Sam Trenholme's webpage
This article was posted to the Usenet group alt.hackers in 1995; any technical information is probably outdated.

Kevin Mitnick


Article: 7438 of alt.hackers
From: umbagna0@cc.umanitoba.ca (Mad Mann)
Newsgroups: alt.hackers
Subject: Kevin Mitnick
Date: 22 Feb 1995 19:48:24 GMT
Organization: University of Manitoba
Lines: 75
Approved: Hey!  I butt fuck my dog.
Message-ID: 3ig4e8$s9v@canopus.cc.umanitoba.ca
NNTP-Posting-Host: dyn2-088.cc.umanitoba.ca
X-Newsreader: WinVN 0.92.2
Status: RO

Am I the only one who thinks Tsutomu Shimomura is a bit of
an ass, and not a hero for helping the FBI catch Mitnick?

The press is out to make Shimomura a hero, but I mean Mitnick
hacked into his supposedly secure system.  Doesn't this make
Mitnick one up on Shimomura?  They REALLY suspected Mitnick
in the first place anyways because he is so high profile.

Mitnick line upon meeting Shimomura face to face for the first:
"Hello, Tsutomu.  I respect your skills."

Aww, can we dispense with this OB Hack bullshit?  It is really
cutting down on the actually hacker talk/gossip that I would
like to see.  Anyways, I have an OB HAck food for thought thingy:

OB HACK:

(excerpt from conversation with anonymous hacker)

>	Nah.. That is nothing. I wrote a door that had a built in X-MODEM
>transfer, and list of all system files.  I could hunt around, and grab
>any file I wanted.	I could also get system info (memory installed, dos
>version, etc).  While it was doing this, It played the game on the sysops
>screen so he would not get suspisous.  Pretty neat.  No one ever caught
>on.  Back in the good old days.

Brilliant.  So you were the programmer of the BBS I suppose.  That has always
been a sort of fantasy to do:  Make some awesome BBS or other public game
(say that 20 people could play over the internet, like Dragon Spires) and
add cool back doors and things that would let you snoop around.

Imagine this:  A game over the internet using front end software.  While the
people play (lots are linked up to it) you can search through their HOME
directories.  They would be so busy playing they wouldn't notice you d-loading
stuff from their system.  Possible?

> Imagine this:  A game over the internet using front end software.
While the
> people play (lots are linked up to it) you can search through their HOME
> directories.  They would be so busy playing they wouldn't notice you
> d-loading stuff from their system.  Possible?
>
	Easy.  A good game is the hard part, the back door is the easy
part.  The game I wrote was pretty cool, it was the first game I know of
to use ANSI pull down menus, and ANSI music.  Hid the back door really well.
You just grab data in the lag time.  Any bandwidth not used by the game
would be used by teh DL system.  You could fill that space with random
data if they are not DLing stuff to make it seem normal.


> That would be THE ultimate hack, especially if no one noticed.
The end user
> would be a bit suspicious if he had half a brain, though.	His HD would be
> spinning, even if he went to the washroom for a break.  He'd come back and
> it would be doing drive searchs.  Somehow this would have to be masked by
> regular access to the HD from the front end game software, and if
smartdrive
> were running (ie make it a must to use the front end software) it would be
> less conspicuous.

> Think of it:  You would be able to get the passwords and user logins from
> every person, just be getting their login scripts and TCP software ini
> files.  Eventually you would get someone half important probably (like the
> Id guys?  Imagine d-loading the Quake alpha!!!)

	Imagine if someone was to find a way to modify the AOL or prodigy
terminal system.  I know Prodigy does remote updates.  If someone could
get into that, you could write a program that attaches itself like a
virus, and patches into all the approate areas.  It would have a built in
list of 'hot' files to grab.  It would then automaticly e-mail the
contents of those files to someone.  It could perform the searches when
the program normally accesses the disk (just patch the read/write
routines in the binary code, and after performing the intended operation,
it will do a quick incremntal hunt of data.).  That would be quite a
hack.  Too much involved, and too much could go wrong.	But it is a nice
idea (if you WORKED for AOL or Prodigy, it would make the task SIMPLE.
You can have the program store the data on the host, and you can control
the remote system directly because you would have access to the host).
but oh well..  If I ever get into the BBS thing again, I might give it a
shot, but since I got a internet account, haven't done a whole lot with
BBS'es.

That's not all of the conversation, but enough to get heckers thinking
of the possibilities...



Child Child

Back to index