The X Files8:(xf0008.txt):01/01/1994 << Back To The X Files8

__ \ / |_ / \ e n o n | o u n d a t i o n presents: \ / *------ the \ / / \ files ------* / \ January/1994 Issue: 8 --------------------------------------------- | The | | Xenon Foundation Presents: | | | | The Beginner's Frequently Asked | | | | Questions | |___________________________________________| Written by: Erik Turbo As always, we have encouraged others to engage in the hobby of computer 'hacking', and as of late, we felt it would be quite beneficial to those interested in the field if we were to produce a Frequently Asked Question (FAQ) file, covering all the 'not-so-stupid' questions some people are afraid to ask. Since the Xenon Foundation has been in existance since March of 1992, and are one of the most active groups in New England we felt it would be our responsibilty to pass the information we have learned on to others. Remember, there are no stupid questions, just stupid answers. :-) Q. What is hacking? A. It has to be understood, that when asking a question as broad and far reaching as this one, you will get different answers from just about anyone you speak with. Our closest definition, and in the simplest terms is: Hackers are closely knit groups of individuals whos main goal is the retrieval of information and knowledge from computer systems and networks, while striving to learn as much as possible about operating systems and their function in the process. Q. What is the Xenon Foundation? A. The Xenon Foundation is a group of individuals, from various locations in the Northeast, who's purpose is to learn as much about computers, networking, operating systems, telephone systems, and the like, from the manipulation of security flaws in existing software. It was founded by CopyMaster D. in early 1992, and has been under his leadership of Erik Turbo since March of that year. We are currently one of the most active group in the Northeastern section of the country, primarily concentrated in the 508, 617, and 716 area codes. Q. What does one need to be a hacker? A. The mark of a good hacker is persistance; the mark of a great hacker is persistance AND intelligence. In order to be successful as a hacker, one must have a means of communication (ie: a computer, modem and telephone line), a means of finding computers to actually hack, and an extreemly persistant will to strive for the information and knowledge that is stored behind the so-called locked digital doors of computer systems. As a hacker progresses, he must also attain the fluency in several operating systems, the ability to create and/or exploit holes in software, stronger endurance and patience, and most important, the stealthy ability to stay hidden from the administration. Q. How do I find systems to hack? A. One of the most common and time-honored methods of finding actual computers, is to 'War Game' dial a large segment of the telephone network. Made popular by the cult hacker movie, "War Games" in 1984, this method is still used quite effectively today. There are several wargame dialing programs out there on local BBS's, and it is NOT illegal to use such methods. (yet!) For the networks such as Sprintnet, and the Internet, there are much quicker ways to yield results. For Sprintnet, there is a software package called the "NUA Attacker," which will scan a wide range of Sprintnet addresses for computers. Prehaps the easiest network of all to obtain site names, is the Internet. You can get computer names and associated domain-name style addresses from books relating to the internet, e-mail messages from/to the Internet, Usenet groups, or by huge databases actually on the internet, such as 'rs.internic.net', and 'ddn.mil.net'. Q. What is social engineering? A. Social Engineering is the intelligent artform (and trust me, it IS an artform...) of getting information from people by posing as an authority figure. This technique requires good lying skills, a complete understanding of the information you are looking for as well as related materials, and an authoratative persona about yourself. In applications such as hacking, many social engineers have managed to get computer dialup telephone numbers, and even passwords, straight from the administration. In practicle applications, one may be able to go as far as posing AS the administrator, while calling up various computer users, and engineering them out of their passwords. Q. What are the x.25 networks, and how do I gain access to them? A. Depending on your country, the x.25 networks can be anything from Datapac to Iberpac to BT Tymnet to Luxpac. In the United States, the two most popular x.25 networks are Sprintnet and British Telecom Tymnet. Regardless of which x.25 networks your town carries, they all should have a dialup to one of these networks. The first step that you need to take is to identify your local dialup port. You may find your local dialup port for Sprintnet by dialing 1-800-424-9494 (2400 7E1) and connecting. It will give you a prompt saying 'TERMINAL='. Type 'D1' for now. It will give you an AT '@' prompt. From here, type 'C MAIL'. When it asks for a Username, type 'PHONES'. When it asks for a password, enter 'PHONES' again. Now, use the menus to find your local dialup. Hangup, and then call it back locally. When you call your local dialup, you will once again have to enter your terminal identification at the 'TERMINAL='.If you have VT100 emulation, then enter VT100 at the prompt. Type <CR> if you don't want to use a terminal emulation, and 'D1' for the default terminal emulation. Once again you'll be presented with a @. This prompt lets you know you are connected to the Sprintnet PAD. PAD stands for Packet Assembler/Disassembler. From here, you may now connect to other machines that allow for a free remote connection. The adressing scheme for Sprintnet is based upon what they call a Network User Address (NUA). A computer's NUA is usually the area code (but not always) that the computer is located in, followed by a one to four digit number. The easiest way to find systems to connect to is to look in Phrack #42, LOD/H Technical Journal #4, or 2600 Magazine. You could, of course scan yourself, which is not too hard with the "NUA Attacker," a program which is designed for a quick method of sequential scanning of certain segments of possible addresses on Sprintnet. This program can be found on most up-to-date hacking/phreaking (H/P) BBS's. Another network, BT Tymnet, is run and managed by British Telecom. We recommend against beginners using this network without authorization, because the level of security is much higher than that on Sprintnet. It has been said that British Telecom (BT) has the ability to conduct an intra-network trace of their entire network, in under 5 minutes. You can find your local access Tymnet number by dialing 1-800-462-4213. Type "o" as your terminal identification, as that will allow a 8N1 connection to be established. Q. What is the Internet? A. The Internet is a high speed network of computers linked together from all over the world on x.500 fiber optic cables. Communications on the Internet can, and often times do, exceed 57,600 bits per second. Services allowing you to connect to other computers, send mail to any network using the domain-name format, and to obtain files from other computers are provided by the Internet. The Internet is the single largest source for information available, and thus, an attractive network for hackers. Q. How do I gain access to the Internet? A. Several years ago, when the Internet was small (compared to today), and connecting only large universities and government computers, it used to be almost impossible for an average hacker to gain unauthorized access to a computer on the Internet. Now, however, times are changing, and since the Internet has been dubbed by the media as the 'Information Highway', thousands of computers have joined the 'net. Now, almost every university is on the Internet, as well as businesses, military sites, gateways onto the x.25 networks, and even some BBS's. Aside from hacking an actual Internet site, you may actually get a legitimate account with your local university or other Internet provider. Fee's are usually under $60 a year, and are sometimes free from Federally funded universities. Internet access may also be obtained through the x.25 networks such as Sprintnet or Tymnet. There are many computers which are connected to the x.25 networks, as well as the Internet. It is your job to find them, however. :-) For an hourly fee, BIX, Delphi, HoloNET, as well as a few other commercial services, will allow Internet access from Sprintnet/Tymnet. These systems usually have no password restrictions at all, so if you have a list of users on any of these systems, hacking them out is only a matter of time and persistance. Q. What are some addresses I may want to try once I have Internet access? A. Once you have Internet access, you may want to take some time to ensure that you will never lose the account. Methods of protecting yourself and gaining access to other accounts on the system you've hacked, are all explained below. Once you are confident that you are fairly well hidden and protected, you may want to gather information on other computers linked to the Internet. Some of the best sources of addresses come from the databases 'rs.internic.net', and 'ddn.mil.net'. Also, if your system has access to GOPHER, you may want to use this in addition to the afore mentioned methods. The one command you need if you wish to traverse the network, is TELNET. There are others, such as RLOGIN, FTP, and TFTP, but TELNET is the most important for your connection purposes. If you are only familar with this command, however, please take some time and read up on the subject. There are many BBS's that have full text conversions of many printed books and manuals concerning the Internet. Miscellaneous Internet sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TELNET irc.demon.co.uk ----> IRC (Internet Relay Chat) Service. At the 'login:' prompt, type 'irc'. TELNET annex-mines.utah.edu ----> Anonymous TELNET site. Type 'cli'. FTP ftp.eff.org ----> Large Computer Underground archive. FTP cert.org ----> (C)omputer (E)mergency (R)esponse (T)eam. This FTP service provides warnings to administrators concerning the latest holes that hacker's have uncovered. FTP netsys.com ----> Has the back issues as well as current issues of Phrack Magazine. FTP zero.cypher.com ----> Contains many hacking utilties. It is operated by the Cult of the Dead Cow, a large hacking group. (cDc) You'll notice, once you get the hang of it, that there are hundreds of beneficial sites out there, where you can get anything from the best shareware, to pornography, to lyrics to almost any song in existance. Q. How can I obtain access to a computer system? A. Basically, persistance and the actual desire you have to get into the computer are what counts the most. When hacking a particular system, you should take some time to be familiar with whom you are dealing with. Find out who they are, what they do, and why they do it. Try and visit the physical location of your target. Search though any trash that you may find on-site. You should now have a pretty good idea of what you are looking for, and how to approach getting into their computer system. Five Steps to Hacking a Computer System ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1.) Identify Your Target 2.) Find out as much as you can about their operating system. If you know of any possible default passwords, try them. Knowing the operating system inside and out will not only help you get in, but it will give you the upper-hand once you're in; helping you find the information you are looking for, quickly, efficiently, and without being seen. 3.) If you have a list of users for that system, run through the list using simple, guessable passwords. 4.) If they are on a network of some kind, exploit the insecurities of that particular network. (ie: FINGER, TFTP, and Sendmail on TCP/IP networks). If they are not on a TCP/IP network, or you have come up empty with all of your attempts, then you may wish to do some social engineering. Remember, if you fail at social engineering on your first attempt, you may have ruined all possibilities of ever getting into that computer. 5.) If all else fails, you may have to resort to brute force hacking the known accounts. If you have a list of normal users, than this should be time-consuming, BUT likely to work. If you do not know of any users, than you will have to resort to hacking the actual administration accounts. (ie: 'root' on Unix, 'SYSTEM' on VMS). This is not likely to work, and you will most likely have to literally try about one-hundred thousand dictionary words if you hope to gain access. Remember, if the system administration decides to dis-allow dictionary words as passwords, than you will not get in with this method! Q. What is trashing, and how is it beneficial to hacking? A. Trashing, also known as 'bin-diving', is one of the most common ways for hackers to gain information on a particular target. Most businesses tend to have at least one bin at their physical location, often times containing valuable computer printouts, employee names and telephone numbers, dialup numbers for their computers, and sometimes even passwords. Most smart businesses and agencies are now shredding most of their valuable trash, to prevent such information leaking out to the public. Q. What exactly is brute force hacking? A. Brute force hacking, or what I like to call 'Front Door Hacking', is hacking an account over and over, attempting to gain access by sequentially entering in dictionary words as possible passwords. It has it's benefits, and always, it's drawbacks. If the system you are hacking does allow dictionary words to be used as passwords, than about 80% of the users WILL use dictionary words for their access passwords. With a resonable list of users to go by, you will almost always be able to get into a system with security such as this. However, there are some operating systems in existance (such as VMS and some versions of Ultrix), which will keep track of failed login attemps, and report them to the authorized user upon login. Also, VMS will "freeze" an account, if it the operating system detects a certain number of failures on that one account. Another drawback is the time factor. Even with an automated brute force hacking program it will take many days for you to reach your goal. Brute force hacking also creates a lot of "noise". If the administrators pay any attention to their systems, they will notice your attempts, and will take appropriate action to deter them. For best results, brute force hacking a system is only wise when all other options have failed. Q. What are some defaults to common operating systems? A. Accounts and passwords that are shipped with the actual operating system are what is known as 'defaults'. These accounts are set by the company who writes the software, and usually have to be changed by the administration once they have it completely set up. Often times the administrators forget to change these passwords, or in some cases, don't even know they exist. Below is a listing of all the known default accounts and passwords that are shipped with some of the more popular operating systems. Note: Where a frequency is listed, the criteria is taken from what we as a group have come across. The frequency is based on how often the account is actually present, NOT based on how often the account is left at the default password. The frequencies are as follows: 100% -> Always 70% - 90% -> High 40% - 60% -> Average 20% - 30% -> Unlikely 0% - 10% -> Rare Digital Equipment Corporation - Virtual Memory System (VMS) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Recognize it by: _______________________________________________________________________ | | | Username: ACCOUNT1 | | Password: <not echoed> | | User authorization failure. | | | | | | | | Username: ACCOUNT2 | | Password: <not echoed> | | | | Welcome to VAX/VMS V5.5 | | | | Last interactive login on Saturday, 18-DEC-1993 05:00 | | Last non-interactive login on Thursday, 19-JUL-1990 11:27 | | | | $ | |_______________________________________________________________________| Default and Common Usernames and Passwords Account Password Access Frequency -------------------------------------------------------------------------- SYSTEM SYSTEM, MANAGER or OPERATOR Complete Always FIELD FIELD, SERVICE or TEST Complete Always SUPPORT SUPPORT or DEC Complete High SYSMAINT SYSLIB or SYSMAINT Complete High SYSTEST UETP or SYSTEST Complete High SYSTEST_CLIG CLIG, SYSTEST, or TEST Complete Unlikely DEFAULT USER or DEFAULT Normal High DECNET DECNET, NETWORK, or DIGITAL Normal High OPERATIONS OPERATIONS Normal High USER USER Normal High LIBRARY LIBRARY or None Normal Rare - High GUEST GUEST or None Normal Unlikely DEMO None Normal Unlikely Miscellanous Accounts and Passwords: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Account Password Frequency --------------------------------------------------------------- | VAX VAX Rare | | VMS VMS Rare | | DCL DCL Rare | | DEC DEC Rare | | TEST TEST Unlikely | | NETNONPRIV NETNONPRIV Rare | | NETPRIV NETPRIV Rare | | ORACLE ORACLE Average | | ALLIN1 ALLIN1 High | | INGRES INGRES High | | GAMES GAMES Average | | BACKUP BACKUP High | | HOST HOST Rare | | DIGITAL DIGITAL Average | | AUDITLOG AUDITLOG Rare | | REMOTE REMOTE Rare | | SAS SAS Rare | | FAULT FAULT Rare | | USERP USERP Rare | | VISITOR VISITOR Rare | | GEAC GEAC Rare | | VLSI VLSI Rare | | INFO INFO Unlikely | | POSTMASTER POSTMASTER/MAIL Average | | NET NET Rare | | NETWORK NETWORK Average | | OPERATOR OPERATOR High | | OPER OPER High | | HYTELNET HYTELNET Average | | PLUTO PLUTO Unlikely | | MMPONY MMPONY Unlikely | |_______________________________________________________________| Note: On the LIBRARY account, the frequency depends on the actual site. Universities and other educational institutions are more than likely to have a LIBRARY account on their system. Various "Flavors" the UNIX Operating System ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Recognize it by: ____________________________________________________________________ | | | | | ULTRIX V4.2A (Rev. 47) (xenon.xf.com) | | | | login: account1 | | Password: <not echoed> | | Login incorrect. | | login: account2 | | Password: <not echoed> | | Last login: Wed Dec 15 03:01:39 from SI860B | | | | ULTRIX V4.2A (Rev. 47) System #4: Mon Jun 29 16:10:47 EDT 1992 | | Thu Dec 16 14:05:05 EST 1993 | | % | |____________________________________________________________________| Note: Unlike VMS, Unix does not have DEFAULT passwords. The accounts listed below are sometimes left unpassworded, and will not even prompt for a 'Password:' prior to logging you into a Unix shell. If there is a password required on one of the following accounts, than you may have to brute force hack them yourself. Default and Common Usernames and Passwords Account Access Level Frequency --------------------------------------------------- root superuser Always makefsys superuser High mountfsys superuser High umountfsys superuser High checkfsys superuser High sysadm normal High adm normal Average bin normal Rare rje normal Rare lp normal Unlikely daemon normal Unlikely trouble normal Unlikely nuucp normal Unlikely uucp normal Average sync normal High batch normal Unlikely admin normal Unlikely user normal Rare demo normal Unlikely test normal Rare field normal Average unix normal Unlikely guest normal Average pub normal Unlikely public normal Unlikely standard normal Unlikely games normal Unlikely general normal Unlikely student normal Rare help normal Rare gsa normal Unlikely tty normal Unlikely lpadmin normal Unlikely anonymous normal Unlikely Prime Computer, Inc. PRIMOS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Recognize it by: ___________________________________________________________________ | | | PRIMENET 20.0.0 VOID | | login | | User id? account1 | | Password? <not echoed> | | Invalid user id or password; please try again. | | login | | User id? account1 | | Password? <not echoed> | | | | ACCOUNT1 (user 87) logged in Sunday, 22 Jan 89 16:15:40. | | Welcome to PRIMOS version 21.0.3 | | Copyright (c) 1988, Prime Computer, Inc. | | Serial #serial_number (company_name) | | Last login Wednesday, 18 Jan 89 23:37:48. | |___________________________________________________________________| ID Name Password Comment ------------------------------------------------------------- PRIME PRIME SYSTEM SYSTEM SYS1 Priorities PRIMOS PRIMOS ADMIN ADMIN SYS1 Priorities RJE RJE DEMO DEMO GAMES GAMES GUEST GUEST REGIST REGIST TEST TEST NETMAN NETMAN PRIRUN PRIRUN TOOLS TOOLS CMDNC0 CMDMNC0 TELENET TELENET Sprintnet Account AT&T System 75's ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Recognize it by: ___________________________________________________________________ | | | Login: account1 | | Password: <not echoed> | | LOGIN INCORRECT | | Login: account1 | | Password: <not echoed> | | Terminal Type (513, 4410, 4425): [513] | | | | Copyright (c) 1986 - AT&T | | | | Unpublished & Not for Publication | | | | All Rights Reserved | | enter command: | |___________________________________________________________________| Account Password Description ----------------------------------------------------- enquiry enquirypw Read/Write Enabled init initpw Read/Write Enabled browse looker Read-Only. maint rwmaint Read/Write Enabled locate locatepw Read/Write Enabled rcust rcustpw Read/Write Enabled tech field Read/Write Enabled cust custpw Read/Write Enabled inads inads Read/Write Enabled support supportpw Read/Write Enabled bcim bcimpw Read/Write Enabled Note: Depending on the System 75 you have hacked into, the account priveleges may be different, as they are asigned priveleges by the administration, NOT by the operating system. Q. What are some common passwords people use? A. The following is a listing of the passwords used by Robert Morris, Jr., when he hacked hundreds of I nternet computers with the now infamous 'Robert Morris Worm' that brought the Internet to an almost complete stand-still in 1988. They are considered to be the most common passwords for the most common users. In other words, don't expect priveleged or security-smart people to be using these as passwords. aaa daniel jester rascal academia danny johnny really ada dave joseph rebecca adrian deb joshua remote aerobics debbie judith rick airplane deborah juggle reagan albany december julia robot albatross desperate kathleen robotics albert develop kermit rolex alex diet kernel ronald alexander digital knight rosebud algebra discovery lambda rosemary alias disney larry roses alpha dog lazarus ruben alphabet drought lee rules ama duncan leroy ruth amy easy lewis sal analog eatme light saxon anchor edges lisa scheme andy edwin louis scott andrea egghead lynne scotty animal eileen mac secret answer einstein macintosh sensor anything elephant mack serenity arrow elizabeth maggot sex arthur ellen magic shark asshole emerald malcolm sharon athena engine mark shit atmosphere engineer markus shiva bacchus enterprise marty shuttle badass enzyme marvin simon bailey euclid master simple banana evelyn maurice singer bandit extension merlin single banks fairway mets smile bass felicia michael smiles batman fender michelle smooch beauty fermat mike smother beaver finite minimum snatch beethoven flower minsky snoopy beloved foolproof mogul soap benz football moose socrates beowulf format mozart spit berkeley forsythe nancy spring berlin fourier napoleon subway beta fred network success beverly friend newton summer bob frighten next super brenda fun olivia support brian gabriel oracle surfer bridget garfield orca suzanne broadway gauss orwell tangerine bumbling george osiris tape cardinal gertrude outlaw target carmen gibson oxford taylor carolina ginger pacific telephone caroline gnu painless temptation castle golf pam tiger cat golfer paper toggle celtics gorgeous password tomato change graham pat toyota charles gryphon patricia trivial charming guest penguin unhappy charon guitar pete unicorn chester hacker peter unknown cigar harmony philip urchin classic harold phoenix utility coffee harvey pierre vicky coke heinlein pizza virginia collins hello plover warren comrade help polynomial water computer herbert praise weenie condo honey prelude whatnot condom horse prince whitney cookie imperial protect will cooper include pumpkin william create ingres puppet willie creation innocuous rabbit winston creator irishman rachmaninoff wizard cretin isis rainbow wombat daemon japan raindrop yosemite dancer jessica random zap In addition to these, some of the more popular passwords are first name, last name, middle name, licence plate number, middle initial, popular music groups and members, and sometimes even the same as their username. The key is to use common sense when guessing passwords. Know who your hacking, and in your best judgement use only the passwords you think you'll have a chance with. For instance, on newer versions of the VMS software, passwords can be no shorter than 6 characters. And, more ominous, many Unix and VMS systems now employ a 'non dictionary word' password protection. Q. What are the easiest systems for a beginning hacker to hack? A. The easiest systems for hackers to hack, of course, are those with weak security. Default passwords, priveleged accounts left unpassworded or easy to guess passwords, are all marks of an insecure system, and are best for beginners. Computers found by wargame dialing will usually produce a rather large quantity of insecure systems. Q. How can I meet other hackers? A. Information exchange has always been one of the more important aspects of the Computer Underground, therefor information is constantly being exchanged on underground BBS's, through the IRC Service on the Internet in digital and print magazines such as Phrack and 2600, and even through the public USENET conferences. Q. How can one safely hack? A. Although there is no sure-fire method of maintaining your freedom while hacking, there are several preventive measures that should be taken prior to your actual hack. First, it is always wise to have all of the data pertaining to any hacking activity encrypted on some form of off-line storage device. If it is necessary that the data be kept on your computer for reference purposes, than keep it encrypted when not in use. In addition to encryption, do not keep any papers, printouts or ANY hard coded evidence what-so-ever in the vicinity of your computer's location. If the Secret Service were to raid your house they will grab just about anything that so much as looks suspicious. Next, do not post any information about your current hack on ANY type of BBS. There are a number of informants, traders, and Federal Agents that are currently on many hacker BBS's, posed as hackers. And last, if you are caught, do not volunteer any information to the authorities, unless you have consulted with your lawyer first, and he/she is present at the time. To prevent yourself from being caught, always try and protect yourself with at least one outdial. These outdials are located in many places on Sprintnet/Tymnet and on the Internet. They are modems connected to the telephone network, that you can use to hide your actual location. Although it is not impossible for them to still find you, it will take a lot more time and energy. To give you a clue on how beneficial an outdial is, take into consideration that a trace has to be authorized by a court order from the state. This takes several weeks itself, and a convincing case. If you have three outdial modems, each in different states, they MUST get court orders from each state in order to continue the backwards trace to your origin. This may take several months or longer, depending on such factors as, financial funds of your target's computer, desire of the administration to actually apprehend you, and the type of telephone system you are on. (older telephone systems take much more effort to conduct a positive trace ID). If you are lucky, the remote system will feel the costs and time do not justify what you are gaining from their computers, and will just revamp the security of their computers. Q. Where can one find outdials? A. Outdials reside on a number of different networks. Many corporations have actual outdial modems as one of their services. Some of these are passworded; most are not. Some allow for local calls only; some have no restrictions what-so-ever. There are known outdial modems on Sprintnet, Tymnet, and the Internet. Private Branch Exchange (PBX) systems also may be hacked and modified to allow for an outbound extension. For more information on PBX's and the software that controls them, read about them on popular hacking and phreaking BBS's. Q. What are the penalties of hacking? A. In 1993, there were several laws passed in the state of Massachusetts that make hacking a Federal Crime. The penalty is 11 to 13 months of imprisonment, with an additional $250,000 fine, as well as 3 years probation. It is the maliscious hackers that destroy and alter data for fun/profit that have caused insane penalties such as these. Q. And finally, is hacking unethical? A. A question so seldom asked, yet the answer is almost always assumed. There are ways to be ethical in hacking, and there are ways to be unethical. The Xenon Foundation has always employed a great sense of respect and admiration for those who have the ability to operate large computer systems, therefor we never intentionally destroy or harm any aspect of a computer's operating functions. Let this be known however, that there are hackers out there who's main purpose behind what they do is profit, and/or destruction of data. It is not fair to class these individuals with other hackers, since the goal is completely and utterly different. They are criminals, we are explorers. Note: Those who meddle with viruses, destructive trojan horse programs, and those who's day is made when they type 'FORMAT C:' at the local Radio Shack are NOT hackers... they are just plain ignorant and stupid. Final Comments -- ~~~~~~~~~~~~~~~~~ This FAQ file is in no way expected to answer all of the questions and beginning hacker may have about the digital networks around him, nor does it imply that the Xenon Foundation has mastered all of the digital technology represented in this file. With every answer, there is another question... and so it goes. This is provided as a basis of understanding some of the more basic aspects of what to expect when dealing with hacking. This file does NOT condone system destruction, or hacking for profits and/or personal gain! Thanks to: The true hacking community and it's supporters Wake up: People who think they are "Elite" Providers: Women of all ages Karl Kunz of Pony Express, for UUCP Internet Mail Jolt Cola Inc., for Jolt Cola, the hacker's elixier SmithKline Beecham Corp., for Vivarin caffeine pills Philip Morris Inc., for Marlboro Cigarettes Board plug: Black ICE Consortium (bic.ponyx.com) [508]/998-2400 Internet Mail: xenon@bic.ponyx.com erikt@bic.ponyx.com