus' to other students that allowed them to download 'warez' on school computers. Apparently fortress was the only thing preventing kids from using WinPopUp and windows NT messenger to send broadcast messages to all desktops across the network.
I tried to fight it and explain exactly how the thing worked and the silliness of shell hack in the first place. It didn't work. The Principal said I was hacking regardless and suspended me. After getting the suspension (and after they called my parents who knew before I did and were very upset already), I quickly called the computer programming teacher (who knew knew C++ and VB and had previously been an assistant for in my sophomore year). He called the principle and super and explained that I was not hacking and that I was 'improving productivity' and that the IT department's policies were hindering teachers. I got out of the suspension by the super the next day but no apology was given. Just a stern "stop hacking" the next week when I got back.
I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
Open up "DEBUG" in a DOS prompt, and write a few-line assembly loop that writes increasing register numbers to port 70h (register select), and 0 to port 71h (value) -- to reset CMOS memory with all 0's.
Then you can just enter BIOS to set it all up from scratch.
"Fortunately", back in the days when I was at school, the BIOS tended to have backdoor passwords that were easily googleable. That stopped working eventually, but then I happened to procure for myself a second-hand school computer which turned out to have the BIOS password still set when I bought it. Short work to then run a tool to read the password directly from CMOS.
I've forgotten what it was, but for all I know they're still using the same password. Oh, the lengths I went to to run linux livecds...
Funny that you did it this way - I just wrote a single byte using 'o' directly from the prompt, which was enough to ruin the checksum and cause the bios to reset to defaults.
I've personally seen a BIOS implementation (on an HP computer, I think) that would let you in if you typed in an incorrect password three times. That was pretty hilarious, maybe the programmers thought that nobody would be that tenacious?
My internet forebears had already catalogued most of Fortres' flaws by the time I became familiar with it, but most of the holes had been closed upstream. The one obvious chink in the armor that still remained was their "Backdoor Password"
If you keyed Ctrl+Shift+Esc, an Unlock dialog would pop up and prompt you for the admin password. Alternately, there was a 6 digit integer in the titlebar that you could give to Fortres customer support and they would give you back a corresponding 6 digit unlock code. Some enterprising individual had figured out this algorithm and published the VB(6?) source for a keygen application.
My contribution to The Fight was a port of the keygen to the TI-83+ (it was a very prevalent platform at the time). No acclaim ever came to me for the port however; after I experienced the IT personnel rage when they discovered a classroom full of un-hobbled PCs, I decided to keep the authorship a secret.
Coincidentally I did some TI-83/84 hacking my self and went to go work for TI after school in the education/productivity group on that same calculator line.
I knew of the secret fortres screen but didn't know there was any keygens out there. Heh.
My High School had fortres installed, and I recall that one day, another student came to school with the latest issue of 2600 magazine, which contained the necessary code to crack the fortres backdoor from a TI-86 calculator. From that day forward, high school computer classes got a lot cooler.
Reminds me of my high school days, though I don't recall the software being named Fortress. I'm thinking it was something else, but same idea. Eventually the teachers gave a small group of us formal access to disable it as they realized we weren't out to be malicious, only wanting to make full use of the computers.
My school used one called "PC Lockout". It wasn't long before the necessary DEBUG.EXE commands to switch a strategically chosen JNZ to a JZ were being distributed.
I recall that Fortres had an admin password common to all installations, so that their support people could access and troubleshoot machines. The "quick and dirty" way to get past the app, I guess.
Our staff also didn't find "net send *" very amusing...
> I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
I know, off topic, but I'm really wondering. You guys have "who's the smartest kid" elections in high schools? Which country is that? What's the idea behind these things?
High school CS was my first exposure to what 'hacking' usually is. Grade 11, we were learning VB6 (don't ask). Our term project was to make a game, and three of us decided that we wanted to make a top-down shooter that had networked multiplayer. We soon figured out that only teacher accounts could see other computers on the network, so the obvious solution was to obtain the teacher password. Cue 48 hours straight of my poor 200Mhz Pentium Pro (with MMX!) trying to crack the SAM file, with no success. Frustrated, I was in the lab after school and went to grab a paperclip from the teacher's desk to reset the BIOS password. Open the drawer, and what do I see? The teacher's login and password written on a sticky note.
The game actually kicked ass, and the teacher never did figure out how we made the multiplayer work. We told him "it uses socks".
There's something amazing about programming in that regardless of whether you're a 100-year tree in the forest like Jeff Atwood or a hapless sapling stumbling about on Codeacademy you can still add value both as a developer and a community member.
I've been coding for 10 years now and have reached the point where I'm reasonably handy but I look at a post like this and the sedimentary layers upon layers of experience that Jeff has and feel like a total novice. And yet I can still build stuff that's useful. I can still help people on StackOverflow and I can still learn from the giants above me.
I had no idea when I got into it but in retrospect it's pretty awesome to have chosen a career with such an updraft for newcomers and where everyone at almost every level can meaningfully teach, learn and contribute.
Jonny looks around, confused, his train of thought disrupted. He collects himself and stares at the teacher with a steady eye.
"I want to develop business application enterprise solutions," he says, his words becoming stronger and more confident as he speaks.
"I want to write something that will add value to the community. I want them to walk away from the computer simply because it's 5PM and that's it for another day at the office. I want to write something that will reach out to end-users, and conforms to requirement specifications. I want to write something they are reluctant to upgrade, knowing that nothing they deploy that quarter will be quite as stable, as backwards-compatible, as good. I want to write enterprise data store solution software architectures."
Silence. The class and the teacher stare at Jonny, stunned. It is the teacher's turn to be confused. Jonny blushes, feeling that something more is required. "Either that or I want to be a fireman."
I was poking around on the school computers and I found a (world readable) script for joining the AD (these were macs, so there was some black magic going on), with an username and password in it. Turns out that username and password was the administrator account on almost every server in the school, which were all accessible through remote desktop.
The details are a bit fuzzy, but I remember a certain computer lab of mac classics on an applets network. We installed some extension that let you send messages to other computers, and even put it on the teachers computer, which was connected to a projector. In retrospect photoshopping his head onto a playboy centerfold and resediting it into the extension and removing the reply button, and then sending it to him during class on the projector, well that was probably a bit much.
They tried several types of lockdown software, nothing ever actually worked. You can't stop kids from playing games.
At college, we had AIX Unix terminals that ran in character mode. I wrote a program to simulate the login screen. It would record your user/password to a file and then throw an 'Invalid Login' error and then actually logoff and give you the real login screen. So no one suspected anything.
After I was done with a terminal, I'd run this program and leave (knowing full well, that someone could Ctrl-C to terminate the program and get access to my account though no one ever did)
I got more than a few passwords with this. But didn't actually do anything with them. I felt bad and deleted the program and passwords after some time.
That's more or less exactly it. Ctrl+Alt+Del causes a switch from the interactive desktop (WinSta0\Default) to the Winlogon desktop, which no other process has access to. Windows code also contains a special rule for interrupting the Ctrl+Alt+Del combination to prevent other applications from hooking into it and overriding the default functionality.
Technically it is possible to get other processes to run in the Winlogon window, but that requires messing around with security tokens, among other barriers.
I think either VirtualBox or VMware Workstation can detect Ctrl-Alt-Delete - it then asks you if you meant to send that to the guest VM. Any idea how that works if there's protection on Ctrl-Alt-Delete?
Ctrl-Alt-Del fires an IRQ. As such, it can't usually be fired remotely - although some utils work around it by making API calls at the client end to trigger the behavior, depending on context.
Some flavors of VMware hooked the IRQ on the host machine and responded to that (not sure about VirtualBox, never thought to check that.) They can send it to the virtual machine easily, as they are also providing the a virtual bios/hardware layer.
Vmware detects it, but doesn't stop it dumping you to the lock screen. The result is you hit control Ctrl-alt-del, lock screen pops upp, you get out of the lock screen, and there is a vmware popup saying "hey! You probably meant to use Ctrl-Alt-Insert instead!"
Back when my high school switched from Win 98 to one of the NTs, and Ctrl-Alt-Del started being used to log in, I thought about making an application that looked like the login UI itself, as if someone else had pressed Ctrl-Alt-Del but then got distracted before actually logging in. But I didn't have the skills to do it.
The best I got was finding out how to launch cmd.exe on NT, when the system had been locked down to disallow right clicks on the desktop, no desktop icons, and only approved programs in the start menu. I think it involved navigating the help system to a certain page that had a link to Explorer. Then I explored the network until I found an unused share somewhere, where I put gcc and started teaching myself C.
The command prompt also let me use the "net send" command to send messages to other computers, which was fun.
you could have trapped Ctrl-C. You could also check if password hashed matched what was in the password file. I use to hit ^C and enter a few wrong passwords everytime because of this. I wrote such a program too, but the most fun I had was doing it in Turbo C to get access to the mainframe of the school district while i was in high school. Unix shells were so easy back then.
My BASIC teacher saw me writing a login screen program and thought it was cool. I wasn't making any attempt to hide it, though.
But it did take a long time to write, because I had to make the IBM logo out of extended-ASCII by hand, and even then it was clearly running inside a BASIC interpreter really really slowly.
In college, the machines in the computer labs had no speakers, but I found out that by logging on the TTY you could make the PC speaker beep at an arbitrary frequency. You could only play one note at a time, though... except if you used several machines. So I wrote a daemon and a script that would take a MID file and dispatch the various voices to all machines in the room (the daemon used NTP to ensure that everyone started at the exact same time).
The sound quality was awful, but the spatial effect was pretty cool because the sound came from everywhere at the same time. I got cool results with Mario, Pokemon, Tetris, but also some of the Goldberg variations or the Art of Fugue... But this was December, so I dug out a few Christmas tune MIDs and set them to play at random intervals until Christmas. As it turns out, a song triggered during a class once: a lot of people thought the sound was coming from their machine and freaked out, and the teacher spent some time trying to figure out from which machine it came before he understood what was going on.
At some later time we found one computer with sound, so we set up a daemon to monitor logins on all the machines in the room and had a GLaDOS-like voice blurb out a personalized greeting to newcomers. Fun times :)
I did something similar in high school using the PC speakers of Win95 machines. The music was controlled from one machine that would send out broadcast UDP messages.
Oh, high school and the semi-malicious innocent things you do. If only the IT department was more competent and didn't leave everything open. Perhaps instead of playing Quake all day, some of us would have gotten into real hacking a lot earlier.
Then again, teaching the entire year how to use NET SEND to send direct messages to every computer on the network was fun. So simple, yet total chaos soon followed. Imagine hundreds of Windows popups with messages such as: "Hi i79, did you know that miss Lengstein is wearing a thong today?". Every single person behind a computer in the building had to click through all these messages individually when they booted up their machine.
We thought it was amusing, especially the invidivuals who could not figure out what the hell was going on. As was the moment when the horrible miss from the library shouted 'WHAT IS THIS, HELP! I'M BEING HACKED!!!'.
The resulting crackdown started out fairly scary at first but became outright hilarious when every single authority figure started their frowning speech with "I am sure you have been punished enough". (Never punished, parents did not even find out, IT department just told me 'whenever you figure someone else out, please do not tell the rest').
I took that advise to heart and told only a select few when I uploaded mugshots of every single person in the school to photobucket. Fairly sure no one every found out, even when we hung pictures of other kids with drawings on their faces around the school and got busted they did not even stop to think about where we got those pictures. To think this all played out in a top five high school makes me smile like I am up to no good again.
Haha I did pretty much the same thing back in school.
We also randomly had permissions to terminate running programs on other computers over the network for a year or two. That was fun times until the lab teachers learned to start looking for people with black console windows open. But then I just learned to change the console colors to black text on white to throw them off.
NET SEND is pretty fun, my project for my operating systems class in university was to write a firewall driver/accompanying program that would silently log all these messages to disk and flash the tray icon.
My high school had a security program like fortress, but on MacOS. The thing is, it had some sort NET SEND like facility that was exposed through AppleScript, and of course the AppleScript application wasn't disallowed. Good fun.
My first hack was in typing class in 6th grade (1990?). They had the PCs (running DOS) locked down so you could only run the designated typing programs, but one of the programs let you open a text file, and in the root of C: I found a file with the passwords for admins to go straight to the DOS prompt. Turned out there were all sorts of games installed as well, I was the class hero. Ironically, I got terrible grades in that typing class even though I type over 100wpm now...
This isn't really a hack (I wasn't that smart). My earliest memory of playing round with computers was at primary school when I was very young, it asked me to enter my name so I typed in 'poo'. I then showed my friend and he laughed and hit his fist onto the keyboard really hard and the computer froze with the word 'poo' frozen onto the screen.
I got into big trouble as the teachers thought I'd crashed the whole computer, they shouted at me pretty hard!
I still think it's quite funny to enter your name as 'poo'.
I remember when my parents (in Michigan) got a call from Norway after 14-year-old me owned a bunch of some large ISP's nameservers and proceeded to launch broadcast amplification attacks against a bunch of IRC servers.
I guess now that the Internet is for normal people, stories like this are news again.
Probably a lot of people do. Is a common attitude between hackers to take the world as a place to learn from, and to tinker with. I did a few things too, but then I got hired to design programs that would prevent people from doing what I was doing. And I became (for a while) a white hat hacker.
This attitude is a blessing... and a curse. And scare the shit out of the people that take safety in the use of brute force and the law. As a side bar, once I saw an episode of "The Twilight Zone" were the state would test kids at a young age (around 10) to calculate their IQ, and if it was high, then they would be deem a danger to society and be legally killed on the spot, and the ashes sent to the parents with a note on the death sentence of their unlawful son. Awful, I know, but I don't think we are that far.
I recommend http://www.bbsdocumentary.com/ to anyone who lived through that time. Not sure how interesting it is to people that weren't involved, but I loved it.
For some reason I never paid much attention to the phone bills. I was long distance from every BBS, but I had an after school job and mom made me pay every month. That is until the $1200 bill (this was 1987) arrived. My modem got put away until I could pay off the bill, and we never did tell dad about that. I blame it on the Hayes 1200bps modem, it made it sooo much easier to redial busy BBS's than the Atari 830 modem I started out with.
For a while there the first program I wrote for a new computer was a War Dialer. Just like everyone else who had seen War Games.
I remember hacking the Novell netware setup at my school, and being surprised to see how poor all of the teachers passwords were. Almost all were children's names or street names. And the system admins super password? The name of a well known department store :)
I was very stupid when I didn't know better, in the days script kiddies were empowered by Backorifice I would play with random folks, mess with their kayboard and mouse.
Other nonrespectable "hacks":
- "net send *" to importunate colleagues
- wrote mIRC scripts to win at the IRC trivia games (this was actually funny for a little while)
- would call collect to my dial-up provider, learned to dial on rotary phones by "switch-hooking" -
- would connect portable phones to disabled payphones just to see if it was a regular line what I could use (it was)
- would "paint" the backside of payphone cards with graphite to fool the machine into thinking I had more credits.
- wrote a little "ringer" program and passed to my colleagues so we all ran it together and made the teacher crazy (oh the regret).
My story: We used to learn Pascal in my high school programming classes. Each Pascal program ends with an “end” keyword followed by a full stop (“.”), at least if I remember correctly. I wrote a resident program that would monitor the keyboard and screen and when it detected a full stop inserted after the “end” keyword, an animated critter would appear (made of custom characters inserted into the ACII table) and eat the dot, thus making the listing impossible to compile. I didn’t write the viral code, so that it took some social engineering to run the program on my classmate’s account, but boy it was fun when he started complaining to the teacher that he can’t run the source code because of some creature eating his dots :-)
My indescretion was a boot sector virus that would randomly seize control of the computer long enough to beep the theme song to "Cheers". Oh and spread to the boot sector of any disk inseted. To be diabolical it randomly chose to play the song or simply silently reinfect others each time it spread.
They (at my highschool computer lab) were still battling to eradicate it years after I left. I am ashamed. Somewhat.
Hmm... I'm somewhat bothered by how the word hacker is used in the article, where it's used to describe criminal activities. Or am I misinterpreting it? I know in one part he uses the term 'cracker,' and in another part he says that perhaps his utility should have used 'preaking' instead of 'hacking,' but in general I think he's using the term hacker to describe breaking into a system.
I know the word in society has a double meaning. It could mean breaking into a system, or engineering an innovative piece of software. I personally wouldn't really care, except nowadays I'm finding myself promoting a hackerspace or a hackathon on the radio, and usually every time I start an interview I have to begin by saying "We're not criminals." It gets tiring after a while. Once we were trying to form a partnership with an organization, and the guy immediately threw us out of his office when he heard the word hacker. He wanted nothing to do with us.
> Hmm... I'm somewhat bothered by how the word hacker is used in the article, where it's used to describe criminal activities.
This culture war has been going on for like three decades.
I eventually settled on just calling "hackers" phreakers. Because the people who started the whole "break into computers" meme were phreakers, and called it such at the time.
Besides, actual whistle-into-the-phone phreaking isn't possible anymore, the community eventually morphed into computer "hacking".
In the 80s and 90s, the community toying with systems including gaining access to it referred to themselves as hackers. Those who broke ciphers and copyright protection were crackers, and those who hacked voice telecommunications systems were phreakers.
It's only outside of the community, in the media, that I first discovered that the term 'cracker' was used to refer to hackers gaining unauthorized access to computer systems instead of, well, crackers.
I think it was Eric Raymond's idea; he, like most hackers, was outraged at computer security enthusiasts calling themselves "hackers" and suggested calling them "crackers" instead. I think the fact that the computer-security folks already had a (different) meaning for "cracker" was sort of a coincidence.
This reminds me how lucky I am to be relatively successful as an adult. I could easily have spent time in juvenile detention for something stupid, and who knows how that would have turned out.
I suspect a lot of people on this board did the same (illegal) stuff as kids... We're lucky that we had the good luck to grow into productive adults. I like to think society is also lucky that it let us grow into productive adults.
Almost no one starts doing stuff like this, especially with technology at the time, because they have nefarious goals or have a crime career planned.
They are kids. They do it to push their limits and may even not be aware it is even illegal. Even if they are aware, they believe they are invincible or can get away with it. As an aside, why do adults so easy forget what it was like to be a kid?
In addition, to even begin overcoming the technical challenges involved, the amount of curiosity required over otherwise mundane detailed technical knowledge is quite high. Criminals tend to be far more motivated to seek high reward, short term activities.
Finally, the same people who have access to the knowledge and equipment to carry out activities like this, tend to also be the ones who are raised in balanced, strongly breadcrumbed environments leading them away from anything that distracts them for the path set for them, lets call them the middle classes for want of any better term.
So, nope, not luck. Just being a curious middle class kid with easy access to new technology and few upfront repurcussions.
I don't understand your post (or perhaps you didn't understand mine).
You are right that I didn't have nefarious goals when I did this stuff as a kid, though I knew it was illegal. In any case, the fact that I didn't get caught was mostly luck. If the police came to my door, my life could easily have turned out much differently.
I'm saying I (and many others on this board) were just lucky not to get caught. Certainly Jeff Atwood was lucky to get a sensible judge. I'm surprised anyone would dispute that.
Are you saying we couldn't have possibly been caught? Are you saying it wouldn't have mattered if we got caught and faced the wrong judge?
I'm sure there are a lot of people have really suffered for their kid mistakes. I'm not sure how you can dispute that I'm lucky to have gotten away with mine.
And the ones who have enough money to A) have a computer to mess around with and potentially break at home B) not have people look too hard at what they do 95% of the time and C) hire a lawyer when they got caught.
This was from 1993 to 1996, on MS-DOS 486 machines in the computer lab. I had found a program on some local BBS that could resize a hard disk partition. So on a few of the machines, I shrank C: by a few dozen megabytes and created my own D: drive and copied games into it.
How to hide that D drive? With Norton DiskEdit, I figured out how to manipulate the partition table manually, setting the partition type to a null value so that DOS wouldn't see it. Next I figured out how to read and write that disk sector in assembly language. Soon I had a command-line executable that would hide or unhide my private partition with a single command. Best of all, DOS would only read the partition table on boot. So I could boot with my partition enabled, then hide it, and play games knowing that any reboot would render the partition hidden again.
The last thing I needed to cover up was the missing space on the C drive, which could be revealed by the DIR command. So I wrote a memory-resident program (assembly again) that constantly scanned for the string of "bytes free" in video memory, and patched in a larger value.
Okay, now the MEM command might reveal the existence of my TSR. So I named my program as VSAFE, which was the name of a memory-resident antivirus program on each of these machines. I had my program output the same text as the real VSAFE did on startup, and overwrote the real VSAFE executable with my own.
So I had a pretty well concealed partition, that would have required some heavy duty skills to find and remove. "format c:" would not affect it, and even FDISK would just show the space as empty, not a partition. Never got caught for any of it; the computer lab supervisor and other students knew I was up to something but never found any of the hidden stuff.
Man, I could have had a career as a malware author...
That is impressive. That's a lot of work to hide your activities from other people, though. Sufficiently paranoid? I say yes. But then again, I have not met many impressive hackers in real life.
How much reading up did you have to do to figure each of those things out? Or was it trial by fire? Figuring out all that on your own?
More the other way around, that I'd read about how to do such things and then saw an opportunity to put them to use.
I had been self-teaching assembly for a couple years from library books and doing other toy programs. One book, possibly one of Peter Norton's, covered the partition table in sufficient detail. (And I was hacking only one byte in it, nothing sophisticated.) Reading and writing a disk sector in assembly was commonly covered in reference books. So was writing a TSR to hook the timer interrupt, which I'd already done for some other purposes. The actual logic of looping through segment B800 looking for text wasn't hard in assembly. Overwriting and masquerading as a legit program (VSAFE) isn't a technical challenge at all. The hacker chops were thinking my way through the detection methods and countermeasures, more so than the actual programming.
If I hadn't had that background, I would probably have hidden the games with less sophisticated methods. Bury them in deep subdirectories, maybe zip them with password encryption. And it was done for the challenge more than the results; I had a home computer that could play all the same games.
Anyway, I'll relate another story.
There was an annoying kid in my computer science classes, the type who thought he knew it all but was pretty clueless. One day he was complaining that a game he had downloaded required more RAM than his home computer had. I told him I'd give him a copy of a utility that would do on-the-fly compression of RAM in DOS. (At the time, Stacker was big for disk compression, and there were real utilities that did memory compression in Windows. So it was plausible.)
Of course, my "utility" was a trojan. But I was subtle about it. The trojan dropped an executable with a blank name (an Alt-255 character) and stuck a reference to it in AUTOEXEC.BAT, which was invisible and looked like a blank line. The payload would trash the partition table, only if the system date was a month later than I originally did this, so he wouldn't be tracing the time bomb back to me. (Yeah, this was nasty. I was a youth with power.) I don't know if he actually ran it or if the payload ever went off; the bomb date was in the summer after school ended.
But the real fun part is the postscript. The outer trojan was in QuickBasic (the dropped payload was assembly.) Years later, my brother was playing with QuickBasic to learn it, so I gave him a copy of my QB directory with several dozen of my programs to play with. A few days later he tells me that his computer won't boot. Yikes. I put together a boot floppy with a Norton disk repair utility to start digging, and eventually notice that the partition table had some corruption that looked oddly familiar. You guessed it, my own brother had run my old nasty trojan and got his partition table nuked!
Reminded me of coding a funny practical joke TSR program which after several days showed a message 'Press and hold left Ctrl + left Alt + W + Right Shift + P + M to see a surprise!'. After victim would press this combo, message changes: 'Now, when you release these keys I'll format a floppy inserted in your drive A:\' (that was the time not everyone had hdd on C:\ yet;). The picture of someone sitting with their hands stuck to the keyboard and shouting for help was just too funny.. however, testing the payload, time after time to ensure everything would be working as prescribed, the first victim was I myself, stupidly forgetting to remove diskette from the drive after another run. The sources were on A:\. Nobody home. Mother comes back from work in about 3 hours. Damn. I tried to open the hatch on the floppy drive door with my leg fingers to prevent diskette from being erased. Then quickly jumped to pull it out, though the drive has made a number of cycles before it was escaped.. and the source lost forever:) that was already enough fun not to bother about it again;)
Both the idea ("hold these keys"), and how it ended up backfiring.
Though the program would have given just as funny results if you had not actually formatted the disk on key-release. After all, how is the user going to know whether the program speaks the truth?
The Hackers for Charity program is to find bored kids with budding computer skills, and get them experience while helping charities. This helps them build their "legitimate" resume, and hopefully keeps them interested enough that they don't have to resort to trivial illegal things like this.
In high school, I became yearbook editor and was entrusted with keys to certain parts of the school (darkroom, computer lab, etc). In the late 90's, yearbooks were all done manually: film was loaded into cameras with heavy lenses, pictures were burned into photo paper and stop bath. Some of the work in putting it together was done on a computer, enough to justify being on the computer after hours. We'd print out pages with blank rectangles and squares for the photos, glue the manually-developed pictures onto the pages that had printed text, bind together the book, and send it off to the printer at the end of the year. Being yearbook editor was great, always an excuse to be working on something creative.
I also had a key to the computer lab. Problem was, the part of the building where the computer lab was located was not accessible after hours -- there was a gate which was locked during off school hours. (Meaning it was designed such that I could get into the room with the computers during regular school hours, out during off-hours, but not back in after hours). This lab had about 20 computers, and live Internet access. More than enough reason to find a way.
While none of my "breaking into" that part of the school during off-hours was done with malicious intent to steal or deface school property, it probably wasn't exactly the most lawful thing a 17 year old could have been doing. My good student status probably helped for those rare occasions when one of the janitors or teachers would "catch" me in that part of the building at times when I shouldn't necessarily have been there. "Research for college", was a good excuse at the time (and actually pretty close to the truth).
Its interesting I never got into computer hacking until later when I was in college. In high school, I had a neighbor who was really big into phone phreaking. We had hours of fun building black and blue boxes, getting free long distance and calling people in random countries.
Probably the coolest thing was my neighbor somehow managed to get his hands on two master keys for the high school. He had a buddy at a local hardware store duplicate them (highly illegal) and we spent many nights prowling the high school, opening doors nobody could and exploring every inch of that place. Thankfully we never got caught, but I look back fondly at it as the start of my career hacking stuff.
I'm not sure that's actually illegal. Even keys that say 'Do Not Duplicate' can be legally duplicated, though this may be an issue of varying local laws.
High school - 1985 or 1986, I wrote an interpreter (in BASIC) that looked and acted like the BASIC we'd boot up off the shared drive (some odd TRS-80 networked set of workstations). The BASIC interpreter that I wrote worked mostly like the regular BASIC, but would give some random extra output. Came in to class early and booted everyone in to that BASIC, and watched as people took forever to type in their code, then run it, and have it not work - things like 5+7 came up as 3. The teacher was flummoxed, and we essentially wasted the class that day.
Looking back, it was quite a jerk move. I was trying to be clever (well, I was clever), but it didn't get me any more status with anyone - basically just reinforced the geek status I had (which wasn't a good thing to have in 1985). I was bored, but that's a pretty lame excuse. I think I ended up with a C- in that class ("intro to computers I"), mainly because I never flowcharted anything.
I never really did much "real" hacking when I was younger, but did fish for passwords and do social engineering back in 96 when I was roughly 11. Gained access to lots of peoples sites and emails that way.
What about the flip side of this, which is catching and dealing with the hooligans who screwed up school lab machines? It involves trojan horse programs and hex editing DOS binaries, too. I wrote about it not too long ago.
I graduated high school in '92 and since my systems at home were better than what we had in our labs, I gravitated toward exploring the local University networks. You could dial in to a terminal and then connect to any of the local machines. Most were VAX/VMS or Ultrix systems. The VMS systems all had open GUEST accounts that were limited, but allowed you access to BITNET. I managed to chat with Taran King, who was co-editor of Phrack at the time, a few times over the BITNET chat protocol which was great fun.
However, my actually hacking life started on the Ultrix systems. I don't remember how I first had access since I don't think it allowed Guest logins, but I discovered a great hack: all of /dev/tty* was word-readable until someone fully logged in to a particular port at which point it was only readable by the user logged into that port. so every few hours, I'd just "cat /dev/tty* >> passwords.txt" and harvest logins for everyone who logged in during that time. I had some fun with one of the admins for awhile having unknowingly logged into his account. We chatted a bit and he was a good sport about it, but the hole was patched a few weeks after. I never knew if it was already a known issue or if I was actually the only one who found it.
A friend wardialed a system that appeared to be a Dept of Transportation front-end to the brand-new digital readerboards along the Interstate. Let's assume we never actually changed any text, but I cracked the password, TRAFFIC, on the 3rd or 4th attempt. Good one, guys!
Exploring random address on TELENET dialups was a blast as well. Most were very secure since they'd been well-picked, but every so often you'd find some interesting terminal and start poking around figuring out what it responded to and how to navigate deeper.
Don't get me started on the first 2600 meetings in Seattle. Some very prominent people in the tech/hacking space now were pretty sketchy back then.
Like most I started early with programming in assembly, C, pascal shudder and then discovering unix.
I remember starting off by hacking the computer lab computers in my school. The lab staff had to log you in so they would know who was using which machines. I learned the pattern through a little social engineering and it wasn't long before I never had to talk to the staff. I also bypassed many of the tools that locked those machines down and even locked the lab techs out of a few of my favorite machines that I used for long running processes. I even had my own primitive form of RDP using screen captures and email. Eventually I learned to crack the passwd file on my schools mainframe and then I had access to everyone's accounts including the teachers. I then discovered those passwords also worked on most home dialup accounts, outside email, irc accounts, etc. Fun! I used to dominate the east coast irc back in the day, at least in my little world, but I kept my head real low so I wouldn't be noticed.
You know the best way to pick up a girl from Scandinavia? Easy, hack her email and irc accounts, knock her boyfriend off of irc and impersonate him, erase her boyfriends incoming emails and, spoofing his email address, bully her a little and tell her to stop seeing guys like yourself. Somehow it worked like charm. Man was she hot! First hot girl I ever dated.
My downfall? I gave some "goobers" some irc scripts to perform netsplits and become admin of their favorite channels. The idiots got caught making life threats against an irc admin that banned them and, in a stroke of self-preservation, they turn me over as their "ring leader". No hacking your way out of that one! Real sweet, eh? My parents were not very happy having the local police, the FBI and the NSA knocking on their door. I lost computer privileges (still went to college and got my degrees though) and now I just hack my own private network of pcs, laptops and cellphones at home.
Does anyone actually even worry about how much voice calls cost any more, to anywhere in the world? This, my friends, is progress.
As someone who works in telecom and VoIP, and deals with the financial and regulatory aspects of a lot of jurisdictions that continue to be locked down by PTT monopolies, I think this is a silly question. :-) It's only domestic long distance that has really crashed.
My high school exploits mostly revolved around bypassing the school district's proxy servers, since they blocked pretty much everything I wanted to do, including legitimate stuff. I did this via tunnels of various sorts (but predominantly SSH) out to my home machine. Oddly enough, they didn't do anything to stop us changing the proxy settings in the browsers, they just broke outgoing HTTP(S) with firewall rules. No problem, I just sent the traffic to a box running Squid, reached via my home cable modem.
My highschool "hack" involved downloading the contents of our school's website hosted at ourschooldistrict.com domain, buying the same name at ourschooldistrict.us, and then rehosting so we could put up any press releases we wanted. We wrote up a press release saying that two district high school names were changing to honor our very-hated superintendent. Then we started sending it to friend on AIM saying "omg have you seen this."
Within hours, everyone on my buddy list had their own "petition" in their away message and after checking traffic, we found we had thousands of unique hits.
Most of the credit goes to my friend who actually executed the tech part and was temporarily suspended when the inundation of angry emails supposedly hurt the school board's server.
Just checked and the school district still does not own the .us domain so this "hack" would be reproducible.
Since we're all reminiscing about high-school geek antics: In my Physics class, we had semester long ongoing assignments that were markedly harder than the nightly homework. You could turn in the problems at your own leisure. They were mostly applied problems that involved some math we hadn't learned yet (like calculus). The problems were the same for each student, but we all had different parameters, so our answers would be different.
After figuring them all out a few weeks into the semester, I started writing up some BASIC programs on my TI-86 that would take in student's parameters and spit out solutions. Long story short, I ended up selling answers to some jocks and got caught (I guess the teacher was suspicious when C students were getting these hard problems correct). End result was: made my teacher simultaneously proud/disappointed, earned a few bucks, learned about corruption/greed.
All in all, it was a good learning experience and I don't regret it (though giving away answers for free would have been more altruistic I guess)
Fun thread. My first computer mischief experience was in "Computer Class" in first grade. The computers were running DOS 3.0 (IIRC) and the class was for teaching computer basics, which mainly consisted of "Introduction to programming" using Basic (with a gentle introduction to I/O, variable assignment, and flow control.) The way the class worked was: an assignment was printed out and handed out to all the students. You followed the steps and at the end of class, the teacher would look at your output to see if you did everything correctly. I finished these assignments pretty quickly, so I used the time to figure out how to exit the editor, find the "hidden" games stash, play them for a bit, and then get my work back up on my screen before the end of class. Pretty soon I was being asked by all the other students how to perform this feat on their own computers. I showed them, and so every time the teacher would leave the room, everyone started playing the games.
We also never got caught. Wild times in first grade, let me tell you.
1983 I was in College (one year course right out of high school) and we has access via a teletype terminal pool to a ICL 2903 running George. The operator console had a journal file and discs back then were the drum type and rotated to spread the wear and tear. These were not zero erased and you could create a file specifiy the size in buckets of all values how large and zeroing the space was optional. With this knowledge you could basicly go fishing, creating large files and looking to see if it was anything interesting. I was able to get the admin(aka root) password which was 5588. So I did chuckle when I saw the film Hackers and dumping the garbage file on the gibson.
Though I also had great fun with the spv command on george and knowing all the terminal ID's, but thats another story.
This is all very amusing, but I have the other side of the story. A close relative of mine was the systems administrator for a large high school. The amount of grey hairs that sprouted in the few years they were in the job due to wannabe hero high school hackers is testament to how hard it is to keep a stable system running when you've got scores of hormonal hackers trying to outdo each other.
While this page tells of succesful hacks, it doesn't mention all the screw-ups whereby the payload didn't work but caused major problems with the school computers. Nor does it tell of the systems admin getting chewed out by school management for failing to play whack-a-mole properly.
By far the most common route of hacking was getting a teachers password, which was usually either easily guessed, or worse, written down in a notebook in the drawer.
As for me, I found that in university we had computer-based testing for weekly lab classes. When you submitted your answers, it printed the results and showed you where you were wrong.
We found that if we yanked the power cable on the workstation after the print job was submitted and the printer started, the results didn't commit to the database, you'd get a printout of the answers but your score wasn't saved. So then you'd just take the test again, using your printed answers as a guide.
That reminds me of the only "hack" I recall doing when I was younger. Back then, many BBS systems had 10/1 download/upload ratios enforced. I found that if you aborted an Xmodem download on the last block, you would still get the whole file (the block would finish transferring) but it wouldn't send the acknowledgement back to the BBS. I would just look like a failed download, and wouldn't count against your ratio. I think I filled up some 50 or so floppies that summer (and had the phone bill to match).
Other than that, I was never good at most hacking. I was into writing code, and working with algorithms, but I never got the knack on how to bypass security systems (I also didn't have any other computer savvy friends back then either). But it did help that I had an office job (which involved using my PC talents on the side) from the age of 15 on up. Kept me too busy making money to worry about side projects.
In high school, we had laptops provided by the school and imaged by the IT department, who had logged into them. All we had to do was use a tool to recover the Windows password (yeah I know, skiddie, etc.) and we could login as IT admins on any computer on the domain.
Was pretty innocent about the whole thing, changed a few backgrounds remotely, and sent messages and shutdown people's computers in class remotely. Unfortunately I changed a default Windows background image, which meant it showed up something unsavoury for everyone who logged in, and got caught, copped detention and a many, many page letter about how I shouldn't do it.
I too changed the default Windows background. However it was just the default image with an almost transparent eye in the corner. It lasted a few weeks before it was reverted one day.
At school we had a network of Acorn Archimedes machines. We all had space on the file server, which the grumpy admin would search through regularly. There was an autorun feature in RiscOS which allowed a hidden script to execute on opening a folder, eg my network folder. It just so happened that passwords were stored unhashed, so I had everyones passwords appear in my folder one day. I must have been 12 or 13, as my family relocated when I was 13.
At the new school they had the same machines, so I put my knowledge of the platform to good use. I wrote an app which played a sound sample of a loud obnoxious burp at random intervals during class.
At college they had a Novell network. The login was a simple text prompt, which I discovered called in to a novell DLL. I wrote my own substitute login command which also saved the password to local disk somewhere, and replaced the default version on a few machines.
In both cases my reaction was the same on discovering my password hacks had actually worked. I crapped my pants and covered my tracks!
By the time I had started uni, I had largely grown out of that stuff. But something triggered a latent interest I had neglected for too long... the campus accommodation was based in tower blocks, with an entry intercom system. I noticed 4 very quiet dtmf tones whenever buzzing my friends apartment. I can't remember how I did it, but I found a way to get a dial tone and to my delight, 9 for an outside line worked fine using the type of handheld dtmf dialer banks used to give out.
My high school latin course used these silly HTML/JS (probably at the time called DHTML) quizzes and exercises. They were a significant portion of the grade and truly pure JS hooked up to good ol' Matt's FormMail to submit scores.
I slowly developed little bookmarklets to make things ...easier. Reveal the hint without taking a score deduction. Decoded the answer obfuscation to just pop up the correct answer. Auto-select the correct answers for that page. Eventually I sat down and read the source of the quiz all the way through and realized all I needed to do was
I was working as a restaurant manager part time while at uni. One of the other managers thought it great fun to staple the back of my shirt without knowing, so when I got home I had a torn shirt.
That weekend, I fired up a 286 someone had given to me, coded up a mock-DOS environment, got the main manager on-side and left it set up for the next morning. Next day...:
Start computer, get coffee. Type "win" (for Windows). Get 2000 random ascii characters with an error message. Typing "dir" produced an empty C:\ drive called "F* You Francois". Anything you did pretty much got you "bad command or file name". Your manager (who is in on it) is shouting at you to get the computer going because his restaurant is starting up. You're typing out "F* You Francois" as a password, looking for bits of paper around the office, trying to restart the computer but having the autoexec.bat put you back into it.
After about 2 hours, main manager types "fix", and the rest of your day continues, but with much added mockery.
It wasn't particularly sophisticated, but I truly loved that :) Lessons were learned.
We did something similar at school. Mocked up the Turbo Pascal UI with menus and everything, but was a bit...uh, erratic. Unfortunately the teacher knew exactly who it was and came storming into our next class :)
I have fond memories of "hacking" in high school. The school system I went to used Deep Freeze to protect their Win98 computers. You could format the hard drive, change all of the settings, etc, and upon reboot, the image would return, unchanged. Naturally, this led to deep investigation into how it worked. The system administrators weren't stupid but were severely undermanned, and had left the Deep Freeze program slightly vulnerable. A little command line work and you could remove the protection mechanism for the given session, allowing you to persist changes. So, I did things like edit the shell in HEX and change "START" button to say "FARTS", lame things like that. The suspense was that supposedly the maker of the software would fly anyone who could crack their system out to New York to demonstrate. Despite finding the above hole, I was never able to totally eradicate the software, and could persist only certain changes (changing the startup image, playing funny .WAV files on boot, etc).
My biggest mistake was sharing this knowledge with my classmate, who used it to do a great many annoying and potentially harmful things. After doing things like sending "I 0wn j00!" to 11,000 computers on the network (via NET SEND), crashing the shared network drive with millions of blank text files, etc, he finally got caught after badly damaging 3 of the computers in our lab using my hack method that I'd written a batch file to accomplish and given him the disk.
I was called to the computer lab by my awesome programming teacher, who informed me that he had to leave the building in 45 minutes, and if the computers weren't back to their proper state by then, we'd both probably be suspended. The other kid just sat there, while I furiously reversed the changes and got out with a few minutes to spare.
Naturally, the next year, him and a couple of my other classmates were suspended or expelled for repeatedly crashing the entire 11,000 network with advancements on my initial script. I was thankful that there was apparently no ties left to me in the program's execution, but that was warning enough to focus on productive things for the remainder of my high school career.
reply