In my middle school you could just x out of the Windows NT login window and get a userless session.
We didn't understand that we hadn't hacked anything, and neither did our teachers. Their misplaced awe at our ability to cloak our activities in anonymity was intoxicating.
Most of my cohort then are engineers now.
I worry that as security gets better, opportunities for creativity and exploration go away, which might not bode well for future generations.
It's a moving target. The opportunities for kids to get creative and explore are now in emerging technologies, but they are "emerging" only to us old farts. To young people, it's just what's there. I think these things come easy to the inquisitive minds that are not tainted by what you can and can't.
For example, I often read bug bounty write-ups, many of which are obviously written by young teenagers. Some of them are able to find issues that appear to be hiding in plain site. I kind of think that what you're describing is a matter of perspective, but boy do I miss the good old days when everything was easy to exploit.
Yeah I also got a bit too creative in middle and high school. It was all harmless fun, e.g. writing scripts so that various computers would start beeping at random times during the day.
None of my school faculty had any understanding of computers. I was even yelled at for using "Google" during a research project.
I think the bigger fear is that people cannot make mistakes anymore. Even in my local town a simple mistake went viral on social media and now the student's whole life is ruined for something that may have been a simple visit to the principle's office back in the day.
In university, for some strange reason, we were required to spend a few hours in a 'learn how to use a search engine class.' It was brutal, they used remote control software and slowly and painfully taught us how to use google.
I figured out pretty quickly you could Ctrl-alt-delete to bring up the task manager and just close the client on the computer I was using.
The teacher never figured out why one of the computers vanished off the remote software management screen she was using.
Security gets better, but a) the attack surfaces grow larger and b) so do the educational resources. I'm constantly in awe of how much easier it is to learn this stuff these days, with concise and articulate walkthroughs alongside dedicated vulnerable VMs you can spin up in a minute. If you ever want to spend a weekend experiencing that rush again, TryHackMe.com's Advent of Cyber will have you popping reverse shells in an hour or two.
If you're into real world security / reverse engineering and other stuff, then try CTFs, other strong people will ensure that you'll have enough room for creativity and hacky hacks :)
I think about this alot too. Tons of the current tutorials on learning how to break windows security teach you on an old windows 7 VM just to make it easy to get around mitigations and learn without hindrance. I mean I know I learned on windows XP VMs... but what happens when Microsoft rescinds offering those free windows 7 IE11 VMs any arbitrary time soon?
On the other hand I like how Microsoft actually seems to be giving a damn these days.
I did a school project where I dos’d a local ISP for 10 seconds using broadcast amplifiers on misconfigured routers that allowed the source address to be spoofed. I was probably 15? The isp I think only had a T3 but most people were still on dial up so overwhelming a T3 seemed like a big deal.
I miss having shell accounts at all the .edu’s for my egg drop bots. That is how I learned about all the us schools hah
Wait. Is it the trick with the Help window, that had Open file dialog, that had Open folder in the context menu, which essentially launched explorer process and effectively logged you into the system?
It was almost 20 years ago and I still remember. Such a satisfying feeling when you're 14 but feel smarter than one of the biggest tech companies on the planet.
BBS games started adding virtual currency that you could transfer between players. Some even participated in a network of BBS systems, allowing the movement of game currency from one BBS to another. These frequently didn't have input validation and you could transfer -1 to another player and they'd receive 4294967296 dollars. Unfortunately we were kids and kids do nasty things. We would completely upend a competitive game by giving all the underdogs huge wealth.
Pager numbers all fell in the same exchanges. Every number under 123-456-xxxx would be a pager. I wrote a program to war dial all these and leave the same victim's phone number on all the pagers. We did it to a friend and witnessed an endless stream of frustrated calls to their house for a few hours. Brutal.
A school system put their mechanical control systems on a modem. We acquired the software and directory that could access these control systems. Not only did they put all the HVAC systems on it, they also added things like emergency and off-hour lighting. Some of the stuff that was controllable through this remote interface was down right scary: boiler pressure measurements, boiler system valves, etc. We weren't stupid enough to mess with that but would have fun turning off all the lights at night, or turning up the heat before the Saturday morning recreation basketball games in the gym.
I remember using odd/unprintable characters in those BBS games for my username. There was one (spacewars?) where you got a bounty, but had to type in the characters name to claim the bounty, people would complain they could not collect the bounty against me, as my name was basically brk[null character].
That's great. Reminds me of the warez stashes on public ftp sites. A directory named with null characters or three periods were conventional places to stash pirated software.
My high school in 2003 used IBM PCs with Windows NT. I discovered the Messenger service, enabled by default, remained enabled and was not turned off by group policy.
Start > Run, type "cmd", then:
net send B131 "Hi there"
This would pop up "Hi there" on the B131 computer. The hostname of each computer (B131, for example) was taped to the top of each monitor, so I had a great time annoying my classmates in computer lab. One day students around me noticed me doing this and I naively showed them how to do it. I helpfully suggested to never type * as the hostname or the message would send to all computers.
After a school wide DDoS from several students around me sending messages over and over like:
net send * "this school is the worst"
...and a lot more unmentionable messages, I was soon escorted out for a three day suspension for "hacking the school network." Good times. :)
heh I remember doing a little bat file that was something like
@echo off
net use e: \\Network\Share
to get to the network shares which I could see in windows 2000's network display but would just tell you 'access denied' if you tried to simply click on them. Just giving them a drive mount like that worked fucking swimmingly. It gave us access to pretty much everything, including this program called 'photodex' where the username and password was the first initial of our principal's first name and his last name and the password was 'teacher'. Some other kid figured this out at some point before us, and we found a folder containing bunch of shit with super obvious file names like TEENPORN.JPG.EXE and the kid we didn't really like in our IT class who turned out to be a registered sex offender as an adult (he told me this at a wedding after complaining that they took his guns away, and all i could do was remember this incident and laugh) actually went and clicked one of these because he was a bit thick in general, and ended up getting in shit for this. I don't remember if they managed to lock things down properly after that but I think I remember recalling that this ruined the fun.
Same era, same net send! But at the International School of Geneva. Good to know that word got around. I also knew how to change the process name, so that librarians listing everyone's frontmost process with MasterEye wouldn't realise that students were playing games. Or type =rand(200,99) into a Word document (some idiot classmate then decided to press print). I was still just a nerd though.
When I had a 1st gen iPod, I was teased for it. But then the iPod became popular, and I knew how to swap hard drives and screens around to do repair. That's when "I suddenly went from unpopular nerd, to guy you want to know."
I went off to study Electronic Systems Engineering, exchange programme to California, Working Holiday around the world, 4 years in Taiwan, and am now working as an embedded software developer in New Zealand. But for me, it all goes back to iPodLinux as a teenager. I'm grateful for early-2000s Apple, yet also disappointed at how difficult phones are to repair these days, and how that will prevent the next generation from tinkering the way I did.
Exactly the same here! What a memory. In my case, my fellow students started sending broadcast messages which included a lot more profanity. They reached the computer of the school principal, which immediately came to our lab asking for explanations. Lucky for me, the teacher was a great guy who just knew I was the one that started all that mess, but he didn't say a word.
I also remember writing .bat fork bombs during the pauses. My classmate would pick a victim and while they were away I would completely freeze their PC. Yes, silly. And don't get me started on the remote shutdown messages, again enabled by default.
That DoS is how I got our whole class downgraded from Windows to DOS as a punishment: all our school educational software was written for DOS anyway. I DDoS-ed one of the classmates, and he couldn't understand who was the culprit; in the end, he physically attacked another one of our classmates, thinking it was him.
Very cool stories. I remember running some pranks but those are all from the early 2000s.
Best story I remember there was this arrogant guy that worked with on the Unix department. He was into FreeBSD by that time and had an attitude towards the Linux guys. One day he left his table and forgot his machine open with a root prompt. They took the chance and modified inetd.conf to map a certain port to the shutdown program. People had so much fun shutting down his computer remotely and watching his reaction.
There was also this time working for a smaller company and we would prank each other all the time. I had admin access to the Linux router so I've created a NAT rule to redirect this guy's traffic to a transparent squid proxy running a perl script that relied on imagemagik to turn the images upside down. Got the script from a Slashdot post. Poor guy even tried to reinstall the OS to no avail. He eventually found out and had his revenge by going into my computer CMOS and setting disk access to PIO instead of DMA.
I also remember scaring people through Windows' net send commands and that one where you take a screenshot of the desktop then you remove all the icons and interface bars and set the screenshot as background image. Also randomly adding 'alias ls=exit' to some server /etc/profile.
> with the widespread use of HTTPS
Likely it stopped working much earlier, since HTTP 1.1 which requires Host header, so the requests would be served by whatever "default" website shared with kittenwar.
Needles to say what described honeypot (or more like funnypot) is too easy to pwn due MAC-based authentication
Early 90's Southern California. I was about 15 and had been teaching myself Borland Turbo C++ at home with the SAMS book. At school, there was a room in the Library with about 20 386sx/16's that were used to teach kids... Borland TC++. The teacher? Another student who was good at programming. I didn't know him, but he had a reputation for being egotistical. My friend and I just went in there at lunch to play QBasic games, which I'd modify a bit for more fun.
One day I decided to mess with the egotistical teen teacher. I wrote a little TC++ program that ran from autoexec.bat. On bootup, it put out several seconds of a low frequency buzz from the PC speaker and then printed "Oh, Excuse me! I couldn't contain myself!" and then disappeared. At that point, the autoexec.bat removed the binary and then overwrite the old autoexec.bat over itself, removing any proof.
Nobody could say it was me, but the Librarian knew and said if I did it again I wouldn't be able to go back. But she also said he was really pissed by it and I get the feeling she got a kick out of it, too.
You reminded me of a time in high school when I worked for the local library. The librarian had a perverse habit of closing the windows in the back room during the summer, making it unbearably hot. My mother, who worked there full-time as the Children's Librarian--the Librarian's direct subordinate--told me that during winter this woman would open up the windows and make everyone freeze.
So while I worked on a program in FoxPro to automatically print out new catalog cards, I also wrote a small program in QuickBasic to print out (depending on the time of year) a message saying "OPEN THE WINDOW!" or "CLOSE THE WINDOW!" (the latter signed by "The Frozen Ghost") and then pause the computer for a good minute or so just to make sure somebody read it.
For good measure, I made the AUTOEXEC.BAT file and my program read-only, and then deleted ATTRIB.EXE from the hard disk so that it would at least be somewhat annoying to remove.
Years later I got a call from an IT tech who wanted to ask me some questions about DOS (he never specifically said why!) and I feigned ignorance. It felt good.
Here's mine - early 90's as well. My rural highschool had three computer labs, one with Macs for doing school newspaper type stuff, one with ancient TRS-80s for doing programming, and one with ancient PCs for learning typing. The PCs were on a network, and it was set up so you would boot the PC and it would log you into the network server, which would run a batch file from your home directory on the server. Seating was first-come, first serve.
So I made a batch file fragment that would copy itself at boot time from autoexec.bat into your profile script, and/or back from your profile script into the local autoexec.bat, to be run by whoever used that machine next. A couple of days later I checked back and it had replicated to every machine in the lab.
In high school "AP CS" class in the early 90s, a friend of mine was annoyed at the stupid "security" software the school installed on the macs (system 7). It was basically just a system extension that asked for a password on startup.
Poking around, my friend noticed a slightly hidden/obscured file that had a file size that matched the number of characters in the password. N char password, N byte file. The file didn't have the password in plaintext, so my friend asked the teacher of a common way to scramble a byte. The teacher quickly suggested, "XOR?"
So my friend decided to try XORing the bytes in the file with a few values to see what happend. His first guess was right: the password was "obscured" with:
for (char *p = password_str; p != NULL; p++) {
*p ^= 0xC9;
}
Why did he guess 0xC9? He was a total Trekkie/Trekker. 0xC9 in binary is 11001001.
I guess we know what show the author of the "security software" likes to watch...
Epilogue: my friend quickly did the obvious thing and made a boot floppy with a small program that printed out the password, so we had access to most of the computer in the school and discovered all the passwords we weren't supposed to know. I think we only used that to play bolo (early tank proto-battle-royale). However... several years later in my first year at university, I happened to talk to someone attending the local high school. The had a copy of my friend's boot floppy! I know we never bothered to upload it a BBS, but somehow it ended up in the hands of quite a few high school hackers in multiple cities.
Nice. This brings back a very fuzzy memory. I think I found at one point the 'software developer switch' a physical trigger for the NMI, was still in the software in the form of flower G, and would pop you into a debugger. I think.. the memory is very fuzzy, as it's been 30+ years since high school.
My best hack is a longer story that involved getting global access to the entire school district's network, which was a years-long exploit involving some clever brute forcing and some lucky finds along the way.
My favorite was writing a fake/clone Windows 2000 login screen in Visual Basic and installing it on select library computers. It would capture the usernames and password and upload it to an FTP server. The login screen was pixel perfect.
My partner in crime took it too far one night and enabled the "snow day" version of the district website homepage for a few hours in the early morning. Half the kids didn't show up to school the next day. Some people insisted the website said snow day at one point but nobody could prove it.
I was 16 or 17 but thankfully I had the good sense to follow advice I'd heard from an older mentor: "don't do any harm because that's when someone starts investigating and you get caught"
Back in the mid-2000s I was really into computer security (still am) and managed to trick my school's truancy system using something called a silent termination test line. Basically what this does is cuts out the line entirely to test for line noise for a few minutes, like you pick up the phone and it'll still be connected to that number, no dial tone just silence. I just confidently went right up to the secretary and told her my new home phone number was the silent termination test line. There would be this automated truancy bot calling everyone but whenever it would reach my name, skipping around a class a day at one point (Still don't know how I actually graduated other than the teachers liking me and getting my homework done anyways), it would just fuck the entire system up and a bunch of people wouldn't get calls after me either.
Smoking drugs and hanging out with girls was way funner, completely zero regrets getting doing stuff like that out of my system early... considering the trajectory my life has been on I really didn't need post secondary. Can only imagine how stressful and expensive that would have been and to what depressing, indebted end.
There was a bunch of other fun stuff on that test prefix, but half of that is lost to the sands of time, the funnest I don't even know what the hell it was. I've asked random phone company linemen about it and they're basically just like "how the hell do you even know anything about this?", and can't tell me what this number I found was. I basically war-dialed it based on patterns from other numbers on the prefix and it'd give me 30 seconds and then a real dial tone (payphones around then actually used some recorded tone). Since I could call these numbers for free from the school payphone, it was easy to find, and that real dial tone was probably in the phone company HQ. We found this enormous list of interesting phone numbers from phonelosers.org (Wish those were archived!) and just started doing shit like calling the white house and the president of kenya's office. I think we only stopped after a friend of mine made a huge stupid mistake and tried to print the list out. The library printer just started spitting out REAMS of paper, the librarian was like what the hell and I just remember thinking damn he fucked up, and running away hahaha
I don't know if I have time to dig through all of that with th interspersed broken links but I am pretty sure it was on phonelosers.com which was their forum
Still thanks for the link I haven't seen this in ages
a friend of a friend was really into phone stuff like this. i think he went by minorthreat on irc or something. i think he went to jail at one point, i met him once at a party, pretty cool guy. i wish i could remember more about him and what he and my friend were into but it was a pretty crazy time for me then. i haven't thought about those two in a lonnng time.
I still remember when Windows computers beging hooked up to a dial up would be open on the internet. Lots of them had no admin password and all drives where shared by default.
So by just port scanning on the SMB port you’ll find a lot of computers and would have access to all their files.
With a cable modem, you were on the same physical cable as your neighbors. If you looked at "Network Neighborhood", you would see your neighbors' computers and printers (unless they had turned off file and print sharing).
Yes! Lots of fun could be had on old DOCSIS 1 networks, before everything was encrypted. Putting your NIC into promiscuous mode and using tcpdump or wireshark/ethereal/etc could yield a wealth of information about your neighbors.
My favorite:
If you could manage to have a capture running while someone (re)booted a cable modem you could easily grant yourself faster internet access. The process worked by capturing an example of the DOCSIS config file that the modem uses to provision itself on bootup. The modems would request these configs from a cable company TFTP server with a certain IP address.
So if you got a neighbors config file and that neighbor paid for a higher service tier than you then you could fairly easily upgrade your internet speed by simply hosting that config file on a TFTP server in your local network using the same IP as the upstream _real_ TFTP server the cable company managed. Reboot your modem, watch it configure itself with your config file, profit! :) ..."good ole' days".
I might be misremembering this slightly, but it really was fairly trivial to upgrade your service in those days.
i did this in my dorm which was on a repeater at the time and no one cared/knew to watch for ethernet adapters in promiscuous mode. had all the aim/icq/hotmail accounts i could ever want.
I may or may not have made somebody's shared-via-SMB-over-dialup printer print "FEED ME CHEESE" in huge figlet-generated letters. I may or may not have giggled maniacally when their IP address stopped returning PINGs immediately following. I may or may not have wished, for nearly 25 years, that I could have seen the face of the person who was sitting by that printer.
Haha! There was a very similar exploit that could be accomplished on (any?) HP printer connected to the network via TCP/IP using those Jetdirect cards.
Essentially you could send some data over a raw socket connection that would cause the typical `READY` message on the printer's LCD to say whatever you want. It was a lot of fun to change READY to LOW ON CHEESE. IIRC it was a perl script that was floating around the net back then... Good times.
No idea where I picked it up. Looking back at old email I can see that I've been doing it since at least 2004. I'd guess longer but I didn't do a good job logging old forum posts, BBS messages, etc.
I only really do >smile< that way. They look like dimples to me and it makes me smile.
I stumbled on some crazy stuff back then when doing scans, one of the more notable was finding and ISP billing system with it's C drive shared over netbios (137/138). It was such the wild west days of the internet.
Stuff like: I got in the local newpaper for recovering an important county server password that had been lost... cracks me up in retrospect.
When the web was new, one could use Altavista to search for /etc/passwd files accidentally exposed to the web, and crack them. Even better, many *nix machines shipped with some accounts having no password by default. I remember one could easily telnet into almost any SGI Irix machine via the "lp" account.
Shared computer labs were dead easy to scrape account info from. Since the terminals were text, it was easy to code up a password scraper. You write a program that faked the login and password prompts, record the data, say "password incorrect", then exit, at which point the real login daemon would take over. Cliff Stoll's "The Cuckoo's Egg" describes this pretty well.
I mean, there was security, it's just that most of the holes were so big you could drive a bus through, honking and dragging a bunch of rusty bikes.
I have walked onto MUDs and, annoyed at being killed by some wizard for saying "hi," (stupid n00b move on my part) figured out how to bring the game to a screeching halt in about fifteen minutes. They had to bring it all down and patch to make me go away. This wasn't a testament to my ability, it's just that nobody was thinking about this stuff in a defensive way.
Oh, your system won't let me email that file out, you'll just return it to me? Well, lemme just forge my send from so you give it to me anyway.
I got up to a lot of horsing around, almost all of it non-destructive because getting attention generally is not a great thing and it wasn't my stuff, I just wanted to see what was out there and you either had to hear about it from someone who knew it already or you had to stumble across it.
Initially there was no validation for credit cards. There were programs called credit card generators that could generate a card from any bank in the world, with any name on card, etc.
If you wanted you could generate a card for McLovin from some bank in Hawaii and it would work.
I never used them but a close friend back in middle school did and got his computer taken away permanently.
This was a checksum that machines could run locally, to make sure the account # was "valid". Then, in batch, systems would connect to the bank for the account interaction.
Some services (AOL, when it charged by the minute) wouldnt do the actual bank reconciliation for a few days, during which you could use the service.
You used to be able to Google for transaction information from a particular e commerce shopping cart and get .txts of credit card info, name, address. The wild west was wild.
I worked at Sears selling TVs while in college from 2002-04, and even in their latest POS systems anyone could walk up to the thermal printer, press a button (even with the register itself locked) and print out a reverse-chronological “journal roll,” which included names, addresses, phone numbers and full credit card numbers and expiration dates for every transaction. Crazy that anyone thought that was OK in the early 2000s.
Before carbonless, the carbon slips between the layers. There were up to 4 additional copies make on some of those kinds of forms and you'd have to press very hard with a ballpoint pen in order to get it to register at the bottom. Then, the credit card imprinter had to press the card to get through them.
Since most cards don't have raised numbers anymore, manual credit card imprinting is no longer possible.
My earlier hack was a ICL 2903 running George OS, involved creating large file in area previously used for system journal and could then dump that file out and read the content of the system journal and that was how I got the admin password. Other one I did was in effect a keylogger that I ran on the system that would take control of the terminal it was directed too and present login, take the input and then pass to the system making the user oblivious.
But for practical use, the old 0800 free calls trick of the early 80's was probably most favourite. Back then they introduced 0800 free calls, when landline calls in the UK wasn't cheap. These got used for marketing, so companies would have there 0800 sales etc. Now, outside office hours they would direct to a recorded message on the PBX. Then what you could do is after the message, if you stayed on the line it would drop you into the exchange and you then pressed 9 on tone dial pad and could dial any number you likes as if you was dialling from that exchange location. Most being in London so was nice for free calls. Had limited use for BBS access, case of all that routing and line quality at times as well initial set-up. But still fun.
I was a young CS student, and the VAX administrators had written a program called SETUIC to work around some limitations on hardware to allow business students access to an IBM mainframe.
If you ran SETUIC with no parameters, it set your UIC to [0,0], silently. Anyone, not just business students, could run it. The system environment variables pointed to it, like a big advertisement sign to a young CS student.
I learned many things about how the world works after accidentally discovering this fact. It is fortunate for me that a 2 year suspension was the extent of my punishment. They were hopping mad, not at my actions, but at those who I was foolish enough to share this knowledge with, and had acted far less conservatively than I had.
I later was a system administrator, elsewhere, for 15 years.
It wasn't just the '80s. Things persisted into the mid '90s as well.
- Pirate FTP sites were in plain sight with folders named with unprintable ASCII characters
- My college-provided Telnet client for Windows included a backdoor FTP server with a plaintext user name and easily brute-forced password (unsalted hash that turned out to be a birthday of a school admin)
- Admins had to resolve our network issues by connecting to network via modem, from our computers. Of course terminal program had keylogging enabled...
- Open SMTP relay was widespread and everywhere. Spoofing and forging was as easy as a little Telnet and HELO
I've been thinking about writing up a similar post focused on all the dumb stuff that was possible in the 80s. Everything from default voice mail passwords, long distance carriers with predictable code patterns, office phone systems that tell you as soon as you have a wrong digit for outside line access, DECs own global asset management system having a huge security hole in it, etc. Honestly though you can just read the first half of Mitnick's book up until the point he starts breaking into actual buildings to get a feel for it. Social engineering was and will remain the most powerful tool in the hacking arsenal.
Win32 API and VB6 Subclassing. Open random chatrooms, collect all the screen names. Go to school. Computer dials AOL while parents at work. Tries Screen Names as password. 3 attempts before AOL Hangs up. Redials and tries next set of 3. Come home from school. Fresh Screen Names. Free AOL. Terrorize Hanson Chat Room with <font size = 9999999999999999> Instant Message. Everyone has left the chat
In high school, I discovered a way to print to every printer in the entire district. Every computer would mount the NETLOGON network drive while the user signs in and run a jumble of BAT/VBS scripts to initialize settings for their school, including registering nearby printers and setting up the share drives. Windows Explorer couldn't open the NETLOGON share directly, but that was easy to bypass by opening the containing directory for shortcuts to applications stored on there. I combined the printer init scripts for all the schools, giving my machine access to around 1000 printers and all share drives. I found a lot of interesting things in there like spreadsheets containing substitute teacher and default user credentials. I was nearing graduation, so I wanted to print some prank to all of these printers simultaneously, but I unfortunately didn't follow through because I was afraid of the repercussions. I should have done it.
Since no one has mentioned it yet, you could finger your ISP to see other usernames logged in. Those usernames had email addresses like <username>@your.isp, and their passwords sometimes were the same username, or something equally silly.
If you think cybersecurity is in a sorry state now, 80s and 90s were much, much worse.
In the early 90s, Cal Poly decided to put the entire campus on a cluster of AIX machines (a dozen PS/2s surrounding a 3090 mainframe). Fingering a user would display the contents of the .plan file in their home directory. Fingerd on AIX ran as root, and would follow symlinks. Replace your .plan with a symlink, finger yourself, and you could read any file on the system... the home directories, email mailboxes, everything of ten thousand students and instructors.
I didn't abuse this, but I'm sure others did. I kept everything "personal" on the CSc department machines.
The typical 80's hack I always think of is in Ferris Buellers Day Off where Ferris hacks the schools records to change the number of days he was sick. Not only was there no internet, but how did he connect to the network? It's something I've always wondered if it would've even been possible.
> Not only was there no internet, but how did he connect to the network?
Most "networks" were over phone lines those days.
You call in with a modem, and that connects you into a particular computer (or in the general case: a network). BBS for example was just a shared computer on a modem on a well-known publicly posted telephone number that many people called every now and then to check for message.
If you knew the correct telephone numbers and the proper parameters to connect (baud rate, modem type, etc. etc.), you could even get a printer (aka: Fax Machine), a UNIX login prompt, or other equipment inside of an office (and presumably a school).
----
Now why would a school put their grades database on a publicly facing telephone number and hope it doesn't get hacked? Well, that's a good question.
But then again, ATM machines in tiny liquor stores are still largely on this telephone-line / modem technology (I dunno if its still like this today, but even just 10 years ago, a surprising number of ATM machines were still accessible over dial up). So why don't you ask the ATM machine engineers why they think that this practice is safe.
After all, if its safe enough for ATMs, its probably safe enough for a school network. If this thought process is horrifying to you, then welcome to the 80s / 90s era of computer security.
My high school had the attendance computer in main office and it could be found on the network from any other machine. Everyone knew the password to it since was used and shared for all other admin and IT tasks.
This concept is a little weird to think about today, but the Internet used to be accessed through regular voice phone lines. You'd plug your computer into the phone network with a little thing called a modem. In the really early days you actually had to use an acoustic coupler for regulatory reasons. Then you dialed the phone number of the computer you wanted to connect to - most of which were not running the Internet Protocol!
Typical computer systems you would dial into would include...
1. Proprietary data services (AOL, Compuserve, etc)
2. BBS systems - typically individual computers running services that let you send messages or files to other users who could then dial in to receive them. Some BBSes were even networked to one another, the largest of such systems being Fidonet
3. Remotely-managed IT equipment - the sort of thing depicted in the movie.
4. Mainframes - universities and large businesses would often have remote access that you'd dial into. This is roughly equivalent to SSHing into an Internet-connected machine today.
5. The Internet - originally only through remote access to mainframes (#4). Later on, data services (#1) started offering open Internet access. (notoriously, AOL utterly demolished USENET's existing cultural norms by doing this) Then companies started just selling dial-in Internet access without other services and this became the dominant use case for modems.
This concept was inverted starting in the late 90s. First, phone companies started offering "digital subscriber lines" (DSL) that provided way more bandwidth to connect to an ISP with. Then, (at least in North America, thanks to various Sega Genesis related reasons) cable companies got in on this and started offering "broadband Internet", too. With the greater bandwidth of these services, it suddenly made sense to send Voice over Internet Protocol (VoIP) instead of Internet Protocol over Voice. So dedicated landline channels became very outdated very quickly, and today we think of voice as just something you send over a multitude of Internet apps.
Early 90's, but our computer system (some sort of minicomputer) had a modem bank so that teachers could do grades and such from home. I worked in the office because I had an open hour, I earned a credit and I also got to see the guidance counselors view students records and such. It would have been very, very easy to change grades.
Also, many schools had internet connections back then. I know our school had a T1, it might have also had a leased line to the state education system for some reason, I would guess the security was very lax back then.
possible, maybe not likely. our school for instance had a modem line you could dial into, that let you access this one program that was for career counseling, it was like a buzzfeed quiz that asked you questions, and then recommended a career for you. I think I got plumber. we tried to hack past this to get at the general OS, but no luck. I suppose someone could set something like that up for the school record access, but would they? (like I claim in the article, it was the 80s so maybe)
I had a project one time for a school district and had access to all of that. Made me think of the "changing grades remotely" trope and had a pretty good chuckle. Wouldn't have been possible when I was a kid but it is now I guess.
Watch War Games and that'll give you a general overview of how you'd access a system back in the 80s. They were still networked and accessible remotely, just not the way they are today.
It's unfair to expect someone to watch a movie instead of explaining that computers connected through telephone lines using modems to code bits as sound.
You called a phone number (your modem could do this for you), the target modem answered the call, and they negotiated the maximum (but still ridiculously low) speed. If the target computer needed concurrent connections, you added more phone lines with modems.
Unfair? I think someone can deduce what's going on while he's calling in to the computers. It's not genius level stuff. From there they can research more if they're interested instead of asking random people on hackernews what's going on.
>You called a phone number (your modem could do this for you), the target modem answered the call, and they negotiated the maximum (but still ridiculously low) speed.
Yes exactly what it shows in the movie... and I think he even explains some of that.
You're assuming too much, there's people who have never used a landline, and would not know what an acoustic coupler, like the one in the movie, is used for. Even more confusing because the WOPR uses text-to-speech and natural language processing, which seem anachronistic for the 80s.
Answering a simple question with "see X movie" is the same as answering with "read Y book", and borderline like "do some research" or "google it".
90s I got suspended for “hacking” when all I did was create a windows file share. Had me and my friends split the typing assignments and combine them on the share so we could browse the internet during typing class.
Early 90's, university. I tricked the administrator of the UNIX cluster to "su" from my account.
The su binary was mine, she typed the root password and the cluster was mine.
I went to the administrators to say that I cracked the system and would like to be part of the administrators team. I was accepted.
I learned an awful lot over the next few years (as a student, and then as a PhD student) - this helped me to land a job at IBM, and then at another company that was expanding in Europe.
This is a fun post. It's sort of mind-blowing to think about in the era of 15 page Project Zero posts about reverse engineering nested AMD SVM virtualization control blocks, but throughout much of the 1990s, the modal vector for an actual hacker taking over a network --- any network --- was simply by mounting a world-exposed NFS share. Leendert van Doorn's NFS shell was probably the most important hacking tool of that entire decade.
Great writing. I never did anything so interesting, but I have a few fun stories from highschool. Our school district gave every student access to a mac laptop for coursework, but of course we used to play a lot of flash games. Eventually they got around to updating the network's blocklist or whatever so addictinggames couldn't be accessed anymore. I'm sure they thought they were very smart but this just raised the stakes.
Of course we couldn't install games or our own software on the computers -- the `/Applications` folder was locked down and nothing would execute outside of it. They weren't totally stupid, they had some remote monitoring and privilege blocking software to prevent us from getting control of our own machines and doing silly things like playing games or even opening the Terminal. But eventually someone (not me, really, I wish I were this smart) figured out that inside of one of the pre-installed .app's there was a directory to which users still had write permission. So everyone in the entire school started playing Marble Blast Gold and, for some reason, Pokemon Red through an emulator, all just by dropping the programs inside the special fold `/Applications/SomeThingICantRemember.app/contents/special-folder/`. The games spread like wildfire because the school had also set up a system of shared network folders, one for each teacher, so that teachers could more easily share files with us. Turns out we could also use it to share files with each other. Lots of movies, as well. Eventually someone noticed and shut that all down.
Of course, highschool students want to play games instead of doing coursework, so one day someone (not me, really) realized that if you removed the battery from the laptop you could then unscrew the case and remove a stick of RAM, which would allow you to hold certain keys at boot to reset the PRAM or something like that. This would let you boot into safe mode, circumventing the remote monitoring and permissions software they had in place, and make your user account an administrator. Boom, games were back. I mostly used it to be able to work on software projects, of course, but I did end up playing a bit of Advance Wars.
I can't remember now but there was some issue where this didn't persist for very long -- maybe there were updates that the remote monitoring system would send that would reset your admin status? -- so you would have to go through the whole PRAM reset rigamarole, with a screwdriver, and that was a pain in the ass. I was out of school for a while my senior spring due to the flu and I figured out a way to totally disable the remote management software.
This was great, and I was having an awesome time working on software that would eventually get me my first programming job while I should have been focusing in class, when I got called down to the principal's office, where I was accused of being a computer hacker. I of course denied it, but they said that it certainly was odd that my computer had stopped communicating with the remote management software entirely. I think because I was so close to graduating and actually hadn't done anything wrong I got away with a week of detention and a firm promise to not do anything of the sort ever again.
Around that same time it had come out that certain administrators at the school were misusing the remote management software's features to spy on highschool students in their own homes, which was pretty absurd and of course a huge and expensive debacle, so I think they were somewhat more sympathetic to me disabling it than they might have been otherwise.
Oh, one other fun thing. We had a schoolday that ended with a 30 minute activity period where every student had to sign up on some web interface to a different teacher's room. This was so that you could get help, meet with teachers, project groups, whatever if you needed it. But there were limited spots in each teacher's periods and you needed to sign up in advance, with no more signups allowed after noon on the same day. I took a look at the web interface and realized that all the checks were client-side, so I wrote a little script that would let me sign up for any activity period, at any time, even during the activity periods. It was good fun being able to switch periods at the end of the day, and seeing teachers being confused after they had called attendance, checked me in to their room, and then seeing me drop off the attendance and show up somewhere else. Gave me a free pass to go wherever I wanted which was nice.
I took a look at that link (Robbins v. Lower Merion School District) and - Wow, remotely activating students webcams in their own bedrooms is ... just ... SMH. I hope I am wrong but as far as I can tell, no-one went to jail for it?? Dayamn!
One of my favorites was to open the frame buffer on a Unix workstation, then logout leaving a background job running.
A little after someone logged in, the code would do something cute, like draw a crack on the screen. I once saw the guy next to me back away from the computer, and ask, "It's not supposed to be doing that is it?"
Perhaps not quite black hat, but I was amused at least. :)
Once I worked at a bank developing software for IBM is (AS/400 then). As any other programmer, I slowly built a toolset to make my work easier. My boss saw one of them and asked me to clean it up for the operators to use, as it made their work much easier. I did, they used it daily, everybody was happy.
Months later my boss called me at 3am, very stressed because the operators told her there was a skull in the screen. Fearing the worst, they traced the program back to me, and I sleepily explained: "the skull appears on Fridays the 13th, it's a visual Easter egg, the program works the same as any day".
In hindsight, maybe it wasn't the smartest thing to do. I was lucky my boss and the others were very tolerant, but not removing that Easter egg could have gone very wrong. AFAIK they didn't change it, seems like they liked the predictability. It would be perfect to scare newcomers.
Back in the 80s, TOPS-20 had a bug in the OS which allowed the output of a batch job to exceed the user's disk quota. If the batch job resubmitted itself recursively, the entire system could come to grinding halt pretty quickly as all free disk space was used up.
My senior high school project was hacking the school's HP 2000 mini. I had to get an approval from the principal and the person running the computers. She laughed when I made my presentation.
It was a glorious day when I succeeded.
This piece brought a few memories and impressions forward.
One was hacking ULTIMA 2 and 3. Copy protection involved the bad sector technique. However, those programs did not do an in depth error check. Atari machines made a beep on each disk sector read.
To play a copy of the game, one just counted the beeps, open the drive door, wait for the error sound (how handy is all that?), then close the door and carry on.
Chain smoking... all through primary and most of high school, the teachers lounges were filled with tobacco smoke. To their credit, the educators did not reek in class, well one did, but those areas of the building did.
All grades were old school analog, in the grade book, in pen. Changes were done with a strike through, new value, initial.
One of my peers wrote a book report program in BASIC that would generate a fairly healthy set of variations. The seed was a wait for input loop. Was double digit report success before there were questions.
Someone plugged an expansion card into a running Apple ][ computer and killed it. Despite a dead CPU, it displayed video anyway. Was my first real experience with simple hardware vs custom chips. Those computers did not have the spiffy sprites, colors and sounds the C64 and Atari machines had, but they did have just enough of the things that really mattered when it came down to getting real work done. Someone looked the machine over, plugged in a replacement chip and it was running again. Nice.
At the local university there was a card operated photo copy machine. 5 cents a page or something like that. But, one could ask for a copy, and listen for a little wine as some part began to spin up, hit eject on the card and get a free page.
Most locked doors in my primary school could be opened with just hand manipulation of the doorknob. Turns out they were not mounted in their recommended orientation. A gravity based attack was possible and I found it one day bored just fiddling with the knob. Turns out, the more I moved it, the more motion was possible!
Reporting that got me into trouble too. I remember that clearly!
Of course they were angry at the doors being so easy, tried to assign blame to me, a 6th grader, amd were more concerned about the work and cost to fix the issue.
If only people would just avoid doing anything unexpected, there would not be a problem. In fact, there was not a problem, until you came along...
I remember looks on adult faces I did not see often when my response was, "How would you know?"
Some foreshadowing there for sure.
Heck, I even did responsible disclosure. Took it right to them first. Could have blabbed it to others and then what?
Yeah, got the look again.
One phone related one was super interesting too. A friend and I took an old pulse dial phone apart and were kind of stunned to see how simple it was. Then we made calls successfully without the dialer, just slapping the handset hook with anything close to the expected pulse rate. Cool.
Then we called one another and were doing it again, just interrupting one another. Soon, an operator was on the line asking how we did this call. So we told her.
Turns out we had dialed some test sequence or other. Of course it was not published and was not intended for use doing an actual, live call. Tech had to reset the whole thing, but we did get a super cool tour of the system later as that same tech was happy to show us how the robot like, electromechanical system worked. Amazing. These trees of open circuits! When one dialed a number, that number was an address that literally moved an rotated arms that closed the circuit to connect the intended phones!
Fun times. So much was human scale and could be directly seen, heard, felt and was slow enough to be explored directly.
My friends and I "hacked" AT&T System 75 and similar PBX (intra-office phone system) machines in the early 1990s for various reasons, and they were easy to get into because they came loaded with like 20 default admin accounts.
I remember a few of these: "cust/custpw", "rcust/rcustpw", and "craft/craftpw" come to mind. Almost nobody removed or changed the password to these accounts.
We'd find the machines using a "wardialer" (named after the phone scanning scene in Wargames) app that would dial every number and look for modems. We used a DOS scanner called "ToneLoc." We lived in Cincinnati and could easily scan all kinds of local number prefixes for free that overlapped with areas that were likely to dredge up a rich PBX haul: downtown, near the airport, near universities, etc. A certain kind of weird 1200-bps answer with unusual parity settings (7E1 if I remember correctly) was a dead giveaway for one of these ridiculously vulnerable AT&T PBX machines.
Once you got in you could pull pranks, set up remote access lines to get "free" phone calls, set up party lines for you and your friends, etc.
I was like 14 or 15 at the time.
We also found other "phun" things with our wardialer including large outdoor signs with modems to allow remote configuration of the text they would display. If you saw "SMOKE POT EVERY DAY" and similar things a 15 year old would write on a highway or advertising sign in Cincinnati in the early 1990s that was us.
There was a real sense of exploration back then. When we scanned areas like downtown Cincinnati we'd find tons and tons of modems that would answer with mysterious (to us) prompts or blobs of binary spew that I'm sure represented protocols we didn't know how to emulate. A few times we managed to try obvious-sounding login/password pairs on some of these login prompts and find ourselves inside an Ultrix or a SunOS machine full of mysterious data. We really didn't bother anything on those machines, just looked around. We pulled pranks with things like signs but the only things we really ever messed with or possibly damaged were the PBXes. There were just too many fun things to do with those.
The weirdest thing I remember finding was something that initiated an Xmodem transfer and sent a black empty pixmap and then hung up. I wonder if it was some kind of camera or industrial monitor that was not actually working but was still on.
The most "alarming" thing we found was some kind of building controller that we assumed belonged to a downtown skyscraper and seemed to control elevators, which we didn't fuck with out of concern that it could actually hurt people. Don't know if you could have done anything dangerous with it but we didn't want to try so we just dropped that one.
There just wasn't a lot of security back then because it was all new and very few people knew how to do what we were doing. Even though Wargames popularized the idea of phone scanning people still seemed to assume that a live modem on a phone line was secure if the number was obscure.
All that started changing really rapidly in the late 1990s when tons of people got online.
SWIM once said to me: Funny thing about those System 75's, the entire ordeal originated from the hack of a bank's telephone system, who had a small Unix UUCP network and, for some odd reason, put all their System 75 logins and passwords into their Systems file. The default login information leaked out after a hacker named Syadasti announced that he was willing to turn any System 75's given to him into usable remote PBXes, and eventually some other hacker (Scott Simpson, maybe? don't know) set up a system on his own home line that responded like a System 75 would, and gave Syadasti that number. He promptly tried to login with the cust/rcust accounts, which were recorded by the other hacker, which led to the explosion of System 75 hacks throughout the US.
We didn't understand that we hadn't hacked anything, and neither did our teachers. Their misplaced awe at our ability to cloak our activities in anonymity was intoxicating.
Most of my cohort then are engineers now.
I worry that as security gets better, opportunities for creativity and exploration go away, which might not bode well for future generations.