bookssland.com » Computers » Approaching Zero - Paul Mungo (books to read to increase intelligence .txt) 📗

Book online «Approaching Zero - Paul Mungo (books to read to increase intelligence .txt) 📗». Author Paul Mungo



1 ... 8 9 10 11 12 13 14 15 16 ... 40
Go to page:
that, put simply, boils down to “Look, but don’t touch.” Hackers,

according to this code, may break into computers or computer networks with

impunity, but should not tamper with files or programs.

 

In the real world it rarely works like that. Though hackers see themselves as a

useful part of the system, discovering design flaws and security deficiencies,

the urge to demonstrate that a particular computer has been cracked tempts

hackers to leave evidence, which involves tampering with the computer. The

ethical code is easy to overlook, and sometimes tampering can become malicious

and damaging.

 

For the authorities, the whole thing is a giant can of worms. Patrolling the

access points and communications webs that make up Worldnet is an impossible

task; in the end, policing in the information age is necessarily reactive.

Adding to the problems of the authorities is the increasing

internationalization of the computer underground. Laws are formed to cover

local conditions, in which the crime, the victim, and the perpetrator share a

common territory. International crime, in which the victim is in America, say,

and the perpetrator in Europe, while the scene of the crime—the computer that

was violated—may be located in a third country, makes enforcement all the more

difficult. Police agencies only rarely cooperate internationally, language

differences create artificial barriers, and the laws and legal systems are

never the same.

 

Still, the authorities are bound to try. The argument that began as the

information age dawned, encapsulated in Stephen Levy’s uncompromising view that

access to data should be “unlimited and total,” has never ended. The

government, corporations, and state agencies will never aliow unlimited access

for very obvious reasons: state security, the privacy of individuals, the

intellectual property conventions … the list goes on and on. In all western

countries, hacking is now illegal; the theft of information from computers, and

in some cases even unauthorized access, is punishable by fines and jail

sentences. The position is rigid and clear: the computer underground is a

renegade movement, in conflict with the authority of the state.

 

But there are still good hackers and bad hackers. And it is even true that

sometimes hackers can be helpful to the authorities—or at least, it’s happened

once. A hacker named Michael Synergy (he has legally changed his name to his

handle) once broke into the computer system at a giant credit agency that holds

financial information on 80 million Americans, to have a look at then president

Ronald Reagan’s files. He located the files easily and discovered sixty-three

other requests for the president’s credit records, all logged that day from

enquirers with unlikely names. Synergy also found something even odder—a group

of about seven hundred people who all appeared to hold one specific credit

card. Their credit histories were bizarre, and to Synergy they all seemed to

have appeared out of nowhere, as if “they had no previous experience.” It then

occurred to him that he was almost certainly looking at the credit history—and

names and addresses—of people who were in the U.S. government’s Witness Protection

Program.

 

Synergy, a good citizen, notified the FBI about the potential breach of the

Witness Program’s security. That was hacker ethics. But not every hacker is as

good a citizen.

Chapter 3 DATA CRIME

Pat Riddle has never claimed to be a good citizen. He is proud of being the

first hacker in America to be prosecuted. Even now, as a thirty-four-yearold

computer security consultant, he is fond of describing cases he has worked on

in which the law, if not actually broken, is overlooked. “I’ve never been

entirely straight,” he says.

 

As a child growing up in a suburb of Philadelphia, he, like most hackers, was

fascinated by technology. He built model rockets, played with electronics, and

he liked to watch space launches. When he became a little older, his interests

turned to telecommunications and computers.

 

Pat and his friends used to rummage through the garbage left outside the back

doors of phone company offices for discarded manuals or internal memos that

would tell them more about the telephone system—a practice known as dumpster

diving. He learned how to make a “butt set,” a portable phone carried by phone

repairmen to check the lines, and first started “line tapping”—literally,

listening in on telephone calls—in the early 1970s, when he was fourteen or

fifteen.

 

The butt set he had built was a simple hand-held instrument with a dial on the

back and two alligator clips dangling from one end. All the materials he used

were purchased from hardware and electronics stores. To line-tap, he would

search out a neighborhood telephone box where the lines for all the local phones come together.

Every three-block area, roughly, has one, either attached to a telephone pole

or freestanding. Opening the box with a special wrench—also available from

most good hardware stores—he would attach the clips to two terminals and

listen in on conversations.

 

Sometimes, if the telephone box was in a public area, he would run two long

wires from the clips so that he could sit behind the bushes and listen in on

conversations without getting caught. To find out whose phone he was listening

to, he would simply use his butt set to call the operator and pretend to be a

lineman. He would give the correct code, which he had learned from his hours of

dumpster diving, and then ask, “What’s this number?” Despite being fourteen, he

was never refused. “So long as you know the lingo, you can get people to do

anything,” Pat says.

 

The area where he grew up was a dull place, however, and he never heard

anything more interesting than a girl talking to her date. “It was basically

boring and mundane,” he says, “but at that age any tittle-tattle seemed

exciting.”

 

Pat learned about hacking from a guy he met while shoplifting electronic parts

at Radio Shack. Doctor Diode, as his new friend was called, didn’t really know

much more about hacking than Pat, but the two of them discovered the procedures

together. They began playing with the school’s computer, and then found that

with a modem they could actually call into a maintenance port—a dial-up—at

the phone company’s switching office. The phone company was the preferred

target for phreakers-turned-hackers: it was huge, it was secretive, and it was

a lot of fun to play on.

 

Breaking into a switch through a maintenance port shouldn’t have been easy, but

in those days security was light. “For years and years the phone company never

had any problems because they were so secret,” Pat says. “They never expected

anyone to try to break into their systems.” The switch used an operating system

called UNIX, designed by the phone company, that was relatively simple to use.

“It had lots of menus,” recalls Pat with satisfaction. Menus are the lists of

functions and services available to the computer user, or in this case, the

computer hacker. Used skillfully, menus are like a map of the computer.

 

As Pat learned his way around the switch, he began to play little jokes, such

as resetting the time. This, he says, was absurdly simple: the command for the

clock was Time. Pat would reset the clock from a peak time—when telephone

charges were highest—to an off-peak time. The clock controlled the telephone

company’s charges, so until the billing department noticed it was out of

kilter, local telephone users enjoyed a period of relatively inexpensive

calls. He also learned how to disconnect subscriber’s phones and to manipulate

the accounts files. The latter facility enabled him to “pay” bills, at first at

the phone company and later, he claims, at the electric company and at credit

card offices. He would perform this service for a fee of 10 percent of the

bill, which became a useful source of extra income.

 

He also started to play on the Defense Department’s Advanced Research Projects

Agency (ARPA) computer network. ARPANET was the oldest and the largest of the

many computer nets—webs of interconnected mainframes and workstations—that

facilitated the Defense Department’s transfer of data. ARPANET was conceived in

the 1950s—largely to protect the ability of the U.S. military to communicate

after a nuclear strike—and finally established in the late 1960s. It

eventually linked about sixty thousand computers, or nodes, and interacted with

other networks, both in the United States and elsewhere in the world, making it

an integral part of Worldnet. Most universities, research centers, defense

contractors, military installations, and government departments were connected

through ARPANET . Because there was no “center” to the system, it functioned

like a highway network, connecting each node to every other; accessing it at

one point meant accessing the whole system.

 

Pat used to commune regularly with other hackers on pirate bulletin boards,

where he exchanged information on hacking sites, known computer dial-ups, and

sometimes even stolen IDs

and passwords. From one of these pirate boards he obtained the dial-up numbers

for several ARPANET nodes.

 

He began his hack of ARPANET by first breaking into Sprint, the long-distance

phone carrier. He was looking for long-distance access codes, the five-digit

numbers that would get him onto the long-distance lines for free. In the old

days he could have used a blue box, but since then the phone system had become

more sophisticated. Blue boxes were said to have been killed off once and for

all in 1983 when Bell completed the upgrading of its system to what is called

Common Channel Interoffice Signaling (CCIS). Very simply, CCIS separates the

signaling—the transmission of the multifrequency tones—from the voice lines.’

To get the codes he wanted, Pat employed a technique known as war-dialing, in

which a program instructs the computer to systematically call various

combinations of digits until it finds a “good” one, a valid access code. The

system is crude but effective; a few hours spent war-dialing can usually garner

a few good codes.

 

These long-distance codes are necessary because of the timeconsuming nature of

hacking. It takes patience and persistence to break into a target computer, but

once inside, there is a myriad of menus and routes to explore, to say nothing

of other linked computers to jump to. Hackers can be on the phone for hours,

and whenever possible, they make certain their calls are free.

 

Pat’s target was an ARPANET-linked computer at MIT, a favorite for hackers

because at that time security was light. In common with many other

universities, MIT practiced a sort of open access, believing that its computers

were there to be used. The difficulty for MIT, and other computer operators, is

that if security is light, the computers are abused, but if security is tight,

they become more difficult for even authorized users to access.

 

Authorized users are given a personal ID and a password, which hackers spend a

considerable amount of time collecting through pirate bulletin boards, peering

over someone’s shoulder in an office, or “dumpster diving.” But exploiting a

computer’s default log-ins and passwords can often be even simpler—as Nick

Whiteley discovered when he hacked in to the QMC computer for the first time. A

common default is “sysmaint,” for systems maintenance, used as both the log-in

and the password. Accessing a machine with this default would require no more

than typing “sysmaint” at the log-in prompt and then again at the password

prompt. Experienced hackers also know that common commands such as “test” or

“help” are also often used as IDs and passwords.

 

Pat first accessed ARPANET by using a default code. “Back then there was no

real need for security,” he says. “It was all incredibly simple. Computers were

developed for human beings to use. They have to be simple to access because

humans are idiots.”

 

ARPANET became a game for him—he saw it as “a new frontier to play in.” He

jumped from computer to computer within the system,

1 ... 8 9 10 11 12 13 14 15 16 ... 40
Go to page:

Free e-book «Approaching Zero - Paul Mungo (books to read to increase intelligence .txt) 📗» - read online now

Comments (0)

There are no comments yet. You can be the first!
Add a comment