Hacker Perspective: Mark Abene
by Mark Abene (a.k.a. Phiber Optik)
I'm not going to tell you what a hacker is. In fact, anyone intent on telling you who or what you are is a liar and not to be trusted. We define ourselves through our own actions, not by the labels others may try to give us. What I will do is share with you a story, and maybe you'll relate to it. So without further ado, let's rewind to the beginning, which is always a good place to start...
In the beginning I spent long hours at the local department store (where, naturally, computers were sold) learning BASIC by typing in programs from books I took out of the local library. Then came my TRS-80 MC-10 with 4k of RAM, 32 columns, and no lowercase. It was awesome. The year is somewhere around 1983. Back then you would use your TV as a display, and it wasn't uncommon to use cassette tape for storage.
Eight-inch floppies were on their way out, five and a quarter was on its way in - in either case a luxury I didn't possess. There was no broadband, no web, no public Internet. It was definitely a much simpler time.
After a 16k memory expansion, I had really honed my programming skills, having mastered both BASIC and machine language. I was looking for something more and a modem seemed right up my alley.
The Bell System was in the process of being broken up and for the first time we had the ability to purchase our own equipment that could be directly connected to the telephone network via a "modular jack." Prior to this an "acoustic coupler" was needed. This was a device that either worked together with a modem or was built right in, possessing a suction-cup-like interface that you'd place a standard telephone receiver on after dialing and hearing the carrier tone of the remote computer.
Typical modems of the day operated at two speeds: 110 and 300 baud. Quaint by today's standards, I know. A gift from my parents, my modem was one of the first capable of being plugged directly into a modular jack, thereby not requiring a coupler. It wasn't capable of "autodialing," but neither were most modems of that time. I also received so-called "terminal software" on cassette tape, along with instructions on how to dial into an exciting on-line service known as "CompuServe." Bear in mind that the on-line experience way back then was text-based; besides the occasional block graphics (known as "Videotex"), we interacted with other computers via a single monolithic screen of text with only the most rudimentary cursor control. No mice, no windows.
Initially I was interested in finding others who had the same computer as I had, to swap stories about what we had figured out how to do with the thing, or even to trade programs. To my disappointment, I found few people.
What I did find was an operating environment underneath the facade that was CompuServe; it wasn't advertised much, but it gave you access to things like text editors and file storage and, for additional "time-sharing" charges, programming languages.
Unfortunately, it seemed that all too many things were available at extra cost on CompuServe, besides the fact that on-line usage was billed for by the hour. I learned that CompuServe was actually made up of a network of minicomputers; machines much larger and more powerful than mine. I wanted to learn about these powerful machines and how to program them.
Some folks I chatted with on CompuServe recommended I try accessing some bulletin board systems (BBSes). I would discover that these were typically microcomputers (Apples, Commodores, etc.) run by some kid with a couple of floppy drives (or maybe even a 1 or 2 meg hard drive!) and a modem with a single phone line.
You'd compete with other callers to wait-out busy signals for a chance to read the messages they left, and maybe you'd post your own two cents worth. I was given some phone numbers in the New York area, but they were mostly concerned with copying games.
As was customary, these BBSes advertised the numbers of other BBSes they recommended you call, and I began to make a list with pen and paper. On at least a few of these "boards" (as they were called for short), I found a few people trading passwords! One was for something called "RSTS/E." It was a 516 phone number. You'd connect at 300 baud, press Enter a few times, then type HELLO 101,101, followed by the password GUEST when asked. Sounds simple enough, and I was curious.
Amazingly enough, it worked!
What I discovered was that RSTS/E was a time-sharing system that ran on a minicomputer that was being used by students as part of something called "BOCES," a New York State educational initiative. There were programming languages available for use, some I'd heard of, others not; personal file storage, even the ability to chat with other users on the system.
The personal file storage at first amazed me most: I could write programs, right there on my screen, save them to some remote disk drive somewhere, and hang up. The next day, the programs I wrote would still be there, waiting for me. This probably sounds completely obvious to many of you readers who grew up in a world where the Internet or even the web always existed, but this wasn't so for those of us who were among the first kids to use multi-user, time-shared computers.
It was a thrill to command a system infinitely more powerful than your own, all from the comfort of your own room. And if you weren't sure about something, all you needed to do in most cases was just type HELP and the system would give you more information.
I seemed to have a knack for figuring out how to operate these systems. And so I proceeded to comb these BBSes hoping to find more, and sometimes I did: a VAX at SUNY Stony Brook, a Cyber 730 at University of Lowell, Massachusetts. People would occasionally post up passwords for guest access at schools. What's more, they were often willing to trade me one for another. And that's how it started out, innocently enough...
It wasn't long before I started noticing that sometimes I'd lose access to something. It was saddening; one day you were having fun programming on an RSTS and the next day you might find the password no longer worked.
Just who exactly was OPSER, anyway? And why would he block our guest access? One thing was for certain, and that was that I didn't like losing access.
It was in that moment that I realized that I would have to learn about how security worked on these systems - how accounts were made and who could make them. How were privileges set up? And could they be circumvented? There must be flaws in these access controls and I intended to find out what they were. Experimentation was part of the process, but I also wanted to find people who knew more, and who actually cared to know more. Games are fun, but this was something real.
No matter what I came across, I always wanted to know more. If I logged into an RSTS or RSX-11 system, I wanted to know everything about it. Even more than what the HELP told me.
On some BBSes, I came across informational files, "g-files" or "general files," so named because they didn't fall under any other category; they weren't games, they weren't apps, they were just general text files. Some of these files were crap, but others I'd find were typed up by people who knew more than HELP. In some cases a lot more.
I began to notice something: many of these more informative g-files were signed by members of a group called "LOD" for "Legion of Doom." These guys must be serious, I thought. They were devoting a lot of time and effort to exploring systems in an effort to understand them, just as I was. I needed to find these guys. Show them that I, too, was serious.
One day while chatting with the SYSOP (SYStem OPerator) on some BBS on Long Island, I asked if he had heard of the LOD. In fact, I was asking a lot of people.
Most people had heard of them only by reputation and typically reacted with a sense of awe. I pressed this SYSOP to find out if he knew of any places where LOD members were supposed to hang out. I knew I could impress these guys and trade information.
A win-win situation in my mind. The SYSOP knew of one particular BBS on Long Island: The Stronghold East Elite.
A rather dramatic name... it must be serious. He gave me the phone number but made me promise never to say that it was he who gave it to me. Sure, O.K. I eagerly called the number, hoping to sign up as a new user and start looking around.
But instead my screen cleared and I was greeted with a rather ominous: PASSWORD:
That was it, nothing else. I took a guess. One guess. And it disconnected me at once. Who were these LOD dudes? I intended to find out...
And so it was.
This story has no ending, only a beginning. Maybe your beginning was similar to mine, maybe it was different. It's worth noting that back then simply logging into a computer in and of itself, without permission, wasn't illegal. It wouldn't become illegal until 1986, and those laws wouldn't actually ever be tested until years later. Did you know that many systems even had accounts without passwords? Imagine that.
Consider this story a flashback, a snapshot of a time long gone, a simpler time. In thinking back to those times, I'm reminded that the human spirit is never as free as when it's reaching out to learn.
Mark Abene has been a security consultant for quite a while. From time to time he even likes to lecture on the subject. He's also been a network architect, a sys-admin, a programmer, even an actor. When he gets completely fed up with all these things, he prefers to relax some place warm, like a beach. He's never quite figured out how to swim, despite several well-intentioned attempts. Rumor has it that if you offer to buy him a drink, he may even entertain you with a story...