It’s In The Computer


After this photo was taken Nitro told us about his own manifesto. “You know, in school, if you were into computers then you were a geek and people gave you shit for it, no matter what. Hacking was our way to get back at the world and say you fuck you. You see, now we are the thugs!’.
 


Hacking was introduced to the mainstream by a magazine back in 1971, when they published an article about a Vietnam veteran who discovered that a free whistle, which he’d got in his Cap’n Crunch cereal box, could be blown down a public phone to obtain free calls. Today, hacking has become a very real subculture that’s seen many of those involved rack up years behind bars, as well as millions of dollars worth of damage to corporations and individuals who have fallen victim to the cyber thug.

A few months ago there was an incident in Melbourne whereby hundreds of subscribers to a specific mobile phone service (which provides updates on public transport times) received a message along the lines of: “Next time you catch the tram, your driver is going to kill you”. This was obviously the work of a mildly sophisticated hacker with a strange sense of humour and an abundance of spare time and while we have no idea how or why they did it, for some reason it stuck with us and became the inspiration for us speaking to this guy. We had heard about a monthly meeting held by some people who run The Hacker Quarterly magazine and figured we’d go along to see if they’d be all guarded monosyllabic responses, or keen to show off how deeply nerdy they actually are. Luckily, they fell somewhere in between and we eventually managed to drag Nitro away from his game of World of Warcraft and ply him with sufficient alcohol to get him talking.

Vice: How old were you when you started hacking?

Nitro:
At 12 I had some interest and by 15 I was what you would consider a full-blown hacker—working in the industry and constantly involved in various hacking and phreaking activities.

What the hell is phreaking?

Phreaking is the art of hacking phones to get free calls and other fun things.

What’s the appeal for you?

Originally I just wanted to break stuff, but as I came to realise that there was more to it, I was driven to learn as much as I possibly could. By 15 it was a lifestyle more than a hobby and it became more about exposing corruption and promoting freedom of information and communication. I believe phone and Internet should be free for everyone in the world. Oh, I also saw the movie Hackers and wanted to out-do a wannabe hacker in high school. He ended up working on a fishing trawler.

Tell us about the virus your dad invented?

My father attended some computer course in the early 80s, when the end user had a lot more control of the hardware and you would often need to write your own software to do anything with the computer system. My dad wrote a virus which took control of the hard disk and would physically smash the heads inside the HDD from side to side really fast, causing major damage inside the drive.

Wow. How big is the hacking community in Australia?

The hacking community is all but dead I’m afraid. However with the way technology is expanding it won’t be too long before a new bunch of angry kids decide it’s time to carve up some computers.

What is the difference between what you call a script kiddie and a hacker?

Script kiddies use pre-written programs and scripts to gain access to servers or manipulate a piece of software or hardware to do what they want, whereas a hacker will just pick at anything until they find a hole, then slowly pry the hole open until it’s big enough to fit through.

What’s the difference between a ‘black hat’ and ‘white hat’ hacker?

A black hat is a hacker that likes to break stuff. A white hat is hacker that likes to break stuff but is too scared of the law so decided to go legit. They are also known as security experts.

How much could a legally employed hacker expect to be paid to test a company’s security systems?

It depends on the company but anywhere between $200 and $5,000 per IP address for a corporate job. The money isn’t where the fun is though. The fun in audits is having legal access to hack anything you want, however you want, provided it doesn’t destroy data. The real funny thing about audits is that a lot of the time the IT department won’t tell the staff what is going on and so you get helpdesk managers and call centre staff losing the plot trying to figure out why nothing is working. Meanwhile, you are sitting out the back giggling with an evil smile on your face. I did an audit on a credit card gateway machine a few years back and proved it to be very insecure. I was able to access the whole system and crack the passwords within half a day. The bank which owned this machine sent in three high-paid security experts, all trained by Microsoft, to prove me wrong. For half a day I sat there watching these ‘experts’ try and suss the server out and every time it looked like they were making a bit of progress, I would send a BSOD (Blue Screen of Death) to confuse them. I heard later this bank was paying them over $100,000 a year each to secure a bunch of these servers. Dumb fucks. That server was taken away two days later and the company I worked for changed banks for their automated credit card transactions.

Awesome. What is the practice of war-driving?

War driving originated from something called war dialling. War dialling involved calling up a bunch of numbers, either randomly or in sequence, and trying to detect which ones were modems and consequently a possible hack. War driving is the wireless version of the same thing.

Do hackers do this regularly for fun?

They’ll probably do it until it’s easy, then forget about it and move onto something more challenging.

So if you were parked outside my house, how quickly could you hack my wireless password and get into my personal files?

That would all depend on what type of encryption and passwords you use. If you were slack like me and had your wireless password set to 0000, it would probably be easy. Someone who has a proper wireless hacking station will be able to get full access to unsecured files in under 10 minutes.

How many hours a week do you spend on your computer?

40 hours a week at work and 40+ hours a week at home. However that’s all playing World of Warcraft.

Have you ever been in trouble with the law?

Of the crew that I was in, one ended up in court, one ended up with multiple visits from the feds and another guy and I stayed real low (no bank accounts, no bills in our name, no license etc.) for about a year. I then decided it would be best if I didn’t involve myself in those activities anymore.

What’s the harshest sentence that has been dished out for a hacking offence?

I believe it was for removing or altering data. People like Electron got 18 months in minimum security. I know there have been harsher sentences for credit card fraud but that’s not real hacking—that’s stealing. And if you are going to steal, steal off the government and corporations, not the general population.

Tell us about the Australian hacking group The Realm. Who were they and what did they do?

That’s almost before my time. The Realm was a BBS (Bulletin Board System) from the late 80s where a lot of people would meet up and plan events. It quickly grew into a place for information exchange, swapping and developing exploits, dating and a place where computer geeks, who weren’t really accepted by society, could hang out and talk to each other.

There is a widely available hacking magazine called 2600. What does that stand for?

The 2600mhz tone, when played down an old school public phone, would drop the line directly into an international trunk, allowing whoever was on the end of the phone to dial anywhere in the world free of charge This was fixed at some stage in the 90s and I don’t believe it ever worked in Australia—at least it didn’t when I tried.

Is there a hacker’s code of conduct?

Most good hackers will make an effort not to break anything or steal anything.

Apart from taking advantage of computer security and phone systems, what other things could be hacked? We technically hacked this bar tonight by sneaking in hip flasks right?

Ha, yes that is a type of hacking. I hacked the Engine Control Unit on my car by unplugging the automatic and bypassing the thingy which says when to change gears, so instead of changing at 5,000 rpm it changes at 6,000+ rpm.

‘Social Engineering’ plays an important part in hacking right? Can you give us any examples of how this works?

‘Social Engineering’ could also be known as ‘being a con artist’ because that’s where a lot of it comes into play. It’s all about using good old fashion tricksies and lying to get information that will help you with a hack.

So do you have a normal day job in IT?

Fuck no. Computers shit me and if it wasn’t for pirated music, car videos and World of Warcraft, I probably wouldn’t use my computer at home very much either.

What makes a good hacker?

One who doesn’t get caught.

JOEY SPINOZA

 

Videos by VICE