
Where the term "Zero Day" comes from - mmaunder
http://markmaunder.com/2014/06/16/where-zero-day-comes-from/
======
aeberbach
And if you didn't have 16550AFN serial and a USR Courier HST your 0-day was
likely to turn into a 3-day...

I remember taking advantage of call waiting tones to dump friends offline and
steal their places on local multi-user BBS. Good days!

~~~
mmaunder
I remember that! You're pure evil!

~~~
neurobro
If they didn't use *70, they deserved it.

------
robertpohl
I love the fact that this is no news to me. It brings back fun memories of my
warez trading by mail and later BBS.

~~~
mmaunder
Yeah I miss those times - especially the fact that hacking/phreaking was seen
as just a little 'naughty' and not worthy of hard time in a federal prison. I
edited and re-edited this short post to take out stuff because I ended up
going on a very serious reminiscing tangent. I'll post some of my thoughts
here just to get them out of my system. Tag this as #ramblingsAfterMidnight

Mostly I was active in the early to mid 90's as a phone phreak and low level
hacker. One of my favorite exploits to get access to /etc/shadow was
symlinking it to .forward in a ordinary user's home directory. Then getting
sendmail which executed as root to dump it to port 25. Then I'd send it to a
friend of a friend who allegedly had rooted a cray somewhere - Don't know if
that was true but he would run crackerjack on the file on a very fast machine
and I'd get back a ton of passwords.

Friends and I around the world would sometimes phone phreak into a 'bridge'
used for teleconferencing and talk to each other using that. Then someone
would three-way a pizza delivery place in New York into the conference and
we'd try to get pizza delivered to Scotland. I remember a friend 'maelstrom'
who's real first name was Ewan (I never knew his full name) was unfortunately
arrested by Scotland yard because someone posted a bunch of valid credit card
numbers and phone cards to his BBS. I heard it was Scotland Yard's first
hacking related arrest - don't now if that's true. I've googled him a lot to
try and find out what happened to him but no luck.

Another friend 'aphex' in South Africa was raided for hosting warez on his
BBS. Apparently three people walked into his house - a guy from the phone
company, a guy from interpol and a guy from the south african police. They
took all his equipment but didn't arrest him when they realized he was 16 at
the time.

These arrests were the beginning of the criminalization of hacking. The real
watershed was Kevin Mitnick's arrest in 1995 which really spelled the end of
the 'wargames' period of hacking - when everyone saw hackers as Matthew
Broderick cute.

This is a video of another friend. Later on around 1996 he got a major
interview with the South African equivalent (back in the day) of 60 minutes.
It was a very popular TV show and this was a big deal for him. Only the first
few seconds are in Afrikaans in case you don't speak that. You can see the
attitudes changing in this video - he narrowly escaped getting prosecuted by
Olivetti and the University of South Africa.
[https://www.youtube.com/watch?v=RzKHa3BYemI](https://www.youtube.com/watch?v=RzKHa3BYemI)

So after my two friends got arrested, I got a warning letter from the phone
company and stopped what I was doing - which wasn't anything malicious, just
exploring.

Here are some screenshots of Bluebeep. I think it's a later version, we were
using 0.9 or something:
[https://lh4.googleusercontent.com/-C6KLCsKy9_w/TpsOtXwPQhI/A...](https://lh4.googleusercontent.com/-C6KLCsKy9_w/TpsOtXwPQhI/AAAAAAAAAEo/4qjDAxGD-
yU/w800-h800/bluebeep.png)
[http://www.nerdnetworks.org/sarts/bluebeep.jpg](http://www.nerdnetworks.org/sarts/bluebeep.jpg)

To make free international calls I would call a home country direct which is a
toll free number locally in South Africa or another country and connects you
directly with an AT&T or MCI or whatever operator in the USA. Then send a
combination of 2600hz and 2400hz through the mouthpiece to put the trunk on
the USA side into a kind of command mode. Then use the CCITT5 signaling system
(which is basically DTMF but with different tones) to tell it to route a call
for me. One of the tones - I think it was KP1 or KP2 could be used to tell the
trunk to route the call via satellite or undersea cable (cable being the
better quality because of no propagation delay).

Seizing trunks like this was similar to the cap'n crunch whistle which
emmitted a 2600hz tone in the USA and in the 70's you could use that to seize
a trunk in the USA. International trunks were different so we'd need a
2600/2400 tone. But the phone companies would put filters on the line, so you
could do things like adding an additional frequency to the mix, or using
2600/2400 and sloooowly increasing the volume until you hear that wonderful
'KERCHUNK' sound and silence. Of course you're doing this as the phone's
ringing and then an AT&T operator answers and is hearing giggling and these
weird tones until his line just goes dead and we're routing the call.

I once routed a call through a few countries back into South Africa to my best
friends house. The delay on the line was epic - like 10 seconds.

Recently I decided I miss the good old days of it being very hard to get
international bandwidth, so I went out and got myself a ham license. (callsign
WT1J) So now whenever I feel the need for it to be really hard to send data
internationally, I jump on the HF bands and play around with digital modes,
sending data to someone in australia using JT65 (designed for moonbounce) and
only 5 watts on 14 megahertz. Makes bluebeep and CCITT5 seem like a breeze.

~~~
deftnerd
I remember using Toneloc during that time to wardial entire exchanges looking
for dialup modems into servers. I wonder how many people I annoyed with
getting phone calls in the middle of the night with my 14.4 modem screeching
in their ear.

~~~
clamprecht
ToneLoc author here (mthreat), checking in, 20 years after the release of the
last version. I didn't manage to avoid the federal prison part, but somehow
ended up fine in the end. My path, roughly: BBSes -> saw WarGames -> wannabe
hacker -> warez boards (Public Enemy) -> cracking games (learned x86 asm) ->
hacking voicemail boxes -> wrote ToneLoc (learned C) -> real hacking -> COSMOS
access -> physical hacking (burglary of Southwestern Bell, learned lock
picking) -> federal prison -> back to college -> startups -> ... I wouldn't
change any of it now.

~~~
georgemcbay
Similar journey here but without the burglary or prison.

BBSes (300 baud modem on a C64 hooked up to an old 13 inch TV) -> warez ->
learned 6510/6502 assembly and started cracking -> hacking/wardialing as a
means to get access to computers where I could do C programming with 'real' C
compilers -> found my way onto the Internet/ARPAnet in the mid-80s -> moved to
Amiga (continued cracking on 68k) a reasonably 'real' computer with DICE C
(Thanks Matt Dillon!), etc -> software developer.

Got away from the illegal "hacking" when it started becoming a serious thing
with serious consequences and I was no longer a minor, and out of the
cracking/piracy thing when I was earning good money and could afford to buy
things.

There are a few people on HN with similar stories that I know of from back in
the +hack/#hack/#Amiga! irc days (my handles there varied but were often some
variant of my name: gfm, geo, etc).

~~~
mmaunder
Amiga. Respect! There was a time when it was clear that Amiga was going to
win. And then it didn't.

I hung out on #phreak as pHaze.

------
spingsprong
Quick book search on google gives lots of examples of "zero day" going back to
the 19th century

------
lerouxb
Hilarious local TV footage from 1996 about what these "hacker kids" are
getting up to at night:
[http://www.youtube.com/watch?v=RzKHa3BYemI](http://www.youtube.com/watch?v=RzKHa3BYemI)

------
PhasmaFelis
Yeah, I've been curious for a while as to how "zero day" morphed into its
current, completely unrelated non-sequitur meaning. I'm guessing it's more or
less the same way "hacker" came to mean "computer criminal"\--buncha noobs
parroting actual hackers' lingo without understanding, in hopes of seeming
cool.

~~~
Leynos
I wouldn't call the current usage a non-sequitur. Zero-day exploits being
those in use before the vendor and general public have been made aware of
them. Presumably, a 1 day exploit would be one published on the day the
vulnerability was announced. It seems like a fairly natural application of
what was, at the time, a pretty well understood terminology.

~~~
grkvlt
The problem is, current usage seems to be to use 'zero day' as a synonym for
'just released' when speaking about vulnerabilities, which I agree is wrong. A
'0day' by definition will not be known about by the public, so cannot feature
in a public announcement.

~~~
diminoten
Zero day, today, means unpatched in latest version, at least when applied to
vulnerabilities.

------
ewest
Nicely written - the last paragraph draws the whole arc...from C preprocessor
directives to Twitter hashtags; brings it together.

------
jezfromfuture
0day always has meant one thing , release of software on the same release date
i.e. 0 day.

~~~
kelnos
That's empirically incorrect; 0day means more than just that nowadays.

------
wiz21
oh memories... Some were a bit more lazy and used "trashed" credit card
numbers to get free phone calls... They were looking in some restaurant's
trash can to get them... Not exactly hi-tech but working nonetheless :-)

------
nomedeplume
today drug dealers use leet speak over SMS to communicate about transactions
without triggering local LE detection

~~~
slipstream-
I didn't know that. Do you have a source for this information?

~~~
user24
I wonder if this is just a retelling of the myth(?) that leet speak originated
in the practice of renaming files to avoid detection by sysadmins.

~~~
baldfat
I seriously think it was all the crazy warez custom title screen that could be
larger then the actual game. Back then you had to be "known" and go through
the initiation of making sure you weren't someone that could harm them through
intent or stupidity.

------
randomflavor
who here was on lutzifer/qsd etc?

~~~
hect0r
And who here was on Altos?

~~~
randomflavor
right-o and altos. geez.

~~~
hect0r
What ever happened to those?

