Hacker Perspective: Will Duckworth
92wilduc was my network username at high school, back before I realized usernames are our identities for the myriad of computer services we consume, almost without thought these days. (I'm sure you can do the math of when this story is set.) I was a fresh-faced 11-year-old when I had the chance to have my first proper go on a PC. This one was powered by Research Machines - and most people of a certain age range in the U.K. will know of RM computers through their schooling. The IT suite was a room which initially only had 15 or so networked computers. I think PXE booted off an OS/2 Warp server in the corner, and at lunch times we were allowed on them in a "first come, first served" basis outside of IT lessons. This was free time for us to do what we wanted, and often I could be found there using what in those days was a Windows 3.0 desktop environment. Very dated by today's standards but it was mesmerizing for me back then. There were all sorts of new and exciting programs to investigate, and so I methodically went through them all, occasionally freezing up the system in some way; learning the three finger salute we all know and love.
It was all quite locked down, e.g. no control panel or command prompt, not being able to browse drives etc. This reduced what could and couldn't be seen or run on the systems. Nowhere near as restricted as things would become over the intervening years from Windows 9x/NT onwards - but that's another story for another time.
My knowledge of computing and Microsoft systems was growing. One of the programs available was for BASIC programming and, although I was a little late to the Commodore 64, BBC Micro B, and Spectrum party, a mate had one which we tinkered with; so I had a general idea of steps to make a program and print "hello world," etc. What I also learned was that this environment could also read and write to the drives on the machine, like Notepad could too; networked ones and 3-1/2" floppies (remember those?), for example. Trying to run programs from within this environment similarly always hit the restrictions in place, until I hit on an idea which I thought may work.
Now, there was one other Windows computer in the school which us students could gain occasional access to, and it lived in the library. This was a Windows 3.1 machine with no restrictions, but, alas, no network. It had an old fashioned CD drive where you had to load the disks into caddies before putting them in. But it was a marvel when one disk seemed to contain as much, if not more, than all the books in the library combined. I spent rather a lot of time reading different subjects and articles on this comparatively small computer - especially when Microsoft Encarta came out.
The beauty of this PC was that we could sneakily format our newly acquired floppy disks (at 50 pence a pop) with the /s switch to add system files to make it bootable into MS-DOS. Then, going back to the network PCs, I thought I could boot off the disk and see what happened. Nothing much did. The network PCs had no local drives and, without any network config, it just gave me a very basic A:\ prompt. O.K., it was worth a try. Back into Windows and running the BASIC program, I tried to run COMMAND.COM from the network booted C: drive, but again hit the restrictions. Running A:\COMMAND.COM suddenly dropped me into a DOS prompt and it had all the network drives attached too. This was all stuff which shouldn't have been possible, and it gave me that feeling we all know as hackers.
I immediately went looking through the drives which were locked down in the desktop environment and spent many days looking in places I shouldn't. One day, I stumbled upon some directories which obviously contained some admin tools and spied a MAKEADMIN.BAT file. Without hesitation I ran it, seeing the screen scroll past with lines of interesting stuff. Bear in mind, at this time I didn't fully know what an administrator was, but knew the IT teacher and maybe another A-Level student oversaw the network. I wasn't too sure what had happened, but next time I logged on my username appeared differently: 92wilduc(Administrator)
Whoa there - excellent. Unrestricted access to everywhere and more network drives, which included everyone's user areas, other programs on the desktop, and so on.
It didn't take too long for the IT teacher to notice an additional admin user and I was hauled in to the office, my mother was brought along too, and I was given a bit of a bollocking. Supposedly, with my new gained access level, I could have read exam results and changed them, as well as, of all things, the school's heating program. Of course, I was sorry for all the aggro caused and asked how they knew - when it dawned on me it was obvious by my username probably showing up somewhere it shouldn't. A lesson learned for future reference, I guess. They were really good after this meeting; the IT teacher actually got me more involved with helping out with the network - I think he was glad of it. Eventually, Windows 3.11 and then 95 came along, the server changed to NT, and again I was included, but on the edge of the IT admin team, looking after and supporting the students and teachers alike.
Sticking with the user ID theme, there was another computer room in the school, half of which had some antiquated BBC Model A computers which disappeared after a couple of months. They ran a few programs, but were similar to other late-1980s/early-1990s BASIC powered microcomputers. The only thing I remember about these was that one of the monitors was actually a TV and a few mates and I tuned in to the cricket during the summer months. The other half of the room contained a network of Acorn Archimedes A3000 computers with a server in the corner serving files and logons. These computers, at the time, seemed quite a bit ahead of the game regarding desktop interface, and obviously the RISC ARM CPUs started life with these systems and now their direct descendants can be found in most smartphones today. They ran RISC OS and booted off solid-state drives, running on a token ring network which proved a bit unstable when cables moved and resulted in many reboots to fix frozen sessions. They were excellent machines and I enjoyed using them - quick boot times, a bit of a quirky filesystem to get used to, but some elegant looking graphics at the time. A kind of "Apps" start button (this was before Windows 95) gave access to various programs for word processing, etc. It was rather easy to write BASIC programs, and equally easy to reverse engineer other programs and files that were on the system. This gave me a great insight into how a program was put together. One of my favorite programs which appeared, apart from the obligatory Lander, was a "duck hunt" game that had a duck paddle backwards and forwards across the taskbar, whilst taking virtual pot shots at it with the mouse (again, before Windows had a taskbar). You could get inside its workings and alter the graphics - changing the pictures, or sprites, to whatever you wanted.
One day the IT teacher of this network needed to reset someone's password and I watched as she opened the program on the server to do this. Back on my workstation, I tried to locate this on the network using the paths I saw while shoulder surfing. I found a few admin tools and some backups of an interesting file which contained usernames and some encrypted passwords. The encryption in this case was just simply reversing them! Unbelievable. It was an old file but I was sure that some of the passwords would still be in use - and after a few minutes trying, I managed to get on another machine with one. Again,exciting hacker type fuzzy feelings.
What I couldn't see on the network share was the live password file - this must have correct permissions to block me, so I started hatching a plan to get a copy of this file. Using another shiny new floppy disk, formatted to this filesystem (not the same as DOS), I put it in the server which sat on the corner desk. Then, with a mate by the door on lookout duty, I managed to circumvent the server screen lock by switching the monitor on - again, unbelievable by these days' standards. I located and copied the file to disk - moving at high speed and risking getting caught. I had it. It was in the same format as the other files, and I began writing a quick little program to search through by username to get the password; no grep on this OS. Astounding my classmates, I demonstrated my newfound abilities, quickly drawing a bit too much attention to myself - oops. I blagged it saying I found an old file and used it for such naughtiness, never letting on about the cheeky file copy. Once again, I found that I was asked to help out more and more in this network room, fixing the printers and cabling when they misbehaved.
Another thing that popped up in those early years was my first experience of a computer virus. There was only one way to distribute games and other interesting programs in those days, and that was via floppy disks. A lot of public domain demos and stuff like Lemmings was great fun, and again it was frowned upon to be running these things on the computer network at school. This is how a virus one day appeared on the network, installing itself in various places and continually popping up message boxes on screen. Not particularly destructive, but I found it fascinating how it replicated and ran, causing quite a bit of a headache trying to get it removed. I helped with installing and running anti-virus software. Again, it was interesting to watch the software fight it.
These couple of stories are just my first introductions to what is now my career in IT, preceding such things on my journey as Linux, the Internet, university, and more advanced computing. So, as with many other peoples' first forays into IT administration that began with them helping out at their schools, so did mine.
The author, once he progressed through university, only getting caught "testing" the network once, grew up a bit and started working back at schools managing IT for half a dozen primary and middle schools. This provided experience and he soon moved into the world of business IT at an aerospace company. Currently, he leads a team which designs and maintains high-performance cloud technology and IT architecture for a software company that provides services for the insurance industry.