FREQUENCY: Inside the Hacker Mind January 2K2 Freq17 COVER - http://www15.brinkster.com/screamerchaotix/Freq17.jpg HAPPY NEW YEAR!!! ~--[GET UR FREQ ON]--~ 1. Introduction "Reality" 2. The Realities of Website Hacking 3. Cyberback and UCA 4. Why the Public Hates Hackers 5. Pushing the Limit 6. Review - "Takedown" 7. Closing Arguments 8. Crosstalk 9. Crew 1. INTRODUCTION "REALITY" Well I hate to say it, but this introduction was originally titled "Hope." Unfortunately, due to several recent events I decided it would be foolish to create such an optimistic opening without a nod to the harshness of the world around us. On a lighter note, not all is lost. There has been some good news, or perhaps that's an understatement. Dmitry Sklyarov, the Russian programmer held in the US for violating the DMCA is finally going home to his family. The only condition of his release is that he testify against his employers, however his lawyers claim his doing so would in no way change the testimony he already had planned. With a little luck, Dmitry will be back in Russia in time for the new year (as of this writing it's mid-December), with all charges against him dropped. This good news comes with a dark side though, one that will live until something is done about the DMCA. While it's wonderful he's finally going home, it never should have happened in the first place. Before we celebrate his freedom and applaud a fair justice system, let us not forget the hell he needlessly endured. Let us always remember how he did nothing more than write a program in another country. And most of all, let everyone know that this type of cruelty must not be tolerated. But what can be done? We seem to find ourselves backed into the same corner time and time again, angry at the injustices of the world but unable to do anything about them. As we've said before, the best thing to do is speak…speak your mind louder than you've ever spoken it before. Shout out loud to anyone that will listen that these things are wrong, no matter how much the law enforcement agencies want you to believe that rights must be surrendered to cut down on crime, it's vital that you take a stand. And of course, speaking of rights being lost, there's been some major developments in the "Magic Lantern" project created by the FBI. For those of you out of the loop, Magic Lantern is a Trojan which the FBI hopes to use on supposed terrorists to monitor their home PCs. And now the bad news, famed hacker group Cult of the Dead Cow is creating the program! Stating they feel the need to stand up for their country in its time of need the group of programmers has set out to help the FBI spy on terrorists better by creating "the most stealth Trojan available." There have been many opinions on this matter, and obviously many flames of anger from hackers. I don't claim that supporting your country, or even fighting for it, is a bad idea…but there is a line between helping the government and doing it's dirty work for them. The cDc unknowingly (if you give them the benefit of the doubt) are only helping to further the loss of privacy in the ever changing electronic world. They argue that the FBI has a strict policy when it comes to monitoring people, and that they follow it to the letter…but one has to wonder, what exactly would a Trojan in a computer let the FBI do? Or more appropriately, what couldn't they do? Would anything and everything that person does on their machine be logged? Would all files be seen? Would all emails be read? For anyone who's ever played with a Trojan you know what they're capable of, and you know they go way beyond a mere wiretap. What's worse, the people of the cDc are making it, and not for the average person to play with…but for a government power looking to stop terrorists. Now stopping people that kill thousands is all right by me, but guys…in their eyes, YOU are the terrorists. You know, it's funny how often I change around the topic of the introduction. One day I'll be feeling great about everything, and the next something happens to change it all around. Of course, I've always said change is a good thing, but sometimes it's best if it never comes about. Such is the case with this very publication. For well over a year we've been bringing you Frequency each and every month, and that's the way we want it to stay. Unfortunately, for whatever reason, we seem to be going the way of many ezines before us…the articles are starting to dwindle. Maybe it's because people are intimidated of writing, maybe people are losing interest, or maybe new ideas are running dry…whatever the reason, a change may be in the works. Keep in mind we're very set in our ways, and releasing Frequency once a month is what we want to do…but without you, that's not possible. Now before we sound ungrateful, we would like to thank everyone who has ever contributed to this ezine. You've helped keep it alive, and for that we are eternally grateful. But now it's up to you, should this ezine remain a monthly publication? Or, would you prefer it come out whenever it's ready? Personally I've never been a fan of waiting six months for a new issue, so please help us out by contributing whatever you can. Alright, that's enough reality for now, feel free to relax in your cozy little dream world and enjoy the seventeenth issue of Frequency: Inside the Hacker Mind. -screamer 2. THE REALITIES OF WEBSITE HACKING: by JayX It occurred to me not long ago that not many people have a lot of time on their hands, especially to bother with such trivial matters as tracking someone down. Consider this, how many times have you gone looking for that kid that egged your house? How many times have you chased down someone who threw toilet paper on your lawn? And how many times have businesses dropped everything and dedicated three years to pursuing someone who spray painted graffiti on the side of the building? I think you get my point, now I would like to ask the obvious question…who has time to go after website hackers? The only time I see this happening is if the hacker does damage, or if the site happens to belong to a powerful organization that can't afford to be made fools of, but what about average people? Suppose a friend of yours puts up a website, and out of nothing but good humor you decide to change it around. You get access to the site, which is probably through an easily guessed password, and create a new index.html file just for a laugh, no harm done. Do you really believe your friend would go after the culprit? Think of this logically. First he would have to contact his file host and claim that someone hacked into his account. This file host will probably tell him to use a stronger password and nothing more, why should they care? No one "hacked" them, only one account that someone foolishly left open to imposters. The host simply won't care enough to pursue it any further, unless your friend put in the effort of threatening to sue unless they went after the culprit. Then you may see the file host checking their logs to see who logged in from an entirely different location and notify the user of who logged in, but as far as actually bothering to find out who it is in on their own, they'll most likely give the user nothing more than an IP or perhaps the ISP name. Great, big help there huh? The point of all this is, what average person is really going to bother tracking you down if you hack their site? If your name isn't Microsoft or Time Warner, it's pretty doubtful the feds will help you. Let's now assume that we're not dealing with just your friend anymore, now we're dealing with someone else's site…let's say a site of an adult nature. If you gain access into their machine because their FTP port allowed anonymous logins you could change the site around at your leisure. Alright, so you've changed it…hope you feel big and important…now what happens? Sure enough the webmaster will notice the change and be quite red in the face, and no doubt furious beyond comprehension. You came along and turned his bullshit-anything-to-get-five-million-pop-ups-on-your-screen site into your bitch, making it say how shitty all of his sponsors really are. Only he doesn't have a file host, he's running this on his own Linux machine using Apache 1.3.19. If he's any kind of admin at all he'll know how to check the logs and see who connected, who tried for root, and where they connected from etc etc. Alright, so there it is…the IP address of the attacker. Wait, what's this? That IP leads to some router…aw damn, the attacker telnetted to your FTP port through about five thousand different routers. Now the admin has several choices. He could either give up, pursue you himself, or call the authorities. Giving up isn't likely, and pursuing you requires him to contact the owners of all the routers and begging them for the IP that connected to their machine until finally arriving back at your starting location, but that's far too time consuming. The logical step for anyone who uses their site as a "business" (if you want to consider making false promises about "the youngest girls on the net" and giving people nothing but pop ups a business) is to get in touch with the authorities and make up some bullshit about how you believe your customer's information could have been compromised, this usually gets the feds moving. Nothing better than tracking down one of those damn hackers! So now you have the feds looking for you…or do you? It was a one time thing, and any computer professional will be able to see that no private information was compromised. Plus, the authorities realize they'll be the ones that have to track you back through a few thousand routers, and even then they may find that you used a public terminal to do your deed…then what? Get the surveillance tapes and watch until someone open's a telnet window? Ok, about seventeen people did that…which one is the culprit? If this all sounds like a bit much, I think you get my point. Tracking down someone who did nothing but alter a site is a ridiculous pursuit, as long as the hacker had half a brain and did it right. By "doing it right" I mean they didn't scan the thing and then enter it all on the same IP (can you say dumb?) and they were sure to use a public terminal and tons of wingates. This doesn't only apply to websites though, virtually 95% of the pranks you pull online aren't worth sweating over. Send a fake email message to someone claiming to be a person you're not, and they won't bother to trace back the IP (in most cases). Change someone's email password, the feds won't care. Reroute someone's data flow, who's going to go looking for you? Then again, please remember that these things, while admittedly nothing more than harmless pranks, can be quite an annoyance and are extremely childish. We all know jokes can be a lot of fun, but think before you act. And now, I'll conclude this article with a warning, and I ask that you take it very seriously for your own sake. The article you have just read (or glanced through looking for the "how-to's") is only intended to give you something to think about. I am in NO WAY implying that no one will ever come looking for you, so please be aware of that. This article is not intended to give you a sense of security, only a better understanding of just how insane the process of tracking a prankster down really is. I don't want to see any of you in jail for changing around a site, so please keep these things in mind. I don't condemn these behaviors, but I can't condone behavior that will land a 15 year old in jail for the remainder of his teen years. 3. CYBERBACK AND UCA: By Screamer Chaotix and Dash Interrupt Port scanning is not a crime, yet you wouldn't think that. Recently, the co-host of Hackermind and webmaster of Hackermind.net was banned from his ISP for, yes that's right, port scanning. Apparently uca.edu, a local college in Dash's area, didn't like his port scans and notified his ISP, Cyberback (www.cyberback.com) who immediately banned him. Being the journalist that I am, I decided to send a nice little email to Cyberback…and I think you'll agree that it's quite legitimate. Of course, for my own privacy (and dare I say protection) I used an alias, which is perfectly legal. I also made comments about receiving dozens of complaints about this, which is a slight twist of truth or at most a white lie. I have heard of these things happening numerous times, and I'm quite certain that they've done this more than once…bottom line, it doesn't affect the legitimacy of the inquiry, but decide for yourself. What follows was the original letter I sent to them. From: Curtis Walker [mailto:frequency@linuxmail.org] Sent: Monday, December 10, 2001 6:05 PM To: info@cyberback.com Subject: Questions Importance: High Cyberback, My name is Curtis Walker, I'm an freelance writer for the publication entitled "Frequency." We're a magazine focused on the online world, technology, and how it affects the average user. Currently we're working on a story regarding individual rights online, and violations of those rights. We've received dozens of letters from our readers informing us that your company has been banning users from their accounts due to complaints of "port scanning." This grabbed our attention as port scanning is not illegal, and the cancellation of an account due to such accusations hurts the user who did nothing more than look around. I would be most appreciative for your side of the story, and as I could find no specific email for such a request, I felt this was the best choice. Any information regarding why people get banned for port scanning and/or how you justify this would be most appreciated. As well as any other comments you may have. Thank you. Curtis Walker Frequency Magazine HM Productions frequency@linuxmail.org And here is the letter we received back, which came from the "Cyberback Abuse Dept." Also, we actually received two emails, one from the "Abuse Dept." and one from a man calling himself "Del Hines," both replies were identical however. My comments immediately follow the letter. Mr. Walker, Please forgive my skepticism, but I'm having trouble validating the existence of your publication. An URL or phone number in your signature would be helpful. Free-mail from linuxmail.org doesn't help the validation process either. A web search for Frequency Magazine and HM Productions turned up zero as well as a search through the Library of Congress Online. As my schedule is very busy, you'll understand my reasoning for declination to respond to your inquiries. Keep in mind, too, if my suspicions are correct, you may be violating Section 10(c) of the linuxmail.org terms of service stating you agree to not use the Services to: "impersonate any person or entity, including, but not limited to, linuxmail.org official, forum leader, guide or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;". However, if my suspicions are incorrect, please accept my apologies. Cyberback If ever you needed proof that people in the world of big business are dirty rotten scoundrels take a look at that. Not only does he decline my questions, he goes so far as to accuse me of fraud! It doesn't stop there, he makes sure to point out that I may be in violation of linuxmail's terms of service policy and prints it out for me…oh how kind. I think if you're reading this right now you can see that I am in fact a journalist, although my magazine doesn't appear in any Library of Congress…but does that make it any less genuine? I certainly hope not…. Dash pointed out to me that this man probably thought I was just another person who was banned for port scanning, but even so, is this the kind of reply you get? Most people decline interviews by not replying, which is generally understood as being the gentlemen's way of saying no thank you without having to create an uncomfortable situation. But no, Cyberback had to go that extra mile. This hasn't only happened to Dash however, that should be obvious. It happens all the time, and like everything else must be stopped. If you agree with us that this is a terrible reason to ban someone from an ISP we ask that you please take the time to email info@cyberback.com and let them know how you feel. Tell them you'll spread the word about them, taking it to the newspapers if you have to. But don't stop there, universities such as UCA need to be made aware of this as well. They can be found at uca.edu, so feel free to let them know what you think about their policies. As I sit here now, I'm beginning to think about those crazy possibilities that hackers love to create. One of the wildest being what would happen to an ISP if all their customers port scanned…or at least had port scan reports called in. Imagine getting all the IP's used by Cyberback customers and finding out what time they're online. All you'd have to do is slowly, but surely, notify Cyberback (perhaps with some friends) that you're being port scanned. Would they eliminate all their customers? Or perhaps finally realize that scanning ports is the equivalent of looking at windows on a house…you don't get blinded for doing it. And for those of you who are curious, here's what a port scan of uca.edu brings back: Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ ) Interesting ports on www.uca.edu (161.31.148.14): (The 1052 ports scanned but not shown below are in state: closed) Port State Service 1/tcp filtered tcpmux 2/tcp filtered compressnet 3/tcp filtered compressnet 5/tcp filtered rje 7/tcp filtered echo 9/tcp filtered discard 11/tcp filtered systat 13/tcp filtered daytime 15/tcp filtered netstat 17/tcp filtered qotd 18/tcp filtered msp 19/tcp filtered chargen 21/tcp filtered ftp 23/tcp filtered telnet 25/tcp filtered smtp 53/tcp filtered domain 79/tcp filtered finger 80/tcp open http 110/tcp filtered pop-3 111/tcp filtered sunrpc 135/tcp filtered loc-srv 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 161/tcp filtered snmp 162/tcp filtered snmptrap 443/tcp open https 445/tcp filtered microsoft-ds 512/tcp filtered exec 513/tcp filtered login 514/tcp filtered shell 515/tcp filtered printer 543/tcp filtered klogin 1025/tcp open listen 1032/tcp open iad3 1433/tcp open ms-sql-s 5800/tcp open vnc 5900/tcp open vnc 6666/tcp open irc-serv 7007/tcp open afs3-bos 12346/tcp filtered NetBus Remote OS guesses: Windows Me or Windows 2000 RC1 through final release, Windows Millenium Edition v4.90.3000 Nmap run completed -- 1 IP address (1 host up) scanned in 44 seconds Folks, whatever you see in that port scan…we didn't put it there. We're only here to show you what they don't want you to see, and maybe you understand what they're so afraid of. But who's fault is it that they connect to a worldwide network with security that would make a five year old laugh? Is it Dash's, for looking at them…or is it theirs, for leaving the door open? The answer is up to you. 4. WHY THE PUBLIC HATES HACKERS: by Naz Abbas the article says .. why hackers aren't accepted by public .. hi, what does a real hacker do ? he gets into systems then he learns .. Improve the system and doesn't break it down... but you , as a real hacker , do you expect the other part of the cyberspace to accept you with wide arms into his system ?? so you can take a look at it ? .. HELL NO .. the reasons are .. {one} .. he - the owner , manager etc .- spent a lot of money on the system to built it .. {two} .. as a human being .. we all love our things .. so he won't let you play or even take a look at his system without knowing for sure that you won't break it ... and that is impossible ... i will explain the second reason with a childish example .. you bought a new toy with all of your month's savings ... let's say the toy is a watch ... you will naturally love this watch .. and all of a sudden you see your friend -hacker- opening the back of the watch and messing around with the mechanical parts of the watch ?!?! and when you prevent him he says that he is improving or learning how does it work ... what are you going to do ? stay back and watch ? HELL NO .. you will start yelling and screaming at your friend ..etc.. this example is what happens in the cyberspace for hackers related problems ... i will quote what was said once and written in a famous book " the underground " by Suelette Dreyfus with research by Julian Assange ... in chapter one .. in the last parts of the chapter .. " By McMahon's estimate, the WANK worm had incurred up to half a million dollars in costs. Most of these were through people wasting time and resources chasing the worm instead of doing their normal jobs. The worm was, in his view, a crime of theft. `People's time and resources had been wasted,' he said. `The theft was not the result of the accident. This was someone who deliberately went out to make a mess. `In general, I support prosecuting people who think breaking into machines is fun. People like that don't seem to understand what kind of side effects that kind of fooling around has. They think that breaking into a machine and not touching anything doesn't do anything. That is not true. You end up wasting people's time. People are dragged into the office at strange hours. Reports have to be written. A lot of yelling and screaming occurs. You have to deal with law enforcement. These are all side effects of someone going for a joy ride in someone else's system, even if they don't do any damage. Someone has to pay the price.' " I give full credit to the author of the book "the underground" about these two paragraphs ... i didn't use them for my own profit .. i used them for a non-profit thing .. just to say my opinion .. 5. PUSHING THE LIMIT: by Sad is Tic Knowing when to say no, having the strength to not cross the line, and being able to admit when enough truly is enough. These are things that all people must practice in order to uphold not only personal values, but also the rules of the world. The same standards apply to hackers, and that's what I wanted to talk about this month. Alright, first off let me explain why I'm going to talk about this so you don't fall asleep. Within the past week or two I've found some things of interest, holes if you will. Holes that can allow a person to do all sorts of things, perhaps even mischievous activities. Many of those "corporate" types would argue that by simply finding these things I've done something terribly wrong. Hackers, on the other hand, may say that I should've gone further and learned even more. But in the end, it's all a matter of knowing when to call it quits, and with that, I will begin. A friend of mine once told me that the only "true" hack was the one where you went all the way. Simply finding a security hole was not enough, in fact, figuring out how to exploit it wasn't even enough. According to him, if you didn't try an exploit, if you didn't see what could be done inside, then you never really hacked anything. This isn't to say that you didn't learn anything, or didn't have fun in the process…it only implies that a real hack is one that is completed. I'm certain some readers are throwing this down in disgust, arguing that this makes them out to be "not really hackers" because they're not intelligent enough to make an exploit, but I'm not here to argue that. Instead, I'm using it to ask the question, how far is too far? Let's use a simple example, one that's been discussed in this very ezine for the past few issues. An open router. A router that anyone can walk right into, one that any person with a telnet program can enter and edit. If you find yourself scanning a network, you may come across one of those pitiful individuals who enjoys keeping their router wide open, with no administration pass whatsoever. The question is, what do you do? Marvel in the fact that you found one, and that you have the ability to do all sorts of crazy stuff with this free machine? Or do you actually try something? Do you redirect traffic, change the configuration file, or do some other experiment just to see what will happen? I don't know about you, but there's just something about redirecting router traffic to a new location that makes my mouth water…I would only do it for a second, just to see what happens, just for fun…. But wait, these are cruel times we're living in. People are getting arrested for all sorts of things, and that's where we need to exercise self control. The question is, is it worth it? After all, being a hacker is about trying things…what good is it to see the door, but not go through it? Going through the door in the example I just gave would entail changing the router's information around so that it did what "you" wanted it to do. Unfortunately, by doing so, anyone could imply (especially the router's owner) that you were trying to steal from them. Or worse yet, you WERE stealing from them by moving their traffic. Other possible implications include: you caused damage, you could have caused damage, you were trespassing, your actions were terroristic in nature, or any other number of accusations. No kid playing with computers deserves to be sentenced to five years in prison for something that is nothing more than a prank (hell, even pranks are meant to cause damage…this is just curiosity not meant to harm anyone), and yet it can, does, and will happen. To my knowledge, most hackers aren't interested in going to prison for pressing a few keys. And will therefore not partake in any illegal activity, at least, activities that the law says are unjust. But if you're going to be a hacker, isn't the whole point to try new things? If you get into a computer, don't you owe it to yourself and the entire hacker world to see what can be done on the inside? Instead of just getting in and walking away? I won't condone, or recommend, actions that will get you thrown into prison, but just hear me out for the sake of argument. Learning that a computer system is wide open is one thing. With knowledge like that, which can easily be obtained through scanning, you could show your friends "hey, this is possible!" and theorize for weeks. However, until you actually go in and see what can be done, and then give it a try to find out what other possibilities become available, you'll never really learn anything. You'll simply be "passing the buck" onto someone else to do the "dirty work" for you. Not to mention you'll be denying yourself a great learning opportunity, as well as a chance to have some real fun. And yet, there's that ever present "prison" thing. The laws that say we can't do those things we want. You can't speed, you may crash and kill someone. You can't hit someone, you'll hurt them. You can't redirect traffic…um, well…someone might not be able to get to a website…or…or something…yeah…. Get the idea? It's pretty damn crazy that someone could actually be punished so severely, but nonetheless it still happens. And that's where the line is drawn. I don't write this claiming to have answers, I only write it to give you things to consider. No one ever made an omelet without breaking some eggs…but then again, no one wants to go to prison. Do we forge ahead and try things…or hold back and play by the rules…. We may never have an answer, so until then, it's up to the individual. Play it safe…or go for the gold. 6. REVIEW - "TAKEDOWN": by Dash Interrupt and Screamer Chaotix Takedown A review by Dash Interrupt. Takedown. The ever popular title of Tsutomu Shimomura's "accurate" book about his mission to hunt down Kevin Mitnick and put him behind bars, is now a full length feature film. Although available in France, it hasn't yet been released in America. I was fortunate enough to find the full length Divx version on KaZaA, and from what I had heard about it, it wasn't good at all. So, I decided to watch it for myself and here's what I thought about it. Takedown (or "Cyber Traque, in french) was, I thought, a pretty good movie. Now, before everyone out there starts hating me and sending me threatening emails for siding with Shimomura let me clear that up right now. Takedown is a good movie, ONLY if you know it's a work of fiction. There is almost zero accuracy in this movie about what REALLY happened to Kevin Mitnick, as most of you probably know Hollywood feels the need to spice things up in order to actually get people to watch it, so that's basically all this is. Spice. Or, in other words, complete and utter bullshit, albeit mildly entertaining. This film in no way accurately depicts the events which surround the tracking and apprehension of Kevin Mitnick. Also, before everyone starts saying "Oh, but it makes Kevin Mitnick look really bad." Actually, in the movie, it doesn't favor one person over the other (Shimomura and Mitnick). I'll pretend here for a second that I have no idea who either of them are or what happened...hmm..alright, I'm left with the feeling that when I watched it, I wouldn't have known to root for. So now that I've defended myself against everyone who automatically hates this movie before viewing it (I know they're out there, because I was one of them), I'd like to discuss the actually plot of the movie. In the film, Kevin, of course, plays a hacker, who just "has to know" about everything, no matter what the cost. So, he takes it onto himself to find out about this device that the government and law enforcement use to tap phone conversations, it's called S.A.S. Being the suave social engineer that he is, he cons some people into giving him vital information about this S.A.S. device and he learns all about it, and even uses it on the cops to listen in on calls concerning him. After he's done all this, he realizes he might be in some trouble for breaking his probation so he decides to skip town. Now the film takes a jump here from when he skipped town to..I believe 2 years later, when he's on the run from the F.B.I. While staying at a friend's house he sees Tsutomu Shimomura on TV (Shimomura being a computer security expert) and decides to have a little fun with him and tries to social engineer him, when that backfires on him and Shimimura calls him "lame", Kevin gets really upset and makes it his mission to break into Shimomura's computer and steal something important. After this, the film turns into Shimomura against Mitnick, with Mitnick somehow staying a step ahead of everyone, until, of course, the end. Now, what I said earlier about this film being "mildly entertaining", part of that is the humor in this movie...at one point, Kevin is making out with a waitress he had met earlier in the day and he stops, looks at her and asks her if she's ever "scanned", after she just sits there for a moment he grabs his cell phone and starts showing her how to listen in on peoples phone calls. This, along with a few other interesting parts, is what makes Takedown an alright film, if taken as complete fiction. If you intend to see this movie and are expecting an accurate portrayal of the pursuit of Kevin Mitnick, don't. Only see this if you're interested in hacker movies, and since they aren't too many of them out there to choose from, you have to settle for one's that take the Kevin Mitnick story and make it into an hour and a half of fiction. Takedown A review by Screamer Chaotix I too had the chance to watch the DivX version of "Takedown" recently, but I won't bother boring you with the plot since Dash did an excellent job of summarizing it. Instead, I'll get right to the point. There is only one reason to watch Takedown, and that's to get a kick out of all the inaccuracies. Alright, perhaps some of you may enjoy seeing the computer stuff, after all you don't watch "Easy Rider" for the acting…you watch it for the cool bikes. Takedown does have some cool computer graphics, and most of the time they're right on track with reality (although toward the end we begin to see the "Hollywood OS" creep in). With that said, let me now explain my reason for dreading the rest of the piece of utter garbage. To begin, please humor me for just a moment and ask yourself why you watch movies. OK, time's up…you probably answered "Why, to be entertained of course!" or something of that nature. You watch a film to have fun, to enjoy yourself, to escape for a few hours. But if that were true, why in the name of swiss cheese would you want to watch a film that so blatantly insults reality? Why would you choose to view a film that makes you sick to your stomach at the way the "hero" Shimomura loves to use Russell Wong to show himself off? How could you stand to see Kevin Mitnick, a real live person, being shown as little more than a racist, anti-woman, thief? If you answer these questions by saying that you wouldn't want to see it, good for you. Do yourself a favor and don't. My major gripe would be the characters. I won't critique Dash's review, since he can't reply, but I will make one comment on something he mentioned. He says that, had he watched it and not known who either man was, he would never have known who to route for. Exactly! The characters are so dull and lifeless that you can never really figure out who's who. One minute Mitnick's an innocent hacker, the next he's insulting Shimomura's nationality and calling FBI agent's "cocksuckers." The film tries to cover this point towards the end, where Kevin asks Shimomura why he has to be in prison when Shimomura is no different from him (in the film Shimomura created a program that can do anything to the internet, one of those "doomsday" viruses movies love so much…probably to show off how incredibly skilled he is *bleh*). But of course, the last we see of Mitnick is him screaming to high heaven, "Yeah you walk away mother fucker! You walk the fuck away you mother fucker!" And after this, Shimomura is next seen walking with his supermodel girlfriend talking about how Mitnick's in prison because of him…oh no, not guilt, he's happy he won. So wait…has Shimomura learned his lesson when he tells Kevin that writing the "doomsday" program (called "Contempt" in the film) was the wrong thing to do, or is he still a wise guy when he walks off with a smirk on his face. If you know what a good movie is, you should be able to see the lack of character development in this one. Next up, portrayal. Maybe some people can enjoy a film even when they know it's a lie, but for me I have to genuinely feel good about something before I give it any credit. And Takedown doesn't even come close. For it's portrayal of Kevin Mitnick it gets an F-. No, I don't know him personally, but I'm sure he's human just like the rest of us. I don't know him personally, but I'm willing to bet if a woman was ready to go at it, he wouldn't stop and ask her if she "scanned." And I'm even more certain he wouldn't break out a cell phone and listen to conversations to try and impress her…does the film really need to make Mitnick look like a robot? I think I speak for most male hackers, computers are great…but women are better. Of course, it's not fair to dismiss everything in Takedown without further examination of some entertaining parts. Sadly, these are few and far between, and really aren't all that funny when you think about how the whole movie was basically lining the pockets of the people that helped get prison in jail for five years. Scenes such as Mitnick turning off an FBI agent's power ("You little fucker") and Tom Berenger realizing how little he knows about technology ("And what do you think he'll do when he hears scrambled calls?"). Before I conclude, I'd like to throw in something extra. I would like to tell exactly how "I" think the film could have been better. Of course, getting rid of the guy who brought him in in the first place would be a good step. But aside from that, the film should have definitely focused on the pain of being on the run. I don't condone running from the law, but as cinema it has the ability to give us a new perspective on things…why not show people just how painful it is being a wanted man? The scenes where Mitnick is debating whether or not to go out with a girl he met were extremely powerful, especially when you put yourself in his shoes. Here he is, wanted for getting into the wrong computers and being hunted by the FBI. How could he ever have a relationship with this woman? How long could it last before she realized he was lying about his identity the whole time? And how long could he run…. Of course, these things are only hinted at. In fact, the scenes I mentioned above actually gave me a false sense of hope about the film. I began to feel for Kevin and thought it was going to show how hard it was to be all alone…but instead we get Kevin scaring the girl away by acting like a freak, and then putting the cherry on top by saying "You're a lot like my mother…she was a bitch too." Great. Not only does this fictional Mitnick not want to touch a woman, he also has to call her a bitch. If the director was going for sympathy by showing Mitnick not knowing how to fit in, he completely threw that out the window when he calls her that nasty B word. Overall Takedown is a boring, slow paced, not at all exciting drama that makes you glad Mitnick is finally free. The film hints at a few things hackers have always said, things such as how Mitnick could have used his abilities to steal from anyone…but didn't. But in the end, we see him as the raving lunatic who hates women and are left with a film that is about as entertaining as watching grass grow. If curiosity is getting the best of you, there are ways of seeing the film. But I think it's important to note that its only entertaining parts are suddenly destroyed by moronic stupidity, and not to mention lies. If you can see through that, and for some reason aren't turned away by the falsities, then go ahead. But don't say I didn't warn you. Oh, but if you do…watch for the "Cigar Agent," he's the one who carries an unlit cigar in his mouth the whole movie and never lights it. Turns out the script mentions that he only lights it when the case breaks…damn, they cut that scene. 7. CLOSING ARGUMENTS This will probably be the last issue of Frequency that's released monthly, as much as it pains me to say that. I'd say 17 months of releasing issues is quite a feat, wouldn't you? But as with all good things, it must come to an end. Don't misinterpret, Frequency is by no means going away. We love it too much to ever let that happen. But a change must take place, considering the sudden drop of reader submissions. You may be wondering why we don't write the articles ourselves, well for a while now this has been happening. With friends that we can depend on sending in the articles we've managed to keep this ezine coming to you each and every month, but that can only last so long. People run out of steam eventually, and we see now that quality is far more important than quantity. All is not lost however. Issues will be released when they're completed, which could very well still be every month, if we get enough articles that is. And while we value all our submissions, and read them with the utmost interest, as a publication we can only print those that fit the times and are up to par with the rest of the issue. This means that five hundred people could each submit a two paragraph article, and yet we still wouldn't have enough. We've always been a publication that said it like it was, and frankly a skimpy paragraph or two isn't what our readers want to see. If we had it our way, we would publish virtually everything…but of course, it's up to you the readers to decide. And decide you have. You want larger issues with more well thought out articles, and if that's the case, then we're going to have to change the release schedule. Hopefully new issues shouldn't be released too far apart, and if people continue to send in their Frequency articles to articles@hackermind.net we can continue putting out this ezine fairly regularly. Also, please note that articles for our new publication "Equal Access" should be directed to equalarticles@hackermind.net. Aside from that, I'm looking forward to 2002. Hackermind and Frequency are constantly changing, having ups and downs, but throughout it all there's a camaraderie between the crew and the listeners/readers. We're in this together, and that's representative of the entire hacker world really. No matter how unjust things become, and no matter how hard things get, you know that there are others just like you sharing the same experiences. Whether you're banned for port scanning, arrested for playing with your computer, or silenced for saying the wrong thing, you can take solace in the fact that you have a voice, and that we're here for you. All of us. -screamer 8. CROSSTALK > Frequency, I had recently heard that you were debating whether or not to continue to release your ezine every month. As an avid reader, I wanted to throw in my opinion and say that I think you should continue to do so, if the quality remains the same. Quality over quantity, but it's nice having an ezine that comes out once a month. I hate waiting around for the newest issue of Phrack to be released, or any other ezine for that matter. But if you can't, I understand. Thanks. - Deception REPLY> First off, read the closing arguments. We agree completely, but sadly it's out of our control. We would love to continue releasing our issues monthly, but the sad fact is, we haven't been receiving enough articles lately. Ironically we've never had more readers, or listeners of Hackermind for that matter, so it's a bit odd that are article submissions drop now. Still this doesn't change the facts. Without enough articles, let's say 7 or 8 on top of all the other sections, it's somewhat pointless to release an issue a month. To be perfectly honest, I still say we receive more articles than any other ezine…take a look at our recent back issues and you'll see what I mean. But without reader submissions it takes longer to create an entire issue, as we have to rely on our crew and friends. The problem is this, we have nothing but credit to offer in return. We're sure many of you know that our profit margin is a negative number, with extras like Equal Access and Hackers, Interrupted keeping us even. So paying people for articles isn't possible. If anyone out there has any suggestions as to what could be done, perhaps how we could reimburse our writers, please feel free to let us know. We're looking forward to keeping Frequency coming your way, but without your help the issues will have to be released when we have enough to fill them. > Frequency, I've been a fan of the site www.undergroundnews.com for some time, in fact it's how I found your site. You were talking about how there was "Chaos" at UGN on your message board, and I wanted to write in and give my thoughts if I may. UGN has become nothing but a wasteland of incompetence, overrun by power hungry moderators who only want to ban people to show how strong they are. I say everyone ban UGN until the new owners get their shit together and get rid of the moderators over there. Message boards are put on the internet so people can talk, if no harm is done where the hell is the problem? Let the people speak! - Fearful REPLY> Underground News was once a great site, but yes even we have to admit certain people in authority have sent it down the tubes, and I'm not even sure the new owners are any better. I agree that a message board is a place where people should be allowed to speak, but the mods of UGN may argue that if you choose their message board you have to follow their rules, plain and simple. For that reason I suggest people open their eyes and realize that there are other places out there on the internet where you can go. People have tried to save the once-great UGN, but I suppose now it's just time to accept the fact that it's dead. Perhaps in the future, long after UGN is gone, someone will come along and resurrect it. I would love to see that happen, and maybe things will be different. 9. CREW Screamer Chaotix - Editor in Chief Dash Interrupt - Webmaster Da Peng - Network Administrator Unreal - NT Specialist Contributing Writers: JayX, Naz Abbas, Sad is Tic Cover Design/Layout: CryptoKnight Shout Outs: 2600's legal team, Electronic Frontier Foundation, Dante WRITE FOR FREQUENCY! Send articles to articles@hackermind.net TUNE INTO HACKERMIND THURSDAYS AT 0200 UTC, VISIT WWW.HACKERMIND.NET FOR DETAILS! "The criminals of today are armed with computers and other weapons of mass destruction," - Janet Reno "Are you trying to make your computer the most powerful force in the universe?" - Dash Interrupt W W W . H A C K E R M I N D . N E T