ACOUSTIC COUPLER: A device that can be strapped directly onto the phone receiver that allows the computer to fire audio tones directly through the handset, the way we do when we speak. These are necessary when using modems and laptops on public and cordless phones.
ARPANET: Defense Department's 'Advanced Projects Agency' Network. Designed to eliminate the risk of a break down in communication between computers in the advent of nuclear war. The forerunner of the Internet.
BACK DOOR: A backdoor program can be installed by an external user and then "hidden" within the system. When unsuspecting companies coop their information to upgrade or tighten security they inadvertently copy the backdoor as well. Using the backdoor hackers can surface on higher more powerful levels of the machine.
BLUE BOX: A device which combines the abilities of an organ and recorder, it replicates the multi-frequency tones used for long-distance calling. Blue boxes are not actually blue, they are called this either 1) because the first blue box ever confiscated by phone company security happened to be blue, or 2) to distinguish them form "black boxes". Black boxes are devices, usually a resistor in a series, which, when attached to home phones, allow incoming calls to be made without charge to the caller.
BRIDGES: Illicit phone links that allow hackers to 'teleconference'.
DIAL-UP: Computer phone numbers. When you call a computer, its own modem hears the tones coming through the line and translates your hisses and beeps back into the electronic pulses the computer can understand.
DUMPSTER DIVING: The practice of searching through dumpsters in order to obtain passwords, log-ins and other useful information from large corporations.
HACKING: These days this terms connotes the unauthorized access of computers or computer systems. Back in the '60s it meant writing the best, fastest, and cleverest computer programs.
LEN: Line Equipment Number - what your actual phone number looks like in code.
OPERATION SUNDEVIL: Although used to describe the entire national hacker crackdown, strictly speaking is was confined to the Secret Service Operation in Phoenix Arizona. Ostensibly, it was an investigation into financial crimes (fraud, credit card fraud, etc.). and communication service losses headed by the Arizona assistant attorney general Gail Thackery. Much of its information was gained at SummerCon 88 where they enlisted the help of a young hacker called "the Dictator" who sat in a room bugged and under video surveillance where hackers would come and 'hang out'. Over 150 hours of videotape were recorded which consisted of little more than kids drinking coke, eating pizzas and gossiping. However the information gained convinced the authorities that they were dealing with a national conspiracy that was costing the country $50 million a year in fraud.
PBX: Private Branch Exchanges (PBX) phone systems are the new blue boxes of the digital age. They can be accessed and used to "divert" calls. The hacker makes the call but the company who owns the PBX is charged.
PHREAKING: A play on the words freak, phone and free its initial purpose was nothing more than the manipulation of the Bell Telephone system for free long distance calls.
2600: The 2600-hertz tone emitted by Bell telephones which signal that a line is idle. This tone is simply recreated by hackers by any kind of whistling device and ensures free phone calls. It is also the name of a well-known hackers journal run by Emmanuel Goldstein.
SYSMAINT: A common default used as both log-in and password, machines with this default can be accessed by typing this at the log-in. "test" and "help" are also used by hackers to gain access to systems.
SOCIAL ENGINEERING: Knowing the correct terminology in order to obtain classified information from employees over the phone. Calling someone who has access to a system and convincing them that you are a legitimate user who needs a dialup number, an account and a password. (See example at end)
WAR-DIALING: Programming a computer to try random code numbers over the telephone until one of them works. This can be very time-consuming and social engineering is therefore a preferred method of gaining access codes.
THEFT BY BROWSING: On October 2, 1986 the U.S. Senate passed the computer Fraud and Abuse act. This included a new clause titled "theft by browsing" which made illegal entry into computer systems, even if not for criminal purposes, a criminal offense.
VIRUS: A computer program that replicates itself and is capable of destroying data on 'infected' machines. A USC student Fred Cohen named these programs viruses in a paper on data damage. Cohen's work was read by Ralph Burger, a German computer system engineer who attended the Chaos Computer Club. In 1986 the Club held its annual conference with the theme "Computer Viruses". The next year Burger published a book Das Crosse-computervirenbuch which had in it a 'recipe' for a d-i-y virus. Within two years computer viruses had infected much of the world's computer network. Although they started out as harmless 'worms' viruses became an dangerous tool when their destructive capability was recognized.
V-M BOXES: Voice-Mail boxes. While PBX's may have become the blue boxes for a new generation of phone phreakers voice-mail boxes have taken over as hacker bulletin boards. Voice-mail computers operate like highly sophisticated answering machines and are often attached to a company's toll free 1-800 number. Using either social engineering, dumpster-diving or war-dialing hackers can identify a suitable 1-800 number and break into the system to take over a box or a series of boxes. V-M boxes are more secure than bulletin boards and are usually used to pass on lists of stolen codes. It was a V-M box that led to the capture of Leslie Lynn Doucette (see Hacker Hall of Fame).
The how to of Social Engineering:
Call information in a faraway town and ask for a used car dealership. Say you get Phil's Used Cars. Call and ask for the finance department. Whoever answers will be the person who uses the TRW (the computer network that houses the credit files on 170 million Americans) in order to check the credit worthiness of customers. The social engineering starts when you say for example, "Hi, my name is Philip Anderson with Compuline. We're doing few repairs on the TRW lines in your area. Have you been having any trouble with your terminal?"
Social engineering assumes that virtually everyone who works with computers has had some kind of trouble with them. Your new friend at Phil's will most likely greet you enthusiastically, thanking God you called. You proceed: "Okay, we need to check the line. Could you start up your system and talk me through this? First of all, what dial-up are you using?" He'll then give you his local dial-up for TRW. Write it down.
"Yeah, that's what I thought. Okay, when you first get in, what do you type?" The ten-character sequence he gives you is his account. There's no password. This is all you need. Write it down. Tell him you'll check out the problem and call back.
Now that you have a dial-up and an account you can call TRW from anywhere. All you need is someone's name and address and you can uncover his or her social security number, credit card numbers and credit history.
Like its more mechanical counterpart, social engineering is half business and half pleasure. It is a social game that allows the accomplished hacker to show off his/her knowledge of systems, his mastery of jargon, and especially his ability to manipulate people. It not only allows the hacker to get information; it also has the comic attractions of the old-fashioned prank phone call - fooling an adult, improvisation, cruelty.
