I have somehow found myself doing a lighthearted talk on retro hacking this Wednesday. Would anyone here happen to know anything about it?
You must log in or register to comment.
Lack of knowledge was the big problem before the internet. Late 80s, early 90s.
Take Phreaking.
Dialup BBSs (1200/75, 2400 or 9600 baud) were the primary source of dodgy files that I knew of. Some would have a secret area with various texts about hacking and quasi-illegal behaviour, including pornography of all flavours and of course the anarchists’ handbook. There were a few hacking and phreaking related stuff (getting free phone calls was huge then, given the cost of online activities - blackboxing, blueboxing, etc) and often required researching the types of PBX being used until you knew more than the people employed to run the things. To get access to this you’d need to suck up to the BBS owner, or prove your worth and “I’m not a law enforcement officer, honest” credits. Vouchsafing friends and others was another way, and there was cross-checking of you by sysops talking to each other.
The security on phone systems was laughable by modern standards, but at the time it was something very strongly guarded and if you found something, you made sure it stayed private. The phone companies helped by constantly denying anything was happening, but stakes were high. Legal consequences were high, but so were the rewards if you could get free calls.
Myself, I never did, but I always wanted to. Not having my monthly phone bills of hundreds of pounds would have been really nice…
When ADSL and always-on connections became available, phreaking stopped overnight.
Back in these days you’d install your distribution and stay there until the next major release. There were no online software repositiories for updates.
And exploits were plentiful. It was an easier time if you were up for mischief.
In the late 1999+ you could sniff people’s passwords in clear text right out of the air on public WiFi networks.
tcpdump port 110and just watch them roll in.In the late 90’s you could use a floppy disk to boot nt and dump the password hashes of anybody who had logged in, then run them through a dictionary attack which would take a matter of minutes before learning that your company’s top employees used their favorite football team or cartoon character as their password without even appending some numbers to it. Dude with the football password even had the password emblazoned in his office wall.
One time in the 90’s I got to a password prompt and just held enter, an eventually was just let past the password prompt.
In X windows if you managed to kill the screensaver password entry box you were dropped back to the desktop, and people found ways to crash the screensaver by overrunning the password input buffer by pasting input repeatedly using common keyboard shortcuts.
My ISP would give you like 10 MB to build a personal website. You’d log in to the FTP server, and it would take you to your personal directory. From there, you could “cd …” and end up in the parent directory and access everybody’s data.
Target sent credit card information to the back of the store unencrypted. Bluetooth didn’t need encryption because nobody can get that close. You could stop 50% of malware by changing the name of your windows directory. Security through obscurity was believed to work, every automated oil rig in the gulf was operating in the clear even into the 2000’s.
Wild times.
A few things I remember.
Nobody sanitised their inputs.
You could get through logins by making a database query check whether 1 = 1 instead of a password. You could put JavaScript into guest book fields to redirect people to whatever crazy site you wanted.
My university lecturer told me about a well known supermarket that built a shop front. They made it in such a way that you could change the numbers before they were submitted and it wasn’t validated on the back end. So free food.
Money going online really changed the mood.
I recall a conference talk mentioning that the speaker (from a nordic country) told their friend to look at their online banking account, and then transferred them $-10. Either they were spotted or they disclosed it, I forget which, and luckily they were hired instead of jailed.
Money going online really changed the mood.
So true. Money spoils everything.
Damn
80s was all about the phones. And not much different than it is now.
If you want to know what hacking is like in the 80s watch Wargames and look up three dudes:
- Kevin Mitnick
- Mark Hess
- Katl Koch
If you want to know what hacking was like in the 90s watch Sneakers and look up
- Vladimir Levin
- Robert Tappan Morris
I dunno, having payphones on every other street corner in the 80’s-90’s can seem like a foreign concept today.
My dad and his buddy devised a plan to get unlimited calls from phone booths to abroad. They drilled a 2 Deutschmark coin and put a fishing line through it. They figured out that the coin only drops after the allotted time is up, allowing the machine for there to be credit registered. But there was nothing preventing the coin from going upwards again. So they just kept pulling it out and then inserting the coin again. And re-dialing the international number. Like some petty comic book villains.
Phone phreaking, the 80’s were so fun. Stolen AT&T calling card numbers enabled you to call long distance for free at a time when calling the next city over could cost 30 cents a minute or more (equivalent to over a buck now). Hacking people’s answering machines was pretty easy. For youngsters, this was a device hooked up to your land line phone to give you voicemail. You could listen to your messages remotely by calling it and entering a password which was very short and limited to numbers. Some had to the capability to change the message that answered the phone. That made for lots of fun
30 cents per minute in the 80’s is like a dollar per minute today, maybe more.
Not really hacking, but in the 90s you could usually just connect to a mail server and it would believe what you told it.
If you were careful you could just type an email directly: MAIL FROM, RCPT TO, etc.
I would write scripts at work to send spoof emails sometimes, you could put anything as the FROM address, like “info @ catfacts” or whatever.
Another “not really hacking” example is that when some companies first got an Internet connection, they would just allocate public IP addresses to everyone, no gateway or firewall. So you could browse any non-passworded smb shares just knowing the IP.
It’s not hacking. Most languages have the ability to send mail from any mail address. Poweshell example -
Send-MailMessage -from [email protected] -to [email protected] -subject "fuck you" -body "no really fuck you"My point was really how there was little to no verification on SMTP servers back then and that you could send mail with a simple terminal program, or, more practically, a script.
Not hacking, but using knowledge of the insecurity of SMTP servers of the time, to allow spoofing easy spoofing.
Not so easy to find SMTP servers to do that with now.
Late 80s early 90s I got into the database for our menus & recipes and changed ‘hot dog’ to ‘tibe steak smothered in underwear’ and then promptly forgot about it until one day months later with the storeroom clerk he was printing the monthly menus and inventory, lol and behold I laughed my ass off. He never even noticed because we just printed and filed the paperwork.
I also point around in areas that were ‘resteicted’ I found the ‘star wars’ game, and I would play it for hours on the midnight shift. Nothing like the old green screen games.
Insert Willem Dafoe meme Im something of a hacker myself
The connection between Cap’n Crunch, phone system hacking, and Apple is a pretty important part of early hacking history.
“Draper heard about the whistle from other phreakers. The whistle easily played at 2600Hz, the perfect tone to, in Apple Inc. [co-founder Steve Wozniak’s words], “seize a phone line.”
Huh, I had always wondered why the hacking magazine was called 2600. Guess that explains it, neat!
I met Captain Crunch around 2012, really nice and still insanely curious about phone systems.
Out of the Inner Circle covered this real well. It was a book printed in the early 80’s
You could use telnet as example of a “historic vulnerability” in your talk.
[removed my post: someone else already mentioned Captain Crunch]
Was much easier as we all used password like 123456 or our first name.
My dad’s go to from the 1980s all the way up to his death in the 2020s was “fuckme42069” . He was an OG Neckbeard.
imsosexy
In the 90’s, companies were super lax on data security, retention, and destruction. In my city we had major IT players like INTEL, HP, Motorola, etc. We would dumpster dive and find whole computers full of data and no passwords. We were after the hardware so all our friends could play Doom MP, Quake, or later Unreal Tournament… so we usually wiped them but who knows what was in those things. It was a lot of e-waste and because of divers with bad intentions, now there’s incredibly strict corporate rules about data security/destruction.
Different topic but ewaste today is absolutely insane. People throw out working post-2015 “gaming laptops” - maybe a dead battery or something equally simple to fix.
I cannot speak for other countries, but here in America, I blame the fact that once family and personal computers became a big thing they stopped teaching about them in schools.
I know I never had a single class or subject related to using a computer. They just expected us to know how to use them.
They just expected us to know how to use them.
And they still do. The “kids these days and their compyooturs” fallacy. Irks me to my core.
I was fortunate to have a middle school typing and graphic design class, and in highschool I learned hardware troubleshooting and stuff (A+ equivalent IT work)…but that “career path” of flipping computers that people downloaded the wrong screensaver on kinda died out.
Still learned a lot though! If the I.T field was still hanging out with buddies in some dungeon nobody visited, I might be in that field today lol.
Maybe I just don’t know where to look or what.
I always hear these stories but companies in my city tend to donate old machines to charities (cool if it works that way) or trade them in to their vendor or something.
I’m actually kinda afraid with all the tarrifs and crap that we’re gonna see secondhand hardware turn into speculative inflated eBay fodder because average folks can’t afford new anymore.
Still looking for this supposed mountain of <TPM 2.0 machines that are supposed to surface for next to nothing any minute now. 😅
