_ _ _/B\_ _/W\_ (* *) Phrack #64 file 4 (* *) | - | | - | | | A brief history of the Underground scene | | | | | | | | By The Circle of Lost Hackers | | | | | | | | Duvel@phrack.org | | (____________________________________________________) --[ Contents 1. Introduction 2. The security paradox 3. Past and present Underground scene 3.1. A lack of culture and respect for ancient hackers 3.2. A brief history of Phrack 3.3. The current zombie scene 4. Are security experts better than hackers? 4.1. The beautiful world of corporate security 4.2. The in-depth knowledge of security conferences 5. Phrack and the axis of counter attacks 5.1. Old idea, good idea 5.2. Improving your hacking skills 5.3. The Underground yellow pages 5.4. The axis of knowledge 5.4.1. New Technologies 5.4.2. Hidden and private networks 5.4.3. Information warfare 5.4.4. Spying System 6. Conclusion --[ 1. Introduction "It's been a long long time, I kept this message for you, Underground But it seems I was never on time Still I wanna get through to you, Underground..." I am sure most of you know and love this song (Stir it Up). After all, who doesn't like a Bob Marley song? The lyrics of this song fit very well with my feeling : I was never on time but now I'm ready to deliver you the message. So what is this article about? I could write another technical article about an eleet technique to bypass a buffer overflow protection, how to inject my magical module in the kernel, how to reverse like an eleet or even how to make a shellcode for a not-so-famous OS. But I won't. There are some other people who can do it much better than I could. But it is the reason not to write a technical article. The purpose of this article is to launch an SOS. An SOS to the scene, to everyone, to all the hackers in the world. To make all the next releases of Phrack better than ever before. And for this I don't need a technical article. I need what I would call Spirit. Do you know what I mean by the word spirit? --[ 2. The security paradox. There is something strange, really strange. I always compare the security world with the drug world. Take the drugs world, on the one side you have all the "bad" guys: cartels, dealers, retailers, users... On the other side, you have all the "good" guys: cops, DEA, pharmaceutical groups creating medicines against drugs, president of the USA asking for more budget to counter drugs... The main speech of all these good guys is : "we have to eradicate drugs!". Well, why not. Most of us agree. But if there is no more drugs in the world, I guess that a big part of the world economy would fall. Small dealers wouldn't have the money to buy food, pharmaceutical groups would loose a big part of their business, DEA and similar agencies wouldn't have any reason to exist. All the drugs centers could be closed, banks would loose money coming from the drugs market. If you take all thoses things into consideration, do you think that governments would want to eradicate drugs? Asking the question is probably answering it. Now lets move on to the security world. On the one side you have a lot of companies, conferences, open source security developers, computer crime units... On the other side you have hackers, script kiddies, phreackers.... Should I explain this again or can I directly ask the question? Do you really think that security companies want to eradicate hackers? To show you how these two worlds are similar, lets look at another example. Sometimes, you hear about the cops arrested a dealer, maybe a big dealer. Or even an entire cartel. "Yeah, look ! We have arrested a big dealer ! We are going to eradicate all the drugs in the world!!!". And sometimes, you see a news like "CCU arrests Mafiaboy, one of the best hacker in the world". Computer crime units and DEA need publicity - they arrest someone and say that this guy is a terrorist. That's the best way to ask for more money. But they will rarely arrest one of the best hackers in the world. Two reasons. First, they don't have the intention (and if they would, it's probably to hire him rather than arrest him). Secondly, most of the Computer Crime Units don't have the knowledge required. This is really a shame, nobody is honest. Our governments claim that they want to eradicate hackers and drugs, but they know if there were no more hackers or drugs a big part of the world economy could fall. It's again exactly the same thing with wars. All our presidents claim that we need peace in the world, again most of us agree. But if there are no more wars, companies like Lockheed Martin, Raytheon, Halliburton, EADS, SAIC... will loose a huge part of their markets and so banks wouldn't have the money generated by the wars. The paradox relies in the perpetual assumption that threat is generated from abuses where in fact it might comes from inproper technological design or money driven technological improvement where the last element shadows the first. And when someone that is dedicated enough digs it, we have a snowball effect, thus every fish in the pound at one time or an other become a part of it. And as you can see, this paradox is not exclusive to the security industry/underground or even the computer world, it could be considered as the gold idol paradox but we do not want to get there. In conclusion, the security world need a reason to justify its business. This reason is the presence of hackers or a threat (whatever hacker means), the presence of an hackers scene and in more general terms the presence of the Underground. We don't need them to exist, we exist because we like learning, learning what we are not supposed to learn. But they give us another good reason to exist. So if we are "forced" to exist, we should exist in the good way. We should be well organized with a spirit that reflect our philosophy. Unfortunately, this spirit which used to characterized us is long gone... --[ 3. Past and Present Underground scene The "scene", this is a beautiful word. I am currently in a country very far away from all of your countries, but it is still an industrialized country. After spending some months in this country, I found some old-school hackers. When I asked them how the scene was in their country, they always answered the same thing: "like everywhere, dying". It's a shame, really a shame. The security world is getting larger and larger and the Underground scene is dying. I am not an old school hacker. I don't have the pretension to claim it I would rather say that I have some old-school tricks or maybe that my mind is old-school oriented, but that's all. I started to enjoy the hacking life more or less 10 years ago. And the scene was already dying. When I started hacking, like a lot of people, I have read all the past issues of Phrack. And I really enjoyed the experience. Nowadays, I'm pretty sure that new hackers don't read old Phrack articles anymore. Because they are lazy, because they can find information elsewhere, because they think old Phracks are outdated... But reading old Phracks is not only to acquire knowledge, it's also to acquire the hacking spirit. ----[ 3.1 A lack of culture and respect for ancient hackers How many new hackers know the hackers history? A simple example is Securityfocus. I'm sure a lot of you consult its vulnerabilities database or some mailing list. Maybe some of you know Kevin Poulsen who worked for Securityfocus for some years and now for Wired. But how many of you know his history? How many knew that at the beginning of the 80's he was arrested for the first time for breaking into ARPANET? And that he was arrested a lot more times after that as well. Probably not a lot (what's ARPANET after all...). It's exactly the same kind of story with the most famous hacker in the world: Kevin Mitnick. This guy really was amazing and I have a total respect for what he did. I don't want to argue about his present activity, it's his choice and we have to respect it. But nowadays, when new hackers talk about Kevin Mitnick, one of the first things I hear is : "Kevin is lame. Look, we have defaced his website, we are much better than him". This is completely stupid. They have probably found a stupid web bug to deface his website and they probably found the way to exploit the vulnerability in a book like Hacking Web Exposed. And after reading this book and defacing Kevin's website, they claim that Kevin is lame and that they are the best hackers in the world... Where are we going? If these hackers could do a third of what Kevin did, they would be considered heroes in the Underground community. Another part of the hacking culture is what some people name "The Great Hackers War" or simply "Hackers War". It happened 15 years ago between probably the two most famous (best?) hackers group which had ever existed: The Legion of Doom and Master of Deception. Despite that this chapter of the hacking history is amazing (google it), what I wonder is how many hackers from the new generation know that famous hackers like Erik Bloodaxe or The Mentor were part of these groups. Probably not a lot. These groups were mainly composed of skilled and talented hackers/phreackers. And they were our predecessor. You can still find their profiles in past issues of Phrack. It's still a nice read. Let's go for another example. Who knows Craig Neidorf? Nobody? Maybe Knight Lightning sounds more familiar for you... He was the first editor in chief of Phrack with Taran King, Taran King who called him his "right hand man". With Taran King and him, we had a lot of good articles, spirit oriented. So spirit oriented that one article almost sent him to jail for disclosing a confidential document from Bell South. Fortunately, he didn't go in jail thanks to the Electronic Frontier Foundation who preached him. Craig wrote for the first time in Phrack issue 1 and for the last time in Phrack issue 40. He is simply the best contributor that Phrack has ever had, more than 100 contributions. Not interesting? This is part of the hacking culture. More recently, in the 90's, an excellent "magazine" (it was more a collection of articles) called F.U.C.K. (Fucked Up College Kids) was made by a hacker named Jericho... Maybe some new hackers know Jericho for his work on Attrition.org (that's not sure...), but have you already taken time to check Attrition website and consult all the good work that Jericho and friends do? Did you know that Jericho wrote excellent Phrack World News under the name Disorder 10 years ago (and trust me his news were great) ? Stop thinking that Attrition.org is only an old dead mirror of web site defacements, it's much more and it's spirit oriented. Go ask Stephen Hawking if knowing the scientific story is not important to understand the scientific way/spirit... Do you think that Stephen doesn't know the story of Aristotle, Galileo, Newton or Einstein ? To help wannabe hackers, I suggest that they read "The Complete History of Hacking" or "A History of Computer Hacking" which are very interesting for a first dive in the hacking history and that can easily be found with your favorite search engine. Another good reading is the interview of Erik Bloodaxe in 1994 (http://www.eff.org/Net_culture/Hackers/bloodaxe-goggans_94.interview) where Erik said something really interesting about Phrack: "I, being so ridiculously nostalgic and sentimental, didn't want to see it (phrack) just stop, even though a lot of people always complain about the content and say, "Oh, Phrack is lame and this issue didn't have enough info, or Phrack was great this month, but it really sucked last month." You know, that type of thing. Even though some people didn't always agree with it and some people had different viewpoints on it, I really thought someone needed to continue it and so I kind of volunteered for it." It's still true... ----[ 3.2 A brief history of Phrack Let's go for a short hacking history course and let's take a look at old Phracks where people talked about the scene and what hacking is. Phrack 41, article 1: --------------------- "The type of public service that I think hackers provide is not showing security holes to whomever has denied their existence, but to merely embarrass the hell out of those so-called computer security experts and other purveyors of snake oil." This is true, completely true. This is closely related to what I said before. If there are no hackers, there are no security experts. They need us. And we need them. (We are family) Phrack 48, article 2: --------------------- At the end of this article, there is the last editorial of Erik Bloodaxe. This editorial is excellent, everyone should read it. I will just reproduce some parts here: "... The hacking subculture has become a mockery of its past self. People might argue that the community has "evolved" or "grown" somehow, but that is utter crap. The community has degenerated. It has become a media-fueled farce. The act of intellectual discovery that hacking once represented has now been replaced by one of greed, self-aggrandization and misplaced post-adolescent angst... If I were to judge the health of the community by the turnout of this conference, my prognosis would be "terminally ill."..." And this was in 1996. If we ask to Erik Bloodaxe now what he thinks about the current scene, I'm pretty sure he would say something like: "irretrievable" or "the hacking scene has reached a point of no return". "...There were hundreds of different types of systems, hundreds of different networks, and everyone was starting from ground zero. There were no public means of access; there were no books in stores or library shelves espousing arcane command syntaxes; there were no classes available to the layperson. ..." Have you ever heard of a "hackademy"? Nowadays, if you want to be a hacker it's really easy. Just go to a hacker school and they will teach you some of the more eleet tricks in the world. That's the new hacker way. "Hacking is not about crime. You don't need to be a criminal to be a hacker. Hanging out with hackers doesn't make you a hacker any more than hanging out in a hospital makes you a doctor. Wearing the t-shirt doesn't increase your intelligence or social standing. Being cool doesn't mean treating everyone like shit, or pretending that you know more than everyone around you." So what is hacking? My point of view is that hacking is a philosophy, a philosophy of life that you can apply not only to computers but to a lot of things. Hacking is learning, learning computers, networks, cryptology, telephone systems, spying system and agencies, radio, what our governments hide... Actually all non-conventional subjects or what could also be called a third eye view of the context. "There are a bunch of us who have reached the conclusion that the "scene" is not worth supporting; that the cons are not worth attending; that the new influx of would-be hackers is not worth mentoring. Maybe a lot of us have finally grown up." Here's my answer to Erik 10 years later: "No Eric, you hadn't finally grown up, you were right." Erik already sent an SOS 10 years ago and nobody heard it. Phrack 50, article 1: --------------------- "It seems, in recent months, the mass media has finally caught onto what we have known all along, computer security _IS_ in fact important. Barely a week goes by that a new vulnerability of some sort doesn't pop up on CNN. But the one thing people still don't seem to fathom is that _WE_ are the ones that care about security the most... We aren't the ones that the corporations and governments should worry about... We are not the enemy." No, we are not the enemy. But a lot of people claim that we are and some people even sell books with titles like "Know your enemy". It's probably one of the best ways to be hated by a lot of hackers. Don't be surprised if there are some groups like PHC appearing after that. Phrack 55, article 1: --------------------- Here I will show you the arrogance of the not-so-far past editor, answering some comments: "...Yeah, yeah, Phrack is still active you may say. Well let me tell you something. Phrack is not what it used to be. The people who make Phrack are not Knight Lightning and Taran King, from those old BBS days. They are people like you and me, not very different, that took on themselves a job that it is obvious that is too big for them. Too big? hell, HUGE. Phrack is not what it used to be anymore. Just try reading, let's say, Phrack 24, and Phrack 54..." And the editor replied (maybe Route): "bjx of "PURSUiT" trying to justify his `old-school` ezine. bjx wrote a riveting piece on "Installing Slackware" article. Fear and respect the lower case "i"". This is a perfect example of how the Underground scene has grown up in the last few years. We can interpret editor's answer like "I'm writing some eleet articles and not you, so I don't have to take into consideration your point of view". But it was a really pertinent remark. Phrack 56, article 1: ------------------------------ Here is another excellent example to show you the arrogance of the Underground scene. Again, it's an answer to a comment from someone: "...IMHO it hasn't improved. Sure, some technical aspects of the magazine have improved, but it's mostly a dry technical journal these days. The personality that used to characterize Phrack is pretty much non-existant, and the editorial style has shifted towards one of `I know more about buffer overflows than you` arrogance. Take a look at the Phrack Loopback responses during the first 10 years to the recent ones. A much higher percentage of responses are along the lines of `you're an idiot, we at Phrack Staff are much smarter than you.`..." And the reply: " - Trepidity apparently still bitter at not being chosen as Mrs. Phrack 2000." IMHO, Trepidity's remark was probably the best remark for a long long time. Let's stop this little history course. I have showed you that I'm not alone in my reflection and that there is something wrong with the current disfunctional scene. Some people already thought this 10 years ago and I know that a lot of people are currently thinking exactly the same thing. The scene is dying and its spirit is flying away. I'm not Erik Bloodaxe, I'm not Voyager or even Taran King ... I'm just me. But I would like to do something like 15 years ago, when the word hacking was still used in the noble sense. When the spirit was still there. We all need to react together or the beast will eat whats left of the spirit. ----[ 3.3 The current zombie scene "A dead scene whose body has been re-animated but whose the spirit is lacking". I'm not really aware of every 'groups' in the world. Some people are much more connected than me. And to be honest, I knew the scene better 5 years ago than I do now. But I will try to give you a snapshot of what the current scene is. Forgive me in advance for the groups that I will forget, it's really difficult to have an accurate snapshot. The best way to have a snapshot of the current scene is probably to use an algorithm like HITS which allow to detect a web community. But unfortunately I don't have time to implement it. So the current scene for me is like a pyramid and it's organized like secret societies. I would like to split hackers groups in 3 categories. In order to not give stupid names to these groups I will call them layer 1 group, layer 2 group and layer 3 group. In the layer 1, 5 years ago, you had some really "famous" groups which were, I think, composed of talented people. I will split this layer into two categories: front-end groups and back-end groups. Some of the groups I called front-end are: TESO, THC, w00w00, Phenoelit or Hert. Back-end groups include ADM, Synergy, ElectronicSouls or Devhell. And you also have PHC that you can include in both categories (you know guys you have your entry in Wikipedia!). And at the top of that (but mainly at the top of PHC) you had obscure/eleet groups like AB. In the layer 2, I would like to include a lot of groups of less scale but I think which are trying to do good stuff. Generally, these groups have no communication with layer 1 groups. These groups are: Toxyn, Blackhat.be, Netric, Felinemenace, S0ftpj (nice mag), Nettwerked (congratulation for the skulls image guys!), Moloch, PacketWars, Eleventh Alliance, Progenic, HackCanada, Blacksecurity, Blackclowns or Aestetix. You can still split these groups into two categories, front-end and back-end. Back-end are Toxyn or Blackat.be, others probably front-end. Beside these groups, you have a lot of wannabe groups that I'd like to include in layer 3, composed of new generation of hackers. Some of these groups are probably good and I'm sure that some have the good hacking spirit, but generally these groups are composed of hackers who learned hacking in a school or by reading hackers magazine that they find in library. When you see a hacker arrested in a media, he generally comes from one of these unknown groups. 20 years ago, cops arrested hackers like Kevin Mitnick (The Condor), Nahshon Even-Chaim (Phoenix, The Realm), Mark Abene (Phiber Optik, Legion of Doom) or John Lee (Corrupt, Master of Deception), now they arrest Mafia Boy for a DDOS... There are also some (dead) old school groups like cDc, Lopht or rhino9, independent skilled guys like Michal Zalewski or Silvio Cesare, research groups like Lsd-pl and Darklab and obscure people like GOBBLES, N3td3v or Fluffy Bunny :-) And of course, I don't forget people who are not affiliated to any groups. You can also find some central resources for hackers or phreackers like Packetstorm or Phreak.org, and magazine oriented resources like Pull the Plug or Uninformed. In this wonderful world, you can find some self proclaimed eleet mailing list like ODD. We can represent all these groups in a pyramid. Of course, this pyramid is not perfect. So don't blame me if you think that your groups is not in the good category, it's just a try. The Underground Pyramid _ / \ / \ / \ / \ / \ <-- More eleet hackers in / \ / \ the world. Are you in? / -(o)- \ / / \ \ / \ / \ /_____________________\ / \ <-- skilled hackers / AB, Fluffy Bunny, ... \ hacking mainly /___________________________\ for fun / | | | \ / PHC | TESO | ADM | cDc \ <-- Generally / EL8 | THC | Synergy | Lopht \ excellent skills / GOBBLES| WOOWOO| Devhell | rhino9 \ some groups have / ... | ... | ... | .... \ the good spirit /_______________________________________\ / | \ / Blackhat.be | HackCanada \ <-- good skills, / Toxyn | Felinemenace \ some are / ... | Netric \ very / | ... \ original /___________________________________________________\ / \ / WANABEE GROUPS \ <-- newbies /_________________________________________________________\ / \ <-- info / Resources: 2600,Phrack, PacketStorm, Phreak.org, Uniformed, \ for / PTP, ... \ all /_________________________________________________________________\ All of these people make up the current scene. It's a big mixture between white/gray/black hats, where some people are white hat in the day and black hat at night (and vice-versa). Sometimes there are communication between them, sometimes not. I also have to say that it's generally the people from layer 1 groups who give talks to security conferences around the world... It's really a shame that PHC is probably the best ambassador of the hacking spirit. Their initiative was great and really interesting. Moreover they are quite funny. But IMHO, they are probably a little too arrogant to be considered like an old spirit group. Actually, the bad thing is that all these people are more or less separate and everyone is fighting everyone else. You can even find some hackers hacking other hackers! Where is the scene going? Even if you are technically very good, do you have to say to everyone that you are the best one and naming others as lamerz? The new hacker generation will never understand the hacking spirit with this mentality. Moreover the majority of hackers are completely disinterested by alternate interesting subjects addressed for example in 2600 magazine or on Cryptome website. And this is really a shame because these two media are publishing some really good information. Most hackers are only interested by pure hacking techniques like backdooring, network exploitation, client vulnerabilities... But for me hacking is closely related to other subjects like those addressed on Cryptome website. For example the majority of hackers don't know what SIPRnet is. There is only one reference in Phrack, but there are several articles about SIPRnet in 2600 magazine or on Cryptome website. When I want to discuss about all these interesting subjects it's really difficult to find someone in the scene. And to be honest the only people that I can find are people away from the scene. The majority of hackers composing the groups I mentioned above are not interested by these subjects (as far as I know). Old school hackers in 80's or 90's were more interested by alternated subjects than the new generation. In conclusion, firstly we have to get back the old school hacking spirit and afterwards explain to the new generation of hackers what it is. It's the only way to survive. The scene is dying but I won't say that we can't do anything. We can do something. We must do something. It's our responsibility. --[ 4 Are security experts better than hackers? STOP!!!!! I do not want to say that security experts are better than hackers. I don't think they are, but to be honest it's not really important. It's nonsense to ask who is better. The best guy, independent from the techniques he used, is always the most ingenious. But there are two points that I would like to develop. ----[ 4.1 The beautiful world of corporate security I met a really old school hacker some months ago, he told me something very pertinent and I think he was right. He told me that the technology has really changed these last years but that the old school tricks still work. Simply because the people working for security companies don't really care about security. They care more about finding a new eleet technique to attack or defend a system and presenting it to a security conference than to use it in practice. So Underground, we have a problem. A major problem. 15 years ago, there were a lot of people working for the security industry. At times, there also were a lot of people working in what I will call the Underground scene. No-one can estimate the percentage in each camp, but I would say it was something like 60% working in security and 40% working in the Underground scene. It was still a good distribution. Nowadays, I'm not sure it's still true. A better estimation should be 80/20 orientated to security or maybe even worse... There are increasingly more and more people working for the security world than for the Underground scene. Look at all these "eleet" security companies like ISS, Core Security, Immunity, IDefense, eEye, @stake, NGSSoftware, Checkpoint (!), Counterpane, Sabre Security, Net-Square, Determina, SourceFire...I will stop here otherwise Google will make some publicity for these companies. All these security companies have hired and still hire some hackers, even if they will say that they don't. Sometimes, they don't even know they hired a hacker. How many past Phrack writers work for these companies? My guess is a lot, really a lot. After all, you can't stop a hacker if you have never been one... You'll tell me: "that's normal, everyone has to eat". Yeah, that's true. Everyone has to eat. I'm not talking about that. What I don't like (even if we do need these good and bad guys) is all the stuff around the security world: conferences, (false) alerts, magazines, mailing lists, pseudo security companies, pseudo security websites, pseudo security books... Can you tell me why there is so much security related stuff and not so much Underground related stuff? --[ 4.2 The in-depth knowledge of security conferences If you have a look at all the topics addressed in a security conference, it's amazing. Take the most famous conferences: *Blackhat, *SecWest or even Defcon (I mention only marketing conferences, there are others good conferences that are less corporate/business oriented like CCC, PH neutral, HOPE or WTH). Now look at the talks given by the speakers, they're really good. When I went to a security conference 5 years ago it was so funny, I was saying to my friends: "these guys are 5 years late". It was true then but I think it's not true anymore. They are probably still late, but not as late as they were. But the most relevant point for me is that recently there have been a lot of very interesting subjects. OK not everything was interesting - there were some shit subjects too. What I would consider as interesting subjects are those related to new technologies (VOIP, WEB 2.0, RFID, BlackBerry, GPS...) or original topics like hardware hacking, BlackOps, agency relationships, SE story, bioinfo attack, nanotech, PsyOp... What the Fuck ?!#@?! 10 years ago, all the original topics were released in an Underground magazine like Phrack or 2600. Not in a security conference where you have to pay more than $1000. This is not my idea of what hacking should be. Do you really need publicity like this to feel good? This is not hacking. I'm not talking here about the core but the form. When I'm coding something at home all night and in the morning it works, it's really exciting. And I don't have to say to everyone "look at what I did!". Especially not in public where people have to pay more than $1000 to hear you. Another incredible thing about these security conferences is what I would call the "conference circuit". Nowadays, if you are a security expert, the trend is to give the same talk at different security conferences around the world. More than 50% of all security experts are doing this. They go in America at BlackHat, Defcon and CanSecWest, after they move in Europe and they finish in Asia or Australia. They can even do BlackHat America, BlackHat Europe and BlackHat Asia! Like Roger Federer or Tiger Woods, they try to do the Grand Slam! So you can find a conference given in 2007 which is more or less the same than one in 2005. Thus it seems we have now a new profession in our wonderful security world: "conferences runner" ! Last funny thing is the number of conferences that I will include in the category "How to hack the system XXX". For example at the last Blackhat USA there was a conference on how to hack an embedded device, for example printers and copiers. Despite the fact that it's interesting (collecting document printed), what I find funny is the fact that you just have to hack a non conventional device to be at Blackat or Defcon. So, I will give some good advice to hackers who want to become famous: try to hack the coffee machine used by the FBI or the embedded device used by the lift of the Pentagon and everyone will see you as a hero or a terrorist (thats context based). --[ 5. Phrack and the axis of counter-attack Now that I have given you an overview of the security world, let's try to see how we can change it. There are two possibilities here. The first one is this:- I say to you "OK now that you really understand the problem, it's definitely time to change our mentality. This is the new mind set that we have to adopt". It's a little bit pretentious to say this though. Nobody can solve the problem alone and pretend to bring the good solution. So I guess that the first possibility won't work. People will agree but nobody will do anything. The second possibility is to start with Phrack. All the people who make up The Circle of Lost Hackers agree that Phrack should come back to its past style when the spirit was present. We really agree with the quote above which said that Phrack is mainly a dry technical journal. It's why we would like to give you some idea that can bring back to Phrack its bygone aura. Phrack doesn't belong to a group a people, Phrack belongs to everyone, everyone in the Underground scene who want to bring something for the Underground. After all, Phrack is a magazine made by the community for the community. We would like to invite everyone to give their point of view about the current scene and the orientation that Phrack should take in the future. We could compile a future article with all your ideas. ----[ 5.1. Old idea, good idea If you take a look at the old Phrack, there are some recurring articles : * Phrack LoopBack * Line noise * Phrack World News * Phrack Prophiles * International scenes Here's something funny about Phrack World News, if you take a look at Phrack 36 it was not called "Phrack World News" but instead it was "Elite World News"... So, all these articles were and are interesting. But in these articles, we would like to resuscitate the last one: "International scenes". A first essay is made in this issue, but we would like people to send us a short description of their scene. It could be very interesting to have some descriptions of scenes that are not common, for example the China scene, the Brazilian scene, the Russian scene, the African scene, the Middle East scene... But of course we are also interested in the more classic scenes like Americas, GB, France, Germany, ... Everything is welcome, but hackers all over the world are not only hackers in Europe-Americas, we're everywhere. And when we talk about the Underground scene, it should include all local scenes. ----[ 5.2. Improving your hacking skills Here we would like to start a new kind of article. An article whose purpose is to give to the new generation of hackers some different little tricks to hack "like an eleet". This article will be present in every new issue (at least until it's dead ... we hope not soon). The idea is to ask to everyone to send us their tricks when they hack something (it could be a computer or not). The tricks should be explained in no more than 30 lines, and it could even be one line. It could be an eleet trick or something really simple but useful. Example: An almost invisible ssh connection ---------------------------------- In the worse case if you have to ssh on a box, do it every time with no tty allocation ssh -T user@host If you connect to a host with this way, a command like "w" will not show your connection. Better, add 'bash -i' at the end of the command to simulate a shell ssh -T user@host /bin/bash -i Another trick with ssh is to use the -o option which allow you to specify a particular know_hosts file (by default it's ~/.ssh/know_hosts). The trick is to use -o with /dev/null: ssh -o UserKnownHostsFile=/dev/null -T user@host /bin/bash -i With this trick the IP of the box you connect to won't be logged in know_hosts. Using an alias is a good idea. Erasing a file -------------- In the case of you have to erase a file on a owned computer, try to use a tool like shred which is available on most of Linux. shred -n 31337 -z -u file_to_delete -n 31337 : overwrite 313337 times the content of the file -z : add a final overwrite with zeros to hide shredding -u : truncate and remove file after overwriting A better idea is to do a small partition in RAM with tmpfs or ramdisk and storing all your files inside. Again, using an alias is a good idea. The quick way to copy a file ---------------------------- If you have to copy a file on a remote host, don't bore yourself with an FTP connection or similar. Do a simple copy and paste in your Xconsole. If the file is a binary, uuencode the file before transferring it. A more eleet way is to use the program 'screen' which allows copying a file from one screen to another: To start/stop : C-a H or C-a : log And when it's logging, just do a cat on the file you want to transfer. Changing your shell ------------------- The first thing you should do when you are on an owned computer is to change the shell. Generally, systems are configured to keep a history for only one shell (say bash), if you change the shell (say ksh), you won't be logged. This will prevent you being logged in case you forget to clean the logs. Also, don't forget 'unset HISTFILE' which is often useful. Some of these tricks are really stupid and for sure all old school hackers know them (or don't use them because they have more eleet tricks). But they are still useful in many cases and it should be interesting to compare everyone's tricks. ----[ 5.3. The Underground yellow pages Another interesting idea is to maintain a list of all the interesting IP ranges in the world. This article will be called "Meaningful IP ranges". We have already started to scan all the class A and B networks. What is really interesting is all the IP addresses of agencies which are supposed to spy us. Have a look at this site: http://www.milnet.com/iagency.htm However we don't have to focus our list on agencies, but on everything which is supposed to be the power of the world. It includes: * All agencies of a country (China, Russia, UK, France, Israel...) * All companies in a domain, for example all companies related to private secret service or competitive intelligence or financial clearing or private army (dyncorp, CACI, MPRI, Vinnel, Wackenhut, ...) * Companies close to government (SAIC, Dassault, QinetiQ, Halliburton, Bechtel...) * Spying business companies (AT&T, Verizon, VeriSign, AmDocs, BellSouth, Top Layer Networks, Narus, Raytheon, Verint, Comverse, SS8, pen-link...) * Spoken Medias (Al Jazeera, Al Arabia, CNN, FOX, BBC, ABC, RTVi, ...) * Written Medias or press agencies (NY/LA Times, Washington Post, Guardian, Le monde, El Pais, The Bild, The Herald, Reuters, AFP, AP, TASS, UPI...) * All satellite maintainers (Intelsat, Eurosat, Inmarsat, Eutelsat, Astra...) * Suspect investment firms (Carlyle, In-Q-Tel...) * Advanced research centers (DARPA, ARDA/DTO, HAARP...) * Secret societies, fake groups and think-tanks (The Club of Rome, The Club of Berne, Bilderberg, JASON group, Rachel foundation, CFR, ERT, UNICE, AIPAC, The Bohemian Club, Opus Dei, The Chatman House, Church of Scientology...) * Guerilla groups, rebels or simply alternative groups (FARC, ELN, ETA, KKK, NPA, IRA, Hamas, Hezbolah, Muslim Brothers...) * Ministries (Defense, Energy, State, Justice...) * Militaries or international polices (US Army, US Navy, US Air Force, NATO, European armies, Interpol, Europol, CCU...) * And last but not least: HONEYPOT! It's obvious that not all ranges can be obtained. Some agencies are registered under a false name in order to be more discrete (what about ENISA, the European NSA?), others use some high level systems (VPN, tor ...) on top of normal networks or simply use communication systems other than the Internet. But we would like to keep the most complete list we can. But for this we need your help. We need the help of everyone in the Underground who is ready to share knowledge. Send us your range. We started to scan the A and B range with a little script we made, but be sure that the more interesting range are in class C. Here is a quick start of the list : 11.0.0.0 - 11.255.255.255 : DoD Network Information Center 144.233.0.0 - 144.233.255.255 : Defense Intelligence Agency 144.234.0.0 - 144.234.255.255 : Defense Intelligence Agency 144.236.0.0 - 144.236.255.255 : Defense Intelligence Agency 144.237.0.0 - 144.237.255.255 : Defense Intelligence Agency 144.238.0.0 - 144.238.255.255 : Defense Intelligence Agency 144.239.0.0 - 144.239.255.255 : Defense Intelligence Agency 144.240.0.0 - 144.240.255.255 : Defense Intelligence Agency 144.241.0.0 - 144.241.255.255 : Defense Intelligence Agency 144.242.0.0 - 144.242.255.255 : Defense Intelligence Agency 162.45.0.0 - 162.45.255.255 : Central Intelligence Agency 162.46.0.0 - 162.46.255.255 : Central Intelligence Agency 130.16.0.0 - 130.16.255.255 : The Pentagon 134.11.0.0 - 134.11.255.255 : The Pentagon 134.152.0.0 - 134.152.255.255 : The Pentagon 134.205.0.0 - 134.205.255.255 : The Pentagon 140.185.0.0 - 140.185.255.255 : The Pentagon 141.116.0.0 - 141.116.255.255 : Army Information Systems Command-Pentagon 6.0.0.0 - 6.255.255.255 : DoD Network Information Center 128.20.0.0 - 128.20.255.255 : U.S. Army Research Laboratory 128.63.0.0 - 128.63.255.255 : U.S. Army Research Laboratory 129.229.0.0 - 129.229.255.255 : United States Army Corps of Engineers 131.218.0.0 - 131.218.255.255 : U.S. Army Research Laboratory 134.194.0.0 - 134.194.255.255 : DoD Network Information Center 134.232.0.0 - 134.232.255.255 : DoD Network Information Center 137.128.0.0 - 137.128.255.255 : U.S. ARMY Tank-Automotive Command 144.252.0.0 - 144.252.255.255 : DoD Network Information Center 155.8.0.0 - 155.8.255.255 : DoD Network Information Center 158.3.0.0 - 158.3.255.255 : Headquarters, USAAISC 158.12.0.0 - 158.12.255.255 : U.S. Army Research Laboratory 164.225.0.0 - 164.225.255.255 : DoD Network Information Center 140.173.0.0 - 140.173.255.255 : DARPA ISTO 158.63.0.0 - 158.63.255.255 : Defense Advanced Research Projects Agency 145.237.0.0 - 145.237.255.255 : POLFIN ( Ministry of Finance Poland) 163.13.0.0 - 163.32.255.255 : Ministry of Education Computer Center Taiwan 168.187.0.0 - 168.187.255.255 : Kuwait Ministry of Communications 171.19.0.0 - 171.19.255.255 : Ministry of Interior Hungary 164.49.0.0 - 164.49.255.255 : United States Army Space and Strategic Defense 165.27.0.0 - 165.27.255.255 : United States Cellular Telephone 152.152.0.0 - 152.152.255.255 : NATO Headquarters 128.102.0.0 - 128.102.255.255 : NASA 128.149.0.0 - 128.149.255.255 : NASA 128.154.0.0 - 128.154.255.255 : NASA 128.155.0.0 - 128.155.255.255 : NASA 128.156.0.0 - 128.156.255.255 : NASA 128.157.0.0 - 128.157.255.255 : NASA 128.158.0.0 - 128.158.255.255 : NASA 128.159.0.0 - 128.159.255.255 : NASA 128.161.0.0 - 128.161.255.255 : NASA 128.183.0.0 - 128.183.255.255 : NASA 128.217.0.0 - 128.217.255.255 : NASA 129.50.0.0 - 129.50.255.255 : NASA 153.31.0.0 - 153.31.255.255 : FBI Criminal Justice Information Systems 138.137.0.0 - 138.137.255.255 : Navy Regional Data Automation Center 138.141.0.0 - 138.141.255.255 : Navy Regional Data Automation Center 138.143.0.0 - 138.143.255.255 : Navy Regional Data Automation Center 161.104.0.0 - 161.104.255.255 : France Telecom R&D 161.105.0.0 - 161.105.255.255 : France Telecom R&D 161.106.0.0 - 161.106.255.255 : France Telecom R&D 159.217.0.0 - 159.217.255.255 : Alcanet International (Alcatel) 158.190.0.0 - 158.190.255.255 : Credit Agricole 158.191.0.0 - 158.191.255.255 : Credit Agricole 158.192.0.0 - 158.192.255.255 : Credit Agricole 165.32.0.0 - 165.48.255.255 : Bank of America 171.128.0.0 - 171.206.255.255 : Bank of America 167.84.0.0 - 167.84.255.255 : The Chase Manhattan Bank 159.50.0.0 - 159.50.255.255 : Banque Nationale de Paris 159.22.0.0 - 159.22.255.255 : Swiss Federal Military Dept. 163.12.0.0 - 163.12.255.255 : navy aviation supply office 163.249.0.0 - 163.249.255.255 : Commanding Officer Navy Ships Parts 164.94.0.0 - 164.94.255.255 : Navy Personnel Research 164.224.0.0 - 164.224.255.255 : Secretary of the Navy 34.0.0.0 - 34.255.255.255 : Halliburton Company 139.121.0.0 - 139.121.255.255 : Science Applications International Corporation ... The last one is definitely interesting; people interested by obscure technologies should investigate in-depth SAIC stuff... But anyway this list is rough and incomplete. We have a lot more interesting ranges but not yet classed. It's just to show you how easy it is to obtain. If you think that the idea is funny, send us your range. We would be pleased to include your range in our list. The idea is to offer the more complete list we can for the next Phrack release. ----[ 5.4. The axis of knowledge I'm sure that everyone knows "the axis of evil". This sensational expression was coined some years ago by Mr. Bush to group wicked countries (but was it really invented by the "president" or by m1st3r Karl Rove??). We could use the same expression to name the evil subjects that we would like to have in Phrack. But I will leave to Mr Powerful Bush his expression and find a more noble one : The Axis of Knowledge. So what is it about? Just list some topics that we would like to find more often in Phrack. In the past years, Phrack was mainly focused on exploitation, shellcode, kernel and reverse engineering. I'm not saying that this was not interesting, I'm saying that we need to diversify the articles of Phrack. Everyone agrees that we must know the advances in heap exploitation but we should also know how to exploit new technologies. ------[ 5.4.1 New Technologies To illustrate my point, we can take a quote from Phrack 62, the profiling of Scut: Q: What suggestions do you have for Phrack? A: For the article topics, I personally would like to see more articles on upcoming technologies to exploit, such as SOAP, web services, .NET, etc. We think he was right. We need more article on upcoming technology. Hackers have to stay up to date. Low level hacking is interesting but we also need to adapt ourselves to new technologies. It could include: RFID, Web2, GPS, Galileo, GSM, UMTS, Grid Computing, Smartdust system. Also, since the name Phrack is a combination between Phreack and Hack, having more articles related to Phreacking would be great. If you have a look to all the Phrack issues from 1 to 30, the majority of articles talked about Phreacking. And Phreacking and new technologies are closely connected. ------[ 5.4.2 Hidden and private networks We would like to have a detailed or at least an introduction to private networks used by governments. It includes: * Cyber Security Knowledge Transfer Network (KTN) http://ktn.globalwatchonline.com * Unclassified but Sensitive Internet Protocol Router Network and The Secret IP Router Network (SIPRN) http://www.disa.mil/main/prodsol/data.html * GOVNET http://www.govnet.state.vt.us/ * Advanced Technology Demonstration Network http://www.atd.net/ * Global Information Grid (GIG) http://www.nsa.gov/ia/industry/gig.cfm?MenuID=10.3.2.2 ... There are a lot private networks in the world and some are not documented. What we want to know is: how they are implemented, who is using them, which protocols are being used (is it ATM, SONET...?), is there a way to access them through the Internet, .... If you have any information to share on these networks, we would be very interested to hear from you. ------[ 5.4.3 Information warfare Information warfare is probably one of the most interesting upcoming subjects in recent years. Information is present everywhere and the one who controls the information will be the master. USA already understands this well, China too, but some countries are still late. Especially in Europe. Some websites are already specialized in information warfare like IWS the Information Warfare Site (http://www.iwar.org.uk) You can also find some schools across the world which are specialized in information warfare. We, hackers, can use our knowledge and ingeniousness to do something in this domain. Let me give you two examples. The first one is Black Hat SEO (http://www.blackhatseo.com/). This subject is really interesting because it combines a lot of subjects like development, hacking, social engineering, linguistics, artificial intelligence and even marketing. These techniques can be use in Information Warfare and we would like the Underground to know more about this subject. Second example, in a document entitled "Who is n3td3v?" the author (hacker factor) use linguistic techniques in order to identify n3td3v. After having analyzed n3td3v's text, the author claims that n3td3v and Gobbles are probably the same person. N3td3v's answer was to say that he has an A.I. program allowing him to generate a text automatically. If he wants to sound like George Bush, he has simply to find a lots of articles by him, give these texts to his A.I. and the AI program will build a model representing the way that George Bush write. Once the model created, he can give a text to the A.I. and this text will be translated in "George Bush Speaking". Author's answer (hacker factor) was to say it's not possible. For working in text-mining, I can tell you that it's possible. The majority of people working in the academic area are blind and when you come to them with innovative techniques, they generally say you that you are a dreamer. A simple implementation can be realized quickly with the use of a grammar (that you can even induct automatically), a thesaurus and markov chains. Add some home made rules and you can have a small system to modify a text. An idea could be to release a tool like this (the binary, not the source). I already have the title for an article : "Defeating forensic: how to cover your says" ! More generally, in information warfare, interesting subjects could be: * Innovative information retrieval techniques * Automatic diffusion of manipulated information * Tracking of manipulated information Military and advanced centers like DARPA are already interested in these topics. We don't have to let governments have the monopoly on these areas. I'm sure we can do much better than governments. ------[ 5.4.4 Spying System Everyone knows ECHELON, it's probably the most documented spying system in the world. Unfortunately, the majority of the information that you can find on ECHELON is where ECHELON bases in the world are. There is nothing about how they manipulate data. It's evident that they are using some data-mining techniques like speech recognition, text-cleaning, topic classification, name entity recognition sentiment detection and so on. For this they could use their own software or maybe they are using some commercial software like: Retrievalware from Convera : http://www.convera.com/solutions/retrievalware/Default.aspx Inxight's products: http://www.inxight.com/products/ "Minority Report" like system visualization: http://starlight.pnl.gov/ ... For now we are like Socrates, all we know is that we know nothing. Nothing about how they process data. But we are very interested to know. In the same vein, we would like to know more on Narus (http://www.narus.com/), which could be used as the successor of CARNIVORE which was the FBI's tools to intercept electronic data. Which countries use Narus, where it is installed, how is Narus processing information... Actually any system which is supposed to spy on us is interesting. --[ 6. Conclusion I'm reaching the end of my subject. Like with every articles some people will agree with the content and some not. I'm probably not the best person for talking about the Underground but I tried to resume in this text all the interesting discussions I had for several years with a lot of people. I tried to analyze the past and present scene and to give you a snapshot as accurate as possible. I'm not entirely satisfied, there's a lot more to say. But if this article can already make you thinking about the current scene or the Underground in general, that means that we are on the good way. The most important thing to retain is the need to get back the Underground spirit. The world changes, people change, the security world changes but the Underground has to keep its spirit, the spirit which characterized it in the past. I gave you some ideas about how we could do it, but there are much more ideas in 10000 heads than in one. Anyone who worry about the current scene is invited to give his opinion about how we could do it. So let's go for the wakeup of the Underground. THE wakeup. A wakeup to show to the world that the Underground is not dead. That it will never die, that it is still alive and for a long time. Thats the responsibility of all hackers around the world.