Byte-Sized Justice: A Tale of Hacker Ethics and Copy Protection

by The Mage

In the Summer 2023 issue of 2600, Albert Einstable shared an intriguing anecdote about a method to disable a program if a customer ceased subscription payments during the early days of personal computing.

Inspired by this, I've decided to recount my own related, albeit much more mischievous, tale about my unique way of dealing with the unauthorized use and theft of my code.

Rewind to the early-1990s, a golden era for hackers and telecommunications.

I was on the brink of my teenage years but already seasoned in programming, hacking, and online communications.  Living in a somewhat isolated rural area - about a two to three hour drive from any major city - left few opportunities for rubbing shoulders with fellow coders or hackers.

My lifeline to the hacker community from this remote location was the world of Bulletin Board Systems (BBSes), a thriving hub of communication for technology enthusiasts like myself before the concept of the Internet and online services took shape in the mainstream.  I had been accessing various BBSes for a few years and even created my own when I was 10.  By 13, I was sharing source code for my security tools and applications on my BBS, seeking feedback, and eagerly entertaining suggestions for features and improvements.

Considering my age and the era, licensing and copyright topics didn't cross my mind.  My joy was in coding, shaping my programs based on other people's suggestions, and connecting with other hackers.

I had many users dialing in daily to partake in the online games I designed and hosted, to download the security tools I created, and to communicate using the forums and messaging system.

However, the peace and tranquility of my BBS were disrupted when a semi-local BBS, located about an hour's drive away in a different area code, started plagiarizing my code, modifying authorship details, and reselling the compiled applications as their own.

This was an era when people generally accessed a BBS only if it was a free local call.  Thus, they most likely assumed that their theft and unauthorized distribution of my content would fly under the radar.  However,I had my ways of avoiding call charges and therefore kept a vigilant eye on many other systems, including this dishonest one.

As a 13-year-old, utterly engrossed in hacking computers, playing video games, and listening to alternative rock music, the idea of someone profiting from my creations was downright irritating!  Even more so when they were reselling my security/hacking utilities and business tools, indicating a significant lack of technical competence or sheer laziness to do anything beyond modifying a few text strings and recompiling the software so that they could profit.

At one point, in response to a user's request, I shared the configuration files of my BBS to help them establish their own.  This enemy BBS operator had no qualms about using those to replicate my system, down to its look and feel.  And, in an amusing display of oversight, he even forgot to change the BBS name!  Although a friend found it funny when he stumbled upon the obvious replica, I was not amused.

Being relatively introverted and young at the time, directly confronting someone I assumed was an adult who may escalate things into physical confrontation was not an option that I was willing to pursue.  I was not about to stop coding or sharing my work either.  This was a vital creative outlet, a gateway to connecting with other hackers, and a launchpad for many exhilarating cyber-adventures.

I decided to address the issue my own way.  At that time, I was working on a security utility that I knew would be a tempting high-value target for this deceitful BBS operator.  Given my assessment of their technical skills and overall intelligence, I slightly altered my usual approach for this utility's release.  Instead of providing the complete, uncompiled source code, I precompiled a library file essential for compiling and executing the utility, including clear instructions on how to do so, in anticipation of their technical ineptitude.

Within the source code, I explicitly mentioned that the code was shared for educational purposes and to garner feedback.  I welcomed modifications and was keen on seeing people's creative extensions.  However, I emphasized the prohibition of changing the name of the application or author.

Additionally, I include a disclaimer stating that I, the author, offered no guarantees about the code's execution, error-free operation, or the absence of unintended consequences if modified.  In retrospect, I suppose I assumed this was a common understanding, but I felt compelled to state it explicitly now.

My "copy protection" was nestled in that pre-compiled library.  In its simplicity and perhaps dramatic flair, it was designed with a singular target in mind: the persistent thief.  On execution, the application checked the value of the variables containing my name.  If modified, the copy protection would spring into action.

I could have designed it to simply halt the utility or display an error message indicating a modification.  But I had a more drastic plan.  My protection corrupted the File Allocation Table (FAT), causing the computer to lose track of file locations.  Furthermore, it deleted the Master Boot Record (MBR), effectively immobilizing the computer as it would lose its bearings and be unable to locate the operating system upon being powered up.  If this enemy to my state wanted to play rough, I was in.

When I was ready, I posted the utility.  I set a login alert for their account, so I was notified and able to watch as the hostile BBS operator logged in and downloaded the utility's source code, leaving me to wait in anxious anticipation.

This was a time when Anti-Virus (AV) software wasn't widely prevalent, but that still left room for uncertainty about whether my code would execute.  Moreover, I hadn't tested it myself.  I was young and poor and didn't have a system I was willing to brick to ensure its effectiveness.  And then there was the off-chance that the operator had system backups to recover from a decimated MBR and lost files.  All of these potential modes of failure were running through my mind as I saw them siphon the bits and bytes of my latest utility over the phone line.

Then another concern struck me: What if an innocent coder downloaded this, merely seeking to learn from my work?  Swiftly, I pulled the code offline, disabled the destructive functions, and re-posted it, ensuring no collateral damage.

A day later, I called the thief's BBS using an untraceable account and phone number.  There were no signs of anything amiss, so I logged off.  Then, the next day: Ring.  Ring.  Ring.  No answer.

The following days also yielded only unanswered calls.  Finally, a message on another local popular BBS revealed the indefinite offline status of the thief's BBS due to "irrecoverable computer issues."  While I couldn't definitively attribute this to my "copy protection," the satisfaction was undeniable, and I indeed achieved the ultimate result, as he never tried to steal my code again.

While I wouldn't advocate such drastic measures today, my younger self felt justified by the explicit warnings, labels, and disclaimers I had included in the code.  Nowadays, advanced and readily available tools offer far safer and more effective ways of code protection, though perhaps lacking the thrilling edge of my youthful ventures.

As I conclude this article, I'm reminded of the wise lyrics from Exode, the legendary 1990s punk rock hacker band, from their track Basement Laboratory.

All above is solemn truth,
Heed this warning intrigued youth,
Those who don't believe my tale,
You're rodents anyway.