The Hacker’s Handbook and the script kiddie

On its publication in 1985, The Hacker’s Handbook was a sensation. It seemed to legitimise an activity that many of us had been engaged in for a while – the (mostly) innocent exploration of online computer systems.

We now live in an age of connectedness. Our phones, our TVs and even our fridges are just nodes on a giant network. Email is a trivial part of our lives. All of human knowledge appears to be just a Google search away. And hackers are perceived by many to be nothing more than vile criminals operating out of Russia or evil state-sponsored cyber-spies employed by the Chinese government.

Back in the 1970s and early 1980s, a computer was a relatively rare sight in people’s homes. And most of them were isolated machines. That would change quickly, of course, but before the likes of CompuServe and AOL made going online seem mundane, connecting with remote computers with the aid of a modem was an arcane business. Even legitimate activities, such as logging on to Micronet 800 (see below) to get the weather and read Micromouse, or connecting to Telecom Gold to pick up email, seemed like tapping into the future.

But there was a greater rush from, um, less authorised activities. Many computer operators, especially in universities, either didn’t think to secure their mainframes and minis or didn’t want to. And there were many obscure and fascinating systems that were just a phone call away.

Today, if you want to connect to a remote machine you need to know its domain name or IP address. In the 1980s you were more likely to get your modem to call it direct over your phone line. That’s why hackers would talk about ‘interesting numbers’ – phone numbers that would be answered by a computer. Once connected, you could often use that computer’s network connections to explore further: I recall dialling unsecured PADs (Packet Assembler/Disassemblers) at universities that provided access to the X.25 packet switched system.

But back to the book. The author’s name, Hugo Cornwall, was of course a pseudonym – for Peter Sommer, who has since gone on to a very successful career as a security consultant. One of the other people who contributed to the book, editing and co-writing later editions, was my old pal Steve Gold, sadly no longer with us. Right up until shortly before his death, Steve and I spent many a happy hour chatting about the ‘good old days’ of hacking when it all seemed such an innocent pastime.

Actually, it was rather innocent. The prosecution of Steve and Robert Schifreen for ‘hacking’ the Prestel online system revealed that, at the time, UK law was rather lacking when it came to dealing with computer-related activities. The two alleged hackers were ultimately acquitted and this led directly to the creation of the Computer Misuse Act 1990.

There were six editions of the book all told – I have the first two. All, as far as I know, contain one small piece of content that affected me personally.

In several places, ‘Hugo’ had reproduced messages that various people, including me, had left on a bulletin board system (BBS) in a section devoted to hacking. Conscientiously, all the names were replaced with rows of Xs (although with one X per character it’s still easy for me to work out which messages were written by Steve Gold and which by me). Alas, in one of my messages I’d mentioned my Prestel address.

The fateful message.

Prestel was an online service, of which Micronet 800 was a sub-section dedicated to microcomputer users. This proto-web allowed you to get information about stuff like the weather and share prices – somewhat like Ceefax and other TV information channels with which it shared Viewdata protocols and graphics. But it was also interactive. You could, for example, send email messages to other Prestel users. Your address was your nine-digit Prestel ID. The wrinkle was that, in the early days at least, the operators of Prestel thought they’d make your life simple by making your ID the same as your telephone number.

Not long after the publication of the book I started getting phone calls from wannabe hackers. Being geeks, these calls invariably happened in the small hours of the morning. That’s because they were taking advantage of off-peak phone charges and also because … well, because they were geeks.

And so, at 2am or 3am, I’d be woken by the phone, which in those days was fitted with a loud bell that couldn’t be turned off and was unfortunately positioned at my bedside, and I’d hear a voice which, with no introduction and in hushed, conspiratorial tones would say: “I was just wondering if you have any interesting numbers.”

I was lucky in one way. British Telecom had just switched from its practice of wiring in phone handsets directly to providing jack plugs. So I got into the habit of unplugging the phone each night. But sometimes I forgot, and the calls would come.

That conspiratorial tone of voice eventually clued me in. Hackers are nothing if not paranoid. When the caller asked the inevitable question about numbers, I’d reply: “I don’t think it’s a good idea to discuss this on an open phone line, do you?” That always got rid of them.

This happened so much that I wrote a piece about it for The Times – two years later! I must have penned this just before I met Steve because it’s not very flattering about him. We had a laugh about that later. But my main beef was with these idiot callers. What I was trying to describe in the piece – although the term had not yet been coined – was the script kiddie.

Because those callers are still with us – idiots looking for bragging rights or opportunities for vandalism but without the intelligence, patience or commitment to learn their trade. You’ll find script kiddies on any open hacking forum, wanting a quick fix.

There’s very little in the Hacker’s Handbook that remains relevant to computer communications today. Changes in technology have left it behind. Yes, serial comms are still employed, and the concepts of data length, parity and stop bits remain in use, but mainly in specialist applications such as embedded computing and the Internet of Things. And the X.25 network is still out there, but again in more specialised applications. If your interest is in hacking, then the Hacker’s Handbook won’t be of much help.

Yet it remains fascinating from an historical perspective, and it encapsulates that spirit of eager curiosity that defines the true hacker.

Leave a Reply

Your email address will not be published. Required fields are marked *