Copy Link
Add to Bookmark
Report
Xenon Foundation 08
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files ------*
/ \
January/1994 Issue: 8
---------------------------------------------
| The |
| Xenon Foundation Presents: |
| |
| The Beginner's Frequently Asked |
| |
| Questions |
|___________________________________________|
Written by: Erik Turbo
As always, we have encouraged others to engage in the hobby of computer
'hacking', and as of late, we felt it would be quite beneficial to those
interested in the field if we were to produce a Frequently Asked Question
(FAQ) file, covering all the 'not-so-stupid' questions some people are
afraid to ask. Since the Xenon Foundation has been in existance since
March of 1992, and are one of the most active groups in New England
we felt it would be our responsibilty to pass the information we have
learned on to others. Remember, there are no stupid questions, just
stupid answers. :-)
Q. What is hacking?
A. It has to be understood, that when asking a question as broad and far
reaching as this one, you will get different answers from just about
anyone you speak with. Our closest definition, and in the simplest terms
is:
Hackers are closely knit groups of individuals whos main goal is the
retrieval of information and knowledge from computer systems and
networks, while striving to learn as much as possible about operating
systems and their function in the process.
Q. What is the Xenon Foundation?
A. The Xenon Foundation is a group of individuals, from various locations
in the Northeast, who's purpose is to learn as much about computers,
networking, operating systems, telephone systems, and the like, from
the manipulation of security flaws in existing software. It was founded
by CopyMaster D. in early 1992, and has been under his leadership of
Erik Turbo since March of that year. We are currently one of the most
active group in the Northeastern section of the country, primarily
concentrated in the 508, 617, and 716 area codes.
Q. What does one need to be a hacker?
A. The mark of a good hacker is persistance; the mark of a great hacker
is persistance AND intelligence. In order to be successful as a hacker,
one must have a means of communication (ie: a computer, modem and
telephone line), a means of finding computers to actually hack, and an
extreemly persistant will to strive for the information and knowledge
that is stored behind the so-called locked digital doors of computer
systems. As a hacker progresses, he must also attain the fluency in
several operating systems, the ability to create and/or exploit holes in
software, stronger endurance and patience, and most important, the
stealthy ability to stay hidden from the administration.
Q. How do I find systems to hack?
A. One of the most common and time-honored methods of finding actual
computers, is to 'War Game' dial a large segment of the telephone
network. Made popular by the cult hacker movie, "War Games" in 1984,
this method is still used quite effectively today. There are several
wargame dialing programs out there on local BBS's, and it is NOT illegal
to use such methods. (yet!)
For the networks such as Sprintnet, and the Internet, there are much
quicker ways to yield results. For Sprintnet, there is a software
package called the "NUA Attacker," which will scan a wide range of
Sprintnet addresses for computers. Prehaps the easiest network of
all to obtain site names, is the Internet. You can get computer names
and associated domain-name style addresses from books relating to the
internet, e-mail messages from/to the Internet, Usenet groups, or by
huge databases actually on the internet, such as 'rs.internic.net', and
'ddn.mil.net'.
Q. What is social engineering?
A. Social Engineering is the intelligent artform (and trust me, it IS an
artform...) of getting information from people by posing as an authority
figure. This technique requires good lying skills, a complete
understanding of the information you are looking for as well as related
materials, and an authoratative persona about yourself. In applications
such as hacking, many social engineers have managed to get computer
dialup telephone numbers, and even passwords, straight from the
administration. In practicle applications, one may be able to go as far
as posing AS the administrator, while calling up various computer users,
and engineering them out of their passwords.
Q. What are the x.25 networks, and how do I gain access to them?
A. Depending on your country, the x.25 networks can be anything from
Datapac to Iberpac to BT Tymnet to Luxpac. In the United States, the two
most popular x.25 networks are Sprintnet and British Telecom Tymnet.
Regardless of which x.25 networks your town carries, they all should
have a dialup to one of these networks. The first step that you need to
take is to identify your local dialup port. You may find your local
dialup port for Sprintnet by dialing 1-800-424-9494 (2400 7E1) and
connecting. It will give you a prompt saying 'TERMINAL='. Type 'D1' for
now. It will give you an AT '@' prompt. From here, type 'C MAIL'. When
it asks for a Username, type 'PHONES'. When it asks for a password,
enter 'PHONES' again. Now, use the menus to find your local dialup.
Hangup, and then call it back locally. When you call your local dialup,
you will once again have to enter your terminal identification at the
'TERMINAL='.If you have VT100 emulation, then enter VT100 at the prompt.
Type <CR> if you don't want to use a terminal emulation, and 'D1' for
the default terminal emulation. Once again you'll be presented with a @.
This prompt lets you know you are connected to the Sprintnet PAD. PAD
stands for Packet Assembler/Disassembler. From here, you may now connect
to other machines that allow for a free remote connection. The adressing
scheme for Sprintnet is based upon what they call a Network User Address
(NUA). A computer's NUA is usually the area code (but not always) that
the computer is located in, followed by a one to four digit number.
The easiest way to find systems to connect to is to look in Phrack #42,
LOD/H Technical Journal #4, or 2600 Magazine. You could, of course scan
yourself, which is not too hard with the "NUA Attacker," a program which
is designed for a quick method of sequential scanning of certain
segments of possible addresses on Sprintnet. This program can be found
on most up-to-date hacking/phreaking (H/P) BBS's.
Another network, BT Tymnet, is run and managed by British Telecom. We
recommend against beginners using this network without authorization,
because the level of security is much higher than that on Sprintnet. It
has been said that British Telecom (BT) has the ability to conduct an
intra-network trace of their entire network, in under 5 minutes. You can
find your local access Tymnet number by dialing 1-800-462-4213. Type "o"
as your terminal identification, as that will allow a 8N1 connection to
be established.
Q. What is the Internet?
A. The Internet is a high speed network of computers linked together from
all over the world on x.500 fiber optic cables. Communications on the
Internet can, and often times do, exceed 57,600 bits per second.
Services allowing you to connect to other computers, send mail to any
network using the domain-name format, and to obtain files from other
computers are provided by the Internet. The Internet is the single
largest source for information available, and thus, an attractive
network for hackers.
Q. How do I gain access to the Internet?
A. Several years ago, when the Internet was small (compared to today), and
connecting only large universities and government computers, it used to
be almost impossible for an average hacker to gain unauthorized access
to a computer on the Internet. Now, however, times are changing, and
since the Internet has been dubbed by the media as the 'Information
Highway', thousands of computers have joined the 'net. Now, almost
every university is on the Internet, as well as businesses, military
sites, gateways onto the x.25 networks, and even some BBS's. Aside from
hacking an actual Internet site, you may actually get a legitimate
account with your local university or other Internet provider. Fee's
are usually under $60 a year, and are sometimes free from Federally
funded universities.
Internet access may also be obtained through the x.25 networks such as
Sprintnet or Tymnet. There are many computers which are connected to
the x.25 networks, as well as the Internet. It is your job to find
them, however. :-) For an hourly fee, BIX, Delphi, HoloNET, as well
as a few other commercial services, will allow Internet access from
Sprintnet/Tymnet. These systems usually have no password restrictions
at all, so if you have a list of users on any of these systems,
hacking them out is only a matter of time and persistance.
Q. What are some addresses I may want to try once I have Internet access?
A. Once you have Internet access, you may want to take some time to ensure
that you will never lose the account. Methods of protecting yourself
and gaining access to other accounts on the system you've hacked, are
all explained below. Once you are confident that you are fairly well
hidden and protected, you may want to gather information on other
computers linked to the Internet. Some of the best sources of addresses
come from the databases 'rs.internic.net', and 'ddn.mil.net'. Also, if
your system has access to GOPHER, you may want to use this in addition
to the afore mentioned methods. The one command you need if you wish to
traverse the network, is TELNET. There are others, such as RLOGIN, FTP,
and TFTP, but TELNET is the most important for your connection
purposes. If you are only familar with this command, however, please
take some time and read up on the subject. There are many BBS's that
have full text conversions of many printed books and manuals
concerning the Internet.
Miscellaneous Internet sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TELNET irc.demon.co.uk ----> IRC (Internet Relay Chat) Service. At
the 'login:' prompt, type 'irc'.
TELNET annex-mines.utah.edu ----> Anonymous TELNET site. Type 'cli'.
FTP ftp.eff.org ----> Large Computer Underground archive.
FTP cert.org ----> (C)omputer (E)mergency (R)esponse
(T)eam. This FTP service provides
warnings to administrators concerning
the latest holes that hacker's have
uncovered.
FTP netsys.com ----> Has the back issues as well as
current issues of Phrack Magazine.
FTP zero.cypher.com ----> Contains many hacking utilties. It is
operated by the Cult of the Dead Cow,
a large hacking group. (cDc)
You'll notice, once you get the hang of it, that there are hundreds of
beneficial sites out there, where you can get anything from the best
shareware, to pornography, to lyrics to almost any song in existance.
Q. How can I obtain access to a computer system?
A. Basically, persistance and the actual desire you have to get into the
computer are what counts the most. When hacking a particular system,
you should take some time to be familiar with whom you are dealing
with. Find out who they are, what they do, and why they do it. Try
and visit the physical location of your target. Search though any
trash that you may find on-site. You should now have a pretty good
idea of what you are looking for, and how to approach getting into
their computer system.
Five Steps to Hacking a Computer System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1.) Identify Your Target
2.) Find out as much as you can about their operating system. If you
know of any possible default passwords, try them. Knowing the
operating system inside and out will not only help you get in,
but it will give you the upper-hand once you're in; helping you
find the information you are looking for, quickly, efficiently,
and without being seen.
3.) If you have a list of users for that system, run through the
list using simple, guessable passwords.
4.) If they are on a network of some kind, exploit the insecurities
of that particular network. (ie: FINGER, TFTP, and Sendmail on
TCP/IP networks). If they are not on a TCP/IP network, or you
have come up empty with all of your attempts, then you may wish
to do some social engineering. Remember, if you fail at social
engineering on your first attempt, you may have ruined all
possibilities of ever getting into that computer.
5.) If all else fails, you may have to resort to brute force hacking
the known accounts. If you have a list of normal users, than
this should be time-consuming, BUT likely to work. If you do not
know of any users, than you will have to resort to hacking the
actual administration accounts. (ie: 'root' on Unix, 'SYSTEM' on
VMS). This is not likely to work, and you will most likely have
to literally try about one-hundred thousand dictionary words if
you hope to gain access. Remember, if the system administration
decides to dis-allow dictionary words as passwords, than you
will not get in with this method!
Q. What is trashing, and how is it beneficial to hacking?
A. Trashing, also known as 'bin-diving', is one of the most common ways
for hackers to gain information on a particular target. Most
businesses tend to have at least one bin at their physical location,
often times containing valuable computer printouts, employee names and
telephone numbers, dialup numbers for their computers, and sometimes
even passwords. Most smart businesses and agencies are now shredding
most of their valuable trash, to prevent such information leaking out
to the public.
Q. What exactly is brute force hacking?
A. Brute force hacking, or what I like to call 'Front Door Hacking', is
hacking an account over and over, attempting to gain access by
sequentially entering in dictionary words as possible passwords. It
has it's benefits, and always, it's drawbacks. If the system you are
hacking does allow dictionary words to be used as passwords, than
about 80% of the users WILL use dictionary words for their access
passwords. With a resonable list of users to go by, you will almost
always be able to get into a system with security such as this.
However, there are some operating systems in existance (such as VMS
and some versions of Ultrix), which will keep track of failed login
attemps, and report them to the authorized user upon login. Also, VMS
will "freeze" an account, if it the operating system detects a certain
number of failures on that one account. Another drawback is the time
factor. Even with an automated brute force hacking program it will
take many days for you to reach your goal. Brute force hacking also
creates a lot of "noise". If the administrators pay any attention to
their systems, they will notice your attempts, and will take
appropriate action to deter them. For best results, brute force
hacking a system is only wise when all other options have failed.
Q. What are some defaults to common operating systems?
A. Accounts and passwords that are shipped with the actual operating
system are what is known as 'defaults'. These accounts are set by
the company who writes the software, and usually have to be changed
by the administration once they have it completely set up. Often times
the administrators forget to change these passwords, or in some cases,
don't even know they exist. Below is a listing of all the known
default accounts and passwords that are shipped with some of the more
popular operating systems.
Note: Where a frequency is listed, the criteria is taken from what we
as a group have come across. The frequency is based on how
often the account is actually present, NOT based on how often
the account is left at the default password.
The frequencies are as follows:
100% -> Always
70% - 90% -> High
40% - 60% -> Average
20% - 30% -> Unlikely
0% - 10% -> Rare
Digital Equipment Corporation - Virtual Memory System (VMS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Recognize it by:
_______________________________________________________________________
| |
| Username: ACCOUNT1 |
| Password: <not echoed> |
| User authorization failure. |
| |
| |
| |
| Username: ACCOUNT2 |
| Password: <not echoed> |
| |
| Welcome to VAX/VMS V5.5 |
| |
| Last interactive login on Saturday, 18-DEC-1993 05:00 |
| Last non-interactive login on Thursday, 19-JUL-1990 11:27 |
| |
| $ |
|_______________________________________________________________________|
Default and Common Usernames and Passwords
Account Password Access Frequency
--------------------------------------------------------------------------
SYSTEM SYSTEM, MANAGER or OPERATOR Complete Always
FIELD FIELD, SERVICE or TEST Complete Always
SUPPORT SUPPORT or DEC Complete High
SYSMAINT SYSLIB or SYSMAINT Complete High
SYSTEST UETP or SYSTEST Complete High
SYSTEST_CLIG CLIG, SYSTEST, or TEST Complete Unlikely
DEFAULT USER or DEFAULT Normal High
DECNET DECNET, NETWORK, or DIGITAL Normal High
OPERATIONS OPERATIONS Normal High
USER USER Normal High
LIBRARY LIBRARY or None Normal Rare - High
GUEST GUEST or None Normal Unlikely
DEMO None Normal Unlikely
Miscellanous Accounts and Passwords:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Account Password Frequency
---------------------------------------------------------------
| VAX VAX Rare |
| VMS VMS Rare |
| DCL DCL Rare |
| DEC DEC Rare |
| TEST TEST Unlikely |
| NETNONPRIV NETNONPRIV Rare |
| NETPRIV NETPRIV Rare |
| ORACLE ORACLE Average |
| ALLIN1 ALLIN1 High |
| INGRES INGRES High |
| GAMES GAMES Average |
| BACKUP BACKUP High |
| HOST HOST Rare |
| DIGITAL DIGITAL Average |
| AUDITLOG AUDITLOG Rare |
| REMOTE REMOTE Rare |
| SAS SAS Rare |
| FAULT FAULT Rare |
| USERP USERP Rare |
| VISITOR VISITOR Rare |
| GEAC GEAC Rare |
| VLSI VLSI Rare |
| INFO INFO Unlikely |
| POSTMASTER POSTMASTER/MAIL Average |
| NET NET Rare |
| NETWORK NETWORK Average |
| OPERATOR OPERATOR High |
| OPER OPER High |
| HYTELNET HYTELNET Average |
| PLUTO PLUTO Unlikely |
| MMPONY MMPONY Unlikely |
|_______________________________________________________________|
Note: On the LIBRARY account, the frequency depends on the actual
site. Universities and other educational institutions are
more than likely to have a LIBRARY account on their system.
Various "Flavors" the UNIX Operating System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Recognize it by:
____________________________________________________________________
| |
| |
| ULTRIX V4.2A (Rev. 47) (xenon.xf.com) |
| |
| login: account1 |
| Password: <not echoed> |
| Login incorrect. |
| login: account2 |
| Password: <not echoed> |
| Last login: Wed Dec 15 03:01:39 from SI860B |
| |
| ULTRIX V4.2A (Rev. 47) System #4: Mon Jun 29 16:10:47 EDT 1992 |
| Thu Dec 16 14:05:05 EST 1993 |
| % |
|____________________________________________________________________|
Note: Unlike VMS, Unix does not have DEFAULT passwords. The accounts
listed below are sometimes left unpassworded, and will not even
prompt for a 'Password:' prior to logging you into a Unix shell.
If there is a password required on one of the following
accounts, than you may have to brute force hack them yourself.
Default and Common Usernames and Passwords
Account Access Level Frequency
---------------------------------------------------
root superuser Always
makefsys superuser High
mountfsys superuser High
umountfsys superuser High
checkfsys superuser High
sysadm normal High
adm normal Average
bin normal Rare
rje normal Rare
lp normal Unlikely
daemon normal Unlikely
trouble normal Unlikely
nuucp normal Unlikely
uucp normal Average
sync normal High
batch normal Unlikely
admin normal Unlikely
user normal Rare
demo normal Unlikely
test normal Rare
field normal Average
unix normal Unlikely
guest normal Average
pub normal Unlikely
public normal Unlikely
standard normal Unlikely
games normal Unlikely
general normal Unlikely
student normal Rare
help normal Rare
gsa normal Unlikely
tty normal Unlikely
lpadmin normal Unlikely
anonymous normal Unlikely
Prime Computer, Inc. PRIMOS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Recognize it by:
___________________________________________________________________
| |
| PRIMENET 20.0.0 VOID |
| login |
| User id? account1 |
| Password? <not echoed> |
| Invalid user id or password; please try again. |
| login |
| User id? account1 |
| Password? <not echoed> |
| |
| ACCOUNT1 (user 87) logged in Sunday, 22 Jan 89 16:15:40. |
| Welcome to PRIMOS version 21.0.3 |
| Copyright (c) 1988, Prime Computer, Inc. |
| Serial #serial_number (company_name) |
| Last login Wednesday, 18 Jan 89 23:37:48. |
|___________________________________________________________________|
ID Name Password Comment
-------------------------------------------------------------
PRIME PRIME
SYSTEM SYSTEM SYS1 Priorities
PRIMOS PRIMOS
ADMIN ADMIN SYS1 Priorities
RJE RJE
DEMO DEMO
GAMES GAMES
GUEST GUEST
REGIST REGIST
TEST TEST
NETMAN NETMAN
PRIRUN PRIRUN
TOOLS TOOLS
CMDNC0 CMDMNC0
TELENET TELENET Sprintnet Account
AT&T System 75's
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Recognize it by:
___________________________________________________________________
| |
| Login: account1 |
| Password: <not echoed> |
| LOGIN INCORRECT |
| Login: account1 |
| Password: <not echoed> |
| Terminal Type (513, 4410, 4425): [513] |
| |
| Copyright (c) 1986 - AT&T |
| |
| Unpublished & Not for Publication |
| |
| All Rights Reserved |
| enter command: |
|___________________________________________________________________|
Account Password Description
-----------------------------------------------------
enquiry enquirypw Read/Write Enabled
init initpw Read/Write Enabled
browse looker Read-Only.
maint rwmaint Read/Write Enabled
locate locatepw Read/Write Enabled
rcust rcustpw Read/Write Enabled
tech field Read/Write Enabled
cust custpw Read/Write Enabled
inads inads Read/Write Enabled
support supportpw Read/Write Enabled
bcim bcimpw Read/Write Enabled
Note: Depending on the System 75 you have hacked into, the account
priveleges may be different, as they are asigned priveleges
by the administration, NOT by the operating system.
Q. What are some common passwords people use?
A. The following is a listing of the passwords used by Robert Morris, Jr.,
when he hacked hundreds of I nternet computers with the now infamous
'Robert Morris Worm' that brought the Internet to an almost complete
stand-still in 1988. They are considered to be the most common
passwords for the most common users. In other words, don't expect
priveleged or security-smart people to be using these as passwords.
aaa daniel jester rascal
academia danny johnny really
ada dave joseph rebecca
adrian deb joshua remote
aerobics debbie judith rick
airplane deborah juggle reagan
albany december julia robot
albatross desperate kathleen robotics
albert develop kermit rolex
alex diet kernel ronald
alexander digital knight rosebud
algebra discovery lambda rosemary
alias disney larry roses
alpha dog lazarus ruben
alphabet drought lee rules
ama duncan leroy ruth
amy easy lewis sal
analog eatme light saxon
anchor edges lisa scheme
andy edwin louis scott
andrea egghead lynne scotty
animal eileen mac secret
answer einstein macintosh sensor
anything elephant mack serenity
arrow elizabeth maggot sex
arthur ellen magic shark
asshole emerald malcolm sharon
athena engine mark shit
atmosphere engineer markus shiva
bacchus enterprise marty shuttle
badass enzyme marvin simon
bailey euclid master simple
banana evelyn maurice singer
bandit extension merlin single
banks fairway mets smile
bass felicia michael smiles
batman fender michelle smooch
beauty fermat mike smother
beaver finite minimum snatch
beethoven flower minsky snoopy
beloved foolproof mogul soap
benz football moose socrates
beowulf format mozart spit
berkeley forsythe nancy spring
berlin fourier napoleon subway
beta fred network success
beverly friend newton summer
bob frighten next super
brenda fun olivia support
brian gabriel oracle surfer
bridget garfield orca suzanne
broadway gauss orwell tangerine
bumbling george osiris tape
cardinal gertrude outlaw target
carmen gibson oxford taylor
carolina ginger pacific telephone
caroline gnu painless temptation
castle golf pam tiger
cat golfer paper toggle
celtics gorgeous password tomato
change graham pat toyota
charles gryphon patricia trivial
charming guest penguin unhappy
charon guitar pete unicorn
chester hacker peter unknown
cigar harmony philip urchin
classic harold phoenix utility
coffee harvey pierre vicky
coke heinlein pizza virginia
collins hello plover warren
comrade help polynomial water
computer herbert praise weenie
condo honey prelude whatnot
condom horse prince whitney
cookie imperial protect will
cooper include pumpkin william
create ingres puppet willie
creation innocuous rabbit winston
creator irishman rachmaninoff wizard
cretin isis rainbow wombat
daemon japan raindrop yosemite
dancer jessica random zap
In addition to these, some of the more popular passwords are first name,
last name, middle name, licence plate number, middle initial, popular
music groups and members, and sometimes even the same as their username.
The key is to use common sense when guessing passwords. Know who your
hacking, and in your best judgement use only the passwords you think
you'll have a chance with. For instance, on newer versions of the VMS
software, passwords can be no shorter than 6 characters. And, more
ominous, many Unix and VMS systems now employ a 'non dictionary word'
password protection.
Q. What are the easiest systems for a beginning hacker to hack?
A. The easiest systems for hackers to hack, of course, are those with
weak security. Default passwords, priveleged accounts left unpassworded
or easy to guess passwords, are all marks of an insecure system, and
are best for beginners. Computers found by wargame dialing will
usually produce a rather large quantity of insecure systems.
Q. How can I meet other hackers?
A. Information exchange has always been one of the more important aspects
of the Computer Underground, therefor information is constantly being
exchanged on underground BBS's, through the IRC Service on the Internet
in digital and print magazines such as Phrack and 2600, and even
through the public USENET conferences.
Q. How can one safely hack?
A. Although there is no sure-fire method of maintaining your freedom while
hacking, there are several preventive measures that should be taken
prior to your actual hack. First, it is always wise to have all of
the data pertaining to any hacking activity encrypted on some form
of off-line storage device. If it is necessary that the data be kept
on your computer for reference purposes, than keep it encrypted when
not in use. In addition to encryption, do not keep any papers,
printouts or ANY hard coded evidence what-so-ever in the vicinity of
your computer's location. If the Secret Service were to raid your house
they will grab just about anything that so much as looks suspicious.
Next, do not post any information about your current hack on ANY
type of BBS. There are a number of informants, traders, and Federal
Agents that are currently on many hacker BBS's, posed as hackers. And
last, if you are caught, do not volunteer any information to the
authorities, unless you have consulted with your lawyer first, and
he/she is present at the time.
To prevent yourself from being caught, always try and protect yourself
with at least one outdial. These outdials are located in many places
on Sprintnet/Tymnet and on the Internet. They are modems connected to
the telephone network, that you can use to hide your actual location.
Although it is not impossible for them to still find you, it will take
a lot more time and energy. To give you a clue on how beneficial
an outdial is, take into consideration that a trace has to be authorized
by a court order from the state. This takes several weeks itself, and
a convincing case. If you have three outdial modems, each in different
states, they MUST get court orders from each state in order to continue
the backwards trace to your origin. This may take several months or
longer, depending on such factors as, financial funds of your target's
computer, desire of the administration to actually apprehend you, and
the type of telephone system you are on. (older telephone systems take
much more effort to conduct a positive trace ID). If you are lucky,
the remote system will feel the costs and time do not justify what you
are gaining from their computers, and will just revamp the security of
their computers.
Q. Where can one find outdials?
A. Outdials reside on a number of different networks. Many corporations
have actual outdial modems as one of their services. Some of these
are passworded; most are not. Some allow for local calls only; some
have no restrictions what-so-ever. There are known outdial modems on
Sprintnet, Tymnet, and the Internet.
Private Branch Exchange (PBX) systems also may be hacked and modified
to allow for an outbound extension. For more information on PBX's and
the software that controls them, read about them on popular hacking
and phreaking BBS's.
Q. What are the penalties of hacking?
A. In 1993, there were several laws passed in the state of Massachusetts
that make hacking a Federal Crime. The penalty is 11 to 13 months of
imprisonment, with an additional $250,000 fine, as well as 3 years
probation. It is the maliscious hackers that destroy and alter data
for fun/profit that have caused insane penalties such as these.
Q. And finally, is hacking unethical?
A. A question so seldom asked, yet the answer is almost always assumed.
There are ways to be ethical in hacking, and there are ways to be
unethical. The Xenon Foundation has always employed a great sense
of respect and admiration for those who have the ability to operate
large computer systems, therefor we never intentionally destroy or
harm any aspect of a computer's operating functions. Let this be
known however, that there are hackers out there who's main purpose
behind what they do is profit, and/or destruction of data. It is
not fair to class these individuals with other hackers, since the
goal is completely and utterly different. They are criminals, we
are explorers.
Note: Those who meddle with viruses, destructive trojan horse programs,
and those who's day is made when they type 'FORMAT C:' at the
local Radio Shack are NOT hackers... they are just plain ignorant
and stupid.
Final Comments --
~~~~~~~~~~~~~~~~~
This FAQ file is in no way expected to answer all of the questions and
beginning hacker may have about the digital networks around him, nor
does it imply that the Xenon Foundation has mastered all of the
digital technology represented in this file. With every answer, there
is another question... and so it goes. This is provided as a basis of
understanding some of the more basic aspects of what to expect when
dealing with hacking. This file does NOT condone system destruction,
or hacking for profits and/or personal gain!
Thanks to: The true hacking community and it's supporters
Wake up: People who think they are "Elite"
Providers: Women of all ages
Karl Kunz of Pony Express, for UUCP Internet Mail
Jolt Cola Inc., for Jolt Cola, the hacker's elixier
SmithKline Beecham Corp., for Vivarin caffeine pills
Philip Morris Inc., for Marlboro Cigarettes
Board plug: Black ICE Consortium (bic.ponyx.com) [508]/998-2400
Internet Mail: xenon@bic.ponyx.com
erikt@bic.ponyx.com
