55

His setup seems to be a telephone connected to a computer. When he dials another computer on the phone, he manages to gain access to it remotely.

The computer/phone setup

Is this a realistic situation or just something done for effect?

This video shows the technique but not the actual access being gained, as it is with the school's computer beforehand.

Mithical
  • 38,898
  • 17
  • 178
  • 229
BenjaminJB
  • 1,467
  • 3
  • 13
  • 17
  • see also: wardialing – tombull89 Sep 01 '14 at 08:53
  • I saw that, I just wondered how that allowed access to the computer because it seemed like it was for collecting data. – BenjaminJB Sep 01 '14 at 08:57
  • 75
    I'm assuming you're about 20? Anyone who used the Internet in the 90s (or earlier) had to use a modem. Before DSL and cable Internet, phone lines were the only way to connect to another computer from your home. – Plutor Sep 01 '14 at 11:07
  • 2
    Back when I started in IT modems connected via phones. And there was no internet either :-D We had newsgroups and bulletin boards – AquaAlex Sep 01 '14 at 12:10
  • 10
    John Draper http://en.wikipedia.org/wiki/John_Draper (A.K.A. Cap'n Crunch) figure out that Using a whistle from a cereal box he could drunk phones (also known as Phone Phreaking) and make free phone calls to anywhere in the world. Even the trick where David uses a soda-pop tab to make a free phone call used to work. As well as the Red Box, which imitated the sound of coins being dispensed worked up until around 1999, until Ma-bell/Bell Atlantic merged with GTE and became Verizon. So the answer is YES, it's possible to hack via "Dial-up" back then. –  Sep 01 '14 at 13:20
  • 12
    @AquaAlex (pedantry warning) There was an internet, and you connected to it. You didn't have the World Wide Web. – Joshua Taylor Sep 01 '14 at 13:28
  • 2
    @JoshuaTaylor Actually you are sort of correct :-) The WWW came much later, but we used UUCP & usenet and not internet in the beginning. I think internet only came to Africa around mid- 1990's. – AquaAlex Sep 01 '14 at 13:43
  • 3
    @AquaAlex Pedantry countered with pedantry! :) I'm reading a bit about UUCP now. Networking history really is fascinating stuff. – Joshua Taylor Sep 01 '14 at 13:51
  • 4
    @JoshuaTaylor Yep :-) And all I can say is anyone that talks about the good old days, is either too young to know how crap it was or is so old they forgot how crap it was :-D – AquaAlex Sep 01 '14 at 13:56
  • 6
    @JoshuaTaylor and before the amazing UseNet we were stuck with BBS (Bulletin board systems) and we had super fast speeds of 2400 bps. I can not explain how amazingly fast access became when we moved to 28.8k and later 56k modems OH MY WHAT SPEED! ;-) – AquaAlex Sep 01 '14 at 14:05
  • 2
    Don't forget the BBS games! Anyone remember Galactic Empire? – Joe L. Sep 01 '14 at 15:09
  • 21
    Oh my goodness. I can't believe using phonelines to connect to the internet has already been forgotten. I'm only 19 and I still remember it. – apnorton Sep 02 '14 at 02:16
  • You've got to remember, David Lightman is also Ferris Bueller. – Jodrell Sep 02 '14 at 10:07
  • 3
    Fidonet. Says it all, really... – Bob Jarvis - Слава Україні Sep 02 '14 at 16:49
  • 2
    When did I get so friggin old? – Jolenealaska Sep 02 '14 at 17:48
  • 5
    Just saw this question at random on the side bar ... i officially feel ancient. Thanks kid, you either showed the annoying ignorance of youth today, or you made thousands of young people (34 is not old, dang it!) feel really old ... or both! – SpYk3HH Sep 02 '14 at 21:38
  • And modems are still used as out of band management for routers and network gear that's what the aux port on cisco is for. – Neuromancer Sep 02 '14 at 23:39
  • 2
    Man this question is making more people feel old than a Backstreet Boys reunion concert. – Suman Roy Sep 04 '14 at 05:07
  • 2
    I remember acoustic coupler modems were 300 baud. 2400 was luxury.... what he was doing was the dial up equivalent of port scanning. – Jerry Jeremiah Sep 05 '14 at 22:00
  • Yep, connecting to CompuServe at 300 baud. Those were the days. And playing Trade Wars on my local BBS. – Omegacron Feb 10 '15 at 22:21
  • From BYTE Magazine 1983-10 (available at archive.org), in "Computer Crime: A Growing Threat" p. 398 ff. "The case of the Milwaukee youths, who also admitted breaking into business and corporate computers, proves that illegal forays into computer systems can be as simple as the acquisition of a telephone number and a password code. Dial-up penetration of computer systems today is a serious threat to businesses large and small. For large corporations and institutions like the US government, such threats can have far-reaching consequences... – David Tonhofer Jan 13 '18 at 17:03
  • ... In a similar case from a year ago, a student who was enrolled at CMU in Pittsburgh demonstrated the vulnerability of the military's computer system from his dormitory room when he broke into the US DoD computer network. From there, he moved onto an Air Force computer system. When discovered and questioned as to his intentions, he said he was gathering "missile plans" to publish in an underground newsletter called TAP. Geoffrey Goodfellow, a systems analyst with SRI International in Menlo Park, California, explains: – David Tonhofer Jan 13 '18 at 17:05
  • "Once someone access a national network like the one used by the DoD, that person has unlimited access to any of the computer systems belonging to the universities or corporations hooked to the network. In this case, the student from CMU wandered in and out of systems all over the country, accessing directories, reading files - just, as the student put it, 'browsing around form something interesting.'". – David Tonhofer Jan 13 '18 at 17:05

4 Answers4

116

The video clip shows what is referred to as "war-dialing" a term which was in fact coined from the name of this movie. The "hacking" implied here is that the phone number for the victim computer's modem is not publicly known, but by scanning a range of numbers, dialing one by one, a "secret" modem can still be located. Guessing username and password is the next step. In the movie, David Lightman has figured out where the school administration writes down the password, which was a quite realistic scenario back then.

But is the "telephone connected to a computer" setup a movie prop? Not at all! This was actually how modems for personal computers looked back then. A so-called "acoustically coupled modem" meant that you took your landline phone's handle and attached it to a mic and speaker as shown below, so your computer could do the talking. The same technology was also used in a less realistic fashion in the TV show VR5.

enter image description here

It's for real, we're not making this up!

Abulafia
  • 8,932
  • 3
  • 42
  • 60
  • 84
    "David Lightman has figured out where the school administration writes down the password, which was a quite realistic scenario back then." Back then? You're so optimistic. – Anthony Grist Sep 01 '14 at 09:21
  • 2
    Oh brilliant, that show has the Doctor from Voyager! I've never heard of it, it looks crazy. – BenjaminJB Sep 01 '14 at 09:33
  • 1
    I did this one afternoon with a friend's Commodore 64, found one random computer but didn't have any way to know who's or what to guess for a user name or password, so we disconnected. As noted by others, all of this is separate from the Internet, you can do this type of dial-up serial connections without any other kind of networking. BBSs and UUCP dial-up networks were a kind of version 0 of the Internet, for us old timers. – David Rouse Sep 01 '14 at 13:08
  • 12
    The answer provides good technical insight, but misses some other aspects of the question: after connecting to the systems, David gets access by social engineering attack. In the case of the school, because someone (I think the principal's secretary) held a list of the passwords in an unsafe (although difficult to find) location. In the case of the DoD computer, it gave enough information about itself at login that David was able to guess which password the createor would have used. If you add those points, it would fully explain the OP. – SJuan76 Sep 01 '14 at 13:34
  • 1
    Actually, what David tries (when he's war-dialing, and connects to Defence-computer), is to hack into the computer of a computer-game company (of which he doesn't know the number)... The phone-number to the computer on his school, he does know. – Baard Kopperud Sep 01 '14 at 14:23
  • 3
    And "War Driving" comes of course from this original "War Dialing" activity of major fun. It just went mobile. Juniors interested in learning how hacks were made back then should grab a copy of Clifford Stoll's "Stalking the Wiley Hacker" or maybe even his book-length version "The Cuckoo's Egg". Good times. – David Tonhofer Sep 01 '14 at 15:57
  • 2
    I'm old enough to remember doing exactly this a couple of years before the movie came out. Our high-school had a dial in line and an insecure system. So yes, this is authentic. – bayendor Sep 02 '14 at 00:20
  • 1
    My first "personal cmoputer" was an acoustic coupler like this one and a VT100 terminal to connect to the VAX mainframe I managed. I remember the thrill of buying a 1200 bps (that's about 120 characters per second) modem upgrade. I think by the time I got up to a 9600bps modem that was a little personal computer in its own right as it had a Forth interpreter inside which ran the modem firmware. As well as dialing through, you could put it into interpreter mode and use it directly from your connected terminal. – Andy Dent Sep 02 '14 at 05:16
  • 4
    Back in college (late-70's, thanks - the Good Old Days when computers were water-cooled, IBM was the abode of the gods, and Led Zeppelin was still together. Ah, great days - GREAT days... :-) one of my profs explained to us how data exchanged over phone lines would NEVER exceed 300 baud. Couldn't be done! I've always wondered what happened to that guy... – Bob Jarvis - Слава Україні Sep 02 '14 at 16:52
  • 6
    It might be worth mentioning that the reason for having an acoustic coupler rather than a direct electrical connection at the time was due to AT&T being very picky on what devices they allowed to connect to "their" network... – thkala Sep 03 '14 at 00:17
  • 1
    "What's this landline phone thing you are talking about?" will be what the youngsters ask next ... Whereas I notice that the phone in the photo does not have a rotary dial ... – Hagen von Eitzen Sep 03 '14 at 14:15
  • 1
    Will the telephone system today still respond to dial pulses? – Joe L. Sep 03 '14 at 19:47
  • @JoeL: No, pulse dialing was used by rotary phones. It is not supported in modern telephone exchanges, but you can buy something to plug in between your old rotary phone and the wall socket, if you're into autentic rethro phones: http://www.dialgizmo.com/about_dialgizmo.html – Abulafia Sep 03 '14 at 21:26
  • @BobJarvis - We were lucky to have 300 baud, frankly, back then -- the Kansas City Standard used harmonically related tones. (I was too young to know much at the time, but I knew that was a dumb idea, given the overall fidelity of the system and "terminal equipment" of the day. This was, of course, before third-party phones were a thing in Canada.) – Stan Rogers Sep 04 '14 at 06:07
  • @StanRogers - Tones are still used today. SIT (Special Intercept Tones) or the ascending "doo-doo-doo" triple tone when dialing a disconnected or invalid number are one example. Of course, these are not mandated any more, and with the rise of many multiple PBX and local providers, not all systems provide them. Which makes it a real headache trying to identify disconnected numbers when programming automatic call applications. – JohnP Sep 04 '14 at 17:48
  • This thread is making me feel old. :( – Simba Sep 14 '16 at 12:36
36

I corrected one posting in a comment "You basically had to dial the number for your ISP." is of course wrong - direct dialin predated ISPs. A bit of lengthy personal history below about the credibility of this kind of attack for the times.

I was a VAX/VMS sysadmin for a mining company from about 1986 to 1989 and I had one direct dialin line which was a publicly accessible phone number - if anyone had guessed the number they would have been able to get a login prompt.

However, VMS was a very secure operating system, so the line was configured with a number of security features, from memory:

  1. Only a very small number of password attempts were allowed, with the line being locked out for a random period if they were exceeded.
  2. Any login failure resulted in immediate printed alert on the secure paper console in the computer room, my screen if I was logged in and an email to me (yes there was email back in those days).
  3. Terminal sessions through the dial-in line were logged so all incoming keystrokes were recorded.

"War-dialing" was a big deal and the trade magazines were full of tales of people finding that their company had exposed entire banks of phone lines with access to the computer. Whilst VMS could be secured very easily, there was also a time when it shipped with a "system" account with a default password and, even worse, the equally privileged "field"/"service" account which some technicians left enabled. So, finding a phone line that would answer was potentially a big deal in getting access to all kinds of systems.

We also had chains of bulletin-board connections where messages went via a store-and-forward system that could take days to forward messages, depending on volume and how often some people in the chain connected their computer to the next nodes.

If you're interested in hacking tales from that time, check out Clifford Stoll's "The Cuckoo's Egg" about how an astronomer turned sysadmin found an international hacker.

update

I forgot that I caught our commercial programmer allowing his girlfriend to login through the dialup port. He had sysadmin access and had created a program for her to run a home business generating labels. He didn't know enough to hide the activity by disabling logging on the port. That's my most exciting real hacking story in my entire career.

Andy Dent
  • 461
  • 4
  • 7
  • 10
    +1 for mentioning The Cuckoo's Egg - I read it like 20 years ago and never were able to find it again until you mentioned it here :-) – Martin Sep 02 '14 at 12:39
  • 1
    A certain irony in writing an answer about locking lines out after N password failures the day before I hear about the iCloud breakin to steal all those celebrity photos. It has been well-established now that the hack was via a flaw in Apple's "Find my Phone" service allowing unlimited password attempts. – Andy Dent Sep 02 '14 at 12:57
  • Ah yes, the field service account, password 'raster'. –  Sep 03 '14 at 00:25
  • For most of the years I was a sysadmin, the default account was "field", the password "service" and I once lodged an official complaint about an engineer I caught who deliberately re-enabled the account to "save him time on the next visit". It took a couple of versions for VMS to institute a one-time rule on these two accounts so the password was forcibly reset. In the meantime, Vaxes became desktop machines found as glorified PCs so even more users had terrifying defaults. – Andy Dent Sep 03 '14 at 05:03
  • Small world. I actually worked for DEC at the time as an SWS (Software Specialist), and the FSE's (Field Service Engineers) could definitely get in trouble for that. – RBarryYoung Sep 03 '14 at 16:49
  • I "wardialed" back in the day (300 baud, but not acoustic!) and most of the things I found were not secured in any way beyond the obscurity of the phone number and the cryptic interface. – Ben Jackson Sep 03 '14 at 17:51
  • 2
    @BenJackson - Same here. I started out on a Commodore Vic-20 and progressed up. I still work in the industry, and in the late 90's was working on a hospital system as an outside contractor. Their root password for the entire system was . Not the word, but just...hit...enter... – JohnP Sep 04 '14 at 17:51
22

He didn't - the hack was the password research.

Since all internet connectivity happened over phone lines at that time, he used his phone to establish a connection. You basically had to dial the number for your ISP.

Not quite true. Before the internet, a lot of people connected directly, computer to computer. You had a modem (or a bank of them) sat waiting for an incoming call from another modem.

To connect to a remote computer, you had to know the number, then a username and password. The first bulletin boards operated this way, and did not need a password, You just dialled in, downloaded all the new posts and disconnected. You could then read and write replies before connecting again to upload them.

Chris B. Behrens
  • 25,226
  • 21
  • 102
  • 155
hidden
  • 221
  • 1
  • 2
10

The trick was not in the act of merely connecting to a remote system (a wardialer is not a hack - it's a brute-force tool) but rather in figuring out what the account passwords were. For NORAD, he researched who the system designer was and guessed that his password was his dead son's name. For the school passwords, he looked underneath a desk blotter in the school office when no one was looking, as I recall.

sewalk
  • 101
  • 2