FREQUENCY: INSIDE THE HACKER MIND September, 2001 Lucky Freq13 (Disclaimer: Information contained in this ezine is for educational purposes only. Readers are urged to not use this information for illegal purposes.) 1. Introduction "The Price of Exploration" 2. In Retrospect 3. The Rise, Fall, and Demise of a Hacker 4. Juno's Free ISP Scam 5. Exploiting Intelligent Peripherals 6. A Metaphoric Story 7. Making The Most of Nmap 8. Hacker Ethics 9. Unguarded Voicemails 10. The Possibilities of a Cyber Army 11. The Condor on TechTV 12. Crosstalk 13. Closing Arguments 14. Crew 1. INTRODUCTION "THE PRICE OF EXPLORATION" I think the very first issue of this ezine explained it best. The possibilities of a dial tone, the thrill of an unknown network, the amazement of receiving a frequency from a far off land, all are forms of electronic exploration. And after all, what are hackers but digital Lewis and Clarks? Mapping out the electronic world from their home computers and telephones, finding ways of hearing things that no one else can, and perhaps most importantly, finding ways of breaking the systems that no one thought could be broken. Sadly, the world seldom welcomes these forms of exploration. And at times it seems like using technology to it's fullest potential is simply not possible. To explain this in greater detail, I ask you to consider your home phone. Here is a small device capable of connecting you to any spot on the earth, global exploration right from the comfort of your own room! But there's the obvious catch, and it's one that we all know about and deal with every day. The price. The price of exploration as I call it, and that's an extremely accurate title. It's the price that prevents people from playing with this little piece of technology even more, I mean wouldn't you like to call Australia just to say you did? Of course, that could be an adventure in itself. But with prices reaching 90 cents a minute (if not more), most people will never have the opportunity to actually sit back and enjoy the wonder of technology. Wouldn't it be fun to take your cell phone and make a call from elsewhere in the country, just to see what carrier you're using in that given state? Wouldn't it be exciting if you could get information overseas for free, like you used to be able to? These are all things that make hackers drool, but in a world so against exploration we seldom see people having a legal way of doing these things. Do you honestly believe hackers make free calls to foreign lands just to cheat the phone company and commit a crime? No, they do it because it's fun. It's fun, and also impossible to do legally. Many make the argument that nothing is impossible, if you wish to call overseas you may, albeit at a hefty price. But how is this possible when we live in a society that only encourages meaningless use of technological goodies so that large corporations can bring in an even larger profit? You can use the phone to call someone long distance, but don't even think about trying to tinker with the network to do something they don't want you to. The digital world has become one of monotony, boredom, and contempt. Even getting information from an operator will cost you something nowadays! But don't expect that information to be more accurate than it was before, even if they give you the wrong number you still pay! Yes folks, we now find ourselves at a point where people are discouraged from figuring things out on their own. But why is that so? Don't we live in a world where education is one of the most vital things a person can possess? Sadly our society is a bit hypocritical. Education is fine, as long as it's found in high school (the same school's that teach you Columbus discovered America, and that bullshit about the Pilgrims and Native Americans having a nice friendly dinner) or at least some "legitimate institution." Many are fooled into believing that just because universities, technical schools, and other "alternative" forms of education are separated from government that they're getting an uncorrupted learning experience. For the most part this may be true, but nonetheless, school's will always teach you what you can't do. Hackers are people who enjoy learning what you CAN do. Will a school ever mention about backdoor dialups that lead into switching systems, backdoors that could allow a malicious user to take over a phone line and listen in? Doubtful. That's not the type of information people are welcome to acquire, and should you try…you'll be punished to the full extent of the law. So here we are, explorers in a cruel and unforgiving world. Surrounded by authority figures who want to make sure we don't figure out how free calls can be made, how someone's computer activities can be spied on, or how to pierce through a firewall. If you're a teenager at a payphone at 3am, watch out! You look suspect. Perhaps a cop will think you're "conducting drug business" or maybe he'll just think you're out of place and approach you for no reason. The bottom line remains the same, the people in charge don't want to see us getting out of line. "Excuse me son, you've been on that phone a while now…" the officer may say. Do you dare tell him you're educating yourself on switching systems? No chance in hell that he'd buy it, and even if he did, he'd still think you were up to no good. No, people are not allowed to step out of line. Not allowed to do things differently, and above all else, we're not allowed to question authority. You may have the right to do so, but don't think for one second it'll be easy. From the mundane to the monumental, the struggles to self educate will be an uphill battle. That…is the price of exploration. And with that said, I'd like to welcome everyone to the new issue. Lucky Freq13! Ironic I should type that, considering this is actually the second time I'm working on issue 13…the first one got all screwed up. Don't ask me what happened, I couldn't tell you. Maybe the number 13 really does have a curse, but we've been through worse. And we'll get through this, with flying colors. Wish us luck, and enjoy Freq13. -screamer 2. IN RETROSPECT: by Lethal Before anyone yells at me for not letting people think what they want, let me clarify that I'm all for someone's personal beliefs. I also feel those beliefs can change, either through experience or simply a change of mind. The purpose of this article is to examine what causes a person to go through such dramatic changes, in particular, hackers who look back and say their former hacking activities were a bunch of childhood nonsense. To begin, allow me to use the example of Lex Luthor, founder of LoD and a rather famous name in the hacker community, if not infamous. Here is a person who created what was to become a legendary player in the battle between Texas and New York, the Legion of Doom. A hacker who craved information, and would happily share it with anyone he trusted. To him, information was a form of power that needed to be obtained in anyway possible. But that was yesterday, today is a much different story. Today, if you ask Lex Luthor how he feels about hacking he would probably tell you that it's a very foolish thing to do. In his pro-phile with Phrack, Lex had stated that there are numerous legal ways of obtaining information if you only go looking for them. Perhaps this is true, but how many of you have founds books that were as good as actually using a computer system for yourself? Without hands on experience you never learn anything, and quite frankly, I doubt AT&T will allow you to try out stuff on their network. Chris Goggans, aka Erik Bloodaxe, is another example of people who change their ways. After being raided in the early 90's Chris decided that life would be better if he wasn't on the wrong side of the law. This led him to start up ComSec Data Security in Texas, and angered quite a few hackers, some still haven't forgiven him. ComSec didn't last long, but the idea of a hacker doing a complete 180 and becoming a "hacker-tracker" is kind of scary, what leads people down this road? Some may say that the raid scared Chris so badly that he turned to the side of the law, but put yourself in that position. Uncle Sam scares the hell out of you one day by raiding your house, and tells you that what you've been doing is wrong. In all it's oppressive ways, you've never actually felt as scared to live in this country as you do now. Here's the government, and they're saying that because you played with a computer that wasn't yours…you're facing 50 years in federal prison. The agents in your house are making jokes about your friends ratting you out, they're insulting your parents, they're forcing you to remain in one spot as though you were a cold blooded killer….how do you feel? Do you feel that you now want to join up with these same guys? Is your life suddenly so much clearer now? Hell no! You're pissed off, plain and simple, it doesn't take a rocket scientist. You're so pissed that you're into obtaining forbidden information even more than you were before. You have to show these overbearing assholes that information and playing with technology is not a crime! If no damage is done, and no one is hurt, then there's no reason why they should harass you like this! How dare they! Let's be honest, that's how you'd feel. Why then do some people suddenly go against what they used to believe so strongly? Perhaps the answer lies in age, is hacking yet another form of adolescent rebellion? After all, the same anti-Vietnam protestors of the past are the same people dropping bombs on defenseless foreign nations nowadays. Have they seen the "error" in their thoughts, or has society brainwashed them in way? While I'd be the last person to believe in any sort of outright brainwashing, it does exist in small forms. Television for example. Television shows us everyday that surveillance of the public is a good thing, because they can't be trusted. It shows us the cops beating down the man they pull out of a car after a speeding chase, because hey…he's the bad guy! What did he do? Is he really guilty? These questions don't seem to matter much to hosts like John Bunnell of "Worlds Wildest Police Videos" or John Walsh, host of "America's Most Wanted." All that matters is that we pound down on alleged criminals as much as possible, completely forgetting about their rights…and that they too may be an innocent victim. Is this an excuse to go out an commit a crime? Definitely not! What it shows is that the American public is constantly being bombarded with the idea that they shouldn't have any rights because we must enforce the law. This means more cameras, more unwarranted searches, more questioning, and yes, more hacker raids. And to all you nay-sayers who think I'm crazy for suggesting that television is pointing you in one direction, try printing "sensitive information" in an online zine (ala Phrack)…and then watch the feds bust down your door. No free thinkers allowed. Is this what happened to the former hackers, did the world change their opinions? Maybe the answer will never be found. But until it is, I urge all of you reading this to always think for yourself. Yes, those thoughts may lead you to hate the hacker lifestyle, but just make sure you know why you feel that way. If it's a personal belief, I respect that, if it's because you don't understand hackers and the TV says you shouldn't like them…please reconsider. And to all you hackers out there, keep doing what you believe in. Uphold the hacker code and show the world that you're nothing compared to real criminals. Lastly, to any hackers out there who have turned to "the other side," let us know why you did it. Hopefully we can all reach a common understanding. 3. THE RISE, FALL, AND DEMISE OF A HACKER: by DamienAK This article is my attempt at not only telling you about a little of my life, but also for me to get closure to some things and explain others. Hopefully you will learn from my mistakes and not make the same. Try not to focus on detail but just get the big picture. It all started about one and a half years ago when I had finally gotten bored of spending my time on the web looking at porn and talking to friends and girls that lived about 5 minutes away from me. Watching movies like "sneakers" "wargames" and TV series like "X-Files" "The Web (not playing anymore)" had really gotten me interested in Hacking. I really wanted to learn, no actually I didn't really want to learn. I wanted to do something so I could show my friends how cool I was. I wanted to send my friends virii in the mail and read their personal email. Also like just about every other hacker I wanted to hack my schools computer and change my grades. Yup, that was me, classic case of a Script Kiddie. The first Hacking file I found was "The complete newbies guide to Hacking/Phreaking" by Revelation of LOA on hackers.com. Wow, I was impressed. As soon as I figured out what a PKZIP program was I was dialing my way into my local telenet number. And after about 6 hours of going through LOD Technical journals Telenet NUA's I had finally found one that worked "Citibank" in New York I think it was. Well, root/root and admin/admin didn't work so I gave that option up and moved on to the next thing. War-dialing, yes I did that too. You can't imagine how many phone-calls I got at 3 a.m. from people who were mad because their caller-id went off. The only dial-ups I ever found were in the same prefix as the Telenet number connecting me to the same system. I almost gave up hacking when I came across the "links" section on hackers.com. And then finally I realized; I was stuck in the wrong decade. Soon I was learning and trying and playing wargames and all that fun stuff. I read about everything from telnet, unix, linux, nt, novell netware, tcp/ip etc. And as I gained more and more knowledge I started finding more and more good hacking websites like undergroundnews.com where I spent most of my time. Now I thought I had it all. I knew a lot, I was on a web-boards with other people who knew a lot, some more than others. Plus I was getting better and better at what I did. Soon I was compiling exploits on other peoples shells and learning how to write my own exploits. I felt really good until I decided that I hadn't really done anything to test my skills. And off we go to the next part of my life as a hacker, "the time of crime" lol. I had gotten caught once by a sys-admin and at that time I had no clue why or how and since he didn't investigate any further I thought I was invincible. I will not be stupid and incriminate myself but I was in systems of a local dsl provider, a local university, dozens of weakly protected foreign websites, and my all-time favorite, my schools computer. You see, what I realized was that my school had a really good network set-up, really good firewalls, and even good physical protection. This meant a remote attack was almost impossible. Floopy was disabled so no luck on installink a key-logger. All the hacking websites were filtered. This seems like a pretty good security setup, unless you of course put your trust in Microsoft which to my luck they did. One thing they didn't have was the brains to disable Macros in Microsoft Word, Excel and other office applications. And since all of the grades, absences, tardies etc. were stored in spreadsheet format with your SSN being the string that identifies you, I was able to write a simple VB script which did nothing more but modify the field which they had the tardies stored in. I was scared to do anything else. Well, messing around with all the companies and universities was pretty cool but I, being that great hacking genius that I am, decided I wanted to learn more about the DMV computer system. Now, the sarcasm is to show just how stupid this was. Trust me on this, stay away from Government Computers. Not only will they trace you down quickly, they will sentence you even faster. I mean a company has some things to think about when they decide if they want to waste time and money to find the 13-year old who defaced their website. And most of the time they let it go. But mess with the government and your fucked, this goes for a script kiddie and for the most elite hackers on the world. Don't believe me, look at what happened to that Max guy who was a security expert working with the FBI at times. He was caught for hacking Air-Force systems. Ok enough with the warning, I left of at wanting to learn more about the DMV system. Well, in my terms, and probably most other hackers terms this meant I wanted to hack it, make it mine, control it....just the usual hack, I wanted to be god to the DMV universe. So after doing what every elite hackers does, searching on google, I came up with nothing. Nothing that could help me at least. In my mind there was only one thing left to do. And after deciding that kidnapping a DMV employee wasn't such a good idea I realized I was probably gonna end up in the trash. The DMV trash container that is, looking for any kind of print-out, fax, email, just anything that could give me a little clue. To make a short story even shorter, I was busted. How was I supposed to know there was a guard? The guard called the cops, the cops wanted to know what I was doing in there and my $120 Jordan made it kinda hard to act like I was looking for food so I said the next best thing. I lost my wallet at the DMV and thought maybe they threw it away. I'm not going to comment on this, but having three nice and friendly police officers asking me polite questions....yeah right....that's what I wished for. Turns out one of the officers actually had a brain, so he looked through my backpack and found nothing but junk. I thought I was safe, they took me down to the station and called my parents. I was so happy, I was free. What was waiting for me at home didn't really concern me much, the next morning I received a phone-call from the police station. They wanted to talk to me. The detective handed me some papers and he said do you know what this is. They were nothing but a bunch of papers on envelopes from the trash, but the way he saw it is was me trying to read somebody's mail, which was as he told me a federal crime, a felony. I almost shitted in my pants. He asked me "Is that what you were doing?" And I said no and he started getting louder and I finally gave in and told him what I was really doing. He gave me a funny look, like that wasn't the answer he was waiting for. Ok, to shorten this story again, I had to go in front of a juvenile judge. It wasn't nothing like the cases you see on TV. It was more me telling the judge what I did and the judge with the pen in his mouth and his hand on his face like he was thinking about whether he should play golf or catch the baseball game or something like that. Well, I pled guilty anyways. My lawyer promised me that I would get no jail-time of juvenile hall since nobody had filed a law-suit and all I did wrong was trespassing and being out after curfew (yes, here in Missouri you can't be out between 1 and 5 a.m. if you're under 18). But on the matter of me trying to find information about the DMV computer system the judge gave me a probation of 6 months under which I wasn't allowed to use "Any Computer or other devise that is networked or able to connect to the internet" This seems a little funny to me and I asked my lawyer why and if he was allows to do this. My lawyer told me that this shouldn't have happened, and that there was no evidence or implication that I would use and info in a unlawful manner. But he also told me that this would mean appealing and going through another trial over again, also that would mean more money wasted on the lawyer. The way it looked I wouldn't get to use a computer till the end of my life anyways, if my parents had anything to say about it. And once again to make this story shorter the day after I was busted I was supposed to appear on Hackermind with Screamer and D4sh, and I'm really sorry for missing this opportunity. I soon found myself back online, violating my probation. For about a month the only person I talked to was Silent Rage, leader of the Serial Coders, on IRC, using another nick "merlin". As time went on I started caring less and less about my probation and even my parents knew that I was using a computer so I thought everything was cool again. And that's where I'm at right now. My probation is not over officially but according to my probation officer she doesn't care about it :D. So, a dramatic story with twists and turns and a kind of good ending and now you ask yourself, why the hell am I still reading this and why the hell are you quitting. Well, I have just grown tired of this. I have grown tired of counting my posts and trying to be cool with everybody. I have grown tired of answering the same stupid questions, I have grown tired of never having somebody's that can answer one of my questions. I have grown tired of sitting up till 5 in the morning every night/day and messing up peoples computers and interrupting their work. I have grown tired of reading tutorials, books, and advisories just so that I could say "yeah, I read that" or "yeah, I know that". I have grown tired of trying to be accepted by a community, which is based on first being a bad-guy, getting arrested, getting a job for some company as a security expert and then complaining about the same things you were doing a couple of years ago. Don't get caught up in this game. The game of trying to be cool in front of your friends and impressing little kids on IRC with your mad Sub7 skills. I have grown tired of a lot of other things too but most importantly I have grown and I think it's time for me to move on to something new. I still love technology, and I will keep learning. I have had my fun, and I never thought I'd be saying this, but its time to grow up. I don't mean to insult anybody out there who thinks defacing websites is fun, this is just simply something that I have decided for myself, something that will be best for me and for my future. )))DamienAK((( 4. JUNO'S FREE ISP SCAM: by Nutrition Facts As you might know Juno offers a free isp for phone modems 56k and under. This service also includes: *Many Disconnects *Lots of Downtime *A Banner that takes up a portion of your screen *Invasion of Privacy What's that? Invasion of privacy? Yes, its true... I have been on to Juno's free ISP scam for a while now. My tools: file monitors, registry monitors, common sense, and theory. Here is a little information on how I found this out. Before it was impossible for me to connect online I received an e-mail message from the Juno's service staff some thing like serv-@juno.com or something like that. They said I will not be able to connect online but I would be able to read and sent mail by dialing up to their servers not to the internet... A couple days latter I was not able to connect online. Hmm??? So I connected to their servers to read e-mail not to the internet. I had no mail to send. I was connected for about 15 minutes. I had 2 small e-mail messages sent to me, all together the size was less than 5kb. As I double clicked on the modem icon at the taskbar and looked at the status I saw over 1.4 megabytes sent from my personal computer to their servers and only a few kili bytes recived. Some times Juno updates itself when you connect to read e-mail that way. The funny thing is sometimes after you can not connect to the internet after reading your e-mail by dialing up you can then connect to the internet after you restart juno. HMM, what was my computer sending to them? My connection to them was around 49333kbs to their servers. Look at the clues I have said so far. A message saying you can read e-mail by dialing up but not being able to connect online. Then not being able to connect online. My first theory was, junos while running makes logs, when the log gets to big or a certain size juno will not connect but before that an e-mail has been sent to you telling you about future downtime and how you can connect to send and get e-mail. More like connect and send your personal information and get 2 2kb messages. But I needed proof, that's when I used the file and registry monitors. Here is some examples of what I saw on the file monitor. I wish I could show you more and more. ----------------------------------------------- 92 1:18:35 PM Juno FindOpen C:\WINDOWS\HISTORY SUCCESS History 93 1:18:35 PM Juno FindClose C:\WINDOWS\HISTORY SUCCESS 94 1:18:35 PM Juno Attributes C:\WINDOWS\HISTORY\DESKTOP.INI SUCCESS GetAttributes 95 1:18:35 PM Juno Attributes C:\WINDOWS\HISTORY\DESKTOP.INI SUCCESS GetAttributes 108 1:18:35 PM Juno Seek C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 109 1:18:35 PM Juno Seek C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT SUCCESS End Offset: 0 / New offset: 0 110 1:18:35 PM Juno Seek C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 994 1:18:42 PM Juno Seek C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 995 1:18:42 PM Juno Seek C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS End Offset: 0 / New offset: 0 996 1:18:42 PM Juno Seek C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 ----------------------------------------------- Thats just one example out of mega bytes of action. I wish I could show you all of them, what they do is record where you went online, your history, your cookies, then they send it to their servers. That is just a very small portion of it, not all, it does not even contain every file the seek. I am not sure if I listed a good example So what I did one day was use another isp and browse many websites, I mean alot. I spend hours clicking on links. So I tryed read my e-mail by dialing up to juno again. It took a very very long time to get 4 small messages about 10kb in size. From people like in-@juno.com and customer-@shop.juno.com. In conclusion Juno's free isp is a scam. Why is it a scam? Because they take logs about where you have went what you have seen, then send it to their servers. I am not sure if other free isp's do that, but I know that juno does. Page 2 -->5. EXPLOITING INTELLIGENT PERIPHERALS: by Screamer Chaotix with help from DamienAK At first look a printer is a rather dull device. It doesn't contain very much that's interesting to hackers, other than the fact that it can be used to print out some pretty hilarious banners to your target. But with that aside, no one really considers printers (or any peripheral for that matter) to be that big of a deal. Sadly, this causes them to be neglectful. Intelligent peripherals are a fantastic thing, when used properly. An intelligent peripheral is any piece of equipment hooked up to a network that can be controlled over the internet. By simply telnetting to a specific IP address you can control the inner workings of the machine, and therein lies the problem… Recently, while scanning the subnet of my university I came across several machines which only allowed ssh access. Scanning a bit further, I saw that one of these same machines had foolishly left telnet wide open (kind of defeats the point of ssh doesn't it?). Now I'm not the type of person to sit at a keyboard all night, pounding away at the login prompt until something got me in…oh no I had more important things to do. Nonetheless, the thought that someone had made the mistake of leaving telnet open got my brain churning and my curiosity boiling, was it possible they had messed up somewhere else? Checking the nmap results, I found that they had. Several IP's had telnet wide open, and boy oh boy do I mean wide open. After connecting to the open port, I was amazed when I received this prompt: HP JetDirect Please type "?" for HELP, or "/" for current settings What's this? No login prompt? Nothing asking for a username and password? It was too good to be true! I did what any good explorer would do, and typed "?" This is what appeared: Please type "?" for HELP, or "/" for current settings To Change/Configure Parameters Enter: Parameter-name: value Parameter-name Type of value ip: IP-address in dotted notation subnet-mask: address in dotted notation default-gw: address in dotted notation syslog-svr: address in dotted notation idle-timeout: seconds in integers set-cmnty-name: alpha-numeric string (32 chars max) host-name: alpha-numeric string (upper case only, 32 chars max) dhcp-config: 0 to disable, 1 to enable novell: 0 to disable, 1 to enable dlc-llc: 0 to disable, 1 to enable ethertalk: 0 to disable, 1 to enable banner: 0 to disable, 1 to enable Type passwd to change the password. Type "?" for HELP, "/" for current settings or "quit" to save-and-exit. Or type "exit" to exit without saving configuration parameter entries It was obvious to me this was no UNIX machine, and it sure wasn't a VAX/VMS. The HP JetDirect sign rang a few bells though, Hewlett Packard? Could it be that this was a printer? By typing "/" I received various bits of information, all showing me the current setup, including IP assignments, options for DHCP, even an option to set the admin password! Sure enough, it was a printer alright. And I had managed to walk right in. Here I was, with complete control over the configuration. But what could be done? All sorts of thoughts went through my mind. With a few simple commands I could change the location of the printer to anywhere in the world…thereby receiving every print job that someone sent to that machine. And in a university, who would notice if their paper went to the wrong machine? It's certainly not the type of thing the admin's go crazy about. But still, using my hacker ethics I didn't do this. After all, I was more curious about the idea of remote controllable printers than anything else. If any of you trouble makers out there are wondering about the possibilities, you shouldn't have to think very long. The problem here is one that has been around since the 1980's and even earlier, people unaware of the fact that they have an open door to the world. All of you old timers remember the dial ups that didn't require a password; well this is pretty much the same thing. They lock up their UNIX and VAX/VMS like a fortress, and yet forget about the small details. Few people see a printer as a device to be concerned about. But the fact is, intelligent peripherals do pose a threat. Without password protection on all your machines, any attacker could gain access…and may even boost up their privileges. The HP JetDirect that I found is only half the story, some peripherals (those running on a UNIX platform) offer inet and rpc daemons running by default, giving attackers even more to play with. Some inet daemons running on these machines include telnet, ftp, and finger (just to name a few). I'm sure we can all see the danger in that. And I haven't even touched upon the dangers of connecting via ftp and actually printing a file…but we must save something for later… The bottom line is this, if you're using intelligent peripherals be sure to secure it with a password. If you're using the HP JetDirect, all you need to do is use the admin utility and set a password. It's as simple as typing "passwd", and if you don't do it…who will? (Thanks to DamienAK and Unreal) 6. A METAPHORIC STORY: by PhrenzyBlade -*DISCLAIMER*- I AM NOT A HACKER AND I DO NOT CLAIM TO BE ONE. THIS IS A METAPHORIC STORY DEPICTING WHAT I BELIEVE THE PERSECUTION OF HACKERS TO BE COMPARABLE TO. IT IS MY TWISTED OPINION, NO ONE ELSES. IF YOU BELIEVE IT TO BE INCORRECT, PLEASE NOTIFY ME IN CIVIL TERMS, NO FLAMES! I AM ONLY LEARNING. Rebellion is acknowledging the faults of society and trying to change them, rebellion is about leaving the messed up stereotypes that society has created for you, and going where you WANT to go, not where you should go. Imagine living in a neighborhood, where everyone got on well, and there were no fights, and life was good. But every so often, sometimes once a day, sometimes once a year, you see a man walk into the building. This building is at the center of your neighborhood, sometimes people go in, and come out again later. There are no windows, only one door, and no-one knows what it is there for. When they try to talk to the men about the building the men look offended and leave without saying a word. Naturally you would be curious about what this building is, and you would wonder about it. Now what if, one day, you were walking around it, and you found a key under a stone. They key is made by the people who made the lock on the door to the building. You look at the key for a while, and then at the door. You imagine the thousands of people that must have walked through that door, using the key in your hand, and then you think of the whole neighborhood, wondering about this building, wondering what it was there for, wondering, and knowing they will never know the truth. Then you take the key, and you use it to open the door. Such a simple exercise, no harm done to the structure, and you walk in. Once inside you realize what the building was. What it was for, and why people go in and out of it so often, and then not so often. After having this revelation you leave, after perhaps photographing the interior so that you remember you were actually in there, and not dreaming. When you go home, you copy the photograph and give it to your friends, partly to show off, and partly to show them the truth that had been kept from you for so long. After leaving you see a man walk up to the door, and reach into his pocket for a key, which is not there. The man looks puzzled, he does not know where the key is. Then you remember you have the key, it is in your pocket. And you walk up to the man, and give him the key back, explaining he must have dropped it, because you found it over there. You expect the man to say "thank you", or at least look relieved, but instead he backhands you across the face, and starts to kick you and stamp on you as you lie on the ground. Then he blows a whistle and more men come running from the building, and they all start to beat you, and then they take you back inside the building. Inside, they start to interrogate you, asking all they can about the key, and how you found it. And when you say you thought you were helping by returning the key, they laugh in your face and say "If we want your help, we'll ask for it". It sounds ridiculous to you. You can't understand why they would say such a thing, why would they prefer they key to be lying on the ground for any of the malicious people of the neighborhood to find, more then having the key returned to they, by a kind hearted young man? If you can for a moment believe that something like that could take place, you have imagined what happens to the Hacker. And now I ask you, would the story have been any different if instead of wandering around the building, you had been walking around, hoping to find a key that might have been dropped? I don't think so... PhrenzyBlade 7. MAKING THE MOST OF NMAP: by JayX To most veteran hackers there's little interest in mapping out networks. To tell the honest to goodness truth, most old fashion hackers would laugh at you if you said you were into "networks." Granted, it's a very vague topic that could be used to hide the fact that you know nothing, but on the other hand let's not forget the joy of exploration that can be found with hacking. This sense of exploration comes from not only connecting to one particular machine and gaining access, but from sliding around the "plumbing" of the internet and seeing exactly how everything is set up. Let the rest of the world have their "WWW," the backbones and IP addresses that make up the skeleton of the net are for more interesting thank you very much. With that bullshit out of the way, this article is meant as an introduction to the greatest networking tool out there. It may not be of much use to you veteran hackers, but I think it deserves to be printed for the fact alone that more people need to begin appreciating the beauty of the internet. But before I go any further, there are a few things I need to say first. First off, if you're one of those guys that tell your friends a hacker…but don't have any idea what the difference is between a FIN and SYN scan is…this article is for you. You're at the point in your "career" where you want to be a hacker, and are probably interested in learning about how to really become one. If that's you, continue with the article. If you don't really find typing line after line of monotonous code to be appealing but still want the name hacker, go hang out at some wannabe hacker server on IRC and leave this articles to those who want to learn. Second, make sure you have Linux installed on your computer. I know it's been said a million times, and you may even have yourself fooled into thinking that you can still call yourself a hacker without knowing how UNIX works, but I'm afraid you're wrong. *NIX is a right of passage, every hacker needs to understand its fundamentals. Plus, Nmap is SOLELY for Linux. Let's begin with a basic newbie-friendly outline of how the internet works. Every machine on this vast network is identified by it's IP (Internet Protocol) address. It's a collection of digits similar to 123.456.34.222 where the first six digits are the main network, and the last six the subnet. These addresses help your computer to find these other computers on the internet. Now, on each of these IP addresses are doorways known as "ports." These ports allow a program to connect to the internet (ie: telnet, ftp, smtp, finger) and can be exploited in various ways by hackers to gain access. OK, since this is an Nmap article…let's get to the exploring. For the sake of argument, let's say you the IP address of a computer on a specific network (Verizon's network perhaps?) We'll say this network is located at 123.321.*.* for the purposes of this article. The *'s are only used to show that all possible digits are covered in these fields (1-255). In order to find out what machines are up and running, as well as what services are running on them, we'll initiate the following command from our prompt. $ nmap -v 123.321.*.* >/home/billybob/networks/123.321 & This starts Nmap with the "verbose" (-v) option set, and will allow us to get a written explanation of everything the program is doing. From here, the program will scan every address on this subnet as well as every port, and send the output to our directory located at /home/billybob/networks with the filename "123.321". The "&" is simply a *NIX command that puts the job in the background so that we can continue using our machine without having to open a new shell. Get ready for a long scan, we've given Nmap a lot to do. When completed, change the directory to the one with the file like so: $ cd /home/billyboy/networks And open the file using the "less" command. $ less 123.321 Here you will see an enormous output (scroll through using the spacebar) which you can examine more closely offline. You will which servers are up, which ports are open (or filtered, meaning the ping probe didn't get a response). Keep in mind that networks change faster than a guy late for a date, so if you find a server you scanned yesterday is no longer up don't be surprised. What's that? You didn't get a response? The most likely reason is that a firewall blocked your loud TCP scans. Usually this can be resolved by issuing a stealth SYN scan with the following flag: $ namp -sS -v 123.321.*.* >/home/billybob/networks/123.321 & Now, considering you didn't receive a response last time, you should get a good layout of the network. Hopefully the firewall didn't spot your "half-open" scans (in which a connection is not really opened, only a SYN packet is sent and waits for a SYN|ACK. If one is received, an RST is immediately sent to terminate the connection. This type of scan is rarely logged, but does require root privileges to be run (in order for the kernel to build these SYN packets). Of course Nmap offers a few other ways of getting your scan past the firewall unnoticed, but I encourage you to check out the man page of Nmap for the full potential of these scans. (simply type "man nmap" to read these) Finally, the TCP services running on the machine. Before you can exploit something, you need to know what's running. If you do a complete scan, as I showed above, you're bound to get a thousand different responses from all the servers. While time consuming, this type of scan does have the benefit of providing you with higher ports (3000+ for example) which could have already been compromised by hackers, potentially giving you a way in right away. But let's assume that you only care about the ftp, telnet, and finger ports. How do we have Nmap focus on these while ignoring all the others? The answer, my friend, is blowing in the wind…and I printed it below: $ nmap -sS -p 21,23,79 -v 123.321.*.* >/home/billybob/networks/123.321 & Above we see the "-p" flag, which specifies our ports. Listed beside it we see 21 (ftp), 23 (telnet), and 79 (finger). Now Nmap will only scan these ports. You'll soon realize this is a wonderful time saver. If you want to scan a range of IP's, simply put a "-" between the lowest and highest ports in the range you want to scan (ie: 21-79 will scan all ports from 21 to 79). Or should you want to scan all ports above a given port, place the "-" after the number (23- will scan all ports from 23 up). That's pretty much all this article will cover. But before you dismiss Nmap as being yet another scanning tool please come to understand it's full potential. Not only will it scan an IP, it'll scan networks, ports, give OS guesses (the -OS flag requires root privs), and has a dozen ways of silencing it's search. If you're a hacker, Nmap NEEDS to be on your Linux machine. I hope you've found this article informative, and I'm assuming if you're anything like the people I listed above you have. If it seemed a bit too simplistic, well that's because Nmap was made to be user friendly. If the flags and myriad of options get you confused, there's always the Xwin version of the program…but where's the fun in that? I also hope that you see just how much I love this program. Many hackers say they can't live without it, and I'm one of them. But more than that, I love it for itself. Sure you can say it's only the first step towards a successful hack, but with this program you can map out a digital universe with your fingertips. Even if you never gain access to any systems and really can't call yourself a hacker in the traditional sense (in other words, the media sense) at least learn from the experience of exploring the underbelly of the internet. It's really an amazing place. 8. HACKER ETHICS: by DamienAK Hacker Ethics - What you can and can't do Oh the ethics of a hacker. You have probably come across some 80s text-file telling you about how to be a hacker and what you can and can't do. So what do you do, you want to be a hacker so you follow these rules. Rules such as "Don't damage a system". But what if you want to damage a system? What if your sole purpose is to cause havoc on a system because for some reason you don't like it? Is it right to do this? This is the point where I, as a good, caring, nice hacker am supposed to say "No way", "that's not right". Well, the truth is, I could really care less. To me there are no Hacker Ethics, laws, etc. that are going to stop me from doing what I want to do. This, my friends, is what we call freedom. Some have it, some think they have it, and some are scared of it. Now, when I say Freedom I mean a 100%, no holds bared right to do what you want to do. Freedom, nowadays, is a word thats being abused left and right. Take for example, "The Freedom of Speech". Ok, tell me this, if I am not allowed to go up to a cop and say "I'm going to kill you, you stupid son of a bitch" is it still freedom? Is something with limits and boundaries still free? Let me put it differently. Put a Dolphin in the biggest pool in the world; is he free? Of course not. Anything that is regulated is not free. Ok, but by now some of you are saying "Hey, if there is no law and control there would be complete chaos." And this is true. Ask yourself this, would you want to live in a world where anybody could do anything they want, or maybe just say anything they want? Some of you may say yes and some may say no and other might say "But hey, this is America, the land of the free" No comment to the brain-washed idiots who answered the third option. Whatever you response is, keep this in mind. It will never happen on this planet. Civilization and Religion have killed freedom thousands of years ago. So is that it, we will never have any Freedom? We will always be slaves of society? What are you stupid? Look in front of you. You are looking at freedom. It's a damn computer. A device which is connected to millions more like it. A device which will let you make your own music, it will let you broadcast a radio-show and put out a magazine. A device which when used right will get you access to everything you want. This IS a new frontier if you haven't noticed. As in any frontier freedom stops only when you let it. Don't be held back by what you think are rules and ethics. So now you're asking yourself. "Ok, DamienAK just told me to go launch DoS attacks and send my friends Sub7 so it must be ok" There you go again you dumb-ass. Don't let somebody else think for you, make up your own mind. If you think that doing something is right and there is a reason for it, then do it. Be carefull, be secure, be cautios, but like Screamer says "Never stop exploring". Let me just try to explain the term Ethics for a second. It can be narrowed down to this. Do you believe Ethics are moral values as defined by humans and society or do you belive ethics are just moral values independent from anything else. The later being "If I feel it's right so I'll do it". The first definition is what I call "Bad Ethics". They are the things which cause wars, murder, and discrimination. Don't let the "Bad Ethics" get you, have a free mind and always be aware of what is really happening contrary to what you think is happening because of the way you live, because of who you are and how you were raised. How should I explain this? Have you ever seen The Matrix? I'm sure you have. Well, eventhough the movie is science-fiction it was based on Taoist beliefs that we all live inside of a Matix. Ok, maybe the monks don't call it a Matrix but the principles are the same. We live in a world that doesn't really exist. In a world in which we are enslaved in by our thought, feelings, emotions, egos, religious beliefs etc. Just like in the Matrix these things act as the agents, guarding the gateways to truth and freedom. The only way to free the mind is through meditation. I admit it's not something I do or plan on doing but it's the truth. Thats all I can say. After reading book after book I have realized it and that, for me, is enough. I know whats wrong with the world. I know the mistakes I make. I am aware of things people don't realize existThis can be aplied to everything, from politics to Hacking. That's why I say don't be blinded by things that don't even exist. Ok, this is starting to get my Philosophical side going so I will stop here before I start talking about all the problems in the world. Hopefully this little text has opened your eyes just a little and made you think just a little more. Thats all I wanted to do. I don't want you to listen to me, and I'm not telling you what I say or do is right. The only thing I'm telling you is don't believe what you see, follow what you feel. If you feel it's right; do it, if you think it's not right; then don't do it. It's as somple as that. Trust what you feel. The five colors blind the eye. The five tones deafen the ear. The five flavors dull the taste. Racing and hunting madden the mind. Precious things lead one asstray. Therefore te sage is guided by what he feels and not by what he sees. He lets go of this and chooses that. Lao Tsu Tao Te Ching )))DamienAK((( Page 3 -->9. UNGUARDED VOICEMAILS: by Da Peng and Screamer Chaotix Every night before you go to bed you're sure to lock your door. If you put your computer on the internet, you almost certainly install some sort of firewall. If you set up a server, you use passwords that are next to impossible to crack. But suppose those passwords were limited to a combination of 4 tones, and you only had ten tones to choose from…how secure would your password be? Not at all. Voicemail is something most people take for granted. We seem to think that our voicemail box is impossible to find on the vast web of phone lines out there, while the truth is frighteningly far from that. Most voicemails are actually grouped together, and in most cases can be reached by dialing one number for ease of use purposes. Let's look at our good friends Southern New England Telephone and see how they do things (but of course, this isn't to say you're telco doesn't do things the same exact way). First off, you ignore the danger of someone at the central office listening to your messages (that Conspiracy Theory stuff is a bunch of crap to you) and opt to go with one of their ten dollar a month voicemails. Once signed up, you'll get a number that you can dial to set up your account using a temporary password. When you're in, you're asked to record your name and set your welcome message. You're welcome to set any name you like, unless you're really dumb and won't remember that's you on the recording calling yourself Hannibal Lecter. With that out of the way, your voicemail is up and running. Anyone that calls your house will be forwarded to your box after 3 rings, or after one should the line be busy at the moment. Now that's all well and good, I can hear you guys getting upset because you already know what voicemail is. But the importance here is in the set up process, and the well known fact that humans are worst security risks known to man. When prompted for your name, you'll most likely be a good boy or girl and give your birth name. Where's the harm in that? It'll let you know you got the right voicemail box when you call…sadly, it does the same for anyone else who dials this number. And reaching your number is not a task to call in the Mission: Impossible folks for. All a potential attacker need do is find one dialup number in the area, and voila…they're in the system. What's this magical dialup number I'm referring to? It's a number that, when dialed, will give you the option of entering in a mailbox number if you subscribe (or if you're looking to cause trouble) or to enter the number of the person you want to leave a message for. Of course, any number that leads to a voicemail will work just fine, as they always give you the option of entering in another number just incase you foolishly dialed the wrong one. You've got the mailbox, now what? It's asking for a password…how the hell can I crack this? It won't even tell me how many digits I need to enter! It's too good, I quit…I'm gonna go play Counter-Strike and drink a few suds… Whoa! Wait up soldier, you're giving up too easily. The digit maximum (and minimum for that matter) is 4 digits. 4. Sure with 10 numbers (1-0 on your keypad) there are thousands of combinations, but there IS a finite number. Anyone with a week to spare will be able to get it sooner or later, but the sad reality is that it's usually sooner than later because of…you guessed it…human carelessness. When setting up a password people instinctively give the last four digits of their mailbox number. It's an easy number to remember considering your brain groups those four together automatically. So let's say the number for someone's voicemail was (NOTE: bogus movie number coming) 203-555-3939. Try the password "3939"…and while not guaranteed, there's a good chance you'll be in. No! I'm not in…see I told you I should just go get drunk and play Counter-Strike, shit this ezine sucks! I'm going to read Phrack! …hey I love Phrack too, but just because you couldn't guess the password on the first try is no reason to give up and get dru-er it's no reason to give up. There's another strong possibility you could try, and this one is obtained by listening to what you hear when you call. "Bob Roberts." "Johnny Coolbeans." "Josie Pussycat." All of those are the names you receive when you find someone's voicemail…remember, they're there to let the rightful user know they've reached the proper box. So obviously if this person has a voicemail it's likely they want to be reached, which means they're in the phone book (or anyhoo.com, switchboard.com, etc…but let's do this the old fashioned way for nostalgia). Pick up that wonderful free book that you have to pay to stay out of and look up the last name of the person you just heard. Do you see their number? Hopefully you do, and hopefully you'll notice the 4 digits their phone number ends in. Try those four digits as the password, and cross your fingers…. Obviously these techniques don't always work, after all I had a voicemail but no listing in the phone book, and sometimes people DO think before they use the password 1234. But a lot of times they want it to be easily remembered, so look at your keypad and think about possible combinations. Think about the easiest passwords you can…1234, 4321, 5689, you get the idea. You should eventually get into the mailbox, it just depends on how stubborn you are. And of course, you could always social engineer the person by claiming to work with the phone company…but hey, do you really want to do that? Now that you're in the box, you have complete control. If you wanted, you could change the password…but remember, all they'd have to do is call the telco and after a while of pleading they WILL get it back, so don't bother. Odds are they'll never change it, not after they become accustom to hitting those same four buttons. Should you feel the need, you can change their personal options and recorded messages so that their voicemail insults their girlfriend/boyfriend or says something really dumb, but again…all they have to do is call the phone company. Fortunately, very few people listen to their own messages…but this is far from a guarantee. Other options may be available depending upon the type of voicemail system you're in, but those are up to you to find. This article has shown you how any voicemail can be broken into with a little patience. The best thing to recommend is an answering machine that allows for longer passwords, but always keep in mind that nothing is secure. Phones don't allow you to use special characters while creating your password, so make the number as difficult to remember as possible. Put the same number down three times in a row, attackers rarely try three 7's in the middle of a password…but that's only a suggestion. Above all else, never put (or let people put) private information on your voicemail. Change your password every week (sooner if you believe it to be compromised of course) and always delete old messages. It's a pity that so few people delete older messages, causing them to forget about that one from the prostitute that wants her twenty bucks which any attacker can find in the deleted messages section etc etc. It may be difficult to tell if your system has been compromised, especially if nothing is changed, but prevention is the only solution. Prevention, as well as acceptance. Acceptance that this can happen at anytime, and the realization that anything you connect to a publicly accessible network can be seen by anyone. 10. THE POSSIBILITIES OF A CYBER ARMY: by Rex Everyone knows that doing anything from your computer is dangerous, and I do mean ANYTHING. You could purchase something and have your credit card number stolen, make a website and have it be taken over, or voice your opinion and be arrested! But perhaps the most dangerous thing of all is hacking, by which I mean the act of penetrating (or attempting to penetrate) someone else's computer. We all know that there are various forms of hacking, not all of which are seen as a malicious act. But face it, the most fun and challenging things in the world of hacking due run the risk of landing you in jail. If wingates are used, your odds are a bit better, although far from good. If you use a public terminal your odds of not being caught go up even more. Of course, with cameras everywhere all someone would have to do is learn the connection time, trace the IP, and then use one of the security cameras to see who accessed that terminal and at what time. A stretch? Don't count on it, not in a world where hackers must be stopped at all costs. You're only one person though, so finding you and shutting you down should be no problem. The point of this article however, is to examine the possibilities that exist with several types of "cyber army's." Please don't take this to be a fictional article much in the tradition of "Neuromancer," everything I say is theoretically possible. Although I do stress "theoretically." With worms galore on the internet today, it doesn't take a genius to know that the possibility of controlling multiple machines is entirely feasible. The Sub7 trojan alone gives you complete control over someone else's computer, even more control than they have! Is the idea of a mass worm spreading a Sub7 variant that far behind? We've already seen Code Red attach itself to machines and send out ping floods to particular ips, so what happens when the worm allows complete access? Of course, a vulnerability must be found that would allow the worm to spread, but like I said those are being found everyday. In much the same way as the IIS bug, the new worm could pipe back a command shell to your computer (or just run a Trojan on the victim's machine with a nice Sub7 interface) that would allow you to do anything you liked using their machine. Imagine the possibilities of having millions of computers from which you can do whatever you like, your own cyber army of sorts. Using the trojan program to connect to thousands of other compromised PCs and making your originating whereabouts virtually untraceable. The possibilities are endless. But that's only one scenario that we may see in the not too distant future. And it's not without its flaws. First off worm coders are typically found, so getting around that would be a challenge in itself. There is a different approach however, one that involves more than one person and the dangers this may pose to systems on the internet. I mentioned earlier that you're only one person. Tracing your ip address is an easy task unless you have the privs to actually delete all the necessary log files, but suppose you weren't the only one. Suppose you had hundreds of friends all over the world all attacking the same machine from anonymous public terminals. Would the server ever stand a chance of finding everyone? That's seriously doubtful. Of course this assumes that some of your comrades will bite the bullet and "take one for the team" but in the end it's the hackers that win. Not only is the system compromised a hundred times faster, but with the addition of hundreds of ips to go through, how can they ever pinpoint a source? I don't claim to be a sysadmin or programming specialist. The ideas posed in this article are up for debate by you more scholarly gents and ladies, but I do hope that I've given you a glimpse at what could happen. There are always the details that will keep this article theoretical, such as actually finding a hundred people to help you in a hack…and more importantly, making sure they're trustworthy. If you have anything to add or refute, please send it in to the ezine, I'd love to read it. Thanks for your time. 11. THE CONDOR ON TECHTV: by CryptoKnight On the August 20, 2001 show of 'The Screen Savers,' Leo Laporte interviewed Kevin Mitnick. Here is the transcrip for you. Enjoy. Leo Laporte: Kevin, it's great to have you. I don't know how much of an intro I want to do for you. If people saw the signs that said, "Free Kevin" they know a little bit about your story... you went to jail... now, before we go any further, I've seen you write and say, "Hacking is a noble, honorable art," and I agree with you, but the media now calls bad guys hackers. It's been demonized. How do you feel about the use of the term "hacker" in the media? Kevin Mitnick: Well, I think the media spin "hacker" to be a real negative term, but I think it's a positive... I think of hacking more as a skill -- it depends on how you use that skill. You can use it for something productive or you can use it for something destructive. Laporte: Right, and you point out that really vandals might be a better term for someone who's destructive. Mitnick: Exactly. You know, there's all these different terms: crackers, hackers, black hats, white hats... Laporte: Yeah... Mitnick: ...gray hats. And it's like you have all these terms bandied about, but -- Laporte: Well, we've said that, having said that, I'm going to use the term hacker, if you don't mind, because everyone in the outside world thinks of it that way, and I won't... let's just point out it can be a good thing, it can be a bad thing, depending on what you do with it.. Mitnick: Exactly. Laporte: Is that fair enough? Mitnick: I agree with that 100 percent. Laporte: You went to jail for how long? Mitnick: For five years. I was held for four and a half years without trial. Laporte: That's, by the way, an extraordinarily long period of time to be -- Mitnick: People that are convicted of killing somebody spend less time in jail. Laporte: Yeah... Mitnick: But I was -- there was a lot of fear in my case. Laporte: Yeah, why did they -- they had you in prison without bail for a very... for so long. Why? Mitnick: Well... well, I was a fugitive, so that probably... Laporte: That had something to do with it. They knew you could run again. Mitnick: I-I could do that. What was interesting in my case was that, not only was I held without bail, I never had my right to a bail hearing. Laporte: Right. Mitnick: They wouldn't even give me the bail hearing, but also I was held in solitary confinement for 8 months, because a federal prosecutor told the judge that I could start a nuclear war by whistling into the telephone. Laporte: (laughs) Could you? Mitnick: (laughs) Well, you have a phone on you? Let's try it out. (laughs) Laporte: Now, you're, you have a supervised release, and as you told me earlier, before the show, the Feds don't do a parole, but it's basically like parole. Mitnick: Right. They do probation, which is instead of going to prison. Laporte: Right. Mitnick: Or they do supervised release. And after you spend your time, you're out into the community for a certain amount of time, and you have a probation office, and you have to live under whatever terms and conditions the judge has set for you. Laporte: And in this case... no technology. Mitnick: Uh... I can't own or possess or use computers, cell phones, PDAs, uh... an organizer, like a Casio organizer... Laporte: You can't even use that. Mitnick: A television that has the ability to access the Internet -- Laporte: It must be very frustrating. Mitnick: Without the government's OK. Laporte: Wow. Mitnick: They did, they did recently give me permission to use a cell phone. Laporte: So you do have a cell phone. Mitnick: Yeah. Laporte: But that's -- Mitnick: So watch out. Laporte: (laughs) Mitnick: (laughs) You don't know what I could do with a cell phone. Laporte: What... you were convicted of wire fraud. Mitnick: Wire fraud and computer fraud, intercepting electronic communications... Laporte: What did you do? Mitnick: Basically, I was really fascinated with computers since I was a young kid, and I wanted, I was very interested in becoming good at hacking, so one of the ways I wanted to do it was remain stealth, number one, and learn all the security vulnerabilities that existed in different operating systems. So what I did is I went after the source code of particular operating systems DEC made at the time: VMS, I went after, you know, SunOS, which was made by Sun Microsystems. Laporte: You downloaded -- Mitnick: I downloaded, I basically made a copy of source code for particular operating systems and for cell phones because I wanted to learn how the technology worked, and I also wanted to figure out the security vulnerabilities. Laporte: Did you do any damage? Did you destroy any files? Anything -- Mitnick: No, never erased any information or crashed any computer systems, but what I did do was any time I'd get access to a computer, I'd erase my audit trail. Laporte: Right. Mitnick: In other words, my presence of being there in order to protect myself. Laporte: Yeah. That's normal process for a hacker. Ah, you call yourself a reformed hacker. Would you, given the chance, do that kind of thing again? Mitnick: No. Absolutely not. Laporte: Why not? Mitnick: Well, first of all, the risks are too great, the benefits don't -- the benefit certainly does not outweigh the risk -- Laporte: Right. Mitnick: Plus, nowadays, with the low cost of computing technology, you can basically -- Laporte: Why bother? Mitnick: Exactly, why bother? You can set up your own system... Laporte: Right. Mitnick: ...and have fun. See, my, my thing was all about the exploration. The exploration, the knowledge, you know, the challenge of certain -- Laporte: That's what real hacking is really all about -- is exploring... Mitnick: That's what it really was for me, was about the exploration -- Laporte: Yeah... right. Mitnick: It wasn't about, you know, stealing, or crashing computer systems or sending viruses, it was all about -- and being, kinda being sneaky -- the thrill of being somewhere where you shouldn't. I was a... Laporte: But you started doing -- Mitnick: ...prankster. Laporte: ...this at a young age, I mean -- Mitnick: About seventeen was when I got involved in computers. I was, really started out in a hobby called phone phreaking. Laporte: Right. Mitnick: Which was exploiting the telephone network, and when telephone... when the phone company switches being computerized, well I wanted to learn about computers so I could control them. Laporte: Were you the kind of kid in class who was always pulling pranks and that kind of thing? Was that what you did? Mitnick: Well, I used to play cat and mouse with the teacher, and try to outsmart the teacher. You know, that's how I really started in hacking, trying to get the teacher's password, because the teacher would keep it a secret, even though he would log us into his personal account to use this little computer. Laporte: So you had access to the account -- Mitnick: Yeah. Laporte: He just didn't want you to know how to do it. Mitnick: Yeah, it was like, it didn't make sense to us, so it wasn't fun. Laporte: Did you get the password. Mitnick: Oh yeah. Many ways. Many times. (Both laugh) Laporte: You also told me that, uh, that the teacher at one point, because you were logging into the USC system, locked the phone... Mitnick: Yeah, he bought one of these, you know, locks with a dial phone that you could lock the phone... Laporte: Right. Mitnick: ...and he was really braggadocios in front of class, and says, 'Well, I found the one thing that's going to stop Kevin.' And he put it on the phone and I proceeded to show him how you can pulse out a number with the switch on, and dial anywhere in the world. And he was so upset, he took the phone, ripped it out of the wall and threw it across the room. So much no sense of humor, what can I say? Laporte: (laughs) This -- None of these things deterred you, you continued on and uh... Mitnick: I must say, I must say, I pushed the envelope. Laporte: You're now older and wiser. Mitnick: Much. Laporte: (laughs) When you were in prison, of course, there was a big Free Kevin movement. People were stenciling the name everywhere -- were you aware of that? Mitnick: Oh yeah. Laporte: Right. Mitnick: It was all about, because... I believe the people that were really part of this grass-roots movement really believed I was the government's whipping boy. And yet, honestly, I did do some wrong things by trespassing into computer systems and I deserved to be punished for that, but it really went overboard with my case. I was, you know, really made the example, for a number of reasons. Laporte: Is that kind of thing still going on, in your opinion? Mitnick: Um... I think less so. I, um... Laporte: There's less fear now. We're, they're a little smarter now. Mitnick: Yeah, I think people have become have become much more knowledgeable about computer systems... Laporte: Yeah. Mitnick: ...and what the real threats are. I think, you know, where the real problem is, is like people who, like, write viruses and destructive type things, like Code Red, and uh... Laporte: Let's take a little break and talk about that. Now I know you've been out of touch for a while, but -- Mitnick: I keep up with technology. Laporte: You do keep up? Mitnick: Yes. Laporte: Let's take a break, come back, and talk a little about the current issues that are going on: viruses, worms, and continued hacking, and maybe just some advice for people, and some advice for kids who want to get into hacking... Mitnick: OK. Laporte: ...and a way to do it responsibly. Because every kid, everybody has that urge to explore... Mitnick: Yeah, it's the curiosity... Laporte: Yeah. Mitnick: ...and inquisitive nature. But there's a way to do it without going to jail. Laporte: That's what we want to find out. All right? Mitnick: OK. (Break) Page 4 -->Laporte: We're talking right now with Kevin Mitnick who at some point was public enemy number 1 - had the entire federal law enforcement, you know, the machinery aimed at you, got caught. Did how many years you said? 4? Mitnick: 5 years Laporte: 5 years in prison, and is out on a supervised release and he cant touch any computers. Cant touch any technology. Mitnick: No technology. Laporte: But you do keep up with this stuff… and by the way, we should mention that the Free Kevin.comis still up, the website -- Mitnick: Yes, absolutely. I do a talk radio show -- Laporte: Yeah, you're on KFI. Mitnick: KFI, yeah. Laporte: Tell me about that. Mitnick: Well, I do a show called Dark Side of the Internet. It's on - Laporte: In the middle of the night practically! Mitnick: Well yeah. Unfortunately it's on between 5 and 7 in the morning... But we do get a lot of listeners and we cover all the different aspects of the darker the darkest corners of the Internet. Laporte: What fun for you. How did you get involves in this? Mitnick: Well, actually, I did an interviews on Bill Handle's show, he's a pretty well known talk show host, and the program director liked it so much that he wanted to try me out as a host. Laporte: That's wonderful. Mitnick: And I wasn't even expecting it. Laporte: What fun. Mitnick: Yeah, it's great. Laporte: And the Feds don't care that you are doing that? Mitnick: Well, they've had to have meetings with KFI to get tapes of the show… And every show I do, they listen to it… And if talk about something that the FBI doesn't like, they call my probation officer so then I hear about it. Laporte: WOW... So what are the dark corners of the Internet? Mitnick: Oh... Well, for instance, I covered spyware this week. About, you know, eBlaster and sertain ways that people like spouses, parents, kids, teachers can place software on computers and log keystrokes. Laporte: In many ways, there seems like there's more of a grip to privacy in corporations than there is from individuals. Mitnick: Exactly. 30% of the corporations these days monitor what their employees do on voicemail, E-mail, on their computers, and this is what the product was really made for. But now, where I think they are getting most of their sales is, you know, spouses spying on each other to see if they're cheating -- Laporte: Yeah. It's very common. Mitnick: So we talked about that. We actually had someone develop a program that if somebody has put eBlaster on your computer, it will detect it. It'll tell you the hot key sequence, the password… so you can find out who was spying on you. So those are the things we try to do on the Dark Side of the Internet is give people those tools. Laporte: KFI is in Los Angeles... Mitnick: Right. Laporte: ...So people that are in the south -- Mitnick: They actually... it actually gets across 14 states because its in the morning. Laporte: Yeah. Mitnick: EARLY in the morning. Laporte: (laughs) You do it live? Mitnick: We do it live, yeah. Laporte: Oh man... they buried you. 5 to 7am Sunday morning. Mitnick: Yeah, but I like it. It's worth it. Laporte: It's where the Dark Side of the Internet belongs, absolutely. What about… I think a lot of people who are not computer literate, or less computer literate, are very… there's all this fear anyway of just even touching a machine. But there are now a lot of the security companies, the virus companies, and the media, and us too playing on peoples fear of -- Mitnick: Fear, uncertainty and death. Laporte: Yeah... of what can happen to you on the Internet. And I'm often telling my mom, just don't open any attachments, run an anti virus, be prudent, but its that bad. How much should we be afraid? Mitnick: Well, you know… For instance my dad. He used to Dial-Up to the Internet on Earth Link.. Laporte: Just like my mom does. Mitnick: ...Right. And he put ZoneAlarm on his computer and he was getting hit, scanned, every 30 minutes… Laporte: Right, right. Mitnick: ...And he was on Dial-Up. Can you imagine if he had always on connection like DSL or Cable. So there's definitely a thread of people out there looking for vulnerabilities to exploit on your computer to launch other attacks. So to use your computer to launch like a Denial of Service attack and put software on computers that attack other computers like the Code Red Worm. Laporte: Did you tell your dad to run ZoneAlarm? Mitnick: Yes. Laporte: You did. Mitnick: Yes I did, absolutely. So I mean, you know… a lot of people put anti virus software on the computer but they keep the virus definition out of date, which is a mistake. So anti virus software, a personal Firewall like ZoneAlarm, ZoneAlarm is good, and if you're running like NT or 2000, turning off the services you don't need. Those types of things could minimize the risk. But there's no way to eliminate them. Laporte: What's motivating these kids who are Script Kiddies writing viruses. What is motivating them? Mitnick: I don't know. I don't see the challenge of being a script kiddy cause you're just taking a program that someone else wrote to break into a computer. I think that they're in to it to see their hack played out by the media… Like the DoS attacks that happened a while back... Laporte: Perfect example... Mitnick: ...Back in February 2000. Laporte: ...Which was really easy and anybody could have done that… Now Code Red was pretty sophisticated. Mitnick: It was. Laporte: That's a well-written piece of code. Mitnick: Yeah. Laporte: Yeah. Impressive piece of code. Now, what's motivating that guy? Mitnick: Probably to see how far it can go, having the machines compromised. Now why he attacked the White House was interesting. But about the second… the second version of Code Red, which probably is written by somebody else from what I understand, was what placed Code Red back doors so the person would be able to get access to that computer. I can understand that logic. But the logic of attacking the White House... Why? Laporte: Yeah. What would you say to a kid now? I mean, I think all kids, especially for the computer literate. They're smart, they love computers… this is a temptation. I mean, we're curious. We wanna play with this stuff. We wanna explore. We wanna brake into the teachers' computer. What would you say to a kid today in that situation? Mitnick: Well, I've been there. I've done that. But back in my days computers were too expensive and I came from a family that wasn't rich. So I had to explore in other computers. You know, it was thrilling for me dealing with the Phone Company and stuff. But now a days, technology is so cheap that you can set up your own Linux box for practically nothing -- Laporte: Hack yourself. You're saying to hack yourself. Mitnick: Hack yourself you know. Or set up systems with your friends and try to hack each others computer and things like that rather than -- Laporte: But it's not as fun. If you get into the Department of Defense, you're in there, that's pretty exiting. Mitnick: That's true. But then again, you have to look at the risks you know. You go to jail, you get a felony, you get a record. You wanna go work for Microsoft one day or something like that… it could really have an affect on your career. Laporte: Now, I know you're gonna be a good boy and say it was a bad thing, I shouldn't have done it. But just between us kids, honestly. (both laugh) Mitnick: Just between us, just between us. Laporte: It's ah… It must have been fun. I mean, it must have been interesting. Mitnick: Of course. That's why I did it. Laporte: If you hadn't gotten caught, would you have any regrets? Mitnick: If I hadn't gotten caught? Laporte: If you didn't. Obviously you regret it. You had, you know, 8 months solitary. 5 years in jail. Mitnick: Probably over time. But at the time when I was arrested, you know… If I didn't get caught I probably would have still kept doing that. Laporte: Would you still be doing that? Mitnick: Well, I don't know how long it would have lasted. It's kind of as I grew older and mature more -- Laporte: You tend to grow out of it. Mitnick: You tend to grow out of it. So… at the time, I wouldn't have grown out of it. I was really into it. Laporte: Yeah. It's almost addictive, isn't it? Mitnick: Yeah, I would say that. Laporte: I talked to Kevin Poulsen who got caught. Got off! Was lucky to get off because he was under 18. Now any smart person would say, O.K, I got my hands slapped. He went back into it. Mitnick: I kept going back into it. I couldn't stop. It was the same thing for me because I had such passion for it and such an interest that I justified myself. I'm not hurting anyone. I'm not damaging computer systems. I'm not erasing any data. I'm not selling the software. I'm not using it in fact. It's just a trophy. Like a trophy for hitting a homerun. Laporte: We need to find an arena. We need to make an arena for people to hack, to have fun. To do this where there is a challenge, there's a threat, there's a thrill -- Mitnick: But how do you do it? Because the whole thrill is the thrill of being somewhere were you shouldn't be. Laporte: Right. Maybe we should setup a server here that people can hack. Mitnick: There you go. Hack techtv.com Laporte: (laughs) When do you get out? In 2003 you get out. Mitnick: January 2003 supervised release is over and I'm free to go. Laporte: What are you going to do? What is the first piece of technology that you are going to buy? Mitnick: I'm gonna go buy the fastest laptop available. Laporte: (laughs) That's great. I wish you all the best. Mitnick: Hey, it's been a pleasure being here. Laporte: It's been really great having you on. Kevin Mitnick, he's "free", but he's still not quite free yet. -CryptoKnight- 12. CROSSTALK I am curious as to how and D4sh do the radio show.... Is the show is pre-recorded ? If not then how do you get D4sh's voice amplified on the air... I only ask this because I am thinking on opening a radio show of my own to interview people... [Anonymous User] REPLY> Never fails to amaze us how people don't see how simply the show is made. We're able to get Dash on the show by using nothing more than a speaker phone. The show was pre-recorded when it first came on the air, but now it's live every Thursday at 10pm. If we're lucky enough to have a show record, then it will loop on the station for the remainder of the week. If you're planning on beginning your own show, check out the article I wrote in Freq12 for some general pointers on how to get one going. And of course, best of luck to you. I like your ezine, but I want to see more about hacking and less about politics. [Shanghai] REPLY> While we agree that this is a hacker ezine, we must stress that ever since issue one we've been dedicated to expressing all opinions of people in the hacker world. While we would love to have nothing but fun, computer related articles, there is much more going on out there that hackers need to voice their opinions about. While other ezines focus primarily on information, our goal has always been to give people a place to speak their mind. Balancing each issue is a difficult job, so in the end we print the articles that people submit and figure that if they don't like it, they won't write it. If you want to see something, send it in! Maybe after your article goes to print others will follow in your footsteps. All in all, our goal is to provide an enjoyable read each and every month, something that most ezines only do once or twice a year. Hello, I've been listening for the past 3 or 4 weeks and I really enjoy it. I found the article about the 'wake-up call' to be quite interesting. I didn't get to hear all of it, so I was wondering if you could find the time with your busy schedule if you could perhaps write an email back explaining how to do that? If you can't, I understand. Keep up the good work! [Arachian] REPLY> I'm assuming you're referring to the article in 2600 I keep referring to where I talked about how the service known as Tell Me can be used to send yourself (or others) a wake up call. In short, you can dial 1-800-555-8355 (TELL) and set up a wake up call for your house. It's also possible to abuse this service by calling through a payphone using an operator or 10-10-288-0, and with this you can make a great deal of payphones ring at the same time. See 2600 18:2 for the full story, and read the excellent article right before mine called "The New AT&T Network" for details on the new way of completing calls. 13. CLOSING ARGUMENTS September, 2001 only three months away from the new year, and still hackers are seen as threats in the proverbial "big picture." But is this concept really that absurd, considering many people have no problem with accepting things as they are? We can safely say that hackers do not accept things, and that is why they're always looking to improve whatever they discover. First by breaking it down to its basic elements and then by rebuilding it into something ten times more secure. The majority of people however, do not play along in this game of outwitting the system. To them, hackers are a menace to the very stability of an already unstable universe, the plane of reality many refer to as cyberspace. While these people go about reading their email and sending their instant messages, they fear the possibility that someone knows how it all works and has the ability to do virtually whatever they like. Much to our misfortune, these fears are typically exaggerated by television and motion pictures which aim to show that anything is possible with a computer. And to those that don't know what's really going on, this is a very frightening concept. Thus, hackers are seen as the enemy. They're viewed as outcasts who should be using their skills for "constructive purposes," rather than their own entertainment. And of course, we all know those "constructive purposes" consist of working for Microsoft and helping some already big enough corporation think up new ways of stealing from consumers. The man on the right in this month's cover says it all, consumers have no rights (thanks to the site where the picture was found, it's url can be found below). And as long as these corporations continue to have their way, hackers will always be seen as a threat. Whether it's Mr. Blue-Hair-I'm-A-Hacker on MTV or shows like "Level 9," hackers will always been portrayed as the enemy. Even with more well intentioned portrayals, as seen in last month's "Hackers: Computer Outlaws" on The Learning Channel (although they were harsh on modern day hackers, insinuating they're all virus writers or just pathetic know-nothing's nowadays), hackers may never be considered productive members of society unless, of course, they put their talents for more "constructive purposes." So here we are, right back where we started from. Regardless of how many times I alert a friend to the fact that she has NetBus on ports 12345 and 12346 she still insists that hackers aren't her friends. After all, to her hackers are the ones that put that program there and it was just a kind friend that helped remove it (contrary to popular belief I didn't help her for any "favors" DASH!) What can we do to let people know that not ALL hackers are terrible people looking to do bad things? Perhaps the answer is a simple one do more good. Hackers may not cause harm, but their secretive nature certainly hinders the process of acceptance. Show your friends your discoveries, let them see that you don't use them for financial gain (unless your friend is the type of person who will call the cops for whatever reason). If a friend needs help with a computer, let them know you call yourself a hacker and help them out. These are just small examples of what you can do, but if everyone did it then everyone who hated hackers would suddenly have at least one reason to like them. Maybe then, with a little luck (and issue 13 is the one for luck!) people won't buy into all the garbage that gets spewed out on television. The most important thing to remember about this is that we need to do our part. One person won't make a big difference, but together we can start a revolution. -screamer 14. CREW Screamer Chaotix - Editor in Chief Dash Interrupt - Webmaster Da Peng - Network Administrator DamienAK - Writer The Blue Giant - Writer Contributing Writers: Lethal, Nutrition Facts, PhrenzyBlade, JayX, Rex, CryptoKnight Cover Layout/Design: http://two-bit.ufo.chicago.il.us/~pictures/ Shout Outs: Aaliyah, the workers against Verizon, id Software, SNET/SWBell for hiring us to test their networks before we do it ourselves (uh huh), Jonathan Littman, Steven Levy, Unreal, Curtis Walker, Vincent Rygar, Bob and Chad Entertainment, and lots of love to Buzzy. Send article/cover submissions to articles@hackermind.net along with the name you wish to be recognized by as well as a title for your work. Tune in to Hackermind, Thursday's at 10PM Eastern, by opening location 166.90.148.114:9474 with Winamp or Real Player. "You have to update your hoot card." -Hoot cards were made for burnin' folks. "Good afternoon sir, will that be all?" "Yes, that's all." "Alright sir, last name please?" "Oh I don't give that out." -Radio Shack employees, right after you cut back their bonus and right before they throw you your bag and forget to wish you a nice day. "AAAAAAAAH!!!" -The reaction people will have to the live video broadcast of both Screamer and Dash on the July 11th, 2001 episode of Hackermind. -----BEGIN PGP MESSAGE----- Version: PGPfreeware 7.0.3 for non-commercial use qANQR1DBwU4DS/kZLGKJ4ygQCACnxDf7aEju9BI19TD81sjtgWbW0BP90qbQyQ7v yZP9gfJHCC+PPlHb0nxDiXSm3AGgnBGx898yPIHID4sYVnj7Rw+y/CiSDlIq49hS strCT2+jZ/ZlxCGq2OZH/MP/UbFMQz7i2+t793Z8ZS5S6WhnXzR4q46hVPxOGxkH 4txsrwVl/ai4s/ijl93jsgM992Me59nsj1zvg43gvVrjBnjk2prb/qtda4nVEEcN DlTbC7FdQ4EFdqM4X+lM+HweP6cy2Es0eqPW4OGBuMvH0wiHl32gNfujgUGCcseX p7EFz/+FguGMvxhgRwalWHPfPBrbSO7/jHmQ3IoduupE1iiICACIeJMSjfJChq/7 fTUPL2hUvFLeZEOZmOhqZX9hklkmM/67eVwjsOoMhZVivNSl0DynKThZdMYPOtzc hCrnt4SzKE7lTfQV449V7Sx+ASG25MISyg7BsBbiS9HkkMSzmnQmSxG9KIi/S4Jo kFuj23QoRKLBYLAe01eAYOoxaesudiomgcuHTtvQasJYKx6KYyXF0M1DhKqMP/uB q23vfG8u96qv884CYVBNKrsxppBwraOKaogVyuAwTCfq+G7HHaz2Skl9RG913cKJ m24+KXry7fayTooCw76SrH2qHWavUfwu7icSebvRCVuWzYN0wdj4hVHKGLdLYybZ CAtgk0XNyT8bfp25zGcvJ0XJPv0y4wtBgSXEvnDLllNfAzQifY+xKoBO9CssQGdJ p5IM+ujvo0Wl9iC7n5It43LcZhW/IZA= =kkI0 -----END PGP MESSAGE----- WWW.HACKERMIND.NET