
Coding Horror: I Was a Teenage Hacker - Anon84
http://www.codinghorror.com/blog/2012/08/i-was-a-teenage-hacker.html
======
T-hawk
My high school rascalry:

This was from 1993 to 1996, on MS-DOS 486 machines in the computer lab. I had
found a program on some local BBS that could resize a hard disk partition. So
on a few of the machines, I shrank C: by a few dozen megabytes and created my
own D: drive and copied games into it.

How to hide that D drive? With Norton DiskEdit, I figured out how to
manipulate the partition table manually, setting the partition type to a null
value so that DOS wouldn't see it. Next I figured out how to read and write
that disk sector in assembly language. Soon I had a command-line executable
that would hide or unhide my private partition with a single command. Best of
all, DOS would only read the partition table on boot. So I could boot with my
partition enabled, then hide it, and play games knowing that any reboot would
render the partition hidden again.

The last thing I needed to cover up was the missing space on the C drive,
which could be revealed by the DIR command. So I wrote a memory-resident
program (assembly again) that constantly scanned for the string of "bytes
free" in video memory, and patched in a larger value.

Okay, now the MEM command might reveal the existence of my TSR. So I named my
program as VSAFE, which was the name of a memory-resident antivirus program on
each of these machines. I had my program output the same text as the real
VSAFE did on startup, and overwrote the real VSAFE executable with my own.

So I had a pretty well concealed partition, that would have required some
heavy duty skills to find and remove. "format c:" would not affect it, and
even FDISK would just show the space as empty, not a partition. Never got
caught for any of it; the computer lab supervisor and other students knew I
was up to something but never found any of the hidden stuff.

Man, I could have had a career as a malware author...

~~~
shurane
That is impressive. That's a lot of work to hide your activities from other
people, though. Sufficiently paranoid? I say yes. But then again, I have not
met many impressive hackers in real life.

How much reading up did you have to do to figure each of those things out? Or
was it trial by fire? Figuring out all that on your own?

Seriously, kudos. Those are some hacker chops.

~~~
T-hawk
More the other way around, that I'd read about how to do such things and then
saw an opportunity to put them to use.

I had been self-teaching assembly for a couple years from library books and
doing other toy programs. One book, possibly one of Peter Norton's, covered
the partition table in sufficient detail. (And I was hacking only one byte in
it, nothing sophisticated.) Reading and writing a disk sector in assembly was
commonly covered in reference books. So was writing a TSR to hook the timer
interrupt, which I'd already done for some other purposes. The actual logic of
looping through segment B800 looking for text wasn't hard in assembly.
Overwriting and masquerading as a legit program (VSAFE) isn't a technical
challenge at all. The hacker chops were thinking my way through the detection
methods and countermeasures, more so than the actual programming.

If I hadn't had that background, I would probably have hidden the games with
less sophisticated methods. Bury them in deep subdirectories, maybe zip them
with password encryption. And it was done for the challenge more than the
results; I had a home computer that could play all the same games.

Anyway, I'll relate another story.

There was an annoying kid in my computer science classes, the type who thought
he knew it all but was pretty clueless. One day he was complaining that a game
he had downloaded required more RAM than his home computer had. I told him I'd
give him a copy of a utility that would do on-the-fly compression of RAM in
DOS. (At the time, Stacker was big for disk compression, and there were real
utilities that did memory compression in Windows. So it was plausible.)

Of course, my "utility" was a trojan. But I was subtle about it. The trojan
dropped an executable with a blank name (an Alt-255 character) and stuck a
reference to it in AUTOEXEC.BAT, which was invisible and looked like a blank
line. The payload would trash the partition table, only if the system date was
a month later than I originally did this, so he wouldn't be tracing the time
bomb back to me. (Yeah, this was nasty. I was a youth with power.) I don't
know if he actually ran it or if the payload ever went off; the bomb date was
in the summer after school ended.

But the real fun part is the postscript. The outer trojan was in QuickBasic
(the dropped payload was assembly.) Years later, my brother was playing with
QuickBasic to learn it, so I gave him a copy of my QB directory with several
dozen of my programs to play with. A few days later he tells me that his
computer won't boot. Yikes. I put together a boot floppy with a Norton disk
repair utility to start digging, and eventually notice that the partition
table had some corruption that looked oddly familiar. You guessed it, my own
brother had run my old nasty trojan and got his partition table nuked!

~~~
vizzah
Reminded me of coding a funny practical joke TSR program which after several
days showed a message 'Press and hold left Ctrl + left Alt + W + Right Shift +
P + M to see a surprise!'. After victim would press this combo, message
changes: 'Now, when you release these keys I'll format a floppy inserted in
your drive A:\' (that was the time not everyone had hdd on C:\ yet;). The
picture of someone sitting with their hands stuck to the keyboard and shouting
for help was just too funny.. however, testing the payload, time after time to
ensure everything would be working as prescribed, the first victim was I
myself, stupidly forgetting to remove diskette from the drive after another
run. The sources were on A:\\. Nobody home. Mother comes back from work in
about 3 hours. Damn. I tried to open the hatch on the floppy drive door with
my leg fingers to prevent diskette from being erased. Then quickly jumped to
pull it out, though the drive has made a number of cycles before it was
escaped.. and the source lost forever:) that was already enough fun not to
bother about it again;)

~~~
tripzilch
Ha! Okay that is hilarious.

Both the idea ("hold these keys"), and how it ended up backfiring.

Though the program would have given just as funny results if you had not
actually formatted the disk on key-release. After all, how is the user going
to know whether the program speaks the truth?

------
a3_nm
In college, the machines in the computer labs had no speakers, but I found out
that by logging on the TTY you could make the PC speaker beep at an arbitrary
frequency. You could only play one note at a time, though... except if you
used several machines. So I wrote a daemon and a script that would take a MID
file and dispatch the various voices to all machines in the room (the daemon
used NTP to ensure that everyone started at the exact same time).

The sound quality was awful, but the spatial effect was pretty cool because
the sound came from everywhere at the same time. I got cool results with
Mario, Pokemon, Tetris, but also some of the Goldberg variations or the Art of
Fugue... But this was December, so I dug out a few Christmas tune MIDs and set
them to play at random intervals until Christmas. As it turns out, a song
triggered during a class once: a lot of people thought the sound was coming
from their machine and freaked out, and the teacher spent some time trying to
figure out from which machine it came before he understood what was going on.

At some later time we found one computer with sound, so we set up a daemon to
monitor logins on all the machines in the room and had a GLaDOS-like voice
blurb out a personalized greeting to newcomers. Fun times :)

~~~
pkamb
> _The sound quality was awful, but the spatial effect was pretty cool because
> the sound came from everywhere at the same time._

Reminds me of being in the computer lab at 3am when every Mac restarted and
played the "buhhhhhhhh" boot sound.

------
zoul
My story: We used to learn Pascal in my high school programming classes. Each
Pascal program ends with an “end” keyword followed by a full stop (“.”), at
least if I remember correctly. I wrote a resident program that would monitor
the keyboard and screen and when it detected a full stop inserted after the
“end” keyword, an animated critter would appear (made of custom characters
inserted into the ACII table) and eat the dot, thus making the listing
impossible to compile. I didn’t write the viral code, so that it took some
social engineering to run the program on my classmate’s account, but boy it
was fun when he started complaining to the teacher that he can’t run the
source code because of some creature eating his dots :-)

------
petenixey
There's something amazing about programming in that regardless of whether
you're a 100-year tree in the forest like Jeff Atwood or a hapless sapling
stumbling about on Codeacademy you can still add value both as a developer and
a community member.

I've been coding for 10 years now and have reached the point where I'm
reasonably handy but I look at a post like this and the sedimentary layers
upon layers of experience that Jeff has and feel like a total novice. And yet
I can still build stuff that's useful. I can still help people on
StackOverflow and I can still learn from the giants above me.

I had no idea when I got into it but in retrospect it's pretty awesome to have
chosen a career with such an updraft for newcomers and where everyone at
almost every level can meaningfully teach, learn and contribute.

~~~
skrebbel
I'm not sure that "adding value as a developer and a community member" is what
motivated most of us to hack around on the high school PCs.

~~~
tripzilch
Jonny looks around, confused, his train of thought disrupted. He collects
himself and stares at the teacher with a steady eye.

"I want to develop business application enterprise solutions," he says, his
words becoming stronger and more confident as he speaks.

"I want to write something that will add value to the community. I want them
to walk away from the computer simply because it's 5PM and that's it for
another day at the office. I want to write something that will reach out to
end-users, and conforms to requirement specifications. I want to write
something they are reluctant to upgrade, knowing that nothing they deploy that
quarter will be quite as stable, as backwards-compatible, as good. I want to
write enterprise data store solution software architectures."

Silence. The class and the teacher stare at Jonny, stunned. It is the
teacher's turn to be confused. Jonny blushes, feeling that something more is
required. "Either that or I want to be a fireman."

(w/apologies to Denthor^Asphyxia ... ^_^)

~~~
skrebbel
beautiful! :')

------
zbowling
I remember in high school, the computers where running windows 95. They used
this shell hacking "protection" software called Fortress. It worked by hiding
buttons and menus and trying to prevent you from opening up various apps or
clicking certain files in common dialog boxes.

My first "hack" was just a boot disk that simply copied fortress.exe to
another directory (a little choice.exe with autoexec.bat magic).

The second hack came later. The computers were upgraded to Windows 98 and my
autoexec.bat trick stopped working because of a BIOS password. Thankfully the
machines came with Word which had nice shinny feature called Visual Basic for
Applications. Most of the shell was hacked to hide menues still in Fortres 2.0
but good old VBA was still accessible. Using VB I could call Win32 apis and it
was just a few calls to enumerate and kill the startup entries for fortress in
the registry.

The best part of this was that it was all sanctioned activities sort of. The
IT department was in a central building downtown (30 minutes away from our
school) and who was always a pain to work with for the teachers. Their
gradebook apps failed under fortress and even their teacher passwords failed
to disable all the shell hacks. Shutting off fortress was the only compatible
way to get things to run correctly for the teachers.

At first when the local IT department found out, they laughed, but then later
got upset when the disk of my magic word document spread. It was making it's
way across the district via email lists.

At some point in the school year I got accused of spreading 'a virus' to other
students that allowed them to download 'warez' on school computers. Apparently
fortress was the only thing preventing kids from using WinPopUp and windows NT
messenger to send broadcast messages to all desktops across the network.

I tried to fight it and explain exactly how the thing worked and the silliness
of shell hack in the first place. It didn't work. The Principal said I was
hacking regardless and suspended me. After getting the suspension (and after
they called my parents who knew before I did and were very upset already), I
quickly called the computer programming teacher (who knew knew C++ and VB and
had previously been an assistant for in my sophomore year). He called the
principle and super and explained that I was not hacking and that I was
'improving productivity' and that the IT department's policies were hindering
teachers. I got out of the suspension by the super the next day but no apology
was given. Just a stern "stop hacking" the next week when I got back.

I was later voted most likely to succeed by my class. Apparently in a class
size of 1200+, I was well known for my exploits.

~~~
Peaker
Bypassing my school's BIOS password was easy.

Open up "DEBUG" in a DOS prompt, and write a few-line assembly loop that
writes increasing register numbers to port 70h (register select), and 0 to
port 71h (value) -- to reset CMOS memory with all 0's.

Then you can just enter BIOS to set it all up from scratch.

~~~
blhack
Or open the case and move a jumper.

~~~
redthrowaway
Or just pop out the BIOS battery, short it with a paperclip for 30s, and pop
it back in. Bingo, no more password.

------
TazeTSchnitzel
I got in trouble for a bunch of things. I wrote a utility that was supposed to
cover up the "system tray" clock (with an identical one with context menu) so
I could run command line apps on school computers, but the system thought it
was a virus. (I guess Delphi 3 apps named iexplore.exe are suspicious? :P)

Then I embedded the Game Maker installer in a Powerpoint presentation, since
it was one of the few ways to be able to run a foreign exe (along with zip
files, but they are more obvious targets and they're more likely to inspect
them).

Then I exposed (didn't exploit) a serious XSS issue in the school's VLE, which
of course they gave me a final warning for.

Edit: The School's IT policy, previously a single A5 page, became two-and-a-
half A4 pages thanks to me.

~~~
angry-hacker
At my school for whatever reason I was able to change for whatever reason the
hosts file. I changed the popular mail service to redirect my clone site to
collect passwords... I got caught in a week.

~~~
danielweber
_At my school for whatever reason_

Ah, those magic words.

For some reason I still don't understand today, 9 of us in my high school
programming class had read permission on absolutely everything. It was only
students numbered "01" through "09" in that particular class -- I checked the
border conditions in a very OCD-style.

Explored a lot of that IBM set up.

------
gghootch
Oh, high school and the semi-malicious innocent things you do. If only the IT
department was more competent and didn't leave everything open. Perhaps
instead of playing Quake all day, some of us would have gotten into real
hacking a lot earlier.

Then again, teaching the entire year how to use NET SEND to send direct
messages to every computer on the network was fun. So simple, yet total chaos
soon followed. Imagine hundreds of Windows popups with messages such as: "Hi
i79, did you know that miss Lengstein is wearing a thong today?". Every single
person behind a computer in the building had to click through all these
messages individually when they booted up their machine.

We thought it was amusing, especially the invidivuals who could not figure out
what the hell was going on. As was the moment when the horrible miss from the
library shouted 'WHAT IS THIS, HELP! I'M BEING HACKED!!!'. The resulting
crackdown started out fairly scary at first but became outright hilarious when
every single authority figure started their frowning speech with "I am sure
you have been punished enough". (Never punished, parents did not even find
out, IT department just told me 'whenever you figure someone else out, please
do not tell the rest').

I took that advise to heart and told only a select few when I uploaded
mugshots of every single person in the school to photobucket. Fairly sure no
one every found out, even when we hung pictures of other kids with drawings on
their faces around the school and got busted they did not even stop to think
about where we got those pictures. To think this all played out in a top five
high school makes me smile like I am up to no good again.

~~~
Pwntastic
Haha I did pretty much the same thing back in school.

We also randomly had permissions to terminate running programs on other
computers over the network for a year or two. That was fun times until the lab
teachers learned to start looking for people with black console windows open.
But then I just learned to change the console colors to black text on white to
throw them off.

------
dsr_
Pushing systems to their limits is what hackers do.

Figuring out when it's appropriate is what adult hackers do.

It usually takes a while to go from one to the other.

------
jgrahamc
Sometimes a hack gets you a wife: [http://blog.jgc.org/2011/02/hacking-
toshiba-t4800ct-love-sto...](http://blog.jgc.org/2011/02/hacking-
toshiba-t4800ct-love-story_9458.html)

------
statictype
At college, we had AIX Unix terminals that ran in character mode. I wrote a
program to simulate the login screen. It would record your user/password to a
file and then throw an 'Invalid Login' error and then actually logoff and give
you the real login screen. So no one suspected anything.

After I was done with a terminal, I'd run this program and leave (knowing full
well, that someone could Ctrl-C to terminate the program and get access to my
account though no one ever did)

I got more than a few passwords with this. But didn't actually do anything
with them. I felt bad and deleted the program and passwords after some time.

~~~
billpg
I suspect that's why Windows has you do a Ctrl+Alt+Del before logging in.

~~~
tallanvor
That's more or less exactly it. Ctrl+Alt+Del causes a switch from the
interactive desktop (WinSta0\Default) to the Winlogon desktop, which no other
process has access to _. Windows code also contains a special rule for
interrupting the Ctrl+Alt+Del combination to prevent other applications from
hooking into it and overriding the default functionality.

_ Technically it is possible to get other processes to run in the Winlogon
window, but that requires messing around with security tokens, among other
barriers.

~~~
voltagex_
I think either VirtualBox or VMware Workstation can detect Ctrl-Alt-Delete -
it then asks you if you meant to send that to the guest VM. Any idea how that
works if there's protection on Ctrl-Alt-Delete?

~~~
jameyc
Ctrl-Alt-Del fires an IRQ. As such, it can't usually be fired remotely -
although some utils work around it by making API calls at the client end to
trigger the behavior, depending on context.

Some flavors of VMware hooked the IRQ on the host machine and responded to
that (not sure about VirtualBox, never thought to check that.) They can send
it to the virtual machine easily, as they are also providing the a virtual
bios/hardware layer.

------
brc
This is all very amusing, but I have the other side of the story. A close
relative of mine was the systems administrator for a large high school. The
amount of grey hairs that sprouted in the few years they were in the job due
to wannabe hero high school hackers is testament to how hard it is to keep a
stable system running when you've got scores of hormonal hackers trying to
outdo each other.

While this page tells of succesful hacks, it doesn't mention all the screw-ups
whereby the payload didn't work but caused major problems with the school
computers. Nor does it tell of the systems admin getting chewed out by school
management for failing to play whack-a-mole properly.

By far the most common route of hacking was getting a teachers password, which
was usually either easily guessed, or worse, written down in a notebook in the
drawer.

As for me, I found that in university we had computer-based testing for weekly
lab classes. When you submitted your answers, it printed the results and
showed you where you were wrong.

We found that if we yanked the power cable on the workstation after the print
job was submitted and the printer started, the results didn't commit to the
database, you'd get a printout of the answers but your score wasn't saved. So
then you'd just take the test again, using your printed answers as a guide.

~~~
derekp7
That reminds me of the only "hack" I recall doing when I was younger. Back
then, many BBS systems had 10/1 download/upload ratios enforced. I found that
if you aborted an Xmodem download on the last block, you would still get the
whole file (the block would finish transferring) but it wouldn't send the
acknowledgement back to the BBS. I would just look like a failed download, and
wouldn't count against your ratio. I think I filled up some 50 or so floppies
that summer (and had the phone bill to match).

Other than that, I was never good at most hacking. I was into writing code,
and working with algorithms, but I never got the knack on how to bypass
security systems (I also didn't have any other computer savvy friends back
then either). But it did help that I had an office job (which involved using
my PC talents on the side) from the age of 15 on up. Kept me too busy making
money to worry about side projects.

------
shawnee_
In high school, I became yearbook editor and was entrusted with keys to
certain parts of the school (darkroom, computer lab, etc). In the late 90's,
yearbooks were all done manually: film was loaded into cameras with heavy
lenses, pictures were burned into photo paper and stop bath. Some of the work
in putting it together was done on a computer, enough to justify being on the
computer after hours. We'd print out pages with blank rectangles and squares
for the photos, glue the manually-developed pictures onto the pages that had
printed text, bind together the book, and send it off to the printer at the
end of the year. Being yearbook editor was great, always an excuse to be
working on something creative.

I also had a key to the computer lab. Problem was, the part of the building
where the computer lab was located was not accessible after hours -- there was
a gate which was locked during off school hours. (Meaning it was designed such
that I could get into the room with the computers during regular school hours,
out during off-hours, but not back in after hours). This lab had about 20
computers, and live Internet access. More than enough reason to find a way.

While none of my "breaking into" that part of the school during off-hours was
done with malicious intent to steal or deface school property, it probably
wasn't exactly the most lawful thing a 17 year old could have been doing. My
good student status probably helped for those rare occasions when one of the
janitors or teachers would "catch" me in that part of the building at times
when I shouldn't necessarily have been there. "Research for college", was a
good excuse at the time (and actually pretty close to the truth).

------
cdcarter
My high school latin course used these silly HTML/JS (probably at the time
called DHTML) quizzes and exercises. They were a significant portion of the
grade and truly pure JS hooked up to good ol' Matt's FormMail to submit
scores.

I slowly developed little bookmarklets to make things ...easier. Reveal the
hint without taking a score deduction. Decoded the answer obfuscation to just
pop up the correct answer. Auto-select the correct answers for that page.
Eventually I sat down and read the source of the quiz all the way through and
realized all I needed to do was

> javascript: submitScore("name",100).

------
rachelbythebay
What about the flip side of this, which is catching and dealing with the
hooligans who screwed up school lab machines? It involves trojan horse
programs and hex editing DOS binaries, too. I wrote about it not too long ago.

<http://rachelbythebay.com/w/2012/06/13/lab/>

------
sneak
Doesn't everyone have stories like this?

I remember when my parents (in Michigan) got a call from Norway after 14-year-
old me owned a bunch of some large ISP's nameservers and proceeded to launch
broadcast amplification attacks against a bunch of IRC servers.

I guess now that the Internet is for normal people, stories like this are news
again.

~~~
swah
Because 99.9% of people on the internet right now have no idea what a BBS
is/was.

~~~
salgernon
I recommend <http://www.bbsdocumentary.com/> to anyone who lived through that
time. Not sure how interesting it is to people that weren't involved, but I
loved it.

------
TomGullen
This isn't really a hack (I wasn't that smart). My earliest memory of playing
round with computers was at primary school when I was very young, it asked me
to enter my name so I typed in 'poo'. I then showed my friend and he laughed
and hit his fist onto the keyboard really hard and the computer froze with the
word 'poo' frozen onto the screen.

I got into big trouble as the teachers thought I'd crashed the whole computer,
they shouted at me pretty hard!

I still think it's quite funny to enter your name as 'poo'.

------
ry0ohki
My first hack was in typing class in 6th grade (1990?). They had the PCs
(running DOS) locked down so you could only run the designated typing
programs, but one of the programs let you open a text file, and in the root of
C: I found a file with the passwords for admins to go straight to the DOS
prompt. Turned out there were all sorts of games installed as well, I was the
class hero. Ironically, I got terrible grades in that typing class even though
I type over 100wpm now...

------
AsylumWarden
Ah, the memories...

Like most I started early with programming in assembly, C, pascal _shudder_
and then discovering unix.

I remember starting off by hacking the computer lab computers in my school.
The lab staff had to log you in so they would know who was using which
machines. I learned the pattern through a little social engineering and it
wasn't long before I never had to talk to the staff. I also bypassed many of
the tools that locked those machines down and even locked the lab techs out of
a few of my favorite machines that I used for long running processes. I even
had my own primitive form of RDP using screen captures and email. Eventually I
learned to crack the passwd file on my schools mainframe and then I had access
to everyone's accounts including the teachers. I then discovered those
passwords also worked on most home dialup accounts, outside email, irc
accounts, etc. Fun! I used to dominate the east coast irc back in the day, at
least in my little world, but I kept my head real low so I wouldn't be
noticed.

You know the best way to pick up a girl from Scandinavia? Easy, hack her email
and irc accounts, knock her boyfriend off of irc and impersonate him, erase
her boyfriends incoming emails and, spoofing his email address, bully her a
little and tell her to stop seeing guys like yourself. Somehow it worked like
charm. Man was she hot! First hot girl I ever dated.

My downfall? I gave some "goobers" some irc scripts to perform netsplits and
become admin of their favorite channels. The idiots got caught making life
threats against an irc admin that banned them and, in a stroke of self-
preservation, they turn me over as their "ring leader". No hacking your way
out of that one! Real sweet, eh? My parents were not very happy having the
local police, the FBI and the NSA knocking on their door. I lost computer
privileges (still went to college and got my degrees though) and now I just
hack my own private network of pcs, laptops and cellphones at home.

Ahhh, the memories....

------
jordanthoms
I was poking around on the school computers and I found a (world readable)
script for joining the AD (these were macs, so there was some black magic
going on), with an username and password in it. Turns out that username and
password was the administrator account on almost every server in the school,
which were all accessible through remote desktop.

Yeah, that was a good time.

~~~
jordanthoms
(until I got suspended, ofc)

------
noonespecial
My indescretion was a boot sector virus that would randomly seize control of
the computer long enough to beep the theme song to "Cheers". Oh and spread to
the boot sector of any disk inseted. To be diabolical it randomly chose to
play the song or simply silently reinfect others each time it spread.

They (at my highschool computer lab) were still battling to eradicate it years
after I left. I am ashamed. Somewhat.

------
lurkersmirker
The details are a bit fuzzy, but I remember a certain computer lab of mac
classics on an applets network. We installed some extension that let you send
messages to other computers, and even put it on the teachers computer, which
was connected to a projector. In retrospect photoshopping his head onto a
playboy centerfold and resediting it into the extension and removing the reply
button, and then sending it to him during class on the projector, well that
was probably a bit much.

They tried several types of lockdown software, nothing ever actually worked.
You can't stop kids from playing games.

------
mumrah
Since we're all reminiscing about high-school geek antics: In my Physics
class, we had semester long ongoing assignments that were markedly harder than
the nightly homework. You could turn in the problems at your own leisure. They
were mostly applied problems that involved some math we hadn't learned yet
(like calculus). The problems were the same for each student, but we all had
different parameters, so our answers would be different.

After figuring them all out a few weeks into the semester, I started writing
up some BASIC programs on my TI-86 that would take in student's parameters and
spit out solutions. Long story short, I ended up selling answers to some jocks
and got caught (I guess the teacher was suspicious when C students were
getting these hard problems correct). End result was: made my teacher
simultaneously proud/disappointed, earned a few bucks, learned about
corruption/greed.

All in all, it was a good learning experience and I don't regret it (though
giving away answers for free would have been more altruistic I guess)

------
mgkimsal
High school - 1985 or 1986, I wrote an interpreter (in BASIC) that looked and
acted like the BASIC we'd boot up off the shared drive (some odd TRS-80
networked set of workstations). The BASIC interpreter that I wrote worked
_mostly_ like the regular BASIC, but would give some random extra output. Came
in to class early and booted everyone in to that BASIC, and watched as people
took forever to type in their code, then run it, and have it not work - things
like 5+7 came up as 3. The teacher was flummoxed, and we essentially wasted
the class that day.

Looking back, it was quite a jerk move. I was trying to be clever (well, I was
clever), but it didn't get me any more status with anyone - basically just
reinforced the geek status I had (which wasn't a good thing to have in 1985).
I was bored, but that's a pretty lame excuse. I think I ended up with a C- in
that class ("intro to computers I"), mainly because I never flowcharted
anything.

------
diggum
I graduated high school in '92 and since my systems at home were better than
what we had in our labs, I gravitated toward exploring the local University
networks. You could dial in to a terminal and then connect to any of the local
machines. Most were VAX/VMS or Ultrix systems. The VMS systems all had open
GUEST accounts that were limited, but allowed you access to BITNET. I managed
to chat with Taran King, who was co-editor of Phrack at the time, a few times
over the BITNET chat protocol which was great fun.

However, my actually hacking life started on the Ultrix systems. I don't
remember how I first had access since I don't think it allowed Guest logins,
but I discovered a great hack: all of /dev/tty* was word-readable until
someone fully logged in to a particular port at which point it was only
readable by the user logged into that port. so every few hours, I'd just "cat
/dev/tty* >> passwords.txt" and harvest logins for everyone who logged in
during that time. I had some fun with one of the admins for awhile having
unknowingly logged into his account. We chatted a bit and he was a good sport
about it, but the hole was patched a few weeks after. I never knew if it was
already a known issue or if I was actually the only one who found it.

A friend wardialed a system that appeared to be a Dept of Transportation
front-end to the brand-new digital readerboards along the Interstate. Let's
assume we never actually changed any text, but I cracked the password,
TRAFFIC, on the 3rd or 4th attempt. Good one, guys!

Exploring random address on TELENET dialups was a blast as well. Most were
very secure since they'd been well-picked, but every so often you'd find some
interesting terminal and start poking around figuring out what it responded to
and how to navigate deeper.

Don't get me started on the first 2600 meetings in Seattle. Some very
prominent people in the tech/hacking space now were pretty sketchy back then.

Fun! Memories!

------
ynniv
_I've grown to love my own bad judgment. It's led me to the most fascinating
places._

This appears to be the root of all that is self-taught.

 _Trust your technolust._

------
bcl
For some reason I never paid much attention to the phone bills. I was long
distance from _every_ BBS, but I had an after school job and mom made me pay
every month. That is until the $1200 bill (this was 1987) arrived. My modem
got put away until I could pay off the bill, and we never did tell dad about
that. I blame it on the Hayes 1200bps modem, it made it sooo much easier to
redial busy BBS's than the Atari 830 modem I started out with.

For a while there the first program I wrote for a new computer was a War
Dialer. Just like everyone else who had seen War Games.

~~~
waterlesscloud
When it comes to the system on which I learned unix and c as a teenager, all I
really know about it is that it had a modem set on autoanswer. :-)

------
sp332
The Hackers for Charity program is to find bored kids with budding computer
skills, and get them experience while helping charities. This helps them build
their "legitimate" resume, and hopefully keeps them interested enough that
they don't have to resort to trivial illegal things like this.

------
dbecker
This reminds me how lucky I am to be relatively successful as an adult. I
could easily have spent time in juvenile detention for something stupid, and
who knows how that would have turned out.

I suspect a lot of people on this board did the same (illegal) stuff as
kids... We're lucky that we had the good luck to grow into productive adults.
I like to think society is also lucky that it let us grow into productive
adults.

~~~
drucken
I doubt it has much to do with luck at all.

Almost no one starts doing stuff like this, especially with technology at the
time, because they have nefarious goals or have a crime career planned.

They are kids. They do it to push their limits and may even not be aware it is
even illegal. Even if they are aware, they believe they are invincible or can
get away with it. As an aside, why do adults so easy forget what it was like
to be a kid?

In addition, to even begin overcoming the technical challenges involved, the
amount of curiosity required over otherwise mundane detailed technical
knowledge is quite high. Criminals tend to be far more motivated to seek high
reward, short term activities.

Finally, the same people who have access to the knowledge and equipment to
carry out activities like this, tend to also be the ones who are raised in
balanced, strongly breadcrumbed environments leading them away from anything
that distracts them for the path set for them, lets call them the middle
classes for want of any better term.

So, nope, not luck. Just being a curious middle class kid with easy access to
new technology and few upfront repurcussions.

~~~
dbecker
I don't understand your post (or perhaps you didn't understand mine).

You are right that I didn't have nefarious goals when I did this stuff as a
kid, though I knew it was illegal. In any case, the fact that I didn't get
caught was mostly luck. If the police came to my door, my life could easily
have turned out much differently.

I'm saying I (and many others on this board) were just lucky not to get
caught. Certainly Jeff Atwood was lucky to get a sensible judge. I'm surprised
anyone would dispute that.

Are you saying we couldn't have possibly been caught? Are you saying it
wouldn't have mattered if we got caught and faced the wrong judge?

I'm sure there are a lot of people have really suffered for their kid
mistakes. I'm not sure how you can dispute that I'm lucky to have gotten away
with mine.

------
cantankerous
"And there's more, so much more, but I can't talk about it yet."

Sounds like the statute of limitations hasn't expired yet. Should be
interesting when it does!

~~~
phatboyslim
I'm fairly confident this is in reference to a new startup Jeff is working on.

------
digisth
Fun thread. My first computer mischief experience was in "Computer Class" in
first grade. The computers were running DOS 3.0 (IIRC) and the class was for
teaching computer basics, which mainly consisted of "Introduction to
programming" using Basic (with a gentle introduction to I/O, variable
assignment, and flow control.) The way the class worked was: an assignment was
printed out and handed out to all the students. You followed the steps and at
the end of class, the teacher would look at your output to see if you did
everything correctly. I finished these assignments pretty quickly, so I used
the time to figure out how to exit the editor, find the "hidden" games stash,
play them for a bit, and then get my work back up on my screen before the end
of class. Pretty soon I was being asked by all the other students how to
perform this feat on their own computers. I showed them, and so every time the
teacher would leave the room, everyone started playing the games.

We also never got caught. Wild times in first grade, let me tell you.

------
abalashov
_Does anyone actually even worry about how much voice calls cost any more, to
anywhere in the world? This, my friends, is progress._

As someone who works in telecom and VoIP, and deals with the financial and
regulatory aspects of a lot of jurisdictions that continue to be locked down
by PTT monopolies, I think this is a silly question. :-) It's only domestic
long distance that has really crashed.

My high school exploits mostly revolved around bypassing the school district's
proxy servers, since they blocked pretty much everything I wanted to do,
including legitimate stuff. I did this via tunnels of various sorts (but
predominantly SSH) out to my home machine. Oddly enough, they didn't do
anything to stop us changing the proxy settings in the browsers, they just
broke outgoing HTTP(S) with firewall rules. No problem, I just sent the
traffic to a box running Squid, reached via my home cable modem.

------
imjared
My highschool "hack" involved downloading the contents of our school's website
hosted at ourschooldistrict.com domain, buying the same name at
ourschooldistrict.us, and then rehosting so we could put up any press releases
we wanted. We wrote up a press release saying that two district high school
names were changing to honor our very-hated superintendent. Then we started
sending it to friend on AIM saying "omg have you seen this."

Within hours, everyone on my buddy list had their own "petition" in their away
message and after checking traffic, we found we had thousands of unique hits.

Most of the credit goes to my friend who actually executed the tech part and
was temporarily suspended when the inundation of angry emails _supposedly_
hurt the school board's server.

Just checked and the school district still does not own the .us domain so this
"hack" would be reproducible.

------
stratos2
I remember hacking the Novell netware setup at my school, and being surprised
to see how poor all of the teachers passwords were. Almost all were children's
names or street names. And the system admins super password? The name of a
well known department store :)

------
swah
I was very stupid when I didn't know better, in the days script kiddies were
empowered by Backorifice I would play with random folks, mess with their
kayboard and mouse.

Other nonrespectable "hacks":

\- "net send *" to importunate colleagues

\- wrote mIRC scripts to win at the IRC trivia games (this was actually funny
for a little while)

\- would call collect to my dial-up provider, learned to dial on rotary phones
by "switch-hooking" -

\- would connect portable phones to disabled payphones just to see if it was a
regular line what I could use (it was)

\- would "paint" the backside of payphone cards with graphite to fool the
machine into thinking I had more credits.

\- wrote a little "ringer" program and passed to my colleagues so we all ran
it together and made the teacher crazy (oh the regret).

\- used IDKFA in Doom.

Those are my earliest, lamest memories.

------
topbanana
At school we had a network of Acorn Archimedes machines. We all had space on
the file server, which the grumpy admin would search through regularly. There
was an autorun feature in RiscOS which allowed a hidden script to execute on
opening a folder, eg my network folder. It just so happened that passwords
were stored unhashed, so I had everyones passwords appear in my folder one
day. I must have been 12 or 13, as my family relocated when I was 13.

At the new school they had the same machines, so I put my knowledge of the
platform to good use. I wrote an app which played a sound sample of a loud
obnoxious burp at random intervals during class.

At college they had a Novell network. The login was a simple text prompt,
which I discovered called in to a novell DLL. I wrote my own substitute login
command which also saved the password to local disk somewhere, and replaced
the default version on a few machines.

In both cases my reaction was the same on discovering my password hacks had
actually worked. I crapped my pants and covered my tracks! By the time I had
started uni, I had largely grown out of that stuff. But something triggered a
latent interest I had neglected for too long... the campus accommodation was
based in tower blocks, with an entry intercom system. I noticed 4 very quiet
dtmf tones whenever buzzing my friends apartment. I can't remember how I did
it, but I found a way to get a dial tone and to my delight, 9 for an outside
line worked fine using the type of handheld dtmf dialer banks used to give
out.

------
richardw
I was working as a restaurant manager part time while at uni. One of the other
managers thought it great fun to staple the back of my shirt without knowing,
so when I got home I had a torn shirt.

That weekend, I fired up a 286 someone had given to me, coded up a mock-DOS
environment, got the main manager on-side and left it set up for the next
morning. Next day...:

Start computer, get coffee. Type "win" (for Windows). Get 2000 random ascii
characters with an error message. Typing "dir" produced an empty C:\ drive
called "F __* You Francois". Anything you did pretty much got you "bad command
or file name". Your manager (who is in on it) is shouting at you to get the
computer going because his restaurant is starting up. You're typing out "F __*
You Francois" as a password, looking for bits of paper around the office,
trying to restart the computer but having the autoexec.bat put you back into
it.

After about 2 hours, main manager types "fix", and the rest of your day
continues, but with much added mockery.

It wasn't particularly sophisticated, but I truly loved that :) Lessons were
learned.

We did something similar at school. Mocked up the Turbo Pascal UI with menus
and everything, but was a bit...uh, erratic. Unfortunately the teacher knew
exactly who it was and came storming into our next class :)

------
jayfuerstenberg
It's cool to see Jeff Atwood could take his skills and contribute so much
later on.

------
joshaidan
Hmm... I'm somewhat bothered by how the word hacker is used in the article,
where it's used to describe criminal activities. Or am I misinterpreting it? I
know in one part he uses the term 'cracker,' and in another part he says that
perhaps his utility should have used 'preaking' instead of 'hacking,' but in
general I think he's using the term hacker to describe breaking into a system.

I know the word in society has a double meaning. It could mean breaking into a
system, or engineering an innovative piece of software. I personally wouldn't
really care, except nowadays I'm finding myself promoting a hackerspace or a
hackathon on the radio, and usually every time I start an interview I have to
begin by saying "We're not criminals." It gets tiring after a while. Once we
were trying to form a partnership with an organization, and the guy
immediately threw us out of his office when he heard the word hacker. He
wanted nothing to do with us.

~~~
kokey
In the 80s and 90s, the community toying with systems including gaining access
to it referred to themselves as hackers. Those who broke ciphers and copyright
protection were crackers, and those who hacked voice telecommunications
systems were phreakers.

It's only outside of the community, in the media, that I first discovered that
the term 'cracker' was used to refer to hackers gaining unauthorized access to
computer systems instead of, well, crackers.

~~~
kragen
I think it was Eric Raymond's idea; he, like most hackers, was outraged at
computer security enthusiasts calling themselves "hackers" and suggested
calling them "crackers" instead. I think the fact that the computer-security
folks already had a (different) meaning for "cracker" was sort of a
coincidence.

------
Zenst
1983 I was in College (one year course right out of high school) and we has
access via a teletype terminal pool to a ICL 2903 running George. The operator
console had a journal file and discs back then were the drum type and rotated
to spread the wear and tear. These were not zero erased and you could create a
file specifiy the size in buckets of all values how large and zeroing the
space was optional. With this knowledge you could basicly go fishing, creating
large files and looking to see if it was anything interesting. I was able to
get the admin(aka root) password which was 5588. So I did chuckle when I saw
the film Hackers and dumping the garbage file on the gibson.

Though I also had great fun with the spv command on george and knowing all the
terminal ID's, but thats another story.

------
DisposableMike
I have fond memories of "hacking" in high school. The school system I went to
used Deep Freeze to protect their Win98 computers. You could format the hard
drive, change all of the settings, etc, and upon reboot, the image would
return, unchanged. Naturally, this led to deep investigation into how it
worked. The system administrators weren't stupid but were severely
undermanned, and had left the Deep Freeze program slightly vulnerable. A
little command line work and you could remove the protection mechanism for the
given session, allowing you to persist changes. So, I did things like edit the
shell in HEX and change "START" button to say "FARTS", lame things like that.
The suspense was that supposedly the maker of the software would fly anyone
who could crack their system out to New York to demonstrate. Despite finding
the above hole, I was never able to totally eradicate the software, and could
persist only certain changes (changing the startup image, playing funny .WAV
files on boot, etc).

My biggest mistake was sharing this knowledge with my classmate, who used it
to do a great many annoying and potentially harmful things. After doing things
like sending "I 0wn j00!" to 11,000 computers on the network (via NET SEND),
crashing the shared network drive with millions of blank text files, etc, he
finally got caught after badly damaging 3 of the computers in our lab using my
hack method that I'd written a batch file to accomplish and given him the
disk.

I was called to the computer lab by my awesome programming teacher, who
informed me that he had to leave the building in 45 minutes, and if the
computers weren't back to their proper state by then, we'd both probably be
suspended. The other kid just sat there, while I furiously reversed the
changes and got out with a few minutes to spare.

Naturally, the next year, him and a couple of my other classmates were
suspended or expelled for repeatedly crashing the entire 11,000 network with
advancements on my initial script. I was thankful that there was apparently no
ties left to me in the program's execution, but that was warning enough to
focus on productive things for the remainder of my high school career.

------
at-fates-hands
Its interesting I never got into computer hacking until later when I was in
college. In high school, I had a neighbor who was really big into phone
phreaking. We had hours of fun building black and blue boxes, getting free
long distance and calling people in random countries.

Probably the coolest thing was my neighbor somehow managed to get his hands on
two master keys for the high school. He had a buddy at a local hardware store
duplicate them (highly illegal) and we spent many nights prowling the high
school, opening doors nobody could and exploring every inch of that place.
Thankfully we never got caught, but I look back fondly at it as the start of
my career hacking stuff.

~~~
chimeracoder
I'm not sure that's actually illegal. Even keys that say 'Do Not Duplicate'
can be legally duplicated, though this may be an issue of varying local laws.

------
joshschreuder
In high school, we had laptops provided by the school and imaged by the IT
department, who had logged into them. All we had to do was use a tool to
recover the Windows password (yeah I know, skiddie, etc.) and we could login
as IT admins on any computer on the domain.

Was pretty innocent about the whole thing, changed a few backgrounds remotely,
and sent messages and shutdown people's computers in class remotely.
Unfortunately I changed a default Windows background image, which meant it
showed up something unsavoury for everyone who logged in, and got caught,
copped detention and a many, many page letter about how I shouldn't do it.

~~~
petitmiam
I too changed the default Windows background. However it was just the default
image with an almost transparent eye in the corner. It lasted a few weeks
before it was reverted one day.

------
gdc
When I was 7 or 8, my Dad had a fancy new digital safe -- must have been one
of the first -- type in your PIN on the keypad, and open it up.

Took me 15 minutes to try the number on the Social Security card in the desk
beside the safe! Presto!

------
munin
and if this had happened today, he would have been put in prison for five
years! hooray

------
aurelianito
"I must confess I've grown to love my own bad judgment"

This quote is amazing. I see myself in it.

~~~
rbanffy
Bad judgment takes you to all the interesting places ;-)

Results in an odd resume, sometimes.

------
systematical
I never really did much "real" hacking when I was younger, but did fish for
passwords and do social engineering back in 96 when I was roughly 11. Gained
access to lots of peoples sites and emails that way.

------
andy_boot
Taking Eliza. Editing the answers to make it raunchier then leaving it running
in the computer lab.

------
X-Istence
The thing I got in trouble for ... is not something I should be writing in a
public forum yet :P

~~~
dasil003
We'll ping you back later. Care to share the statute of limitations for the
crime in question?

------
rogcg
such a cool history/experience!

------
mmphosis
Jeff Atwood is cyborg

~~~
nkohari
Your powers of deduction are breathtaking. :)

