Intoduction

The word 'hacker' is used in two different but associated

ways: for some, a hacker is merely a computer enthusiast of any kind,

who loves working with the beasties for their own sake, as opposed to

operating them in order to enrich a company or research project --or

to play games.

This book uses the word in a more restricted sense: hacking is a

recreational and educational sport. It consists of attempting to make

unauthorised entry into computers and to explore what is there. The

sport's aims and purposes have been widely misunderstood; most

hackers are not interested in perpetrating massive frauds, modifying

their personal banking, taxation and employee records, or inducing

one world super-power into inadvertently commencing Armageddon in the

mistaken belief that another super-power is about to attack it. Every

hacker I have ever come across has been quite clear about where the

fun lies: it is in developing an understanding of a system and

finally producing the skills and tools to defeat it. In the vast

majority of cases, the process of 'getting in' is much more

satisfying than what is discovered in the protected computer files.

In this respect, the hacker is the direct descendant of the phone

phreaks of fifteen years ago. Phone phreaking became interesting as

intra-nation and international subscriber trunk dialling was

introduced, but when the London-based phreak finally chained his way

through to Hawaii, he usually had no one there to speak to except the

local weather service or American Express office, to confirm that the

desired target had indeed been hit. One of the earliest of the

present generation of hackers, Susan Headley, only 17 when she began

her exploits in California in 1977, chose as her target the local

phone company and, with the information extracted from her hacks, ran

all over the telephone network. She 'retired' four years later, when

friends started developing schemes to shut down part of the phone

system.

There is also a strong affinity with program copy-protection

crunchers. Most commercial software for micros is sold in a form to

prevent obvious casual copying, say by loading a cassette, cartridge

or disk into memory and then executing a 'save' on to a

** Page VII

blank cassette or disk. Copy-protection devices vary greatly in

their methodology and sophistication and there are those who, without

any commercial motive, enjoy nothing so much as defeating them. Every

computer buff has met at least one cruncher with a vast store of

commercial programs, all of which have somehow had the protection

removed--and perhaps the main title subtly altered to show the

cruncher's technical skills--but which are then never actually used

at all.

Perhaps I should tell you what you can reasonably expect from this

handbook. Hacking is an activity like few others: it is semi-legal,

seldom encouraged, and in its full extent so vast that no individual

or group, short of an organisation like GCHQ or NSA, could hope to

grasp a fraction of the possibilities. So this is not one of those

books with titles like Games Programming with the 6502 where, if the

book is any good and if you are any good, you will emerge with some

mastery of the subject-matter. The aim of this book is merely to give

you some grasp of methodology, help you develop the appropriate

attitudes and skills, provide essential background and some

referencing material--and point you in the right directions for more

knowledge. Up to a point, each chapter may be read by itself; I have

compiled extensive appendices, containing material which will be of

use long after the main body of the text has been absorbed.

It is one of the characteristics of hacking anecdotes, like those

relating to espionage exploits, that almost no one closely involved

has much stake in the truth; victims want to describe damage as

minimal, and perpetrators like to paint themselves as heroes while

carefully disguising sources and methods. In addition, journalists

who cover such stories are not always sufficiently competent to write

accurately, or even to know when they are being hoodwink- ed. (A note

for journalists: any hacker who offers to break into a system on

demand is conning you--the most you can expect is a repeat

performance for your benefit of what a hacker has previously

succeeded in doing. Getting to the 'front page' of a service or

network need not imply that everything within that service can be

accessed. Being able to retrieve confidential information, perhaps

credit ratings, does not mean that the hacker would also be able to

alter that data. Remember the first rule of good reporting: be

sceptical.) So far as possible, I have tried to verify each story

that appears in these pages, but hackers work in isolated groups and

my sources on some of the important hacks of recent years are more

remote than I would have liked. In these

** Page VIII

cases, my accounts are of events and methods which, in all the

circumstances, I believe are true. I welcome notes of correction.

Experienced hackers may identify one or two curious gaps in the

range of coverage, or less than full explanations; you can chose any

combination of the following explanations without causing me any

worry: first, I may be ignorant and incompetent; second, much of the

fun of hacking is making your own discoveries and I wouldn't want to

spoil that; third, maybe there are a few areas which are really best

left alone.

Nearly all of the material is applicable to readers in all

countries; however, the author is British and so are most of his

experiences.

The pleasures of hacking are possible at almost any level of

computer competence beyond rank beginner and with quite minimal

equipment. It is quite difficult to describe the joy of using the

world's cheapest micro, some clever firmware, a home-brew acoustic

coupler and find that, courtesy of a friendly remote PDP11/70, you

can be playing with Unix, the fashionable multitasking operating

system.

The assumptions I have made about you as a reader are that you own a

modest personal computer, a modem and some communications software

which you know, roughly, how to use. (If you are not confident yet,

practise logging on to a few hobbyist bulletin boards.) For more

advanced hacking, better equipment helps; but, just as very tasty

photographs can be taken with snap-shot cameras, the computer

equivalent of a Hasselblad with a trolley- load of accessories is not

essential.

Since you may at this point be suspicious that I have vast

technical resources at my disposal, let me describe the kit that has

been used for most of my network adventures. At the centre is a

battered old Apple II+, its lid off most of the time to draw away the

heat from the many boards cramming the expansion slots. I use an

industry standard dot matrix printer, famous equally for the variety

of type founts possible, and for the paper-handling path, which

regularly skews off. I have two large boxes crammed full of software,

as I collect comms software in particular like a deranged

philatelist, but I use one package almost exclusively. As for

modems--well, at this point the set-up does become unconventional; by

the phone point are jack sockets for BT 95A, BT 96A, BT 600 and a

North American modular jack. I have two acoustic couplers, devices

for plunging telephone handsets into so that the computer can talk

down the line, at operating speeds of 300/300 and 75/1200. I also

have three heavy, mushroom coloured 'shoe-boxes', representing modem

technology of 4 or 5 years ago and operating at various speeds and

combinations of duplex/half- duplex. Whereas the acoustic coupler

connects my computer to the line by audio, the modem links up at the

electrical level and is more accurate and free from error. I have

access to other equipment in my work and through friends, but this is

what I use most of the time.

** Page IX

Behind me is my other important bit of kit: a filing cabinet.

Hacking is not an activity confined to sitting at keyboards and

watching screens. All good hackers retain formidable collections of

articles, promotional material and documentation; read on, and you

will see why.

Finally, to those who would argue that a hacker's handbook must be

giving guidance to potential criminals, I have two things to say:

First, few people object to the sports of clay-pigeon shooting or

archery, although rifles, pistols and crossbows have no 'real'

purpose other than to kill things--and hackers have their own code of

responsibility, too. Second, real hacking is not as it is shown in

the movies and on tv, a situation which the publication of this book

may do something to correct. The sport of hacking itself may involve

breach of aspects of the law, notably theft of electricity, theft of

computer time and unlicensed usage of copyright material; every

hacker must decide individually each instance as it arises.

Various people helped me on various aspects of this book; they

must all remain unnamed--they know who they are and that they have my

thanks.