Hacker Perspective: Scott Everard

Many years ago, in a small Texas cowtown far, far away (now the home of the Texas Rangers, Dallas Cowboys, and Six Flags), I introduced myself to hacking.

This was long before personal computers, cell phones, and other examples of current technologies.  As a young, curious, mischievous kid, I would hang out with buddies near the railroad tracks that connected Fort Worth and Dallas.  At the corner of Abrams and Fielder Road, now an overpass above the tracks, was a complicated meeting of crossroads and a railroad crossing.  I began to wonder how the train crossing guard rails knew that a train was approaching and that it was time to start the lights flashing, the bells ringing, and the crossing rails to come down to prevent cars from crossing the tracks.  I took a close look at the electrical control box that was locked near the crossing.  Not wanting to break in, I looked for the simplest, most elegant solution.

Having limited knowledge of electricity, I was still able to determine that the train must complete a basic electrical circuit since the train wheels consisted of a conducting material.  I tested my junior high theory with a length of wire and some tape.  I taped the wire across the tracks and the fun soon began.  The barriers came down, the lights came on, the bells rang, and traffic came to a screeching halt... for hours.  For several hours, I sat at that intersection watching traffic back up for miles.

The police finally showed up, followed by railroad personnel and the hack was soon discovered and corrected.  This made the local news and I was hooked on hacking.  It was the thrill of taking a system or device and making it work differently and unexpectedly that was the adventure.  How can I make something better?  How can I make it behave differently than it was originally intended?

So... how does it work?

There are several electrical circuits that are made with the rails themselves on each track at the crossing - an island circuit and the two approaches.  Most consider a train completes an electrical circuit, and this is what starts the process.  In reality, this is incorrect.  It's actually a DC circuit, in which a relay is continuously energized by a battery and held by electromagnetic forces.  When a train nears the intersection, the wheels short-out that circuit, and the electricity doesn't make it to the relay at the road.  The relay loses energy and "drops," which causes a set of contacts to touch, triggering the signal lights through a succession of relays.  Newer technology exists today using motion detectors, however in many locations throughout the U.S., a piece of wire and some tape will still do the trick.

Warning:  By the way, tampering with or vandalizing a railway signal or related equipment is a serious federal crime and violators may face terrorist charges.  Fortunately for me, the statute of limitations has long since expired.

A lesser junior high hack was a way to get free games on a particular pinball machine.  This specific machine was located in a pool hall near the university campus.  The machine was called "Domino."  It was connected to a jukebox and every time an extra game was won, the jukebox was configured to play the song Domino by Van Morrison.  Whenever the proprietor was out of sight, two loud "pops" could be heard from the pinball machine, indicating a free game, and the next song played on the jukebox would be Domino.  The first pop heard was my fist giving the analog score display a whack which would rack up a few thousand points and the free game (second pop).  To this day, whenever I hear that song it takes me back to that pinball game.  I got very good at it and eventually didn't need to resort to the "hack" to win a game.

Other future hacks came as a result of my advanced electronics training that I received in the Navy.  For example, I appropriated an old television set that used a picture tube utilizing deflection coils, horizontal and vertical, to determine where the beam would strike the Cathode-Ray Tube (CRT).  The CRT was a vacuum tube that contained one or more electron guns and a fluorescent screen used to view images.  It has a means to accelerate and deflect the electron beam(s) onto the screen to create the images.  The images may represent electrical waveforms, pictures (television), and radar targets.

A deflection coil is an electronic component and part of the electron gun assembly in the CRT.  One coil controlled the movement of the beam side-to-side, while the other controlled the vertical movement of the beam.  The side-to-side movement of the beam, known as horizontal scanning, produces a horizontal line.  In order to create a raster, each line has to be repositioned one step below the next.  In this way, a complete raster consisting of 625 lines forms the basis of a single frame of an image.  Another deflection coil is part of the vertical deflection circuit.  By tapping off of the left and right channels of a stereo system and connecting them to these deflection coils, I was able to create a cool visual display that responded directly to the music.

In the Navy, I started out as a TRADEVMAN (Training Device Man).  TRADEVMEN installed, repaired, modified, and maintained audio/ visual training aids, including instructional films, slides, and recordings; performed organizational and intermediate level maintenance on training devices; operated and performed organizational maintenance on equipment used in conjunction with training devices and ancillary equipment to train and maintain the proficiency of individuals and/or teams; assisted in the development, operation, and/or improvement of training programs of supported activities; and constructed, devised, or obtained training aids.  This included everything from a projector to a flight simulator.

As a "TD" technician for a Navy Emergency Ship Handling Simulator, I learned the ins-and-outs of the Systems Engineering Laboratories 810A computer, both hardware and software.  This is where I got hooked on operating systems and software.  I taught myself the machine language of the device and created simple games that required the user to input the answer via the front panel toggle switches.  When I came across the assembler tape, you would have thought I had struck gold.  It made programming so much easier.  I began to craft more elaborate, beneficial programs that assisted in the troubleshooting of the system - reducing downtime.  Of course, the games became more extravagant as well.  I was able to try my hand at Tic-tac-toe and Checkers.  After completing my hitch in the Navy, I returned to that old cowtown to use my VA benefits to further explore the new field of computer science and engineering.

While a computer science student, I worked at the university computing center part time to offset the expenses that my G.I. Bill didn't cover.  While there, I was able to show how insecure the campus system was.  Although the financial mainframe was separate from the student and faculty machine, the switchboard for that system was simply mounted on the wall in the university computing center where many had easy access.  The insider attack would have been a cake walk, especially since auditing, at the time, wasn't something that was considered a requirement.  The students and faculty used dumb terminals that connected to a mainframe, an IBM 370.  The cabling carried the bits and bytes across campus via the underground steam tunnels of which many were laid by me and my student colleagues.  These cables were connected via phone boxes where we had to use connection testers to find a vacant line.  The test equipment was nothing more than a handheld phone with alligator clips to connect directly to the phone box.

Of course, while searching for a legitimate unused line, we invariably heard some very interesting conversations along the way.

As for the campus terminals themselves, it was child's play to retrieve usernames and passwords from anyone using any of the various terminals that could be found in numerous buildings throughout the campus.  I wrote a simple program that emulated the normal login screen, captured their information, then informed them that the terminal was going down, all the while saving their data and logging them off, only to wait for the next victim.  This was demonstrated to the system programmers who quickly moved to correct this security fault.  On the same system, access controls were nonexistent.  I demonstrated that it was a breeze to copy, edit, or delete any file in any user directory without any special permissions or a privileged account.  This included homework, exams, theses, and dissertations.  This too, was quickly corrected by the system folks.

So where does this leave me?  So what's the difference between a "hacker" and an "engineer?"  My answer is none, if you're good at both.  To be both, you have to think outside of the norm, outside of the box.  You have to envision without constraints.  You have to challenge the boundaries of design and allow creativity to spawn ideas, regardless of how ridiculous they may seem at first glance.

Now, don't get me wrong.  I'm not an advocate of criminal activity as it refers to "hacking."  Anyone can use a legitimate idea and bastardize it for nefarious purposes.  I'm talking about using new concepts to improve our world.  This may sound overly ambitious and pious, but this is what folks like Tesla did.  The same principles apply to the advance of research and development as they do for the deviant behavior of criminals.  The initial thrill of the successful hack can lead to an immediate patch to prevent the vulnerability, or it can lead to the withdrawal of thousands from your grandmother's life savings.  It's a matter of choice.

The typical definition of a hacker is that of a perpetrator who illegally invades computer systems with the intent of carrying out illegal undertakings.  Hacking has become a term that is defined as the unlawful access and the use of someone else's computer for felonious activity.  Now I'll grant you that my taped wire across the railroad tracks and the free pinball games were, in fact, criminal acts but they were not done with reprehensible intentions.  My goal wasn't wicked.  My desire wasn't to make a living from the hacker instigated misfortunes of others.  My objective was to simply satisfy my technological curiosity which created an enthusiasm for technological innovation.

There is a huge difference between the playful demonstrations of experimental modifications and that of the lawless, unethical individual that doesn't consider the abusive effects of their hack upon the unarmed individual.

At any rate, this is where it all began for me.  It stems from a desire to know more about how things work around me.  How can I make it better?  What makes it tick?  Why was it done "that" way?  Could it be done "this" way?  Throughout the years, my mantra has remained to always look for the simple answer... the elegant solution.  It's there waiting for you.

Scott Everard is a senior security engineer who has experience as a systems programmer working with FORTRAN, C, and assembly language on multilevel operating systems and databases.  Narrowing his expertise to security, he has supported cybersecurity projects for the Coast Guard, Air Force, Army, and Navy.  Scott is a retired Navy fire controlman chief who enjoys his life with his wife Debbie, his kids, and his grandkids.