This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
Child Child
Kevin Mitnick
Article: 7438 of alt.hackers From: umbagna0@cc.umanitoba.ca (Mad Mann) Newsgroups: alt.hackers Subject: Kevin Mitnick Date: 22 Feb 1995 19:48:24 GMT Organization: University of Manitoba Lines: 75 Approved: Hey! I butt fuck my dog. Message-ID: 3ig4e8$s9v@canopus.cc.umanitoba.ca NNTP-Posting-Host: dyn2-088.cc.umanitoba.ca X-Newsreader: WinVN 0.92.2 Status: RO
Am I the only one who thinks Tsutomu Shimomura is a bit of an ass, and not a hero for helping the FBI catch Mitnick? The press is out to make Shimomura a hero, but I mean Mitnick hacked into his supposedly secure system. Doesn't this make Mitnick one up on Shimomura? They REALLY suspected Mitnick in the first place anyways because he is so high profile. Mitnick line upon meeting Shimomura face to face for the first: "Hello, Tsutomu. I respect your skills." Aww, can we dispense with this OB Hack bullshit? It is really cutting down on the actually hacker talk/gossip that I would like to see. Anyways, I have an OB HAck food for thought thingy: OB HACK: (excerpt from conversation with anonymous hacker) > Nah.. That is nothing. I wrote a door that had a built in X-MODEM >transfer, and list of all system files. I could hunt around, and grab >any file I wanted. I could also get system info (memory installed, dos >version, etc). While it was doing this, It played the game on the sysops >screen so he would not get suspisous. Pretty neat. No one ever caught >on. Back in the good old days. Brilliant. So you were the programmer of the BBS I suppose. That has always been a sort of fantasy to do: Make some awesome BBS or other public game (say that 20 people could play over the internet, like Dragon Spires) and add cool back doors and things that would let you snoop around. Imagine this: A game over the internet using front end software. While the people play (lots are linked up to it) you can search through their HOME directories. They would be so busy playing they wouldn't notice you d-loading stuff from their system. Possible? > Imagine this: A game over the internet using front end software. While the > people play (lots are linked up to it) you can search through their HOME > directories. They would be so busy playing they wouldn't notice you > d-loading stuff from their system. Possible? > Easy. A good game is the hard part, the back door is the easy part. The game I wrote was pretty cool, it was the first game I know of to use ANSI pull down menus, and ANSI music. Hid the back door really well. You just grab data in the lag time. Any bandwidth not used by the game would be used by teh DL system. You could fill that space with random data if they are not DLing stuff to make it seem normal. > That would be THE ultimate hack, especially if no one noticed. The end user > would be a bit suspicious if he had half a brain, though. His HD would be > spinning, even if he went to the washroom for a break. He'd come back and > it would be doing drive searchs. Somehow this would have to be masked by > regular access to the HD from the front end game software, and if smartdrive > were running (ie make it a must to use the front end software) it would be > less conspicuous. > Think of it: You would be able to get the passwords and user logins from > every person, just be getting their login scripts and TCP software ini > files. Eventually you would get someone half important probably (like the > Id guys? Imagine d-loading the Quake alpha!!!) Imagine if someone was to find a way to modify the AOL or prodigy terminal system. I know Prodigy does remote updates. If someone could get into that, you could write a program that attaches itself like a virus, and patches into all the approate areas. It would have a built in list of 'hot' files to grab. It would then automaticly e-mail the contents of those files to someone. It could perform the searches when the program normally accesses the disk (just patch the read/write routines in the binary code, and after performing the intended operation, it will do a quick incremntal hunt of data.). That would be quite a hack. Too much involved, and too much could go wrong. But it is a nice idea (if you WORKED for AOL or Prodigy, it would make the task SIMPLE. You can have the program store the data on the host, and you can control the remote system directly because you would have access to the host). but oh well.. If I ever get into the BBS thing again, I might give it a shot, but since I got a internet account, haven't done a whole lot with BBS'es. That's not all of the conversation, but enough to get heckers thinking of the possibilities...
Child Child