Not long ago, I used to run an entertainment review site that commented on television, movies, and PC games. That site was a lot of fun but has been retired just about a year now. Maybe someday the site will be resurrected as it was very popular due tot he subject matter. Anyway, I was watching a movie the other night that had such bad hacking ‘skills’ displayed that it was laughable. I thought that it would be a great idea for a post on my now defunct movie site but then I remembered that I could just post it here! So with that said I present to you my list of the best and worst hacking films of all time!

Best

Wargames (1983): The top of the list! What can you say about this movie other than marvel at it’s greatness. What’s that you say? You’re not convinced it’s the best… well then your probably under 40. For those of us that were around during that time, the accuracy of the equipment and methods used were 100% spot on. It completely represented the aura of the time. If you buy the DVD that has the director’s comments, you’ll find that they purposely used a hodgepodge of older computer equipment so it would accurately represent what a teenager would be able to afford or scrounge up during that time. Incredible accuracy, especially the part showing how to jack a pay telephone with a soda can pull tab. What’s a pull tab? Go away kid, ya bother me!

Tron (1982): Even though this film came out in the 80’s, it feels like a late 70’s film. I don’t know why. Basically it’s about a hacker that is transported into the digital universe inside a computer, and must survive combat as a cyber gladiator in order to stop the villainous Master Control. It wanes a little in places, but make no mistake this was a groundbreaking adventure at the time. The graphics, while dated now, were extremely cutting edge at the time and wowed movie audiences lucky enough to see it on the big screen.

Pirates of Silicon Valley (1999): Not so much a hacking film as a corporate espionage film… involving computer companies. Fantastic tale from start to finish. My only gripe is that it does leave out some key information. For instance, the only reason Bill Gates got in to see the higher up’s at IBM was that his mother served on the same board of directors for a charity that the IBM chairman served on. She got the wheels rolling on the meeting. It also makes Bill Gates out to be some rebellious drop out who risked everything to start his company. Truth is, Bill was a multi millionaire by the time he went to college thanks to a generous trust fund from his grandparents and parents, who were also very wealthy. So was Paul Allen, who knew Bill from their grade school days at one the most exclusive and expensive private schools in Seattle. They weren’t hurting for anything… unlike Jobs and Wozniak. Still the historical bend of this movie makes it one of the best biopic films for computer nostalgia nerds.

Worst

Sneakers (1992): Some of the hacking was OK, but the social commentary peppered throughout by Robert Redford made this film unwatchable. If you want to blame Republicans for everything, watch a Michael Moore movie. If you want to make a hacking movie, leave your left wing garbage out and just make a damn hacking film. Is that too much to ask there, Bobby? The story revolves around two college buddies who take different paths in life. One becomes an “ethical” hacker, and the other...well, he is not quite so noble, although rich. The underlying message is that capitalist greed is bad but being broke, running from the FBI, and working in a run down, abandoned warehouse is morally superior. Some great plot twists and comic scenes ruined by over the top political grandstanding make this a movie I would only watch if it were free… and beer was free.

The Net (1995): Ugh. The only saving grace of this movie is Sandra Bullock. Technology at that time was emerging at a great pace. This thing called ‘Internet’ was finally taking off and the filmmakers and writers took a lot of poetic justice to portray what they thought computers might be able to do in the 2 months between shooting the movie and releasing it. It had it’s moments but the whininess of Bullock and the whole portrayal of the security software hack made it almost unwatchable. A good MST3K candidate.

Swordfish (2001): This movie’s tagline should tell you just how unrealistic the hacking is: "Log on. Hack in. Go anywhere. Steal everything." Yeah, it’s that easy. If you watch the movie, you'll realize that's exactly what the filmmakers believe. John Travolta is a villain who’s grand scheme is to steal billions from the U.S. government through, you guessed it… hacking. The entire premise of the plot is that in the vast, computerized world of modern finance, $9.5 billion could slip through the cracks so that a clever hacker could, with hacking, transfer it to his own account unnoticed. Heck, I could use a new car… I’m gonna hack a few grand right now using my Hollywood generated CGI screens with 3d hacking tools where the mouse moves even though your hands are busy typing! It might have fooled the unwashed masses, but we know better.

It’s time once again, young-ins, to gather around the campfire and I, an eSource tribal elder, will once again mesmerize you with tales passed down from Sysadmin to Sysadmin. For these are the continuing tales of the life force we call Internet spoken by those who were there to experience it many moons ago… (cue howling wolf).

This hack had a good run in the early to mid 90’s and is seen occasionally in this day and age in the dial up world. It had to do with luring someone to a page that interested them and getting them to click on a particular script… Not for a mere few cents in booty like Google AdWords pays today, I’m talking 99 cents per minute level booty!

During the heyday of dial up internet, people got accustomed to hearing that familiar dial tone, beeping, and subsequent squeal of the answering modem as they connected to the Internet via their local ISP. Hearing that sequence of events squawk through the speakers meant we were connected and ready to surf. Some users, though, elected to silence their modems and rely on the primitive Windows 95 icon to tell them they were connected.

Now, in the early days of Windows 95, Winsock Dialer was the method used to connect to dial up ISP’s. It was not initially part of Windows and had to be installed via a floppy disk (which ISP’s provided free of charge). These disks usually included the dialer and modem script with commands that were sent to the modem telling it what to do. It is in this script that astute users could send commands to the modem to tell it to dial quietly. Other commands in the modem initialization string could serve other functions, but the speaker and sound related ones were usually limited to:

M0  Speaker always off
M1  Speaker on during connection
M2  Speaker always on (very noisy)
L0  Lowest volume
L1  Lowest volume (redundant)
L2  Medium volume
L3  Maximum volume

And so on. The point is that a text based initialization file was all that was needed by Winsock (and other dialers) to get your modem to connect to your ISP. And it was this security hole that nefarious Internet underlings exploited to rake in millions from unsuspecting dupes. Here’s how…

Two VERY popular (and still popular) niches of the Internet are pornography and free (illegally) software. Newsgroups were the method of the day, but websites were starting to appear that offered “FREE” content and thousands of pictures, software, etc.. When people would visit these sites, they were told that in order to access their “FREE” content, they had to download some files or even download and run a program that would “set up” their computer to get the free material anonymously, faster, whatever it took to get the person to agree.

Once downloaded and run, the script would actually change the dialer settings of the Winsock script to dial an ISP with a 900 number, and also change the speaker settings on the modem. Once loaded, the script was executed which basically told the modem to hang up and reconnect. The sound of the modem disconnecting is usually a very faint clicking noise. If unnoticed, the unsuspecting web surfer’s connection was disabled and re-established using this silent pay-by-minute 900 number instead of their usual ISP. Some astute people would hear the disconnect click and suspect foul play, others though were a trustworthy bunch that, since the modem dialed silently, had no idea they were connecting to high priced dial in service.

The user was then taken to the site which, as promised, delivered endless hours of viewing pleasure to the unsuspecting client… until the phone bill came! In those days, disputes on the bills were not usually tolerated by the phone companies, so the client paid the phone bill, in turn paying the hackers. If they were not clever enough to figure the time frames, the blame sometimes fell on unsuspecting teenagers in the family that were blamed for countless hours on Corey Feldman party lines.

Now, off to bed ya go! The Elder’s will regale you with tales of Internet old some other time!

There are times when I tell someone much younger than me about some of the trials and tribulations of early Internet life.  You know… before DSL and cable modems, before Wi-Fi, before DVD’s. Sometimes they look at me like I was making all of it up just to amuse myself.

Let me start with a little background. I have been a Software Engineer for almost 25 years. I have had many titles and worked for all sized companies, from fortune 100 to mom-and-pop. I was around when the Internet ‘happened’. When this weird, wonderful technological gift was bestowed upon humanity. I’m also old enough to know, for a FACT, that Al Gore did NOT invent the Internet. Ah, those glorious days of my youth, watching as computers progressed from 286 to 386 to Pentium… Watching as hard drives fell in price from a $695 10MB drive to a $60 1TB drive. But I digress.

Such was my early involvement with the Internet that I hold the dubious distinction of building and installing the first Internet accessible dial-in server at the University of Phoenix for student communication. Prior to that they had to use a dial in Bulletin Board system called ALEx (Apollo Learning Exchange). I left there in ‘95 to dedicate my efforts to Internet related activities and joined up with a man who wanted to start his own dial-up ISP. It reached it’s limit at about 1000 subscribers and was giving Primenet (our biggest local competitor) a run for their money. So, with that said, I believe I am pretty well qualified to speak on the historical events and their significance / relevance, peppered with a little humor, sarcasm, and embellishment.

Thus was born the thread Hacking it: Old Skool. Here I will chronicle some of the pitfalls, surprises, achievements, and flat out failures of various Internet activities. So gather around the campfire and I, the eSource tribal elder, will mesmerize you with tales passed down from Sysadmin to Sysadmin. These are the tales of the life force we call Internet spoken by those who were there to experience it many moons ago… (cue howling wolf).

This first article deals with early attempts at email blast marketing and how the perpetrators would hide their tracks. Remember that in the early days of the Internet, our email programs were barely GUI. They had none of the features you kids enjoy today like spam filters (at least ones that worked) or embedded HTML. They were TEXT with simple links and limited styling. Pornography was a budding business back then and people were looking for ways to get people to click to their site thinking they were clicking on something else. Hopefully the person who clicked was A) A guy, B) Looking for porn anyway, and C) Too unfamiliar with the early browsers to release themselves from the shackles of the endless redirect!

Knowing their dial-up ISP would delete their account if they got complaints against them sending such material, they looked for ingenious ways to send emails, make them look like they are from someone else, and completely wash their hands of them. One such technique was called “The Gullible Server.”

In those early days, ISP’s were generally small shops that, as a group, looked out for each other and tried to help out as needed. There were many servers that had security holes, either by choice or incompetence, that left the door wide open to those looking to take advantage of their kindness.

The Gullible Server involved finding an ISP whose SMTP server had lax security / checking. The email marketer would then create their email with fraudulent or unreliable links and create an email list of recipients. Then the following would occur:

1) The FROM address would be the actual address of the intended recipient

2) The TO address would be a bogus address at the domain server they were spamming through (say Fake_Address@nowhere.com)

3) When the email reached the Gullible Server, it tried to deliver it to the bogus address on their server. It would not be found

4) Trying to be nice, the Gullible Server would send the email back to the FROM address to let them know it was undeliverable

5) The user listed in the FROM address receives the email and the nefarious email scammer’s plan is put in action

6) Some angry users call nowhere.com and complain about receiving offensive unsolicited emails

7) Clueless admin scratches his head trying to find the user Fake_Address@nowhere.com… No luck

If the admin waited more than a couple of days to check the logs and see what user actually sent the email, they were most likely gone or simply did not exist (the logs, not the user). Remember that drive space was at a premium, so keeping long term records on small capacity HD’s was not a priority or a necessity for small, independent ISP’s.

The scam had several variations as different filters and methods were developed for the email servers to combat this sort of thing. For those early hacking pioneers it netted them some benefit and riches. As the popularity of the Internet grew and ISP’s began having to fight and claw to hold on to their customers, the locks got even tighter and eventually this type of email spamming became a thing of the past.

Now, off to bed you little scamps! I’ll regale you with further tales of Internet past some other time!