[o-__-o]

Not op, but fun story to share.

The year was 1999, I had befriended a strange group of friends from an IRC support channel. We all lived within 250 miles of each other and one day decided to have a gathering with about 6-7 randoms from the channel. Hilarity ensued as we played games of command and conquer, Starcraft, and Serious Sam. I was yelled at for saturating the 1.5mbps SDSL line with my webcam, streaming views to our friends who were too far to drive in. Someone else was eating aluminum soda cans. At one point one guy happened to login and said “wait you guys are having a LAN party? I’ll hop on the PATH and be right there”. Then my life changed in front of my eyes.

In walks this dude that looked like he came straight out of Hackers. We all dap up and continue talking about random nerd things. The conversation goes to cell phones and how the fcc passed this law which OP talks about. Surprise someone has a grandfathered scanner that could scan 800-900mhz. Dude that showed up starts talking about how he knows a guy that knows a guy that took his code and runs an elaborate carding net. Dude then whips out a demodulator app that he wrote that takes beeper signals from the scanner audio and decodes it to text. He tells us we can pull livery and taxi beeper codes because they text headquarters with the credit card numbers on pickups. Then his app does it. One guy holding the scanner at an angle to one of those bend/squiggly microphones that were ubiquitous in the AOL era. Modem like beeping screeching through the air. Then messages and credit card numbers start streaming through this dudes app. The entire room does a collective holy s#%^ mainly because we can’t believe this would be streaming in “broad daylight” across the Hudson.

He went on to explain how he got into hacking almost just like in the movie Hackers. Dude was brilliant and got recruited into hacking groups as a programmer when he was 13. He was writing stuff like this for 5 years. We think we had crossed paths at some point because I was deep in the demo scene and wrote patches for hacking groups.. but that day blew my mind about how security through obscurity worked and led me down a black hat path that switched to white hat in the early 2000s

[dmitryminkovsky]

> Someone else was eating aluminum soda cans

Huh?

[tomcam]

Well they had pretty much phased out steel cans by that time

[Lammy]

https://en.wikipedia.org/wiki/Pica_(disorder) maybe?

[dmitryminkovsky]

Yeah pica but can you eat an aluminum can and not die? Wouldn’t that certainly cause internal bleeding?

[Lammy]

They were probably just chewing on it

[bitwize]

Did anybody in this group go to Stevens? Because holy shit, were there ever a lot of Hackers-type characters at Stevens in the latter half of the 90s. Some of them were into MOD music and demoscene stuff, warez, and even darker things.

[gaustin]

Serious Sam didn't come out until 2001. How did you play it in 1999?

[proverbialbunny]

That and in 1999, if you were writing cracks, very few people were doing that in the demo scene at that point. The demo scene and the scene split up. In 1996 RNS started this change. By 1999 pre nets were already up, as well as top sites.

I miss the 90s. I was 12 years old in 1999, but I started disassembling code when I was 8, so as you can imagine, people online thought I was an adult with all of illegal things I did. I even broke into PayPal and bragged about it. lol embarrassing today.

[koyote]

I too miss those days...

That being said, I feel like back then a most vulnerabilities were so simple due to lack of foresight/security that quite a few 12-year olds with a decent understanding of computing could perform them:

I fondly remember an IIS bug which allowed you to basically 'cd' into any directory on the host machine and execute cmd.exe remotely. I believe it was as simple as the server not sanitising '..\' when written using unicode escape characters...

[MertsA]

Even back in just 2012 I found one of our clients who had an ecommerce site came up with the "genius" idea of solving SQL injection by checking the unparsed URL for an apostrophe. Same self taught developer also decided to log the CC name, number, expiry, and CVV code for all orders instead of just storing the transaction ID from Authorize.net. There were 750,000 rows in that table when I found the SQL injection vuln.

[proverbialbunny]

Yah. There was a backdoor on all MS operating systems in net bios. As long as they were not behind a firewall and had not manually setup file sharing settings you could get full access / root.

All the way through the thousands there was a backdoor on OSX' remote desktop. As long as they were not behind a firewall and had not manually setup remote desktop, you could get full access as well.

And all the way through the 90s and the thousands, there was a backdoor on Motorola and Buffalo cable models, so you could remotely inject your own firmware and remotely reboot the router if you wanted. Everyone online was soldering those things to get hacked internet back then and I was just scratching my head as to why they were not using the backdoor instead.

I can go on. I haven't done anything infosec in a very long time. When I was 18 I got interested in certificate decryption and my passions took a more math heavy direction, eventually leading to quantitative finance.

edit: Oh, and to keep more on topic, regarding listening to cell phone chatter, the cell tower where I lived didn't change to digital until 2006, so in the thousands I knew you could listen in, but frankly I wasn't interested. I was more interested in making cantennas and injecting an 802.11 signal 2 miles away, decrypting their WPA. Surprisingly I did not find a single router that had a different admin password than its WPA password.

In the 90s all the way into the early thousands, to get online I had to get hacked internet, as my parents didn't really understand the internet and thought it was a fad. This may be what inspired some of the black hat stuff I did.

[icedchai]

Memory fades a bit over 20+ years.

[o-__-o]

Definitely meant to say counter strike, sorry

[mypalmike]

These were some hardcore hackers.