The Hacker's Home

Monday, August 26, 2013

XSS (Cross Site Scripting) Attack, Part 1(Basics)

XSS (Cross Site Scripting) Attack

*Without going into the history of it, i would like to start with the topic right away.

So, what is a CSS or XSS Attack ?

Cross site scripting is a kind of security vulnerability mostly found in websites with dynamic content, where an attacker injects a client side script like JavaScript, on a webpage, which is to be viewed by other users.

Now the question is: Where to insert such script ?

The answer is simple. You can insert them anywhere in a webpage, where a website accepts some values from the user, like text boxes in a website ( which includes search boxes, comment boxes, shoutboxes etc.) and after injecting them, the website will execute that code, and respond to it accordingly.

TYPES:

Persistent:

In a persistent XSS attack, the injected script remains in the webpage, after you have returned from the page or site (mostly in the case of comment boxes).

Non Persistent:

Script no longer exists on the webpage, after you have returned back from that page.

Dom Based:

When a hacker uses XSS to explore the DOM (Document Object Model) environment of a website.

RedXss:

Attack on the pages using MyCode to hack users on that page.

(Although, Persistent XSS is not much popular, but if successfully done, it can cause more harm than the other three, as because in case of persistent one, the script remains on the webpage and if some other user visits that page, then his private information can be passed on to the hacker. I'll discuss more about it in my next tutorial, regarding the use of Persistent XSS.)

Prerequisites:

IP cloner software
Web browser (i prefer mozilla)

Now, all you need to do is, to open the target website, say www.target.com and in its search box, type the following code:

<script>alert("CHECK1XSS")</script> (---1)

or you can even use this code and type this in the address bar:

www.target.com/search.php?q=<script>alert("CHECK1XSS")</script>

This code will probably display you a message box, saying CHECKIXSS , without quotes. If so, it means that the site is vulnerable to XSS, and if not, then it means that the site is using some filters for the search box, and hence rejects the queries including the characters like quotes.

What next ?? We are stuck up in the middle !!

Yeah, but not exactly. There are ways to bypass such filters.

In the above example, if we somehow manage to remove the quotes, we can get through. But the problem is that we can enter a string value only in quotes. Hence, in this case, we can use the String.fromCharCode() function, as stated below:

<script>alert(String.fromCharCode(67,72,69,67,75,49,88,83,83))</script>

This code will do the same function as our code 1, and what we have done here is that we have converted the whole string to ASCII codes, where 67,72,69,67,75,49,88,83,83 are the ASCII codes for C,H,E,C,K,1,X,S,S respectively.

The code above uses JavaScript, and it is case sensitive. Hence, use the code as it is shown in the example, or else, it won't execute.

What the code is doing, is that it is taking the ASCII values of the characters in the string, i.e. CHECK1XSS, and returning them as a string, to the server.

Okay, enough for now :)

In my next tutorial, i'll be posting on advanced XSS.

Stay tuned...

Wednesday, August 14, 2013

Speeding Up Your PC

OPTIMIZING YOUR PC's SPEED

===========================================================

**To increase computer speed is basically achieving the computer speed and performance consistency.*

===========================================================

Most of the computer problems are the result of viruses, spywares and the registry overload. If proper care is taken in addition to hardware maintenance check, computer performance can be stabilized. No one can afford to loose important data just because of poor computer maintenance. The following steps are provided to help you improve the computer speed performance and increase the life period of your system.

Step 1:

Keep System Clean: Many users fill up almost their entire hard drive with what amounts to junk. This will, over time, compromise the function of the computer.

Step 2:

Beware of advertiser hype: If your system is affected by a fatal error always use the services of a trusted computer repair service provider. Do not rely on advertisers claiming to correct PC errors with a magic wand. It is always better to spot the errors from the beginning. It is possible through self maintenance which also saves time and cost.

Step 3:

Defragment the hard drive: Defragment is one of those words that sends most user’s heads spinning but it’s very easy to understand. Oftentimes, a tech will leave this function running after they’ve completed servicing a PC. The software for doing this is included in Windows and it only takes a button press to start it. Basically, the function cleans up the hard drive so that files are more quickly-accessed.

Step 4:

Install an Anti-virus Software: Viruses are too many. There is always the chance to get infected from them if you use internet. Always have a good antivirus installed on your computer.

Step 5:

Disconnect the internet if virus or a spyware or a trojan is suspected.

Step 6:

Cool your machine: If your computer suddenly starts operating very slowly, check to see if the case feels overly-hot. Especially in hot climates, make sure the computer as adequate air-flow around it. Overheating causes myriad difficulties and the computer bays in most work desks do not provide sufficient air-flow. You can even make use of additional coolong fans for laptops.

Step 7:

Regular Maintenance is the key: Periodically conduct scans for viruses, spywares and the registry errors.

Step 8:

Noting the errors: Errors do happen with the systems. Note them down. Search for their solution on the internet. You will find answer to most of them there.

=========================================================================================================================

DDoS Attack and HoneyPots

Be patient Content to be uploaded soon......

Tracing A Hacker

*The true story of John Maxfield, electronic private eye.

(Appeared in August 1990 issue of PC Computing Magazine, by Rick Manning).

===========================================================

To Catch A Hacker.

The computer crackers and phone phreaks who visited Cable Pair's cluttered

office one August evening in 1983 must have thought they were in heaven.

Cable Pair was a sysop for a hacker forum on the Twilight Phone, a Detroit

area computer bulletin board. The forum had become a meeting place for

members of the Inner Circle, a nationwide hacker group that used words and

swap tips on phone phreaking--getting free use of long-distance phone systems.

Cable Pair's visitors that evening were some of the Inner Circle's most

active members, highly placed in the hacker pecking order. They had come in

response to messages that Cable Pair had posted on the board, inviting them to

take a guided tour of his headquarters, and they were suitably impressed.

Computer equipment was everywhere. The sysop's console consisted of several

terminals connected to a remote Hewlett-Packard minicomputer.

In a back room was a bank of electromechanical telephone switches--old

stuff, but enough to run a phone system for a small town. Cable Pair even had

an official Bell version of the infamous "Blue Box," a device that sends out

the precisely calibrated tones that unlock long distance telephone circuits.

demonstrate the magic box, he keyed in a 2600 cycle per second tone and was

rewarded with the clear whisper of AT&T's long distance circuit.

Then like jazz players in a jam session, group members took turns showing

what they could do. One tapped into AT&T's teleconfrencing system. Another

bragged about how he once nearly had Ron Reagan, Queen Elizabeth, and the pope

on the same conference call.

One hacker's specialty was getting into Arpanet, the advanced research

network that links universities and government agencies, including defense

research centers. "The Wizard of Arpanet sat right there at that keyboard and

hacked into the system," says Cable Pair smiling at the memory. "And we

captured every keystroke."

It was probable Cable Pair's finest hour. He was not, after all just

another hacker. The gathering that evening was the culmination of an elaborate

sting operation.

Outside the office, FBI agents watched everyone who entered and left the

building. A few months after the jam session, police raided homes across the

country. The confiscated computers and disks and charged about a dozen adults

and teenagers with various counts of computer abuse and wire fraud.

Cable Pair was John Maxfield, whose career as an FBI informant had started

a year earlier. Now approaching the age of 50, he is still chasing hackers,

phone phreaks, and computer pirates. When his cover was blown in a hacker

newsletter soon after the office party, he attracted a network of double

agents, people who found it more convenient and safer to work with him than

against him. Some continue to maintain their status in the hacker underground

and pass information to Maxfield.

The nature of Maxfield's calling depends on your frame of reference. If

you've read enough cheap fiction, you might see him as a private dick in a

digital overcoat. Or a stagecoach guard sitting on the strongbox, eyes

scanning the horizon, electron gun across his knees. He refers to the hacker

phenomenon in the nebulous language of Cold War espionage, casting himself in

a spy novel role as a warrior fighting battles that both sides will deny ever

happened.

"He's very good at getting hackers together on one thing," says Eric

Corley, editor of 2600, the hacker publication that fingered Maxfield more

than six years ago. "I can think of nothing that hackers agree on except that

John Maxfield is evil!"

Maxfield responds in kind "Hackers are like electronic cockroaches," he

says. "You can't see them, but they're there, and at night they raid the

refrigerator." Although a lot of hackers are what Maxfield calls "tourists"--

young people who go into a system to simply look around--more sinister

influences often lurk behind them.

"The tourist may go into a system and look around, but when he leaves,

he's got a password and he'll share it with others because he's got an ego and

wants to show how good he is," says Maxfield.

"It's my experience that ever hacker gang has one or more adult members

who direct activities and manipulate the younger ones. What could be better

than to have the naifs doing your dirty work for you? They can open all the

doors and unlock the systems and then you go in and steal space shuttle

plans."

The hackers are one step away from the shadowy world of spies." says

Maxfield. "Some have deliberately sought out and made contact with the KGB."

Maxfield wasn't suprised at all when West German police announced in March

1988 that they had arrested a group of computer hackers who used overseas

links to U.S. computer networks to steal sensitive data. And he thinks

computer companies and corporations haven't learned much about securing their

systems. "There are more interconnections," he says "and that leads to more

vulnerability."

A good example was the worm that Robert T. Morris Jr., unleashed in Nov

1988 through the Unix based Internet research and defense network that shut

down more than 6000 computers.

"The hackers will tell you that this kind of thing is just a practical

joke, a harmless prank. But in can do some very serious damage," says

Maxfield. Computer systems experts who testified at Morris's trial last Jan.

estimated that the cost of cleaning up after the chaos wreaked by the Unix

worm was $15 million!.

The information that Maxfield collects about these computer pranksters and

criminals goes into a database that he maintains to help him identify

hackers and monitor their activities. Maxfield tracks the phone phreaks'

identities and aliases to help his clients, who are managers at large

corporations, credit card companies, and telephone companies--business people

who feel the need to protect their electronic goods and services.

What can Maxfield do for them? If a corporation's phone system is abused

by unauthorized users or if its computer system is invaded by hackers, he can

conduct an investigation and advise the company on how to contain the problem.

He can also tell them where their system is vulnerable and what to do about

it.

Most of the hackers whose names and aliases are in Maxfield's database

probably are pranksters, teenagers attracted by the danger and excitement of

electronic lock-picking. Their activities would remain mostly benign, Maxfield

says, if it weren't for the organized online groups and the criminally-minded

adults that urge them on.

"That's the real threat," he says. "It's not the pranksters so much as

the

people they're associated with. The people who don't run bulletin boards, who

don't brag openly about what they can do.

Maxfield could easily have become one of the hackers he now fights against

As a teenager growing up in Ann Arbor, Michigan, in the late 1950's he had a

comsuming passion for telephones and computers. During the summer he worked

for an independent phone equipment manufacturer and spent time hanging around

the offices of Michigan Bell. He also made some friends within Bell.

Naturally curious, Maxfield experimented with his telephone at home and

learned how to blow fuses at distant switching stations and even how to shut

down whole portions of an exchange. By studying AT&T technical journals used

on his job and by picking up technical information from his contacts at Bell,

he learned how to make his own blue box. In 1961, when dirrect dial service

reached Ann Arbor, Maxfield was finally able to test his discovery.

Maxfield was shocked when he realized he could make long-distance phone

calls for free. He called a friend at the phone company, and he mentioned his

triumph to other friends. Maxfield's discovery attracted the attention of some

people who offered to pay him $350 each for 1000 blue boxes.

Word also got back to AT&T special audit inspectors through the friend at

Michigan Bell. After paying Maxfield a visit, the inspectors let him off with

a warning, but not before suggesting that it was probably the Mafia that

wanted to buy the boxes.

"They said the records of the bookmakers' long distance calls get them

convicted in court," Maxfield recalls. If bookmakers manage to evade the

telephone company's billing equipment, of course, they not only avoid having

pay for the long-distance calls they make, there are no records that federal

prosecutors can use against them.

Maxfield's prototype blue box took a midnight swim of a Huron bridge, and

the kid stayed out of trouble after that. For the next 20 years he channeled

his electronic expertise into fixing and installing phone equipment.

In fact, Maxfield's career as a counterhacker began quite innocently, in

1978, when he helped a local computer club start one of the nations first

electronic bulletin boards. Four years later, the FBI cam looking for pirated

software.

"I knew the pirated software wasn't in the clubs, but I also knew about

pirate bulletin boards that had sprung up in the area," Maxfield recalls. So

he printed out some of the messages from the pirate boards and took them to

the local FBI office in 1982.

The FBI scarcely knew what to make of all of the information that Maxfield

handed them. "They were still keeping records on 3X5 index cards!" he says.

But the bureau offered to compensate Maxfield for his expenses if he would

monitor the hacker bulletin boards and report to them.

Maxfield accepted. The arrangement gave him what every hacker and phone

phreak would love to have...a license to hack. He could call anywhere in the

world or attack any computer and not worry about the consequences.

Maxfield might still be undercover for the FBI today if he and his contact

at the bureau had kept their mouths shut and not underestimated the

resourcefulness of the hackers.

Following the success of his 1983 office party and the resulting raids,

Maxfield, still undercover, got involved with a New York hacker group that had

take control of a corporate voice-mail system.

Against the FBI's advice, Maxfield tipped off the voice-mail system

administrator, leaving a message urging him to contact the FBI. "What I didn't

know as that the hackers also had access to the system administrator's account

so they got the message first." Maxfield says.

One of the gang members, posing as the system administrator, called the

FBI and learned enough to identify Maxfield. A story about Cable Pair's

involvement with he government appeared in the first issue of 2600 in January

1984.

"We thought Cable Pair would be a promising contributor to this

publication," the story concluded. "Instead we learned a valuable lesson:

Don't trust ANYBODY."

"That's when the shit hit the fan," recalls Maxfield. "I was burned six

ways from Sunday.

"My phone was ringing off the hook with death threats," he says. "The

hackers were after me, and even the FBI didn't like me for a while."

"It was an ignorminious finish to Maxfield's underground activities for

the government, but it launched his career as a consultant and electronic

private eye. Several hackers who were worried about how much Maxfield know

about their activities offered to become his double agents. "Some were even

more highly placed than I was, and a couple of those people are still good

sources today."

"Hacker groups are like street gangs," he says: the hierarchy changes all

the time, and the organization is very loose.

One way to get to the top of this shifting hierarchy is to be a sysop for

a pirate bulletin board, as Cable Pair was. Another way is to boast online

about hacking exploits ("Well, I hacked into NASA's network and figured out

how to alter the course of the Hubble Space Telescope...") or to post a lot of

pirated information on the system.

Maxfield uses the hackers' own techniques to penetrate their private

bulletin board systems. "It's a mind game," he explains. "Hackers will seek me

out and feed me information about someone they hate or someone higher placed

that they are" just to get them out of the way. They're "absolute anarchists,"

says Maxfield.

While Maxfield is watching the hackers, the hackers are watching him. Says

Corley, "We have a nice thick file folder on him."

Maxfield keeps more than file folders. His database which has entries on

about 6000 suspected hackers and phone phreaks, is cross-referenced by name,

alias, phone number, gang associations, and criminal arrest record for phone

fraud. He also tracks the names and numbers of pirate BBS's--and it's all at

his fingertips.

Maxfield downloads information from his database directly to some clients.

Others receive his periodical, which reports on hacker activities and lists

phone numbers of active hackers and pirate bulletin boards. Companies that

suspect illegal phone activity can use the list like a reverse phone

directory, comparing phone numbers on their bills against the list to isolate

the BBS from which the perpetrator is operating. Then they can work on

preparing a case for law enforcement. Very often, the same perpetrators tap

into the same system over and over, and companies that wish to prosecute must

assemble evidence over a considerable period.

Sometimes Maxfield gets involved directly, but he says he is "not a bounty

hunter" and claims that he'll tip off corporations or phone companies about

security breaches even if they aren't clients.

He'll even help AT&T, although his relations with the company are

strained. "They still think I'm one of the bad guys."

Other's in the industry, however, find Maxfield's work helpful and

valuable.

"I put a lot of trust in the work he does," says Donn Parker, a computer

crime expert at SRI International, in Menlo Park, California, and a regular

subscriber to Maxfield's reports. "He does a very good job of keeping track of

the malicious hackers and the phone phreak community."

Maxfield often conducts computer security seminars for corporate clients

and government agencies. He can alert corporate clients to weak spots in their

systems and advise them on how to tighten their electronic security. He tells

his clients that networks are particularly vulnerable to invasion because

"when you network systems together, it's like a chain, and you need only

attack the weakest link. All you need is one site with poor security and you

have a loophole."

Data sent over the telephone lines can also be tapped. "Some people sit on

a telephone pole or in a car holding a laptop computer wired directly into the

phone lines, picking off data and passwords," he says.

"Computer security isn't a computer problem, It's a people problem," says

Maxfield. "And people just aren't security-conscious. The leave doors

unlocked, and they write their passwords down and tape them to the fronts of

their terminals.

"We have the technical knowledge to secure these systems. We know how to

keep the hackers out, but it's a problem of implementation. It's expensive,

and it makes the system harder to use."

"Any system that's user-friendly," cautions Maxfield, "is also hacker-

friendly."

Maxfield is as addicted to his profession as the hacerks are to their

online capers. Even if he wanted to quit the business, he says, he couldn't:

"The hackers just won't leave me alone."

Maxfield admits that sometimes it's a little scary to be the Lone Ranger

out there. Much of what he's seen and worked on can't be discussed for fear

that hackers will be onto what he's doing. But, he says, that problem is dire,

and "we've got to wake people up to this. We need to increase corporate

awareness, law enforcement awareness, and public awareness. Computer

manufacturers need to think about designing systems that are more secure, and

the phone system needs to rethink its entire network design."

And so Maxfield feels an obligation to continue his crusade. He knows too

much to stop now.

A little info......

This article is one of many controversial articles that is being

debated on the Master Control Program BBS. File retyped on 7/19/90 by user #1

of the MCP.

I am not the owner of this report.

Guide To Harmless Hacking.

Guide to harmless hacking

Computer Hacking: Where did it begin and how did it grow.

If you wonder what it was like in days of yore, ten, twenty, thirty years

ago, how about letting and old lady tell you the way it used to be.

Where shall we start? Seventeen years ago and the World Science Fiction

Convention in Boston, Massachusetts? Back then the World Cons were the

closest thing we had to hacker conventions.

Picture 1980. Ted Nelson is running around with his Xanadu guys: Roger

Gregory, H. Keith Henson (now waging war against the Scientologists) and K.

Eric Drexler, later to build the Foresight Institute. They dream of creating

what is to become the World Wide Web. Nowadays guys at hacker cons might

dress like vampires. In 1980 they wear identical black baseball caps with

silver wings and the slogan: "Xanadu: wings of the mind." Others at World

Con are a bit more underground: doing dope, selling massages, blue boxing

the phone lines. The hotel staff has to close the swimming pool in order to

halt the sex orgies. Oh, but this is hardly the dawn of hacking. Let's look at the Boston area

yet another seventeen years further back, the early 60s. MIT students are

warring for control of the school's mainframe computers. They use machine

language programs that each strive to delete all other programs and seize

control of the central processing unit. Back then there were no personal

computers.

In 1965, Ted Nelson, later to become leader of the silver wing-headed

Xanadu gang at the 1980 Worldcon, first coins the word "hypertext" to

describe what will someday become the World Wide Web. Nelson later spreads

the gospel in his book Literacy Online.

But in 1965 the computer is widely feared as a source of Orwellian powers.

Yes, as in George Orwell's ominous novel , "1984," that predicted a future

in which technology would squash all human freedom. Few are listening to

Nelson. Few see the wave of free-spirited anarchy the hacker culture is

already unleashing. But LSD guru Timothy Leary's daughter Susan begins to

study computer programming. Around 1966, Robert Morris Sr., the future NSA chief scientist, decides to

mutate these early hacker wars into the first "safe hacking" environment. He

and the two friends who code it call their game "Darwin." Later "Darwin"

becomes "Core War," a free-form computer game played to this day by some of

the uberest of uberhackers.

Let's jump to 1968 and the scent of tear gas. Wow, look at those rocks

hurling through the windows of the computer science building at the

University of Illinois at Urbana-Champaign! Outside are 60s antiwar

protesters. Their enemy, they believe, are the campus' ARPA-funded

computers. Inside are nerdz high on caffeine and nitrous oxide. Under the

direction of the young Roger Johnson, they gang together four CDC 6400s and

link them to 1024 dumb vector graphics terminals. This becomes the first

realization of cyberspace: Plato.

1969 turns out to be the most portent-filled year yet for hacking.

In that year the Defense Department's Advanced Research Projects Agency

funds a second project to hook up four mainframe computers so researchers

can share their resources. This system doesn't boast the vector graphics of

the Plato system. Its terminals just show ASCII characters: letters and

numbers. Boring, huh?

But this ARPAnet is eminently hackable. Within a year, its users hack

together a new way to ship text files around. They call their unauthorized,

unplanned invention "email." ARPAnet has developed a life independent of its

creators. It's a story that will later repeat itself in many forms. No one

can control cyberspace. They can't even control it when it is just four

computers big.

Also in 1969 John Goltz teams up with a money man to found Compuserve using

the new packet switched technology being pioneered by ARPAnet. Also in 1969

we see a remarkable birth at Bell Labs as Ken Thompson invents a new

operating system: Unix. It is to become the gold standard of hacking and the

Internet, the operating system with the power to form miracles of computer

legerdemain.

In 1971, Abbie Hoffman and the Yippies found the first hacker/phreaker

magazine, YIPL/TAP (Youth International Party -- Technical Assistance

Program). YIPL/TAP essentially invents phreaking -- the sport of playing

with phone systems in ways the owners never intended. They are motivated by

the Bell Telephone monopoly with its high long distance rates, and a hefty

tax that Hoffman and many others refuse to pay as their protest against the

Vietnam War. What better way to pay no phone taxes than to pay no phone bill

at all? Blue boxes burst onto the scene. Their oscillators automate the whistling

sounds that had already enabled people like Captain Crunch (John Draper) to

become the pirate captains of the Bell Telephone megamonopoly. Suddenly

phreakers are able to actually make money at their hobby. Hans and Gribble

peddle blue boxes on the Stanford campus.

In June 1972, the radical left magazine Ramparts, in the article

"Regulating the Phone Company In Your Home" publishes the schematics for a

variant on the blue box known as the "mute box." This article violates

Californian State Penal Code section 502.7, which outlaws the selling of

"plans or instructions for any instrument, apparatus, or device intended to

avoid telephone toll charges." California police, aided by Pacific Bell

officials, seize copies of the magazine from newsstands and the magazine's

offices. The financial stress leads quickly to bankruptcy.

As the Vietnam War winds down, the first flight simulator programs in

history unfold on the Plato network. Computer graphics, almost unheard of in

that day, are displayed by touch-sensitive vector graphics terminals.

Cyberpilots all over the US pick out their crafts: Phantoms, MIGs, F-104s,

the X-15, Sopwith Camels. Virtual pilots fly out of digital airports and try

to shoot each other down and bomb each others' airports. While flying a

Phantom, I see a chat message on the bottom of my screen. "I'm about to

shoot you down." Oh, no, a MIG on my tail. I dive and turn hoping to get my

tormentor into my sights. The screen goes black. My terminal displays the

message "You just pulled 37 Gs. You now look more like a pizza than a human

being as you slowly flutter to Earth."

One day the Starship Enterprise barges in on our simulator, shoots everyone

down and vanishes back into cyberspace. Plato has been hacked! Even in 1973

multiuser game players have to worry about getting "smurfed"! (When a hacker

breaks into a multiuser game on the Internet and kills players with

techniques that are not rules of the game, this is called "smurfing.")

1975. Oh blessed year! Under a Air Force contract, in the city of

Albuquerque, New Mexico, the Altair is born. Altair. The first

microcomputer. Bill Gates writes the operating system. Then Bill's mom

persuades him to move to Redmond, CA where she has some money men who want

to see what this operating system business is all about.

Remember Hans and Gribble? They join the Home Brew Computer club and choose

Motorola microprocessors to build their own. They begin selling their

computers, which they brand name the Apple, under their real names of Steve

Wozniak and Steve Jobs. A computer religion is born.

The great Apple/Microsoft battle is joined. Us hackers suddenly have boxes

that beat the heck out of Tektronix terminals.

In 1978, Ward Christenson and Randy Suess create the first personal

computer bulletin board system. Soon, linked by nothing more than the long

distance telephone network and these bulletin board nodes, hackers create a

new, private cyberspace. Phreaking becomes more important than ever to

connect to distant BBSs.

Also in 1978, The Source and Compuserve computer networks both begin to

cater to individual users. "Naked Lady" runs rampant on Compuserve. The

first cybercafe, Planet Earth, opens in Washington, DC. X.25 networks reign

supreme.

Then there is the great ARPAnet mutation of 1980. In a giant leap it moves

from Network Control Protocol to Transmission Control Protocol/Internet

Protocol (TCP/IP). Now ARPAnet is no longer limited to 256 computers -- it

can span tens of millions of hosts! Thus the Internet is conceived within

the womb of the DoD's ARPAnet. The framework that would someday unite

hackers around the world was now, ever so quietly, growing. Plato fades,

forever limited to 1024 terminals.

Famed science fiction author Jerry Pournelle discovers ARPAnet. Soon his

fans are swarming to find excuses -- or whatever -- to get onto ARPAnet.

ARPAnet's administrators are surprisingly easygoing about granting accounts,

especially to people in the academic world.

ARPAnet is a pain in the rear to use, and doesn't transmit visuals of

fighter planes mixing it up. But unlike the glitzy Plato, ARPAnet is really

hackable and now has what it takes to grow. Unlike the network of hacker

bulletin boards, people don't need to choose between expensive long distance

phone calls or phreaking to make their connections. It's all local and it's

all free.

That same year, 1980, the "414 Gang" is raided. Phreaking is more

hazardous than ever.

In the early 80s hackers love to pull pranks. Joe College sits down at his

dumb terminal to the University DEC 10 and decides to poke around the campus

network. Here's Star Trek! Here's Adventure! Zork! Hmm, what's this program

called Sex? He runs it. A message pops up: "Warning: playing with sex is

hazardous. Are you sure you want to play? Y/N" Who can resist? With that "Y"

the screen bursts into a display of ASCII characters, then up comes the

message: "Proceeding to delete all files in this account." Joe is weeping,

cursing, jumping up and down. He gives the list files command. Nothing!

Zilch! Nada! He runs to the sysadmin. They log back into his account but his

files are all still there. A prank.

In 1983 hackers are almost all harmless pranksters, folks who keep their

distance from the guys who break the law. MITs "Jargon file" defines hacker

as merely "a person who enjoys learning about computer systems and how to

stretch their capabilities; a person who programs enthusiastically and

enjoys dedicating a great deal of time with computers."

1983 the IBM Personal Computer enters the stage powered by Bill Gates'

MS-DOS operating system. The empire of the CP/M operating system falls.

Within the next two years essentially all microcomputer operating systems

except MS-DOS and those offered by Apple will be dead, and a thousand

Silicon Valley fortunes shipwrecked. The Amiga hangs on by a thread. Prices

plunge, and soon all self-respecting hackers own their own computers.

Sneaking around college labs at night fades from the scene.

In 1984 Emmanuel Goldstein launches 2600: The Hacker Quarterly and the

Legion of Doom hacker gang forms. Congress passes the Comprehensive Crime

Control Act giving the US Secret Service jurisdiction over computer fraud.

Fred Cohen, at Carnegie Melon University writes his PhD thesis on the brand

new, never heard of thing called computer viruses. 1984. It was to be the year, thought millions of Orwell fans, that the

government would finally get its hands on enough high technology to become

Big Brother. Instead, science fiction author William Gibson, writing

Neuromancer on a manual typewriter, coins the term and paints the picture of

"cyberspace." "Case was the best... who ever ran in Earth's computer matrix.

Then he doublecrossed the wrong people..."

In 1984 the first US police "sting" bulletin board systems appear.

The 80s are the war dialer era. Despite ARPAnet and the X.25 networks, the

vast majority of computers can only be accessed by discovering their

individual phone lines. Thus one of the most treasured prizes of the 80s

hacker is a phone number to some mystery computer.

Computers of this era might be running any of dozens of arcane operating

systems and using many communications protocols. Manuals for these systems

are often secret. The hacker scene operates on the mentor principle. Unless

you can find someone who will induct you into the inner circle of a hacker

gang that has accumulated documents salvaged from dumpsters or stolen in

burglaries, you are way behind the pack. Kevin Poulson makes a name for

himself through many daring burglaries of Pacific Bell.

Despite these barriers, by 1988 hacking has entered the big time. According

to a list of hacker groups compiled by the editors of Phrack on August 8,

1988, the US hosts hundreds of them.

The Secret Service covertly videotapes the 1988 SummerCon convention.

In 1988 Robert Tappan Morris, son of NSA chief scientist Robert Morris Sr.,

writes an exploit that will forever be known as the Morris Worm. It uses a

combination of finger and sendmail exploits to break into a computer, copy

itself and then send copy after copy on to other computers. Morris, with

little comprehension of the power of this exponential replication, releases

it onto the Internet. Soon vulnerable computers are filled to their digital

gills with worms and clogging communications links as they send copies of

the worms out to hunt other computers. The young Internet, then only a few

thousand computers strong, crashes. Morris is arrested, but gets off with

probation.

1990 is the next pivotal year for the Internet, as significant as 1980 and

the launch of TCP/IP. Inspired by Nelson's Xanadu, Tim Berners-Lee of the

European Laboratory for Particle Physics (CERN) conceives of a new way to

implement hypertext. He calls it the World Wide Web. In 1991 he quietly

unleashes it on the world. Cyberspace will never be the same. Nelson's

Xanadu, like Plato, like CP/M, fades.

1990 is also a year of unprecedented numbers of hacker raids and arrests.

The US Secret Service and New York State Police raid Phiber Optik, Acid

Phreak, and Scorpion in New York City, and arrest Terminus, Prophet,

Leftist, and Urvile.

The Chicago Task Force arrests Knight Lightning and raids Robert Izenberg,

Mentor, and Erik Bloodaxe. It raids both Richard Andrews' home and business.

The US Secret Service and Arizona Organized Crime and Racketeering Bureau

conduct Operation Sundevil raids in Cincinnatti, Detroit, Los Angeles,

Miami, Newark, Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose,

and San Francisco. A famous unreasonable raid that year was the Chicago Task

Force invasion of Steve Jackson Games, Inc.

June 1990 Mitch Kapor and John Perry Barlow react to the excesses of all

these raids to found the Electronic Frontier Foundation. Its initial purpose

is to protect hackers. They succeed in getting law enforcement to back off

the hacker community.

In 1993, Marc Andreesson and Eric Bina of the National Center for

Supercomputing Applications release Mosaic, the first WWW browser that can

show graphics. Finally, after the fade out of the Plato of twenty years

past, we have decent graphics! This time, however, these graphics are here

to stay. Soon the Web becomes the number one way that hackers boast and

spread the codes for their exploits. Bulletin boards, with their tightly

held secrets, fade from the scene.

In 1993, the first Def Con invades Las Vegas. The era of hacker cons moves

into full swing with the Beyond Hope series, HoHocon and more.

1996 Aleph One takes over the Bugtaq email list and turns it into the first

public "full disclosure" computer security list. For the first time in

history, security flaws that can be used to break into computers are being

discussed openly and with the complete exploit codes. Bugtraq archives are

placed on the Web.

In August 1996 I start mailing out Guides to (mostly) Harmless Hacking.

They are full of simple instructions designed to help novices understand

hacking. A number of hackers come forward to help run what becomes the Happy

Hacker Digest.

1996 is also the year when documentation for routers, operating systems,

TCP/IP protocols and much, much more begins to proliferate on the Web. The

era of daring burglaries of technical manuals fades.

In early 1997 the readers of Bugtraq begin to tear the Windows NT operating

system to shreds. A new mail list, NT Bugtraq, is launched just to handle

the high volume of NT security flaws discovered by its readers.

Self-proclaimed hackers Mudge and Weld of The L0pht, in a tour de force of

research, write and release a password cracker for WinNT that rocks the

Internet. Many in the computer security community have come far enough along

by now to realize that Mudge and Weld are doing the owners of NT networks a

great service.

Thanks to the willingness of hackers to share their knowledge on the Web,

and mail lists such as Bugtraq, NT Bugtraq and Happy Hacker, the days of

people having to beg to be inducted into hacker gangs in order to learn

hacking secrets are now fading.

Where next will the hacker world, you hold the answer to that in your hands !!