This is incredible to read n many years later. I was a per-pubescent adolescent around the time of the publication of the "last great zines", and was only ever really exposed to a small subsection (HTP5, the MIT.edu and Linode incidents) through several mutual friends of mine who were, at the time, enthusiasts of and in the scene.
That era and community was without a doubt the foundation for who I am today as a young adult, and who I strive to be in all aspects of life. I have and no doubt will continue to consume all of this content I may have missed out on since then.
P.S. If I may call your attention to volume 0x0f, 0x45, part A of section 6 (Notes); wow. This, along with everything else, is enormously prophetic, profound, and intriguin:
"--[ 6 - Notes
A) In respect to social networks, while they are a valid community-building
mechanism in nature, selfishness prevails in common usage, by means of the
indulgent pleasure that fuels chronic "pluggedness", at times voyeur, at
times exhibitionist and needy."
Money killed hacker groups, I suppose the rise of cryptocurrency is to blame for dealing the final blow.
Almost all of us involved in the creation of HTP5 were children, few of us cared about money. It didn’t seem attainable at the time anyway, just something fraudsters from third world countries dealt with.
I think bitcoin changed this, now there’s a clear mechanism that enables anyone to profit from their crimes without having real life contacts or dealing with insecure services like liberty reserve.
If I were to get root@Linode again I’d certainly have far more lucrative targets in mind than rival IRC networks.
The great blackhats from groups like Ac1db1tch3z became billionaires by hacking bitcoin exchanges. It’s obvious why nobody is making zines anymore. The hackers claiming to not care about money were almost without exception children or just pretending to not care because they didn’t have the answer to “how?”.
You didn't have anything to contribute to HTP5, and you also didn't have root at Linode. My contention is that hacking groups were killed because of informants, such as the one we mentioned at the end of the Linode section. Thoughts?
I think you are not who you claim to be. If you are, you should know better.
I never said I got root at Linode, but I did have root at Linode.
FWIW I dumped all the MIT, nmap and Sucuri data in HTP5 and popped the shells on swiftircd boxes (who IIRC ended up being the first ones to alert linode to our presence). It’s not any kind of an achievement, but hard to claim I wasn’t deeply involved.
As far as I know none of the stuff about informants in the Linode section was true. I don’t think anyone got hacked and had their handler standing behind them, at least I never heard more of that story. Ryan King and Rory Guidry continued their involvement with HTP long after the Linode stuff.
Did informants kill hacker groups? I don’t think so. FBI infiltration of hacker groups predates the death of hacker groups by well over a decade, it never stopped anyone.
You were given logins to accounts, never Linode. Then you leaked zine material and were banned. I do know better. Bet you still don't even patch your bots, scrublord. Cancel your internet service before you get yourself locked up again.
Also if you didn't care about money, what do you call "Lizard Stresser"? Or a short trip through your comment history: "There’s me, a frequent traveller who uses UberLUX 4+ times a day, spending more than 5000GBP/mo.".
I had fuZe on the linode control panel, I dumped all their web sources and db. You can confirm as much from the public #linode logs.
>Also if you didn't care about money
I’ve never pretended to not care about money. Those who claimed to not care were either just children or unable to answer “how?”.
Take XiX for example, someone who always claimed to not give a fuck about money seems to be working on his second(?) startup now. In the end, everyone cares about money.
https://github.com/deadbits/Zines used to be an archive of tons of similar ezines, the repo has been disabled ¯\_(ツ)_/¯. Some of the zines it used to have include HITB, PhineasFisher, TeaMp0isoN, ZF0, anti-anti-sec, anti-sec, b4b0, dikline, el8, h0no, htp, owned and exposed, phrack, pocorgtfo, uninformed.
Damn. I was really hoping there was a new article. I started reading these as wee lad back before I knew what a malloc was. Eventually I learned enough to get myself suspended. >:)
Thankfully, I use my knowledge for good nowadays.
Looking forward to the next issue whatever decade it may come.
Has this now been reclaimed by hackers? If so, that is great news. It used to be an amazing source of information, back when Tarod and Knight Lightning ran things. Then it slowly seemed to get taken over/become for the cyber-security professional crowd. The P.H.I.R.M. publications are great reading too. gatech.edu used to have an archive of all the old Phrack issues somewhere, and more, but I've no idea if it's still there.
Once the editor changed from an individual to "The Phrack Staff" it kinda lost it's charm. I also take it as a sign of the times tho, folks who needed to earn a living couldn't risk being strongly associated with the zine. Folks also began self publishing on their own sites/blog and bugtraq really became the place to publish your CVE... It was fun while it lasted. I'm sure the new & current gen have their own idea of the "in thing".
There was some ongoing consternation at ISS around 96-97 about an employee being a Phrack editor. Management talked to them but it didn't threaten their career.
I have faint memories of SNI people being upset that ISS salespeople tried to pigeonhole us as hackers (this all precedes the widespread adoption of the hat coloration system).
I guess, on post-97, pre-99 ISS, I stand corrected. :)
With a team like ISS X-Force, it would be silly to claim there wasn't any hackers involved.
Infact, I'm pretty sure there was quite a few Phrack articles written by ISS employees in their earlier life, under their irc names,,, myself included. ;)
I think most of the content that would have gone into Phrack in early days became posted as commercial vulnerability research later on.
I think perhaps not everyone that would want to participate had their career in software security though, and I can imagine some other software sectors where they might look unkindly on the relationship. E.g. Someone working deep in the bowels of some company in the financial sector but their hobbies are more diverse.
Hacking became "cool" for the corporate world in the late 90's. Movies like The Matrix and the fact that nothing too valuable was online yet meant that getting hacked was likely just web site defacement. Meanwhile, there was finally real money to be made in developing security for when the web finally became worth protecting.
You know, I might be conflating phrack with 2600 in my head. IIRC (which is by no means guaranteed) 2600 was (is?) a bit more edgy, but I was regularly reading both at around the same time in the early 2000's, so some of my ideas about them might be mixed after all this time.
When did that supposed shift happen? I lost track after Schiffman, but everyone up to that point was pretty much the same kind of people as the KL crew.
For those not familiar with it, Phrack was teaching how to exploit buffer overflows back in 1996 [1]. This is still relevant today and required for some certifications in cyber security like the OSCP.
Also notable that The Mentor (Loyd) actually participates (or used to participate) here in Hacker News. I had a brief starstuck moment when he commented here in another thread in the past.
I was so identified by this in the early 1990s because I was very lonely in my small town in a developing country where nobody cared about computers and programming. As I got access to the internet I finally found a sense of belonging.
That's awesome. Perhaps closer to the early 2000s for me (on Astalavista [sic] or some such), and I still get the feels when I read it. It really made what otherwise seemed like a strange/underground interest turn into a noble pursuit.
New generation here, where can I go to find people who still value the old hacker ethos? I'm not even that young (28), but never encountered these groups when I was younger and my preferences and values surrounding technology have always put me slightly out of step with my peer group
Right now it's currently wired up to an ObiHai box and using it to connect to my GoogleVoice number. Accepts coins, makes the coin tones, can make and receive phone calls. Fully functioning.
On the hunt for some old baby bell info cards. Would like to have Nynex showing through instead of Qwest.
I'm also a younger hacker and I have the same issue. I've found 0x00sec.org is alright, and security CTF forums can be decent, but there's an awful lot of people just looking for easy answers and aren't interested in learning or sharing knowledge.
That is very true; lots of people do manage to grow up. A big part of the issue is just that smart, disaffected 16 year olds are just awful to be around. I know because I was one.
May as well add myself into the list of younger people seeking a similar community. The closest I've found thus far is HN itself, which while obviously not security focused is at least interested in both learning and sharing.
Same, Phrack was mind expanding for my teenage self in the 90s. Is there anything similar floating around these days? So much on the Internet seems filtered through corporate platforms that are antithetical to the counter-cultural spirit. Or maybe I'm just old now!
2600 is still alive and well and STILL mails me a quarterly physical magazine. $250 for a lifetime subscription. The article quality is all over the place.
pocorgtfo is pretty good, but it's more aimed at 'weird machines' than just exploit techniques. You can also buy a copy online that comes looking like a bible, which I rather cherish as a possession ;)
I own two editions of it and they are great! Just chok full of really, really wonderful stuff. Particularly the tomagatchi hacking articles!
I feel a little uneasy reading them in public, though. The cover has, in big, bold beautiful letters "PoC || GTFO" which might lead someone who isn't familiar with the binary OR operator and the use of PoC as "Proof of Concept" to believe I hold opinions that I VERY much don't.
I help run the OpenToAll CTF team - while the primary focus for most are CTFs, the community (>500) has really expanded, e.g., (in the slack workspace) we have active channels for N-day repros, bug bounties with internal competitions, financial trading shop talk, and hardware hacking. You wont find much OTR or blackhat stuff ( due to slack ToS), but Ive found the community loves learning and discussing all things sec.
It doesnt hit your mark completely, but hopefully its somewhat helpful
Originally we were on IRC. As the team grew, more CTFs were being played - often concurrently - so having dedicated (private) channels for a given CTF and "sub" channels for its challenges gave us a lot more flexibility.
That being said, we've considered migrating to Discord, Zulip, or Matrix - just haven't gotten around to it yet.
Please consider using either Zulip or Matrix from the get-go, else if you just pick Discord you will find yourself in the very same situation as with Slack before long.
I was in a little CTF server which got flagged and taken down, even though there wasn't anything too particularly nefarious going on. Maybe someone did upload something dumb which raised flags on Discord's end, though.
This is a crazy read; I was there (though very young and not well connected) and, just try to get your head around a world in which the Internet was so new and unstable:
Those were fun times, for sure. I got on the Internet fairly early (1991-ish), mostly through not-quite-legit means. Later on I got some jobs at early ISPs and helped a couple others get started. In those days, if you could configure a T1 and set up a couple static routes, you were considered a god.
I helped start a pretty successful ISP in Chicago (EnterAct) in --- I think? --- 1995, and it was bizarrely easy. By then, CLECs would deliver you a PRI (I think?) that would terminate calls from every suburb in Chicago, so you just needed a rack, an ethernet connection to an upstream, the PRI, and a couple of terminal servers to get started. We had a DS1, connecting our cage at MFS to our offices, but our actual upstream was just 10bT.
For a long time, I routed the whole thing with proxy ARP. :)
PRIs arrived a bit later around here, and definitely changed the game. I think it was late 1996 when they started getting popular. Before that, it was stacks and stacks of modems! I remember going into one of the main POPs and there were metal shelves, over 150 modems (Microcoms, I think?), power strips 3 layers deep, individual serial cables to terminal servers, and a river of RJ11 phone cables coming out of the wall. All this was in an unconditioned basement in a small office park. All those blinking lights sure looked cool though.
Our upstream was a couple T1's to two different providers. At some point, there was a billing dispute and one of the T1's got shut off. Everything was lagged for weeks. I forget the brand of terminal servers, but they booted off floppies, and stored their password file there, too (this was before RADIUS was deployed.) Crazy times.
Phrack's article on buffer overflows on the stack was incredible back in the day. It taught me more about how computers work than any class in University. I referred back to it for years for understanding how programs actually run. Will always have a soft spot for that.
"Smashing the stack" was required reading for the final lab project of a 300-level course at IU. As a TA for that class I saw it go right over lots of people's heads. When I took the class myself, I was the only one to finish the assignment (implement a basic buffer overflow attack over serial on some embedded system); the first time I taught that lab, only one person finished as well. Everyone who finished really got it, though. I'll always have fond memories of that article.
I remember reading these when I was growing up. I understood very little at the time but it filled my mind with wonder and was one of many things that nudged me towards studying CS.
Mobile browsers set the viewport width to a default of 960px (Android might be a little different from iOS). That's why a plain text file displays so poorly on mobile. It's rendering to a pixel width larger than the display (and zoomed to fit).
For the "plain text" look set the font family to monospace. Bam readable and responsive "plain text" look.
in CSS you can do "max-width: 40ch" on smaller devices if you want. For fancy decorations you'd need need to draw them with css and/or pseudo elements.
That era and community was without a doubt the foundation for who I am today as a young adult, and who I strive to be in all aspects of life. I have and no doubt will continue to consume all of this content I may have missed out on since then.
P.S. If I may call your attention to volume 0x0f, 0x45, part A of section 6 (Notes); wow. This, along with everything else, is enormously prophetic, profound, and intriguin:
"--[ 6 - Notes
A) In respect to social networks, while they are a valid community-building mechanism in nature, selfishness prevails in common usage, by means of the indulgent pleasure that fuels chronic "pluggedness", at times voyeur, at times exhibitionist and needy."
- http://phrack.org/issues/69/6.html