==Phrack Inc.== Volume Three, Issue 25, File 8 of 11 /*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\ \*/ \*/ /*\ Hacking: What's Legal And What's Not /*\ \*/ Written by Xandor SymmLeo Xet \*/ /*\ With Technical Assistance From The ICH /*\ \*/ \*/ /*\ Reviewed by HATCHET MOLLY (TK0GRM1@NIU.BITNET) /*\ \*/ Exclusively for Phrack Inc. \*/ /*\ /*\ \*/ March 8, 1989 \*/ /*\ /*\ \*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/*\*/ "Hacking: What's Legal And What's Not" was originally published in 1987 by "HackTel Communications" of Crosby, Texas. Reportedly the book is no longer being published as the author, Xandor SymmLeo Xet, has joined the United States Army. E. Arthur Brown of Minnesota has bought out the remaining stock and is selling it for $12.95 (plus postage and handling) which is about half off it's "cover price" of $25.00. We've always been taught not to judge a book by its' cover, and I suppose that one should not expect beautiful binding and great illustrations in self-published books, especially those that deal with hacking and phreaking. But I can't help comment on the sheer ugliness of this volume. To be fair, I should preface these remarks by saying that E. Arthur Brown Company does give fair warning about the packaging of this book in their advertisement. The "book" consist of about 300 photocopied reproductions of non-NLQ dot matrix pages. However, this does not mean you get three hundred pages of information as about half of the pages are single sided copies. All in all I'd say it could be reduced to about 200 pages if everything was copied back to back. These pages come in a nice three ring binder, black in color, and it even has the name of the book silk screened on the cover. (I can't resist mentioning that the title of the book is improperly punctuated on the cover, though it is correct inside the manuscript.) Presumably the author(s) intended to release follow up reports and addendum to the book at later dates (and at additional cost). So the three-ring binder approach makes sense, and the author does explain that he has used single sided copies in some places to allow for easy insertation of these "Hacker Reports." So perhaps criticisms of the books packaging are a little unfair since it appears these concessions were made with a purpose in mind. This does not, however, change what you do indeed get when you order this book. All potential buyers should be aware of what they are getting for their money. Enough of what the book looks like, let's examine what it has to offer. Generally speaking, it is a cross between a "how to" and a legal reference guide. Much of the book is dedicated to state and federal laws that deal with hacking, phreaking, and pirating. You'll find reprints of the state computer crime laws for every state of the union, (current at the time the book was written) and the Federal wire fraud and copyright laws. It does not include the Federal Electronic Communication Privacy Act (ECPA) perhaps because act was not passed at the time the book was compiled. The sections on state laws appear complete enough, and the full source and appropriate references are given if you want to check them for accuracy or changes. Thoughtfully, the author has even included the associated penalties each statute carries. And for those of you who aren't quite up on your Latin, there is even a (very) short legal glossary so you can better understand the language of the law. The crime laws make up the bulk of the book. They are probably the most useful section despite the fact that the information is at least three years old by now. The rest of the book is dedicated to various topics that are mundane to anyone that is an active practitioner of phreaking and/or hacking. Topics like "what is a network" and "how does a war dialer work" really do little for the accomplished hacker, and the public can get the same information in the better written book by Bill Landreth. One point that interested me is that Xet adheres more to the "computer professional" definition of "hacker" than he does to the definition used by most of the underground. In other words, he maintains that people who gain unauthorized access to systems are "crackers," not "hackers." He, like many phreak/hackers, gets upset when the media uses the term incorrectly, but his reasoning is a little different from most. Interestingly enough, despite an entire chapter on software piracy, Xet does not realize that "cracker" already refers to a specific type of activity and suggesting it as an alternative to "hacker" only serves to further muddy the waters. To some this may be a minor point, but the indiscriminate and apparently uninformed use of terms and labels is ill advised in a book that aspires to be a useful reference manual. By way of illustration, I've excerpted his definitions (actually, they should properly be called "descriptions") of various terms from the glossary: Hacker: A non-business computer user who operates a computer in conjunction with a modem and who at least knows his (or her) way around a local bulletin board and has at least heard of CompuServe and The Source. Can usually be found eating pizza or donuts, and has a working knowledge of the effects of long term exposure to great amounts of caffeine either from drinking several softdrinks (sic) or numerous cups of coffee. Cracker: A hacker who has an adventurous streak which leads him into unknown computer menus and strange protocols of all benign. He has the ability to crack access codes or passwords in order to illegally enter a computer over the telephone. Usually a very good problem solver, quick to think, cautious to act. Often thought of as clever or even sneaky. Excellent chess players. Chrasher: A cracker gone bad. One who gets his jollies from terminating corporate systems and picking on helpless bulletin boards by destroying information or files or by rendering a system unable to communicate (usually referred to as "crashing" the system) until reset by a sysop. Very clever, extremely dangerous. Smart, but hopelessly misdirected. They deserve respect for their ability to destroy. Pirate: Software pirate. A hacker who concentrates his efforts toward cracking software copyright protection schemes which are placed on computer disks to prevent the illegal copying of factory produced programs. Some pirates have a habit of collecting software that they have managed to crack either to trade with other pirates for software they don't have yet or just to collect it for the sake of building their egos. Some of my best friends are pirates. Usually, very easy going people, and sometimes politically minded as well. And even more clever than crackers or crashers. The problem with these definitions is that they are not mutually exclusive and do little but reinforce the stereotypes that hackers, phreakers, and pirates already face. Any phreak/hacker that reads this book will give these definitions little attention, if they read them at all, but if this manual is used by the media as an "example of hacker literature" it will only further perpetuate some of these assumptions. A large amount of the book is dedicated to what Xet calls The Gray Pages. Labeled as a "national hackers' phone book" it is primarily a list of dialups for Telenet, Tymnet, Compuserve, and The Source. This list is hardly "secret" and the format hints that it may just be a capture of the "info" pages from each of these networks. These numbers may be helpful to the beginner, but it would have been better if he included instructions on how to dial the toll free access number (or call customer service and just ask them) and check for your local number by yourself. Not only would this have cut down on the number of pages needed, but it would have at least given the beginner an excuse to actually do something themselves. (Not to mention that is the best way to get the most accurate information.) The rest of "The Gray Pages" is taken up by a list of 400 public BBS systems. Although the list is titled "hacker bulletin boards" many of the systems listed are quite legitimate and do not support phreak/hack or pirate activities. Woe to the beginner who calls CLAUG and starts asking for plans to a blue box. Of course the biggest draw back to this list is that it was probably fifty percent out of date four months after it was printed. Speaking of blue box plans, Xet does offer a short list of box colors and what they do. No plans for boxes are included, nor is there a discussion of DTMF tones or other common phreak knowledge. He does include simple schematics and operating instructions for a tap indicator, wire recorder, and a data converter (for use with the wire recorder). The introduction to this section, called "gray market equipment" says that future editions of the book will include box schematics. Finally, there is a short section called "helpful stuff" written by "The ICH." This section is pretty informative but offers little clarifying information. Basically it includes an ASCII table, DTMF frequencies, satellite and cellular frequencies, and a short discussion of packet switching networks. In summary, "Hacking: What's Legal And What's Not" offers some very basic information to the beginning hacker, a quite good (although potentially outdated) review of relevant state and federal computer crime laws, and a few tid-bits here and there that are worth knowing. But it also wastes a lot of space to bulletin boards and dialup numbers that are of little use to anyone. Experienced phreak/hackers and pirates will find a few articles that are not available elsewhere (like the section on "How Hackers Think" where Xet says that since a San Diego BBS poll indicated that 79% of "hackers" had the astrological sign of Leo all one has to do to understand hackers is read a profile of Leo's!) but the vast majority of the information is old news in a new format. For someone who wants to get a broad overview of the computer underground I can recommend this book. But if someone is looking for information of any real use, I suggest you contact your local phreak/hack BBS and use the G-philes they have available. You won't be missing anything this book has to offer. E. Arthur Brown's price of $12.95 offers a reasonable value, and if your looking to develop a "hacker library" you might consider ordering a copy. _______________________________________________________________________________