***********************************************************
GOODIES TO GO! ™
July 19, 1999 — Newsletter #37
***********************************************************
Please visit https://www.htmlgoodies.com
***********************************************************
Greetings, Weekend Silicon Warrior,
Another week has passed and we again take to the Web-waves
with newsletter number 37!
Did you hear…
…about the “Cult of the Dead Cow”? It’s a group that made
a program introduced at last week’s Defcon Conference in Las
Vegas. The program gives others the ability to infiltrate and
“take over” Microsoft computers. Then it’s up to the person
using it to choose what to do next. We’ll see what happens.
Jeffrey Hunker, director of the Critical Infrastructure
Assurance Office of the National Security Council, has
announced “version 1.0.” That’s a plan backed with just under
one and a half million dollars designed to protect national
computers from hackers and crackers in fiscal year 2000. Many
will see this as a serious defense. Other will simply see it
as throwing down the gauntlet.
By a vote of 404 to 24, and 81 to 18, the House and Senate
passed a measure giving companies 90 days to repair computers
before a Y2K lawsuit can be filed against them. The (now)
bill will suggest mediation over lawsuit. President Clinton
is expected to sign it into law.
Now onto today’s topic…
Two weeks ago, I wrote this paragraph:
“On Monday the 28th of June hackers got in and defaced the
Army’s main Web site www.army.mil. It’s been repaired, but
once again someone has raised the bar and someone else will
have to jump higher. It makes me nervous that soon they’ll
hit something that starts a domino effect that really harms
someone — like hospital records.”
In fact, I led the newsletter with it. Well, very soon after,
the e-mail from some very upset people came pouring in. The
text varied, but the main thrust was that I had used an
incorrect term. The people who altered the Army’s Web site,
claimed the e-mails, were not “hackers” but “crackers.”
This seemed strange to me in that I always thought “hackers”
were people who broke into systems and “crackers” were those
who broke code. I’ve known a couple of pretty clever crackers
who were heavily into finding ways around shareware screens.
So, I looked into it. Wow. There is a great deal written
about this, far more than I expected. Soon my printer was
humming and I was boiling all of this down into bite-sized
bytes of information. Here’s what I found.
There are generally three categories that encompass those
who break into computers. Now, please understand that these
terms are part of what’s known as a “slang” language so the
terms will change as fast as I can set them into stone.
Hacker: One who breaks into a network, server, or personal
computer with the intent to do harm. The purpose of the
entrance is to delete files, place a virus, or otherwise do
bad stuff.
Cracker: One who breaks into a system yet does not want to
cause harm. A cracker follows an unwritten code that nothing
should be harmed or destroyed in their doings. I found a few
pages that described crackers as people in competition with
each other to gather attention or get a message out.
Sneaker: One who is hired by a company to test its computer
defense system. The sneaker basically tries to break in with
permission.
I found one more prevalent term that doesn’t break the groups
into smaller sections: Phreaker. Yes, that’s spelled
correctly. Someone who “phreaks” goes after, for example, a
telephone system with the intent to make free long distant
calls. Hackers, crackers, and sneakers can also be phreakers.
Get it?
The most famous Phreaker must be John Draper, a.k.a. Cap’n
Crunch. Phone company workers used to use a 2600Hrz tone to
authorize phone calls that weren’t to be charged. Draper got
hold of this information and set out to find something that
would reproduce this tone. He found it in a box of Cap’n
Crunch cereal (thus the nickname). A plastic whistle they
were giving away reproduced the tone perfectly.
The messages I received responding to last week’s letter did
their best to show that hackers are very bad people and
crackers are the Robin Hoods of the computer generation. The
main point supporting this was that hackers do damage while
crackers simply use other sites to produce a message. I guess
that depends on your definition of “doing damage.”
Most hackers and crackers work with an alias, but it’s not
like people don’t know who they are. I’m sure most are well
known to others in the computer community. I make that
statement because 2600.com possesses a fantastic collection
of hacked pages. I highly doubt 2600.com were lucky enough
to be there when the pages posted. I have to believe that
the texts were sent to 2600.com by those responsible for the
work.
Here’s an example:
A person or group calling them- (or him- or her-) self “The
Hong Kong Danger Dou and gh” got into the White House Web
server and replaced the home page with the text below:
>>>>>>>>>>>>>>>>>>>
You’re box was 0wn3d.
F*** you.
Look at the interesting things we found in Bill’s personal
files.
Recording #1 Recording #2 Picture
Why did we hack this domain? Simple, we ****ing could. Maybe
this will teach the world a ****ing lesson. Stop all the war.
Concentrate on your own problems. Nothing was damaged, but
we not telling how we got in. Fear the end of the world is
upon us, in a few short months it will all be over. Y2K is
coming.
Following peeps get some shouts:
mosthated
c4thy
Zyklon
Loophole/eliach
All gH
#pascal
hhp
LoU
C.L.N.
LoRtHiC
Caroline Meinel
Tiffany G. – j00 ****ing ****! fjear the p00!
gH World Domination
Fjear. wuz here
>>>>>>>>>>>>>>>>>>>>>
The spelling was just as I found it. In case you’re
wondering, to give “peeps some shouts” means to offer praise
to someone’s friends or cohorts. The recordings and pictures
were no less nasty.
I ask you, was this site hacked, or cracked? No, nothing was
destroyed, but this message stood for a short while. Was that
not damaging? Yes? No? You decide.
There’s no question the people who can do this sort of thing
are amazingly talented and quite intelligent. I guess my
concern is motive. Why do it? Maybe the message above offers
an answer… “because we can.” Why climb Mount Everest?
Because it’s there. Why rob banks? Because that’s where the
money is. Why hack and crack? Because they can.
I was rather impressed with what I saw. A great deal of the
hacked and cracked pages were very funny, the Spice Girls
site knocked me out of my chair. But all the while, all I
could think of was that I pray it doesn’t happen to me.
To those who wrote to me saying I had used the term “hacker”
when I should have used “cracker,” my apologies. I didn’t
know the slang. Now I do and I’m not sure that your definition
of damage and my definition are the same. No, a cracker harms
nothing but the embarrassment suffered by the site is still
a real kick in the teeth.
Still, it’s impressive what they do.
So, look for the back door that can be opened with a key from
the bit bucket and try to further munge spaghetti code using
vaporware, wetware, and a Vulcan nerve pinch before raster
burn sets in.
(Translation: Find a way into someone’s system you can open
with programming found in discarded data and look to further
mess up very complicated code using cutting edge software,
your brain, and a three-key keyboard shortcut before eye
strain sets in from looking at your monitor for too long.)
>>>>>>>>>>>>>>>>>>>>>>>>
And that’s that… thanks for reading.
Joe Burns, Ph.D.
And Remember: Up above I blocked out some words because they
are considered obscene. Well, times change. Did you know that
the word “devil” was once the worst curse word you could call
a person? The word “bankrupt” was once considered so foul
that it was written “b—–pt” even in legal documents.