How I Got Into Hack?! - Cybersecurity in The Last Millenium

ladies and gentlemen I'll hand you over now to Philip Savin okay hello my name is Philip Savi and I'm from Lithuania um first time on the besides and I would like to present you how I got into cyber security uh in the end of the last millennium let's go so it's 1990 and I got my first computer it was zetic Spectrum but not original one like this one but one made from microchips from old Soviet military equipment as I was told and of course let's start playing games and maybe I'm a bad player but I got so many times seeing this cream that I just got frustrated so I need to ask advice from some wise man

and that wise man was a guy who's selling games in computer store and he told me that I need a box and Paul is some comment which I need to enter to get something like infinite lives so I need just to need like pokes blah blah blah memory address and do the baby memory patching and get infinite lives or whatever I asked how it works and they explained me in basic language so we just replaces minus one with zero and life's done doesn't decrease and I understood that I admired those who write games and those who create pokes and fast forward to 1995 I got this IBM Captiva with multimedia and multimedia means with CD-ROM and Sound Blaster 16.

and most important that I got us robotics modem and with terminal program I can just type some comments like 80 Del pulse phone number and connect a remote computer who is in answer mode and this post mode means that their own system of our country at the time was analog and after the modems connecting they are just saying the connection speed and during connection negotiation it modern produces Sparks noises like things like that and after many many hundreds of connections I was able to train my ear to distinguish between which connection speed I will receive based on the modem noise and open connection I could connect to bulletin board systems uh it's very nice thing like you can read and post

messages upload to download files but mostly the message is what trash talk like if you read this message you're an idiot and this kind of teenage humor and most of the files was one or more viruses in each of them well uh the good thing I downloaded Amiga mod music files and play it in this infrastructure to listen some music because it was pre MP3 era here my takeaway is that there is a life online but it's dangerous and interesting yeah fast forward to 1999 I just got painting 166 computer and overclocked it on the next day because if you don't you have if you have a computer without on the clock painting processor then you

just kind of lame guy I used already internet on the dialogue model for flat rate remember I was talking about our analog so the telephone company couldn't Bill me per minute but the state start privatization of our phone company and things happened something like Revolution phone users with Lithuanian flag was walking on the Swiss for real and demanding stopped the state the acquisition of our of our Telecom but Taylor which was our Telecom souls to say that this will greatly increase the quality of the voice calls but we cite effect that can start billing us by minute it was really it was rage all the banners on the side saying the stop telecommas things like that and by the

way this Banner on the right it was painted by me in 1999 and found it while preparing for this presentation oh yeah this is like poster from the old times it says in ethereum that you will all be shaves shaved like a sheeps of course I didn't want to be a ship here so I tried to dive into freaking it's officially defined like a fraudulent manipulation of telephone signaling in order to make free phone calls actually free phone calls his keyword here yeah so I started to reading 260 and francesins I discovered that guy who used the toy whistle to intercept the phone lines and put into the command mode about different boxes particularly like the blue box which was jobs and

woznik was selling in the early days and it allowed to intercept the phone line enter to command mode and do the phone call routing and it was the story that one guy from United States uh wrote using blue box wroted his call from us to to Europe from Europe to Asia to Australia to Hawaii and called his Neighbor Next Door and delaying the phone phone conversation was about 10 seconds because the signal was traveling all around the world well I read really a lot of about phone systems how they work but they understand that this is useless because our foreign our phone lines the new ones uh based on different things and the signaling and voice are on separate

channels so it's inevitable I need to have a job to pay my Internet bill my first job was developing a vision on a school Unix using serial terminal for little little money we didn't have internet on the local area network and I given the big printed developer manuals that I should following while developing but I was before that I was playing with Fox Pro so with the snapping new for me uh and I was I was able to pretty fast complete the task that was given to me and the rest time I spent on reading Unix manual pages there was some angry secretary that complained that I'm not reading the manners all the time but I

am doing something something other so okay there was the program at the time called we nuke all you need is just type an AP address and press the button and remote Windows 95 will be crashed I looked it's saurus online I was curious how it works I did but it's pretty primitive you just make socket connect and say the payload to crash the Target and the salt here is out of band flag for the send message it raises blue screen of death death on Windows 95. yeah and fun fact that the things don't think the on the right is actual icon for Windows computers in Mac OS X so my takeaway takeaways was that at

work I sell my time for money but I my job must be interesting otherwise I feel that it's not worth the time but most important that I was very very likely want to discover something like we look back myself so I started to digging about other denial of service attack like smurfinger amplifier or local area network denial of service and St teardrop and many others and while searching I discovered a very nice program called aggressor exploit generator well it's something like hping pocket Constructor but with nice user interface and also attack process the authors of this program mentioned that they have their own IRC server so I felt urgent need to chat with the author

maybe ask for some unreleased version of this program well IRC was the place where all this attack was used because IP addresses of the users was clearly visible so I launched I do booted to win to Linux launched the chicks and connected to the LC server of I guess autumns but it's nothing really good time from them they were from Turkey they speak only own language and was silent most of the time but there I met two guys from Uzbekistan and they told me that all the interesting things happening on fnet IRC Network so I just connected there and started to hanging out there while hanging out on the net I understood the 10 valuables like your

search for bugs bugs are used in exploits exploits using to get shells and shells to use it to get more shells but the bugs stage is almost almost always was skipped because most most people there were script idiots and they were searching and hunting for exploits yeah also there is some some people seeking attention it was some guy I remember with his Nick was golf boy and he was uh owner of the hack Cosa site and that site was something like modern exploit DB and meanwhile I was just reading uh different scenes and papers and diving into exploitation techniques everything was much easier at the time no position independent executables address space randomizations and state canners and

things like that and also a lot of exploits at the time was distributed in broken form so if you have skill you can just fix them and use them or you can detect that they are actually fake and was also a lot of fake exploits well the atmosphere of that time was nothing near the this inspirational movie I didn't it was more like for modern Fortune but what is interesting of the time that is very diverse variety of different operating systems and architectures was used on the internet but the thing is that they often use the same code the same open source program with the same bugs just compile it for different architectures but porting like stack stack of a flow

Express was not that hard because you just know the target architecture stack layout and get shell code and often that's enough yeah I needed to mention that most of farmers hacker at the time was Kevin meeting he was jailed for for hacking it was like a kind of Internet hero this yellow yellow sticker was all around the internet and in the United States it was on the bumper of the cars so but he served five years released in 2000 and then just found that a security consultancy company and it was spelled some somehow wrong like the guy the hiker the hero and just jumping into business okay when there is another event happens uh some group of individuals who call

themselves speech C takes over the frag channel one of net and they stating that they are supporters of New anti-security Movement it boils down to that Hacker's hack meaning breaking the computer systems they discover they don't just call disclose bugs hack techniques and exploits and if you're just disclosed and your enemy if you make money of that your enemy and if and enemies must be owned in the ramp sort of known tax from 1986 is Hackers Manifesto it states that the Hacker's crime is out of curiosity and on smarting you until some romantic things and ends with the phrase that you may stop this individual but you can't stop us all and PhD relay is the new hackers

Manifesto which says that you can't stop me and you certainly can stop us all and direct states that hackers is Right exploits penetrate systems and keep that in secret then actions is followed they release an own version of the Frac is in many consider it very interesting because last version last issues of wreck was stagnating they don't doesn't have anything like directly related to hacking uh also they started posting the results of so-called Project Mayhem it's the war declared declared on security industry and white hats they they posted the schools middle schools they around boxes of many famous White House of the time and even they got into a tea or their art of open BSD and its CBS repository

the Project Mayhem was declared in a scene called the late it's still on the text files and it is pretty funny read if you are okay with the lead speech and this was the beginning of the one of the L8 issues which showing the proof that they hacked into open CBS openbsd.org and real life manifestation overlay it was this speech on the front end by Global Security and called wolves Among Us it's still on YouTube you can watch it it was presented by three guys it's Silvio it's very nice it's brilliant technical guy from Australia I learned anti-debugging techniques from him next one is gobbles gobbels was author of many interesting exploits of the time

and he claimed that he's Lithuanian so it was interesting for me and one exploited comment says that in this DNA there is only one internet connection and these gobbles for using it and the last one was the Unix terrorists yes this is a highly intellectual person uh who like a ideological father to Elite and to PhD also I also many times they have seen this guy with Nick supnazi on their frag on the chip of their Channel and many many years later I discovered that his real name is Albert Gonzalez and he made something like operation called get rich or die trying and it was one of the biggest credit card theft in ever and it was it was the Unix terrorist

whose real name is Stephen watt who created sniffer for Gonzalez and was jailed for two years for that and Gonzalez was says it like a lot of money and things like house in Miami BMW Glock gun diamond reading Rolex watch and he was jailed for 20 years and he will be released this September and all these events are described in details in TV series American Greed episode operation gets reached by trying well what was there is left as history many years passes and then now exploits a complex and often executed in Chains now I work at UGI and we deal a lot of iot devices and they have to admit that sometimes they smile when they see their

new exploitable bugs like primitive command ejection or stake overflows because they remind me of that good times thank you for your attention many thanks thanks