Friday, January 21, 2005
Busted!
The thrill of being the secondary supervisor had almost disappeared six months later. The job of deleting unwanted files became more and more boring and I decided to delegate responsibility. I could tell Bond to do this whenever disk space got scarce. Bond was my best friend, one of the original hackers. He was extremely tall and emaciated. There was a joke that God had used 2D CAD to design him and that was why nobody could see him from the side. Bond was probably the only guy who didn't have a single enemy in the whole world. The greatest thing about Bond was that he could write a program to do anything you tell him to, eventhough only he could figure out how it worked. He had a compulsion to replace the first vowel of every variable with an underscore. After taking some advice from Anjum, he kicked this habit. He had written some wonderful programs, one of which looked like DOSSHELL slightly enhanced and another which was a mailing system on Novell. Bond knew about DIAGS. I had told him that in case he wanted SUPERVISOR access, he could ask me to login to DIAGS. I granted all rights except parental to all volumes except OFFICE, which contained
sensitive administrative information and SYS, which everybody had only read access anyway. I told Bond that he should delete unwanted files when real estate prices increased. Later I also told it to Spasm and Anjum.
A week later, when I logged into HACKERS, I found that the password had changed. We had a system for letting other hackers know about changed passwords. We would encrypt the new password using the old password as the key and store it in a file called NEWPASS. The file's name and location was standard, placed in the Hackers' TOOLS directory, which had read access to everybody. Thus anybody could see the encrypted password, but had to know the previous password to decrypt the new password.
I logged in to CS8, a general account for eigth semester Computer Science students and tried to decrypt the new password. I got garbage. I found out that whoever changed the password had forgotten to update NEWPASS. I looked at my watch. The time was 7:45am. I would have to wait until one of the other guys come. The hackers began to come one by one but no one knew the password. I thought I could simply login to DIAGS and fix the problem, but decided against it. We all went to the admin to request a change of password.
Bond said: "Ma'am, we can't login. One of us must have changed the password and-"
"I know. It was I who changed the password," she interrupted, "You have access to everything in the network. How did you get it?"
"Not all ma'am, all except OFFICE and SYS volumes," I wanted to clarify but I kept quiet. Better to act innocent until proven guilty beyond doubt. "What rights ma'am?" I asked with as an innocent expression as was possible.
"I checked your access rights and saw that you had rights to the entire LAN. I immedeately changed your password."
"We don't know anything about it."
"Then how did you copy that package?"
"Package? What package?" I asked, totally confused.
Bond suddenly started talking. "Ma'am, we logged in to CS8 and granted rights from there. That was how we could copy the package."
I realized that this was something I didn't know, it was better for me to remain silent and let Bond explain everything. Bond and Anjum explained how they logged into CS8, granted rights to HACKERS, logged into HACKERS, copied the package, replaced it with a dummy executable and gave Read/Open/Search rights from the copy. They clearly stated that the rights she was talking about were absolutely unneccesary to do what they had done.
"But how did you get the rights?"
"Only the supervisor can grant rights ma'am. Am I right?" I asked
"Yes."
"Then one of the people who has the password must have given it."
"But only I and one other person know the password and neither of us have done it."
"Then it obviously means that someone else has the SUPERVISOR password." I said with an air of certainity, in the manner of making a brilliant deduction.
"Impossible, there are no leaks."
"Ma'am, is there any sign of damage? Any files missing or altered?" I asked.
"Doesn't look like it, but we are checking."
"This problem has a simple solution ma'am," I said "REVOKE the offending rights and change the SUPERVISOR password. And that way everybody's happy."
She then went on to explain that they had a lot of sensitive information on the LAN and they trusted thier students. We should not take advantage of this, etc. etc. (The entire speech is beyond the scope of this book.) She changed our password and we went back to work.
I called Bond aside and asked him "What was all that about some package?"
Bond giggled and told me what had happened. Somebody (possibly one of the staff) had brought some package and wanted to work on it. Since the SUPERVISOR password was not known, it was installed in CS8, which was a general account. Now it so happened that Anjum came across it and was surprised to see it installed in a general account, liable to get deleted when disk space became scarce. He decided to move it to the HACKERS account and give access from there. He also wrote a dummy program and put
it in place of the original. On the first execution, the dummy package would print a message like "Are you crazy to install this in a general account? Run again to execute." Subsequent executions would load the original file. Anjum had reasoned that the one who put there would definitely read the message.
It so happened that whoever had installed it was surprised to see the message and even more surprised to see that the program worked perfectly the second time onwards, although there was only one batch file in the directory. This strange behaviour was reported to the admin who began to search for the original files. They found it in our directory and wondered how we had copied across accounts. They checked our rights and found that we had rights everywhere. Our password was immediately changed.
Now the admin had been alerted and started checking all accounts for offending rights. If they went through all the accounts, they were sure to find out who had given HACKERS their rights. I could have removed the SUPERVISOR equivalence of DIAGS. This would keep it above suspicion but it would turn into yet another account. I might never become SUPERVISOR again. Unless the password of FOCUS is unchanged. I tried to login to FOCUS but the password had changed. Not surprising, since the password I knew was six months old. I decided against changing DIAGS. After all, they
might only be looking for rights, not equivalences. And maybe it would be better for them to find DIAGS, fix it and forget it. Otherwise, they would keep on searching, always on alert. It might cause problems if I became SUPERVISOR again. When there is no apparant security breach for a long time, people tend to become less careful.
A couple of days later Bond came and told me that he had heard the admin talking about DIAGS.
"What exactly did you hear?" I asked him.
"I overheard the admin talking. They had loaded SYSCON, I could see the screen. They said something like 'DIAGS wasn't here before...' I'm not exactly sure."
I knew that DIAGS had it's days numbered. True to my fears, they soon changed it's password. I thought that it didn't matter, since I rarely used it. A few days later, there was no account by name DIAGS. I did not feel a need for it, except on an emotional level.
I buried myself in a network game I was writing and tried to forget about DIAGS.
sensitive administrative information and SYS, which everybody had only read access anyway. I told Bond that he should delete unwanted files when real estate prices increased. Later I also told it to Spasm and Anjum.
A week later, when I logged into HACKERS, I found that the password had changed. We had a system for letting other hackers know about changed passwords. We would encrypt the new password using the old password as the key and store it in a file called NEWPASS. The file's name and location was standard, placed in the Hackers' TOOLS directory, which had read access to everybody. Thus anybody could see the encrypted password, but had to know the previous password to decrypt the new password.
I logged in to CS8, a general account for eigth semester Computer Science students and tried to decrypt the new password. I got garbage. I found out that whoever changed the password had forgotten to update NEWPASS. I looked at my watch. The time was 7:45am. I would have to wait until one of the other guys come. The hackers began to come one by one but no one knew the password. I thought I could simply login to DIAGS and fix the problem, but decided against it. We all went to the admin to request a change of password.
Bond said: "Ma'am, we can't login. One of us must have changed the password and-"
"I know. It was I who changed the password," she interrupted, "You have access to everything in the network. How did you get it?"
"Not all ma'am, all except OFFICE and SYS volumes," I wanted to clarify but I kept quiet. Better to act innocent until proven guilty beyond doubt. "What rights ma'am?" I asked with as an innocent expression as was possible.
"I checked your access rights and saw that you had rights to the entire LAN. I immedeately changed your password."
"We don't know anything about it."
"Then how did you copy that package?"
"Package? What package?" I asked, totally confused.
Bond suddenly started talking. "Ma'am, we logged in to CS8 and granted rights from there. That was how we could copy the package."
I realized that this was something I didn't know, it was better for me to remain silent and let Bond explain everything. Bond and Anjum explained how they logged into CS8, granted rights to HACKERS, logged into HACKERS, copied the package, replaced it with a dummy executable and gave Read/Open/Search rights from the copy. They clearly stated that the rights she was talking about were absolutely unneccesary to do what they had done.
"But how did you get the rights?"
"Only the supervisor can grant rights ma'am. Am I right?" I asked
"Yes."
"Then one of the people who has the password must have given it."
"But only I and one other person know the password and neither of us have done it."
"Then it obviously means that someone else has the SUPERVISOR password." I said with an air of certainity, in the manner of making a brilliant deduction.
"Impossible, there are no leaks."
"Ma'am, is there any sign of damage? Any files missing or altered?" I asked.
"Doesn't look like it, but we are checking."
"This problem has a simple solution ma'am," I said "REVOKE the offending rights and change the SUPERVISOR password. And that way everybody's happy."
She then went on to explain that they had a lot of sensitive information on the LAN and they trusted thier students. We should not take advantage of this, etc. etc. (The entire speech is beyond the scope of this book.) She changed our password and we went back to work.
I called Bond aside and asked him "What was all that about some package?"
Bond giggled and told me what had happened. Somebody (possibly one of the staff) had brought some package and wanted to work on it. Since the SUPERVISOR password was not known, it was installed in CS8, which was a general account. Now it so happened that Anjum came across it and was surprised to see it installed in a general account, liable to get deleted when disk space became scarce. He decided to move it to the HACKERS account and give access from there. He also wrote a dummy program and put
it in place of the original. On the first execution, the dummy package would print a message like "Are you crazy to install this in a general account? Run again to execute." Subsequent executions would load the original file. Anjum had reasoned that the one who put there would definitely read the message.
It so happened that whoever had installed it was surprised to see the message and even more surprised to see that the program worked perfectly the second time onwards, although there was only one batch file in the directory. This strange behaviour was reported to the admin who began to search for the original files. They found it in our directory and wondered how we had copied across accounts. They checked our rights and found that we had rights everywhere. Our password was immediately changed.
Now the admin had been alerted and started checking all accounts for offending rights. If they went through all the accounts, they were sure to find out who had given HACKERS their rights. I could have removed the SUPERVISOR equivalence of DIAGS. This would keep it above suspicion but it would turn into yet another account. I might never become SUPERVISOR again. Unless the password of FOCUS is unchanged. I tried to login to FOCUS but the password had changed. Not surprising, since the password I knew was six months old. I decided against changing DIAGS. After all, they
might only be looking for rights, not equivalences. And maybe it would be better for them to find DIAGS, fix it and forget it. Otherwise, they would keep on searching, always on alert. It might cause problems if I became SUPERVISOR again. When there is no apparant security breach for a long time, people tend to become less careful.
A couple of days later Bond came and told me that he had heard the admin talking about DIAGS.
"What exactly did you hear?" I asked him.
"I overheard the admin talking. They had loaded SYSCON, I could see the screen. They said something like 'DIAGS wasn't here before...' I'm not exactly sure."
I knew that DIAGS had it's days numbered. True to my fears, they soon changed it's password. I thought that it didn't matter, since I rarely used it. A few days later, there was no account by name DIAGS. I did not feel a need for it, except on an emotional level.
I buried myself in a network game I was writing and tried to forget about DIAGS.
Friday, December 31, 2004
Mandy
I shielded my eyes from the bright summer sun with my right hand as I walked towards the college lobby. Pat saw me and shouted out "Hi Bharath!"
"Hi Pat! How's it going? What's that in your hands?" I asked him, pointing to the box of floppy diskettes he was holding.
"That's just a game I copied from someone. It's a new kind of-", he stopped in mid-sentence, looking over my shoulder. "I'll tell you later. Mandy's coming." he said hurriedly.
"Mandy? Who?" I said and looked around. There was nobody around. Nobody that is, except a friend of mine, (whose real name I'd rather not mention) was coming towards us.
"That is Mandy!" said Pat.
"Mandy? But he is..."
"I'll explain later. Here he comes." said Pat and greeted the newcomer warmly. "Hello Mandy!"
"Did you bring it? Did you bring it?" my friend asked excitedly looking at the box of floppy diskettes Pat was holding.
"No, this is just Battle Chess. Somebody wanted it." said Pat.
"What is this Pat! You promised to bring it on saturday. It's almost a week now. You remembered to bring this game but you forgot what I wanted. You are a waste character. If I had promised something, I would have the guts to deliver it." He was obviously playing some crude psychology on Pat and Pat obviously knew it too well.
"I'll get it tonight," promised Pat.
"Coming to the centre, Bharath?" asked my friend.
"I have some work with him," said Pat. My friend walked slowly towards the computer centre.
"What work do you have with me?" I asked after he was out of earshot.
"Nothing, I simply wanted to talk."
"What's all this 'Mandy' business about?"
Pat laughed. "Don't you know what's Mandy?"
"No, what is it?"
"It's a pornographic software. Full of different..." he paused, and it seemed to me that he was grappling for the right words. "You are coming tonight, aren't you? See for yourself," he said finally.
"But why are you calling him 'Mandy'?"
"Simply. You know how horny he is. Somebody told him that I've got such and such a pornographic software. This guy started pestering me to get it. I couldn't get it on the next day and on the day after that I couldn't meet him. Then somebody borrowed it and so on. This guy is a real desperate character. He kept on pestering me and started playing psychology on me. 'You promised me. You can't get it' and so on. I thought it would be fun to make him more desperate. So I deliberately delayed it."
"And you are going to get it tonight?"
"No, I'll probably make him wait till Monday."
On Monday night Pat brought the Mandy software to the college. He told us secretly to watch our friend's face when the software was running, and that the actual software could be seen anytime, but his expression would be what's really worth watching.
We went to one of the high resolution monitors (VGA) and loaded the software. Our friend watched the entire pornographic scene with total concenteration, while Pat tried his best not to laugh.
"Look at the expression of undiluted lust on his face," he whispered to me secretly. Eyes wide open. Teeth bared. Right hand gripping a chair rather too firmly. I couldn't help feeling that Pat's description was accurate.
Now that everybody knew what Mandy was, when Pat shouted "Hey Mandy, did you like it?" quite a few heads turned. Everybody started using the name Mandy to address our friend.
Even people who didn't have the foggiest idea what 'Mandy' stood for started to address him as Mandy. Things got worse at a class party when Pat told everybody present that our friend's real name was Mandy. Until now the girls of our class were in the dark as to what the heck Mandy was. One girl whom I think Mandy fancied came and asked me: "Why do you call him Mandy?" Mandy was standing behind her making desperate attempts to catch my attention. I looked casually at him. He shook his head and brought his finger to his lips. He was shouting a mental "NO" at me. I pretended to ignore him and said "Oh that is a..." and looked at him again. He now started making desperate signs to make me understand.
"What is it, Mandy?" I asked him, pretending not to understand his signals. The girl turned round to look at him. Mandy smiled nervously.
"No, nothing... I was simply..." he said and turned away and engaged someone else in a conversation, though I felt he was still trying to listen.
"It's just a software," I continued my conversation with her.
"What kind of software?"
"Oh, - er - graphics."
"What graphics?"
I did not know what to say. "Animation," I said finally. She seemed to have sensed that there was more to it, and that I was not about to reveal any more, so she changed the topic.
A little later Mandy found Pat and said "Inspite of what I'm feeling for you, I must congratulate you. You singlehandedly changed my name."
Pat burst out laughing and I couldn't help but join him. "Don't feel bad," said Pat. "I'll make it up to you. I have got some other software for you. It's better than Mandy."
"Will you bring it today?" asked Mandy with a glint in his eyes and Pat sat down on the ground, his eyes watering, his body shaking with spasms of uncontrollable laughter. I was laughing so hard that I was clutching my stomach, unable to bear the mirth. After about a minute, the laughing subsided and Pat and I were gasping for breath.
Pat looked at Mandy and suddenly realized that Mandy was still waiting for an answer. He had another attack of hysteria while Mandy stood wondering what the heck is so funny anyway.
"Hi Pat! How's it going? What's that in your hands?" I asked him, pointing to the box of floppy diskettes he was holding.
"That's just a game I copied from someone. It's a new kind of-", he stopped in mid-sentence, looking over my shoulder. "I'll tell you later. Mandy's coming." he said hurriedly.
"Mandy? Who?" I said and looked around. There was nobody around. Nobody that is, except a friend of mine, (whose real name I'd rather not mention) was coming towards us.
"That is Mandy!" said Pat.
"Mandy? But he is..."
"I'll explain later. Here he comes." said Pat and greeted the newcomer warmly. "Hello Mandy!"
"Did you bring it? Did you bring it?" my friend asked excitedly looking at the box of floppy diskettes Pat was holding.
"No, this is just Battle Chess. Somebody wanted it." said Pat.
"What is this Pat! You promised to bring it on saturday. It's almost a week now. You remembered to bring this game but you forgot what I wanted. You are a waste character. If I had promised something, I would have the guts to deliver it." He was obviously playing some crude psychology on Pat and Pat obviously knew it too well.
"I'll get it tonight," promised Pat.
"Coming to the centre, Bharath?" asked my friend.
"I have some work with him," said Pat. My friend walked slowly towards the computer centre.
"What work do you have with me?" I asked after he was out of earshot.
"Nothing, I simply wanted to talk."
"What's all this 'Mandy' business about?"
Pat laughed. "Don't you know what's Mandy?"
"No, what is it?"
"It's a pornographic software. Full of different..." he paused, and it seemed to me that he was grappling for the right words. "You are coming tonight, aren't you? See for yourself," he said finally.
"But why are you calling him 'Mandy'?"
"Simply. You know how horny he is. Somebody told him that I've got such and such a pornographic software. This guy started pestering me to get it. I couldn't get it on the next day and on the day after that I couldn't meet him. Then somebody borrowed it and so on. This guy is a real desperate character. He kept on pestering me and started playing psychology on me. 'You promised me. You can't get it' and so on. I thought it would be fun to make him more desperate. So I deliberately delayed it."
"And you are going to get it tonight?"
"No, I'll probably make him wait till Monday."
On Monday night Pat brought the Mandy software to the college. He told us secretly to watch our friend's face when the software was running, and that the actual software could be seen anytime, but his expression would be what's really worth watching.
We went to one of the high resolution monitors (VGA) and loaded the software. Our friend watched the entire pornographic scene with total concenteration, while Pat tried his best not to laugh.
"Look at the expression of undiluted lust on his face," he whispered to me secretly. Eyes wide open. Teeth bared. Right hand gripping a chair rather too firmly. I couldn't help feeling that Pat's description was accurate.
Now that everybody knew what Mandy was, when Pat shouted "Hey Mandy, did you like it?" quite a few heads turned. Everybody started using the name Mandy to address our friend.
Even people who didn't have the foggiest idea what 'Mandy' stood for started to address him as Mandy. Things got worse at a class party when Pat told everybody present that our friend's real name was Mandy. Until now the girls of our class were in the dark as to what the heck Mandy was. One girl whom I think Mandy fancied came and asked me: "Why do you call him Mandy?" Mandy was standing behind her making desperate attempts to catch my attention. I looked casually at him. He shook his head and brought his finger to his lips. He was shouting a mental "NO" at me. I pretended to ignore him and said "Oh that is a..." and looked at him again. He now started making desperate signs to make me understand.
"What is it, Mandy?" I asked him, pretending not to understand his signals. The girl turned round to look at him. Mandy smiled nervously.
"No, nothing... I was simply..." he said and turned away and engaged someone else in a conversation, though I felt he was still trying to listen.
"It's just a software," I continued my conversation with her.
"What kind of software?"
"Oh, - er - graphics."
"What graphics?"
I did not know what to say. "Animation," I said finally. She seemed to have sensed that there was more to it, and that I was not about to reveal any more, so she changed the topic.
A little later Mandy found Pat and said "Inspite of what I'm feeling for you, I must congratulate you. You singlehandedly changed my name."
Pat burst out laughing and I couldn't help but join him. "Don't feel bad," said Pat. "I'll make it up to you. I have got some other software for you. It's better than Mandy."
"Will you bring it today?" asked Mandy with a glint in his eyes and Pat sat down on the ground, his eyes watering, his body shaking with spasms of uncontrollable laughter. I was laughing so hard that I was clutching my stomach, unable to bear the mirth. After about a minute, the laughing subsided and Pat and I were gasping for breath.
Pat looked at Mandy and suddenly realized that Mandy was still waiting for an answer. He had another attack of hysteria while Mandy stood wondering what the heck is so funny anyway.
Thursday, December 30, 2004
Root becomes me
The cold raindrops stung my face like needles as I rode on my motorcycle to the computer centre. I had to squint my eyes to prevent the piercing pain caused by the raindrops when they hit my eyes. The drops were more tolerable on my unprotected hands although it seemed as if my hands were going to pieces, broken by the merciless impact of millions of invisible liquid needles. The night wasn't very cold, a mild thirteen degrees celcius, pleasant for somebody who is walking but chillingly cold for somebody riding a bike, the wind and rain stealing the heat from the body.
My denim jacket was more a protection from the wind than the rain and the chill, against which it could offer minimal protection. The three and a half kilometer stretch from my house to the college seemed longer and more painful in the cold night, particularly because the roads were empty and I was riding alone. About a hundred yards away I could see the gates of my college, one of the doors of which was slightly open. An arch rising high above the gates proudly displayed the name of the college: Sri Jayachamarajendra College of Engineering. On either side of the gates stretched walls which marked the boundary between the campus and the street, made of concrete cast bricks held together by cement. The road I was riding on stretched from the University to the college. It was a vertical curve, going downhill from the university to Downs, the university canteen, and going up again, straight into the gates of the college. Lots of students showed off on this stretch of road, speeding on the straight stretch and screeching to a halt near Downs. In summer the Mayflower trees on either sides of the road would lay a carpet of flowers on the the road, spilling a mild fragrance to all those who cared to notice.
The guard at the gate stopped me and asked me where I was going. I told him I was going to the computer centre. He asked me for my slot card. The slot card was a small card bearing the student's photograph and the System Manager's signature on the reverse, verifying the validity of the card till the end of the calender year. I took out my card and showed it to him. He stared at the card for a moment and let me in. The night slot was a concept conceived by the System Manager, Professor Hariharan. Students had to reserve time slots on whatever machines they wanted to work on, and come at the appropriate time. Slots for all machines would generally be full until midnight, especially when project or assignment deadlines approached. After one A.M., half the machines would be bare. After two thirty A.M., only a small bunch of people would be present. These were the active members of the Hackers' Club, a bunch of students hopelessly addicted to programming.
I stopped my bike near the centre and ran up two flights of stairs. The computer centre consisted of two halls and a medium sized room, which was also a classroom. The bigger hall was divided into three compartments, the smaller middle and the larger laterals seperated by glass walls. One large partition contained the HCL system's terminals and the other contained the Kirloskar system's terminals and a variety of machines belonging to the IBM PC family, all of which were part of the Novell LAN.
In between the two was the system room, which contained the HCL machine, which ran BSD UNIX, the Kirloskar machine, which ran System V UNIX, a Novell Netware Server, two line printers and a modem, in addition to all floppies, magnetic tapes and whatever that has to have restricted access. A ten feet wide passage seperated the larger hall from the smaller one, which had some more IBM PC family machines, all diskless, all connected to the Netware server. This room was also used as a microprocessor lab and was referred to as the mu-p lab. There were tables in neat rows on the passage side of the hall, on which the microprocessor kits would be placed during the lab hours. They were empty at night and one could sleep on them if he was very sleepy or dry his jacket if it was wet. This room was not airconditioned, which was a blessing on nights such as these. The SACL room was on the same side of the passage as the mu-p lab, also not airconditioned, also containing diskless LAN nodes but these were ATs, arranged in a square, with one machine connected to a screen projector. P.G classes were held here, in addition to some special courses. Everyone came first to the SACL room, hoping to find some vacant ATs and would then go to the other rooms. I went straight to the mu-p lab, knowing fully well that the other rooms would undoubtedly be full at ten p.m. I tossed my jacket on a table and searched for an empty machine. There was one near Sarcasm. I went and sat near him, pretending to ignore him. Sarcasm looked at me and back to the screen. We worked silently for a while. People started to leave at around one a.m. and soon only four of us were present. Sarcasm started to sing a very old Hindi song in an loud, off-key, irritating voice.
"Shut up!" I said, unable to bear the torture. Sarcasm sang louder and stretched the different notes in order to irritate me more. I said with disgust: "Sarcasm, your singing is atrocious."
"You are jealous," said Sarcasm and continued with his crooning. Sarcasm was usually extremely irritating. He would make sarcastic remarks at whatever anyone said or did and would love to find a base motive for any action. He would laugh at anything and try to embarrass people as much as possible. He had the least confidence in anybody and doubted every seemingly altruistic deed. He would do his best to make people around him uncomfortable. This was why I liked being with him so much. He was the ultimate endurance test for me and I had improved my patience and forbearance by being in his company. In the begining I had to exert some effort to prevent myself from killing him, but now I could take anything he said or did without any effort at all. The only exception perhaps was his singing, which was intolerable to any civilized creature. If he sang, I would get my revenge by riding fast the next time he sat behind me on my bike. Sarcasm would panic, sure that he would die and plead me to slow down. I would make him promise never to sing in my presence before slowing down.
I attempted to work despite his singing, which was sheer torture. I got up to go to the Kirloskar room. Sarcasm tasted victory and broke into mocking laughter. He exaggerated whatever laughter that came naturally, trying diligently to be as insulting as possible.
The Kirloskar room had two ATs between many XTs, each at one end of the wall beside the passage. The wall had large glass windows, enabling a clear view of the passage. As I went in, I saw the Wipro AT near the door, the wheels of the black chair in front of it creaking, indicating that it had just been emptied. The cursor after the prompt was blinking patiently, waiting for a hand to hit the keyboard, giving it energy to come alive. I sat on the machine and worked for a while, until I finished the current project. I decided to relax for a while, take time to explore the system, discover new things and have fun in general.
I looked at my watch. Three a.m. - time for some fun. I always spared some time to explore the system. Learning something new every day had something to do with the 'high' of computer science. Let's see, what could I try today? I remembered the AutoCad classes that were going on in the SACL room. I logged into the account 'ACAD', in order to work on AutoCad. I had used it, but I wasn't an expert. Whereas most software was available by mapping thier directories as drives, some like AutoCad had seperate accounts. One had to login as ACAD to access it. Usually there were no passwords, or the password would be the login name itself. I tried different features of AutoCad, which was a pain without a mouse. The admin connected mice to the machines just before the ACAD classes began and took them off immedeately after. They rightly feared that students would pocket the mice if they were left on the desktops. After playing for a while on AutoCad, I logged out.
I wanted to check out FOCUS, another software that was accessible through an account. I had heard that FOCUS was a 4GL and all that but had never seen it. I tried logging into FOCUS, hoping to fool around with it and learn something. The system asked for a password. I tried the login name itself, which worked. I had logged in successfully. However instead of the expected F:\FOCUS path, I saw K:\DATABASE on the screen, staring at me. This made me wonder what could be in F: drive? I changed to F: drive and the prompt F:\LOGIN greeted me. I was in the LOGIN directory! I checked the directory to make sure. I saw the files belonging to the LOGIN directory, confirming my suspicions. I also saw some data files, which were similar to the ones in the K: drive. I found that strange. How could the guys who use FOCUS possibly create files in this directory? How did they get the rights? I ran the RIGHTS command, which lists what rights one has in the current directory, and saw that I had all rights to this area. A doubt surfaced in my mind: Is this the same LOGIN directory or a copy? To find out, I opened a dummy file in the directory and logged out. I ran the DIR command, which should list the dummy file along with the others if the directory wasn't a copy, and saw that FOCUS indeed had rights to the login directory.
This was dangerous. There was always the possibility of some maniac finding out about this and altering or deleting the contents of the LOGIN directory. I logged in to FOCUS again and entered GRANT ROS ONLY TO FOCUS on the command line. This should give only read files, open files, and search directory rights. The new rights would not be enforced until I logged in again, so I had to logout and login again. I executed the RIGHTS command to check if the new rights were in place. I still had all the rights! "Maybe, the GRANT command is not working," I thought and loaded SYSCON to change the rights. You can do a lot of things with SYSCON, even if you were not the SUPERVISOR. It was a menu driven, user friendly software which was generally used by the admin to control the lives of the lesser mortals in their Cyberspace. They would control what accounts could login from what terminals during what time of the day. They could control what files you could see in what directories and what you could do there. I would occaisonally select 'User Information' from the main menu and fool around with different sub-menus. This time I selected TRUSTEE DIRECTORY ASSIGNMENTS of FOCUS. There was the login directory with ROS next to it. So FOCUS had only read, open and search! I exited SYSCON and sucessfully created and deleted a dummy file. I found it strange that I had all
rights inspite of the fact that SYSCON reported only read, open and search. I soon discovered that I had rights everywhere in the system. I could not understand what the heck was going on. FOCUS apparently had SUPERVISOR powers. I loaded SYSCON again to check if I could fool around with the SUPERVISOR OPTIONS in it. I discovered that I could easily do everything I wanted to. There was something different about this account that made it omnipotent. I had to find out what it was. I loaded SYSCON and proceeded to make a thorough check of FOCUS. Under SECURITY EQUIVILENCES, I saw the entry SUPERVISOR. I instantly realized that for all practical purposes, I was the SUPERVISOR as long as I could login to FOCUS. But the users of this account might change the password, so I had to create another account and give it SUPERVISOR equivalence.
I created an account called DIAGS and gave it SUPERVISOR equivalence. I had a vague reasoning that a name like DIAGS would evoke the least suspicion if it was found to have SUPERVISOR equivalence. I also created a non-supervisor equivalent account called FRAC, which mapped straight into the HACKERS directory.
I used DIAGS to fix all the little problems that had creeped into the system. Somebody had modified a NetWare API file, nit.h. The line
#include was replaced with
#include.
This meant that we had to assign the drive mappings carefully so that the C compiler mapped to the T: drive. I fixed this problem by removing the t:. I also set some default options in different software to ones which were more useful to the students, like autoindent in editors.
After doing all these, I felt that I should flex my SUPERVISOR muscles. Not too often, of course not, but I had to get some thrills out of this. As I was wondering what to do, one of the system overseers came to a machine that was six terminals to the left of mine. This particular
guy evoked the most intense hatred among the students. He was snoopy, asked unnecessary questions, irritated everybody and acted as if he was doing us a favour by letting us work. The most noticiable feature about this person was his irritating voice which sounded like an amalgamation of a crow's cry and the screeching of brakes. He would find intense pleasure in ordering people to logout for all kinds of reasons and tell them to come after an hour or so. People like these actually serve a very important purpose in any organization by directing hate towards themselves. This eases tensions among the student population, uniting them against a common enemy. One of the prime forces in the creation of hackers are these wonderful people, who spur students to learn, albeit to beat the tyrannical overseers. Personally, if I were to open an educational centre, I would employ this man, paying him double of whatever he was getting here since I was sure that he would be a motivation for the students to excel.
I logged into his account, wondering what trick I could play on him. How about some confusing message as soon as he logs in? How about logging him out after so much time? Delete some files? I looked at his files. Fibonnacci series and quadratic equations in FORTRAN. But I could not bring myself to delete any. Not only didn't I have the heart to do it, I didn't wan't him to suspect anything. I decided to remove his password instead. I logged into DIAGS, removed his password and logged out. I then logged into HACKERS, the account used by the members of the Hackers' Club, and opened some file, pretending to edit it. Meanwhile our man logged into his account and was surprised to see that it did not ask for a password! He stared at the screen blankly. He turned slowly and looked at me suspiciously. I was looking at him from the corner of my eye and as soon as he turned towards me, I started typing, pretending to be absorbed in my program.
In our college, students were given excercise programs to write, usually identical. Generally students would write programs, compile, execute and forget about them, which would lead to a large collection of unwanted files of the type *.OBJ, *.EXE and *.BAK. Space would soon fill up and there would be real estate constraints, notably during compilation. I had previously written a mass file deletion utility called RM, which had a powerful recurse option. I ran RM to remove these unwanted files every now and then. Small and subtle changes like these made the network run smoothly. People hardly noticed these changes however, and nobody suspected that somebody else had become SUPERVISOR.
My denim jacket was more a protection from the wind than the rain and the chill, against which it could offer minimal protection. The three and a half kilometer stretch from my house to the college seemed longer and more painful in the cold night, particularly because the roads were empty and I was riding alone. About a hundred yards away I could see the gates of my college, one of the doors of which was slightly open. An arch rising high above the gates proudly displayed the name of the college: Sri Jayachamarajendra College of Engineering. On either side of the gates stretched walls which marked the boundary between the campus and the street, made of concrete cast bricks held together by cement. The road I was riding on stretched from the University to the college. It was a vertical curve, going downhill from the university to Downs, the university canteen, and going up again, straight into the gates of the college. Lots of students showed off on this stretch of road, speeding on the straight stretch and screeching to a halt near Downs. In summer the Mayflower trees on either sides of the road would lay a carpet of flowers on the the road, spilling a mild fragrance to all those who cared to notice.
The guard at the gate stopped me and asked me where I was going. I told him I was going to the computer centre. He asked me for my slot card. The slot card was a small card bearing the student's photograph and the System Manager's signature on the reverse, verifying the validity of the card till the end of the calender year. I took out my card and showed it to him. He stared at the card for a moment and let me in. The night slot was a concept conceived by the System Manager, Professor Hariharan. Students had to reserve time slots on whatever machines they wanted to work on, and come at the appropriate time. Slots for all machines would generally be full until midnight, especially when project or assignment deadlines approached. After one A.M., half the machines would be bare. After two thirty A.M., only a small bunch of people would be present. These were the active members of the Hackers' Club, a bunch of students hopelessly addicted to programming.
I stopped my bike near the centre and ran up two flights of stairs. The computer centre consisted of two halls and a medium sized room, which was also a classroom. The bigger hall was divided into three compartments, the smaller middle and the larger laterals seperated by glass walls. One large partition contained the HCL system's terminals and the other contained the Kirloskar system's terminals and a variety of machines belonging to the IBM PC family, all of which were part of the Novell LAN.
In between the two was the system room, which contained the HCL machine, which ran BSD UNIX, the Kirloskar machine, which ran System V UNIX, a Novell Netware Server, two line printers and a modem, in addition to all floppies, magnetic tapes and whatever that has to have restricted access. A ten feet wide passage seperated the larger hall from the smaller one, which had some more IBM PC family machines, all diskless, all connected to the Netware server. This room was also used as a microprocessor lab and was referred to as the mu-p lab. There were tables in neat rows on the passage side of the hall, on which the microprocessor kits would be placed during the lab hours. They were empty at night and one could sleep on them if he was very sleepy or dry his jacket if it was wet. This room was not airconditioned, which was a blessing on nights such as these. The SACL room was on the same side of the passage as the mu-p lab, also not airconditioned, also containing diskless LAN nodes but these were ATs, arranged in a square, with one machine connected to a screen projector. P.G classes were held here, in addition to some special courses. Everyone came first to the SACL room, hoping to find some vacant ATs and would then go to the other rooms. I went straight to the mu-p lab, knowing fully well that the other rooms would undoubtedly be full at ten p.m. I tossed my jacket on a table and searched for an empty machine. There was one near Sarcasm. I went and sat near him, pretending to ignore him. Sarcasm looked at me and back to the screen. We worked silently for a while. People started to leave at around one a.m. and soon only four of us were present. Sarcasm started to sing a very old Hindi song in an loud, off-key, irritating voice.
"Shut up!" I said, unable to bear the torture. Sarcasm sang louder and stretched the different notes in order to irritate me more. I said with disgust: "Sarcasm, your singing is atrocious."
"You are jealous," said Sarcasm and continued with his crooning. Sarcasm was usually extremely irritating. He would make sarcastic remarks at whatever anyone said or did and would love to find a base motive for any action. He would laugh at anything and try to embarrass people as much as possible. He had the least confidence in anybody and doubted every seemingly altruistic deed. He would do his best to make people around him uncomfortable. This was why I liked being with him so much. He was the ultimate endurance test for me and I had improved my patience and forbearance by being in his company. In the begining I had to exert some effort to prevent myself from killing him, but now I could take anything he said or did without any effort at all. The only exception perhaps was his singing, which was intolerable to any civilized creature. If he sang, I would get my revenge by riding fast the next time he sat behind me on my bike. Sarcasm would panic, sure that he would die and plead me to slow down. I would make him promise never to sing in my presence before slowing down.
I attempted to work despite his singing, which was sheer torture. I got up to go to the Kirloskar room. Sarcasm tasted victory and broke into mocking laughter. He exaggerated whatever laughter that came naturally, trying diligently to be as insulting as possible.
The Kirloskar room had two ATs between many XTs, each at one end of the wall beside the passage. The wall had large glass windows, enabling a clear view of the passage. As I went in, I saw the Wipro AT near the door, the wheels of the black chair in front of it creaking, indicating that it had just been emptied. The cursor after the prompt was blinking patiently, waiting for a hand to hit the keyboard, giving it energy to come alive. I sat on the machine and worked for a while, until I finished the current project. I decided to relax for a while, take time to explore the system, discover new things and have fun in general.
I looked at my watch. Three a.m. - time for some fun. I always spared some time to explore the system. Learning something new every day had something to do with the 'high' of computer science. Let's see, what could I try today? I remembered the AutoCad classes that were going on in the SACL room. I logged into the account 'ACAD', in order to work on AutoCad. I had used it, but I wasn't an expert. Whereas most software was available by mapping thier directories as drives, some like AutoCad had seperate accounts. One had to login as ACAD to access it. Usually there were no passwords, or the password would be the login name itself. I tried different features of AutoCad, which was a pain without a mouse. The admin connected mice to the machines just before the ACAD classes began and took them off immedeately after. They rightly feared that students would pocket the mice if they were left on the desktops. After playing for a while on AutoCad, I logged out.
I wanted to check out FOCUS, another software that was accessible through an account. I had heard that FOCUS was a 4GL and all that but had never seen it. I tried logging into FOCUS, hoping to fool around with it and learn something. The system asked for a password. I tried the login name itself, which worked. I had logged in successfully. However instead of the expected F:\FOCUS path, I saw K:\DATABASE on the screen, staring at me. This made me wonder what could be in F: drive? I changed to F: drive and the prompt F:\LOGIN greeted me. I was in the LOGIN directory! I checked the directory to make sure. I saw the files belonging to the LOGIN directory, confirming my suspicions. I also saw some data files, which were similar to the ones in the K: drive. I found that strange. How could the guys who use FOCUS possibly create files in this directory? How did they get the rights? I ran the RIGHTS command, which lists what rights one has in the current directory, and saw that I had all rights to this area. A doubt surfaced in my mind: Is this the same LOGIN directory or a copy? To find out, I opened a dummy file in the directory and logged out. I ran the DIR command, which should list the dummy file along with the others if the directory wasn't a copy, and saw that FOCUS indeed had rights to the login directory.
This was dangerous. There was always the possibility of some maniac finding out about this and altering or deleting the contents of the LOGIN directory. I logged in to FOCUS again and entered GRANT ROS ONLY TO FOCUS on the command line. This should give only read files, open files, and search directory rights. The new rights would not be enforced until I logged in again, so I had to logout and login again. I executed the RIGHTS command to check if the new rights were in place. I still had all the rights! "Maybe, the GRANT command is not working," I thought and loaded SYSCON to change the rights. You can do a lot of things with SYSCON, even if you were not the SUPERVISOR. It was a menu driven, user friendly software which was generally used by the admin to control the lives of the lesser mortals in their Cyberspace. They would control what accounts could login from what terminals during what time of the day. They could control what files you could see in what directories and what you could do there. I would occaisonally select 'User Information' from the main menu and fool around with different sub-menus. This time I selected TRUSTEE DIRECTORY ASSIGNMENTS of FOCUS. There was the login directory with ROS next to it. So FOCUS had only read, open and search! I exited SYSCON and sucessfully created and deleted a dummy file. I found it strange that I had all
rights inspite of the fact that SYSCON reported only read, open and search. I soon discovered that I had rights everywhere in the system. I could not understand what the heck was going on. FOCUS apparently had SUPERVISOR powers. I loaded SYSCON again to check if I could fool around with the SUPERVISOR OPTIONS in it. I discovered that I could easily do everything I wanted to. There was something different about this account that made it omnipotent. I had to find out what it was. I loaded SYSCON and proceeded to make a thorough check of FOCUS. Under SECURITY EQUIVILENCES, I saw the entry SUPERVISOR. I instantly realized that for all practical purposes, I was the SUPERVISOR as long as I could login to FOCUS. But the users of this account might change the password, so I had to create another account and give it SUPERVISOR equivalence.
I created an account called DIAGS and gave it SUPERVISOR equivalence. I had a vague reasoning that a name like DIAGS would evoke the least suspicion if it was found to have SUPERVISOR equivalence. I also created a non-supervisor equivalent account called FRAC, which mapped straight into the HACKERS directory.
I used DIAGS to fix all the little problems that had creeped into the system. Somebody had modified a NetWare API file, nit.h. The line
#include
#include
This meant that we had to assign the drive mappings carefully so that the C compiler mapped to the T: drive. I fixed this problem by removing the t:. I also set some default options in different software to ones which were more useful to the students, like autoindent in editors.
After doing all these, I felt that I should flex my SUPERVISOR muscles. Not too often, of course not, but I had to get some thrills out of this. As I was wondering what to do, one of the system overseers came to a machine that was six terminals to the left of mine. This particular
guy evoked the most intense hatred among the students. He was snoopy, asked unnecessary questions, irritated everybody and acted as if he was doing us a favour by letting us work. The most noticiable feature about this person was his irritating voice which sounded like an amalgamation of a crow's cry and the screeching of brakes. He would find intense pleasure in ordering people to logout for all kinds of reasons and tell them to come after an hour or so. People like these actually serve a very important purpose in any organization by directing hate towards themselves. This eases tensions among the student population, uniting them against a common enemy. One of the prime forces in the creation of hackers are these wonderful people, who spur students to learn, albeit to beat the tyrannical overseers. Personally, if I were to open an educational centre, I would employ this man, paying him double of whatever he was getting here since I was sure that he would be a motivation for the students to excel.
I logged into his account, wondering what trick I could play on him. How about some confusing message as soon as he logs in? How about logging him out after so much time? Delete some files? I looked at his files. Fibonnacci series and quadratic equations in FORTRAN. But I could not bring myself to delete any. Not only didn't I have the heart to do it, I didn't wan't him to suspect anything. I decided to remove his password instead. I logged into DIAGS, removed his password and logged out. I then logged into HACKERS, the account used by the members of the Hackers' Club, and opened some file, pretending to edit it. Meanwhile our man logged into his account and was surprised to see that it did not ask for a password! He stared at the screen blankly. He turned slowly and looked at me suspiciously. I was looking at him from the corner of my eye and as soon as he turned towards me, I started typing, pretending to be absorbed in my program.
In our college, students were given excercise programs to write, usually identical. Generally students would write programs, compile, execute and forget about them, which would lead to a large collection of unwanted files of the type *.OBJ, *.EXE and *.BAK. Space would soon fill up and there would be real estate constraints, notably during compilation. I had previously written a mass file deletion utility called RM, which had a powerful recurse option. I ran RM to remove these unwanted files every now and then. Small and subtle changes like these made the network run smoothly. People hardly noticed these changes however, and nobody suspected that somebody else had become SUPERVISOR.
Saturday, November 20, 2004
Prologue
Spasm usually leaves at around 2:30am but today he stayed well until dawn. We were working on adjacent machines, our eyes tired, but minds still alert. I finished and saved my work.
"Coming Spasm?" I asked him.
"Just a moment," he said. I waited. After about five minutes, he was done and shut the machine.
"Let's go have some tea," he suggested. We walked silently down the stairs and towards the college gates.
"Spasm, how secure are the systems here? I mean, how difficult would it be to be supervisor on one of our systems?" I asked. Spasm stopped in his tracks, looked at me for a moment and started walking again.
"I don't know," he said. "Maybe it's possible to crack them. Why do you ask?"
"I'll tell you a story. Last week, my house keys were missing. I must have dropped them somewhere, or maybe I had walked out without getting them. I went to the city and started looking around for a locksmith. I finally found one who would make a 'house call.' He showed me a few stubs and asked me which one resembled my key. I selected one which seemed appropriate. He agreed to come with me on the condition that I drop him back on my motorcycle. I agreed and took him home.
"I looked at my watch as I intended to time him. He inserted a key stub in the lock, tried to turn it in both directions, took it out and looked at the marks. He began filing it and had a new key ready in one minute and fifty seven seconds." I paused for effect.
"I pointed out jokingly that he would be rich if he robbed a bank. He must have sensed that I was pleased with his work, for he demanded an exhorbitant price. I paid it, on the condition that he give me some key stubs. After he had left, I bought a file and proceeded to try a hand at
the locksmith's job. I inserted the stub in the lock and tried to read the marks. I could not make out any. I rubbed the surfaces of the stub with a candle and tried again. This time the marks were easily distinguishable. I jammed the key stub between two bricks and started filing it. I was clumsy and the stub slipped many times. It took me half an hour to make a key which opened the lock smoothly. I did this every day for a week until I had used up all the stubs. I can now crack the lock in five minutes.
"If someone wants to break into a house, it's that easy. We think we are secure. We tell ourselves we are secure. Locks don't protect us. But we believe in our illusions ... until it's too late. It's the same story in the computer world. We think that passwords protect our accounts, but they don't. If you want to, you can crack the toughest system with the minimum skill. You just have to look for a loophole."
"What do you mean by loophole?"
"You have to know what are the illusions of security in the system. Then proceed to circumvent it."
"Do you mean to say that, without any esoteric knowledge it is possible to crack a system, provided you know what are the assumptions behind it's design?"
"And the way it is enforced."
"I find that preposterous. It's easy to make speeches on computer security, inflation and violence in the movies. If cracking a system is that easy, why don't people crack systems everyday? Why do people believe in security systems at all?"
"People do crack systems everyday, you find 'how to' stuff all over the internet. Some of them dont announce thire findings. And those who can't are the ones that share the illusions of the general public. People can crack systems not because they defeat the concepts that are thought
of, but because they circumvent the assumptions behind them.
"Have you seen the system locks on some machines? People think that they can lock thier machines and go away. But they forget that most computer cabinets being mass produced, have identical locks. One key opens all of them. But even if you don't have a key, all you have to do is open the cabinet, trace the wires and pull the jumper off the motherboard. The system is open. The system lock is the concept. The assumption is that nobody will think of opening the cabinet. And what about the BIOS password? It's stored in the CMOS memory and kept alive by the battery. Discharge the battery and the password is gone. The BIOS password is the concept. The assumption is that no one will think of discharging the battery."
We sat down on one of the benches scattered carelessly around the trees near the university canteen. We ordered tea and drank silently. Spasm seemed to be thinking.
"So according to you, if we pick a system and apply your theory, we should be able crack it easily?" he asked.
"Yes, it might take some time, though. We might have to write some programs." I replied. We paid for the tea and walked back.
"Let's try the Kirloskar system. But not now, we need sleep. After classes, I'll meet you around 1:30."
Spasm was already in the lab when I got there. I came and sat near him. He was looking at the '/etc/passwd' file, which contains various information about the users of the system.
"What are you looking for? Trying to figure out how to decrypt the password?" I asked.
"No, I'm looking at the user-ids. The root has a user-id of zero, you know, and other accounts which have a user-id of zero will automatically be superuser equivalent. I'm searching for an account with user-id of zero and no password."
"I doubt that you will find one."
"I have, actually, but it is 'shutdown'. If I log into it, the system will halt. And I don't want to go through what happened to Nani."
"What happened to Nani?"
"Nani was generally exploring the system one day. Not here, on the HCL system." He pointed to the other side of the glass cage. "He was executing the commands in '/bin', '/usr/bin', '/etc' and '/etc/bin'- trying to learn more about the system, you know. He saw 'shutdown' and wondered what it was. He executed it. It printed something like 'shutdown in 30 minutes.' on all terminals. Remember, we used to play pranks by writing such messages on each other's terminals? Everybody thought it was a tasteless prank and ignored it. The messages kept coming every so many minutes. Soon it said 'shutdown in 2 minutes'. Nani panicked and left the room. Two minutes later, the system shut down. Nobody had saved thier precious work - they were doing COBOL, you know how lengthy COBOL programs are - and there was total pandemonium. The systems manager was called. He executed 'lastcomm', which lists all previously executed commands, and filtered the lines containing 'shutdown' using the 'grep' program. And he found out Nani was responsible. Nani had been caught playing 'hangman' the previous
week and, you can guess what must have been done to him."
"Shutdown is a command on HCL. Why is it an account here?" I asked Spasm. Spasm shelled out from the editor and ran the manual program to learn more about 'shutdown'. We saw that some parameters had to be passed to the shutdown program and we deduced that it was being done through the login script, apparently so that unskilled lab personnel could shutdown the system if need be.
"If only we could login without executing the login script," I said.
"Wait a minute!" exclaimed Spasm. "Su! su!! su doesn't execute the login script!" Spasm typed 'su shutdown' and pressed RETURN. The '#' prompt appeared on the screen indicating that we were superuser. We had cracked the system!
We looked around us. There were some students working on the system we had just cracked. The freshmen were looking around carefully before entering the password. "They obviously think they are safe," remarked Spasm.
"What's all the commotion about?" asked a voice to my left. It was Kid, a close friend. I hadn't noticed him come in.
"We cracked the system," I said in a low voice. "Shutdown doesn't have a password and it's user-id is zero."
Kid proceeded to type 'login shutdown'. "Wait! Wait! You'll shut the system down. Are you crazy?" I noticed a tinge of panic in my voice. But it was too late. He had pressed RETURN. I sighed, shut my eyes and hoped the admin wouldn't be too cruel to Kid. When I opened my eyes I saw a terse message: 'Not on system console.' on his terminal. On the next line was the '#' symbol. Kid's countanance stated with arrogant confidence that nothing unpleasant could happen to him. This was one difference between HCL and Kirloskar systems that I really appreciated.
"I must meditate on this concept for a while," said Spasm. "See you in the evening. Spasm didn't tell me that he planned to crack the HCL system. I didn't tell him that I planned to crack the Novell LAN.
"Coming Spasm?" I asked him.
"Just a moment," he said. I waited. After about five minutes, he was done and shut the machine.
"Let's go have some tea," he suggested. We walked silently down the stairs and towards the college gates.
"Spasm, how secure are the systems here? I mean, how difficult would it be to be supervisor on one of our systems?" I asked. Spasm stopped in his tracks, looked at me for a moment and started walking again.
"I don't know," he said. "Maybe it's possible to crack them. Why do you ask?"
"I'll tell you a story. Last week, my house keys were missing. I must have dropped them somewhere, or maybe I had walked out without getting them. I went to the city and started looking around for a locksmith. I finally found one who would make a 'house call.' He showed me a few stubs and asked me which one resembled my key. I selected one which seemed appropriate. He agreed to come with me on the condition that I drop him back on my motorcycle. I agreed and took him home.
"I looked at my watch as I intended to time him. He inserted a key stub in the lock, tried to turn it in both directions, took it out and looked at the marks. He began filing it and had a new key ready in one minute and fifty seven seconds." I paused for effect.
"I pointed out jokingly that he would be rich if he robbed a bank. He must have sensed that I was pleased with his work, for he demanded an exhorbitant price. I paid it, on the condition that he give me some key stubs. After he had left, I bought a file and proceeded to try a hand at
the locksmith's job. I inserted the stub in the lock and tried to read the marks. I could not make out any. I rubbed the surfaces of the stub with a candle and tried again. This time the marks were easily distinguishable. I jammed the key stub between two bricks and started filing it. I was clumsy and the stub slipped many times. It took me half an hour to make a key which opened the lock smoothly. I did this every day for a week until I had used up all the stubs. I can now crack the lock in five minutes.
"If someone wants to break into a house, it's that easy. We think we are secure. We tell ourselves we are secure. Locks don't protect us. But we believe in our illusions ... until it's too late. It's the same story in the computer world. We think that passwords protect our accounts, but they don't. If you want to, you can crack the toughest system with the minimum skill. You just have to look for a loophole."
"What do you mean by loophole?"
"You have to know what are the illusions of security in the system. Then proceed to circumvent it."
"Do you mean to say that, without any esoteric knowledge it is possible to crack a system, provided you know what are the assumptions behind it's design?"
"And the way it is enforced."
"I find that preposterous. It's easy to make speeches on computer security, inflation and violence in the movies. If cracking a system is that easy, why don't people crack systems everyday? Why do people believe in security systems at all?"
"People do crack systems everyday, you find 'how to' stuff all over the internet. Some of them dont announce thire findings. And those who can't are the ones that share the illusions of the general public. People can crack systems not because they defeat the concepts that are thought
of, but because they circumvent the assumptions behind them.
"Have you seen the system locks on some machines? People think that they can lock thier machines and go away. But they forget that most computer cabinets being mass produced, have identical locks. One key opens all of them. But even if you don't have a key, all you have to do is open the cabinet, trace the wires and pull the jumper off the motherboard. The system is open. The system lock is the concept. The assumption is that nobody will think of opening the cabinet. And what about the BIOS password? It's stored in the CMOS memory and kept alive by the battery. Discharge the battery and the password is gone. The BIOS password is the concept. The assumption is that no one will think of discharging the battery."
We sat down on one of the benches scattered carelessly around the trees near the university canteen. We ordered tea and drank silently. Spasm seemed to be thinking.
"So according to you, if we pick a system and apply your theory, we should be able crack it easily?" he asked.
"Yes, it might take some time, though. We might have to write some programs." I replied. We paid for the tea and walked back.
"Let's try the Kirloskar system. But not now, we need sleep. After classes, I'll meet you around 1:30."
Spasm was already in the lab when I got there. I came and sat near him. He was looking at the '/etc/passwd' file, which contains various information about the users of the system.
"What are you looking for? Trying to figure out how to decrypt the password?" I asked.
"No, I'm looking at the user-ids. The root has a user-id of zero, you know, and other accounts which have a user-id of zero will automatically be superuser equivalent. I'm searching for an account with user-id of zero and no password."
"I doubt that you will find one."
"I have, actually, but it is 'shutdown'. If I log into it, the system will halt. And I don't want to go through what happened to Nani."
"What happened to Nani?"
"Nani was generally exploring the system one day. Not here, on the HCL system." He pointed to the other side of the glass cage. "He was executing the commands in '/bin', '/usr/bin', '/etc' and '/etc/bin'- trying to learn more about the system, you know. He saw 'shutdown' and wondered what it was. He executed it. It printed something like 'shutdown in 30 minutes.' on all terminals. Remember, we used to play pranks by writing such messages on each other's terminals? Everybody thought it was a tasteless prank and ignored it. The messages kept coming every so many minutes. Soon it said 'shutdown in 2 minutes'. Nani panicked and left the room. Two minutes later, the system shut down. Nobody had saved thier precious work - they were doing COBOL, you know how lengthy COBOL programs are - and there was total pandemonium. The systems manager was called. He executed 'lastcomm', which lists all previously executed commands, and filtered the lines containing 'shutdown' using the 'grep' program. And he found out Nani was responsible. Nani had been caught playing 'hangman' the previous
week and, you can guess what must have been done to him."
"Shutdown is a command on HCL. Why is it an account here?" I asked Spasm. Spasm shelled out from the editor and ran the manual program to learn more about 'shutdown'. We saw that some parameters had to be passed to the shutdown program and we deduced that it was being done through the login script, apparently so that unskilled lab personnel could shutdown the system if need be.
"If only we could login without executing the login script," I said.
"Wait a minute!" exclaimed Spasm. "Su! su!! su doesn't execute the login script!" Spasm typed 'su shutdown' and pressed RETURN. The '#' prompt appeared on the screen indicating that we were superuser. We had cracked the system!
We looked around us. There were some students working on the system we had just cracked. The freshmen were looking around carefully before entering the password. "They obviously think they are safe," remarked Spasm.
"What's all the commotion about?" asked a voice to my left. It was Kid, a close friend. I hadn't noticed him come in.
"We cracked the system," I said in a low voice. "Shutdown doesn't have a password and it's user-id is zero."
Kid proceeded to type 'login shutdown'. "Wait! Wait! You'll shut the system down. Are you crazy?" I noticed a tinge of panic in my voice. But it was too late. He had pressed RETURN. I sighed, shut my eyes and hoped the admin wouldn't be too cruel to Kid. When I opened my eyes I saw a terse message: 'Not on system console.' on his terminal. On the next line was the '#' symbol. Kid's countanance stated with arrogant confidence that nothing unpleasant could happen to him. This was one difference between HCL and Kirloskar systems that I really appreciated.
"I must meditate on this concept for a while," said Spasm. "See you in the evening. Spasm didn't tell me that he planned to crack the HCL system. I didn't tell him that I planned to crack the Novell LAN.
Introduction
In a land far far away, in a time far gone by, long before copyright extended to software and way long before anti-reverse engineering and anti-hacking laws existed, a group of college students were busy dissecting software programs and viruses and probing security and other things boys are apt to do at such age. These are thier stories.
Much has changed in computer technology since then, particularly in the field of security and I personally wouldn't try any of this stuff in real life. Many of these activities may have been outlawed in your country in recent years.
This blog is likely to be full of technical details interleaved with stories from thier life. Some readers would skip one or the other.
I will try to keep everything close to the truth as possible as far as memory serves me.
Much has changed in computer technology since then, particularly in the field of security and I personally wouldn't try any of this stuff in real life. Many of these activities may have been outlawed in your country in recent years.
This blog is likely to be full of technical details interleaved with stories from thier life. Some readers would skip one or the other.
I will try to keep everything close to the truth as possible as far as memory serves me.
Subscribe to Comments [Atom]
