Black Hat Exploits of the Stupid-Easy '80s
I'm not saying there was no computer security in the 1980's but, wait... Yes. Yes I am.
There is this part of your brain called your prefrontal cortex that apparently does not fully develop until you are in your 20’s. This area is responsible for things like planning, determining consequences of actions, solving problems, and impulse control. Since it really is not fully up and running when you are a teenager, your brain substitutes another area called the amygdala, associated with emotions, impulses, aggression and instinctive behavior.
I don’t know how much of it is simplified pop science, and how much is verifiably known to be the cause of various teenage behaviors. I sure hope it is true though, because it would give me a good excuse for some of the truly dumb stuff I did when I was a teen in the late 70’s and early 80’s.
I cannot come close to claiming the title of dumbest teen decision-maker, to be clear. My nerddom back then kind of acted like a prophylactic, protecting me from many dangers like drunk-driving, unhealthy use of controlled substances, and hurting anyone or getting anyone pregnant. (And sadly, was also the only kind of prophylactic I would have had the need for in those years.)
But my nerdlike ways didn’t stop me from making other stupid decisions. For instance, my friend Dave and I were card-carrying pyromaniacs, and would come up with ideas like substituting a baggie of gasoline for the parachute in our model rocket. Which on our amygdala-teen-paper anyway sounded awesome, until we launched it and learned that the additional weight and imbalance would send it veering off into a tree in Dave’s yard where it exploded, setting the tree ablaze. Could have really used that prefrontal cortex, back then.
Luckily, as a lot of people who have been camping know, it’s pretty hard to start a lasting fire with green wood. So the tree eventually burned itself out, and we gave up on our airburst-fireball-rocket ambitions. I had a kind of charmed childhood that way; it wasn’t that I never did anything dumb or wrong, it was just that luck seemed to go my way and I fortunately never paid any serious price for my lapses in judgement.
That luck most definitely followed me into the computer world, when I continued to do dumb things, for reasons that are equally hard to explain today. The earliest ‘hack’ I can remember doing was on our high school’s PDP-8 computer, back in 1980. another friend “Jeff” and myself had the monopoly on hacking around on that machine, thanks to the school’s programming teacher Mr. Zars, who let us go down to the computer room whenever we had free time.
We were also taking a BASIC programming course with Mr. Zars as a class, but it was boring since we already knew BASIC pretty well, and preferred to do other things, like explore operating system stuff and assembly programs and such. So we concocted this plan to get out early one day, that involved creating an assembly program with a countdown timer that would halt the PDP-8 CPU a half hour into class.
This was a primitive (and by 1980, already outmoded) machine, but had a time-sharing OS on top of it, so multiple users would be affected by it going down, and we figured we would be called in to look at why, and get out of Mr. Zars’ pretty boring lecture. And there was nothing in the OS that protected the system from crashing due to a malicious user who could write assembly programs.
When the half hour mark rolled around, like clockwork Mrs. Sutton, our chain-smoking data processing lady, came up to our classroom to inform our teacher that the computer had gone down. Mr. Zars immediately looked at Jeff and I with a little smirk, and said, “Why don’t you boys go down and see what you can do.” He knew damn well it was us, and our childish attempt at deception was like the kid with crumbs all over his face shaking his head unconvincingly when asked if he knew what happened to the cookies.
It was all amygdala, with no prefrontal cortex in sight. For the most part though we left our PDP-8 alone, because it was our back yard, and as my teenage Labrador Retriever/Brittany Spaniel mix will tell you, it is much better to poop while out on a walk than in your own yard.
So much for software protections in 1970’s computers. I will mention that in addition to missing software security, data security was also laughably bad back then. Our high school computer was used to process student report cards and GPA, class rank, attendance records, contact information, and other pretty sensitive information.
But in spite of that, the PDP-8 was treated kind of like a utility device, like the school’s furnace. In fact, the duties of running the various reports and maintaining the databases was split between Mrs. Sutton, and the school’s janitor, Burt. Burt was busy doing janitor things during the day, and Mrs. Sutton was paid far too little to worry about what the kids were doing on the computer while she was punching cards, so we would just grab random RK05 disk packs from the storage area, mount them, and see what was there.
Pretty much everything I mentioned above was. I spent a lot of time just snooping, checking on whether my secret crush was doing as bad in trigonometry as I was (she wasn’t), or whether the class know-it-all really had as good a GPA as he acted like (he didn’t). In theory we could have easily also modified our grades, just like in the yet-to-come-out Wargames movie at the top of the article. I was no Mathew Broderick though, and was pretty sure I could not pull that off successfully.
I did have one potential side-hustle going that involved our school’s even-older-than-PDP-8 attendance system. This system used IBM punch cards, one per student, that got distributed to the homeroom teachers every morning. The teachers would put the cards for anyone absent into an envelope, and it would be taken down to the computer room. Then the cards were put into a card reader, and an alphabetized list of absent students with home phone numbers was created from them. That printout went to the front office, so all those parents could be called about why their kid was missing.
I had very early on wrangled my way into going to the computer room instead of home room at the start of school. Nobody cared where students were before class, as long as an adult was theoretically around to keep an eye on them, and Mrs. Sutton qualified. She did not mind at all, and in fact I was helpful to her, because I volunteered to run the attendance card decks and print the report.
And it did not require David Copperfield levels of slight-of-hand to say, leave a few cards out of the deck. When I bragged to a few of my classmates about having this ability, I suddenly went from unpopular nerd, to guy you want to know. I may or may not have enabled an unauthorized beach trip for some of the Seniors this way, but never took anything in return, and really didn’t alter the report more than once or twice. It could have been a very lucrative business though — that probably would have ended with getting suspended from school or something.
Glad I opted towards prefrontal cortex on that one, but in general my teen hacking exploits were never about money, mostly just about the challenge of trying to do something you were not meant to do. That’s probably a motivation that still resonates with hackers today - but I will say the opportunities to make money breaking into computers are much more prevalent now than they were in the 1980’s.
Bigger dumb hacking adventures were just around the corner for me though. In my junior year of high school, Jeff and I started taking a few classes at the local university, as part of a program the town school system had started to allow college-bound kids to get a head start on things. This particular university had just received a brand-new Digital VAX 11/780 computer, a powerful 32-bit system that was the start of the next generation of machines after the PDP series.
The VAX could handle a lot more terminals and users, and it was also bigger, and warranted having a climate-controlled, glass-walled and secured room, as well as a staff of (non-janitor) employees, including system operators, and a system administrator. I had enrolled in a Fortran programming course at the university, and was given an account on this machine. This was needed to complete classwork, but the access also allowed us to explore this much bigger, more sophisticated system. It was complex and relatively more secure compared to our PDP-8, and we wanted to own it. As in, we wanted to pwn it.
Our early hijinks were really just jerky annoying things we figured out how to do. Like for instance, you could change the name of a running process to include special characters, that caused the VT100 system terminals to put themselves into an infinite diagnostic loop, requiring them to be power-cycled. Every time someone did a ‘show system’ command, it would nuke their terminal. Similar exploits could be done with the line printers, which could be set so that they printed giant characters via a special print sequence, and whoever tried to print their program out ended up using like 100 sheets of paper and got a huge-letter version of it.
Things like this were largely possible because the university was actually a test site for the VAX, and its brand new operating system, VMS. And VMS Version 1.0 was very much a Beta product, with a lot of security holes, including lack of input sanitization. A much bigger hole we found though was the fact that VMS 1.0 considered logged-out terminals to be unallocated resources, and another user could allocate these terminals for their own program use.
I got this great idea to write a program that allocated an unused terminal and then emulated the login and password prompts, collected that info, gave an ‘incorrect password’ error, then deallocated the terminal back to VMS, and exited. Then I set up my program to allocate all logged-out terminals in the terminal room. This is of course a classic hack, the idea being the basis for many a Phishing scheme to come. No way was I the first to try this I am sure, but at the time I thought it was a pretty cool idea I alone had thought up.
We collected all sorts of account credentials from other students using the terminals with this program. Then one day, Dan the System Administrator came in to help someone in the terminal room who didn’t understand the login error message, and he himself tried to log in as a test. And we watched with glee from two terminals down, as we got his password. Uh oh, VMS 1.0.
Probably much like the hackers of today, the first thing we did with our newfound privileges using Dan’s account was to make sure we could continue to get access, if Dan changed his password. Which was pretty easy, because one file in his account was a clear-text list of every user login and password in the system. I am pretty sure even old VMS encrypted passwords to some degree, so this clear-text password list was not a system file or software security flaw, as much as it was a really bad IT practice. (Also worth mentioning: everyone’s assigned password was their social security number!)
With hundreds of accounts now at our disposal, we searched and found ones that no one had logged into. Probably people who had dropped their computer course, transferred, or what have you. We’d take over these, give them additional privileges, and use them to store things like copies of the password file. But unfortunately we continued not to plan much out, because I did stupid things like sending the password file to the printer, not realizing it would generate an enormous printout. The printer was kept by the IT help area next to the computer room, and someone had to hand me that printout.
Really lucky they did not notice it was full of hacked account info as they politely handed it to me. Even stupider though was, I left a copy of the password file in my home directory, and came in one day to find it missing, along with all the extra accounts we had granted system access to. Dan had gotten wise to us, and our activities which we thought were anonymous were obviously not.
I am not sure why Dan did not just shut my account down, report me to the school, or take some other more decisive action. He was probably just an underpaid grad student, to be fair. Or maybe he couldn’t figure out my full name and identity or something, but his IT skill set should have been better than Burt the janitor, and I’m pretty sure Burt would have put 2 and 2 together here.
It was a mistake though, because Jeff and I were already deep into our next scheme to hack the VAX. Certain complex program packages that were used by multiple users were kept loaded in memory, and thus ran with kernel privileges, the highest sort. These were things like stats packages (SPSS) and math analysis libraries and so on. It did not take too long to figure out how to call some function in one of these packages that executed arbitrary code in a privileged way, and boom, we were back in, again.
It was getting late in the semester at this point however, and I was wrapping up my class. My interests in exploiting our new hack were actually pretty limited, because for me it was mostly just about “can we do it?”, and we were past the point of knowing the answer. Jeff however was more hell-bent on mayhem, and on the last day of class, unleashed a swath of destruction that deleted all the system logs, and then corrupted the running kernel and kernel files, bringing down the system probably to the point where a re-install of VMS would be needed.
After that final poop in the yard, Jeff and I graduated high school, and parted ways. I lost touch with him since, but I hope he didn’t go too far down the black hat path. As for myself, I pretty much hung up my hacking hat of any sort after this… with a couple notable exceptions in college. The first of which was a cool Wargames-inspired demon-dialer project I built, the details of which I don’t want to cram in here since this post is getting long, so would be likely something I make into its own mini-story.
My very last hacking adventure (and I’m not counting the modern definition of hacking, as in writing code on the fly, hackathons, and such, just the malicious definition) was a revenge-motivated one. In my Junior year in college, my roommate Tom had been working for a consulting business that owned a VAX, and rented out time on it to customers in addition to developing their own software. They had hired Tom for a project, then shorted him out of some money, and Tom wanted some kind of payback.
He asked me if there was a way to crash their VAX for a while, since uptime was most certainly equal to money for that machine. They had also revoked his account and he had no access to the system at all anymore, but I had a long-shot idea. I had been reading Digital News and Review, an independent trade publication covering Digital Equipment Corporation.
In a recent issue, I had read an article that was intended as a security warning for owners of VAX systems, but it also got out to hackers like me who subscribed. A kind of zero-day situation, except since it was an actual print magazine, more like zero-month. The problem was that Digital shipped the VMS installations with a built-in diagnostics account, called “diagnostics”, with a password of, “diagnostics”. Since it was meant for field-service use, that account also had full access to everything.
When I was writing this above paragraph, I was about to add something like, “this is of course ridiculous by today’s standards”. But then I remembered all the wifi routers and Raspberry Pis of the world which also ship with pre-set login/passwords, that run with full permissions and which countless people never change passwords for. Maybe out of all the come-and-gone security holes I covered here, this is the one still most prevalent today.
In any event, the consulting company in question either did not read the article, or otherwise did not bother with changing the diagnostics password, and we were able to log in through that back door via my Commodore 64 modem. Applying lessons learned in the past, we made sure to create plenty of other privileged accounts, and then as a bonus, changed the main system admin password to lock out the owners. Then Tom requested that I use the string: “Death and destruction will strike everywhere!” as the immediate system shutdown message sent to all logged-in users, which I happily complied with.
It took them a while, but they eventually regained control of the system, and attempted to shore things up by resetting the admin password, and removing the diagnostics account, which I’m sure appeared in the system logs as being the originator of the unplanned shutdown. But of course, we had the other accounts, and just proceeded to do it all over again. All in all it took them maybe a week to get things back to normal, the cost of which Tom at least hoped offset his missing wages.
Maybe that story comes off as a feel-good Hollywood Revenge of the Nerds kind of thing, but I don’t want to make any excuses for my behavior here because it was dumb, and also most certainly a crime. There were not a lot of computer crime laws on the books back then but I am sure it would qualify for trespassing, breaking-and-entering, or vandalism or something along those lines, if we had been caught.
As I have written about previously, I ended up working for the very company who’s computers I so liked to hack, and helped to design several next-generation DEC systems. I am hoping in the end that my contributions to Digital were net-positive, because I would not want to risk losing my honorary Dexodus Membership over these confessions.
There is also a possibility, however small, that these hacking exploits unintentionally helped improve security, by pointing out flaws in the software and in IT procedures. I am fairly sure for instance DEC was probably consulted on the mysterious corruption of their VAX at the university VMS Beta site, and maybe figured out things like it is a bad idea to leave terminals unallocated and run software with kernel privileges that anyone can piggyback on.
If so I still can’t take any credit there, since my intentions were not exactly White Hat ones. But neither would I have self-identified back then as a Black Hat. Most of my hacking adventures were curiosity-driven, or at least, “gently destructive”, in the sense that no irreversible damage was done.
Is there a hat category for Grey? If so, I’ll take it. You know, like Gandalf and stuff.
PS: If your name is Dan and you were the sysadmin for the VAX 11/780 at University of Hartford in 1981-1982, sorry man!
Explore Further
Next Time: Is it better for your computer career to become the recognized expert in something? Or to have a more well-rounded, but less-deep portfolio of experience? An industry old-timer weighs in on it in: General Expert, Major Havoc
Enjoyed this post? Why not subscribe? Get strange and nerdy tales of computer technology, past present and future - delivered to your inbox regularly. It’s cost-free and ad-free, and you can unsubscribe any time.
The Mad Ned Memo takes subscriber privacy seriously, and does not share email addresses or other information with third parties. For more details, click here.