Guide to (mostly) Harmless Hacking

Vol. 6 Real Hackers

No. 2: Harold
Harold (Fatal Error) is famous within the hacker scene nowadays for two things.
He gained his education for the most part from the hacker culture. He doesn't ha
ve a computer science degree. With this street education, however, he has become
the senior network engineer for the AGIS Internet backbone. This is an enterpri
se valued at over $1 billion. Since taking over as head engineer with AGIS, he h
as fixed security weaknesses that allowed attackers to shut parts or all of AGIS
down four times in 1997. In addition, when Harold took over, spammers had been
plaguing AGIS. He since has tracked down and kicked off so many spammers that AG
IS is now one of the most spam-free Internet backbones.
Harold is also famed because, like all true hackers, he donates his services to
good causes. Last October, he helped a small Internet service provider, Succeed.
net, fight off a group of persistent attackers who were intent on driving Bronc
Buster (http://www.showdown.org/) off the Internet.
Then this March he pitched in with logging software to help Rt66 Internet fight
off a barrage of attacks focused on shutting down the Happy Hacker web site (htt
p://www.happyhacker.org/).
Harold has pioneered a path that many hackers could follow. However, it's a path
that calls for hard work and a burning desire.
Harold began hacking in 1979. Back then he was a 12-year-old Detroit kid playing
with the keypad of his phone. In 1983 he got his first computer -- a Timex Sinc
lair which used a tape recorder instead of a disk drive to hold programs. With i
t he began teaching himself the Basic programming language. That year his cousin
got a Commodore 64 computer with a 300 baud modem. Later that year Harold built
his own IBM PC. He was to go on to build hundreds of low-cost computers for his
friends.
Harold and his cousin parlayed this primitive equipment into a hacker group and,
through the bulletin boards of the 80's, began sharing knowledge with hackers a
round the US. They also joined the 2600 club (nowadays reachable at http://www.2
600.org/).
Harold's own local hacker group grew, and began holding meetings at a local pizz
a parlor. His group included many young women -- as unusual then as it is today.
As Harold puts it, "I used my computer to meet girls." It was at those pizza ni
ghts that he met the woman he would later marry. (They now are the parents of fo
ur.)
Harold soon made a name for himself by writing text files on how to generate val
id calling card numbers and by pirating voice mail systems for his friends. He b
lue boxed long distance calls and found his way around Telenet, an early network
that had six-digit addresses for its hosts. (The far larger Internet uses twelv
e-digit addresses.)
In August 1985, a visit from an FBI agent sidetracked Harold's hacker career. Ha
rold had just turned 18, so he knew he could now get in serious trouble. During
this visit the agent asked Harold if he knew what a PIN register was. Harold kne
w all too well that meant the FBI had been recording the destinations of phone c
alls made from his home.
The agent pulled out a 30 page printout. "In the month of February 1995, you mad

e 3200 calls to this MCI 800 number. Why?"

Harold pointed out to the agent that it is legal to call 800 numbers. Harold wou
ldn't tell the agent what he did after getting on that 800 number, however.
The agent then pointed to one number, 40 digits long. "Can you tell me what you
were doing with that number?"
Harold burst out laughing. "That's 'Mary Had a Little Lamb,' sir."
The agent let Harold know that they were close to getting enough on him to make
a bust. The two worked out a deal. The next day Harold enlisted in the US Army.
Harold was able to turn his Army stint to his advantage. He went to electronics
school at Ft. Jackson and became a multi-channel radio operator with the Patriot
missile defense batteries.
He also discovered ARPAnet.
ARPAnet was the US military network that was eventually to evolve into today's I
nternet. Life was slow in the Patriot batteries. Harold recalls he typically "sp
ent all day on ARPAnet... When you ran into people on ARPAnet, they were mostly
people who shouldn't be there."
That was back when few people would abuse their ARPAnet access. The military tol
erated hackers because they often contributed free software and technical assist
ance. For example, within the first year of ARPAnet (1969), hackers had already
been the first to invent email.
After the Army, Harold settled into eight years of work as a computer programmer
at a Detroit Mazda factory. On the side he ran a bulletin board. Eventually he
was running 64 phone lines of access for hundreds of paying customers. Ultimatel
y he even provided them with Internet access.
The Internet was to be what killed Harold's bulletin board. While working a full
-time job, it was too hard to compete with the other Internet access providers t
hat sprung up around 1994-5.
Around then Harold made an extremely bad decision. He used his hacking talents t
o make some big, quick bucks. He figured it would be a one-time stunt. Then he w
ent back to his usual life of harmless hacking.
In 1995 Mazda offered voluntary layoffs with a benefit of 18 months at 80% pay.
Harold jumped at the opportunity. He enrolled in the electronics school at the N
ational Institute of Technology.
But 1996 was the year his past caught up with him. One of his partners in the co
mputer fraud scheme got a prison sentence. Harold got off with probation.
That year Harold parlayed his recent education and hacker skills into two simult
aneous full-time jobs. One was at Ameritech, the Michigan baby bell phone compan
y. The other was at the recently created AGIS Internet backbone company. At both
companies he was only able to get entry level jobs giving tech support, as he p
uts it, to people would "couldn't remember their passwords."
After a short time on the exhausting schedule of these two full-time jobs, his A
GIS supervisor, even though he knew of Harold's troubles with the law, promoted
him to a network engineer position. Harold quit the Ameritech job, and began dev
oting himself solely to understanding AGIS and its many challenges. 1997 was to
be a challenging year, indeed. Twice that spring massive email bombings filled u

p the disks on the AGIS mail servers, crashing them. In April someone posted a p
assword for an AGIS router on a hacker news group The mystery attacker claimed t
he password was "spamforall." Rumor has it that password was genuine.
The problem was that the young, growing and hungry AGIS had signed contracts wit
h Cyber Promotions, Inc., at the time the biggest spammer in the world; with Nan
cynet; and with several other spammers. The attacks were retaliation for AGIS se
rving these companies.
Harold knew AGIS had problems that he could solve. However, as a junior network
engineer without an engineering degree, he didn't have the clout to persuade man
agement to take the drastic security measures he knew they needed.
June 4, 1997, was the day the AGIS Internet mail gateway backbone was taken out
by -- whom? The attacker announced on a Usenet post "Today I wiped AGISGATE and
all of AGIS's name servers. I will only stop until[sic] AGIS changes their polic
ies... This means getting rid of all of their spammers
-- most importantly Cyber Promotions."
This was not good for Harold. Someone was assaulting AGIS -- and the company and
FBI suspected an insider was committing the attacks. To be exact, Harold, given
his past, worried he would become one of the suspects.
With a wife and two toddlers to care for at the time, the prospect had to be fri
ghtening. Harold was fighting not just to prove he could solve the hacker proble
m -- he was fighting for his reputation.
Then someone gained access to every router on the AGIS network. The attacker cha
nged the configuration files to take the routers out of service. This blacked ou
t the Internet to a million people, in some locations for over a day.
Fortunately Harold was able to use his years of hacker skills to trace the attac
ks to the source of origin. He also persuaded his bosses that he was capable of
doing what was necessary to set up the new AGIS network. Harold designed new har
dware and set up s-key, a one-time password system, to secure the AGIS routers.
He also built AGIS's Usenet distribution system, both the hardware and software.
Harold was rewarded with promotion to senior network engineer -- and stock in th
e fast growing company. And -- he achieved all this while still on probation. No
w that he had real power in the company, Harold's next goal was to rid AGIS of s
pammers. This was not an easy task. AGIS had to fight a lawsuit brought by Cyber
Promotions that briefly got a court order to force AGIS to give them service. H
owever, by December 1997, Harold could say "Now we probably have the least spam
of any backbone."
In early October 1997, Harold responded to a request from Carolyn Meinel to help
Succeed.net, a small ISP in Yuba City, California. Succeed.net was under assaul
t by a group of hackers who wanted to drive Bronc Buster (now at http://www.show
down.org/) off the Internet. The owner of that ISP, Robert
Lavelock, refused to cave in to the attackers' demands and kick Bronc Buster off
. Instead, he fought them. Harold helped them close their security holes and set
up a logging system to help the FBI catch Bronc's assailants. For details on th
is war, which lasted three weeks, see the GTMHH on "Hacker Wars" at http://www.h
appyhacker.org/.
This March, when Rt66 Internet came under attack by hundreds of computer crimina
ls trying to shut down the Happy Hacker network, Harold pitched in again with lo
gger/sniffer software.

Today Harold likes to say, "I help create the Internet. I realize that everythin
g I do affects a million customers." With newborn twin baby daughters, the end o
f probation, the achievement of ridding AGIS of spammers and computer criminals,
and his role of white hat hacker riding to the rescue of the victims of compute
r crime, he has a lot of joy in his life. And the world is certainly a better pl
ace because of his work.
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the of
ficial Happy Hacker Web page at http://www.happyhacker.org/. Us Happy
Hacker folks are against computer crime. We support good, old-fashioned hacking
of the kind that led to the creation of the Internet and a new era of freedom of
information. So please don't email us about any crimes you may have committed.
We won't be impressed. We might even call the cops on you! To subscribe to Happy
Hacker and receive the Guides to (mostly) Harmless Hacking, please email hacker
@techbroker.com with message "subscribe happy-hacker" in the body of your messag
e. Copyright 1998 Carolyn P. Meinel <cmeinel@techbroker.com>. These Guides to (m
ostly) Harmless Hacking are, in the spirit of copyleft, free for anyone to forwa
rd, post, and print out -- just so long as you keep this info attached to this G
uide so your readers know where to go to get free GTMHHs.