![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
You never really realize how much you've changed till you reach a point in your life when things have come full circle again and you confront the beginning of your path from a new and more informed perspective.
I'm not sure exactly when I got the idea I wanted to be a hacker, or where I got the idea from. I know it was at some point early on in highschool. Maybe it was simply that so many people seemed to assume I already was one that it just looked like something I would fit into. All I remember for sure is that, at some point, I started actually looking into it seriously. I wanted to learn how to be a hacker.
I know, fairly early on, I came across the Kevin Mitnick story. I remember ordering from my public library system the books Takedown by Tsutomu Shimomura, and The Fugitive Game by Jonathan Littman, though honestly at this point I can't recall which one I enjoyed more. While reading one or the other of those books, I know I started keeping a notebook; the first notebook I'd ever kept on a non-academic subject, I believe. I may have even gotten the idea from something mentioned in one of the books about Mitnick, though at this point my memory is not clear enough to be sure of that. I kept in that notebook a great deal of information. Unix commands that were mentioned, even though I'd never even seen a unix system. Default passwords. Usernames. Important websites that had been mentioned. I remember I found quite a lot that interested me at the time that I felt was worthy of writing down for future reference. In retrospect, I'm not sure I'd feel the same way. I kind of wish that I could go back over that notebook and review what, exactly, was there. I got rid of it years ago, though, when I thought I had grown out of my desire to be a hacker like Kevin.
I do know that my interest (and my notes) grew from there, though. I watched the movie Hackers and taught myself the good info it contained (such as the names of some of the rainbow books) as well as the bullshit. I watched War Games in much the same way. I started to search online for more information. I found some very nice sites, real repositories of info, even if most of it was just in text files. I kept every one of the addresses for those sites written down in my notebook, rather than bookmarked, along with a small description of what was on the site. In many cases, I came to memorize the urls for the best sites. And my notebook was growing. Entire pages were devoted to common passwords, common usernames, default login/password combinations on various systems... even systems I had never heard of outside obscure references in one book on a famous hacker or another. Most people would probably never have bothered writing them down, after all these were well-known security vulnerabilities, obviously places would have fixed them by now. But I caught on fairly early to one simple fact: the weakest point of security on any system is the human one, and default login/password combos are defaults because they're simple and easy to remember. That's always going to make them attractive from a human perspective. And, in fact, eventually that paid off for me. On a popular free email provider, I decided to try a bit of brute-force hacking with just the default login/password combos from various systems. I got into two separate accounts. Three, actually, since one of them was forwarding mail to a third account on another free email provider with the same username and password combo. I never did anything with this information other than look at some of the mail that had already been opened (I was being very cautious so as not to even mark an email read that had not been and thus leave evidence that I had been there), though I did make the mistake of sharing it with someone else who went on to delete everything in the accounts. Needless to say, the passwords for those accounts were rapidly changed and I no longer have access to them.
At another point I also have trouble pinpointing, I gave up on hacking. I believe I was still in highschool, or recently graduated. But it really just lost its appeal for me. Breaking into systems started seeming less and less like a worthy goal. Cracking software, even, seemed petty when confronted by the growing Open-Source movement that were rapidly working to duplicate functions of high-priced software for free on many environments. Why download a warez version of Photoshop 5 and have no reliable way to update it in the future when you can download programs like the GIMP for free, even on Windows platforms?
And slowly, over the years, I've stopped even thinking of people like Kevin as hackers. More and more, they've become crackers in my mind. So they can break into people's accounts... there are automated programs that can do as much using dictionary attacks. I've started looking at a different group as the real hackers. Programmers, going back to the original sense of the word. Modders. Virtual Adepts. All the people that really work to understand a system and make it better, not just to find the cracks in it and exploit them for their own gain. The people that create things, more than they work at taking things that others have created.
I'm not saying there's no room for a gray area. Increasingly, there is. Wardriving is one gray-hat thing I'm very much in favor of... the mapping of free/unsecured wireless access points. More and more, wireless bandwidth is becoming a precious resource and it can be invaluable to know where you can get that resource for free rather than having to pay ridiculous sums for a few hours access that costs the distribution point nothing. I recently made use of such an open network to contact a friend and get directions to a party I was attending in October that I was late for. And I regularly make use of such a network to get internet connectivity for my laptop during my (ironically) Computer Networking and Security class. (No, the open network isn't from my school.) But I don't abuse that access by hogging bandwidth or doing illegal things on their network.
Which kind of brings me to how things have come full circle for me. It's about ten years since I first decided I wanted to be a hacker, and learned the story of Kevin Mitnick. I've come a long way since then. I've used Unix (through OS X) and recently tried out some forms of Linux, I've learned some programming, I'm taking classes in computer networking and security, I've reached the point where I can comfortably build my own computer, and in general I understand a lot more about computer security and related concepts than I did then. Today I watched the movie Operation Takedown. It's (somewhat loosely) based off of the story of Kevin Mitnick as portrayed in the similarly-titled book by Shimomura, one of the men who caught him. And it struck me, rather powerfully, how much my perception has changed. I no longer idolize Kevin as I once did. I can respect his skills, particularly with regard to social engineering, but ultimately of the two figures I find I can identify far more at this point in my life with that of Shimomura. And of the two, Tsutomo Shimomura is the one that I would now consider to be a hacker in the true sense of the word.
I want to be a hacker again....
I'm not sure exactly when I got the idea I wanted to be a hacker, or where I got the idea from. I know it was at some point early on in highschool. Maybe it was simply that so many people seemed to assume I already was one that it just looked like something I would fit into. All I remember for sure is that, at some point, I started actually looking into it seriously. I wanted to learn how to be a hacker.
I know, fairly early on, I came across the Kevin Mitnick story. I remember ordering from my public library system the books Takedown by Tsutomu Shimomura, and The Fugitive Game by Jonathan Littman, though honestly at this point I can't recall which one I enjoyed more. While reading one or the other of those books, I know I started keeping a notebook; the first notebook I'd ever kept on a non-academic subject, I believe. I may have even gotten the idea from something mentioned in one of the books about Mitnick, though at this point my memory is not clear enough to be sure of that. I kept in that notebook a great deal of information. Unix commands that were mentioned, even though I'd never even seen a unix system. Default passwords. Usernames. Important websites that had been mentioned. I remember I found quite a lot that interested me at the time that I felt was worthy of writing down for future reference. In retrospect, I'm not sure I'd feel the same way. I kind of wish that I could go back over that notebook and review what, exactly, was there. I got rid of it years ago, though, when I thought I had grown out of my desire to be a hacker like Kevin.
I do know that my interest (and my notes) grew from there, though. I watched the movie Hackers and taught myself the good info it contained (such as the names of some of the rainbow books) as well as the bullshit. I watched War Games in much the same way. I started to search online for more information. I found some very nice sites, real repositories of info, even if most of it was just in text files. I kept every one of the addresses for those sites written down in my notebook, rather than bookmarked, along with a small description of what was on the site. In many cases, I came to memorize the urls for the best sites. And my notebook was growing. Entire pages were devoted to common passwords, common usernames, default login/password combinations on various systems... even systems I had never heard of outside obscure references in one book on a famous hacker or another. Most people would probably never have bothered writing them down, after all these were well-known security vulnerabilities, obviously places would have fixed them by now. But I caught on fairly early to one simple fact: the weakest point of security on any system is the human one, and default login/password combos are defaults because they're simple and easy to remember. That's always going to make them attractive from a human perspective. And, in fact, eventually that paid off for me. On a popular free email provider, I decided to try a bit of brute-force hacking with just the default login/password combos from various systems. I got into two separate accounts. Three, actually, since one of them was forwarding mail to a third account on another free email provider with the same username and password combo. I never did anything with this information other than look at some of the mail that had already been opened (I was being very cautious so as not to even mark an email read that had not been and thus leave evidence that I had been there), though I did make the mistake of sharing it with someone else who went on to delete everything in the accounts. Needless to say, the passwords for those accounts were rapidly changed and I no longer have access to them.
At another point I also have trouble pinpointing, I gave up on hacking. I believe I was still in highschool, or recently graduated. But it really just lost its appeal for me. Breaking into systems started seeming less and less like a worthy goal. Cracking software, even, seemed petty when confronted by the growing Open-Source movement that were rapidly working to duplicate functions of high-priced software for free on many environments. Why download a warez version of Photoshop 5 and have no reliable way to update it in the future when you can download programs like the GIMP for free, even on Windows platforms?
And slowly, over the years, I've stopped even thinking of people like Kevin as hackers. More and more, they've become crackers in my mind. So they can break into people's accounts... there are automated programs that can do as much using dictionary attacks. I've started looking at a different group as the real hackers. Programmers, going back to the original sense of the word. Modders. Virtual Adepts. All the people that really work to understand a system and make it better, not just to find the cracks in it and exploit them for their own gain. The people that create things, more than they work at taking things that others have created.
I'm not saying there's no room for a gray area. Increasingly, there is. Wardriving is one gray-hat thing I'm very much in favor of... the mapping of free/unsecured wireless access points. More and more, wireless bandwidth is becoming a precious resource and it can be invaluable to know where you can get that resource for free rather than having to pay ridiculous sums for a few hours access that costs the distribution point nothing. I recently made use of such an open network to contact a friend and get directions to a party I was attending in October that I was late for. And I regularly make use of such a network to get internet connectivity for my laptop during my (ironically) Computer Networking and Security class. (No, the open network isn't from my school.) But I don't abuse that access by hogging bandwidth or doing illegal things on their network.
Which kind of brings me to how things have come full circle for me. It's about ten years since I first decided I wanted to be a hacker, and learned the story of Kevin Mitnick. I've come a long way since then. I've used Unix (through OS X) and recently tried out some forms of Linux, I've learned some programming, I'm taking classes in computer networking and security, I've reached the point where I can comfortably build my own computer, and in general I understand a lot more about computer security and related concepts than I did then. Today I watched the movie Operation Takedown. It's (somewhat loosely) based off of the story of Kevin Mitnick as portrayed in the similarly-titled book by Shimomura, one of the men who caught him. And it struck me, rather powerfully, how much my perception has changed. I no longer idolize Kevin as I once did. I can respect his skills, particularly with regard to social engineering, but ultimately of the two figures I find I can identify far more at this point in my life with that of Shimomura. And of the two, Tsutomo Shimomura is the one that I would now consider to be a hacker in the true sense of the word.
I want to be a hacker again....
Tags:
no subject
Keeping notebooks full of information goes way back to the early 1980's, when cracking was still a mysterious and wonderful thing to most people. It was a point of pride to show off a composition book stuffed to the gills with phone numbers, accounts, and connection criteria. Notebooks are also emminently practical for organising information, but they have the same problems as any hardcopy: They can't be easily copied, they can be stolen, and they make good evidence against you.
Cracking used to be a very boring task: Plugging a few hundred passwords into the same account on a machine isn't entertaining or dramatic, though when one actually works it's a real "Holy shit!" moment. Giving up on one default account and moving on to another only exacerbates the boredom, because you have to start the whole password bruteforcing process over again.
Terminal emulators with scripting languages were a miracle when they got big, because they could automate the process to a certain extent.
Cracking software can still be fun because it often involves reverse engineering executable code to some extent, which is a puzzle in and of itself. It's rewarding because you're not only figuring out what went on inside the head of the coder, but you're also pitting your wits and knowledge against the compiler and assembler that generated code often entirely unlike what the developer originally wrote (especially when the optimisation functions are activated). Sometimes it's the only way to keep use of a programme that is so old that you can't even find docs for it anymore, let alone support.
There's another big plus of The Gimp: You can write your own plugins.
Arguably, they really never were hackers because they spent so much time cracking into networks. In defense of an earlier portion of a timeline, though, figuring out how a network is put together when you don't have any information on it takes some of the hacker spirit because you're working blind unless you start uploading your own tools to figure out where the connections are, what kind of connections they are, what an anomalous node in that network is, figuring out what kind of countermeasures there are.. it takes ingenuity and creativity to sneak around inside a network the same way you'd case a bank vault without getting nailed. Lots and lots of patience and paranoia, too.
..the people who take technology and use it in ways it was never originally intended. The people who turn science into art.
Have you ever watched a PC demo before, Jarin? Or seen the warez intros and demos from the heyday of the 8-bit CPU?
Free wireless access can also save butts in a crisis. I mean really save people.
Kevin's a nice guy. He's very witty once you get him going and interesting to talk to. And yes, he's much more of a social engineer than a hacker. Unless things have changed in the past couple of years (and they may have), he wasn't much of a coder then, either.
Have you ever read this?
no subject
That's probably very true. *whistles innocently, tries to be very inconspicious about the new notebook he's holding labeled "Computer Security"... that is not a class notebook*
Funny, I don't even think I let anyone know that notebook existed. I kept it with me all the time and used it constantly, but it was a simple composition book and it looked like any of my other school notebooks. I believe I purposely left it unlabeled. I certainly wouldn't have considered showing it off as a point of pride. Just never occurred to me.
And yeah, I was aware of the security issues. I know I had a plan for what to do with it in that case, but at this point I don't really recall what it was. I have a hunch it involved burying it in the woods behind my house. (We owned 21 acres.) I was reasonbly sure that by the time I learned enough to do anything that would actually bring me to the attention of the authorities, I would also have learned enough to at least have some warning they were coming. Probably a niave assumption in retrospect. Though I will say that at least I knew enough to be cautious in what I attempted.
Yeah, I think that I remember one of the books on Mitnick saying that his real strength was patience in that regard, that he would go through lists of passwords trying things until he found a combination of username and password that worked, just a plain dictionary attack. I'm not certain of that anymore, though, it's been a while since I've read the books. (I really should check them out from the local library here and see what I can gain from them now that I have more knowledge and experience under my belt.)
Which definitely helped with speed and tedium, yeah. At the same time, though, that's the technology that would eventually lower the bar and usher in the era of the script kiddies.
no subject
It depends.. back then, it was possible to get at least a little warning because the surveillance and monitoring tactics were immature and largely untested, so mistakes were made. Wiretaps would sometimes disrupt data traffic, so if you ever had problems connecting to known-clean lines, it could tip you off. Mostly, though, it was a healthy dose of paranoia and the instinct for self-preservation.
Burial would work, but the signs of burial are hard to disguise. If they were inclined to search all 21 acres, I wouldn't put it past them to call out the professionals who specialise in searching the woods for things amiss.
From what I've read, it was more advantageous for him to social engineer connection credentials out of people than it would be to manually brute-force passwords.
That is also true.
no subject
I think they'd gotten a little better in their tactics by the time I was involved in that stuff (Somewhere between 95 and 99.) I just was a bit naive, I think. Then again, I never really tried anything big, so I doubt I really would have attracted much attention in the first place.
That's also why I doubt they would check all 21 acres for the vague possibility something might be buried. Especially since the woods themselves continue on a great deal past that and nothing says I would have had to stick to the portions of the woods we actually owned.
Hmm, possibly I'm thinking of someone else, then. I know I read a lot of hacker biographies around the same time, I may be mixing him up with one of the others.
no subject
There is a utility called DBAN - Darik's Boot and Nuke - that can do just this. You put a disk in the drive, reboot, and stand back as it overwrites the hard drives. I've used it in the past on systems that were being decomissioned for disposal, and it does an excellent job.
I'd also suggest overwriting the slack space on filesystems to make sure that older versions of files that aren't encrypted (you DO save every few minutes, don't you?) are unrecoverable. It doesn't help a lot to encrypt a file you've been working on if your text editor's tempfiles and earlier versions can be picked out of the unallocated space in the filesystem.
Degaussing strips would work if you could pump enough power through them to wreck the data on the drives. I don't know how practical they would be to implement, though.
An old friend of mine was planning the construction of a Faraday cage to store his drive array in. His idea was to put a Tesla coil in the cage along with the drive array and a firing trigger to turn the sucker on in case he got Jacksoned.
I'm more familiar with their surveillance and data forensics techniques than I am the raid techniques of police forces and federal agencies.
no subject
Honestly, I'm not so good at saving every few minutes. When I start working on something, I have a tendency to tune out the outside world and the passage of time, and all to often that includes the sense that I need to save. I have started to find ways around that, though, with programs that will autosave what I'm working on and recover it for me in the event of a failure. I use enough of those programs now that I kind of get annoyed at programs which do not have that behavior, such as firefox. Opera was a really good browser for that trait, but that's about the only thing I like about it any more. Are there programs out there to automatically erase just the empty parts of a drive to military specs? I'd been thinking of something like that the other day but never really looked into it yet. I believe I was considering the possiblity of running something like that alongside a utility like OS X's that defrags on the fly.
Not sure on the degaussing loop either, honestly I think I may have seen that idea used on a TV show, so probably it wouldn't actually work. I like your friend's idea, though.
no subject
They probably got the virtual memory encryption code from OpenBSD, I know that it implements that functionality natively.
I made it a habit long ago to save every couple of minutes. You never know when something will happen and you'll lose whatever you happened to be working on. Especially when you were working on a VAX late on Saturday, which is often a scheduled maintenance window.
Do you know if someone's written a Firefox extension to bookmark your open tabs periodically? That seems like a nifty thing to have around.
I don't know if there are any such programmes out there; statistically speaking, there have to be. A quick search of Freshmeat or Sourceforge might be in order.
I typically make a few dozen copies of a directory of .mp3's to fill up disk space and hopefully overwrite the slack space, though on a journalled filing system that's probably not going to do much.
A degaussing loop was mentioned in Neal Stephenson's Cryptonomicon as a countermeasure for a raid on a certain data centre.
no subject
I've tried to make a habit of that as well, but I tend to tune out the passage of time too much to notice when those few minutes have passed, or I get on a roll and don't want to stop long enough to even press command-s. Stupid, I know.
I don't believe anyone has made such an extension yet. There is one extension that claims to actually restore firefox sessions, but the last time I tried it the extension really didn't work reliably and seemed to cause program failures more frequently than without the extension. I decided it just wasn't worth it.
no subject
Hmmm... maybe I'll do some nosing around.
no subject
no subject
no subject
no subject
no subject
no subject
no subject
no subject
no subject
That's true. I haven't really gotten into that aspect of it, so I didn't think of it, but I'm sure that's very handy for those who are more into image editing than I am.
That's true, and I do have respect for the owners of those skills depending on how they choose to use them. From what I know of the story of Kevin Mitnick, though, I don't really think he fell into that category as much as he claimed to. I have much more respect for The Mentor in that regard, both from his Manifesto and his Novice's Guide to Hacking which I think expounds on the concept of ethical hacking rather nicely.
Yes, exactly. Today I was reading a site with an article on modding CVS digital camcorders. The disposable kind, with the big warning on them that they CANNOT be connected to a computer. Seems they found out that you can solder on a USB port and access it just fine with the right software, allowing this cheap product to be reused. THAT, to me, is a real hack.
I want to tentatively answer yes to the first question, though the way you ask it makes me think that perhaps you mean something different than I do. In this context, what do you mean by PC Demo? No to either of the second two, they were a bit before my time. Why do you ask?
That's very true. Personally I would like to see a day where free wifi is the norm, practically everywhere. Where the concept of wardriving itself has been lost because free wifi access points have become so commonplace. Where it would be more challenging to find a place without a wifi signal than with one.
Increasingly, that vision seems to be turning into reality. I've been to small towns in Minnesota and Virginia and had free open wifi access at the most unexpected times. In some cases actually paid for by the town itself.
I can actually respect him for his social engineering skills, even if I don't really approve of the application he put them to. I've made a study of social engineering beyond his work, delving back into the stories of Frank Abagnale Jr and Ferdinand Waldo Demara. They're particularly interesting because they show the kind of identity theft and security penetration that can be done through social engineering alone, without the aid of network cracking skills.
no subject
Yes, I have actually. I discovered that about two years ago, I think... maybe three. At the time it struck me as very good. I believe I ended up talking with
no subject
no subject
no subject
no subject
I agree with you; there were other crackers out there who were much more skilled at doing so.
The Mentor's a nice guy.. lots of fun to talk to.
Agreed. That's a pretty cool thing to do.
PC demos grew out of the warez intros/cracktros of the 8-bit computer scene. Back when the Commodores, Apples, and Ataris were popular, software cracking groups would remove the copy protection from games and applications and repackage the software. Because the packaged software was often smaller than the original software (because files were left out, blocks of code were deleted, or the software just didn't take up the entire disk) there was room left over. At first, title screens were altered to take credit for whomever cracked the software. Later on, entire loader programmes were written to show off the skills of the crew who'd cracked the software.
Some software crackers were skilled programmers, and really got carried away with their intros/cracktros, and went out of their way to write really tight code to show nifty graphics, play music, and stuff like that. They often did things that people thought were impossible on the 8-bits, like displaying more moving sprites at once than was commonly thought and stuff like that.
An entire scene arose of code hackers who didn't crack software, but pushed the limits of the video and audio hardware in computers - they called these hacks demos. They're on every platform, from the old-school 8-bits to the Amigas to the Wintel platform. Nowadays graphics like these are done with heavy duty graphics cards.. back then, they were done on the 80386 and 80486.
My personal favourites were done by a group called Future Crew back in the early 1990's.
http://www.oldskool.org/demos/explained has a better synopsis of the demo scene.
The next time you come over, I'll have to dig out some of the demos I used to watch .
no subject
*chuckles* You know, it's weird having conversations with someone who is essentially a peer of some of the people I idolized when first becoming interested in hacking. Kinda cool, though. :)
Yeah, I kinda want to run out and get the stuff to do it myself, though I'm probably gonna hold off on that for a while. Still, great way to get an inexpensive digital camcorder... I've heard the only downside to it is that it only plays back the movie file with the most recent designation on it.
I'm honestly not sure if I've ever seen a demo in that sense or not. If I did, I didn't know what it was that I was looking at. But at one of the computer shows I went to as a kid, I distinctly remember seeing some programs running that looked a lot like some of the images in the PC Demoscene FAQ. I'm pretty sure, though, that this would have been well after the era of 8-bit graphics. I believe they were being used to show off the graphics capabilities of some computers that were for sale at the show.
no subject
Maybe I'm a peer, maybe not. I just do my thing.
I'd say to give yourself some time because if too many projects pile up you might not get much done. At least, that's the big problem I have, and it's an easy trap to fall into.
Some folks at computer shows used to run demos. Nowadays they run demo programmes supplied by graphics card companies that rip off a lot of stuff in them. At one show, a friend and I saw a demo that pretty much ripped off all of Second Reality, which got on both of our nerves.
no subject
I meant that more in the archaic sense, a peer as in a companion or a fellow: “To stray away into these forests drear,/Alone, without a peer” (John Keats). While you certainly may be their peer in other senses as well, I would not be able to judge that, having never seen both you and they at work nor possessing sufficient experience or knowledge of the subject to evaluate your work against each other even if I had.
Yeah, I know what you mean. I usually end up making idea lists and coming back to things later when I have more time for them. I have a huge idea list (a dedicated notebook, actually) just for otherkin-related writings that I haven't gotten to yet or am still in the middle of, for example.
The computer show I'm remembering would have been quite a while ago, sometime around 1989-1991, I think. I believe I was either in third or fourth grade at the time. Though it might have been later, I'm trying to remember when it was that I got my first Windows machine... certainly before 1995, but that's all I'm really certain of, can't quite pin down a date in my mind. I know it was a Tandy from Radio Shack running Windows 3.1 and some unidentifiable shell program that nobody has ever heard of and whose name I no longer recall. Just can't remember when we got it, not even what grade I was in at the time.
no subject
..I didn't have many peers in that sense, either. A big part of the BBS scene, I found, was people boasting more than they could actually accomplish. I spent more time actually messing around with computers than I did talking about it. Later on I did find a few people with a clue but they were difficult to find.
I need to force myself to take time to sit down and do stuff anymore. There's so much going on, and so many places to go, it's not easy to figure out where, exactly, to begin. Damned frustrating, it is.
Windows v3.1 with a shell over top.. Desqview, perhaps?
no subject
no subject
So you think you're a hacker?
If you can hack this drop me a line at cutebiguyinatlanta@yahoo.com
(Because a mind is a terrible thing to face ;)
Re: So you think you're a hacker?
Re: So you think you're a hacker?
Re: So you think you're a hacker?
So u think u're a hacker?
If you can hack this drop me a line at cutebiguyinatlanta@yahoo.com
(Because a mind is a terrible thing to face ;)