This was from 1993 to 1996, on MS-DOS 486 machines in the computer lab. I had found a program on some local BBS that could resize a hard disk partition. So on a few of the machines, I shrank C: by a few dozen megabytes and created my own D: drive and copied games into it.
How to hide that D drive? With Norton DiskEdit, I figured out how to manipulate the partition table manually, setting the partition type to a null value so that DOS wouldn't see it. Next I figured out how to read and write that disk sector in assembly language. Soon I had a command-line executable that would hide or unhide my private partition with a single command. Best of all, DOS would only read the partition table on boot. So I could boot with my partition enabled, then hide it, and play games knowing that any reboot would render the partition hidden again.
The last thing I needed to cover up was the missing space on the C drive, which could be revealed by the DIR command. So I wrote a memory-resident program (assembly again) that constantly scanned for the string of "bytes free" in video memory, and patched in a larger value.
Okay, now the MEM command might reveal the existence of my TSR. So I named my program as VSAFE, which was the name of a memory-resident antivirus program on each of these machines. I had my program output the same text as the real VSAFE did on startup, and overwrote the real VSAFE executable with my own.
So I had a pretty well concealed partition, that would have required some heavy duty skills to find and remove. "format c:" would not affect it, and even FDISK would just show the space as empty, not a partition. Never got caught for any of it; the computer lab supervisor and other students knew I was up to something but never found any of the hidden stuff.
Man, I could have had a career as a malware author...
How much reading up did you have to do to figure each of those things out? Or was it trial by fire? Figuring out all that on your own?
Seriously, kudos. Those are some hacker chops.
I had been self-teaching assembly for a couple years from library books and doing other toy programs. One book, possibly one of Peter Norton's, covered the partition table in sufficient detail. (And I was hacking only one byte in it, nothing sophisticated.) Reading and writing a disk sector in assembly was commonly covered in reference books. So was writing a TSR to hook the timer interrupt, which I'd already done for some other purposes. The actual logic of looping through segment B800 looking for text wasn't hard in assembly. Overwriting and masquerading as a legit program (VSAFE) isn't a technical challenge at all. The hacker chops were thinking my way through the detection methods and countermeasures, more so than the actual programming.
If I hadn't had that background, I would probably have hidden the games with less sophisticated methods. Bury them in deep subdirectories, maybe zip them with password encryption. And it was done for the challenge more than the results; I had a home computer that could play all the same games.
Anyway, I'll relate another story.
There was an annoying kid in my computer science classes, the type who thought he knew it all but was pretty clueless. One day he was complaining that a game he had downloaded required more RAM than his home computer had. I told him I'd give him a copy of a utility that would do on-the-fly compression of RAM in DOS. (At the time, Stacker was big for disk compression, and there were real utilities that did memory compression in Windows. So it was plausible.)
Of course, my "utility" was a trojan. But I was subtle about it. The trojan dropped an executable with a blank name (an Alt-255 character) and stuck a reference to it in AUTOEXEC.BAT, which was invisible and looked like a blank line. The payload would trash the partition table, only if the system date was a month later than I originally did this, so he wouldn't be tracing the time bomb back to me. (Yeah, this was nasty. I was a youth with power.) I don't know if he actually ran it or if the payload ever went off; the bomb date was in the summer after school ended.
But the real fun part is the postscript. The outer trojan was in QuickBasic (the dropped payload was assembly.) Years later, my brother was playing with QuickBasic to learn it, so I gave him a copy of my QB directory with several dozen of my programs to play with. A few days later he tells me that his computer won't boot. Yikes. I put together a boot floppy with a Norton disk repair utility to start digging, and eventually notice that the partition table had some corruption that looked oddly familiar. You guessed it, my own brother had run my old nasty trojan and got his partition table nuked!
Both the idea ("hold these keys"), and how it ended up backfiring.
Though the program would have given just as funny results if you had not actually formatted the disk on key-release. After all, how is the user going to know whether the program speaks the truth?
It funny that we were jumping through hoops just to able to play some games on the school's computers. Funny days.
The sound quality was awful, but the spatial effect was pretty cool because the sound came from everywhere at the same time. I got cool results with Mario, Pokemon, Tetris, but also some of the Goldberg variations or the Art of Fugue... But this was December, so I dug out a few Christmas tune MIDs and set them to play at random intervals until Christmas. As it turns out, a song triggered during a class once: a lot of people thought the sound was coming from their machine and freaked out, and the teacher spent some time trying to figure out from which machine it came before he understood what was going on.
At some later time we found one computer with sound, so we set up a daemon to monitor logins on all the machines in the room and had a GLaDOS-like voice blurb out a personalized greeting to newcomers. Fun times :)
Reminds me of being in the computer lab at 3am when every Mac restarted and played the "buhhhhhhhh" boot sound.
I've been coding for 10 years now and have reached the point where I'm reasonably handy but I look at a post like this and the sedimentary layers upon layers of experience that Jeff has and feel like a total novice. And yet I can still build stuff that's useful. I can still help people on StackOverflow and I can still learn from the giants above me.
I had no idea when I got into it but in retrospect it's pretty awesome to have chosen a career with such an updraft for newcomers and where everyone at almost every level can meaningfully teach, learn and contribute.
"I want to develop business application enterprise solutions," he says, his words becoming stronger and more confident as he speaks.
"I want to write something that will add value to the community. I want them to walk away from the computer simply because it's 5PM and that's it for another day at the office. I want to write something that will reach out to end-users, and conforms to requirement specifications. I want to write something they are reluctant to upgrade, knowing that nothing they deploy that quarter will be quite as stable, as backwards-compatible, as good. I want to write enterprise data store solution software architectures."
Silence. The class and the teacher stare at Jonny, stunned. It is the teacher's turn to be confused. Jonny blushes, feeling that something more is required. "Either that or I want to be a fireman."
(w/apologies to Denthor^Asphyxia ... ^_^)
My first "hack" was just a boot disk that simply copied fortress.exe to another directory (a little choice.exe with autoexec.bat magic).
The second hack came later. The computers were upgraded to Windows 98 and my autoexec.bat trick stopped working because of a BIOS password. Thankfully the machines came with Word which had nice shinny feature called Visual Basic for Applications. Most of the shell was hacked to hide menues still in Fortres 2.0 but good old VBA was still accessible. Using VB I could call Win32 apis and it was just a few calls to enumerate and kill the startup entries for fortress in the registry.
The best part of this was that it was all sanctioned activities sort of. The IT department was in a central building downtown (30 minutes away from our school) and who was always a pain to work with for the teachers. Their gradebook apps failed under fortress and even their teacher passwords failed to disable all the shell hacks. Shutting off fortress was the only compatible way to get things to run correctly for the teachers.
At first when the local IT department found out, they laughed, but then later got upset when the disk of my magic word document spread. It was making it's way across the district via email lists.
At some point in the school year I got accused of spreading 'a virus' to other students that allowed them to download 'warez' on school computers. Apparently fortress was the only thing preventing kids from using WinPopUp and windows NT messenger to send broadcast messages to all desktops across the network.
I tried to fight it and explain exactly how the thing worked and the silliness of shell hack in the first place. It didn't work. The Principal said I was hacking regardless and suspended me. After getting the suspension (and after they called my parents who knew before I did and were very upset already), I quickly called the computer programming teacher (who knew knew C++ and VB and had previously been an assistant for in my sophomore year). He called the principle and super and explained that I was not hacking and that I was 'improving productivity' and that the IT department's policies were hindering teachers. I got out of the suspension by the super the next day but no apology was given. Just a stern "stop hacking" the next week when I got back.
I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
My internet forebears had already catalogued most of Fortres' flaws by the time I became familiar with it, but most of the holes had been closed upstream. The one obvious chink in the armor that still remained was their "Backdoor Password"
If you keyed Ctrl+Shift+Esc, an Unlock dialog would pop up and prompt you for the admin password. Alternately, there was a 6 digit integer in the titlebar that you could give to Fortres customer support and they would give you back a corresponding 6 digit unlock code. Some enterprising individual had figured out this algorithm and published the VB(6?) source for a keygen application.
My contribution to The Fight was a port of the keygen to the TI-83+ (it was a very prevalent platform at the time). No acclaim ever came to me for the port however; after I experienced the IT personnel rage when they discovered a classroom full of un-hobbled PCs, I decided to keep the authorship a secret.
I knew of the secret fortres screen but didn't know there was any keygens out there. Heh.
Open up "DEBUG" in a DOS prompt, and write a few-line assembly loop that writes increasing register numbers to port 70h (register select), and 0 to port 71h (value) -- to reset CMOS memory with all 0's.
Then you can just enter BIOS to set it all up from scratch.
I've forgotten what it was, but for all I know they're still using the same password. Oh, the lengths I went to to run linux livecds...
The game actually kicked ass, and the teacher never did figure out how we made the multiplayer work. We told him "it uses socks".
I know, off topic, but I'm really wondering. You guys have "who's the smartest kid" elections in high schools? Which country is that? What's the idea behind these things?
I recall that Fortres had an admin password common to all installations, so that their support people could access and troubleshoot machines. The "quick and dirty" way to get past the app, I guess.
Our staff also didn't find "net send *" very amusing...
Then I embedded the Game Maker installer in a Powerpoint presentation, since it was one of the few ways to be able to run a foreign exe (along with zip files, but they are more obvious targets and they're more likely to inspect them).
Then I exposed (didn't exploit) a serious XSS issue in the school's VLE, which of course they gave me a final warning for.
Edit: The School's IT policy, previously a single A5 page, became two-and-a-half A4 pages thanks to me.
Ah, those magic words.
For some reason I still don't understand today, 9 of us in my high school programming class had read permission on absolutely everything. It was only students numbered "01" through "09" in that particular class -- I checked the border conditions in a very OCD-style.
Explored a lot of that IBM set up.
Then again, teaching the entire year how to use NET SEND to send direct messages to every computer on the network was fun. So simple, yet total chaos soon followed. Imagine hundreds of Windows popups with messages such as: "Hi i79, did you know that miss Lengstein is wearing a thong today?". Every single person behind a computer in the building had to click through all these messages individually when they booted up their machine.
We thought it was amusing, especially the invidivuals who could not figure out what the hell was going on. As was the moment when the horrible miss from the library shouted 'WHAT IS THIS, HELP! I'M BEING HACKED!!!'.
The resulting crackdown started out fairly scary at first but became outright hilarious when every single authority figure started their frowning speech with "I am sure you have been punished enough". (Never punished, parents did not even find out, IT department just told me 'whenever you figure someone else out, please do not tell the rest').
I took that advise to heart and told only a select few when I uploaded mugshots of every single person in the school to photobucket. Fairly sure no one every found out, even when we hung pictures of other kids with drawings on their faces around the school and got busted they did not even stop to think about where we got those pictures. To think this all played out in a top five high school makes me smile like I am up to no good again.
We also randomly had permissions to terminate running programs on other computers over the network for a year or two. That was fun times until the lab teachers learned to start looking for people with black console windows open. But then I just learned to change the console colors to black text on white to throw them off.
My high school had a security program like fortress, but on MacOS. The thing is, it had some sort NET SEND like facility that was exposed through AppleScript, and of course the AppleScript application wasn't disallowed. Good fun.
Figuring out when it's appropriate is what adult hackers do.
It usually takes a while to go from one to the other.
After I was done with a terminal, I'd run this program and leave (knowing full well, that someone could Ctrl-C to terminate the program and get access to my account though no one ever did)
I got more than a few passwords with this. But didn't actually do anything with them. I felt bad and deleted the program and passwords after some time.
Technically it is possible to get other processes to run in the Winlogon window, but that requires messing around with security tokens, among other barriers.
Some flavors of VMware hooked the IRQ on the host machine and responded to that (not sure about VirtualBox, never thought to check that.) They can send it to the virtual machine easily, as they are also providing the a virtual bios/hardware layer.
The best I got was finding out how to launch cmd.exe on NT, when the system had been locked down to disallow right clicks on the desktop, no desktop icons, and only approved programs in the start menu. I think it involved navigating the help system to a certain page that had a link to Explorer. Then I explored the network until I found an unused share somewhere, where I put gcc and started teaching myself C.
The command prompt also let me use the "net send" command to send messages to other computers, which was fun.
But it did take a long time to write, because I had to make the IBM logo out of extended-ASCII by hand, and even then it was clearly running inside a BASIC interpreter really really slowly.
While this page tells of succesful hacks, it doesn't mention all the screw-ups whereby the payload didn't work but caused major problems with the school computers. Nor does it tell of the systems admin getting chewed out by school management for failing to play whack-a-mole properly.
By far the most common route of hacking was getting a teachers password, which was usually either easily guessed, or worse, written down in a notebook in the drawer.
As for me, I found that in university we had computer-based testing for weekly lab classes. When you submitted your answers, it printed the results and showed you where you were wrong.
We found that if we yanked the power cable on the workstation after the print job was submitted and the printer started, the results didn't commit to the database, you'd get a printout of the answers but your score wasn't saved. So then you'd just take the test again, using your printed answers as a guide.
Other than that, I was never good at most hacking. I was into writing code, and working with algorithms, but I never got the knack on how to bypass security systems (I also didn't have any other computer savvy friends back then either). But it did help that I had an office job (which involved using my PC talents on the side) from the age of 15 on up. Kept me too busy making money to worry about side projects.
I also had a key to the computer lab. Problem was, the part of the building where the computer lab was located was not accessible after hours -- there was a gate which was locked during off school hours. (Meaning it was designed such that I could get into the room with the computers during regular school hours, out during off-hours, but not back in after hours). This lab had about 20 computers, and live Internet access. More than enough reason to find a way.
While none of my "breaking into" that part of the school during off-hours was done with malicious intent to steal or deface school property, it probably wasn't exactly the most lawful thing a 17 year old could have been doing. My good student status probably helped for those rare occasions when one of the janitors or teachers would "catch" me in that part of the building at times when I shouldn't necessarily have been there. "Research for college", was a good excuse at the time (and actually pretty close to the truth).
I slowly developed little bookmarklets to make things ...easier. Reveal the hint without taking a score deduction. Decoded the answer obfuscation to just pop up the correct answer. Auto-select the correct answers for that page. Eventually I sat down and read the source of the quiz all the way through and realized all I needed to do was
I remember when my parents (in Michigan) got a call from Norway after 14-year-old me owned a bunch of some large ISP's nameservers and proceeded to launch broadcast amplification attacks against a bunch of IRC servers.
I guess now that the Internet is for normal people, stories like this are news again.
This attitude is a blessing... and a curse. And scare the shit out of the people that take safety in the use of brute force and the law. As a side bar, once I saw an episode of "The Twilight Zone" were the state would test kids at a young age (around 10) to calculate their IQ, and if it was high, then they would be deem a danger to society and be legally killed on the spot, and the ashes sent to the parents with a note on the death sentence of their unlawful son. Awful, I know, but I don't think we are that far.
I got into big trouble as the teachers thought I'd crashed the whole computer, they shouted at me pretty hard!
I still think it's quite funny to enter your name as 'poo'.
Like most I started early with programming in assembly, C, pascal shudder and then discovering unix.
I remember starting off by hacking the computer lab computers in my school. The lab staff had to log you in so they would know who was using which machines. I learned the pattern through a little social engineering and it wasn't long before I never had to talk to the staff. I also bypassed many of the tools that locked those machines down and even locked the lab techs out of a few of my favorite machines that I used for long running processes. I even had my own primitive form of RDP using screen captures and email. Eventually I learned to crack the passwd file on my schools mainframe and then I had access to everyone's accounts including the teachers. I then discovered those passwords also worked on most home dialup accounts, outside email, irc accounts, etc. Fun! I used to dominate the east coast irc back in the day, at least in my little world, but I kept my head real low so I wouldn't be noticed.
You know the best way to pick up a girl from Scandinavia? Easy, hack her email and irc accounts, knock her boyfriend off of irc and impersonate him, erase her boyfriends incoming emails and, spoofing his email address, bully her a little and tell her to stop seeing guys like yourself. Somehow it worked like charm. Man was she hot! First hot girl I ever dated.
My downfall? I gave some "goobers" some irc scripts to perform netsplits and become admin of their favorite channels. The idiots got caught making life threats against an irc admin that banned them and, in a stroke of self-preservation, they turn me over as their "ring leader". No hacking your way out of that one! Real sweet, eh? My parents were not very happy having the local police, the FBI and the NSA knocking on their door. I lost computer privileges (still went to college and got my degrees though) and now I just hack my own private network of pcs, laptops and cellphones at home.
Ahhh, the memories....
Yeah, that was a good time.
They (at my highschool computer lab) were still battling to eradicate it years after I left. I am ashamed. Somewhat.
They tried several types of lockdown software, nothing ever actually worked. You can't stop kids from playing games.
After figuring them all out a few weeks into the semester, I started writing up some BASIC programs on my TI-86 that would take in student's parameters and spit out solutions. Long story short, I ended up selling answers to some jocks and got caught (I guess the teacher was suspicious when C students were getting these hard problems correct). End result was: made my teacher simultaneously proud/disappointed, earned a few bucks, learned about corruption/greed.
All in all, it was a good learning experience and I don't regret it (though giving away answers for free would have been more altruistic I guess)
Looking back, it was quite a jerk move. I was trying to be clever (well, I was clever), but it didn't get me any more status with anyone - basically just reinforced the geek status I had (which wasn't a good thing to have in 1985). I was bored, but that's a pretty lame excuse. I think I ended up with a C- in that class ("intro to computers I"), mainly because I never flowcharted anything.
However, my actually hacking life started on the Ultrix systems. I don't remember how I first had access since I don't think it allowed Guest logins, but I discovered a great hack: all of /dev/tty* was word-readable until someone fully logged in to a particular port at which point it was only readable by the user logged into that port. so every few hours, I'd just "cat /dev/tty* >> passwords.txt" and harvest logins for everyone who logged in during that time. I had some fun with one of the admins for awhile having unknowingly logged into his account. We chatted a bit and he was a good sport about it, but the hole was patched a few weeks after. I never knew if it was already a known issue or if I was actually the only one who found it.
A friend wardialed a system that appeared to be a Dept of Transportation front-end to the brand-new digital readerboards along the Interstate. Let's assume we never actually changed any text, but I cracked the password, TRAFFIC, on the 3rd or 4th attempt. Good one, guys!
Exploring random address on TELENET dialups was a blast as well. Most were very secure since they'd been well-picked, but every so often you'd find some interesting terminal and start poking around figuring out what it responded to and how to navigate deeper.
Don't get me started on the first 2600 meetings in Seattle. Some very prominent people in the tech/hacking space now were pretty sketchy back then.
This appears to be the root of all that is self-taught.
Trust your technolust.
For a while there the first program I wrote for a new computer was a War Dialer. Just like everyone else who had seen War Games.
I suspect a lot of people on this board did the same (illegal) stuff as kids... We're lucky that we had the good luck to grow into productive adults. I like to think society is also lucky that it let us grow into productive adults.
Almost no one starts doing stuff like this, especially with technology at the time, because they have nefarious goals or have a crime career planned.
They are kids. They do it to push their limits and may even not be aware it is even illegal. Even if they are aware, they believe they are invincible or can get away with it. As an aside, why do adults so easy forget what it was like to be a kid?
In addition, to even begin overcoming the technical challenges involved, the amount of curiosity required over otherwise mundane detailed technical knowledge is quite high. Criminals tend to be far more motivated to seek high reward, short term activities.
Finally, the same people who have access to the knowledge and equipment to carry out activities like this, tend to also be the ones who are raised in balanced, strongly breadcrumbed environments leading them away from anything that distracts them for the path set for them, lets call them the middle classes for want of any better term.
So, nope, not luck. Just being a curious middle class kid with easy access to new technology and few upfront repurcussions.
You are right that I didn't have nefarious goals when I did this stuff as a kid, though I knew it was illegal. In any case, the fact that I didn't get caught was mostly luck. If the police came to my door, my life could easily have turned out much differently.
I'm saying I (and many others on this board) were just lucky not to get caught. Certainly Jeff Atwood was lucky to get a sensible judge. I'm surprised anyone would dispute that.
Are you saying we couldn't have possibly been caught? Are you saying it wouldn't have mattered if we got caught and faced the wrong judge?
I'm sure there are a lot of people have really suffered for their kid mistakes. I'm not sure how you can dispute that I'm lucky to have gotten away with mine.
Sounds like the statute of limitations hasn't expired yet. Should be interesting when it does!
We also never got caught. Wild times in first grade, let me tell you.
As someone who works in telecom and VoIP, and deals with the financial and regulatory aspects of a lot of jurisdictions that continue to be locked down by PTT monopolies, I think this is a silly question. :-) It's only domestic long distance that has really crashed.
My high school exploits mostly revolved around bypassing the school district's proxy servers, since they blocked pretty much everything I wanted to do, including legitimate stuff. I did this via tunnels of various sorts (but predominantly SSH) out to my home machine. Oddly enough, they didn't do anything to stop us changing the proxy settings in the browsers, they just broke outgoing HTTP(S) with firewall rules. No problem, I just sent the traffic to a box running Squid, reached via my home cable modem.
Within hours, everyone on my buddy list had their own "petition" in their away message and after checking traffic, we found we had thousands of unique hits.
Most of the credit goes to my friend who actually executed the tech part and was temporarily suspended when the inundation of angry emails supposedly hurt the school board's server.
Just checked and the school district still does not own the .us domain so this "hack" would be reproducible.
Other nonrespectable "hacks":
- "net send *" to importunate colleagues
- wrote mIRC scripts to win at the IRC trivia games (this was actually funny for a little while)
- would call collect to my dial-up provider, learned to dial on rotary phones by "switch-hooking" -
- would connect portable phones to disabled payphones just to see if it was a regular line what I could use (it was)
- would "paint" the backside of payphone cards with graphite to fool the machine into thinking I had more credits.
- wrote a little "ringer" program and passed to my colleagues so we all ran it together and made the teacher crazy (oh the regret).
- used IDKFA in Doom.
Those are my earliest, lamest memories.
At the new school they had the same machines, so I put my knowledge of the platform to good use. I wrote an app which played a sound sample of a loud obnoxious burp at random intervals during class.
At college they had a Novell network. The login was a simple text prompt, which I discovered called in to a novell DLL. I wrote my own substitute login command which also saved the password to local disk somewhere, and replaced the default version on a few machines.
In both cases my reaction was the same on discovering my password hacks had actually worked. I crapped my pants and covered my tracks!
By the time I had started uni, I had largely grown out of that stuff. But something triggered a latent interest I had neglected for too long... the campus accommodation was based in tower blocks, with an entry intercom system. I noticed 4 very quiet dtmf tones whenever buzzing my friends apartment. I can't remember how I did it, but I found a way to get a dial tone and to my delight, 9 for an outside line worked fine using the type of handheld dtmf dialer banks used to give out.
That weekend, I fired up a 286 someone had given to me, coded up a mock-DOS environment, got the main manager on-side and left it set up for the next morning. Next day...:
Start computer, get coffee. Type "win" (for Windows). Get 2000 random ascii characters with an error message. Typing "dir" produced an empty C:\ drive called "F* You Francois". Anything you did pretty much got you "bad command or file name". Your manager (who is in on it) is shouting at you to get the computer going because his restaurant is starting up. You're typing out "F* You Francois" as a password, looking for bits of paper around the office, trying to restart the computer but having the autoexec.bat put you back into it.
After about 2 hours, main manager types "fix", and the rest of your day continues, but with much added mockery.
It wasn't particularly sophisticated, but I truly loved that :) Lessons were learned.
We did something similar at school. Mocked up the Turbo Pascal UI with menus and everything, but was a bit...uh, erratic. Unfortunately the teacher knew exactly who it was and came storming into our next class :)
I know the word in society has a double meaning. It could mean breaking into a system, or engineering an innovative piece of software. I personally wouldn't really care, except nowadays I'm finding myself promoting a hackerspace or a hackathon on the radio, and usually every time I start an interview I have to begin by saying "We're not criminals." It gets tiring after a while. Once we were trying to form a partnership with an organization, and the guy immediately threw us out of his office when he heard the word hacker. He wanted nothing to do with us.
This culture war has been going on for like three decades.
I eventually settled on just calling "hackers" phreakers. Because the people who started the whole "break into computers" meme were phreakers, and called it such at the time.
Besides, actual whistle-into-the-phone phreaking isn't possible anymore, the community eventually morphed into computer "hacking".
It's only outside of the community, in the media, that I first discovered that the term 'cracker' was used to refer to hackers gaining unauthorized access to computer systems instead of, well, crackers.
Though I also had great fun with the spv command on george and knowing all the terminal ID's, but thats another story.
My biggest mistake was sharing this knowledge with my classmate, who used it to do a great many annoying and potentially harmful things. After doing things like sending "I 0wn j00!" to 11,000 computers on the network (via NET SEND), crashing the shared network drive with millions of blank text files, etc, he finally got caught after badly damaging 3 of the computers in our lab using my hack method that I'd written a batch file to accomplish and given him the disk.
I was called to the computer lab by my awesome programming teacher, who informed me that he had to leave the building in 45 minutes, and if the computers weren't back to their proper state by then, we'd both probably be suspended. The other kid just sat there, while I furiously reversed the changes and got out with a few minutes to spare.
Naturally, the next year, him and a couple of my other classmates were suspended or expelled for repeatedly crashing the entire 11,000 network with advancements on my initial script. I was thankful that there was apparently no ties left to me in the program's execution, but that was warning enough to focus on productive things for the remainder of my high school career.
Probably the coolest thing was my neighbor somehow managed to get his hands on two master keys for the high school. He had a buddy at a local hardware store duplicate them (highly illegal) and we spent many nights prowling the high school, opening doors nobody could and exploring every inch of that place. Thankfully we never got caught, but I look back fondly at it as the start of my career hacking stuff.
Was pretty innocent about the whole thing, changed a few backgrounds remotely, and sent messages and shutdown people's computers in class remotely. Unfortunately I changed a default Windows background image, which meant it showed up something unsavoury for everyone who logged in, and got caught, copped detention and a many, many page letter about how I shouldn't do it.
Took me 15 minutes to try the number on the Social Security card in the desk beside the safe! Presto!
This quote is amazing. I see myself in it.
Results in an odd resume, sometimes.