Confessions of a Teenage “Hacker”: Part 1
by Drew -Gaiiden- Sikora · 02/22/2009 (10:45 am) · 12 comments
I feel it’s finally time to fully declassify some information that I’ve shared with a few people, regarding some actions I carried out when I was younger. It’s nothing too criminal, but it does still cause me to laugh with evil maniacal effect inside my head whenever I think about it, or out loud whenever I’ve told it to other people in person. The transgression in question would be stealing my father’s dial-up online access password when I was 14 years old. Multiple times.
The story begins with my simple desire to be connected online when my parents weren’t around. Sure sure, I know exactly what you’re thinking about - but surfing porn wasn’t the only thing on my mind. I used to IM a lot with my friends (because cell phones were expensive bricks back then) and play a lot of online games like Starcraft. During the day, with my sisters both bugging me to use the computer (which we all “shared”), and my parents bugging me to do my homework (which I never did), these activities were not very easy to accomplish. However I didn’t have much choice because to get online I had to ask my father to first sign me in, being that back then our only option was dial-up networking through AT&T.
So my frustration understandably grew to the point where my only hope was to somehow acquire my father’s internet password so I could sneak downstairs at night (my various ninja actions are stories unto themselves and will have to wait for another post) and log online without being pestered by anyone.
But how? Well I can’t remember exactly when I came up with the solution to this problem, but I do remember the steps I took to get there. First of all were the following observations I had made about my father entering in his password:
* He would enter in the password, always hit Enter, but sometimes nothing would happen. So he then had to use the mouse to click “Connect”
* Sometimes the service would not connect, but it would never say why. So you had to assume you either mistyped the password or something’s wrong with the service at the moment
Now, I had been teaching myself to program for a few years at this point and I was currently working with Visual Basic, which allowed me to create Windows applications. In doing this, I learned the following important things in regards to this problem:
* You can create applications that don’t have a visible window - which means no title bar, close/minimize/maximize buttons, border, etc.
* Text input boxes that show *’s for passwords obviously still have to save, in code, the actual text typed into them
Thus the plan was hatched. I made a simple VB application that was just a password text input box the exact same size as the password text input box in the internet login window. Upon the Enter key being hit, the application would terminate, after it stored the contents of the text input box (which would be the actual text typed in) in a file. This simple application was then utilized in the following manner:
1. I would bring up the login window and for a password type in gibberish approximately the same length as my father’s actual password
2. I would then start up my password stealing application, which would appear on top of the login window, blocking out the actual password input box
3. I would call my father and ask him to sign me online
4. My father would type his password into my text input box and hit Enter
5. My text input box would close and save his password to a file (I do happy dance in my head), but to him it would appear as if nothing happened, as it sometimes does.
6. He clicks “Connect” and the service fails to connect because I entered a bogus password - but it doesn’t tell him that
7. He re-enters his password, and this time everything works fine.
Fortunately for me, and ironically, he never mistyped his password when I was stealing it, which I had to do at least 2-3 times because everynow and then I would get caught online and he would change it. I think at one point my parents might have unplugged the entire phone cable from downstairs… as if I didn’t have my own. Mwaahahaahahahaah.
Given that I’ve confessed to one evil deed, I suppose my next confession would have to be how I used the WM_CLOSE message to create a Win32 program that kept a window from exiting and tortured a poor girl in my computer science class in high school. But that’s for another post.
What? You didn’t know how evil I am?
The story begins with my simple desire to be connected online when my parents weren’t around. Sure sure, I know exactly what you’re thinking about - but surfing porn wasn’t the only thing on my mind. I used to IM a lot with my friends (because cell phones were expensive bricks back then) and play a lot of online games like Starcraft. During the day, with my sisters both bugging me to use the computer (which we all “shared”), and my parents bugging me to do my homework (which I never did), these activities were not very easy to accomplish. However I didn’t have much choice because to get online I had to ask my father to first sign me in, being that back then our only option was dial-up networking through AT&T.
So my frustration understandably grew to the point where my only hope was to somehow acquire my father’s internet password so I could sneak downstairs at night (my various ninja actions are stories unto themselves and will have to wait for another post) and log online without being pestered by anyone.
But how? Well I can’t remember exactly when I came up with the solution to this problem, but I do remember the steps I took to get there. First of all were the following observations I had made about my father entering in his password:
* He would enter in the password, always hit Enter, but sometimes nothing would happen. So he then had to use the mouse to click “Connect”
* Sometimes the service would not connect, but it would never say why. So you had to assume you either mistyped the password or something’s wrong with the service at the moment
Now, I had been teaching myself to program for a few years at this point and I was currently working with Visual Basic, which allowed me to create Windows applications. In doing this, I learned the following important things in regards to this problem:
* You can create applications that don’t have a visible window - which means no title bar, close/minimize/maximize buttons, border, etc.
* Text input boxes that show *’s for passwords obviously still have to save, in code, the actual text typed into them
Thus the plan was hatched. I made a simple VB application that was just a password text input box the exact same size as the password text input box in the internet login window. Upon the Enter key being hit, the application would terminate, after it stored the contents of the text input box (which would be the actual text typed in) in a file. This simple application was then utilized in the following manner:
1. I would bring up the login window and for a password type in gibberish approximately the same length as my father’s actual password
2. I would then start up my password stealing application, which would appear on top of the login window, blocking out the actual password input box
3. I would call my father and ask him to sign me online
4. My father would type his password into my text input box and hit Enter
5. My text input box would close and save his password to a file (I do happy dance in my head), but to him it would appear as if nothing happened, as it sometimes does.
6. He clicks “Connect” and the service fails to connect because I entered a bogus password - but it doesn’t tell him that
7. He re-enters his password, and this time everything works fine.
Fortunately for me, and ironically, he never mistyped his password when I was stealing it, which I had to do at least 2-3 times because everynow and then I would get caught online and he would change it. I think at one point my parents might have unplugged the entire phone cable from downstairs… as if I didn’t have my own. Mwaahahaahahahaah.
Given that I’ve confessed to one evil deed, I suppose my next confession would have to be how I used the WM_CLOSE message to create a Win32 program that kept a window from exiting and tortured a poor girl in my computer science class in high school. But that’s for another post.
What? You didn’t know how evil I am?
About the author
#2
You should have seen his face.. and those of my classmates! :) I got caught by one of the bullies in my class, but we made a deal - I taught him how to do this in exchange for not arranging a broken jaw for me. :)
02/22/2009 (11:34 am)
Ha! :) I'll join in. My computer science class teacher (high school) gave me a 4 (translates to a B) once. Next class I gave him a hard time by accessing the IPX network's admin panel (password was "teachers".. still makes me smile) and kept remotely rebooting any PC he walked close to.You should have seen his face.. and those of my classmates! :) I got caught by one of the bullies in my class, but we made a deal - I taught him how to do this in exchange for not arranging a broken jaw for me. :)
#3
The difference was that I enterely replicated the Win95 conection window, and after saving the pass in some generic ini file, I called the actual conection.
It was really noob though, because to initiate the real conection I was using a third party control, as direct access was too much for me at the time (?).
Anyway, the funny thing was that the deception would be PERFECT if not for a "This is shareware" window that the OCX showed randomly. There is no such thing as a perfect hack anyway...
Oh, and was not my father's pc, I used it here and there... school, 'prototypes' of cybercafes, among other victims... so it usually required a carefully planified operation.
02/22/2009 (12:35 pm)
WOW Andrew, I made almost exactly the same thing!The difference was that I enterely replicated the Win95 conection window, and after saving the pass in some generic ini file, I called the actual conection.
It was really noob though, because to initiate the real conection I was using a third party control, as direct access was too much for me at the time (?).
Anyway, the funny thing was that the deception would be PERFECT if not for a "This is shareware" window that the OCX showed randomly. There is no such thing as a perfect hack anyway...
Oh, and was not my father's pc, I used it here and there... school, 'prototypes' of cybercafes, among other victims... so it usually required a carefully planified operation.
#4
Joining the confession bandwagon: I've done something similar to that. My dad used to password protect our entire computer, and I had the same dilemma as you, except I couldn't even turn on the computer to do something as ninja as you. ctrl+alt+delete twice, enter administrator in the username box, win.
In my programming class (freshman year of high school) I had a ton of fun with a For loop, sleep() and "cout << \a" I created a beep that grew faster, my teacher though it was a bomb (also didn't help with people playing Quake in the back screaming "I'm gonna blow your ass up!" Also animated .gif's as background which looped screenshots we had taken of us playing games and running in a circle (or something easily looped), than you hide all icons on the desktop. The teacher once grabbed my mouse and tried exiting the game for 2 minutes before giving up.
My personal favorite is when someone had offered to pay me to build him a website for a web design class he was failing. Didn't keep up with the money, so I changed one of his later projects into one of those javascript rick-roll that pop a messageBox when you try exiting the browser. Good times...Good times...
02/22/2009 (1:12 pm)
Wow, +4 ninja points for you.Joining the confession bandwagon: I've done something similar to that. My dad used to password protect our entire computer, and I had the same dilemma as you, except I couldn't even turn on the computer to do something as ninja as you. ctrl+alt+delete twice, enter administrator in the username box, win.
In my programming class (freshman year of high school) I had a ton of fun with a For loop, sleep() and "cout << \a" I created a beep that grew faster, my teacher though it was a bomb (also didn't help with people playing Quake in the back screaming "I'm gonna blow your ass up!" Also animated .gif's as background which looped screenshots we had taken of us playing games and running in a circle (or something easily looped), than you hide all icons on the desktop. The teacher once grabbed my mouse and tried exiting the game for 2 minutes before giving up.
My personal favorite is when someone had offered to pay me to build him a website for a web design class he was failing. Didn't keep up with the money, so I changed one of his later projects into one of those javascript rick-roll that pop a messageBox when you try exiting the browser. Good times...Good times...
#5
02/23/2009 (3:37 pm)
Man you guys were lucky. The computer teachers I had in High School could get freaked out if you changed the DOS prompt to anything besides '$P$G'. Talk about boring. 
#6
02/23/2009 (3:39 pm)
High School was great for testing (exploiting) public computers. Low budget == easy to break security. 
#7
Talking about breaking into systems and sabotaging someones project is not what you want potential customers/employers reading:)
I won't go into my high school pranks, and it has nothing to do with the fact computers hadn't been invented yet either...
02/23/2009 (3:48 pm)
And for any kids reading this, today it is considered a crime and if caught..:)Talking about breaking into systems and sabotaging someones project is not what you want potential customers/employers reading:)
I won't go into my high school pranks, and it has nothing to do with the fact computers hadn't been invented yet either...
#8
I spent time trying to understand out how computers worked, and part of that was figuring out how to build them and master the OS (which included finding exploits).
Nothing in this blog is encouraging the behavior, but I admit I got satisfaction sticking it to bullies and jerks via a computer terminal. Better outlet than doing drugs or physical retaliation.
02/23/2009 (3:57 pm)
@Randy - That's kind of the point of the blog. Kids create mischief. Computers became a huge part of my life during middle school and that carried over to HS. Some kids bully, others steal, some drop cherry-bombs into toilets. I spent time trying to understand out how computers worked, and part of that was figuring out how to build them and master the OS (which included finding exploits).
Nothing in this blog is encouraging the behavior, but I admit I got satisfaction sticking it to bullies and jerks via a computer terminal. Better outlet than doing drugs or physical retaliation.
#9
i guess i once also wrote the skeleton of a executable-loader-segment virus on the amiga. i managed to make some assembly code which could attach itself to an executable, and would execute before the rest of the executable. that was actually pretty educational, as i learned a bunch about the amiga executable loader. i never deployed it tho.
i find that you can sort of tell a lot about a programmer by telling him or her about some adventure like writing a virus. in my experience people who react with interest and start thinking about the engineering challenges of the task are generally a cut or two above programmers who sort of recoil with disapproval. you could argue that engaging with the technical aspects of a problem before the ethical aspects is actually a flaw in highly-skilled engineers however. qv the manhatten project, for example. "American Prometheus" describes how most of the scientists working at Los Alamos never really paused to consider the ethical questions of the bomb: they were 100% engaged with the engineering.
02/23/2009 (5:03 pm)
i think my only truly nefarious act was leaking a copy of the latest version of Aztec C on the Amiga to a member of the Red Sector cracking group. i think in exchange i got lots of warez. my pop found out, and i had to go two months without the modem. harsh!i guess i once also wrote the skeleton of a executable-loader-segment virus on the amiga. i managed to make some assembly code which could attach itself to an executable, and would execute before the rest of the executable. that was actually pretty educational, as i learned a bunch about the amiga executable loader. i never deployed it tho.
i find that you can sort of tell a lot about a programmer by telling him or her about some adventure like writing a virus. in my experience people who react with interest and start thinking about the engineering challenges of the task are generally a cut or two above programmers who sort of recoil with disapproval. you could argue that engaging with the technical aspects of a problem before the ethical aspects is actually a flaw in highly-skilled engineers however. qv the manhatten project, for example. "American Prometheus" describes how most of the scientists working at Los Alamos never really paused to consider the ethical questions of the bomb: they were 100% engaged with the engineering.
#10
02/23/2009 (6:59 pm)
Great stories everyone! I'll definitely be elaborating on my nefarious Computer Science class deed at a later date :) 
#11
In hindsight, I suppose I social-engineered several clubs though. Important "behind the scenes" ones like "Theater Lighting & Sound". By my senior year my buddy and I had acquired complete sets of keys to the high-school. Then they fired an uber-teacher; and changed the locks; and handed us the new keys in short-order...
We only ever used them when we wanted to hide and not be found, or when it would increase our social-status or power-base with students and staff, etc. When someone can't do their job because their locked-out and your the only one who can "make a miracle", people are suddenly willing to overlook the "how" of it...
We also mapped out and memorized most of the breaker-boxes. I do recall labeling a few before graduation. I was worried after I left no one would know how to turn on the lights and unlock the doors in the morning...
In the absence of a computer, we hacked the system. Take something apart and put it back together to suite your own purpose.. That's what hacking is right?
02/23/2009 (8:24 pm)
Our school network was lame and had nothing on it when it WAS working. The only reason to hack it was to FIX it, so you could play HEARTS across the LAN... In hindsight, I suppose I social-engineered several clubs though. Important "behind the scenes" ones like "Theater Lighting & Sound". By my senior year my buddy and I had acquired complete sets of keys to the high-school. Then they fired an uber-teacher; and changed the locks; and handed us the new keys in short-order...
We only ever used them when we wanted to hide and not be found, or when it would increase our social-status or power-base with students and staff, etc. When someone can't do their job because their locked-out and your the only one who can "make a miracle", people are suddenly willing to overlook the "how" of it...
We also mapped out and memorized most of the breaker-boxes. I do recall labeling a few before graduation. I was worried after I left no one would know how to turn on the lights and unlock the doors in the morning...
In the absence of a computer, we hacked the system. Take something apart and put it back together to suite your own purpose.. That's what hacking is right?
#12
It only got worst with time, we *learned* QuattroPro, and time later, DBaseIII (a bit better, but my spirit was totally broken by that time regarding my view of the asignment).
@Orion
02/24/2009 (3:43 pm)
@PatQuote:Man you guys were lucky. The computer teachers I had in High School could get freaked out if you changed the DOS prompt to anything besides '$P$G'. Talk about boring.LOL man, I know what you mean... the bastards tried to "teach" how to use Word Perfect 6.0... or was it 5.0? -under DOS of course- for the whole bloody first semester! I still remember an awesome Dragon the WP had among its bitmaps.
It only got worst with time, we *learned* QuattroPro, and time later, DBaseIII (a bit better, but my spirit was totally broken by that time regarding my view of the asignment).
@Orion
Quote:in my experience people who react with interest and start thinking about the engineering challenges of the task are generally a cut or two above programmers who sort of recoil with disapproval. you could argue that engaging with the technical aspects of a problem before the ethical aspects is actually a flaw in highly-skilled engineers however. qv the manhatten project, for example.Excellent topic! Also excellent perspective, both examaples perfectly show its points. Thats why I think they are really different things you are talking there, the ethics of a computer virus development, and the ethics of a weapon development are wide different imho.
Employee Michael Perry
GarageGames
I'll join your confession time:
I remember performing certain nefarious deed in high school, but I did not know how to program. I had to rely on developers such as yourself to provide me with certain apps that accomplished the task I required.
I think mail-bombing was my preferred method of harassment (since back in the day having a bombed inbox on AOL could crash the whole program), so I was always on the lookout for new "bombers." I never used it on someone who didn't deserve it: usually kids at school who were cruel to me for no reason, and a particular vicious ex-girlfriend.
Phew...now I feel better with that off my chest. I gotta say, though, your story is a lot better =)
Edit - Of course, learning how to perform "Net Sends" from DOS was a fun past time in the school library.