These answers are derived from comments and information
found on registration cards from The Hacker Chronicles
Volume I as well as the many phone calls we have recieved.
Although about 99% of the cards and comments were positive
in nature, we wish to address negative aspects regardless
of the low percentage.
Comment: This has some of the same material as another cd I have
Answer : It does most definately contains much of the same material.
However, Chronicles was released first. So this is a case
of them having the same material as we do NOT the other
way around. Please keep in mind that the Hacker
Chronicles was and is the FIRST CD Rom Based product of
its kind as related to the computer/high tech
underground/security. Do not be fooled by imitations
and wanna-bees. At one time another company made an
illegal exact duplicate of THC Vol 1. Be warned that
due to a small pathing change OUR front end software
on this product will not function. We also do not provide
technical support as this is not our product.
Question: When will the next volume be out. (Not soon enough)
Answer : Subsequent volumes of The Hacker Chronicles will be
release every 1.5-2 years. Why so far apart? Well,
this material isnt just lying around and produced by
the ton on a daily basis as is the case with shareware.
As a result we do not have quarterly or bi-annual
release dates as do many shareware products. In order
to find out what the release date is of the CD you
may have now, simply look at the directories and see
what dates they contain.
Question: Why is some of the material so old.
Answer : The Hacker Chronicles is an ongoing collection.
While we do have thousands of new files on each
volume, some older files are left in place for a reason.
First The Hacker Chronicles is designed to reflect
the entire history of the computer and technical
underground. The New, The Old, and anything in
between. Many security consultants and training
facilities utilize this product and often need to
provide examples of technical flaws in there
(or anyone elses) systems. Whether its past or present
a good example is a good example. Second, while
the print/release date of a few of the files may
be older. they still contain valid technical
information. As long as even part of the material
is valid or provides a good example (of a bad example)
then it is still usefull. And of course there is the
historical perspective. We will not release another
volume until we feel that there is suffiucient NEW
material to do so. In addition while there are
hackers and fone phreaks who purchase this product
we are not here to supply material the day it hits the
street to the underground community. We would prefer
to think of this product as a training facility for
enthusiastes and professionals alike.
Question: How many files are on this disk?
Answer : Due to the frequency of this question, we have
incorperated a function similer to chkdsk (C)
that will tell you every thing you need to know
about the total size and file count right on the
menu of Volume II.
Comment : The interface (front end) software is primative.
Answer : Yes it is a little primative, thats why we have
totally rewritten the front end software (as
described in the welcome file at the top of the
index). Nearing the release date for Vol. I we
were under obligations to meet contract deadlines
with our publisher and didnt get enough time to
spruce things up both visual and functional.
This is not the case with Volume II. We spent a
lot of time attempting to bring you both the
material and the atmosphere found on underground
BBS systems. We prefer to think of it as simple
yet fast and functional, and believe you the
purchaser will be happy with the changes in
both functionality and presentation.
Over the last 13 years I have worn many hats. That of a
Phone Phreak/Hacker, Sysop of one of the oldest BBS's in the
world, and that of technical security consultant. To some there
might seem a conflict of interest in the hats I have worn. But,
my belief is that the material found in the underground computer
sub-culture of Hackers & Phone Phreaks should be considered a form
of educational service to systems designers/administrators, as
well as programmers, law enforcement and others involved in the
design, improvement, and policing of the electronic frontier.
True, there will always be that certain percentage of people
who would use this (or any other information) maliciously. It
is also my belief that these people are in the minority. These
people while usually teenagers with more ego than intellect can
if desired find the majority of this information in any library,
magazine, or newsletter already in print. Most of this style of
material doesnt originate on underground BBS's, but rather ends
up there as a compilation of like materials. However to some,
such as law enforcement for example, a threat is perceived and
derived from seeing the compilation of this style material all
in one place and accessable via computer. Just the fact that it
comes from a computer some how makes it more ominous than if read
from some obscure techno underground newsletter. This is nothing
more than a perception problem.
A case in point is the Craig Neidorf case where he was raided
and had all of his personal computer equipment taken and charged
with tens of thousands of damage and losses, because of releaseing
what was at the time 'perceived' as critical 911 services
information. Only to have the case thrown out later and discovering
the self same 911 material was available publicly (if you knew where
to look) for $30 dollars. While I personally have no great love
for Craig and was badly and unjustly chastised by him once, he still
should not have been left with the loss of thousands in personal
property/equipment, not to mention a hundred thousand (I think that
was the figure I heard quoted) in attorney's fees. This doesnt
include the hundreds of thousands in lost tax payer dollars that
were needlessly squandered on that case.
My point is that the first thing that needs done is to clean up
the problem, not the person. For example, my first major systems
consulting contract was for a long distance telco who was lossing
$450,000 a month in New York City alone. When hired, the first words
out of my mouth were 'I'm not a head hunter', as this practice would
only cost them 3-5 more dollars in investigative and legal fees in
order to aquire and prosecute for every dollar they lost in fraud.
The solution I offered was to fix the problem at its source (their
system).
After reviewing their setup from top to bottom It didnt
take long to discover their billing code/PIN structure was at the
heart of the problem. They had given a secretary a pad and pencil
and said, we need some codes, here's how many digits they need to be
so write down some and turn them in for use. In addition they were
only using 4 digit codes at the time. To make matters worse the codes
were only spaced a few digits apart thanks to the secratary who had
no idea the significance of what she was doing. All this by a branch
of what was then the 4th largest long distance company in the
country. Gross negligence at best. But, who is the first to cry foul
when their ineptitude was taken advantage of.
From someone such as myself who bore the title of Phone Phreak
proudly, this entire situation was nothing short of hilarious.
However it was quite simple to fix. I needed only apply basic
and common knowledge I had aquired from my studies around the
computer/telecomm subculture. A task that should be promoted by the
security powers that be, inorder to educate themselves, instead
of going out and hiring ex-FBI and Ex-Police officers with an
investigative/rubber hose mentality who didnt even have a true
understanding of the problem they were hired to fix, to run their
security departments. Who often like the very people they were
chasing were operating on ego rather than intellect (not to mention
authority). As potentially dangerous a combination to individual rights
enjoyed in this country as the dangers provided by the malicious types
within the computer underground itself. The point here is that
there are problems within both the law enforcement and underground.
Let me now give a couple of examples of how I used underground
experience to fix this monumental snafu. First the obvious. Myself
and a programmer friend (The Researcher) sat down and designed and
wrote software to generate a new code network which was not 4 but
but 7 digits in length, and only permitted one 'possible'
(if assigned) good code in every 10,000 possible combinations.
Ironically this software was written and tested and run on the very
BBS machine that ran what was at the time (and still is) the oldest
underground BBS in the world (P-80 Systems).
Next, knowing that computers were used to do the majority of
the code hacking at this time, it made the task simple to fix the
switching equipment. Before I tell you how this was accomplished,
a little advance training is in order. When you are dialing a number
through any phone company local or national when you do something
wrong (or even right for that matter) you get whats called a
'treatment' such as a recording or a 'fast busy' signal. With
this in mind I first had to deal with the problem of the existing
older codes that had not been converted to my 7 digit system and
were still highly open to to fraud (it takes awhile to assign
thousands of customers new codes). This was done by adding 6 new
treatment ports to the switching equipment. On the first two ports
I put ring generators (the device that provides the sound of the
phone ringing in your earpiece) to create a ring with no possible
answer situation when a bad code was dialed. Since the fraudulent
codes were being reassigned on a daily basis with new 7 digit codes
it provided a lot confusion for people still in posession of the
older 4 digit codes. they couldnt tell if it was a dead code or
the person they were calling just wasnt home, while not hampering
the legitimate customer who simply misdialed his code. On the next
2 treatment ports I placed Hayes modems, which were like the other
two ports in so much as they were a two in 6 chance of being aquired
as a treatment for a bad code being dialed. This action gave the most
effective security of the time due to the fact that people hacking via
computer relied on a modem carrier to distinguish when they had gotten
a good code. SO I GAVE THEM ONE. This made it almost impossible to
distinguish a good code from a false carrier I was sending out.
Thus making it difficult and near (but not) impossible to hack
codes from that network. It also provided nothing more than a
'hey I wonder what I did wrong' thought to a legit customer who just
misdialed and simply dials again as they normally would. Also one
of there big problems was New York City was so big, that a call to
another part of town could be long distance. New York City alone had
five area codes. This meant that by simply blocking any calls who's
area code is 'local or local long distance' I.E. in the city but a
long distance call, which they should have been doing anyway in order
not to be trafficing local calls (a big nono in the long distance world)
they could stop this problem and significantly reduce the impact of the
of the old 4 digit codes already comprimised and being used
specifically for the purpose of local calls at the same time.
Within 6 months their losses went from $450,000 a month to zero.
The net cost in equipment for switch changes, and the new code network
was about $5,000. Pennies for an operation of this size. When compared
against the hundreds of thousands in investigative and legal fee's
as well as tax dollars and additional taxation of the court system,
which is already overburdoned. How many people are not in jail and
being supported by the american tax dollar. I guess the moral to
the story is work smart not hard. Someone took the time to
trust me and to take a look at themselves and make the decision to use
the underground as a tool for solving the 'real' problem rather than
using it to track and apprehend people (which in case no one caught on,
doesnt fix the problem in the example above). At the risk of stating
the obvious, many of these people could be of great benifit to society
if properly utilized (as opposed to stigmatized). If the time was
taken to invite them in the front door, your less likely to see them
around at the back door. As a matter of fact they might be quite an
appropriate individual to protect the back door. Most of these guys
would jump at the chance.....
In closing I would like to take time to repeat the warning voiced
elsewhere on this disk, Please DO NOT attempt to use any material
found on this disk unless you are certain it is both legal and safe.
