F R E Q U E N C Y : inside the hacker mind FREQ23 AUGUST 2002 ============================== 1. “Know Your Enemy” 2. Create a Custom Antenna 3. Conversion Box 4. The Fast and The Furious 5. TIPS and The World of the Future 6. Send Congress Back to School 7. Review – H2K2 8. Crosstalk 9. Closing Arguments 10. Crew ============================== “The public is wonderfully tolerant. It forgives everything except genius.” -Oscar Wilde 1. “Know Your Enemy” The MPAA is fighting for the right to hack into your computer if they suspect you of piracy. The RIAA wants legislation that will allow them to DoS peer to peer networks where they think people are sharing copyrighted works. Oh yeah, they’re both asking for the right to not be held legally responsible if they make a mistake. It sounds like pure, absolute fiction. Sadly my friends, it is not. These are real proposals being made as I write these words, and what’s worse, are under serious consideration by the federal government! If passed, these rights will give organizations such as the MPAA and RIAA the right to, literally, do whatever they want to your computer. If they suspect you of sharing Hollywood films or copyrighted songs, they can attack your machine without mercy, and are under no legal obligation to compensate you for anything else they destroy. If they fry your motherboard somehow, tough shit. Your loss. What’s that? They made a mistake? You didn’t have any illegal files? Ouch, sucks to be you! Ask the Attorney General for permission to sue. But odds are they’re not responsible…at least not if these laws are passed. We hate to assume anything about our readers, but at this point I think it’s safe to say no wants their computer destroyed. No one wants their private data deleted. And no one wants power hungry corporations to do these things without consequences. But how do you go against something like this without sounding as though you condone the true act of piracy? Piracy, in this writer’s definition, being the act of selling someone else’s work and making a profit. It can be very difficult, especially explaining these things to people who know little about computers. As hackers, we understand what attacks such as these could do. And while the threat of actual loss is slim, the fact that these corporations could be given the right to commit these acts is appalling. Especially at a time when hackers, people who may enter remote computer systems out of curiosity, are facing life in prison. Shutting down massive piracy rings is one thing, but giving a corporation the right to do whatever they want to computers is sickening, especially when they seek to invade home PC’s (something many hackers do not approve of) and destroy files (again, something most hackers look down upon) they think are copyrighted works, even if they’re really not. Be careful, don’t name that video presentation you made for school “Pearl Harbor”…suppose the MPAA saw inside your machine? They would obviously assume that 3mb file is their piece of shit movie of the same name. Maybe people that don’t know much about computers will appreciate that example, but getting those hardcore thinkers to change their mind may be a bit more difficult. You know the ones I mean, the people that watch such “fiercely independent” news channels (their words, not mine) as MSNBC and FOX News. The ones that watch the O’Reilly factor and think they know all about the world (thanks to Aaron McGruder for that excellent point), and insist that they know how everything works, no matter what contradicting evidence may dictate. These are the people we may never reach, but it doesn’t mean we shouldn’t try. They’ll always be brainwashed by the everyday media, never even considering the possibility that FOX News may lie from time to time, or that MSNBC may be biased to…oh, let’s say…Microsoft? And wouldn’t you know it, these news stations more or less hate hackers, so who do some of their viewers hate? You guessed it, hackers. Hackers are the enemy because they spread viruses, DoS networks, and of course, “hack into the Pentagon.” Corporations like the MPAA on the other hand, are simply trying to stop piracy. Ask one of those undergrads in the three hundred dollar shirts what they think about the MPAA attacking computers, and most likely they’ll tell you they have a right to protect their property. Why do they say that? Two reasons. First, the mass media typically presents the story that way and by regurgitating what they heard on MSNBC last night they fell smart. Second, they’re an English major and know nothing about computers…so naturally they’ll buy the MPAA’s claim that they’ll never abuse their power. This brings about an interesting irony. Hackers break into computers, bringing about the potential for damage with every keystroke. I know it’s painful to hear that, but let’s face it, if you’re root the danger exists. So why do I feel hackers should have the right to do these things, but not the MPAA? First off, let’s eliminate DoS’ing networks, as I in no way accept such behavior as hacking. Now, let me stress that I never “condone” illegal activities. A person who breaks the law should be punished in one way or another, be it a warning or a fine. This doesn’t mean that I consider all computer intrusions bad things morally. Just as stealing bread for a starving family is alright ethically, but wrong legally, so are many computer intrusions. No, computer intrusions may not carry the same urgency as stealing bread, but wanting to explore is hardly as bad as robbing a store. Perhaps wanting to protect copyrighted works is just as innocent, but having the right to destroy whatever you like with impunity is not. If this same situation arose for hackers, where they were suddenly allowed to destroy any file they saw fit, I would give the same argument. Why? Because I don’t think Joe Blow down the road should be allowed to hog wild on my machine however he likes. If he wants to penetrate my security and play around, that’s fine. I understand the consequences of being online, but no one should have the right to destroy anything. If all goes well, these ridiculous legislations will go down in flames. Already the RIAA has been attacked for their suggestions, and ironically that attack came in the form of a DoS. This may feel good to everyone out there, but in the end it only hurts hackers. It gives the RIAA more reason to fight back, and in the end, solves nothing. If the legislation is passed, we’ll probably see more and more people DoS’ing the MPAA and RIAA. Yes, it will feel like sweet revenge, but do you honestly expect that to change their minds, much less the law? In the end, we need to educate people by explaining things to them both online and off. Our voices will never be as loud as the MPAA and RIAA…they’ll be louder. We have the internet, and if we figure out ways of spreading the word opinions will change. People will see that hackers do things out of curiosity, corporations seek to destroy with impunity. By presenting evidence, and letting these corporations speak for themselves, hopefully we can show the public who the true enemy is. And of course, that brings us to the conclusion of this issue’s introduction. But guess what? You still have the rest of Freq23 to enjoy. -screamer ========================================================================== 2. *** Create a Custom Antenna *** By: Dual Parallel One day there was some good discussion on the HM message board. People were talking about scanners, and this was good. This intelligent conversation was inspirational. It inspired me to make an antenna. Antennas are good. If you haven't messed around with RF (radio frequency) technology, then you're missing out on a whole world of hacking/phreaking fun. Your cell phone is just an advanced two way radio. Hams routinely use phone patches on repeaters to make phone calls. Listening to your hot MILF neighbor on her cordless phone is...oh...uh...nevermind. Actually, a lot of people in my barrio still use those oldskool 10/25 channel cordless phones. Granted most phone calls are boring, there is the occasional doozie. And I know the antenna on my scanner (Telescoping Antenna, Radio Shack Cat. No. 20-006A) is not optimal for those low frequencies (around 44 to 47 MHz). I think I've found a candidate. Now, let me preface everything by saying that I'm no expert and that this antenna may be far from ideal antenna design. But this article should give you the basic theory and procedure for creating your own custom antenna. Let's start with a little math. An ideal antenna will be the length of one wavelength of the frequency you want to monitor, so that's the first thing you have to determine. I've found canned formulas like w = 984/f, but that tells us nothing. Let's start at the beginning. w = c/f, where w = wavelength c = speed of light f = frequency First, convert the speed of light so we don't get antenna length in miles. c = (186,000 mi/sec)(5280 ft/mi) c = 982,080,000 ft/sec Now we'll use the lowest freq for the cordless phones, 43.720 MHz, to catch them all. w = (982,080,000 ft/sec)/(43,720,000 cyc/sec) w = 22.46 ft ~ 22.5 ft That's a little too long for a handheld scanner. I could make a half-wave dipole, but that's still too much. Quarter-wave might work... 22.5/4 = 5.6 ft ~ 5.5 ft = 66 in Ok, now we're talking (or listening, rather). With a rough idea of antenna length, I headed for the local Radio Shack. Sure enough, they had a CB whip that was 64 in long. Close enough. But I did have to adapt it to a handheld scanner. That meant scouring the section for parts. Here's what I came up with: Mobile CB Antenna Cat. No. 21-988 Mobile CB Antenna Mount Cat. No. 21-961 2-Ft. RG-58 Coax Cable Assembly Cat. No. 278-968 PL-259 to Female BNC RF Adapter Cat. No. 278-120 I put it all together (I'm sure you can figure out how) - it all hand tightened nicely. Now to test it. The antenna worked well. I heard tones in the target range I never heard before, signals had less static compared to my other antenna, and most importantly, I heard new cordless phone users almost every time I turned on my scanner. Like I said, this antenna is far from ideal. A quarter-wave should have a ground plane and the SWR should be tested. Regardless, it was a fun project and I hope that sharing it with the readers of Frequency spurs some interest in RF. http://www.oldskoolphreak.com ============================================================================== 3. *** Conversion Box *** By: Captain B Test sets (Lineman handsets) are obviously a useful phreak tool for beige boxing. But, unless you're willing to drop a couple hundred bucks to buy one at your local authorized Harris telecom products dealer, dumpster dive for one, or take the chance doing the ol' 5 finger discount with some Ma Bell truck, It's better to use a one-piece phone (Like the Apollo or Super-mini flip phones from Radio Hack, or the ConAir flip phone available at K mart stores). Or, you could convert a phone that has a keypad in the handset to a pseudo test set for beige boxing purposes (As I'll be discussing here). Yes, you could also convert a phone without a keypad in the handset, but you'd better have a way of sending DTMF via acoustic coupling, such as with a tone dialer (If you can still find one at the local Radio Hack). Also, since most lineman handsets have features that are either on most phones, or not absolutely needed for the more exclusive features, It's just all the more reason to beige box with a regular phone. The driving principal behind making this is very similar to the one used for the Bungee box. Because, you'll be modifying a handset cord for this. The difference is that only 1 end of the handset cord will be modded. Here's what you'll need... *A handset cord *Modular crimp tool *Wire cutter (Unless the crimp tool has it built in) You'll also first want to check how many conductors there are inside your phone handset. If It's 2 conductors, It'll be simpler. If there's more than 2, it becomes necessary to isolate which 2 wires are used to power the handset. (Well, at least that's how it was with a 4 wire phone handset I was converting). To check the amount of conductors in the handset, remove the handset cord and look inside the hole where the handset plug from the cord goes in. Hopefully, It's 2 conductors. And yes, you could check the number of conductors in the handset cord instead, but since handset cords always seem to have 4 conductors when bought as new, that could mislead you. I'll go more into isolating the 2 wires involved for powering the handset on a 4 conductor handset cord in a minute. Let's get into making this. Take the handset cord, look first at the little wires in the plug to observe for the color scheme (Thus making note of correct polarity) then, cut off that handset cord plug as close as possible with where it connects to the cord. Carefully, strip off a bit of the insulation using the modular crimp tool's stripper. Take a 2 line (RJ14) modular line cord plug, and push the line cord plug over that end of the handset cord, facing the same way as the previous until it stops (which is quite fast). See the instructions that came with the modular crimp tool if you need more help. Now, if a 2 conductor handset was used, you can just plug it into any working modular jack, and it should work. But, if the handset has more than 2 conductors, connect up an in-line coupler (Female-to-female RJ14 connector). Then, connect a modified 2-line (RJ14) line cord (with 4 alligator clips) on the other end of the in-line coupler. Try connecting the gator clips in different combinations of 2 at a time to the screws holding the red and green wires inside a modular jack or out at the TNI until you get a dial tone. Of course, you'll want to either remove the cover from the modular jack by unscrewing the center screw, or prying it off if it has no screw to access the 42A block with 4 screw terminals inside. Or, in the case of the TNI, open it on the Telco access side using a 3/8 hex bit on a 1/4 drive ratchet or spinner handle. (These can be found at Home Depot stores). In a TNI, the red and green wires run from the subscriber modules contained in the customer side to the screw terminals on the telco side. Use that for reference. (Disregard the other colored wires there). If you only have 1 line service, make sure you connect up to the 2 screw terminals that have phone service. Otherwise, there won't be a dial tone, of course. The conversion box makes for a handy placebo to a lineman's handset, don't you think? ============================================================================= 4. *** The Fast and The Furious *** by: Master Blister In case you don’t know, “The Fast and the Furious” is a damn cool movie starring the equally cool Vin Diesel. It’s also a movie about car racing, namely, street racing. In the film, a group of friends finance their expensive habit by way of robbing eighteen wheelers. The money pays off, and they turn their average cars into hot rods that could burn past a Ferrari any day of the week. Maybe it’s a bit out there, but I’ve always thought of this group as hackers. No, they’re not really into computers…but they still take things apart, put them back together, and make them do things they were never designed to do. Look at the Volkswagon Jetta that’s decked out to do 170 easy and you’ll see what I mean. Well, this comparison to hackers made me realize something else. They have their cars, hackers have their laptops. Both can be taken virtually anywhere, and both can be made to look pretty damn sweet…and that’s what I’d like to focus on today. I would like to mention one thing though, I don’t encourage anyone to modify their laptop if they don’t know what they’re doing. In fact, it was only recently that adding extra memory became something an average person could do, with the aid of a few SO-DIMMS of course. Besides that, I’m not going to encourage anyone to crack open their laptop and do any serious modification, this article is designed to aid you in making your laptop look a little better, and hopefully make it at least respectable. And I’m sure I don’t have to mention that if you have a piece of crap, even the best mods won’t make it any better, at least not performance-wise. First off, any true hacker boots multiple operating systems, or just Linux if you’re really hardcore and don’t need to rely on Windows. With that said, the obvious first step is to get some sort of Linux, or really any *nix distro on your laptop. Trust me, I’ve seen the shittiest of laptops boot up Linux and suddenly found a new respect for them. At least they have a good OS on them…nothing’s sadder than a piece of garbage that stutters through Win98. At least with *nix on there you can just use the command line, why install Windows and just use dos? (OK, actually I can think of a few reasons) Now that you have a respectable OS on there, it’s time to move onto the part that most of us came for…improving the look. Laptops nowadays are designed to look sleek, so you might not want to modify it too much. Think of it like having a BMW, you probably wouldn’t want snowflakes painted on the side. Some laptops even have a glowing keyboard, I believe their the newer HP’s, so if you want looks and you’re in the market…go with that. But, for you less fortunate, stuck with your black or gray older models, there’s still hope. Stickers are an old favorite, and still very popular today. But don’t just go with any stickers, you’ll want some that accentuate your machine and say a little about yourself. “NIX” and “DOS” (designed to be a play on the famous NOS stickers that plague cars) are fairly common, try to be original. Whether you order special ones online (www.internetbumperstickers.com is pretty popular), make them yourself, or find them in one of those 50 machines in a shopping mall, be careful not to go overboard. I recall recently at my local 2600 meeting what one kid had done, and it wasn’t pretty. He had an old Toshiba Satellite machine that was running on a Pentium, and in and of itself it looked fine. It was a bit bulky, and not like the designer models you see today, but it ran fine and even X Windows performed well. What detracted from it was the neverending collection of stickers on the top AND bottom! Everywhere you looked there was some sort of peace sign or smiley face stuck to the body, complete and utter overkill if you ask me. If you decide to go with stickers, do the world a favor and limit yourself to two or three. Even better, instead of just placing regular stickers here and there, try to get a large one that will actually reach across the entire lid. With a design cut into the center, you could have a nice outline on the top of your machine, very “hot-roddish.” I know what you’re thinking…you saw “Hackers” and want to try (insert scary music) “The Spray Paint Thing.” For you less informed, the spray paint thing was born when Crash Override (Jonny Lee Miller) put a cardboard stencil over his keyboard and sprayed gold paint over it (!!!). I can’t advise against this enough, spray paint is some of the most stubborn stuff there is. Once it goes on, it WILL NOT come off! Or at least, you won’t want to do what’s required to get it off to your computer. So my advice, forget what you see in the movies. IF! And I stress IF you should choose to do this, be sure to only spray the lid (paint in your keys is a bad thing). If you’re lucky, you might get a nice design…but you probably won’t be. Odds are you’ll wind up with a black and gold lid that looks like it got tagged by the Crypts. Next up, lights. The cars in the movie had them, so why not get some on your computer? For this, I direct your attention to http://capital-ideas.com/moonlight.htm, they have pretty good tutorials on setting everything up. Not all laptop models are covered, but it shouldn’t be too difficult to incorporate them elsewhere. But I say again, if you don’t know what you’re doing, maybe this isn’t for you. One easier option is Glow Rings (www.glowrings.com), these babies glow for TEN YEARS without batteries! You’ll have to order some, so be sure to get a long and very thin one (the actual size and dimensions depend on your laptop, measure the circumference of the lid or wherever you decide to stick it). Place it wherever you like, but the best choice would probably be around the top lid of the machine, so that it forms an arch when the monitor is in the upright position. You can secure the ring into place using any number of methods, including krazy glue (go easy), rubber cement (go even easier), or if push comes to shove, just tape it on. Scotch tape may not sound like a good option, but it actually looks alright in the dark. The other two choices are much more efficient, but you can pretty much forget about removing the Glow Ring unless you add water to break the bond. And finally, I’ll touch upon speed. Laptops, while somewhat easier now, are still a pain to upgrade. If you really want to make your machine faster, the simplest alternative is to, of course, boost the ram. Most newer models have the SO-DIMM slot located underneath the keyboard or under the entire unit. There, you insert a new stick of RAM and boost your machines memory power. As for the processor and motherboard, you could always send it to a computer store or the manufacturer, but almost anyone will tell you that you should probably just buy a new one. Now we have stickers, lights, speed, and hopefully a respectable operating system. You’re now ready to fire up your hot rod of a box and hack in style. Remember, be creative in your designs, and try not to make too many permanent ones. You may find that sticking with just stickers of some kind is the way to go, after all, you can just pull them off. But if you really jump into this, you could have a sweet looking machine. Use your imagination, and always be fast and furious. 5. *** TIPS and The World of the Future *** Neighbors spying on neighbors, people watching people, and letter carriers snitching on people. Sounds nice. Apparently that’s what we’re all facing if the new “TIPS” program goes into full swing. For those of you who don’t know what tips is, I’ve provided the information below. Read it for yourself, and try not to weep. ------------------------------------------------------------------------------------ Operation TIPS, administered by the U.S. Department of Justice and developed in partnership with several other federal agencies, is one of the five component programs of the Citizen Corps. Operation TIPS will be a national system for reporting suspicious, and potentially terrorist-related activity. The program will involve the millions of American workers who, in the daily course of their work, are in a unique position to see potentially unusual or suspicious activity in public places. The Department of Justice is discussing participation with several industry groups whose workers are ideally suited to help in the anti-terrorism effort because their routines allow them to recognize unusual events and have expressed a desire for a mechanism to report these events to authorities. These workers will use their common sense and knowledge of their work environment to identify suspicious or unusual activity. This program offers a way for these workers to report what they see in public areas and along transportation routes. All it will take to volunteer is a telephone or access to the Internet as tips can be reported on the toll-free hotline or online. Information received will be referred electronically to a point of contact in each state as appropriate. This is not a national 911 center, and callers are expected to dial 911 for emergency local response. Industries that are interested in participating in this program will be given printed guidance material, flyers and brochures, about the program and how to contact the Operation TIPS reporting center. This information can be distributed to workers or posted in common work areas. Operation TIPS is scheduled to be launched in late summer or early fall 2002. The goal of the program is to establish a reliable and comprehensive national system for reporting suspicious, and potentially terrorist-related, activity. Operation TIPS will be phased in across the country to enable the system to build its capacity to receive an increasing volume of tips. ------------------------------------------------------------------------------------------------------------------------------------- Is this what we really want? A society where people are spying on each other, paranoid of anything that might be the least bit suspicious? Trust me, I’m a fan of “power to the people”…but not when those people are reporting their findings to the federal government. Think about it, what happens if the cable guy notices my copy of 2600? Will he then have reason to call up the feds and report me? According to this new program, he would. That doesn’t mean I would be arrested of course, but I WOULD be under suspicion…and for what? For having a magazine? Be careful who you let into your homes…the government has eyes everywhere now, and they’re anxious to fill up those few empty prison cells they have lying around. ------------------------------------------------------------------- Heck, they even have strict rules about their gifs! ------------------------------------------------------------------- Citizen Corps Web Banners Encompassing public education, training, and volunteer opportunities, Citizen Corps gives every American the chance to do their part to be better prepared for and better protected from crime, terrorism, and disasters of all kinds. Internet-based entities or organizations are encouraged to display one of the following banner ads on their websites and to link to the www.citizencorps.gov website. By downloading or using the Citizen Corps banners, the user agrees to the following conditions of use: Banners may not be used in any way or manner that implies the endorsement of any person, product, program or service. No one may manufacture for sale a product containing a banner image. Anyone who downloads or uses a banner incurs an obligation and fiduciary duty to maintain the integrity and consistency of the Citizen Corps logo and banner. Use or display of Citizen Corps banners in an inappropriate manner may result in legal action. Upon notice from Citizen Corps, the user agrees to discontinue use of banners. ==================================================================================== 6. *** Send Congress Back to School *** by: Tim Mullen (posted on www.securityfocus.com) So this aide walks into the office of Jack Valenti, President and CEO of the Motion Picture Association of America... "Sorry for the interruption, Mr. Valenti" she says, "but it's about the Berman Bill. What should we do about it?" Valenti smiles and says, "Pay it." Coverage of the "Hack Bill" has been so prominent that the subject itself is almost hackneyed. Fortunately, every intelligent human being with an ounce of technical perception has denounced the bill for the utter folly that it is. Unfortunately, most of those inhabiting a seat on Capitol Hill will have to push away a pound of obscurity before they can begin to address the issue. That's the part that scares me. Momentarily deferring elaboration, let me say that I am aware that many are speciously equating the Berman Bill with my "hack-back" technology. It is a tangential argument at best. I call for the use of neutralizing processes by qualified personnel in response to definitively identified worm attacks, leaving offending systems fully operational. Berman, in contrast, calls for inflicting willful and deliberate damage directly on the end user and/or ownership entity by any third party copyright holder who presumes the target is illegally sharing content. There is an unbridgeable chasm between the two. That being said, my fear is the developing trend of our representatives, who are supposed to speak for us and represent our voices, to draft proposed laws that ultimately restrict our freedoms and increase our costs while focusing revenue streams and business opportunities onto a select few. They are like doctors who drill holes in our heads to relieve their own headaches. For all of its proposed power, implication, and potential for abuse, the Berman Bill is only about 1,600 words in detail. One would think that a technology bill would be, at the very least, somewhat technical. It isn't. For instance, the definition of a "peer-to-peer file trading network" is "two or more computers which are connected by computer software that is primarily designed to enable the connected computers to transmit files or data to other connected computers." You and I would call that the "Internet." Granted, he does attempt to further qualify possible targets, but in the use of equally ambiguous language, he fails grievously. Additionally, the requirement for deploying any given offensive action is that the copyright holder must submit technical details of the attack to the Attorney General seven days prior to production use. They don't have to get an 'okay' -- they just have to submit it. In a speech to the CCIA, Berman reveals that his technical insight into the Internet piracy issue stems from having a college-age daughter. Legislative Quackery You see, there is inherent danger in having lawmakers legislate technology when they have no understanding of what it really is. They are like doctors who drill holes in our heads to relieve their own headaches. Similarly, Fritz Hollings' Consumer Broadband and Digital Television Promotion Act will require that any "digital media device," being any hardware or software product that can reproduce copyrighted works in digital form, be enabled with a standard security technology that is reliable, renewable, resistant to attack, readily implemented, modular, applicable to multiple technology platforms, extensible, upgradeable, and not cost prohibitive. Of course, no one has any idea what that is. But, that ignorance does not keep them from submitting a bill that will require any qualifying device to adapt the technology within a year of them figuring it out. Yes, you read that correctly- they want to pass a law now that will require anything that can reproduce a digital signal to adopt technology that has yet to be determined. To be fair, I should mention that there is a deadline for arriving at what that technology will be. However, in representation of his best political form, Hollings has written into the bill that upon reaching that deadline, it can be extended. Bravo. And don't forget the implications of the original Patriot Act, or the recent House of Representative passing of the Cyber Security Enhancement Act, which grants life imprisonment sentences for malicious hackers as well as loosens telephone wiretap and Internet sniffing restrictions. When it comes to technology and the law, we are still in our infancy. Now is the time to educate ourselves, and our representatives, as to the implications of our actions, lest we find ourselves maturing into a troubled adulthood. ====================================================================== 7. *** Review – H2K2 *** by: Screamer Chaotix I’m going to go against the mold for a moment (like I ever do that!), and review H2K2 a little differently than most people would. To me, it’s not enough to simply review the panels and say what I liked or didn’t like. To give people an accurate portrayal of the conference, and to let them know what to expect, I have to get a bit more personal. I have to dig deep down and pull up my own experience of going to the conference, which is what I’d like to do right now. Before we even got on the train, it had begun. We saw a person wearing an H2K shirt, and knew we were among friends. The train arrived soon after, so we didn’t have a chance to say hi, but already there was a sense of community as we rode into the city. An hour and a half later we were there, in the heart of Grand Central. Now, for anyone who’s ever been in the city before, you know walking with heavy bags is no easy task. And yet, even after being stopped by some guy who really wanted to shake my hand (odd how I’d have to put my bag down to do that), we made it to the Hotel Pennsylvania. There, in the main windows, were those beautiful signs. H2K2 – Hackers On Planet Earth We weren’t in the building more than two seconds when Cheshire Catalyst walked by, and right away I knew this was going to be an interesting weekend. The wait in line was uncomfortably long, but that was to check into the hotel…conference registration went off without a hitch! You walk in, give them your name, get some hell from the check in guys (always the comedians), and grab your badge. Welcome to H2K2. Panels on the 18th floor, network on the mezzanine. That’s what we had to learn, but it didn’t take long. After finding our room we mostly just followed the kids with the badges, and yes, that feeling of community was stronger than ever. Ironic as it may sound, you could probably come to this conference all by yourself and never be alone. Fellow hackers see your badge and instantly you make new friends. Everyone there is willing to help, everyone is asking questions, and everyone is in on the spirit of things. Nowhere was this more prominent than the network room. This is where you could have some serious fun. Hook up your laptop to the wireless network, or do it old school and plug in the Cat V, doesn’t really matter. At first we tried to find someone we knew to sit with, but then we realized…you could sit anywhere, no one would care! Most people were on their own, just them and their laptops. Sit at their table, and odds are you would make a new friend. At one point, I found myself chatting with a guy who I later watched host a panel…and I never even knew he was presenting. We noticed I was reading “one of those damn news sites”, and after telling him it was my damn news site, we both had a good laugh. But this isn’t to say the network room is the only place things like this were going on, head upstairs to the panels, and it’s like a whole nother world. For virtually every panel Dash and myself made it into the front row. It wasn’t hard, even with people in the far back, those more determined could find seats right up front. The only panel we had trouble with, and you’ll have trouble with, was social engineering. We didn’t have the best seats in the world for that one, but thankfully it was mostly just audio. And now, my favorite part. The movie room. The back half of Panel Room A was actually a type of movie theater, complete with a large screen. Here, you could watch hacker movies and shows (WarGames, the MTV hacker special, Jack Valenti’s deposition, etc) on the top floor of the Hotel Pennsylvania at almost any hour of the day. On the first night, Dash, Wintermute, and myself all gathered in for the premiere of “0wned,” a new hacker documentary. Let me tell you folks, there’s nothing cooler than watching a new hacker movie with your buds while drinking a beer. But premiere’s weren’t everything. On Sunday morning we entered the theater room, and sure enough, there were dozens of people gathered around to watch WarGames…now how cool is that? Ten in the morning, and they’re watching WarGames. I’m sure I don’t have to tell you which panels we loved. Social Engineering was fantastic, the keynote was intriguing, and the Abuse of Authority panel really had us thinking. Suffice it to say, there were some things we did not enjoy, and will avoid next time. For one, Cult of the Dead Cow promised an extravaganza, but in their usual way this was nothing but utter nonsense. Also, the lack of information was also a pain in the ass. There was a bulletin board (no, no, a real paper and pin bulletin board) down on the second floor where announcements were posted, but when you’re up on 18 and have no idea what’s going on, it would be nice to have an announcement or two. Because of this lack of notification, we missed “Freedom Downtime,” something we both wanted to see very much. If you are considering attending HOPE 2004 but have reservations about it, let me be the first to set you straight. GO! I don’t say that lightly though, heading into the city for 3 days can be a daunting task, and will break your bank. Nonetheless, the feeling of being among fellow hackers is an incredible one, even when the regular hotel guests are scared shitless. The environment is extremely friendly and open, and if you make the most of it, you’re sure to have a great time. Without a doubt, we’ll be at the next con, and we hope to see you there. -screamer 5. *** TIPS and The World of the Future *** Neighbors spying on neighbors, people watching people, and letter carriers snitching on people. Sounds nice. Apparently that’s what we’re all facing if the new “TIPS” program goes into full swing. For those of you who don’t know what tips is, I’ve provided the information below. Read it for yourself, and try not to weep. ------------------------------------------------------------------------------------ Operation TIPS, administered by the U.S. Department of Justice and developed in partnership with several other federal agencies, is one of the five component programs of the Citizen Corps. Operation TIPS will be a national system for reporting suspicious, and potentially terrorist-related activity. The program will involve the millions of American workers who, in the daily course of their work, are in a unique position to see potentially unusual or suspicious activity in public places. The Department of Justice is discussing participation with several industry groups whose workers are ideally suited to help in the anti-terrorism effort because their routines allow them to recognize unusual events and have expressed a desire for a mechanism to report these events to authorities. These workers will use their common sense and knowledge of their work environment to identify suspicious or unusual activity. This program offers a way for these workers to report what they see in public areas and along transportation routes. All it will take to volunteer is a telephone or access to the Internet as tips can be reported on the toll-free hotline or online. Information received will be referred electronically to a point of contact in each state as appropriate. This is not a national 911 center, and callers are expected to dial 911 for emergency local response. Industries that are interested in participating in this program will be given printed guidance material, flyers and brochures, about the program and how to contact the Operation TIPS reporting center. This information can be distributed to workers or posted in common work areas. Operation TIPS is scheduled to be launched in late summer or early fall 2002. The goal of the program is to establish a reliable and comprehensive national system for reporting suspicious, and potentially terrorist-related, activity. Operation TIPS will be phased in across the country to enable the system to build its capacity to receive an increasing volume of tips. ------------------------------------------------------------------------------------------------------------------------------------- Is this what we really want? A society where people are spying on each other, paranoid of anything that might be the least bit suspicious? Trust me, I’m a fan of “power to the people”…but not when those people are reporting their findings to the federal government. Think about it, what happens if the cable guy notices my copy of 2600? Will he then have reason to call up the feds and report me? According to this new program, he would. That doesn’t mean I would be arrested of course, but I WOULD be under suspicion…and for what? For having a magazine? Be careful who you let into your homes…the government has eyes everywhere now, and they’re anxious to fill up those few empty prison cells they have lying around. ------------------------------------------------------------------- Heck, they even have strict rules about their gifs! ------------------------------------------------------------------- Citizen Corps Web Banners Encompassing public education, training, and volunteer opportunities, Citizen Corps gives every American the chance to do their part to be better prepared for and better protected from crime, terrorism, and disasters of all kinds. Internet-based entities or organizations are encouraged to display one of the following banner ads on their websites and to link to the www.citizencorps.gov website. By downloading or using the Citizen Corps banners, the user agrees to the following conditions of use: Banners may not be used in any way or manner that implies the endorsement of any person, product, program or service. No one may manufacture for sale a product containing a banner image. Anyone who downloads or uses a banner incurs an obligation and fiduciary duty to maintain the integrity and consistency of the Citizen Corps logo and banner. Use or display of Citizen Corps banners in an inappropriate manner may result in legal action. Upon notice from Citizen Corps, the user agrees to discontinue use of banners. ==================================================================================== 6. *** Send Congress Back to School *** by: Tim Mullen (posted on www.securityfocus.com) So this aide walks into the office of Jack Valenti, President and CEO of the Motion Picture Association of America... "Sorry for the interruption, Mr. Valenti" she says, "but it's about the Berman Bill. What should we do about it?" Valenti smiles and says, "Pay it." Coverage of the "Hack Bill" has been so prominent that the subject itself is almost hackneyed. Fortunately, every intelligent human being with an ounce of technical perception has denounced the bill for the utter folly that it is. Unfortunately, most of those inhabiting a seat on Capitol Hill will have to push away a pound of obscurity before they can begin to address the issue. That's the part that scares me. Momentarily deferring elaboration, let me say that I am aware that many are speciously equating the Berman Bill with my "hack-back" technology. It is a tangential argument at best. I call for the use of neutralizing processes by qualified personnel in response to definitively identified worm attacks, leaving offending systems fully operational. Berman, in contrast, calls for inflicting willful and deliberate damage directly on the end user and/or ownership entity by any third party copyright holder who presumes the target is illegally sharing content. There is an unbridgeable chasm between the two. That being said, my fear is the developing trend of our representatives, who are supposed to speak for us and represent our voices, to draft proposed laws that ultimately restrict our freedoms and increase our costs while focusing revenue streams and business opportunities onto a select few. They are like doctors who drill holes in our heads to relieve their own headaches. For all of its proposed power, implication, and potential for abuse, the Berman Bill is only about 1,600 words in detail. One would think that a technology bill would be, at the very least, somewhat technical. It isn't. For instance, the definition of a "peer-to-peer file trading network" is "two or more computers which are connected by computer software that is primarily designed to enable the connected computers to transmit files or data to other connected computers." You and I would call that the "Internet." Granted, he does attempt to further qualify possible targets, but in the use of equally ambiguous language, he fails grievously. Additionally, the requirement for deploying any given offensive action is that the copyright holder must submit technical details of the attack to the Attorney General seven days prior to production use. They don't have to get an 'okay' -- they just have to submit it. In a speech to the CCIA, Berman reveals that his technical insight into the Internet piracy issue stems from having a college-age daughter. Legislative Quackery You see, there is inherent danger in having lawmakers legislate technology when they have no understanding of what it really is. They are like doctors who drill holes in our heads to relieve their own headaches. Similarly, Fritz Hollings' Consumer Broadband and Digital Television Promotion Act will require that any "digital media device," being any hardware or software product that can reproduce copyrighted works in digital form, be enabled with a standard security technology that is reliable, renewable, resistant to attack, readily implemented, modular, applicable to multiple technology platforms, extensible, upgradeable, and not cost prohibitive. Of course, no one has any idea what that is. But, that ignorance does not keep them from submitting a bill that will require any qualifying device to adapt the technology within a year of them figuring it out. Yes, you read that correctly- they want to pass a law now that will require anything that can reproduce a digital signal to adopt technology that has yet to be determined. To be fair, I should mention that there is a deadline for arriving at what that technology will be. However, in representation of his best political form, Hollings has written into the bill that upon reaching that deadline, it can be extended. Bravo. And don't forget the implications of the original Patriot Act, or the recent House of Representative passing of the Cyber Security Enhancement Act, which grants life imprisonment sentences for malicious hackers as well as loosens telephone wiretap and Internet sniffing restrictions. When it comes to technology and the law, we are still in our infancy. Now is the time to educate ourselves, and our representatives, as to the implications of our actions, lest we find ourselves maturing into a troubled adulthood. ====================================================================== 7. *** Review – H2K2 *** by: Screamer Chaotix I’m going to go against the mold for a moment (like I ever do that!), and review H2K2 a little differently than most people would. To me, it’s not enough to simply review the panels and say what I liked or didn’t like. To give people an accurate portrayal of the conference, and to let them know what to expect, I have to get a bit more personal. I have to dig deep down and pull up my own experience of going to the conference, which is what I’d like to do right now. Before we even got on the train, it had begun. We saw a person wearing an H2K shirt, and knew we were among friends. The train arrived soon after, so we didn’t have a chance to say hi, but already there was a sense of community as we rode into the city. An hour and a half later we were there, in the heart of Grand Central. Now, for anyone who’s ever been in the city before, you know walking with heavy bags is no easy task. And yet, even after being stopped by some guy who really wanted to shake my hand (odd how I’d have to put my bag down to do that), we made it to the Hotel Pennsylvania. There, in the main windows, were those beautiful signs. H2K2 – Hackers On Planet Earth We weren’t in the building more than two seconds when Cheshire Catalyst walked by, and right away I knew this was going to be an interesting weekend. The wait in line was uncomfortably long, but that was to check into the hotel…conference registration went off without a hitch! You walk in, give them your name, get some hell from the check in guys (always the comedians), and grab your badge. Welcome to H2K2. Panels on the 18th floor, network on the mezzanine. That’s what we had to learn, but it didn’t take long. After finding our room we mostly just followed the kids with the badges, and yes, that feeling of community was stronger than ever. Ironic as it may sound, you could probably come to this conference all by yourself and never be alone. Fellow hackers see your badge and instantly you make new friends. Everyone there is willing to help, everyone is asking questions, and everyone is in on the spirit of things. Nowhere was this more prominent than the network room. This is where you could have some serious fun. Hook up your laptop to the wireless network, or do it old school and plug in the Cat V, doesn’t really matter. At first we tried to find someone we knew to sit with, but then we realized…you could sit anywhere, no one would care! Most people were on their own, just them and their laptops. Sit at their table, and odds are you would make a new friend. At one point, I found myself chatting with a guy who I later watched host a panel…and I never even knew he was presenting. We noticed I was reading “one of those damn news sites”, and after telling him it was my damn news site, we both had a good laugh. But this isn’t to say the network room is the only place things like this were going on, head upstairs to the panels, and it’s like a whole nother world. For virtually every panel Dash and myself made it into the front row. It wasn’t hard, even with people in the far back, those more determined could find seats right up front. The only panel we had trouble with, and you’ll have trouble with, was social engineering. We didn’t have the best seats in the world for that one, but thankfully it was mostly just audio. And now, my favorite part. The movie room. The back half of Panel Room A was actually a type of movie theater, complete with a large screen. Here, you could watch hacker movies and shows (WarGames, the MTV hacker special, Jack Valenti’s deposition, etc) on the top floor of the Hotel Pennsylvania at almost any hour of the day. On the first night, Dash, Wintermute, and myself all gathered in for the premiere of “0wned,” a new hacker documentary. Let me tell you folks, there’s nothing cooler than watching a new hacker movie with your buds while drinking a beer. But premiere’s weren’t everything. On Sunday morning we entered the theater room, and sure enough, there were dozens of people gathered around to watch WarGames…now how cool is that? Ten in the morning, and they’re watching WarGames. I’m sure I don’t have to tell you which panels we loved. Social Engineering was fantastic, the keynote was intriguing, and the Abuse of Authority panel really had us thinking. Suffice it to say, there were some things we did not enjoy, and will avoid next time. For one, Cult of the Dead Cow promised an extravaganza, but in their usual way this was nothing but utter nonsense. Also, the lack of information was also a pain in the ass. There was a bulletin board (no, no, a real paper and pin bulletin board) down on the second floor where announcements were posted, but when you’re up on 18 and have no idea what’s going on, it would be nice to have an announcement or two. Because of this lack of notification, we missed “Freedom Downtime,” something we both wanted to see very much. If you are considering attending HOPE 2004 but have reservations about it, let me be the first to set you straight. GO! I don’t say that lightly though, heading into the city for 3 days can be a daunting task, and will break your bank. Nonetheless, the feeling of being among fellow hackers is an incredible one, even when the regular hotel guests are scared shitless. The environment is extremely friendly and open, and if you make the most of it, you’re sure to have a great time. Without a doubt, we’ll be at the next con, and we hope to see you there. -screamer 8. *** Crosstalk *** > Frequency, Don’t get me wrong, I love your mag, but isn’t it a bit newbie-ish? Phrack is way more in depth and technical, but Freq rarely has anything that complex, just wondering what you thought about that. Don’t mean to sound like I’m putting you guys down or anything. [Taze] REPLY> Comparing Frequency to Phrack is apples and oranges, both are good in their own respective way. Phrack is about computer programming, Frequency is about opinions. If people read our ezine and come away thinking something new, or intrigued about a particular topic so much they want to learn more, then we’ve done our job. Also, be careful with your assumptions. Just because a zine focuses on something other than technical issues does not mean its readers are in someway less educated. For that matter, do you think all of Phrack’s readers are expert programmers? > Frequency, Whatever happened to the Freq hard cover you guys were talking about? Did that ever get released? And if it did, can I order one? Oh yeah what about Switchhook? Is that still around? [Placebo] REPLY> The Freq hardcover never saw the light of day for several reasons. Originally we had intended on releasing an issue of Frequency in both online form, as well as in a printed magazine style similar to the way Equal Access is now. In fact, it was mostly Equal Access that kept the hard cover from happening. We turned our attention on that, and the hard cover of Frequency kind of faded off. As for Switch Hook, that was a supplement that was included with earlier issues of Frequency, and as we’ve said before, it’s possible it may return someday. > Frequency, Hey Screamer, are you going to have a conference like H2K2? You could probably rent some space at a hotel somewhere, I’m sure you could afford it with the money people would pay for tickets. It could be really cool, hey Defcon started that way! [Maddy] REPLY> A Hackermind Conference sounds like a lot of fun, but there’s one little problem…not enough people would show up. Let’s be realistic for just one moment. If you’re going to have a conference, you need to have enough people there to warrant it. There’s no way of guaranteeing how many people would actually show up, but when you consider how far away everyone lives, you can see how difficult it is. Plus, money is always an obstacle. Even if we charged 50 dollars for a ticket, if only 3 people showed that wouldn’t be anywhere close to how much we’d be paying for the hotel space and extra goodies. In the end, it’s a nice idea, but a little ahead of its time. > Frequency, Hey can you post this in Frequency? [Anonymous] REPLY> No. > Frequency, Why did you stop making Hackermind a weekly show? I know it’s a lot of work but are there any plans on bringing it back to normal? Once a month just isn’t enough! [Tag] REPLY> Changing the format of the show was a decision not easily reached. Things had gotten pretty hectic in both my life, as well as Dash’s. We both have other things that demand our attention, and really can’t be avoided. However, rather than abandon the show, we decided it was simply time for a change. Since finding new material to keep the show interesting week after week was demanding enough, especially with the other stuff we have going on, we reached an agreement on what would be best for the show. The decision we made; recording a single, 2 hour show per month, seemed to be the best. Some ideas were thrown around, but most seemed too unreliable for the fans (making shows whenever we could) or still provided a far too stressful atmosphere (airing one episode every two weeks). Asking whether we’ll bring it “back to normal” is difficult to answer, mainly because normal is just what everyone had grown used to. In fact, normal once meant two episodes per week! Basically what we’re saying is that our ways of doing things are constantly changing, and we’ve always said there’s nothing wrong with change. Will we ever go back to a live episode every week? Perhaps, but then again, maybe we’ll do something entirely different. The point is, Hackermind is still doing what it’s always done, and we hope our listeners realize this and don’t mind readjusting a little. ====================================================================================== 9. *** Closing Arguments *** HAN II had to be one of the most challenging experiences of my life, and I don’t mind saying it. In fact, I want to scream out loud how difficult it was to put all that together. From the incessant heat (that’s me in the tank top…so allow me to apologize to the guys for scaring you, and to the ladies for drivin ya wild ;)) to the lack of sleep we both had, it’s really a miracle the show came together so well. Yeah, yeah, we didn’t get to do EVERYTHING we wanted, but the stuff we missed were things we couldn’t help but skip. A drinking contest is a bad idea when you have to drive your cohost 10 miles back to his hotel, and as luck would have it, no one else wanted to join in on the fun. We wanted to have a female friend play some (duh) female roles for our acting bits, but alas, that idea fell through. And finally, searching for Tsutomu Shimomura on the phone is kind of hard when you only have legal means at your disposal. Yes folks, we know…but breaking the law outright, on the air, is usually not a good idea. But all in all, it was an experience I’ll never forget, and I hope no one else will either. H2K2 was another amazing experience. I’m almost tempted to say once in a lifetime, but who the heck says I’m not going to HOPE 2004? I know I’ll be there, laptop and all, and can’t wait to meet even more listeners. But, if you want more info, check out the review above. In the last issue I called this the “Summer of the Hacker,” and that’s exactly what it was. But now, many of you will be returning to school once again. Wow, it seems like I just said that the other day…how time flies. Things are a bit different for your old buddy Screamer, he’s still in school. Yeah, school during the summer may sound like a drag, but when you only go three days a week it really helps to kill the boredom and monotony of staying home. Still, I hear ya…going back sucks. For those of you starting college, I wish you the best of luck. I remember that day well, and even with all the hell I went through at my last school, it’s still a fond memory. I met a lot of great people at orientation, and made well over 10 new friends in a single day. Many I’ve lost touch with since I’ve changed schools, but some I still have ways of getting in touch with. For you guys still in high school, good luck! Six hours a day is rough, especially when it’s spent staring at boring books that teach you shit you already know…but hang tight, the real world IS a lot better. See, your teachers say it’s easier in high school…that’s a crock of shit. When you’re 21 years old and able to do whatever the hell you want without asking permission, life is a whole lot easier. High school in the states makes you ask permission before you use the bathroom…are you a student or a prisoner? College and schools like mine are nothing like that, there you’re actually treated like a human being. Ah the trials and tribulations of a hacker. It seems like everyday there’s something new that’s upsetting me; whether it’s knowing something others don’t know or simply watching your friends get in trouble for absolutely nothing. Every day that goes by brings me one day closer to that “real world.” The world where I have to get a job, I have to survive, and I have to “play the game.” The game is something we all know. You start by accepting the crap that bothers you everyday as being the way of things, and move on to incorporating it into the person you are. Will I ever become this way? Will I ever believe that hackers need to be stopped so that corporations can get richer and richer? I’m 21 right now, and unless someone 1984’s my ass I don’t see my opinions changing. Will I ever go along with the system and play the game? Why do that when you can bend the rules? Hackers are always thinking up new ways of doing things, so why not use my (pardon the plug) hacker mind and find a way around that life? Some say that’s anti-social, although I don’t see how they reach that conclusion. I hang out with friends, meet new people, and have fun all the time…why does keeping an eye on Sun Microsystems and Microsoft make me “anti-social?” Hell, I’m very social! I love talking my friends ears off about what I’ve found using my computer. No, I can’t say I’ll ever join that world…the world of the greedy and power hungry. The world of big brother and being a good little doggy…sorry, that’s just not me. I think I’ve done enough ranting and raving for this issue, time to kick back and watch the tube. Hmm…Speed 2 or Wishmaster 2…choices… -screamer =================================================================== 10. *** Crew *** Editor in Chief – Screamer Chaotix Webmaster – Dash Interrupt Network Administrator – Leland D. Peng NT Specialist – Unreal Radio Specialist – w1nt3rmut3 Writers – Dual Parallel, Captain B, Master Blister Shout Outs – w1nt3rmut3 (thanks for the insider info), the creators of “0wned”, everyone who doesn’t stop reading after the Closing Arguments, Jack Daniels (for making us all comfortably numb), Jane (for wanting me to go with her), Aaron McGruder, Renderman, B. Dalton and the local Barnes and Noble (for keeping 2600 at the front of the rack), Shakira (the wallpaper that kept us awake), everyone who’s ever fought back. HACKERMIND – New episodes on the 20th of every month. www.hackermind.net SEND ARTICLES TO – articles@hackermind.net SEND LETTERS TO – screamer@hackermind.net http://counseling.outpost10f.com/~guilds/poetry/contest/september01/images/hacker.jpg - just plain funny http://supermodelforever.com/archive.asp?galleryName=Estella%20Warren&gallery=ew4&week=176&model=ew - just plain whoa WWW.HACKERMIND.NET no more, go home