The hacker's handbook electronic Research Edition

Download 0.81 Mb.
Size0.81 Mb.
  1   2   3   4   5   6   7   8   9   ...   20

Electronic Research Edition

(c) Hugo Cornwall, 1994

Copyright Notice:
This text is copyright, all rights are reserved. There is a limited

license for electronic distribution as follows:

1 The sole version that can be distributed exists as a single

ASCII file based on the Third Edition but excluding certain

illustrations and extracts and downloads. The file includes this

introduction and copyright notice

2 The text may not be held available for public download from

any site without the express permission in writing of the copyright

holder - contact details below.
3 Copies of the file, provided they are complete and unaltered

may be distributed privately between individuals at no cost but

not as part of any organised "public domain" type library,

whether for payment or otherwise nor included in advertisements

or catalogues by any organisation. Those who distribute should take

steps to ensure that any recipient fully understands the current

state of law on unauthorised access to computers, including incitement.
4 The file or any part thereof may not be included in any CD-

ROM or similar electronic publishing medium, whether for payment

or otherwise
5 The reproduction in print of the contents of the file or any

part thereof is expressly forbidden

Applications for individual variation of these terms should be

addressed to the copyright holder:
Virtual City Associates

PO Box 6447

London N4 4RX

United Kingdom


The text contains hidden identity markers

Legal Notice

At the time this book was written and published, computer

trespass, unauthorised access to computers unaccompanied by any

further harm was not illegal in the United Kingdom, the domicile

of the author and the place of first publication. Such activity

is now a breach of the Computer Misuse Act, 1990, s 1. Similar

legislation exists in many other countries.

As is made clear in the introduction to the electronic edition,

the purpose of releasing this version, with its main text written

in 1987, is to satisfy the needs of scholars and others who want

a source document on what personal computer communications and

"hacking" were like in the mid- to late-1980s. Some of the

systems and much of the equipment referred to is now, in 1994,

quite obsolete. Nothing in this text should be taken as a

recommendation or incitement to explore computers and computer

systems without the express authorisation of the owners.



The original Hacker's Handbook was written in 1984 and first

appeared in the UK in 1985. It was a much bigger success than

I had expected, helped along by a modest pre-publication

condemnation from Scotland Yard which was then hyped up by a Sunday

newspaper and by the arrest, a few days after publication, of two

alleged hackers who had apparently breached the security of Prince

Phillip's electronic mail-box.

While writing the book I was always aware that within me was an

editorial fight between prudence and the accusation of punch-

pulling. Most of the time prudence won and shortly before

publication I was afraid that most readers would regard it as

rather feeble. However the coincidence of the news-stories,

quite unco-ordinated by any professional hype-merchant, sent the

book off to a flying start. The publisher's first print run was

modest and the bookshops very quickly ran out. A reprint was

rapildly ordered but the temporary non-availability created the

myth that the book had been banned. A London evening newspaper

announced I had been arrested. That wasn't true either; I was

never at any stage even interviewed by the police and all my

meetings with the UK's specialist computer crime cops have been

quite cordial. But all the stories helped helped the book's

reputation. It remains one of the few computer titles ever to

appear in a main-stream best-seller list - the London Sunday Times,

for 7 weeks in a total of 8.
Four editions appeared in all, of which the last was written not

by me but by Steve Gold, one of the hackers accused of the Prince

Phillip stunt - he and his colleague were eventually acquitted in

a case which went all the way up to England's highest court, the

House of Lords.
By 1990, public alarm at the activities of some hackers lead to

the passing into law of the Computer Misuse Act which explicitly

criminalised any form unauthorised access to computers. To

continue publishing the Hacker's Handbook thereafter might have

constituted an incitement to commit an offence. I would like to

think that, should the occasion arise, I would be willing to

stand up against an overmighty government which trampled on free

speech, but I really didn't believe that the Hacker's Handbook

quite fell into that category. The Fourth Edition was allowed to

go quietly out-of-print and was not reprinted.

But the enquiries to get hold of copies continue to arrive and I

think the time has now come where one can justify this limited

form of publication. I see the main audience among historians

of technology and of crime.

This edition is based on Hacker's Handbook III, published by

Century in 1988. I have removed the appendices and some of the

illustrations of downloads. This is more a matter of convenience

than anything else. I know there are people out there who

believe that there have been special editions removed from

bookshop shelves in mysterious circumstances and I suppose I

should be grateful to have been involved in a small-scale "cult",

but, really, you are not missing anything of any importance.

The descriptions of computer communications technology will now

strike many readers as quaint - at one stage I talk about modems

offering speeds of 2400 bits/s as beginning to appear. No one is

much interested in videotex these days. Then the virus was an

idea not an everyday random threat. These were pre-Windows

times and almost pre-Mac, and before the arrival of sophisticated

high-speed error correcting, data compressing fax-modems. We had

bulletin boards but not the large international conferencing

systems. But you can read about some of the beginnings of what

is now called the Internet. By late 1993 anyone who wanted to

explore the Internet could get easy legal access and a legal identity

for about 10ukpds/month. In the very early 1980s, when I started

my explorations, you had no alternative but to be a benign

trespasser - a cross country rambler as I describe it later on in

the text.

So this is something of a time capsule; a period when the owners

of personal computers were just beginning to learn how to link

them to the outside world - and how some of them were so fired

and excited by the prospects that they rushed to explore what and

whereever they could.

Since the publication of edition III I have earned my living as a

computer security consultant. It is tempting but inaccurate to

say I am a poacher turned gamekeeper. Recreational intrusion

into computers by outsiders is a long way down the list of

substantive risks. The real person behind Hugo Cornwall, as

opposed to the slightly mythical figure that readers have wanted

to manufacture, is an Oxford-trained lawyer self-taught over the

last twenty years in computing. Most of the time I am tackling

fraud, industrial espionage and advising insurers and companies

of the precise ways in which a business can collapse as the

consequence of a fire, bomb, or other disaster. My writings

about hacking have given me a limited form of prominence and also

some insights, but many of the skills I need day-to-day have

come from elsewhere. Hacking is far less important than many

people think.

Hugo Cornwall

London, UK, August 1994


H A C K E R ' S H A N D B O O K I I I


(c) Hugo Cornwall, 1985, 1986, 1988, 1994


Preface to Third Edition
1: First Principles: developing hacking instincts
2: Computer-to-computer communications: how computers talk to

each other

3: Hacker's Equipment: terminal emulators & modems
4: Targets: What you can find on mainframes: history of remote

services, on-line publishing, news broadcasting, university

and research mainframes
5: Hacker's Intelligence: phone numbers, passwords and background

6: Hacker's Techniques: 'the usual password tricks'; a typical

hacking session - tones, speeds, protocols, prompts,

operating system levels

7: Networks: PSS technology and terminology; public and private

networks, VANs

8: Videotex systems: public and private services
9: Radio computer data : plucking data from the radio waves
10: Hacking: the future : falling hardware costs and increased

remote computer usage versus increasing security; the

synchronous world; hacker's ethics

Appendices (omitted)

I: Trouble Shooting

II: Eccentric Glossary

III: CCITT and related standards

IV: Standard computer alphabets

V: Modems

VI: RS 232C and V 24

VII: Radio Spectrum

VIII: Port-finder flow chart

IX: File Transfer Protocols
Index (omitted)


The original Hacker's Handbook had quite modest expectations. It

was written because, halfway through 1984, it had become apparent

that there was a growing interest in the exploration, from the

comfort of the homely personal computer, of the world of large

mainframes and the data networks that connected them to each

other. The same questions were coming up over and over again in

magazines and hobbyist bulletin boards. Why not produce a book to

satisfy this demand, the publishers and I asked ourselves. At the

same time I, and a number of other hackers were concerned to make

sure that those who were going to play around with other people's

machines understood the fundamental ethics of hacking and that,

without being too pompous about it, I thought I could do along

the way in this book.

During 1985, the original Hacker's Handbook went through a

remarkable number of reprints and a fresh edition appeared just

under a year after the first. By 1988, rather a lot of things

have changed. In 1984 the home computers most likely to be owned

by the book's British readers would have been the Sinclair

Spectrum or the Acorn/BBC Model B. Increasingly, one must expect

that the domestic market is using clones of the IBM PC or, if

they have come to computing via word-processing machines, the

Amstrad PCW 8256 or 8512, or perhaps an icon-based machine like

the Apple Mac or Atari ST family. These machines simply have much

more power and many more features than their predecessors of

three or so years previously. Among other things, the disc drive

is no longer a luxury and very few people have to rely on

cassette players for program and data storage. The software such

computers can support is much more sophisticated. Again on the

equipment front, the typical modem was an unsophisticated device

which required the user to lever a telephone handset into some

rubber cups in order to make a connection to the outside world.

Today's modems are not only directly connected to the telephone

system, they have a large range of functions which can be called

into play and which increase their versatility and value. They

are also much more affordable.

The world outside the home computer has also changed. Electronic

publishing was still a tentative, self-apologetic industry in

1984; now it is operating with vigour and there are many more and

many different systems and services to be explored. There has

been an astonishing growth in the range of electronic services

available for customers of all kinds to use; some represent

substantial publishing activities, others allow large companies

to work ever more closely with their branches and men in the

field, or to communicate more effectively with retailers. The

keen competition to sell new financial services has made banks

and building societies place even more of their future hopes in

communications technology. Electronic mail systems are now

serious commercial enterprises. At the same time, the range of

network facilities - the railway lines or roads along which data

can travel from one remote location to another - has been

considerably extended both in terms of sophistication and the

number of people who expect to use it.

In 1984, a British home computer's first use of an external

service would almost certainly have been Prestel; now it could be

any of up to ten useful information and electronic mail

facilities. Prestel itself has been overtaken in the size of its

user base by Telecom Gold. In what is now the second extensive

rewrite (and hence the third edition), I am taking the

opportunity to give new readers the chance to appreciate the

world of hacking in terms of the equipment and experiences of the

late- rather than the the mid-1980s.

Perceptions about hacking have altered as well. In 1984 the word

was only beginning to shade over from its original meaning as

"computer enthusiast" into the more specialist "network

adventurer". However, in the last couple of years, sections of

the popular press have begun to equate "hacker" with "computer

criminal" or "computer fraudster". This has never been my

definition. At the same time, the authorities seem to have homed

in on hacking - in the sense of unauthorised entry into a

computer system - as the most serious aspect of computer crime.

That this is in defiance of all the research work and statistics

doesn't seem to bother them. Computer crime is most typically and

frequently committed by an employee of the victim. Accordingly, I

am taking the opportunity to explain more clearly what I regard

as the purpose of and limitations on, hacking. In 1984 I thought

I was writing for a knowledgeable elite; the first print was

5,000 copies and, if the book had only sold that number I guess

that both the publisher and author would have felt that things

had gone "alright". In the UK alone, ten times that number have

already been sold and there have been overseas editions also. As

it happens, I firmly reject accusations that the book has caused

any substantive harm, but obviously knowledge of the existence of

a wider readership has made me assume less about people's sense

of how to behave responsibly.

There's also been a change in my personal circumstances; I now

earn a good part of my living from advising on computer security

and systems integrity. Since hacking in the way I describe it is

such a small part of the overall range of risks faced by

companies through their computer systems, there is very little

conflict between those activities and the authorship of this

book. However I now receive a large amount of confidential

material in the course of my work. I must be explicit about the

simple rule I have always adopted in deciding what to include:

the confidentiality of information given to me in the course of

work is paramount, just as I have always respected the

confidences of hackers. But anything which has already been

uncovered by hackers and enjoyed circulation among them is fair

game for repetition here.

The aims remain the same. The book is an accessible introduction

to the techniques of making a micro speak to the outside world, a

rapid survey of the sorts of information and data out there

waiting to be siphoned through a domestic machine and a scene

setter for those seduced by the sport of hacking. It is not the

last word in hacking. No such book could ever exist because new

"last words" are being uttered all the time; indeed that is one

of the many attractions of the sport.

Literary detectives who possess either of the previous editions

of The Hacker's Handbook will have little difficulty in

recognising whole sections in this new edition, though I hope

they will also identify the many new features and details. While

re-writing the book I have taken the opportunity to update every

aspect of those earlier editions that have proved worth

retaining, in some cases considerably expanding on what had

previously only be hinted at, have replaced certain material that

had had to be omitted for legal reasons and have included some

completely new descriptions of major hacks that have either come

to light recently or where, for one reason or another, it is now

safe to offer a report.

As with the original book, various people helped me on various

aspects of this book; they will all remain unnamed - they know

who they are and that they have my thanks.

London, August 1987


The word "hacker" is now used in three different but loosely

associated ways: in its original meaning, at least as far as the

computer industry is concerned, a hacker is merely a computer

enthusiast of any kind, one who loves working with the beasties

for their own sake, as opposed to operating them in order to

enrich a company or research project - or to play games. In the

compressed short-hand language of newspaper and tv news headlines, a

"hacker" has sometimes become synonymous with "computer


This book uses the word in a more restricted sense: hacking is a

recreational and educational sport; it consists of attempting to

make unofficial entry into computers and to explore what is

there. The sport's aims and purposes have been widely

misunderstood; most hackers are not interested in perpetrating

massive frauds, modifying their personal banking, taxation and

employee records or inducing one world super-power into

inadvertently commencing Armageddon in the mistaken belief that

another super-power is about to attack it.

Every hacker I have ever come across has been quite clear where

the fun lies: it is in developing an understanding of a system

and finally producing the skills and tools to command it. In the

vast majority of cases the processes of 'getting in' and

exploring the architecture of the operating system and applications

is much more satisfying than what is in the end discovered from

protected data files. In this respect the hacker is the direct

descendant of the phone phreaks of fifteen years ago; phone

phreaking became interesting as intra-nation and international

subscriber trunk dialling was introduced - when the London-based

phreak finally chained his way through to Hawaii he usually had

no one there to speak to - except the local weather service or

American Express office to confirm that the desired target had

indeed been hit. Interestingly enough, one of the earliest of the

present generation of hackers, Susan Headley, only 17 when she

began her exploits in California in 1977, chose as her target the

local phone company and, with the information extracted from her

hacks, ran all over the telephone network. In one of the many

interviews which she has given since, she has explained what

attracted her: it was a sense of power. Orthodox computer

designers have to be among the intellectual elite of our time;

and here was a 17-year-old blonde, hitherto heavily into rock

musicians, showing their work up. She 'retired' four years later

when a boy friend started developing schemes to shut down part of

the phone system. Last heard of, after giving evidence to a

committee of the US Congress, she was working on a "government


There is also a strong affinity with program copy-protection

crunchers. As is well known, much commercial software for micros

is sold in a form to prevent obvious casual copying, say by

loading a cassette, cartridge or disk into memory and then

executing a 'save' on to a fresh blank disk. Copy-protection

devices vary greatly in their methodology and sophistication and

there are those who, without any commercial desire, enjoy nothing

so much as defeating them. Every computer buff has met at least

one cruncher with a vast store of commercial programs, all of

which have somehow had the protection removed - and perhaps the

main title subtly altered to show the cruncher's technical

skills - but which are then never actually used at all.

But there is also a strong link with "hacking" in that earlier

sense as it existed around Massachusetts Institute of Technology

at the end of the 1950s and again in the Bay Area to the south-

west of San Francisco in what was becoming known as Silicon

Valley in the early 1970s. It is in the existence of this link

that one can find some justification for the positive benefits of

hacking as a sporting activity to counter-balance the ugly

stories of vandalism and invasions of privacy.

On a warm Friday afternoon in the late Autumn of 1986 I was being

conveyed in a shaking RV - recreational vehicle - past the

Silicon Valley townships of San Mateo, Palo Alto, Cupertino and

Sunnyvale up into the redwood-forested hills towards a

prototypical American Holiday Camp. I was on my way to the

Hackers 2.0 Conference, a follow-up the first Hackercon which had

been a class reunion for a group of people, some of whom had

known each other for nearly fifteen years, and who were linked by

their enthusiasms for stretching ever further the possibilities

of computer technologies. Among the just-under 200 attendees were

people who had invented computer languages (Charles H Moore and

FORTH), who had designed computers (the original Osborne

transportable, the Apple Mac), whose animations simulating

satellite movements around distant planets for NASA have become

part of the way in which most of us imagine space, who had been

Share with your friends:
  1   2   3   4   5   6   7   8   9   ...   20

The database is protected by copyright © 2019
send message

    Main page