38 comments

[ 1.5 ms ] story [ 103 ms ] thread
I grew up in the 80s and remember my first cDc exposure in the early 90s through a co-worker who showed me how to access a command line on the work computer that was used to order books . I remember being in awe of Back Orifice and many plugins that came out back then. I never embraced that life, but I still read these with nostalgia and a bit of jealousy at the technical and mental freedom the underground enjoyed (and still does).
Wow, I remember reading some of this stuff when I was younger - just checked the most recent ones. It's surprising that the tone and style is a mix of something (I perhaps a bit pretentiously feel) I grew out of over the years, and thoughtful, elegant prose.

If not anything else, it's interesting reading, which is a compliment in itself these days: http://www.cultdeadcow.com/cDc_files/cDc-0410.html

I remember seeing these guys at Defcon for the release of Back Orifice 2k. Full-on rockstars
As a 14 year old kid, I was really into that. Could you share what you saw? (Being from Europe, none of that really reached me back then )
Back orifice! I remember that around 98-99 you could do a simple scan of some dialup networks and always find around ten machines with back orifice installed. A lot of fun for person discovering the state of security of windows machines and networks...
I guess that did not last long.
I used to scan the users at IRC channels for BO (my mirc client had a plugin that did it automatically). I used to get into people's computers (so many were infected!) and checking the stuff they had in their drives... I know that is illegal, but back then the Internet was the Wild West. Among other things I remember seeing some very disturbing self portraits.... I think it was 98-99. The Internet was special back then.
(comment deleted)
(comment deleted)
Wow, now that is really a blast from the past. I'm a similar age to the guy who wrote that article and had a similar experience of trying to figure all this stuff out.

Blue Boxes (at least where I lived) no longer worked, but black boxes and red boxes worked. I don't know when blue boxes ever worked, but I have the impression it was in the seventies, or at the latest, the early eighties. A black box was a circuit you put on your line to pick up a call without dropping the voltage on the line enough for the phone company to think you'd actually answered. So, your friend could call you long-distance (even internationally) and you could talk to them without them having to pay a long distance charge. The problem was that you could always hear the ringing every few seconds in the background and their voice was attenutated. It was fun and it kinda worked, but I didn't use it that much because it was so annoying. The red box was a device for making free phone calls from pay phones. It faked the tones you inserted for a nickel, a dime, or a quarter. You could just hold it up to the speaker of a pay phone and just hit the button. I built one off a schematic I downloaded. At most pay phones it didn't work at all, but I found two that it worked at. I'd go there and call all my friends in distant states and call them for hours. Every time the operator would come on and ask for money, I'd hold up the device to the speaker and press the "quarter" button a few times.

Later I got hold of "hacking" programs for "MCI" codes and other providers. Actually, MCI was more sophisticated that most of the other providers, and quickly shut off hackers. There were a lot of other providers that weren't so smart. The way the programs worked is by dialing an 800 number, some "user ID code" and then a known modem number. If a computer answered (i.e., you got a carrier tone from a modem), you knew that the code was good. If not, you tried another code. These computer programs would just try random codes all day using a known-good modem number and then print you a list of the successful codes.

As I started to learn more about this stuff, I did crazier stuff like call all over the world. In this era of Skype it's free to call all over the world, but in 1984 placing international phone calls was really expensive. But I'd call my teenage hacker friends in England and Australia and just chat with them for hours. At retail rates, I was running up a couple of thousand dollars a month in phone charges.

Occasionally I'd hear of someone in my circle of friends getting busted in some way, but in my teenage naivete I figured it couldn't happen to me. When I was sixteen and got a driver's license, I met some of the hackers that were within driving distance. One of them got busted at his house: the police arrested him and took all his computer equipment. Since he was a minor he got off with a slap on the wrist, but he didn't get his computers back. I knew that my time was coming soon, since there were already some hints my phone line was being tapped by companies I was stealing from.

What were the hints your line was being tapped?

Did you end up in trouble?

You can do some fun stuff with SIP and the hacked up VoIP networks today. I found at least one Asterisk-based company followed 302 redirects, but didn't update the CDRs. So I could forward my phone to an expensive destination, but only hey charged for a few seconds of incoming call to my phone. An enterprising user exploited this to offer free calling to Haiti to a bunch of customers. Oops. SIP is convoluted from the parsing on up, so there's plenty of space for interesting behavior to hide. Not to mention the interactions resulting from lots of custom platform code interacting with what's traditionally considered s closed network, written by people that still have that mindset...

Of course, the stakes are higher, now. It's not hard to earn $0.30+ per minute per channel. In a day, you can earn $30k just compromising one little box and 10Mbps of bandwidth.

But it just doesn't have the same mystique and feel as old phreaking. Plus since it's just often computer hacking and fraud, and these days people are more sensitive about all that, it even feels more criminal.

> Of course, the stakes are higher, now. It's not hard to earn $0.30+ per minute per channel. In a day, you can earn $30k just compromising one little box and 10Mbps of bandwidth.

Is that from premium number dialing or something else?

With a premium number you can get the money directly. Just get a premium number and pump calls to it. But there are other legitimate destinations that are rather expensive. So you could setup shop and proxy calls to hacked boxes. But then you've gotta get customers, accept payments from them, etc. - sounds like more work.
> But there are other legitimate destinations that are rather expensive.

What would those be today? I can't see how long-distance reselling could be worth it anymore.

I built a redbox back in 96 when I was in highschool, and it worked. If I remember correctly there was only one tiny bit of soldering that had to be made to the "dialer" which you could buy at any Radioshack. Once the modification was made the button you config'd played a frequency that matched the sound of a quarter.

In a lot of older payphones if you put your ear up to the receiver and dropped a quarter in you could actually hear the same sound that the red box generated. A dime / nickle would generate a slightly different tone.

Amazing. I totally forgot about Cult of the Dead Cow. I remember reading articles on here when I was younger.

Edit: Just found this in the apps section `08-01-1998 - "Back Orifice" by Sir Dystic` - so awesome!

Back Orifice was an awesome tool.

Very fun to play pranks on less knowledgeable friends.

I even remember starting to learn Delphi 3 because I met a guy that did a similar tool called Hacker's Paradise, but was later renamed to Admin's Paradise I believe, as he realized this could be used for and sold to admins.

He was kind enough to send me the source code and give me a few tips here and there, and man, Object Oriented programming was so hard for me at the time

(comment deleted)
Not sure why cDc is on the front page on HN right now, but along the same vein, here's PLA (Phone Losers of America) and it looks like he's still going strong (even has a YouTube channel):

  http://www.phonelosers.org/
We actually used Back Orifice as a VNC solution for remote assistance.... I forget what we did to make it so it wouldn't cause outside people to poke our remote stations - changed the port number via hex editing, IIRC.

The nineties were fun.

I did something similar with a friend, it was easier than having him figure out how to configure VNC. Sometimes a "Trojan" is the solution.
And then they sold out.

CdD turned into "L0PHT Heavy Industries" (http://www.l0pht.com/), a computer security firm. That turned into "@Stake" (https://en.wikipedia.org/wiki/@stake). "@Stake" was acquired by Symantec in 2004.

That was only some CDC people. Many went on to sell out in entirely normal ways. Name me one smart hacker from the 80's or 90's that didn't get wickedly rich, and I'll show you a guy in jail. Hackers are worth money, lots of it, and experienced hackers, doubly.

Even the ones who didn't sell out got great jobs. It's just what hackers do, now. Besides, hacker groups are dead as a cultural phenomenon. Now, they're just Internet street gangs stealing credit card info and spreading trojans, instead of spreading thought crime and information.

Name me one smart hacker from the 80's or 90's that didn't get wickedly rich, and I'll show you a guy in jail.

This is a bit snipey. Plenty of us don't value cash as highly as the American culture-complex would wish us. (eg. Listened to any hip-hop recently?) Though, the majority did sell out... and pretty hard and fast, and in one direction: the US military industrial complex and its once-removed assets such as Google. (See latest Assange book if doubting...)

hacker groups are dead as a cultural phenomenon

Disagree. We've got more outcome-oriented collectives now, such as maker spaces and Github projects. This is arguably more to the point, and an efficiency improvement on idling on IRC for years on end.

"Name me one smart hacker from the 80's or 90's that didn't get wickedly rich"

Pretty much none of them got wickedly rich. For the most part, they got a decent developer-tier salary at a tech company.

The L0Pht crew produced some awesome tools as well. Anyone remember the Windows NT password decryption tool? You could do dictionary attacks or brute force (if you had the CPU power).

I still have old versions of their software on some Zip disks collecting dust somewhere :)

If anyone has the dirt on those old SW crack sites... Please share!
Moo.
At some point, we flee after Joe630 demands "hugs" from us... something he continues throughout the conference. "Touch me not, boy... I will not submit to your fondling," I tell him behind clenched teeth as I back out of the room.

"I'll only hug a man if he's buying me drinks or I'm trying to lift his wallet."

Perfect timing. Was just reminiscing on the bbs days last week and punched up the documentary 'BBS' from Jason Scott on youtube.

Good times.