Any attempt to write the history of hacking, to chart the rise and fall of hacker groups, their Bulletin Board Systems (BBS), electronic magazines ("ezines" or "zines") and fantastic exploits across the globe is going to be incomplete. It has to be, as hacker history is being re-written almost daily, the curiosity and drive of the hacker forcing them always to find new techniques to explore, new technologies to master. Covering the whole of the history of hacking and the computer underground would take up the whole of this book, so I won't even try. Instead here are a few highlights, some well-known events, the odd famous hacker, some zines and groups who made their mark on hacker history.
If you want to discover more, I recommend that you explore the history of the computer underground using the resources that are covered in Chapter 14: Learning More, any back issues of 2600 or PHRACK you can get your hands on, the LOD/H technical journals, the Computer Underground resources at the Electronic Frontier Foundation, and any of the files floating around on the net. Maybe if you investigate further you'll find all the rest of the stuff left out here from lack of time and space: the rank and file hackers, the local hacking groups and short-term zines who keep the scene alive and who are busy planning their hacking exploits for the 21st century.
Founded in 1984 by Emmanuel Goldstein, 2600 is the world's foremost hacker magazine which is printed on paper. Published four times a year, and protected by American laws on freedom of speech, 2600 has established itself as a high-profile magazine supporting hacking and hackers' rights, including long-running campaigns in support of Bernie S. and Kevin Mitnick.
One of the neatest things about 2600 is that any reader can start a local "2600 meeting" by publicizing it in the magazine, thus allowing hackers a chance to meet and talk. Most 2600 meetings I have gone to have revolved around food, coffee and, for the older hackers, the drinking of beer. During this time information is swapped and shared, tutorials are given, people dismantle mobile phones, produce laptops and odd devices, distribute their ezines, go trashing together and generally have a good time. Anyone who says that hackers are socially inept and should get out more has not attended one of these meetings. They can be recommended as ideal places to meet and talk to other hackers, but the public nature of the meetings can lead to problems.
On a typical first Friday of the month in 1992 a regular 2600 meeting gathered at a local Washington shopping mall as they did every first Friday. The idea of 2600 meetings is to enable otherwise independent hackers to meet up, chill out, eat and drink, all the while talking themselves senseless about computers. The reason why 2600 meetings happen in public places is because they are not "secret hacker meetings". They are open to anyone who cares to attend and, to ensure attendance, information about the time, place and whereabouts of 2600 meetings is widely propagated across the Internet, and published monthly in 2600 magazine.
This meeting was different. Mall security personnel surrounded the hackers and demanded that they all submit to a search. Anyone who resisted was threatened with arrest. People's names were written down, and their bags gone through. People who tried to write down badge numbers of security staff or attempted to film what was happening were further harassed. Eventually everyone was told to leave the mall or face arrest.
Emmanuel Goldstein, the editor of 2600, was outraged at the behaviour of the security staff and, using the power of the Internet to provide mass communication, alerted other people to what was going on. Eventually this information came to the attention of a local reporter who phoned the mall and spoke directly with the security director of this mall.
While the reporter was taping the interview, the security director inadvertently let out the fact that the whole search and question operation was organized by the secret service. For a long time the hacker community had suspected that the secret service was organizing local law enforcement and private security to crack down on the so-called "hacker menace". Now they had incontrovertible proof on tape that the secret service were more interested in violating their civil rights by using illegal searches and intimidation tactics than actually protecting US citizens by improving computer security and catching criminals involved in fraud and computer crime. Even now 2600 magazine is campaigning for hacker rights and asking difficult questions that need to be answered. Anyone interested in subscribing to 2600 magazine, see Chapter 14 for the address.
Chaos Computer Club
The Chaos Computer Club is a German hacker group founded in 1981 in Hamburg. Considerably more political than most of the US hacking scene, a list of CCC career highlights reads like something out of cyber-fiction.
In 1984 the CCC informed the German Post Office of a security flaw in the Bildschirmtex system. After the Bundespost officials had denied that there was a security flaw in the system, the CCC proceeded to demonstrate just how insecure the system was by running up a DM135,000 bill using a hapless bank's user ID and password.
In 1996 the Chaos Computer Club exploited security holes in Microsoft's Active-X to transfer funds without a PIN using the home finance program Quicken. The resulting furore generated media interest all across the world, and led to several banks cancelling the roll-out of Internet home-banking products using Active-X. Currently the CCC web site contains several applets that exploit the Active-X security hole available for download; this approach to the security of Internet-driven applets now seems in doubt.
Finally in 1998, the Chaos Computer Club demonstrated how easy it was to compromise a GSM mobile phone SIM card. By using a PC and a chipcard reader, the CCC were able to read out the secret key from the D2 chipcard in around 11 hours and then make a clone of that card. Once the clone card was created the CCC then demonstrated that the insecurity was real, by using both the real card and the clone card on the GSM network at the same time. CCC continue to promote technology and responsible hacking and hold an annual hackers' congress in Germany, which is open to any hacker to attend.
Cult of the Dead Cow (CdC).
The "notorious" Cult of the Dead Cow (CdC) have been going since the mid-eighties, publishing their quirky and sometimes amusing ezine at irregular intervals. The recent release of their BackOrifice tool for Windows 95 has garnered them a considerable amount of publicity in recent months. BackOrifice is a "Trojan horse" program designed to be installed on PCs running Win95 or NT, and allows hackers to remotely control the computer and execute arbitrary code etc.
The "Cuckoo's Egg" Saga
The story of international hacking, espionage and the KGB that made up the "Cuckoo's Egg" story began when a young astronomer called Clifford Stoll was assigned the task of sorting out a minor discrepancy produced by the software designed to track user billing on the computer systems. Stoll soon worked out that the problems were being caused by a hacker logging in and accessing the systems at the university computer center at Berkeley.
Stoll began logging the intruder and soon discovered that whoever was hacking was using multiple accounts to access other computers on the academic ARPANET, especially computers on the US military network MILNET. Once Stoll discovered this, he then worked with the legal authorities to set a trap for the hacker by loading files onto the computer that purported to be listings of bogus Space Defense Initiative (SDI) documents and inviting anyone interested to write in for the documents. This, the use of phone taps and conventional Internet tracing techniques led to the discovery that the hacker was a German named Markus Hess, who was hacking to find top secret information to sell to the KGB. Stoll wrote a book about the experience called The Cuckoo's Egg, and I recommend it to anyone who wants learn more about this
Datastream Cowboy was a young UK hacker who became notorious for his persistent cracking of MILNET sites in the US. Only 16 at the time, Datastream Cowboy used C5 telephone systems in overseas countries to phonephreak his way onto the Internet. Once there he would circle the globe many times before finally attacking his targets.
By March 1994, the American military, fearing that they were under an "InfoWar" attack from a foreign power, were disconcerted when they found that Datastream Cowboy was logging in from an Italian site in Rome and began their investigation in earnest.
Setting up a special Air Force Office of Investigations (AFOSI) task force of computer specialists, Datastream Cowboy's movements were tracked over several weeks until finally an informant posing as a hacker was given Datastream Cowboy's phone number, possibly so he could log onto Datastream Cowboy's BBS, The Sanctum of Inner Knowledge.
AFOSI officials tracked the number back to a house in North London and in May 1994 police and officials raided the house and arrested Datastream Cowboy. To their surprise, instead of finding a top international espionage ring, the police found Richard Pryce, a 16-year-old student who was hacking in the spirit of exploration, but who just happened to enjoy cracking MILNET sites, rather than the easier EDU sites. Datastream Cowboy was eventually charged with 12 offences under the Computer Misuse Act 1990, and in 1996 was found guilty and fined £1,200.
In 1988 Robert Riggs, a member of LoD going by the handle Prophet, broke into a computer belonging to Bell South, one of the Regional Bell Operating Companies (RBOCs). The account was highly insecure, as it did not require a password. While exploring this computer, Prophet discovered a document detailing procedures and definitions of terms relating to the Emergency 911 (E911) system. Of course Prophet, like so many hackers, had a deep curiosity about the workings of the country's telephone system, so took a *copy* of the document.
Eventually Prophet sent a copy of the E911 document to Knight Lightning (Craig Neidorf), the editor of PHRACK, for publication. Knight Lightning removed the statements that the information contained in the document was proprietary and not for distribution, and then sent the edited copy back to Prophet for his approval, which was duly given. Knight Lightning then published the E911 document in the February 1989 issue of PHRACK. Some months after the document was published in PHRACK, both Prophet and Knight Lightning were contacted and questioned by the secret service, and all systems that might contain the E911 document were seized.
They were both prosecuted. Prophet, whose unauthorized access to the Bell South computer was difficult to deny, later pleaded guilty to wire fraud for that offence. In contrast, Knight Lightning pleaded innocent on all counts, arguing, among other things, that his conduct was protected by the First Amendment, and that he had not deprived Bell South of property as that notion is defined for the purposes of wire fraud. That is, that the document in his possession and that was published in PHRACK was a *copy* of the original document thus nothing had been removed from the Bell South computer.
The prosecution counter-claimed that the cost of preparing and storing this 10-page administrative document was in excess of $80,000, including secretarial time, managerial time, storage time etc. However it then turned out that the E911 document was available to anyone who ordered it from Bell South's publishing department, and that anyone who wanted to order it via a freephone number could obtain the document legally for a mere $13.
Although the prosecution had always maintained that the E911 document was a trade secret, this revelation caused the government to declare a mistrial, undoubtedly for fear of public humiliation. Craig Neidorf unfortunately was left with a $100,000 court bill for his defence which pushed him to the edge of bankruptcy.
The Dutch hacker magazine Hack-Tic was founded by Rop Gonggrijp in 1989 after the successful conclusion of the Galactic Hacker Party. Probably because it was published in Dutch, it never really got the attention it deserved, and which the US equivalent 2600 receives. By 1993, the Hack-Tic group had founded xs4all, an early Dutch ISP, and which is still providing network services today. In 1995 Rop announced that due to pressure of work, he no longer had time for Hack-Tic, and the magazine ceased publication. Anyone interested in the online covers of Hack-Tic magazine can find them at www.hacktic.nl. In its heyday, Hack-Tic organized three major European hacking conferences, and the links they forged with these conferences had an influence on the global hacking scene which are still bearing fruit even today.
In 1989 the Dutch hacker magazine Hack-Tic and the German Chaos Computer Club (CCC) organized a major European hacker conference called the Galactic Hacker's Party in a converted church in Amsterdam. Hack-Tic called on all "Hackers, phone phreaks, radioactivists and assorted technological subversives" to attend the event, billed as the International Conference on the Alternative Use of Technology, to listen to talks, eat, hang out, play with computers and enjoy the company of like-minded hackers.
Members of the Chaos Computer Club led workshops about subjects such as "Security issues and intelligence services" and "Hacker ethics", while prominent US hackers gave talks and the famous phone phreak Cap'n Crunch (John Draper) moderated an online conference with various Russian computer enthusiasts.
In 1993 I was lucky enough to go to a Hack-Tic conference, after getting an anonymous flyer in my email from someone who knew I would be interested. Whoever they were, they were right. It turned out that Hack-Tic were organizing a weekend-long hacker conference on a Dutch campsite, and had invited "hackers, phone phreaks, programmers, computer haters, data travellers, electro-wizards, networkers, hardware freaks, techno-anarchists, communications junkies, cyberpunks, system managers, stupid users, paranoid androids, UNIX gurus, whizz kids, warez dudes, law enforcement officers (appropriate undercover dress required), guerrilla heating engineers and other assorted bald, long-haired and/or unshaven scum" to gather in the middle of nowhere and set up an outdoor LAN connected to the Internet ... while staying in a tent.
It was meant to be the biggest outdoor LAN on the planet at that time, and anyhow it sounded like lots of fun. The Goat and I packed a 486 and a tent, arrived and managed to get a connection at the very end of the field LAN where, shall we say, network connectivity was somewhat degraded. Once we had settled in, we enjoyed two days of hack-talk, Dutch beer, Jolt Cola, and our tent-based Internet connection which we soon dubbed "Hacking at the End of Hacking at the End of the Universe". One final hardware hack on the way to the ferry later (involving a broken exhaust, a Coke can and a chunk of serial cable ... don't ask!!), we arrived back in the UK wiser than when we left. This was because of all the great efforts of Rop and the Hack-Tic crew, who slaved for days to get our network running, and this book is a really good chance to say thanks. So Rop and the Hack-Tic crew, if you are reading this, a big "thanks" for organizing a weekend to remember. As long I live I'll never forget climbing up that swaying tower in the middle of the field with all the packet radio aerials on.
The Internet Worm
On November 2nd, 1988, computers on the proto-Internet, then called the ARPANET, were all mysteriously crippled by an unknown attacker, later to be dubbed the Internet Worm. Written as an exercise in UNIX programming by Robert Tappan Morris, son of an NSA computer specialist, the Internet Worm was an early use of UNIX exploits to compromise security and allow the worm to spread from machine to machine.
The worm used several backdoors into UNIX, most notably a hole in the sendmail mail transport agent that allowed the uploading and executing of arbitrary code on the target machine. This, combined with the use of a stack-overflow attack on the "finger" daemon, a list of common passwords, and the compromise of trusted hosts for each machine, allowed the worm to spread to approximately 6,000 machines before being stopped. The spread of the worm might have gone unnoticed if it wasn't for a bug in the code that allowed multiple copies of the worm to exist on a single machine, very soon bringing it to its knees, and alerting the systems administrators that something was wrong.
Robert Tappan Morris was eventually prosecuted and fined $10,000, given three years' probation and 400 hours' community service. The Internet Worm incident was an early wake-up call as systems administrators across the Internet were suddenly alerted to the vulnerability of their systems.
The Kevin Mitnick Saga
Of all the hackers Kevin Mitnick has been the most vilified and demonized by the media and computer law enforcement agencies, while being lionized and almost canonized by the hacker community. Continually hounded, Mitnick has probably spent more time in prison for his hacking activities than the rest of the hackers put together.
In 1982 Kevin Mitnick received probation for activities including theft of documents and manuals from PacBell. In 1988 he was charged with two counts of computer crime, and was sentenced to a year in jail for breaking into Digital Equipment Company's network. By 1992 he was in hiding after fleeing the FBI who wanted to question him for his hacking activities.
By 1995 he was in trouble again, this time accused of stealing credit card numbers from the Netcom system by the FBI. More importantly, Mitnick had hacked into a computer system belonging to computer security expert Tsutomu Shimonumura during the previous Christmas period.
Once Shimonumura learnt of Mitnick's intrusion, he aided an FBI manhunt, leading eventually to Mitnick's capture in Carolina during February. Mitnick was eventually charged with accessing corporate computer systems without permission and transferring a copy of copyrighted proprietary software, and finally sentenced to 22 months in prison, time he had already spent on remand waiting for his trial.
Kevin Mitnick was released in January 2000, and now faces a large number of restrictions, including not being able to use a computer, cellular phone and other forms of technology. He has now been effectively "gagged" as he has been forbidden to go on the lecture circuit as that would involve profiting from his crimes, even if he is not talking about computers. So in the "land of the free" where "free speech" is paramount, don't expect to have any civil liberties left if you are convicted of hacking related crimes.
At the time of his release he had spent five years in jail for his "crimes", while many real criminals who are a menace to society have received lesser sentences. Of all the hackers who have been caught, Mitnick's case is the one that shows the full range of media and law enforcement misinformation and demonization, while providing many media and security "experts" with a very good living. Anyone interested in finding out more about the mistreatment of Mitnick, or of making a donation to the Mitnick Freedom Fund should go to www.freekevin.com for more information.
Legion of Doom (LoD)
In 1984 a young hacker, who called himself Lex Luthor after the arch-villain in the DC Superman comic books, founded the Legion of Doom, also named after a comic book. LoD soon gained a reputation as one of the finest hacker groups around, compiling and releasing the excellent, but infamous LOD/H technical journals, containing huge amounts of hacking and phreaking information.
For the government, LoD became synonymous with hackers, and their involvement with MoD (Master of Destruction) in the "Hacker Wars" led to LoD becoming the focus of several government agencies which eventually led to the raiding of some key LoD individuals during the series of crackdowns against hackers often called "Operation Sundevil". LoD member "Erik Bloodaxe" edited PHRACK magazine for several years, putting his own unique mark on the magazine. His write-up of HEU in PHRACK makes me wonder if we didn't attend two different events that happened to be called by the same name and were on at the same time.
MoD was a similar hacking group, and there are many conflicting accounts of the germination of MoD, and the meaning of the acronym, the most frequent choice being Master of Destruction, but others maintain that MoD was chosen because it "sounded like" LoD, and there was no acronym. MoD was comprised of some of the finest US phone phreaks and hackers, and soon gathered a reputation as such.
The LoD vs MoD hacker war was an early piece of hacker history which began when the two hacker groups vied with each other to claim the better reputation. It soon escalated into a full-scale war where phones were diverted or tapped and all sorts of hackerly nonsense was perpetrated by either side. This came to an abrupt end when Erik Bloodaxe found that MoD were tapping into the phones at his computer security business, and promptly called in the FBI, who were already investigating MoD members for hacking and phone phreaking. At the end of the day, Phobia Optik, Scorpion, Acid Phreak and Corrupt were prosecuted and jailed.
Nowadays, most of the LoD/MoD have got busted, grown up, given up or got "real" jobs with various computer companies, but the legend lives on, and the LOD/H technical files gave many a people a start in hacking (including the author). Nowadays the name LoD lives on only as a corporate UNIX consulting and security company, and maintains no links with the underground hacking community.
The l0pht is a group of US hackers who have dedicated their time and energy to collaborating on projects together. Their dedication to the art of hacking and their enthusiasm for high technology have led to the release of several high-quality tools for security purposes. The most notable of these is L0phtCrack, a password cracker designed to ferret out insecure passwords on NT systems, SLINT, a source code security analyzer, and AntiSniff, a network security tool designed to detect attackers surreptitiously monitoring a computer systems network traffic after placing the Ethernet interface in "promiscuous" mode. The l0pht group also provide regular security advisories disclosing newly found network insecurities, and as such the l0pht web site should be in every hacker's, cracker's and systems administrator's bookmark list. Early this year, l0pht announced a multi-million-dollar merge with computer security company @STAKE, in order to continue research and development on computer security products.
The place that PHRACK occupies in hacker history is almost as assured as that occupied by the LOD/H technical journals, as both have been read, digested, pored over and used by successive generations of hackers, crackers, phreakers and wannabes. Started in 1985 by Taran King, PHRACK has lasted a monumental 55 issues to date, and has had several editors, including such hacker luminaries as Knight Lightning and Erik Bloodaxe. PHRACK continues to be published and serves as a focal point for much of the online hacking community, but many hackers feel that the great days of PHRACK are gone and that the magazine is a mere shadow of its former self.
UK "Old Bailey" Phone Phreak Trial
A crucial part of UK phreaking history, lost until I met one of the protagonists at a UK 2600 meeting, this early tale of phone phreaking and media hysteria deserves more widespread recognition than it receives.
In October 1972, Post Office investigators raided a London flat, arresting a number of phone phreaks and carting away telephones, "bleepers" and a number of printouts containing "secret" Post Office phone codes. By November, when the Old Bailey trial began, there were 19 phreakers in the dock, mostly young men with university degrees who had first got interested in the phone system while students.
Out of the 19, 10 pleaded guilty to various charges and were eventually fined between £25 and £100 each, but the other nine pleaded not guilty to "conspiracy to defraud the phone system". When the trial ended in November, the nine phreakers charged with conspiracy were acquitted, the judge commenting wryly that "some take to heroin, some take to telephones" and asking the defendants for the codes used in his own local exchange.
The phone phreaks were using a number of methods to explore the AC9 phone system, using bleepers rather like modern day blue boxes to produce the tones necessary to dial trunk routing codes. The phreaker would first phone a local call to a number which was not assigned, then once the call had been connected the phreaker would "seize" the trunk, followed by the digit 1 to get on the outgoing trunks. Once on the trunks the phreak could then explore the phone network by dialling the "secret" trunk codes, possibly routing into an international call, eg to America, where the phone phreaker could explore further using R1 signalling techniques.
The phone phreaks involved were actively involved in trading and collecting trunk codes, and were keeping files with details of the entire local and trunk networks routing codes on a university computer. Their research had led them to design and build many different types of blue box, capable of imitating different types of signalling systems. The phone phreakers were quite conversant with the then new MF2 signalling system, which used a dual-tone multi-frequency approach similar to C5 or DTMF. (For more details on C5 and DTMF signalling, see Chapter 9: Phone Phreaking in the US and UK).
UK "Prince Philip" Prestel Hack
In the mid-1980s two journalists called Gold and Schifreen hacked into the British Telecom Prestel account and acquired access to all available customer identification numbers, along with details of who owned them. They then left a number of messages in the Duke of Edinburgh's private mailbox. Their motive for doing this was normal hackish enthusiasm, and they made no financial gain from demonstrating their hacker skills.
However, when they were caught they were charged with "making a false instrument, namely a device on or in which information is recorded or stored by electronic means, with the intention of using it to induce the Prestel computer to accept it as genuine and by reason of so accepting it to do an act to the prejudice of British Telecommunications plc", under the UK Forgery and Counterfeiting Act of 1981.
In April 1986 Gold and Schifreen were convicted at Southwark Crown Court, and immediately appealed to the High Court, where the conviction was overturned by the Lord Chief Justice who commented that the Forgery Act was not intended for computer misuse offences. This landmark case was one of the spurs that led to a new computer law, later to come into force as the Computer Misuse Act 1990.
Please note that hack/phreak groups and magazines come and go with the regularity of the seasons. Some last longer than others, and some last no time at all, but the above chapter describes some of what's happened, and what's going on. If you want to look at more hacker history and the culture of the computer underground, here are some people, groups, zines that haven't been mentioned that you should look out for. Finally, to round things off, a short section listing some of those conferences that hackers are so rightly famous for.
If it's hacking groups you want, look for the following: Phone Losers of America (PLA), Man Eats Dog (MED), Nomad Mobile Research Center (NMRC), Brotherhood of Warez (BoW), DarkCyde, Hacker Mafia, HackHull, AntiSocial, or The Information Guild. As for people, here are some that didn't get mentioned earlier: Torquemada, Minor Threat, VegHead, Kevin Crow, Terminus, BillSf, Uridium, Kevin Poulsen, Codex, otaku, Zap, MarkDZ, KingPin, Gandalf, Brian Oblivion, Professor Falken, Neon Bunny, and Maelstrom. Some zines around include Cotno, oblivion, P/H-UK, Citronic Journal, Keen Veracity, PHUN, echelon, uXu, Pirate and Digital Phreak P1mps.
Despite the media portrayal of hackers as anti-social misfits with no social life, hackers get together for conferences at regular intervals, where they listen to talks, eat, play with computers, drink and socialize. Some conferences past and present are: Access All Areas (UK), HoHoCon, DefCon, RootCon, HOPE, Beyond HOPE, HOPE2K, Chaos Computer Club Annual Congresses, and Hack-Tic's three conferences. These are just a few that I can think of, but there are many more.
Conferences are a great way to get to know people on the scene, and if you like hacking and talking about computers a conference is where you will meet fellow hackers, some of whom you will have talked to before only on the Internet, and collectively learn and share from each other's knowledge.