My FBI file was for hacking into my school district's AS/400 that handled my school's attendance and grading system. Somehow using a public IP address with no access restrictions allowed a clear telnet path in from home. Compounding username and passwords that were all the same for every employee. I didn't change a thing, just LOLed and told someone. Bad mistake.
This was the late 90s.
Oh well, 2 week suspension and kicked off the computers for less than a year. A nice conference with FBI, police, my parents, IT and school administration. Fun times.
I learned my lesson to not talk about such things because their egoes were too fragile.
When they decided to give students in their website design class ftp accounts on the district wide web/email server running an ancient version of Debian, they didn't disable the shell, just added a login script to a menu for pine, etc. for people who telnetted in, which I'm sure the sysadmin was proud of. However, a few fast CTRL-C's broke out of his script menu loop and got me a shell, and they didn't shadow protect their password files. Ran it through john the ripper and had half the district's e-mail passwords in a default dictionary file including the root pw in a few minutes. LOLed and never told anyone about that.
I had sysadmin rights on my school’s Windows servers after some very simple social engineering (for a 10 year old). The real irony was that I was called to the principal’s office on multiple occasions because I seemed to be able to fix things on the network that the local “admin” (e.g. music teacher) couldn’t.
Fun times indeed.
It completely ruined my respect for authority figures. Which in retrospect has been the most valuable outcome from being the local “that kid from Wargames”
This reminds of a Costco bug I discovered, it appears that they fixed it lol.
So, Costco runs AS/400 in stores, and their online store is in .Net MVC. I worked with both technologies and often have to communicate with AS/400 devs and they are close to their retirement so little fucks are given. Plus, working with DB2 is annoying in general, the .NET data provider from IBM is expensive and sucks.
Now onto the bug, when you purchased items online at a discount, you were able to return to store at a full price as their systems were not communicating that a discount was applied. I returned several items, but did not realize until I bought a laptop that was $400 off and tried returning it. I ended up calling Costco and letting them know. Unfortunately, they didn't give me any lifetime membership or a good citizen award.
If any Costco devs read this and know about this send me some love.
> I learned my lesson to not talk about such things
I like how you shared how you learned lesson to not share mischievous activities with people in the same post you then go and share more things you haven't been caught for.
This is going on your permanent school record! /s
That's great. I know even as of recent of 2021 I've seen some places that had 0 security on things.
When I was 11 or 12 we had a bunch of old Windows (2000?) boxes with a shared network folder — all the students' files were in the same folder. I had just learned about basic batch file "programming" so I made one called Change Your Grades Click Here!!.bat which asked for your username and password (we had individual accounts on the Mac computers) and saved them to a hidden text file in the same folder. Most people didn't fall for it, but I got one girl's login that actually worked, which scared the shit out of me, and I deleted the program. (I really wanted to tell her that "emma" is not a good password, but I thought it wouldn't turn out well for me.)
A few years later, I cracked the admin password (with a Ophcrack live USB) for a silly reason: they had the machines mostly locked down, and I wanted to change the desktop background hahah. I remember being quite disappointed in the sysadmins that the admin password for all the machines in school was a common dictionary word, cracked in 30 seconds.
Oh, once I met a guy who identified as a "hacker" (in the sense of breaking into systems illegally) and he told me (then a young teen) to "have my fun" before I turned 18 and then to stop, which in retrospect was very good advice.
> I learned my lesson to not talk about such things because their egoes were too fragile.
At my university in the early 90s I went the white hat route and had tons of fun. I managed to convince the computing center folks to give me a student job in the Unix group, and then spent the next three years hacking their systems and getting a pat on the back when I did it.
I cracked all the passwords in my MS-DOS based computer programming class by modifying the boot floppy. It was pointless since the assignments were easy and I had perfect grades in that class, and the only thing this allowed me to do was steal other peoples' homework. But eh, boredom....
I also figured out how to auto-crawl the networks of all the schools in our district, which, as a self 15 year old whose only experience was non-networked DOS, is still a proud accomplishment. The only things I found were a bunch of printer management, some office form templates, and a cool video game that was like sim-moonbase.
But then my teacher found the file in my home dir called passwords.txt, and I was busted. Oh well. Instead of an FBI file, I got a detention, and I had to teach him how to write-protect the boot floppies so no one else could do what I had. (he didn't need to know that you could reverse the write-protection with a piece of electrical tape)
> I didn't change a thing, just LOLed and told someone
> Oh well, 2 week suspension
God damn, these idiot school people have no fucking clue that someone who points out a security flaw to you without inflicting any harm is actually doing something good, and that behavior should be encouraged and rewarded.
I had two friends that did similar in the early 2000s, except that while the school knew there was a breach, they never caught who did it. Had all student social security numbers, grades, attendance, etc pulled into a thumb drive on the school network. I imagine this happened a lot around various school districts, especially in that time when school networks were less secure.
With all the shenanigans I was into as a turn of the century high school student, I'm incredibly lucky to have never had a (known) FBI run-in.
At my first high school I was expelled for selling teachers a boot floppy that disabled the district's security software (Fortress) on their machine.
At my second high school I was busted twice, once for selling CDs with a much anticipated unreleased movie, and the second time for finding (and copying) a network share that had every student's school photo from that year before they could even purchase it.
Nevermind all the unsavory nonsense I did outside of school and was luckily never busted for.
Good times indeed. I got into similar mischief, but my school didn't really mind. I got a slap on the wrist, because they were to prestigious to court negative attention. Then I got into similar shit in college. I reported it and got lucky again. The guy in charge of their cybersecurity program invited me to take his class which was all master's students and phd candidates as a freshman. I would have bombed as it was all over my head cryptography/math, but at the time I did some extracurricular research that got me a passing grade.
Oh yes. I remember the embarrassment / horror of having the admin just creepily poking my shoulder when at the computer and gently saying: "Hey, I promise I will NOT report you for antyhing, if you just tell me what the hell you just did with our network!"
I had no idea what I had done, honestly, I just sent a large ping packet to some IRC-user. Turns out it killed some vital things in the network.
Also the admin leaving anonymous FTP enabled with write access. That was one weekend with an extreme amount of illegal stuff apparently uploaded via the schools FTP, but that was my classmate which was involved in and not me.
This was at the time when people had dial-up at home so the 256kBps connection at school was awesome.
Late 80s and my junior high school computerized attendance reporting (and some grades) through shared documents on a 'teacher' Appletalk share I had access to (because I set it up!) Well now... ;) Honestly though I never did any of that sort of thing for profit, I managed to satisfy my needs selling disks with games on them and then turning a blind eye when people were playing them during class hours (I was basically used as a free labour resource by the school so I don't feel bad about that in the slightest.) Ah, the things we did when we were teenagers...
I was punished three times for computer curiosity before I learned my lesson. No good deed goes unpunished, especially when it makes somebody powerful look bad.
Seriously, they would have deserved that the school mysteriously becomes littered with printed (or typed) sheets of paper explaining how to access the system and change everyone’s grade.
If it were me, for the second time I would have considered adding a file to everyone’s FTP account (including the admins & professors themselves) explaining how they too can escalate to root.
ouch. I once tried to grab a password file remotely that made the whole computer network crash for some reason. They found out it was me and they said, "please don't do that again." I was really lucky.
I was in junior high early 90s when I got into trouble with my school's networks. Setup was Novell Netware, DOS 6.x. I was never a Netware expert by any means, but by that time I'd been using DOS at home for quite a number of years and knew my way around pretty well. Anyways, the network crashed. I got accused of causing the crash because a teacher had seen me with "a black screen open", aka a DOS prompt. Our Netware setup didn't allow for direct DOS access; we had a limited set of DOS apps from a menu we could run. Well, among those apps was WordPerfect for DOS. There was some function key combo that'd suspend WordPerfect and dump you at a DOS command prompt (I forget the key combo, but we all had those keyboard templates at the time that listed out the various commands helpfully, right in front of you, at school, even!).
Well, being at a DOS prompt was enough circumstantial evidence for me to get suspended for a week (no FBI record, AFAIK). My parents, despite being strict, were also fair and asked me point blank, "Did you have anything to do with what you're being accused of?". Told them no, I was just at a DOS prompt (probably to play either nibbles or gorillas - those classic BASIC games). To their credit, their opinion was if I was going to serve the time, I might as well know how to do the crime (know, not actually do). I had already been tagging along to continuing education computer classes my mom was attending, but my parents started buying me more and more computer books. It got me started down the programming path. I'd already been pretty friendly with our sysadmin at school and he knew I had nothing to do with what happened and hadn't accused me, but the school needed a scape goat, and I was it. He felt bad for me and choose to help me out with my learning, too, instead of continuing the punishment. He gave me a copy of the software he used for after hours remote access over direct dialup. Think it was called Carbon Copy? It was basically just telnet over dialup that allowed me direct access to his PC on the network after hours before I even knew what telnet was. So, I'd connect after dinner and play around for hours as network admin. It wasn't multiprocessed, so I had to be patient. Typically when I'd log in, he was running a nightly backup manually that he'd kick off before he left for the night. I just had to wait for it to complete, then I could do whatever I wanted. I had full access to the grading/attendance system. I could message teachers as other teachers, etc. I could have granted admin access to anyone, but I was smart enough to never touch my own account, instead, created fake admin users and used those, instead. I'd hide files in plain sight using the ALT+255 trick to embed a nonprintable character in file/directory names. You could see them, you just couldn't directly access them without renaming them for most programs. Fun times. I never did anything destructive, though I could have easily.
Security in the 90s was a joke. They were good times, indeed :)
I continued my shenanigans into college. College was my first encounter with Windows NT networks & l0phtcrack. I remember one night, walking into my dorm room with the SAM file from a lab PC on a floppy. I popped it into my own PC, started cracking the passwords, expecting it to run all night. As I got up from my PC to head down for dinner, I was surprised to see that I'd already cracked the administrator password. It was just a 5 character password that was the building code & room number for campus IT. I already knew better than to do anything from my own PC, only ever worked from different lab PCs in different buildings and under assumed accounts. Never reported anything, either, for fear of reprisal.
> I learned my lesson to not talk about such things because their egoes were too fragile.
Yip, ego's and people talk are the downfall of many an innocent `self-education` in the area of IT security.
Post 80's and laws started to change, prior, in the UK it was theft of electricity being the only way to nail some people. Crazy fun times.
Though I do miss the old phone system per-say, outdials, wardialing, things like that, was common with many and just seemed more mysterious as you could only learn thru word of mouth or self-education as no books or internets and BBS's were not as cheap in the UK or common as we never had the official free local calls aspect as you fine folks had in the US.
Do recall a chap getting kicked out of college for doing something I'd done previously, just that he had a bigger ego and not as delicate with the power to steal the admin password. Which involved an ICL George 3 OS mainframe in the times of very large disc platters and admin console journaling that had no encryption. so they rotated discs without adding extra wear of zeroing the previous content, only the file table so you could end up with a user disc platter that had formally been used as a admin console jounal reposatory and could create files without zeroing and dump the previous contents of the disc of that way...which eventually got you the admin password.
Do recall few instances of work related cases in which I needed to do things so, kinda hacked what I needed (resourcefulness) like upon a DPS7 Honeywell mini computer in which needed the admin password to do something and nobody had it at hand at that time of night and the passowrds were kept in a file that was encrypted so I worked out the encryption key by looking at the file as was poor encryption and text files have lots of spaces so saw a pattern with the word OPERA in and tried and tada, got what I needed. The spooked admin next day wondered how I did it so I told him fully, he then went and redid the encryption and challenged me to see if that was secure, I looked at the encrypted file and kinda worked out by the patterning that it had been encrypted twice....yes with the same password OPERA only encrypted with that and then encrypted again with the same. Educational for all back then. Today, not as easy to do that, but still a great story of times of old.
My ego prevents anything else and was an ethical hacker and the 90's was an era in which, we white hats would and was the internet security, bringing down pedo's and bad actors like that that frequented some platforms with ease (looking at you AOL). So whilst illegal per-say, was case of no real official policing of such things as we do today.
But darn, some things learned and worked out, well zero day exploits back then were not as financially economical as they are today and heck, and some never really appreciated how long they would stay obscured from the wild.
I also liked hardware back then, was also fun and many a hidden switch to get a feature you would normally pay silly money for some engineer to `install` though was just some hidden switch was not that uncommon. Heck even today you get kit that is same inside with a model up just adding some small thing and example would be some Fluke multimeters that you effectively pay hundred for a small capacitor and another digit on the outer shell, is a good example current today.
Fun times indeed, but darn, goalposts always moving.
A person I know studied in East Germany in the early 80s via a very limited exchange program. After the wall came down, she requested her Stasi file.
It was fascinating what was in the file - lots of misunderstandings and misinterpretations. For example, she was upset when the Challenger exploded, and this mystified the Stasi informers who had previously identified her as a pacifist (in their minds, the Shuttle was 100% military).
Similarly, she was trying to research what happened to a relative who had remained in Germany in the late 30s, and whether she had died of natural causes or been sent to the camps. The Stasi file was filled with speculations on the details of this "sleeper agent" with whom she was trying to establish contact.
All this to say that from the mindset of a spy, everything is spy-craft. Everyone's world-view shapes their interpretation of events and reality itself. Was the shuttle a military venture? Partly. Was it also a tool for science? Yup. But the functionaries who looked at her data in the heat of the cold war certainly couldn't see those distinctions.
For what it's worth, she was able to get her Stasi file, but has never been able to get a copy of her FBI file.
This story (assuming it's true) should serve as an excellent example of why you need privacy even if you think that you don't. In peace time the NSA is only looking for "terrorist" and leaves everyone alone, but in case of war they would start creating lists for any and everything. All it takes is one "tough" agent trusting their gut feeling/algorithm based on your browsing history and shopping habits to put a target on your back and you are done.
EDIT: Replacing "if there's any truth to it" by "assuming it's true". I did not mean to imply that the author made up the whole story and thought both expressions were equivalent.
In a section headed by an anime girl, he claims to have, "figured out when and how a bunch of other fantasies got into our DNA and will shortly post an article on this web site that will explain how that happened, why it is causing modern humans to make billions of bad decisions each day, and how we and our descendants are likely to be wiped out soon unless we begin dealing with this problem in a rational way."
Then there's a weird picture of his face, which is how he thinks he'll look in 2043, when "he plans to croak at age 112".
On his bucket list page,
"My choice as a troublemaker will be to get shot in the back while running away from an jealous husband in May 2043".
Let me die a youngman's death
not a clean and inbetween
the sheets holywater death
not a famous-last-words
peaceful out of breath death
When I'm 73
and in constant good tumour
may I be mown down at dawn
by a bright red sports car
on my way home
from an allnight party
Or when I'm 91
with silver hair
and sitting in a barber's chair
may rival gangsters
with hamfisted tommyguns burst in
and give me a short back and insides
Or when I'm 104
and banned from the Cavern
may my mistress
catching me in bed with her daughter
and fearing for her son
cut me up into little pieces
and throw away every piece but one
Let me die a youngman's death
not a free from sin tiptoe in
candle wax and waning death
not a curtains drawn by angels borne
'what a nice way to go' death
>> My mother told the investigators how glad she was to get the glasses back, considering that they cost $8. The sourpuss did a slow burn, then said “Lady, this case has cost the government thousands of dollars. It has been the top priority in our office for the last eight weeks. We traced the glasses to your son from the prescription by examining the files of all optometrists in the San Diego area.” He went on to say that they had been interviewing our friends and neighbors for several weeks.
Around 1983, me and a few friends were into "war dialing". We found a bank, did about a half-day of research (default logins for popular systems used by banks), and were able to get into the system. We all got bored and stopped poking around after a day or so - we were kids, none of us understand anything about banking. But one kid continued to poke around for months, and he was making changes, too - like, creating his own "backdoor" accounts. Well, naturally we all got caught, not because of some technical task force or anything, but rather because the one kid was bragging about it on a bunch of local BBS's. Then he ratted out the rest of us.
Keep in mind this was around 1983; it was a different time - "computer crimes" didn't really exist, nor the people to investigate them. And that's basically how we all escaped any significant consequences. I was totally unaware of all this at the time, but it was explained to me later in life (by my mother, who is still bitter about it - sorry, mom; you bought me the Commodore 64! LOL) that the FBI didn't really consider it a crime because nothing was stolen. The local cops proposed "trespassing", but we never stepped foot in the bank; we didn't even know where it was.
Thankfully this was just prior to the release of "War Games". Everything changed after that movie. Law enforcement started to pay attention. There were stories about the FBI investigating kids on local BBS's, thinking they were working for the Soviet Union, trying to access military secrets or something like that.
Lesson learned: "We traced the glasses to your son from the prescription by examining the files of all optometrists in the San Diego area." - if you want your possessions found, you can either attach a note with your home address or an AirTag... or simply something _so_ sketchy that an intelligence agency delivers your stuff together with an awesome story.
A gangster was in prison, when he received a letter from his mother. "We miss you very much, and it will be hard for your father to till the garden without you." "Don't do that, that's where I buried the guns!" he wrote back. A while later he received another note: "Some men from the prison completely dug up our garden looking for those guns, but they didn't find anything." "I know, mama. It was the least I could do for you."
A friend of mine in 1997 got arrested for poking around in air force computer systems. He was charged with a felony not because he did any damage but because it cost $40k to track him down. He also had to pay that back.
"Once again, when computer crime enters the equation, circumstances seem to change. In May of 1997, Wendell Dingus was sentenced by a federal court to six months of home monitoring for computer crime activity. Among the systems he admitted to attacking were the U.S. Air Force, NASA and Vanderbilt University. What is different about this case is the court's order for Dingus to repay $40,000 in restitution to the Air Force Information Warfare Center (AFIWC) for their time and effort in helping to track him."
So... the headline invokes an inappropriate image. The author attracted the attention of the FBI in 1942, when "cryptography" meant wartime codebreaking, and his amateur cypher got lost and then found and turned in by a genuinely concerned citizen.
I mean, OK. Sure, it's bad that kids interested in math get caught up in this. But come on, it was the middle of the biggest war in history and real spies were indeed doing real work with codes like that. This says nothing about modern enforcement regimes, nor should it.
It’s sad that people on positions of authority are always paranoid someone is lying. I was recently pulled over and I was sure I hadn’t done anything and it was on a very busy highway through town and I was literally at a side road so turned off and immediately pulled over. It took seconds. The officer as he approached me put his thumb on the back of my car. From my reading they do that to leave their fingerprints if something goes wrong. He approached and said he just wanted to check if I had my license, something they are not supposed to do since it fosters racial profiling they are supposed to have a reason. But he said I noticed you don’t have an N on your car(the N indicated new drivers) and you looked a little young so wanted to check. Just a bullshit story since I am 40, had 2 teenage kids and a 6 year old in my car and enough facial hair to say I was way beyond a 5 o’clock shadow. Then he began to lecture me how when a car pulls onto a side street it makes him very suspicious. I said well I don’t want anyone getting hit from behind and he replied That he is not affraid of getting hit. All very well I am glad you are not but I had 3 kids in the car and have seen enough videos of officers getting plowed and I didn’t want to be part of that. He let me go and with that I am once again annoyed with the police. If I’ve done something ticket me I’ve never omce fought a ticket. I pay my dues. But like I say that rule is to stop racial profiling so I take it seriously.
He was able to tinker with a radio at age of 10, in 1940. I had my first electronic at 19, in 2003, growing up in India.
Today, almost anyone in the world can have access to the latest tech easily. Great minds were there and are everywhere in the world, they just didn't have access to resources. Think how fast the research monopoly of US is going to shrink.
I got a cease and desist letter from apple around the same age and see it as an achievement I want to frame in the living room (it was when the iPhone 4S and Siri was released. At the time, there was a way you could get Siri working on a jailbroken phone but required running a Siri server that scrapped keys from Apple’s servers. A lot of people were doing what I did a charging for it, so I made a free and public one. I remember the day my VPS provider sent me an email with Apple’s request to shut it down lol)
in case you're not aware, the author of this is a known (but not well-known) AI researchers from way, way back.
He invented the "finger" protocol. I chose the university I went to based on the qualitty of the plan files so in some sense, he's the reason I ended up at UCSC.
I got a CSIS record at the age of 12 for the same reason. It turned out after someone did a FOIA request that the IRC chatroom I was having some crypto fun in had a CSIS record.
Sadly after that a lot of people got spooked and I lost touch with many there. Never got to meet my friend despite living in the same city :(
As long as everyone is sharing stories, it was the late '90s in the bay area when I was in high school and poked around in our computer lab systems. Other than running Quake and Starcraft, which we were not supposed to do, it occured to me to install a keylogger on an NT4 machine that was shared by the students and our admin. After finding a stealthy keylogger, installing it and verifying it worked for capturing my own password, I went home excited and nervous. When I got into the lab the next day, I looked around for some privacy and quickly checked the logs. Imagine my satisfaction when her password fell into my lap. I remember it to this day, it was "dj3j". Those were the days, of short passwords at least. I proceeded to immediately remove the log file and keylogger and never used her password, am a white hat through and through. Hopefully she changed it by now...
[+] [-] torpid|4 years ago|reply
Oh well, 2 week suspension and kicked off the computers for less than a year. A nice conference with FBI, police, my parents, IT and school administration. Fun times.
I learned my lesson to not talk about such things because their egoes were too fragile.
When they decided to give students in their website design class ftp accounts on the district wide web/email server running an ancient version of Debian, they didn't disable the shell, just added a login script to a menu for pine, etc. for people who telnetted in, which I'm sure the sysadmin was proud of. However, a few fast CTRL-C's broke out of his script menu loop and got me a shell, and they didn't shadow protect their password files. Ran it through john the ripper and had half the district's e-mail passwords in a default dictionary file including the root pw in a few minutes. LOLed and never told anyone about that.
Good times, the 90s....
[+] [-] lokimedes|4 years ago|reply
It completely ruined my respect for authority figures. Which in retrospect has been the most valuable outcome from being the local “that kid from Wargames”
[+] [-] avgDev|4 years ago|reply
So, Costco runs AS/400 in stores, and their online store is in .Net MVC. I worked with both technologies and often have to communicate with AS/400 devs and they are close to their retirement so little fucks are given. Plus, working with DB2 is annoying in general, the .NET data provider from IBM is expensive and sucks.
Now onto the bug, when you purchased items online at a discount, you were able to return to store at a full price as their systems were not communicating that a discount was applied. I returned several items, but did not realize until I bought a laptop that was $400 off and tried returning it. I ended up calling Costco and letting them know. Unfortunately, they didn't give me any lifetime membership or a good citizen award.
If any Costco devs read this and know about this send me some love.
[+] [-] namrog84|4 years ago|reply
I like how you shared how you learned lesson to not share mischievous activities with people in the same post you then go and share more things you haven't been caught for.
This is going on your permanent school record! /s
That's great. I know even as of recent of 2021 I've seen some places that had 0 security on things.
[+] [-] andai|4 years ago|reply
A few years later, I cracked the admin password (with a Ophcrack live USB) for a silly reason: they had the machines mostly locked down, and I wanted to change the desktop background hahah. I remember being quite disappointed in the sysadmins that the admin password for all the machines in school was a common dictionary word, cracked in 30 seconds.
Oh, once I met a guy who identified as a "hacker" (in the sense of breaking into systems illegally) and he told me (then a young teen) to "have my fun" before I turned 18 and then to stop, which in retrospect was very good advice.
[+] [-] technothrasher|4 years ago|reply
At my university in the early 90s I went the white hat route and had tons of fun. I managed to convince the computing center folks to give me a student job in the Unix group, and then spent the next three years hacking their systems and getting a pat on the back when I did it.
[+] [-] knodi123|4 years ago|reply
I also figured out how to auto-crawl the networks of all the schools in our district, which, as a self 15 year old whose only experience was non-networked DOS, is still a proud accomplishment. The only things I found were a bunch of printer management, some office form templates, and a cool video game that was like sim-moonbase.
But then my teacher found the file in my home dir called passwords.txt, and I was busted. Oh well. Instead of an FBI file, I got a detention, and I had to teach him how to write-protect the boot floppies so no one else could do what I had. (he didn't need to know that you could reverse the write-protection with a piece of electrical tape)
[+] [-] dheera|4 years ago|reply
> Oh well, 2 week suspension
God damn, these idiot school people have no fucking clue that someone who points out a security flaw to you without inflicting any harm is actually doing something good, and that behavior should be encouraged and rewarded.
[+] [-] partiallypro|4 years ago|reply
[+] [-] dfgjdfgjjdfg|4 years ago|reply
At my first high school I was expelled for selling teachers a boot floppy that disabled the district's security software (Fortress) on their machine.
At my second high school I was busted twice, once for selling CDs with a much anticipated unreleased movie, and the second time for finding (and copying) a network share that had every student's school photo from that year before they could even purchase it.
Nevermind all the unsavory nonsense I did outside of school and was luckily never busted for.
[+] [-] BLKNSLVR|4 years ago|reply
If anyone else reading can learn vicariously, this line is almost universally true and manifests itself in a multitude of ways.
[+] [-] twox2|4 years ago|reply
[+] [-] sandos|4 years ago|reply
I had no idea what I had done, honestly, I just sent a large ping packet to some IRC-user. Turns out it killed some vital things in the network.
Also the admin leaving anonymous FTP enabled with write access. That was one weekend with an extreme amount of illegal stuff apparently uploaded via the schools FTP, but that was my classmate which was involved in and not me.
This was at the time when people had dial-up at home so the 256kBps connection at school was awesome.
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] empressplay|4 years ago|reply
[+] [-] 0xbadcafebee|4 years ago|reply
[+] [-] loup-vaillant|4 years ago|reply
If it were me, for the second time I would have considered adding a file to everyone’s FTP account (including the admins & professors themselves) explaining how they too can escalate to root.
[+] [-] alana314|4 years ago|reply
[+] [-] hermitdev|4 years ago|reply
Well, being at a DOS prompt was enough circumstantial evidence for me to get suspended for a week (no FBI record, AFAIK). My parents, despite being strict, were also fair and asked me point blank, "Did you have anything to do with what you're being accused of?". Told them no, I was just at a DOS prompt (probably to play either nibbles or gorillas - those classic BASIC games). To their credit, their opinion was if I was going to serve the time, I might as well know how to do the crime (know, not actually do). I had already been tagging along to continuing education computer classes my mom was attending, but my parents started buying me more and more computer books. It got me started down the programming path. I'd already been pretty friendly with our sysadmin at school and he knew I had nothing to do with what happened and hadn't accused me, but the school needed a scape goat, and I was it. He felt bad for me and choose to help me out with my learning, too, instead of continuing the punishment. He gave me a copy of the software he used for after hours remote access over direct dialup. Think it was called Carbon Copy? It was basically just telnet over dialup that allowed me direct access to his PC on the network after hours before I even knew what telnet was. So, I'd connect after dinner and play around for hours as network admin. It wasn't multiprocessed, so I had to be patient. Typically when I'd log in, he was running a nightly backup manually that he'd kick off before he left for the night. I just had to wait for it to complete, then I could do whatever I wanted. I had full access to the grading/attendance system. I could message teachers as other teachers, etc. I could have granted admin access to anyone, but I was smart enough to never touch my own account, instead, created fake admin users and used those, instead. I'd hide files in plain sight using the ALT+255 trick to embed a nonprintable character in file/directory names. You could see them, you just couldn't directly access them without renaming them for most programs. Fun times. I never did anything destructive, though I could have easily.
Security in the 90s was a joke. They were good times, indeed :)
I continued my shenanigans into college. College was my first encounter with Windows NT networks & l0phtcrack. I remember one night, walking into my dorm room with the SAM file from a lab PC on a floppy. I popped it into my own PC, started cracking the passwords, expecting it to run all night. As I got up from my PC to head down for dinner, I was surprised to see that I'd already cracked the administrator password. It was just a 5 character password that was the building code & room number for campus IT. I already knew better than to do anything from my own PC, only ever worked from different lab PCs in different buildings and under assumed accounts. Never reported anything, either, for fear of reprisal.
[+] [-] Zenst|4 years ago|reply
Yip, ego's and people talk are the downfall of many an innocent `self-education` in the area of IT security.
Post 80's and laws started to change, prior, in the UK it was theft of electricity being the only way to nail some people. Crazy fun times.
Though I do miss the old phone system per-say, outdials, wardialing, things like that, was common with many and just seemed more mysterious as you could only learn thru word of mouth or self-education as no books or internets and BBS's were not as cheap in the UK or common as we never had the official free local calls aspect as you fine folks had in the US.
Do recall a chap getting kicked out of college for doing something I'd done previously, just that he had a bigger ego and not as delicate with the power to steal the admin password. Which involved an ICL George 3 OS mainframe in the times of very large disc platters and admin console journaling that had no encryption. so they rotated discs without adding extra wear of zeroing the previous content, only the file table so you could end up with a user disc platter that had formally been used as a admin console jounal reposatory and could create files without zeroing and dump the previous contents of the disc of that way...which eventually got you the admin password.
Do recall few instances of work related cases in which I needed to do things so, kinda hacked what I needed (resourcefulness) like upon a DPS7 Honeywell mini computer in which needed the admin password to do something and nobody had it at hand at that time of night and the passowrds were kept in a file that was encrypted so I worked out the encryption key by looking at the file as was poor encryption and text files have lots of spaces so saw a pattern with the word OPERA in and tried and tada, got what I needed. The spooked admin next day wondered how I did it so I told him fully, he then went and redid the encryption and challenged me to see if that was secure, I looked at the encrypted file and kinda worked out by the patterning that it had been encrypted twice....yes with the same password OPERA only encrypted with that and then encrypted again with the same. Educational for all back then. Today, not as easy to do that, but still a great story of times of old.
My ego prevents anything else and was an ethical hacker and the 90's was an era in which, we white hats would and was the internet security, bringing down pedo's and bad actors like that that frequented some platforms with ease (looking at you AOL). So whilst illegal per-say, was case of no real official policing of such things as we do today.
But darn, some things learned and worked out, well zero day exploits back then were not as financially economical as they are today and heck, and some never really appreciated how long they would stay obscured from the wild.
I also liked hardware back then, was also fun and many a hidden switch to get a feature you would normally pay silly money for some engineer to `install` though was just some hidden switch was not that uncommon. Heck even today you get kit that is same inside with a model up just adding some small thing and example would be some Fluke multimeters that you effectively pay hundred for a small capacitor and another digit on the outer shell, is a good example current today.
Fun times indeed, but darn, goalposts always moving.
[+] [-] xjlin0|4 years ago|reply
Very fancy, everyone was using elm and you got pine.
[+] [-] stank345|4 years ago|reply
Could you please explain what this means? Googling didn't reveal much.
[+] [-] xyst|4 years ago|reply
[+] [-] fnord77|4 years ago|reply
[+] [-] democra|4 years ago|reply
And yet here we are, talking about it.
[+] [-] angst_ridden|4 years ago|reply
It was fascinating what was in the file - lots of misunderstandings and misinterpretations. For example, she was upset when the Challenger exploded, and this mystified the Stasi informers who had previously identified her as a pacifist (in their minds, the Shuttle was 100% military).
Similarly, she was trying to research what happened to a relative who had remained in Germany in the late 30s, and whether she had died of natural causes or been sent to the camps. The Stasi file was filled with speculations on the details of this "sleeper agent" with whom she was trying to establish contact.
All this to say that from the mindset of a spy, everything is spy-craft. Everyone's world-view shapes their interpretation of events and reality itself. Was the shuttle a military venture? Partly. Was it also a tool for science? Yup. But the functionaries who looked at her data in the heat of the cold war certainly couldn't see those distinctions.
For what it's worth, she was able to get her Stasi file, but has never been able to get a copy of her FBI file.
[+] [-] belval|4 years ago|reply
EDIT: Replacing "if there's any truth to it" by "assuming it's true". I did not mean to imply that the author made up the whole story and thought both expressions were equivalent.
[+] [-] nickagliano|4 years ago|reply
https://web.stanford.edu/~learnest/
http://web.stanford.edu/~learnest/bucket/
In a section headed by an anime girl, he claims to have, "figured out when and how a bunch of other fantasies got into our DNA and will shortly post an article on this web site that will explain how that happened, why it is causing modern humans to make billions of bad decisions each day, and how we and our descendants are likely to be wiped out soon unless we begin dealing with this problem in a rational way."
Then there's a weird picture of his face, which is how he thinks he'll look in 2043, when "he plans to croak at age 112".
On his bucket list page,
"My choice as a troublemaker will be to get shot in the back while running away from an jealous husband in May 2043".
Very weird stuff.
[+] [-] KineticLensman|4 years ago|reply
When I'm 73 and in constant good tumour may I be mown down at dawn by a bright red sports car on my way home from an allnight party
Or when I'm 91 with silver hair and sitting in a barber's chair may rival gangsters with hamfisted tommyguns burst in and give me a short back and insides
Or when I'm 104 and banned from the Cavern may my mistress catching me in bed with her daughter and fearing for her son cut me up into little pieces and throw away every piece but one
Let me die a youngman's death not a free from sin tiptoe in candle wax and waning death not a curtains drawn by angels borne 'what a nice way to go' death
[+] [-] scruple|4 years ago|reply
[0]: https://web.stanford.edu/~learnest/earth/fantasy.html
[1]: https://web.stanford.edu/~learnest/earth/fantasies.html
[+] [-] wfn|4 years ago|reply
It's great; it's called wit. :)
If you want a more conventional boring bio, there's https://en.wikipedia.org/wiki/Les_Earnest
[+] [-] empressplay|4 years ago|reply
[+] [-] phkahler|4 years ago|reply
Mom: "And how is that foolishness my problem?"
[+] [-] jimt1234|4 years ago|reply
Keep in mind this was around 1983; it was a different time - "computer crimes" didn't really exist, nor the people to investigate them. And that's basically how we all escaped any significant consequences. I was totally unaware of all this at the time, but it was explained to me later in life (by my mother, who is still bitter about it - sorry, mom; you bought me the Commodore 64! LOL) that the FBI didn't really consider it a crime because nothing was stolen. The local cops proposed "trespassing", but we never stepped foot in the bank; we didn't even know where it was.
Thankfully this was just prior to the release of "War Games". Everything changed after that movie. Law enforcement started to pay attention. There were stories about the FBI investigating kids on local BBS's, thinking they were working for the Soviet Union, trying to access military secrets or something like that.
[+] [-] tgsovlerkhgsel|4 years ago|reply
[+] [-] 0cVlTeIATBs|4 years ago|reply
[+] [-] spullara|4 years ago|reply
https://attrition.org/~jericho/works/security/crime_punishme...
"Once again, when computer crime enters the equation, circumstances seem to change. In May of 1997, Wendell Dingus was sentenced by a federal court to six months of home monitoring for computer crime activity. Among the systems he admitted to attacking were the U.S. Air Force, NASA and Vanderbilt University. What is different about this case is the court's order for Dingus to repay $40,000 in restitution to the Air Force Information Warfare Center (AFIWC) for their time and effort in helping to track him."
[+] [-] edzillion|4 years ago|reply
Can we just take a moment to appreciate that name?
[+] [-] ajross|4 years ago|reply
I mean, OK. Sure, it's bad that kids interested in math get caught up in this. But come on, it was the middle of the biggest war in history and real spies were indeed doing real work with codes like that. This says nothing about modern enforcement regimes, nor should it.
[+] [-] anonymousiam|4 years ago|reply
Old as it is, it seems quite relevant in our current race-obsessed culture: https://web.stanford.edu/~learnest/les/mongrel.htm
[+] [-] 14|4 years ago|reply
[+] [-] chheplo|4 years ago|reply
[+] [-] insan1d|4 years ago|reply
[+] [-] c0nsumer|4 years ago|reply
[+] [-] dekhn|4 years ago|reply
He invented the "finger" protocol. I chose the university I went to based on the qualitty of the plan files so in some sense, he's the reason I ended up at UCSC.
[+] [-] sudosysgen|4 years ago|reply
Sadly after that a lot of people got spooked and I lost touch with many there. Never got to meet my friend despite living in the same city :(
[+] [-] localhost|4 years ago|reply
[+] [-] Bootvis|4 years ago|reply
[+] [-] m4tthumphrey|4 years ago|reply
[0] https://www.youtube.com/watch?v=peBuMWtkw8s
[+] [-] ngneer|4 years ago|reply