The year was 1999, I had befriended a strange group of friends from an IRC support channel. We all lived within 250 miles of each other and one day decided to have a gathering with about 6-7 randoms from the channel. Hilarity ensued as we played games of command and conquer, Starcraft, and Serious Sam. I was yelled at for saturating the 1.5mbps SDSL line with my webcam, streaming views to our friends who were too far to drive in. Someone else was eating aluminum soda cans. At one point one guy happened to login and said “wait you guys are having a LAN party? I’ll hop on the PATH and be right there”. Then my life changed in front of my eyes.
In walks this dude that looked like he came straight out of Hackers. We all dap up and continue talking about random nerd things. The conversation goes to cell phones and how the fcc passed this law which OP talks about. Surprise someone has a grandfathered scanner that could scan 800-900mhz. Dude that showed up starts talking about how he knows a guy that knows a guy that took his code and runs an elaborate carding net. Dude then whips out a demodulator app that he wrote that takes beeper signals from the scanner audio and decodes it to text. He tells us we can pull livery and taxi beeper codes because they text headquarters with the credit card numbers on pickups. Then his app does it. One guy holding the scanner at an angle to one of those bend/squiggly microphones that were ubiquitous in the AOL era. Modem like beeping screeching through the air. Then messages and credit card numbers start streaming through this dudes app. The entire room does a collective holy s#%^ mainly because we can’t believe this would be streaming in “broad daylight” across the Hudson.
He went on to explain how he got into hacking almost just like in the movie Hackers. Dude was brilliant and got recruited into hacking groups as a programmer when he was 13. He was writing stuff like this for 5 years. We think we had crossed paths at some point because I was deep in the demo scene and wrote patches for hacking groups.. but that day blew my mind about how security through obscurity worked and led me down a black hat path that switched to white hat in the early 2000s
Did anybody in this group go to Stevens? Because holy shit, were there ever a lot of Hackers-type characters at Stevens in the latter half of the 90s. Some of them were into MOD music and demoscene stuff, warez, and even darker things.
That and in 1999, if you were writing cracks, very few people were doing that in the demo scene at that point. The demo scene and the scene split up. In 1996 RNS started this change. By 1999 pre nets were already up, as well as top sites.
I miss the 90s. I was 12 years old in 1999, but I started disassembling code when I was 8, so as you can imagine, people online thought I was an adult with all of illegal things I did. I even broke into PayPal and bragged about it. lol embarrassing today.
That being said, I feel like back then a most vulnerabilities were so simple due to lack of foresight/security that quite a few 12-year olds with a decent understanding of computing could perform them:
I fondly remember an IIS bug which allowed you to basically 'cd' into any directory on the host machine and execute cmd.exe remotely. I believe it was as simple as the server not sanitising '..\' when written using unicode escape characters...
Even back in just 2012 I found one of our clients who had an ecommerce site came up with the "genius" idea of solving SQL injection by checking the unparsed URL for an apostrophe. Same self taught developer also decided to log the CC name, number, expiry, and CVV code for all orders instead of just storing the transaction ID from Authorize.net. There were 750,000 rows in that table when I found the SQL injection vuln.
Yah. There was a backdoor on all MS operating systems in net bios. As long as they were not behind a firewall and had not manually setup file sharing settings you could get full access / root.
All the way through the thousands there was a backdoor on OSX' remote desktop. As long as they were not behind a firewall and had not manually setup remote desktop, you could get full access as well.
And all the way through the 90s and the thousands, there was a backdoor on Motorola and Buffalo cable models, so you could remotely inject your own firmware and remotely reboot the router if you wanted. Everyone online was soldering those things to get hacked internet back then and I was just scratching my head as to why they were not using the backdoor instead.
I can go on. I haven't done anything infosec in a very long time. When I was 18 I got interested in certificate decryption and my passions took a more math heavy direction, eventually leading to quantitative finance.
edit: Oh, and to keep more on topic, regarding listening to cell phone chatter, the cell tower where I lived didn't change to digital until 2006, so in the thousands I knew you could listen in, but frankly I wasn't interested. I was more interested in making cantennas and injecting an 802.11 signal 2 miles away, decrypting their WPA. Surprisingly I did not find a single router that had a different admin password than its WPA password.
In the 90s all the way into the early thousands, to get online I had to get hacked internet, as my parents didn't really understand the internet and thought it was a fad. This may be what inspired some of the black hat stuff I did.
When analog TV's with UHF were still a thing, I could rotate the UHF dial all the way to the top of the band and just begin to hear the unencrypted analog cell phones. Crazy.
Back when i was in high school in the late 90s/early 2000s there was a website, i think called cellphonescanner (.) com that had a realmedia stream to listen to analog cell conversations around NYC and Toronto or something like that. It was great entertainment.
One of my friends who was a huge scanner fan (did you know they had their own magazine?) worked in a boring mundane part of his family's business. Most of his day was spent waiting around for two or three loads of paperwork to come in to be filed. It was a make-work type of job to keep him employed and out of trouble. What he did most of his day was listen to the scanner. Mostly police and fire calls but he did modify the scanner to pick up cell calls. Most were short but there was a two hour long call that the radio tuned to one day I was visiting. Given the price of cell calls in the mid 90s, especially during daytime, this was highly unusual.
The call was a professor at the local state university talking to a woman whose identity I was not able to determine. Almost the entire conversation was about how much he hated Palestinians. That they were subhuman and should be wiped out. I grew up in the South and had heard hateful things before but this was the first time I heard someone advocate for genocide so openly. That conversation has stuck with me ever since, making me wonder what's going on in people's minds that they keep hidden from the public.
At one point in the conversation the woman asked if he was on a cell phone and if anyone could overhear them. Despite there being no way of them knowing we were listening, it still caused my hair to stand on end. He said it was unlikely. The quality of the signal didn't waver during the call and was strong the entire time was he probably was stationary nearby. So very odd that he didn't call using a landline given the cost of such a cell call.
They routinely kill and maim palestinian teenagers with 0 consequences, so there must be a huge part of society that agrees with such ideas that they are able to do so with impunity.
Honestly I never heard anything interesting on either analog cell phones or cordless phones. Messing with drive-thru intercoms with our modified Icom W2-As was a hell of a lot more fun.
The year was 1999, I had befriended a strange group of friends from an IRC support channel. We all lived within 250 miles of each other and one day decided to have a gathering with about 6-7 randoms from the channel. Hilarity ensued as we played games of command and conquer, Starcraft, and Serious Sam. I was yelled at for saturating the 1.5mbps SDSL line with my webcam, streaming views to our friends who were too far to drive in. Someone else was eating aluminum soda cans. At one point one guy happened to login and said “wait you guys are having a LAN party? I’ll hop on the PATH and be right there”. Then my life changed in front of my eyes.
In walks this dude that looked like he came straight out of Hackers. We all dap up and continue talking about random nerd things. The conversation goes to cell phones and how the fcc passed this law which OP talks about. Surprise someone has a grandfathered scanner that could scan 800-900mhz. Dude that showed up starts talking about how he knows a guy that knows a guy that took his code and runs an elaborate carding net. Dude then whips out a demodulator app that he wrote that takes beeper signals from the scanner audio and decodes it to text. He tells us we can pull livery and taxi beeper codes because they text headquarters with the credit card numbers on pickups. Then his app does it. One guy holding the scanner at an angle to one of those bend/squiggly microphones that were ubiquitous in the AOL era. Modem like beeping screeching through the air. Then messages and credit card numbers start streaming through this dudes app. The entire room does a collective holy s#%^ mainly because we can’t believe this would be streaming in “broad daylight” across the Hudson.
He went on to explain how he got into hacking almost just like in the movie Hackers. Dude was brilliant and got recruited into hacking groups as a programmer when he was 13. He was writing stuff like this for 5 years. We think we had crossed paths at some point because I was deep in the demo scene and wrote patches for hacking groups.. but that day blew my mind about how security through obscurity worked and led me down a black hat path that switched to white hat in the early 2000s