ASCII by Jason Scott

Jason Scott's Weblog

Hacking Cracking —

Well, this is something. I stumbled upon someone’s attempt to do a “Grand Unifying” history of hacking, phreaking, and cracking. It jumps around everywhere from the dawn of the telephone system up through to mentioning my documentary (!) which is how I found it in the first place.

It gets a few things wrong, like crediting John Draper with the discovery of the 2600hz whistle (he most certainly didn’t) and parts of it are obviously pasted-in swaths of text from other locations, but cheers to that guy for trying to take a shot at it.

I have a copy of the file over here in case it was going to disappear off the face of the earth… now it won’t!

A part of me thinks that there’s a danger of encrusting “hacker history” into a classic case of telling the same 12 stories over and over and getting facts wrong; but on the other hand, it’s a lot of fun to see people try and get it “right”, and unlike a lot of histories there’s a bunch of supporting documents out there.

Sorry, no clever story today; there’s more than enough gunk in that link for anyone. Let me know what you find wrong with it.


Categorised as: Uncategorized

Comments are disabled on this post


10 Comments

  1. Oh boy.

    “…there are more than 2,000 definitions to the word Hacker alone…”

    I thought “one who hacks” pretty much covered it, unless you go with the obvious joke about badly this guy just “hacked up” the English language (yuk yuk yuk). Of the 2,000 known definitions of the word hacker, the author lists seven, two of which are “a programmer” and “a master programmer.” I suppose using that logic you really could reach 2,000 definitions. “A programmer who eats cheese.” “A super-gooder programmer.” “A programmer who types really fast.”

    You know, it’s like you and I recently said, you can’t just make shit up and pretend it’s a fact, especially in this day and age when Google is only a click away. “Phreaking as been around since the telephone was invented.” Really? According to Wikipedia (hey, it’s at least as authoritative as this guy) the roots of phreaking can be traced back to the introduction of automatic switching (more or less). I am almost certain that phreaking as we know it was not being performed in saloon back rooms during the 1800′s.

    By the way, just for laughs, here are just a few of the plaigerized sections I found. There are others.

    #1 From hackingcracking.txt:
    Phreaking has been around since the Telephone was invented.

    http://www.textfiles.com/uploads/begphreaking.txt
    Phreaking has been around since Bell created the telephone, which was long before hacking came about.

    #2 From hackingcracking.txt:
    Bell couldn.t compete with the Telegraph, because it was huge and well entrenched. In the year 1876 the U.S had
    214,000 miles of telegraph wire, and 8,500 telegraph offices, also there were specialized telegraphs for businesses,
    government, police, stock traders, fire departments, and hospitals.

    From Bruce Sterlings Hacker Crackdown (http://www.chriswaltrip.com/sterling/crack1b.html)
    The telegraph system was huge, and well-entrenched. In 1876, the United States had 214,000 miles of telegraph wire, and 8500 telegraph offices. There were specialized telegraphs for businesses and stock traders, government, police and fire departments.

    #3 From hackingcracking.txt:
    Something that was really easy to do was to pop into the Auto Verify trunks by accessing the trunk with that class
    mark. You couldn.t just dial an 800n number that terminates into DC (Washington D.C), you also had to pop over to
    a trunk class marked for Auto Verification.

    http://www.webcrunchers.com/crunch/Play/history/stories/toilet.html
    One of the things that was really easy to do, was to pop into the AutoVerify trunks by accessing the trunks with that “Class mark”. You couldn’t just dial an 800 number that terminates into Washington DC, but you also had to pop over to a trunk class marked for what they call “Auto-Verification”.

    #4 From hackingcracking.txt:
    Mitnick admitted in a global plea agreement that he broke into a number of computer systems and stole proprietary software belonging to Motorola, Novell, Fujitsu and Sun Microsystems, there were few other companies included as well. I also admitted that he used a number of tools to commit his crimes and also used Social engineering, sniffers, and cloned cell phones. He admitted that he stole Emails, impersonated employees of the victim companies, which included Nokia Mobile Phones, and monitored computers systems.

    http://www.usdoj.gov/criminal/cybercrime/mitnick.htm
    In a global plea agreement filed in United States District Court in Los Angeles, Mitnick admitted that he broke into a number of computer systems and stole proprietary software belonging to Motorola, Novell, Fujitsu, Sun Microsystems and other companies. Mitnick admitted using a number of tools to commit his crimes, including “social engineering,” cloned cellular telephones, “sniffer” programs placed on victims’ computer systems and hacker software programs … He also admitted that he stole E-mails, monitored computer systems and impersonated employees of victim companies, including Nokia Mobile Phones, Ltd., in his attempt to secure software that was being developed by those companies.

    There are others, of course. It looks like the “box list” was taken directly from this site: http://www.cyonic-nemeton.com/hacking.html

    Sources, people. Gotta cite sources.

    Observation: I like how the infamous Captain Crunch Whistle is described as having “magical powers,” as though it were the magic whistle from Super Mario Bros. There are many parts of this text that irked me but this phrase jumped out, mainly because I think the spirit of hackers is that there IS no magic — everything is surmountable through knowledge. No magic required.

    Observation: “All Hackers are Phreaks & Crackers, but crackers by themselves are not Hackers, and some phreaks today also are
    not hackers..” Really? All 2,000 definitions worth of hackers are also phreaks and crackers? And I’m not even sure I understand that sentence … I think that’s one f’ed up Venn diagram.

    Observation: “Free Kevin was launched by the underground, their goal was to Free Kevin.” Appropriately named, the movement was.

    Observation: “I think Kevin lives here in Las Vegas, if I get a chance, I might go and visit him”. FLEE KEVIN.

    Observation: “I know only of few movies that are only about hacking, the first movie that introduced the
    public to hacking and showed that such things were possible, in the movie the main character David Lightman is a
    hacker, and usually hacks into his school.s database to change his grades, he hears about a new computer game by a
    company called .Protovision. and decides to hack into their system to steal the game, so he finds their number and
    hacks in and gets a list of Games, he thinks he hacked into Protovision, but actually he had hacked into a Military.s
    Nuclear Combat Simulator Computer, known as WOPR, which was made by a scientist, its basic purpose was to
    play games and learn from mistakes to create an unbeatable strategy. One of the games on the list was called
    .Global Thermo Nuclear War, and Lightman decides to play that, when choosing sides between United States and
    U.S.S.R he chooses Russia, the game starts and he chooses his first attack to be none other than Las Vegas, I can.t
    belive he chose Las Vegas, I LIVE HERE, well I wasn.t really around back then so doesn.t matter, anyways for his
    second target he chooses Seattle, where he is living in the movie.:

    (In his quest to write quite possibly the world’s longest run on sentence, the author neglected to mention the name of the freakin’ movie.)

    The ending is also kind of abrupt, no? There were BBSes, and then hey someone invented avatars and THE END!

    Observation: “Your feedback is important for finishing this document.” Ah shit.

  2. Quote Rob:
    “(In his quest to write quite possibly the world’s longest run on sentence, the author neglected to mention the name of the freakin’ movie.)”

    You don’t know that movie???? That’s WarGames with Matthew Broderick

    Movie @ IMDB: http://www.imdb.com/title/tt0086567/
    Matthew @ IMDB: http://www.imdb.com/name/nm0000111/

    Another Quote Rob:
    “Sources, people. Gotta cite sources.”

    Happy? :)

  3. Chris Barts says:

    To me, ‘hacking’ versus ‘cracking’ is the difference between prying the covers off a box to understand it and taking a sledgehammer to the box to break it. Taking the covers off can be messy, and sometimes a sledgehammer is required, but the difference in mindset is blindingly obvious.

    ‘Hacking’ is best understood as a term that got hijacked by the media not long after they discovered kids with computers could be romanticized into a ‘Special Report’ or even a made-for-TV movie. The kids (both physical children and adolescents in adult bodies) fed into the media’s notions because it made them feel special. Some people never really get to feel special in their lives.

    Originally, ‘hacking’ was doing something that could be described as a neat trick or an imaginative exploit or even a rather beautiful piece of work. A ‘hack’ would be MIT students getting a powder-filled balloon to emerge from a football field at halftime and explode harmlessly. It got the message across–the people behind it are both clever and sneaky–but it didn’t even disrupt the game. That was a hack. At their most asocial, hacks circumvent stupid bureaucratic rules that give computer terminals to people who aren’t going to make good use of them. More commonly, hacks push hardware and software beyond what the manuals say they’re capable of. Hacks may be ugly, but the fact they’re possible at all inspires wonder.

    Cracking has some aspects of hacking. However, both cracking copy protection and cracking computer security is more about plugging away at known holes than sudden leaps of insight. Hacking is all about the sudden insight, the moment of Zen that happens when your unconscious mind whacks you upside the head with an answer. Cracking security that’s barely there at all isn’t even worth notice. Running a pre-made script is a sign of terminal loser status: A hacker would at least pry the covers off the tool to see how it works.

  4. Carsten, just to clarify, of course I recognized the movie as Wargames. For a (very) brief time in modem history I actually used the incredibly unoriginal moniker “David Lightman” before settling on a character from a different Dabney Colman movie, “Jack Flack” from Cloak and Dagger.

    But, +10 to you for citing sources!!! :)

    As for the hacking vs. cracking definition debate, first you have to define the era: pre-Wargames, post-Wargames/pre-Internet, and now Internet-era. Each of these eras have very different definitions of the word “hacker” — and some of them have two or three. Hell, currently we have 2,000!

  5. Everybody perceives it different and for that reason would I avoid the words to be used whenever possible. Especially if you are using the words in a positive context are misunderstandings just waiting to happen. Instead of cracker use “Computer Crack” instead for example.

    My experiences start after WarGames, Pre-Internet with BBS’es and warez and blue boxing (phreaking), PBX’es and calling card abuse.

    A hacker for me is a guy who is an “advanced power user” and not necessarily somebody who is a programmer. A guy who analyses software, tests it, automates requests via tools to scan a broad range of possible options in a short period of time. A person who wants to gain access and or control over another system by exploiting known security flaws, using brute force (scanning, dictionary attacks etc.) or human weaknesses and flaws (why use parents the first name of one of their child’s as password so often?). He might finds technical security holes by accident, but is not the one who can seek them out as well. The hacker was spending time to find out the new frequencies for ATT, MCI or SPRINT to break their lines, scanned for valid calling card numbers, attempts to find new working credit card numbers by creating similar siblings from an existing CC that works etc.

    A cracker is for me somebody who “eats code raw”. A person who is comfortable using a software debugger. Mostly doing debugging at the Assembler level. Enjoys to dissect other people’s code and “fixes” little inconveniences and “flaws” in software, like skipping licence key input screens to speed up the software installation process hehe. Crackers are not necessarily great programmers themselves, but have a deep understanding of technology and computer software.

    The great programmer is called a “coder”. A coder is this type of person who spends countless hours on something of little or no practical value (just by itself), just because he wants to figure it out. Things like writing a program that listens to IO operations of a hardware component and displays it on the screen which looks like your TV screen if no TV channel was selected, showing nothing but seemingly random noise.

    A hacker could be a cracker and coder as well, but often are the three different types of characters found in three distinct and different persons. They can excel by working together in conjunction with each other and as part of a group.

    This is my take on it. I reduced my definitions to what kind of skills each of them has and less on what exactly its being used for. That each of the guys is living in its own little world a lot of the times goes without saying. The world they live in is not always the same world normal people perceive as reality. I leave it at that.

  6. One more comment. If you ask how the collaboration between a hacker, cracker and coder would look like, here is how I see it.

    The hacker would be the guy in charge who coordinates the efforts. He is the one who has clear goals and ideas in his head. He would for example think up a tool he needs to do something very specific the coder could write for him. A port scanner for example (just to keep it simple). The cracker is needed when the hacker encounters a specific software and can’t get around it by using brute force or guessing. He would try to get a copy and have the cracker take a look at it to find flaws or have him create an altered version, the hacker could try to sneak in as replacement for the original.

    You get the picture I hope.
    Does this make sense?

  7. As a positive example to avoid the misconception that it is all about breaking into something and stealing and all that. What they do and what they do it for are two distinct and very different things and independent of the definition.

    The coder writes a piece of software. The hacker is testing it thoroughly and approaches is from all kinds of different angles. He is doing QA basically. The cracker is the one who is looking under “the hood” and checks the software for deep build in flaws and errors.

    In the example of a piece of security software would the coder write the interface to enter the password, the encryption routines etc.

    The cracker checks the code to make sure that the encryption is strong enough and that nothing is being exposed that reduces the effectiveness of the protection, like loading the key pairs in plain text into the memory for processing and stuff like that.

    The hacker checks more like things such as minimum keyword length, supported characters and flaws in the interface.

    The best encryption is worthless if the password can only be a set of numbers and the password is 3 digits long = only 1000 possible combinations which can be tried out in no time. Via script or even manually.

    The best protection software is also useless, if you can simply press ALT-F4 and close it and then be able to move on and do what you want to do anyway. The hacker is the one who would look for this kind of stuff.

    That’s my take on the whole thing and so far is it the one that most people are comfortable with, including hackers, crackers and coders themselves.

  8. behnam says:

    i want a software for mobile hack (nokia & sonyericsson )

    my mobile is nokia N70

  9. “Cracking has some aspects of hacking. However, both cracking copy protection and cracking computer security is more about plugging away at known holes than sudden leaps of insight. Hacking is all about the sudden insight, the moment of Zen that happens when your unconscious mind whacks you upside the head with an answer. Cracking security that’s barely there at all isn’t even worth notice. Running a pre-made script is a sign of terminal loser status: A hacker would at least pry the covers off the tool to see how it works.”

    Chris, although I agree with you when it comes to the general statements about what is what and the influence of the media, would I disagree with your detailed description of a cracker.

    I did not crack myself, but I had a bunch of friends that did. Some were less capable than others while a few were geniuses in its own terms. Cracking is not just running scripts. The developers of software protection are very creative too. A dongle crack where the dongle contains some data that are needed for the software to run is “tricky” to say the least.

    I also remember the PC version of the game “Flashback” from Delphine Software. The game had after each level another copy protection, a stronger one. The developer basically created a game within the game for the crackers. I am not sure if there is even today a 100% cracked version of the game out there that lets you actually finish the game.

    I hope that illustrates that cracking and hacking both can (but don’t have to) have their “sudden insight, the moment of Zen” as you call it.

    Well, I am going to stick to my definition of hacker, cracker and programmer.

  10. Optimus says:

    Thank you! This was a great read (both comments and article). Some parts of the txt article provided in the link are quite funny and flack’s observations are priceless (I laughed about the movie without name hilarious text)

    Really 2000 hacker definitions. When I read on the internet about hackers vs crackers vs definitions it’s all a mess. And yet I find some new hilarious stuff around.

    First about crackers: I am happy that someone mention software crackers here (breaking copy protection, etc) even if he confuses it with the other (crackers not hackers definition)

    Simple as that: Original hackers (They were very good or enthousiastic programmers even at something completely irrelevant with security breaking = old definition) were pissed off the new definition of hacker (security breaking, no matter if reasons are good or bad (that’s in my opinion) and proposed the term cracker.

    But they forgot that the word cracker is already been taken by software piracy crackers who have nothing to do with the cracker definition as perceived in “hacker not cracker”. (It’s like when you say ‘demo’ and you mean the realtime graphics demonstrations of the demoscene but it could also be confused as demos of commercial software)

    That’s why I am against the “hacker vs cracker” distinction because the term is already used (and irrelevant) from the software cracking scene. But nobody seems to mention that! I would like to ask some crackers what do they think about it..

    Also notice this trend: “hacker vs cracker” distinction was mean to say: hacker = very good or enthousiastic coder (It can be irrelevant with security breaking. You could be coding demos in assembly and have the hacking (clever programming) spirit.), cracker = anyone engaged into illegal security breaking.

    And notice something else: Many people, because they couldn’t differentiate the word “hacking” from security breaking (they think only the programmers who are also into security breaking are hackers or that you don’t even need programming but just be like the hacker as seen in tv), they thought that: hacker = illegal security breaker with good intentions, cracker = illegal security breaker with bad intentions.

    The got it wrong (concerning the understanding of what the first people making the hacker/cracker distinction wanted to explain). That’s because even with these distinctions, when you say “hacker” you are not thinking of the programmer, you are thinking of the security breaker. Nobody says “My computer was cracked”.

    The problem is that with these word confusions, many kids want to be so called “hackers” with the new lame definition, they don’t learn to programm, they only want to hack into sites and have some kind of fame or honor. And because of the old respect of the pioneer coders, they confuse it, and say it’s respected to make cyber attack. Which is not!