FREQUENCY: inside the hacker mind FREQ26 November 2002 ========================== 1. “The Thin Gray Line ” 2. Exploration Through Lucid Dreaming 3. Kevin’s Story 4. Conformity 5. Running Fat Distros on Thin Hardware 6. Random Stuff From the Net 7. Review – “Linux Programming By Example” 8. Crosstalk 9. Closing Arguments 10. Most Wanted 11. Crew ========================== "Talent does what it can; genius does what it must." - Edward George Bulwer-Lytton (1803-1873) 1. “The Thin Gray Line” It sits before you like an open door, only you’re reluctant to pass through. You’re not using an account that can be traced back to you, at least, you don’t think you are. Will they contact the remote machine you’re currently logged into and actually find out who made that outgoing connection? Will the feds arrive at your door with MP-5’s drawn? Will your life forever be changed by one little electronic act? Hell, even more importantly, will you lose your internet access because of it? It’s a situation that has plagued network explorers for ages, how far is too far? We find something that can be so easily exploited, and yet we know the repercussions that could follow. Your mind begins thinking paranoid thoughts about going to a library with wide open internet terminals and doing your hacking deeds from there. Hell, if you wander over to a university you could probably do everything you wanted to do, get whatever you were looking for, and get out all with complete anonymity. Then again…you’re undoubtedly on camera, suppose they trace the IP back to a particular terminal and then watch the security video to see who was logged on! Scary thoughts, no doubt. Enough to make your single, solitary wingate look a little pointless. But are these fears justified, and should we give up on our fun just because there’s a little danger? Your natural response may be yes, but I remind you, nothing fun is completely safe. Drinking is dangerous, and yet people drink. Smoking can kill, and yet people smoke. Sex can have numerous consequences, but virtually no one would consider giving it up completely. Why should computer hacking be any different? As long as you don’t drive, don’t smoke all the time, and always use a condom, you’re somewhat protected. Nothing is a hundred percent, but it’s ridiculous to expect people to give up all the little joys of life strictly out of fear. In fact, many people discourage others from living their lives based on fear. After all, we’re talking about robbing a bank, or committing some other crime. We’re talking about playing with a computer, and regardless of what the media and law enforcers might argue, no one gets hurt. Computer hacking has always been risky, especially when you try to comprehend the unimaginable paranoia of the general public. Or perhaps more appropriately, when you take a look at the unbelievable propaganda pumped out by politicians and news media. They, after all, are the ones with the loudest voices. When they feel threatened, they eliminate the problem. Sadly, that thirteen year old looking at the open computer hole is the problem. You and I probably agree that he’s just being curious. Sure, he is doing something wrong, but like a kid stealing some of his father’s liquor no one would think anything of it. He deserves a slap on the wrist, but certainly nothing more. He was just doing what kids, and all people for that matter, do…he was experimenting. He was seeing what could be done, and having a lot of fun doing it. It’s amazing how we forgive people who spray paint walls simply because it’s nothing more than a “youthful transgression,” or ignore the man who cheats on his wife. These things are not considered important, yet ironically, modifying the main page of Ebay is worthy of federal prosecution. Back to the person staring at the vulnerability…should he go for it? Should he make himself as safe as can be and then dive in? In a perfect world we would have a clear answer, but this is real life. And just like real life, this article has no clear answer. The question has been posed, now you can think it over. I will say, as I have before, that I will never encourage people to do things that may land them in jail. But the questions of right and wrong, good and evil, smart or insane will forever be an unusable function…perfectly, and clearly, undefined. And now that we got you thinking, here’s your twenty-sixth issue of Frequency: Inside the Hacker Mind. -screamer ================================================================== 2. *** Exploration Through Lucid Dreaming *** By: Lucid Let me begin by first stating that in our culture time is a commodity. This is not true in Asia. So if you think time is a commodity then ergo you could either have to much time or too little. What I purpose deals with those of us that lack time for exploration. Over the summer I noticed that my work has hindered my passion. In the long run it will be worth it because it will count towards the CISSP cert. If time is an issue for you then I suggest Lucid Dreaming Exploration. All the ideas you think of while awake can be thought up while you sleep. Hmm I will describe what LD is first. In simple English LD is a dream you paint yourself and control. The difficult part understands your dreaming while asleep. This hurdle can be skirted by several means. What works for me is staying up late (I'm talking 3-4 AM) At this time I will lay in bed and soon my body will rest but my mind is awake. The other way is to set an alarm on your watch. When you hear it you will know you are dreaming. ( not too loud) The last way I will describe is looking at your hands in your awake state. Because they will look different in the dream state. I have only had two lucid dreams but one was textbook. They say that once in your first LD you will want to fly. I did exactly that. I was out side at night and it was dark but there was light from the moonlight and I was under this massive tree that seemed to touch the sky. I looked up and I told myself to go towards the top of the tree. The problem was that I got too excited from the flight (Unreal knows) experience that I woke up. How can this be applied to computers? In an LD you dream of anything and everything you are not bound by physics. You could dream up the ultimate hacking scenario without fear of Big Brothers henchman knocking at your door. You could explore the pentagon. You could be a packet flying on a wire to a destination of your choice. (Packet size and type up to you.. I might be a fragmented packet. ) You could read pages of code in your awake state and break them in your LD state and wake up at your own whim with the answer. The possibilities are endless. Although I will state that even in your dreams MACs suck and DOSing is still lame. ---- Risks to Lucid Dreaming--- 1.You may not feel as rested as you normally do from regular dreaming. 2.You may be asleep but awake enough to have your eyes open. This one truly can be frightening. You tell your brain to move your arm and it won't budge because your asleep. You will feel paralyzed and may not want to try lucid dreaming again. If this happens try to be calm and tell yourself to wake up. Oh last note : reading books on dreaming helps . If you want to go to a particular place imagine the place in your mind before you go to sleep. Lights out for Lucid Dreamer - I think I'll check out the networks in Japan and grab some sushi. ( maybe tomorrow night I'll format Brittany Spears' computer. Dreams really do come true ) 3. *** Kevin’s Story *** By: Kevin Mitnick [NOTE – The following was originally included in Kevin Mitnick’s book “The Art of Deception.” However, the publisher decided to pull it at the last minute, and claims it had nothing to do with the legal threats made by John Markoff. It was later published online, and appears here exactly as I received it. No edits have been made, although the formatting has been changed to make it slightly easier to read. As this chapter is stored in several different locations online, and because it was Kevin Mitnick’s original work to begin with, we’ve decided to publish it here as well.] Chapter 1 Kevin's Story by Kevin Mitnick I was reluctant to write this section because I was sure it would sound self-serving. Well, okay, it is self-serving. But I've been contacted by literally hundreds of people who want to know "who is Kevin Mitnick?”. For those who don't give a damn, please turn to Chapter 2. For everybody else, here, for what it's worth, is my story. Kevin Speaks Some hackers destroy people's files or entire bard drives; they're called crackers or vandals. Some novice hackers don't bother learning the technology, but simply download hacker tools to break into computer systems; they're called script kiddies. More experienced hackers with programming skills develop hacker programs and post them to the Web and to bulletin board systems. And then there are individuals who have no interest in the technology, but use the computer merely as a tool to aid them in stealing money, goods, or services. Despite the media-created myth of Kevin Mitnick, I'm not a malicious hacker. What I did wasn't even against the law when I began, but became a crime after new legislation was passed. I continued anyway, and was caught. My treatment by the federal government was based not on the crimes, but on making an example of me. I did not deserve to be treated like a terrorist or violent criminal: Having my residence searched with a blank search warrant; being thrown into solitary for months; denied the fundamental Constitutional rights guaranteed to anyone accused of a crime; being denied not only bail but a bail hearing; and being forced to spend years fighting to obtain the government's evidence so my court appointed attorney could prepare my defense. What about my right to a speedy trial? For years I was given a choice every six months: sign a paper waiving your Constitutional right to a speedy trial or go to trial with an attorney who is unprepared; I chose to sign. But I'm getting ahead of my story. Starting Out my path was probably set early in life. I was a happy-go-lucky kid, but bored. After my father split when I was three, my mother worked as a waitress to support us. To see me then an only child being raised by a mother who put in long, harried days on a sometimes-erratic schedule would have been to see a youngster on his own almost all his waking hours. I was my own babysitter. Growing up in a San Fernando Valley community gave me the whole of Los Angeles to explore, and by the age of twelve I had discovered a way to travel free throughout the whole greater L.A. area. I realized one day while riding the bus that the security of the bus transfer I had purchased relied on the unusual pattern of the paper-punch that the drivers used to mark day, time and route on the transfer slips. A friendly driver, answering my carefully-planted question, told me where to buy that special type of punch. The transfers are meant to let you change buses and continue a journey to your destination, but I worked out how to use them to travel anywhere I wanted to go for free. Obtaining blank transfers was a walk in the park: the trash bins at the bus terminals were always filled with only-partly-used books of transfers that the drivers tossed away at the end of their shifts. With a pad of blanks and the punch, I could mark my own transfers and travel anywhere that L.A. buses went. Before long, I had all but memorized the bus schedules of the entire system. This was an early example of my surprising memory for certain types of information; still, today I can remember phone numbers, passwords and other items as far back as my childhood. Another personal interest that surfaced at an early age was my fascination with performing magic. Once I learned how a new trick worked, I would practice, practice, and practice until I mastered it. To an extent, it was through magic that I discovered the enjoyment in fooling people. From Phone Phreak, to Hacker my first encounter with what I would eventually learn to call social engineering came about during my high school years, when I met another student who was caught up in a hobby called phone phreaking. Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees. He showed me neat tricks he could do with a telephone, like obtaining any information the phone company had on any customer, and using a secret test number to make long-distances calls for free actually free only to us--I found out much later that it wasn't a secret test number at all: the calls were in fact being billed to some poor company's MCI account). That was my introduction to social engineering-my kindergarten, so to speak. He and another phone phreaker I met shortly thereafter let me listen in as they each made pretext calls to the phone company. I heard the things they said that made them sound believable, I learned about different phone company offices, lingo and procedures. But that "training" didn't last long; it didn't have to. Soon I was doing it all on my own, learning as I went, doing it even better than those first teachers. The course my life would follow for the next fifteen years had been set. One of my all-time favorite pranks was gaining unauthorized access to the telephone switch and changing the class of service of a fellow phone phreak. When he'd attempt to make a call from home, he'd get a message telling him to deposit a dime, because the telephone company switch received input that indicated he was calling from a pay phone. I became absorbed in everything about telephones-not only the electronics, switches, and computers; but also the corporate organization, the procedures, and the terminology. After a while, I probably knew more about the phone system than any single employee. And, I had developed my social engineering skills to the point that, at seventeen years old, I was able to talk most Telco employees into almost anything, whether I was speaking with them in person or by telephone. My hacking career started when I was in high school. Back then we used the term hacker to mean a person who spent a great deal of time tinkering with hardware and software, either to develop more efficient programs or to bypass unnecessary steps and get the job done more quickly. The term has now become a pejorative, carrying the meaning of "malicious criminal." In these pages I use the term the way I have always used it in its earlier, more benign sense. In late 1979, a group of fellow hacker types who worked for the Los Angeles Unified School District dared me to try hacking into The Ark, the computer system at Digital Equipment Corporation used for developing their RSTS/E operating system software. I wanted to be accepted by the guys in this hacker group so I could pick their brains to learn more about operating systems. These new "friends" had managed to get their hands on the dial-up number to the DEC computer system. But they knew the dial-up number wouldn't do me any good: Without an account name and password, I'd never be able to get in. They were about to find out that when you underestimate others, it can come back to bite you in the butt. It turned out that, for me, even at that young age, hacking into the DEC system was a pushover. Claiming to be Anton Chernoff, one of the project's lead developers, I placed a simple phone call to the system manager. I claimed I couldn't log into one of "my" accounts, and was convincing enough to talk the guy into giving me accessing and allowing me to select a password of my choice. As an extra level of protection, whenever anyone dialed into the development system, the user also had to provide a dial-up password. The system administrator told me the password. It was "buffoon," which I guess described what he must have felt like later on, when lie found out what had happened. In less than five minutes, I had gained access to Digital's RSTE/E development system. And I wasn't logged on as just as an ordinary user, but as someone with all the privileges of a system developer. At first my new, so-called friends refused to believe I had gained access to The Ark. One of them dialed up the system and shoved the keyboard in front of me with a challenging look on his face. His mouth dropped open as I matter-of-factly logged into a privileged account. I found out later that they went off to another location and, the same day, started downloading source-code components of the DEC operating system. And then it was my turn to be floored. After they had downloaded all the software they wanted, they called the corporate security department at DEC and told them someone had hacked into the company's corporate network. And they gave my name. My so-called friends first used my access to copy highly sensitive source code, and then turned me in. There was a lesson here, but not one I managed to learn easily. Through the years to come, I would repeatedly get into trouble because I trusted people who I thought were my friends. After high school I studied computers at the Computer Learning Center in Los Angeles. Within a few months, the school's computer manager realized I had found a vulnerability in the operating system and gained full administrative privileges on their IBM minicomputer. The best computer experts on their teaching staff couldn't figure out how I had done this. In what may have been one of the earliest examples of "hire the hacker," I was given an offer I couldn't refuse: Do an honors project to enhance the school's computer security, or face suspension for hacking the system. Of course I chose to do the honors project, and ended up graduating Cum Laude with Honors. Becoming a Social Engineer some people get out of bed each morning dreading their daily work routine at the proverbial salt mines. I've been lucky enough to enjoy my work. In particular you can't imagine the challenge, reward, and pleasure I had in the time I spent as a private investigator. I was honing my talents in the performance art called social engineering-getting people to do things they wouldn't ordinarily do for a stranger-and being paid for it. For me it wasn't difficult becoming proficient in social engineering. My father's side of the family had been in the sales field for generations, so the art of influence and persuasion might have been an inherited trait. When you combine an inclination for deceiving people with the talents of influence and persuasion you arrive at the profile of a social engineer. You might say there are two specialties within the job classification of con artist. Somebody who swindles and cheats people out of their money belongs to one sub-specialty, the grifter. Somebody who uses deception, influence, and persuasion against businesses, usually targeting their information, belongs to the other sub-specialty, the social engineer. From the time of my bus transfer trick, when I was too young to know there was anything wrong with what I was doing, I had begun to recognize a talent for finding out the secrets I wasn't supposed to have. I built on that talent by using deception, knowing the lingo, and developing a well-honed skill of manipulation. One way I used to work on developing the skills in my craft (if I may call it a craft) was to pick out some piece of information I didn't really care about and see if I could talk somebody on the other end of the phone into providing it, just to improve my talents. In the same way I used to practice my magic tricks, I practiced pretexting. Through these rehearsals, I soon found I could acquire virtually any information I targeted. In Congressional testimony before Senators Lieberman and Thompson years later, I told them, "I have gained unauthorized access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed. I have used both technical and non-technical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and their inner workings." All of this was really to satisfy my own curiosity, see what I could do, and find out secret information about operating systems, cell phones, and anything else that stirred my curiosity. The train of events that would change my life started when I became the subject of a July 4th, 1994 front-page, above-the-fold story in the New York Times. Overnight, that one story turned my image from a little known nuisance of a hacker into Public Enemy Number One of cyberspace. John Markoff, the Media's grifter "Combining technical wizardry with the ages-old guile of a grifter, Kevin Mitnick is a computer programmer run amok." (The New York Times, 7/4/94.) Combining the ages-old desire to attain undeserved fortune with the power to publish false and defamatory stories about his subjects on the front page of the New York Times, John Markoff was truly a technology reporter run amok. Markoff was to earn himself over $1 million by single-handedly creating what I label "The Myth of Kevin Mitnick." He became very wealthy through the very same technique I used to compromise computer systems and networks around the world: deception. In this case however, the victim of the deception wasn't a single computer user or system administrator, it was every person who trusted the news stories published in the pages of the New York Times. Cyberspace's Most Wanted Markoff's Times article was clearly designed to land a contract for a book about my life story. I've never met Markoff, and yet he has literally become a millionaire through his libelous and defamatory "reporting" about me in the Times and in his 1991 book, Cyberpunk. In his article, he included some dozens of allegations about me that he stated as fact without citing his sources, and that even a minimal process of fact-checking (which I thought all first-rate newspapers required their reporters to do) would have revealed as being untrue or unproven. In that single false and defamatory article, Markoff labeled me as "cyberspace's most wanted," and as "one of the nation's most wanted computer criminals," without justification, reason, or supporting evidence, using no more discretion than a writer for a supermarket tabloid. In his slanderous article, Markoff falsely claimed that I had wiretapped the FBI (I hadn't); that I had broken into the computers at NORAD (which aren't even connected to any network on the outside); and that I was a computer "vandal," despite the fact that I had never intentionally damaged any computer I ever accessed. These, among other outrageous allegations, were completely false and designed to create a sense of fear about my capabilities. In yet another breach of journalistic ethics, Markoff failed to disclose in that article and in all of his subsequent articles-a pre-existing relationship with me, a personal animosity based on my having refused to participate in the book Cyberpunk In addition, I had cost him a bundle of potential revenue by refusing to renew an option for a movie based on the book. Markoff's article was also clearly designed to taunt America's law enforcement agencies. "...Law enforcement," Markoff wrote, "cannot seem to catch up with him...." The article was deliberately framed to cast me as cyberspace's Public Enemy Number One in order to influence the Department of Justice to elevate the priority of my case. A few months later, Markoff and his cohort Tsutomu Shimomura would both participate as de facto government agents in my arrest, in violation of both federal law and journalistic ethics. Both would be nearby when three blank warrants were used in an illegal search of my residence, and be present at my arrest. And, during their investigation of my activities, the two would also violate federal law by intercepting a personal telephone call of mine. While making me out to be a villain, Markoff, in a subsequent article, set up Shimomura as the number one hero of cyberspace. Again he was violating journalistic ethics by not disclosing a preexisting relationship: this hero in fact had been a personal friend of Markoff's for years. My first encounter with Markoff had come in the late eighties when he and his wife Katie Hafner contacted me while they were in the process of writing Cyberpunk, which was to be the story of three hackers: a German kid known as Pengo, Robert Morris, and myself. What would my compensation be for participating? Nothing. I couldn't see the point of giving them my story if they would profit from it and I wouldn't, so I refused to help. Markoff gave me an ultimatum: either interview with us or anything we hear from any source will be accepted as the truth. He was clearly frustrated and annoyed that I would not cooperate, and was letting me know he had the means to make me regret it. I chose to stand my ground and would not cooperate despite his pressure tactics. When published, the book portrayed me as "The Darkside Hacker." I concluded that the authors had intentionally included unsupported, false statements in order to get back at me for not cooperating with them. By making my character appear more sinister and casting me in a false light, they probably increased the sales of the book. A movie producer phoned with great news: Hollywood was interested in making a movie about the Darkside Hacker depicted in Cyberpunk. I pointed out that the story was full of inaccuracies and untruths about me, but he was still very excited about the project. I accepted $5,000 for a two-year option, against an additional $45,000 if they were able to get a production deal and move forward. When the option expired, the production company asked for a six month extension. By this time I was gainfully employed, and so had little motivation for seeing a movie produced that showed me in such an unfavorable and false light. I refused to go along with the extension. That killed the movie deal for everyone, including Markoff, who had probably expected to make a great deal of money from the project. Here was one more reason for John Markoff to be vindictive towards me. Around the time Cyberpunk was published, Markoff had ongoing email correspondence with his friend Shimomura. Both of them were strangely interested in my whereabouts and what I was doing. Surprisingly, one e-mail message contained intelligence that they had learned I was attending the University of Nevada, Las Vegas, and had use of the student computer lab. Could it be that Markoff and Shimomura were interested in doing another book about me? Otherwise, why would they care what I was up to? Markoff in Pursuit Take a step back to late 1992. I was nearing the end of my supervised release for compromising Digital Equipment Corporation's corporate network. Meanwhile I became aware that the government was trying to put together another case against me, this one for conducting counter-intelligence to find out why wiretaps had been placed on the phone lines of a Los Angeles P.II firm. In my digging, I confirmed my suspicion: the Pacific Bell security people were indeed investigating the firm. So was a computer-crime deputy from the Los Angeles County Sheriff's Department. (That deputy turns out to be, co-incidentally, the twin brother of my co-author on this book. Small world.) About this time, the Feds set up a criminal informant and sent him out to entrap me. They knew I always tried to keep tabs on any agency investigating me. So they had this informant befriend me and tip me off that I was being monitored. He also shared with me the details of a computer system used at Pacific Bell that would let me do counter-surveillance of their monitoring. When I discovered his plot, I quickly turned the tables on him and exposed him for credit-card fraud he was conducting while working for the government in an informant capacity. I'm sure the Feds appreciated that! My life changed on Independence Day, 1994 when my pager woke me early in the morning. The caller said I should immediately pick up a copy of the New York Times. I couldn't believe it when I saw that Markoff had not only written an article about me, but the Times had placed it on the front page. The first thought that came to mind was for my personal safety-now the government would be substantially increasing their efforts to find me. I was relieved that in an effort to demonize me, the Times had used a very unbecoming picture. I wasn't fearful of being recognized they had chosen a picture so out of date that it didn't look anything like me! As I began to read the article, I realized that Markoff was setting himself up to write the Kevin Mitnick book, just as he had always wanted. I simply could not believe the New York Times would risk printing the egregiously false statements that he had written about me. I felt helpless. Even if I had been in a position to respond, I certainly would not have an audience equal to the New York Times s to rebut Markoff's outrageous lies. While I can agree I had been a pain in the ass, I had never destroyed information, nor used or disclosed to others any information I had obtained. Actual losses by companies from my hacking activities amounted to the cost of phone calls I had made at phone-company expense, the money spent by companies to plug the security vulnerabilities that my attacks had revealed, and in a few instances possibly causing companies to reinstall their operating systems and applications for fear I might have modified software in a way that would allow me future access. Those companies would have remained vulnerable to far worse damage if my activities hadn't made them aware of the weak links in their security chain. Though I had caused some losses, my actions and intent were not malicious ... and then John Markoff changed the world's perception of the danger I represented. The power of one unethical reporter from such an influential newspaper to write a false and defamatory story about anyone should haunt each and every one of us. The next target might be you. After my arrest I was transported to the County Jail in Smithfield, North Carolina, where the U.S. Marshals Service ordered jailers to place me into `the hole'-solitary confinement. Within a week, federal prosecutors and my attorney reached an agreement that I couldn't refuse. I could be moved out of solitary on the condition that I waived my fundamental rights and agreed to: a) no bail hearing; b) no preliminary hearing; and, c) no phone calls, except to my attorney and two family members. Sign, and I could get out of solitary. I signed. The federal prosecutors in the case played every dirty trick in the book up until I was released nearly five years later. I was repeatedly forced to waive my rights in order to be treated like any other accused. But this was the Kevin Mitnick case: There were no rules. No requirement to respect the Constitutional rights of the accused. My case was not about justice, but about the government's determination to win at all costs. The prosecutors had made vastly overblown claims to the court about the damage I had caused and the threat I represented, and the media had gone to town quoting the sensationalist statements; now it was too late for the prosecutors to back down. The government could not afford to lose the Mitnick case. The world was watching. I believe that the courts bought into the fear generated by media coverage, since many of the more ethical journalists had picked up the "facts" from the esteemed New York Times and repeated them. The media-generated myth apparently even scared law enforcement officials. A confidential document obtained by my attorney showed that the U.S. Marshals Service had issued a warning to all law enforcement agents never to reveal any personal information to me; otherwise, they might find their lives electronically destroyed. Our Constitution requires that the accused be presumed innocent before trial, thus granting all citizens the right to a bail hearing, where the accused has the opportunity to be represented by counsel, present evidence, and cross-examine witnesses. Unbelievably, the government had been able to circumvent these protections based on the false hysteria generated by irresponsible reporters like John Markoff. Without precedent, I was held as a pre-trial detainee-a person in custody pending trial or sentencing-for over four and a half years. The judge's refusal to grant me a bail hearing was litigated all the way to the U.S. Supreme Court. In the end, my defense team advised me that I had set another precedent: I was the only federal detainee in U.S. history denied a bail hearing. This meant the government never had to meet the burden of proving that there were no conditions of release that would reasonably assure my appearance in court. At least in this case, federal prosecutors did not dare to allege that I could start a nuclear war by whistling into a payphone, as other federal prosecutors had done in an earlier case. The most serious charges against me were that I had copied proprietary source code for various cellular phone handsets and popular operating systems. Yet the prosecutors alleged publicly and to the court that I had caused collective losses exceeding $300 million to several companies. The details of the loss amounts are still under seal with the court, supposedly to protect the companies involved; my defense team, though, believes the prosecution's request to seal the information was initiated to cover up their gross malfeasance in my case. It's also worth noting that none of the victims in my case had reported any losses to the Securities and Exchange Commission as required by law. Either several multinational companies violated Federal law-in the process deceiving the SEC, stockholders, and analysts--or the losses attributable to my hacking were, in fact, too trivial to be reported. In his book he Fugitive Game, Jonathan Li wan reports that within a week of the New York Times front-page story, Markoff's agent had "brokered a package deal" with the publisher Walt Disney Hyperion for a book about the campaign to track me down. The advance was to be an estimated $750,000. According to Littman, there was to be a Hollywood movie, as well, with Miramax handing over $200,000 for the option and "a total $650,000 to be paid upon commencement of filming." A confidential source has recently informed me that Markoff's deal was in fact much more than Littman had originally thought. So John Markoff got a million dollars, more or less, and I got five years. One book that examines the legal aspects of my case was written by a man who had himself been a prosecutor in the Los Angeles District Attorney's office, a colleague of the attorneys who prosecuted me. In his book Spectacular Computer Crimes, Buck Bloombecker wrote, "It grieves me to have to write about my former colleagues in less than flattering terms.... I'm haunted by Assistant United States Attorney James Asperger's admission that much of the argument used to keep Mitnick behind bars was based on rumors which didn't pan out." He goes on to say, "It was bad enough that the charges prosecutors made in court were spread to millions of readers by newspapers around the country. But it is much worse that these untrue allegations were a large part of the basis for keeping Mitnick behind bars without the possibility of posting bail?" He continues at some length, writing about the ethical standards that prosecutors should live by, and then writes, "Mitnick's case suggests that the false allegations used to keep him in custody also prejudiced the court's consideration of a fair sentence." In his 1999 Forbes article, Adam L. Penenberg eloquently described my situation this way: "Mitnick's crimes were curiously innocuous. He broke into corporate computers, but no evidence indicates that he destroyed data. Or sold anything he copied. Yes, he pilfered software but in doing so left it behind." The article said that my crime was "To thumb his nose at the costly computer security systems employed by large corporations." And in the book The Fugitive Game, author Jonathan Littman noted, "Greed the government could understand. But a hacker who wielded power for its own sake ... was something they couldn't grasp." Elsewhere in the same book, Littman wrote: U.S. Attorney James Sanders admitted to Judge Pfaelzer that Mitnick's damage to DEC was not the $4 million that had made the headlines but $160,000. Even that amount was not damage done by Mitnick, but the rough cost of tracing the security weakness that his incursions had brought to DEC's attention. The government acknowledged it had no evidence of the wild claims that had helped hold Mitnick without bail and in solitary confinement. No proof Mitnick had ever compromised the security of the NSA. No proof that Mitnick had ever issued a false press release for Security Pacific Bank. No proof that Mitnick ever changed the TRW credit report of a judge. But the judge, perhaps influenced by the terrifying media coverage, rejected the plea bargain and sentenced Mitnick to a longer term then even the government wanted. Throughout the years spent as a hacker hobbyist, I've gained unwanted notoriety, been written up in numerous news reports and magazine articles, and had four books written about me. Markoff and Shimomura's libelous book was made into a feature film called Takedown. When the script found its way onto the Internet, many of my supporters picketed Miramax Films to call public attention to the inaccurate and false characterization of me. Without the help of many kind and generous people, the motion picture would surely have falsely portrayed me as the Hannibal Lector of cyberspace. Pressured by my supporters, the production company agreed to settle the case on confidential terms to avoid me filing a libel action against them. Final Thoughts Despite John Markoff's outrageous and libelous descriptions of me, my crimes were simple crimes of computer trespass and making free telephone calls. I've acknowledged since my arrest that the actions I took were illegal, and that I committed invasions of privacy. But to suggest, without justification, reason, or proof, as did the Markoff articles, that I had deprived others of their money or property by computer or wire fraud, is simply untrue, and unsupported by the evidence. My misdeeds were motivated by curiosity: I wanted to know as much as I could about how phone networks worked, and the ins and outs of computer security. I went from being a kid who loved to perform magic tricks to becoming the world's most notorious hacker, feared by corporations and the government. As I reflect back on my life for the last thirty years, I admit I made some extremely poor decisions, driven by my curiosity, the desire to learn about technology, and a good intellectual challenge. I'm a changed person now. I'm turning my talents and the extensive knowledge I've gathered about information security and social engineering tactics to helping government, businesses and individuals prevent, detect, and respond to information security threats. This book is one more way that I can use my experience to help others avoid the efforts of the malicious information thieves of the world. I think you will find the stories enjoyable, eye-opening and educational. --Kevin Mitnick 4. *** Conformity *** By: JayX The subject of Big Brother is a common one. I myself have spoken of it several times, but I don’t think people ever really listen. It’s as though they think Big Brother is something we have to watch out for, something that may become a reality in the future. This is a mistake, because it’s already here. But don’t assume this is another article about cameras per se, this one is about how we’re all being groomed to be good little citizens. Sound crazy? Read on and judge for yourself. There’s a pretty popular show on television called “Wildest Police Videos.” It usually airs on FX everyday, at least over here in the states. In it, people run from the law while host John Bunnell talks tough. He shows us how foolish they are to run from the law, and how the law always wins. Cops are sometimes shown gunning people down, although we never actually see the suspect with a weapon…don’t worry, John Bunnell explains they had no choice. My personal favorites involve the cameras police officers use when making arrests, and again, Bunnell tells us the camera is an officer’s greatest tool. It’s illegal for us to record a police officer without his permission, but it’s perfectly fine for him to record us…oh, I’m sorry, John never mentions that. Another favorite of popular television are those “Exposed!” shows. You know, the ones that show people stealing from casinos, or shoplifting, or anything else you can imagine. Alright, I agree…those people are committing crimes. No, Johnny’s not here this time, but another narrator will usually show us how outrageous these people behave, and then show a clip of the person being arrested. Sometimes, of course, they don’t have the actual arrest on tape…but we’re told there was no getting away, the suspect was promptly apprehended. How? Don’t ask that, why can’t you just believe crime doesn’t pay? Then there’s Cops, a very entertaining show no doubt. You always see how the police are so gentle with the suspects, leaning on people with gunshot wounds, reaching into pockets without permission, and acting tough just because they can. What? You think that’s not right, but the cops are just upholding the law! What’s the point of all this rambling? To show you how our media is saturating our minds with the same propaganda over and over. If there was anything like brainwashing in this country, this is it. Night after night, we, the American people, are shown how crime doesn’t pay. Criminals never get away. And police are always right. We’re shown that cops can use cameras, but we can’t. We’re shown there’s no escape. And yes, we’re shown how stupid you too will look if you attempt any of these crimes. That’s what they are, no doubt about it. But do we really need to see this stuff over and over? Why doesn’t FOX show “World’s Most Abusive Arrests!” or something like that? It would be great for the ratings, but that’s not the “proper” message to send. Make a show like that, and you create animosity. You make people angry at the authorities, and in this day in age (with our more united than ever United States), that is simply unacceptable. Big Brother is already telling us how to think. Before you laugh at “The World’s Dumbest Crooks!” ask yourself what the deeper message is. Am I going too far with this? Maybe I am, but just think about it. ======================================================================= 5. *** Running Fat Distros on Thin Hardware *** By: dual_parallel (www.oldskoolphreak.com) Boy, the new KDE sure looks good - Keramik theme, Crystal icons, transparency, shadows... That's all fine and good - if you're running a P4! Most of us don't have the jack (or the need) to run the hottest hardware. But we all want the latest in GNU/Linux - the latest hardware support, the latest development environments, etc. There's no better way to get everything you want on the hardware you have than by thinning down your distro. This article will go over some great ways to shave precious megabytes off of your install and your memory usage. If it happens to be too distro or application specific, too bad. Take the information and adapt it - create something new. First, let's talk hardware. If you have a 486 laying around, awesome. You can run X on a 486, but it's probably not recommended. Just ditch X, which is the best way to slim down you distro by the way. (If you're running Linux on a 486, you probably don't want X anyway.) Next, we have Pentium processors. With lots of memory, you can run X with a tiny window manager (to be discussed later). On PIIs, up to about 350 MHz, it is possible to run GNOME 1.4 or KDE 2.2, albeit very slow. After that, you don't need this article. Memory was mentioned, and here's the gist of it: Install as much as you can. Memory for older systems is dirt cheap and plentiful. Check electronic surplus stores, thrift stores, Ebay, the cushions of you couch - you can find the SIMMs you need. On to the distro. One way to slim down your distro is to not choose the latest, bloated offerings (SuSE 8.1, Red Hat 8.0, Mandrake 9.0). Beyond the fact that they're probably buggy, it's simplicity itself to upgrade the kernel/packages of previous distros. Optimizing your distro during the install is the next, and an important step. Choosing KDE or GNOME may be advisable if the apps you really want have to have the latest Qt or GTK and you don't want any dependency problems. Don't worry, you won't be using them as your your main desktop environment. Now choose custom install and hand pick every app you want/need and deselect every one you don't. Don't worry, most modern Linux distros handle dependencies pretty well. You'll probably only end up with a few packages that you didn't want. And skip the graphical login. Now you've got a working system. But man is it slow with the installed KDE or GNOME. Well now we're going to ditch it and use a smaller window manager, spefically, IceWM (the test machine for this article was a PII 266 running Red Hat 7.3). Create a user and login. Install IceWM and create an ".xinitrc" file in your home directory. Use vi and add one line to the file - "exec icewm". Next time you login/reboot IceWM should be your window manager (Infidel2 is the coolest theme, btw). You should also notice much faster boot and response times. Type "free" at a console before and after installing IceWM should you want to see numbers. Other window managers to consider are Blackbox and Fluxbox. Has anyone ever used Matchbox on a desktop? What good is a tight window manager if you have to use Netscape, Mozilla, or Konqueror. Well, you don't. Two small, fast and surprisingly well-rendering replacements are Galeon and Dillo. Galeon is included in most modern distros, so just select it during the install process. When running Galeon for the first time, it may be a good idea not to choose to use the smart toolbar/tabbed browsing features. Don't overcomplicate a good browser. The downside to Galeon is that it requires Mozilla to be installed, both using the Gecko rendering engine. This brings up Dillo. Unless you use Opera on a handheld, Dillo will probably be the smallest browser you'll ever use - the tarball is a whopping 303 KB. You can download the latest Dillo, 0.6.6, at http://dillo.cipsga.org.br/download.html Once installed, you have to copy the "dillorc" file found in the dillo directory to your new .dillo directory. A perl script, dillconf.pl, is included at the end of this text that will copy and configure dillorc based on user input. One last part that adds security as well, is to shut down uneeded services in inetd or xinetd. And on Red Hat, you can use "chkconfig" to stop services found in rc.d. For example, to shut off sendmail, enter the command chkconfig --level 2345 sendmail off and you'll notice the absence of sendmail during boot-up. If you're using a tower, shut down apmd. No mattter what kind of box you're using, shut down wine. In addition, perform a little kernel optimization by cd'ing to /usr/src/linux-2.4.X-X and typing "make menuconfig". If you're reading this, you probably use console apps most of the time anyway. But go ahead and treat yourself to a little GUI action. You can even theme/customize your desktop, which is a lot of fun in the author's opinion, and stay fast. With a thinned-down distro, you can have the best of both worlds. ************************************************************************* #!/usr/bin/perl system("/usr/bin/clear"); print "dilloconf.pl - configures dillorc\n"; print "---------------------------------\n"; # Get working directory print "From what directory did you install Dillo? (ex. /home/user): "; chomp( $home = <> ); # Check that dillo has been installed and run if ( -d "$home/.dillo" ) { print "\n>> Dillo is installed. Proceeding..."; } else { die("\n>> Check your directory input or run Dillo once before running dilloconf...\n\n"); } # Get Dillo version print "\n\nWhat version of Dillo are you using? (ex. dillo-0.6.6): "; chomp( $dil_ver = <> ); # Customize dillorc print "\nWhat size do you want the initial browser window to be? (ex. 1024x768): "; chomp( $scr_res = <> ); print "\nWhat do you want to set your home page to? (ex. www.2600.com): "; chomp( $hm_page = <> ); print "\nDo you use a proxy to connect to the Internet? (y or n): "; chomp( $ans = <> ); if ($ans =~ /y/) { print "\nWhat is the name/IP of the proxy server? (ex. 123.45.67.89:8080): "; chomp( $prox_ip = <> ); } else { $prox_ip = "#http_proxy=http://localhost:8080/" } open(INPUT, "$home/$dil_ver/dillorc") || die("\n>> Double-check your directory input then rerun dilloconf...\n\n"); open(OUTPUT, ">$home/.dillo/dillorc"); while () { s/640x550/$scr_res/; s/dillo\.sourceforge\.net/$hm_page/; s/dillo\.cipsga\.org\.br/$hm_page/; if ( $prox_ip =~ /#http_proxy=http:\/\/localhost:8080\// ) { s/#http_proxy=http:\/\/localhost:8080\//#http_proxy=http:\/\/localhost:8080\//; } else { s/#http_proxy=http:\/\/localhost:8080\//http_proxy=http:\/\/$prox_ip\//; } print OUTPUT; } close(INPUT); close(OUTPUT); print "\n>> Config complete...\n\n"; ************************************************************************* ==================================================================== 6. *** Random Stuff From the Net *** [www.southernct.edu/robots.txt] User-agent: * Disallow: /2ndlevel/ Disallow: /styles Disallow: /coursecat/ Disallow: /schedules/ Disallow: /test Disallow: /misc-temp Disallow: /departments/counseling Disallow: /departments/facdev Disallow: /departments/banner Disallow: /departments/alumni Disallow: /departments/finadm Disallow: /_catalogue/ Disallow: /catalogue/ [iris.southernct.edu/stats/usage_200211.html] # Hits Files KBytes Visits Username 1 1372 1.72% 1371 2.52% 17481 3.81% 11 0.41% spahn 2 846 1.06% 846 1.55% 7942 1.73% 3 0.11% rosa_rivera 3 714 0.89% 678 1.24% 7262 1.58% 15 0.56% nathan_wilder 4 679 0.85% 266 0.49% 2513 0.55% 4 0.15% stan_walonoski 5 615 0.77% 614 1.13% 8727 1.90% 8 0.30% r_workman 6 599 0.75% 599 1.10% 6386 1.39% 9 0.34% emmett_dennis 7 540 0.68% 530 0.97% 5814 1.27% 22 0.83% terrell_bynum 8 412 0.52% 412 0.76% 4229 0.92% 1 0.04% yuquan_lu 9 395 0.50% 395 0.72% 5757 1.26% 10 0.38% mehdi_mostaghimi 10 373 0.47% 373 0.68% 3433 0.75% 2 0.08% kimberly_almeida 11 362 0.45% 362 0.66% 3393 0.74% 9 0.34% richelle_clini 12 334 0.42% 334 0.61% 3480 0.76% 6 0.23% jizhuang_chen 13 320 0.40% 320 0.59% 3734 0.81% 4 0.15% alfred_williams 14 317 0.40% 317 0.58% 3357 0.73% 1 0.04% mark_spiegelhalter 15 317 0.40% 317 0.58% 6560 1.43% 5 0.19% sherlly_contreras 16 316 0.40% 314 0.58% 3477 0.76% 4 0.15% ryan_nobrega 17 293 0.37% 290 0.53% 2182 0.48% 9 0.34% norma_santiago 18 288 0.36% 280 0.51% 5076 1.11% 3 0.11% lillian_amena 19 286 0.36% 286 0.52% 3160 0.69% 6 0.23% louis_morrison 20 280 0.35% 280 0.51% 2970 0.65% 3 0.11% chitsamay_lam [ftp.ascii.co.jp] Connected to at3.ascii.co.jp. 220 at3.ascii.co.jp FTP server (Version wu-2.6.1(1) Fri Nov 30 14:17:01 JST 2001) ready. Name (ftp.ascii.co.jp:screamer): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. total 10 dr-xr-xr-x 2 staff 512 Nov 8 2000 bin dr-xr-xr-x 2 staff 512 Nov 8 2000 dev dr-xr-xr-x 2 staff 512 Nov 8 2000 etc drwxr-xr-x 6 wwwadm 512 Sep 20 1999 pub dr-xr-xr-x 4 staff 512 Nov 8 2000 usr 226 Transfer complete. ftp> cd etc 250 CWD command successful. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. total 6 -rw-r--r-- 1 staff 9 Nov 8 2000 TIMEZONE -r--r--r-- 1 staff 49 Nov 8 2000 group -r--r--r-- 1 staff 62 Nov 8 2000 passwd 226 Transfer complete. ftp> cd .. 250 CWD command successful. ftp> cd pub 250 CWD command successful. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. total 10 -rw-rw-r-- 1 wwwadm 31 Sep 1 1997 .htaccess drwxrwxr-x 5 wwwadm 512 Oct 10 2001 GNU drwxrwxr-x 3 wwwadm 512 Jul 9 1997 TeX drwxrwxr-x 3 wwwadm 512 Dec 17 2001 linux drwxrwxr-x 4 wwwadm 512 Nov 27 2001 my-unix 226 Transfer complete. ftp> quit 221-You have transferred 0 bytes in 0 files. 221-Total traffic for this session was 1554 bytes in 3 transfers. 221-Thank you for using the FTP service on at3.ascii.co.jp. 221 Goodbye. [cobra.icertified.net] ############################################################### # HackBot v2.14 2002 / http://ws.obit.nl/hackbot/ # # # # Marco van Berkum - m.v.berkum@obit.nl # # Kristian Vlaardingerbroek - kris@obit.nl # # Raymond Vrolijk - raymond.vrolijk@veronica.nl # # Pepijn Vissers - zoef@zoefdehaas.nl # # Martijn Mooijman - foobar@obit.nl # # Herman Poortermans - herman@ofzo.nl # ############################################################### Sat Nov 9 00:45:53 EST 2002 Checking named host cobra.icertified.net ... trying to resolve hostname cobra.ic ertified.net resolved host to: 216.226.152.180 It is not a known spammer, thank you spamcop (www.spamcop.net) Identd ------ No Identd on 216.226.152.180, skipping full identd scan Trying simple Telnet fingerprint -------------------------------- No telnet Checking for FTP server ----------------------- FTP Server Found: 220 cobra.icertified.net NcFTPd Server (licensed copy) ready. 421 Anonymous logins are not allowed here. Trying MTA - Relaying, VRFY and EXPN ------------------------------------ 220 cobra.icertified.net ESMTP Sendmail 8.11.6/8.11.6; Thu, 7 Nov 2002 23:46:10 -0500 (EST) Relaying not allowed VRFY not enabled EXPN not enabled Checking for SSH ---------------- SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011202 Checking for DNS ---------------- No DNS ARIN registrar Checking if we are allowed to connect to X ------------------------------------------ No X Checking for webserver on port 80 ----------------------------------- HTTP/1.1 200 OK Date: Fri, 08 Nov 2002 04:46:25 GMT Server: Apache/1.3.26 (Unix) PHP/4.2.1 Connection: close Content-Type: text/html Evil buggy Apache found! Several vulnerabilities, check http://www.apache.org PHP 4.2.1 found HTTP options ------------ Allow options : GET, HEAD, OPTIONS, TRACE Checking the webserver on port 80 for various potential problems ------------------------------------------------------------------ * /.htaccess found! * Shows access groups, users and location for .htpasswd files * http://www.apache.org Checking for ida ---------------- Unicode tests ------------- Checking for unicode with ..%c0%af.. Checking for unicode with ..%255c.. checking for nimda infection ---------------------------- ---> - All scans done. Hackbot 2.14 - ---> Exiting. 7. *** Review – “Linux Programming By Example” *** By: Screamer Chaotix “Linux Programming By Example” was released in 1999 by Kurt Wall, and after seeing a review for it on Slashdot I figured our own review was in order. Having read dozens of positive reviews, and only one negative personal feedback, I decided to drop down the cash and purchase it myself. First off, it’s not easy to find. Amazon was wiped clean of even used copies once the Slashdot article appeared, as were Barnes and Noble and Ebay. I finally found my copy at half.ebay.com, where you can purchase various used products. One seller was asking 60 dollars, another 20…I chose the 20. Upon receiving the book the first thing I noticed was it’s length, which appeared no different from other programming books. This may not sound unusual, but for a book that claims to use practical examples, I expected a bit more. I was not about to pass judgment just yet however, the book may have simply been more efficient. Plus, it never claims to teach the reader how to code in C, only how to program with Linux. The first chapter goes against the mold and actually teaches the reader about gcc and it’s many functions. This was certainly a pleasant surprise. Most programming books only give this brief mention, if anything at all. Next was make, and how to create your own makefiles. It was here I encountered the first downfall of the book, but unfortunately, it wasn’t the last. The author shows you a makefile that can be used with the programs you wrote in the previous chapter. After copying it exactly as it appeared, I found that it refused to work. I tried again, still nothing. Eventually I found several manuals online that give information about makefiles…but isn’t that what I purchased the book for? I skipped the rest of the chapter, how was I to complete it when the makefile I was intended to create didn’t even work? Next we move on to actual programming, beginning with processes. The author does a good job of explaining in layman’s terms what processes, signals, and other advanced Linux topics are, and even provides useful programs to show you how they work. Unlike other books, these programs can actually be used for something, not like “Learn C in 24 Hours” where each program is only used to demonstrate one particular function. Sadly, another problem was encountered here. While showing a program that prints out information gathered from the system clock, he mistakenly uses the letter “s” when he meant to use “puts.” Mere typo? Perhaps…but he also used “fputs” when “puts” should have been used, a blatant mistake. In fact, those mistakes render the program useless. Imagine all the lost souls trying to compile that thing. I may not know much about makefiles (never worked on projects large enough to warrant them), but I do know a little about C. I spotted the mistakes and corrected them, but I can’t understand why the source went into the books with such obvious errors. If you’re competent enough with C to spot these mistakes, you’ll enjoy how the book teaches more slightly advanced topics, such as ncurses. In fact, the final project of the book is the creation of a multi-sourced database. Having completed the book, you’re expected to create the database, and thus have the knowledge to start writing your own Linux programs. Whether this is the case or not, however, is dependant upon what you already know. Those of you looking for a book to teach you programming should definitely look elsewhere, but if you’re comfortable with the basics of C, this might be for you. The “real world” examples are extremely helpful, when written properly that is. In my opinion, a revised edition is certainly in order. People buy books for information, not to debug someone else’s code. The concept of the book is excellent, but next time, better execution would make for a much more friendly resource. -screamer [As a side note, the single negative review I read about this book had the same complaints I did…be sure to listen to individuals, not just the “professional” reviewers.] ===================================================================== 8. *** Crosstalk *** > Frequency, I’m so sick and fucking tired of the RIAA (Really Ignorant Assholes of America) demanding that people give them gajillions of dollars for the shit they make. Since when do soundwaves cost anything? You said it best in Freq 25, if they don’t like it, find another fuckin profession! God knows I don’t make zillions of dollars sitting in a studio, recording bullshit, and hanging out with all the hot roadies. [plasma coil] REPLY> I’m glad you brought up the sound waves issue, it’s something I meant to cover in last months Closing Arguments but completely forgot about. The recording industry demands we buy CD’s, what if we don’t want CD’s? Suppose we just want the music? Whether we get it on the radio, or on the internet, no one is losing out. I’m not taking that little 50 cent disc from them, all I’m doing is listening. That’ll be the day, when artists go against MTV or FM radio. And because they never will, it should be painfully obvious this whole thing is about power and control, not about lost revenue. > Frequency, I have something I’d like to tell people about (not sure if I want to use the word “advertise”), actually, I have a few things. Would it be possible to start up some sort of classifieds section in Frequency? 2600 does it, and I think it could be yet another way for people to express themselves. Personally writing an article seems like a lot of work to me, but I do have several sites I’ve created that I’d like people to see. What do you say? [Lightning Jack] REPLY> No reason to feel ashamed of using the word “advertise.” It seems we’ve come to be known as business or advertising haters, when that’s not true at all. We’re only opposed to advertising name brand products, because that means the company is paying us to do it. And that, in turn, limits our free speech. However, a classified section sounds like an interesting idea. We intend to mention it in this month’s Closing Arguments, and create a section near the bottom of this issue to get things rolling. > Frequency, From what I’ve seen, almost everyone that reads your e-zine thinks the same way. They think that seeing movies for free doesn’t hurt anyone, but truth be told, they’re hurting themselves! If everyone downloaded a movie, the studio would not make any money off of it. The same goes for the creators of the film. You might hate the studios, but where do you think those theater revenues go? They become a new film’s budget! Studios give these filmmakers financing to complete their movies, and then put them out to the public. By denying them that income, you’re raising theater prices and hurting everyone who enjoys movies. What does your one download hurt? Maybe no one in the big picture, but when nine million “individuals” all ask the same question, money is obviously lost. Don’t be surprised when fewer, or no movies are being made because no one pays for them anymore. [anonymous] REPLY> Let’s take your reasoning and examine it from a different perspective. Suppose people lost interest in garbage movies, which probably make up about 90% of what’s on movie screens at any given time. Without a doubt, money would be lost. The question is, would you still complain about no one paying the studios? Trying to force people to spend money when they don’t have to is absurd, regardless of how right or wrong it is to see a movie for free. Still, the idea of studios crumbling from a lack of income is even more absurd. Even if people cut back on paying for movies, the advertising hidden inside films is enough to cover their production costs. The studios might not make as many billions of dollars in profit as they’d like to, but that’s about it. People everywhere are forced to take paycuts, sometimes just so their boss can make more money…what makes movie and recording studios so special? > Frequency, I just turned on FOX News, there’s some breaking news going on…it deals with the Winona Ryder trial. Come on now, who gives a shit what she had in her bags!? Why must all news stations broadcast this same stupid shit over and over? I don’t turn on a “legitimate” news channel to hear about celebrity gossip. Where the hell can you get real news without all the crap? [fl3x] REPLY> Unbiased, serious news is extremely hard to come by. The best you can do is listen to several different sources and then try to make up your own mind. Everyone is bias in some way, the trick is finding the truth amid all the bullshit. Listen to shortwave radio, read independent newspapers online, then if you must, turn on CNN. Naturally this can’t be done for everything, but it should certainly be done for the more important issues. Sadly, the people are to blame as well. They buy into the media pop so easily and are blind to the real facts, but that doesn’t mean we all have to be that way. By the way, what did she have in the bag? > Frequency, Love your zine, been reading since day one. I know you support hackers like 2600 does, but sometimes you say breaking the law is wrong. Then you say it’s ok for hackers to do things as long as they don’t hurt anyone. I’m confused, when is it ok to hack into something and when is it not. [FreshWound] REPLY> Our arguments are based on morals, not laws. If you go by us, gaining access to something is perfectly fine as long as no harm is done. According to the law, that’s not the case, simply getting in is a crime in and of itself. We’ll never encourage someone to get in trouble with the law, it’s not worth it. If a computer intrusion is committed however, we’ll base our judgment on the ethical ramifications of the hack, not the legalities. > Frequency, I’ve been riding the fence between right and wrong when it comes to sharing information. I think educating the world is a good thing, but don’t think there aren’t people that will use that information against someone. Security through obscurity is just plain dumb, we SHOULD be improving things instead of sweeping them under the rug, but why should every sec hole be shown to the world? I think your readers/listeners/minions are smart enough to know that people do indeed use information for bad reasons, we should all just be a bit more responsible. REPLY> Your suggestions are admirable, but who will you actually protect? If the corporation down the street has a hole, you could tell them…but what about everyone else with the same vulnerability? Why do they get left out in the cold? Sure if it’s a software problem, alerting the software’s creator is a good idea…but what if it’s Microsoft? They have a track record of ignoring problems until almost the entire world has been attacked, and that doesn’t always ensure a patch. Or what if you find an Apache hole? Millions of people are vulnerable for the weeks it takes them to create a patch…don’t they have a right to know this, if only so they can stop using it? ========================================================================= 9. *** Closing Arguments *** Seems like we can never get a break. Hackermind.net has been down for a few weeks now, for legitimate reasons I won’t discuss here. As of this writing we’re working to get everything back in order, so hopefully by the time you see this the site will be back up. If it isn’t, rest assured it will be. If nothing else, we’d like to create new sections on the site to give people more incentive to keep visiting. We’ve had several ideas of what to do, but if you have any of your own, please let us know. And remember, we still have some pretty huge events planned. We’d like to have more All Nighter’s, as well as other things we’re keeping secret for the time being. Hackermind might not be airing every week, but we’re definitely still here. I mentioned in Crosstalk that I’d make an announcement for the new “Classifieds” section, so I’m going to do just that. If you’d like to tell our readers about something, or advertise something, or look for like-minded individuals in your area, whatever…feel free to submit your ads to screamer@hackermind.net. Here’s the catch, you have to have an article published first to even be considered. Therefore, anyone who has ever had an article in the ezine is welcome to submit an ad or two. We’ll create the section next month, and run it whenever necessary. For now, we’ve started a “mini-classifieds” section toward the bottom of this issue. What to expect in coming months, especially as we near the 30th issue? You might have noticed Frequency tends to get a slightly different appearance every ten issues or so, and 30 will be no different. It won’t be anything drastic, just something to relax your eyes and give everything a new look. One thing that’s definitely staying is our cover, it’s one of the key things that makes us unique! Think about it, what other ezine out there had a cover before we did? I know I can’t think of any. Plus, the cover helps to convey a message of its own. Whether it’s made out of just pure fun, or has a deeper meaning, the cover gives each issue an identity all its own. Long live the cover. The question of the ConLine has come up as well this past month, do we ever plan on using it again? Absolutely! Nothing is more fun than hopping on a conference call with fellow hackers and chatting the night away, so we’ll let you know when the next conference call is going to take place. And as usual, I’ll probably wind up walking down to a payphone at some point. Plus, as a new feature on our site, we can finally start putting up those conferences for download…the new age of the phreak is born. Cookies and peanut butter, nothing to do with hacking right? Right, so let’s move on. For many people the newest issue of “Equal Access” will be their last. A sad day, no doubt. Still, we’d like to send them a much more public thank you for their support, without them the zine would have become just another crazy idea scribbled on a wrinkled post-it note crammed into the back of a drawer. For those of you with another year coming, we’re working on them as we speak. And of course, for everyone who never got around to subscribing, we’ll see if we can’t get a few issues online in the future. Oh, to everyone who’s subscription just ended…like how the last page was a “yellow page”? …am I the only one that thinks that’s cool? And that’ll do it for my random bullshit this month. Stay tuned for the next issue where we’ll be sure to push buttons and give the world the straight shit, and look amazingly good while we do it. Or perhaps we’ll just get beaten with baseball bats by a legion of pissed off cDc lovers…who knows? Until then, adios and bad riddance. -screamer ========================================================================= 11. *** Most Wanted *** [This is our new “classifieds” section for anyone and everyone who has ever been published. It’s stuck down here until we know for sure whether we want to keep it or not, we’d hate to see this zine turn into a haven for ads. Have something to tell the hacker community, or the entire world for that matter? Send it directly to screamer@hackermind.net.] ==Wanted: People With Certification Experience== Frequency would like to have a section dedicated to people who have either taken their certification tests, or are just about to, for an upcoming multi-part article. If you fit the mold, send Screamer a line at the usual address. =================================== ==================================================================== 10. *** Crew *** Editor in Chief – Screamer Chaotix Webmaster – Dash Interrupt Network Administrator – Leland D. Peng NT Specialist – Unreal Radio Specialist – w1nt3rmut3 Writers – Lucid, Kevin Mitnick, JayX, dual_parallel Shout Outs – Kamikaze, Clan MacGregor, jojokeystone, InformIT, wbglinks.net, badastronomy.com, linuxbrit.co.uk SEND ARTICLES TO – articles@hackermind.net W W W . H A C K E R M I N D . N E T