THE HACKER BIBLE CHAOS COMPUTER CLUB [Published by Der Grne Zweig 98] [Text facing title page: This page was intentionally/unintentionally* left blank. *Underline where appropriate] [p 8] Imprint The Hacker Bible Der Grne Zweig 98 Edited by Chaos Computer Club DATENSCHLEUDER editorial board Schwenckestr. 85 D-2000 Hamburg 13 Datex-P.: IMCA-Chaos-Team Btx: *655321 Typesetting: Buchmaschine, Hamburg Layout: Ronald Ripchen & Wau Illustrations: Unless otherwise indicated, Chaos Reality Service Front cover design: Mali & Werner, based on a design by Fredi Brodmann (cartoonist), Munich Rear cover design: Michael Meyer Printing: Fuldaer Verlagsanstalt Edited by Chaos Computer Club, Hamburg Published by Grne Kraft Medienexperimente Werner Pieper, D-6941 Lhrbach ISBN 3-922708-98-6 The articles in this book are protected by copyright. All rights, especially those of translation into foreign languages, are reserved. No part of this book may be reproduced in any form--by photocopy, microfilm or any other process--or transmitted in a language used by machines--especially data processing systems--without the written consent of the publisher. Rights to reproduction through reading, radio and television broadcast, magnetic tape processes or similar methods are also reserved. Single photocopies of individual articles or parts thereof may be made only for personal or other private use. Every copy produced or used by a commercial enterprise is used for commercial purposes in accordance with 54 (2), Copyright Act, which requires payment of a fee to VG WORT, Academic Department, Goethestr. 49, D-8000 Munich 2, from which information on the individual payment procedures can be requested. For electronic information systems (mailboxes, etc.), our conditions for distribution as published in IMCA generally apply. With respect to the acquisition, setup and operation of receivers, radio sets, wireless microphones and other radio devices, as well as telephones and data transmission equipment and--last but not least--computers, especially for intervention in the postal network of the Federal Republic of Germany, the pertinent legal and postal provisions are applicable. The authors or developers are responsible for structural directions, circuits and programs in the Hacker Bible. The editors have examined the manuscripts, circuits and programs with great care (in legal terms as well), but are unable to accept either legal responsibility or any liability for errors in the text, in wiring diagrams, structural diagrams, parts lists, program listings, etc. that may result in the inability to function of or even damage to structural elements, users or living and dead material. All material in the Hacker Bible is published without regard for any patents, and brand names are used without any guarantee of free use. [p 9] Preface to the first edition The Hacker Bible, Part 1, is intended not only as documentation on the use of technology--in particular new media--but also as a work on the prospects, opportunities and dangers of telecommunications; this was our basic premise in compiling this book. It is obvious that hackers are anything but typical. Much in this book will be considered by ... to be disturbing. In semiconductors, disruptive atoms play a critical role, but no technician would think of cursing these disruptive atoms for getting in the way. We are uncomfortable, and exhibit, as the Bundespost [FRG federal postal service] says, atypical user behavior. We feel that this is necessary. The more sterile our environment becomes, the more necessary it is to put life into it. This began with the founding of the Chaos Computer Club around 4 years ago. The next decisive step was the startup of publication of DATENSCHLEUDER and the cultivation of electronic information services such as BTX [Bildschirmtext, the Bundespost videotex system] and blackboards in mailboxes and bulletin boards, culminating in the Chaos Communication Congress '84. Via the data networks, worldwide contacts were made, a loose conglomeration of people from a wide range of areas, who started thinking about the prospects, opportunities but also the dangers of a varied use of new technologies, as well as its effects. The Hacker Bible documents part of this development, and is intended to disseminate the collective body of thought, in order to further advance what has been begun and to create new ideas. Many people made extraordinary contributions to the completion of this work, and we would like to thank them here. Of particular note is (besides the many other publishers who courteously allowed us to reprint) TAZ, in whose offices the CCC was founded. At the time, there was no editor who understood it, but somehow ever since the founding there was always a woman from TAZ technical division there. Our gratitude to our publisher is more than simple courtesy. He was publishing hacker pieces when no one else here knew anything about it. The Bible was assembled at his house. His daughter had just turned eight days old. We were approached by several publishers who wanted to back "any" CCC book. Most of them offered better initial printings, sales in department stores, more money and so on. However, the Hacker Bible would have been either half as long or twice as expensive. Our requests for advertising by computer companies were all rejected. But because of the assistance of many (whom we thank), we were at least able to have an initial printing of 1,500. We wanted to publish as much good material as possible as cheaply as possible. Our standard was a price of 10 pfennigs per A4 page for the subscription (and club members). We hope that not only the price is right. With some of our information, we did wonder: Should that really be published? We are grateful to a number of courteous lawyers for their assistance is resolving this problem. But enough thanks. We will gladly accept any submissions (including anonymous) for the Hacker Bible, Part II. For data formats, see DATENSCHLEUDER 11/12. Chaos Team, Fall of 1985 [pp 10-11: Article by Peter Glaser, 1985] The BASIC Feeling of Life With a (Micro)Computer "Give me new noise, give me new attractions, strange new toys from another world." (Tuxedo Moon) The first time, there was only a monitor and a keyboard, which looked like a flattened typewriter. "But where's the computer?" The computer, I learned, consisted of a couple of tiny chips in the keyboard casing. I had previously imagined that computers were wall-sized, thinking furniture in climate- controlled rooms. I had just read that women who work with computers could not wear nylon underwear. The static electricity messed up the computer. That was three years ago. Since then, women can once again wear nylons, computers are messing up men, and I have become what could be called a bitnik: a person who gladly roams through the jungle of data processing. My friend with the flattened typewriter, a fellow writer, opened the door to the new intangible and gently flickering world of computer software for me. A distinction: hardware is that which can fall on the floor, thus the machine. Software is that which can get on your nerves, thus that which happens in a computer and on the screen. There is another term that American information engineers have coined: wetware. That means human beings. I watched as the small machine read in programs from a cassette recorder, and it was as if it was sucking it in with a strange force. Quickly and elegantly, it breathed lines of light onto the screen. For someone like me, who for two decades had been capable only of turning the television on and off, it was a tremendous experience to be able to influence events on the screen. I heard music in the back of my head: The Dawn of Data. My friend ran lines of program on the screen. QQ=PEEK(PP):IFQQ=86-THENFU=79; ONSZR(QQ)GOTO50025,3348,HELL,50026, it said. Parlez-vous BASIC? I had the feeling that I would soon be an illiterate of the new age if I didn't get started learning it. If during my first visits to my friend I first sat in the living room chatting with my friend and his wife before sitting down at the computer, I eventually headed straight from the door to the monitor. My friend's wife became nothing more than an arm that set sandwiches and coffee next to the monitor. The divorce went through two years ago, and a year and a half ago my friend bought a faster computer. A booklet by an American psychologist with tips to computer widows about how to maintain the minimum level of contact with a computer-loving husband provides an indication of the extent of interpersonal tension; the hints read like communication between a dentist and his patient: "When he is at the terminal, address him if possible with clear statements that can be answered with YES or NO." I got a GENIE I, a cheap Taiwanese clone of the Tandy Trash-80 that my friend had. It felt like Christmas as a child. I now had THE BIGGEST Lego set, a Lego brain building set. Among my first experiences was discovering that with the machine I could make more mistakes in less time than ever before. It was wonderful! The initial communication with the computer went like this: I input something and the computer responded with SYNTAX ERROR. After only several days of practice, eliciting extravagant error messages ("Bad Data" - "Extra Ignored" - "Cursor lost") was simple. BASIC, in which the input is formulated, is a type of cybernetic pidgin English, with a vocabulary of around 50 words. To the computer novice, it is a table of magic words that repeatedly illuminate his Panasonic crystal ball. Summer of 1983. I move to Hamburg, leave the GENIE, like the first lunar module, in Dsseldorf, and get a Commodore C64, the Fiat Panda of microcomputers. It is as ugly as a flattened out loaf of bread, but it features a bunch of alluring extras, including an automatic fold-away background. I am entering the feverish phase experienced by every computer newcomer. It lasts at least as long as an infectious jaundice, and can be chronic. Doctors are already studying special computer-caused ailments, such as the "game hand," a cramp-like deformation of the hand caused by excessive use of the joystick in video games, or dizzyness when the world realigns into three-dimensional space after hours of staring at the screen. Amidst a 24-hour electrified atmosphere, I live in a group house in the heart of the St. Pauli district: outside, the noise and lights of the entertainment complex; inside the hiss of the synthesizer and flicker of the computer. Sven, one of my housemates, a friendly punk, becomes my blood brother on the data safaris of the coming weeks. Kerstin, a sociologist and as the former owner of the "Sleepless Nights" bar a tested veteran of reality, holds the fort for the gray specter of everyday life. We have a desolate black and white television as our monitor; the left edge of the screen continually creeps upward like a caterpillar and the loudspeaker takes longer every day to start making noise. After a while, that no longer plays a role, since we always leave the machine on and spend all day and all night in programming shifts. In one corner of the room, there is an unsealed coal stove that covers the computer with a bright yellow coat of ash. Whenever there is a shootout in the street below, we open the window and join in with the synthesized din of "Attack of the Mutant Camels." Fall 1983. We program, for hours on end, filled with a wild pioneering spirit, as if our task were to draw a line on the edge of the universe. "Data processing," says Alan Key of the Apple Corporation, "does not yet have its Galileo or Newton, its Bach, Beethoven, Shakespeare or Moliere." Our eyes burn, and we feel a nervous buzz that is a sign of a modern form of impatience: If it takes more than ten seconds to load a program from the diskette into the computer, we become distracted. The programs, which are the embodiment of our consuming passion, correspond to that which an employee of ATARI said: "The computer is the solution. What we need now is the problem." After Sven and I, highly motivated, have spent 20 hours learning the basic features of the trigonometrical function and the peculiarities of programming high-resolution graphics, the first sine curve creeps across the screen, and we are jubilant. Kerstin thinks that both the time spent and the curve itself are ridiculous, instead insisting that one of us wash the dishes. Another entry in Key's list of masculine genius: Women are the Third World of the microelectronic age. They are immune to computer-mania. They don't like the machines. In 10 years, there will have to be a new women's liberation movement in order to make up for men's larger number of users and greater freedom of electronic movement. Still, an aversion to "technical" flair does not explain the all-encompassing lack of interest displayed by most women as they yawn at the computer. I have the impression that it has more to do with the strange eroticism of the machines: the slavish humility with which they repeatedly do what they are told (which is not necessarily the same thing as what the programmer means), the willingness to reveal even its innermost secrets, and the feeling of omnipotence that the computer can elicit through a wide range of simulation options, from night flight to psychological counseling. Winter 1984. Kerstin is mad because Sven and I converse only in BASIC over breakfast (IF HUNGER THEN GOTO ALDI:RETURN), and even the jokes are relevant (Asterix and the Data, featuring Tullius Data Bus). Sven is developing his notion of what a Russian microcomputer might look like, from a coal-driven steam processor in a crude bakelite case with outboard start lines, to a puppet computer, which is operated via wires by a group of dissident scientists in the basement. And when I talk to others, I notice a missionary tone to my voice. I talk like a highly-paid computer representative, combined with a car enthusiast ("from zero to one hundred in four nanoseconds"), with a touch of an artist ("I will rationalize the lyrics away"). Sven is writing a mile-long game program from a magazine, and it is supposed to be a PAC MAN who eats his way through a labyrinth of points and vitamin pills. When he runs the program after three nights of typing, it eats itself up, and all that remains is a handful of garbled statements. With our telephone data base, it takes about 20 times as long to find an address as it does with an address book, which can also be stuffed into a pocket. And the dreams of 3-D graphics, transformed in elegant sequences on the screen, fade during the four hours of computing time needed by the computer to compose one of those decorative 3-D functional sombreros. Our jubilant mood is wearing off. Spring 1984. We find consolation in the world of fast games, and within two months we destroy two joysticks. My beard grows out four millimeters as "Loderunner" makes his way through mazes. Seven weeks later, I achieve the 30th level. The game has around 900 levels. Sven gets into the blue zone in "Fort Apocalypse." It is also exciting when the girl on the "Strip Poker" screen takes her blouse off for the first time. The adventure game "Hitchhiker" responds to the input HELP with "It's no time for Beatles hits, boys." "The Dallas Quest," where at the beginning you meet Sue Ellen in the living room of the Southfork Ranch, responds to the action command "Fuck Sue Ellen" with a "Watch your language." Even Kerstin is finally drawn in by an adventure game, and for four days we search 16 countries for the "stone of wisdom," until shortly before our objective the entire game crashes due to a programming bug. I can't sleep at night, because the little "Loderunner" men keep swarming after my eyes are closed, and because the CONTINUE will not stop, which is the allure of the games, since there is nothing to win besides point totals that are recorded in the "Hall of Fame." Summer 1984. Equipped with only a Walkman and a typewriter, I spend three months in the country. At first, big city withdrawal is difficult, and I dream of a Care package with a small clod of asphalt, a piece of exposed concrete and a humming neon tube. After a while, the nervous shimmer of information evaporates from the soul into the blue summer heat, and I am able to talk calmly and plainly about computers, as if they were radios or apple trees. In CHIP magazine, I read something about robot stalls at large American farms and "software for cow reconnaissance." Fall 1984. Back in Hamburg I once again succumb to the Lego itch. There are so many wonderful toys to hook up to the computer: graphics tablet or light pen, for drawing on the screen; voice output modules; digitizer, with which real images from video tape can be processed by the computer; light and moisture sensors; music keyboards and audiomixers; etc. I get a printer with graphics capability and a non-flicker and anti-reflection monitor, and move from the typewriter to a word processing program. There is a twinge of regret: Writing, which was already only barely tangible, in the form of black letter imprints on the paper, is now completely immaterial, traces of light on the screen. On the other hand, the composition and correcting comforts of word processing are irresistible, and the mountains of paper on my desk disappear, with hundreds of pages fitting on a diskette the size of a post card. This also significantly simplifies destroying aggravating drafts of my novel; you just have to pour a drop of coffee on the storage medium. Winter 1984. As a place to live, St. Pauli is good for urban romanticism but bad for the nerves. I move to a area where it is quiet at night, install the computer in a practical cockpit and design the rest of the apartment around the central item of furniture. It is as if a friend had sat in front of me for two years with his guts hanging out, and now he is completely healed; finally an end to the mishmash of peripherals and cables. A couple of relapses in orgiastic programming, and reticent missionary work, primarily among women; otherwise, pleasant work with the word processor and with filing and mailbox systems. Winter moods, the diskette drive (my data sewing machine) clatters softly during a memory routine, and outside it is snowing. Early spring 1985. I meet Sys, a data jaguar, a sympathetic predator. Sys looks as if you could knock him out cold with a piece of blotting paper, and he strolls through international computer networks with his hands in his pockets ("Small brother is latching through"). He knows many back doors and software bathroom windows through which you can climb into a computer system. Thus, we are back where we started, with nylon stockings: Computer systems and security mechanisms are becoming increasingly refined and close-meshed, but there are also more holes in them. Sys shows me how to travel through the Global Village, through computers and computer systems around the world. First you dial Patex-D, a sort of data highway of the Bundespost, then you lay the telephone receiver in the sleeve of an acoustic coupler and input an NUI (network user identity); and off we go. I try it myself, and for 15 minutes I paralyze access to Datex-P. Sys points out to me the political implications if we were able to reproduce my error chain. Network node computers, comparable to big highway junctions, take us further into international networks. It is as exciting as a roller coaster ride. In the input lines of the computer with which we are presently connected is the current local time, and using a world timetable and a small map of the world in my calendar, we can gauge the civilized areas in which the other computer could be located. The meter on the telephone creeps ahead one unit every couple of minutes; data telecommunication links are relatively cheap. I have learned the computer alphabet, and now I want to use it: mailboxing, transmitting images and sounds, calling up large data bases, or consulting the oracle, who answers every question, in the Delphi Network. Sys leads me to a computer for which I can guess at the access code, and goes into the kitchen to make a cheese sandwich. Every ten seconds, I am thrown out, until suddenly the machine responds to a nonsense input. I input another sarcastic sentence, the machine counters with an equally sarcastic statement, and I am impressed. I know of passable conversation simulations, but this one here is splendid. A couple more jokes, and the computer jokes masterfully back. This program must have been designed by great people. Then Sys comes back from the kitchen and explains to me that I am not talking to the computer, but rather that I have encountered a hacker and am now on-line. There it is again: the BASIC feeling. [pp 13-15: Interview with Chaos Computer Club members, from '64 MAGAZIN] Creative Chaos This interview was conducted by telephone, whereby the interviewees, two members of the CCC were sitting in front of a telephone speaker. Clearly the most important conclusion from it: The image of the hacker as someone who infiltrates data bases just for the fun of it is no longer up-to-date. The "hackers" of the Chaos Computer Club (CCC) see themselves as communications experts, who are using the new medium of data telecommunications by modem for worldwide communication purposes. Ultimately, everyone should be able to exchange information uncensored. The long-term goal is to set up better, objective opportunities for the free formation of opinions. Thus, this type of "hacker" sees a social responsibility in his activities. [Question] What exactly does the Chaos Computer Club do? [Answer] We disseminate information on new media and on our experiences, and we exchange information on a wide range of things. Computers are something of a new medium for us, and these data connections are for us a new form of streets and public squares where we can move around. With the magazine DATENSCHLEUDER we want to point out to others the existing possibilities as well as the dangers. [Question] Isn't that putting it somewhat innocuously? [Answer] I don't know what you mean. All the magazines and other reports are always trying to force us into a slightly criminal corner. That's definitely not our goal or purpose or even our main issue. We simply want to establish and maintain contact with each other and also, of course--this is for me personally--look around at what is going on in the computers. You have to be a little creative to get inside. [Question] How was the Chaos Computer Club founded? [Answer] Three years ago, a couple of people got together and decided that it was possible to do other things with computers besides the things that were normal at that time, at least here in Germany. A small ad was then run in a daily newspaper, and a meeting of two dozen people from all over West Germany then took place in Berlin. We then decided to keep in touch and exchange experiences. The idea was simply to put together a magazine, but at that point it was all too vague, and it didn't come off. Next, contacts with the United States were established, with Cheshire Catalyst (the "king" of U.S. hackers, Ed.) and with his magazine TAP, which a bunch of people here in West Germany already knew about and subscribed to. At the Telecom in the fall of 1983, I met him personally and wrote a two-page article about him in a daily newspaper. And this two-page article elicited a great deal of response. By the end of the year, things had progressed far enough to set up a magazine. Previously, the idea was to exchange all information by floppy disk, but everything was incompatible, and it had no purpose. The magazine was announced around the beginning of the year, and we received 100 replies within one week. And so to us in Hamburg, it was obvious: If 100 people want it, then it has to be done. In March, the first issue was finally finished. Once the first and second issues were out, there was a veritable flood of letters. The amount of mail was equivalent to placing both my hands on end. [Question] How many subscriptions does the magazine have? [Answer] We took the course that whoever writes should get information, regardless of whether they send money in. The number of subscriptions fluctuates somewhere over 200. [Question] How do your finances look right now? [Answer] Terrible! The production costs are around 10 pfennigs per copy, for both sides of a DIN A3 page. On the other hand, the most expensive thing is postage, 50 pfennigs a piece. For each copy there are three copies that are not paid for, that we simply send out, as a sample or in response to a request with no money enclosed. It is in fact financed by the skin of our teeth, but we do hope that a number of people are willing to pay for it. If money comes in, then we can continue. [Question] And of the 200 subscriptions has each one paid around DM 30? [Answer] More or less. They came in with the full amount, a couple sent more than that, but unfortunately it was fewer than we had hoped. It costs about DM 1000 to produce one issue of DATENSCHLEUDER. [Question] How long will people receive DATENSCHLEUDER for their DM 30? [Answer] One Chaos year. That is effectively around one year, with around 10 issues. You definitely have to give our address, or they'll come beating your door down for that. [Question] How many regular members do you have now? [Answer] About the membership structure--it's rather open and free. Everyone who has information for us simply contributes it, whether he has a subscription or simply receives DATENSCHLEUDER, or even if he knows nothing about DATENSCHLEUDER. There are people who are working on the modem layout, and we are producing and marketing motherboards, for example. And then we do DATENSCHLEUDER, and also do communication via computer. It is simply an open structure, where anyone who feels like it can join in and leave at any time. But we are thinking about whether we should impose organizational structures on the whole thing. There are a couple of external areas where we are simply encountering problems. But on the other hand, we basically like this open structure. It's a dilemma. [Question] But surely you can provide an approximate number? [Answer] If we approach it in terms of subscriptions, we come up with more than 200, of which around 30 are in Hamburg. But that's very fluid. Should I count a graphic artist who does a couple of pictures for DATENSCHLEUDER as a member? We don't look at it that narrowly. Somebody comes along, finds it interesting, and joins in. That's also how it is at our meetings, which we hold once a week at a bar here in Hamburg. We always get different people there, it's just a regular meeting base. On the other hand, we generally meet once a month to exchange information. [Question] What kind of people are involved? [Answer] It ranges from pilots to a metalworker, people who run their own shops to unemployed people and students. They are between 16 and 35. No one is older than that. [Question] What is your assessment of the legal status of your activities? [Answer] We just don't like being forced into any corner. Now people are saying that it's all criminal, breaking into data bases and getting into mischief. In principle, we do not claim that we are complying with all laws and rules, for example those pertaining to using non-FTZ [Central Telecommunications Office] approved equipment. We want to persuade the Bundespost to handle things like in England, which means, roughly speaking, that the use of non-FTZ-approved equipment should be permitted. This is a clear challenge for us. We are the opposite of computer criminals who penetrate computer systems for their own financial benefit and sell something that they found there; just as we clearly distance ourselves from people who copy software and then resell it. On the other hand, it's like with patent law: If we use certain things exclusively for personal consumption, it is quite possible that we will use equipment or do things that are in some sense not permitted. [Question] What are the most important goals of the CCC? [Answer] One very important objective is the new human right to a worldwide, free exchange of information. Unhindered. This is an opportunity offered by the electronic media. It happens in some extreme cases, say with telephone calls to Israel, that the censor steps in and the connection is broken. And in the USSR there is no direct dialing whatsoever. Otherwise, the telephone is a means for making contact with people all over the world and talking to them uncensored. And that is a tremendous leap forward, if you think back 200 years. And we want to push this development further along in the direction of the new media; we are simply trying to promote international, free discussion, to achieve something like the U.S. "Freedom of Information Act" on a worldwide scale. [Question] Does free also mean free of charge in your view? [Answer] That would be nice. But in view of my telephone bill, I would have to say that it is far from free of charge. That is a dream that cannot be realized as such. But it is still much cheaper than, say, having to continually travel around; in this way, it is possible to hold international conferences at a relatively low cost. And on this point, of course, we are also very much opposed to a restrictive rate policy by the Bundespost. It is four times cheaper to call here from the United States than from here to the United States. In the United States, for example, local calls are free. The Bundespost has its monopoly, and it is taking full advantage of that. Thus, in the United States it is possible for an amateur radio operator to link the radio network with the telephone network, which is prohibited here in West Germany. On points like these, we have reformist ideas, to put it cautiously. [Question] Do you see any parallels to your activities in the book "Riders of the Shock Wave"? [Answer] That's a book that impressed a number of people. It's an update of "Brave New World" or "1984" for electronic media. It depicts a number of dangers and opportunities that are too often left unaddressed. So I simply think that the book is right. [Question] How do you think the whole thing will develop over the next 10 years? [Answer] The establishment of more mailboxes. Computers will have a great effect on bringing people together, to a much greater degree than the telephone. A negative aspect: Ten years ago, the first video groups were set up, "a new medium, interesting things can be done, for example a neighborhood video or one for specific persons." Thus, a medium for ideas. But what has come of this after 10 years? An absolute mass business, with horror and porno. And I see a similarly negative thing with computers. It is leading to a new form of orientation towards the machine, and speechlessness. I'll simply say "1926 Metropolis" as a buzzword. We want to try to pull people away from their games and motivate them to undertake more creative use of the medium. It is our hope that the computer, as a new medium, will make a positive contribution to understanding. [Question] How do you regard the future of CCC in this regard? [Answer] It is important that the print medium be a crutch and a transitional medium for reaching everyone who does not have a computer and modem. Thus, for those who are not yet on-line. In the long run, printed matter will lose significance. The mailboxes, where there is new information, are much more up- to-date and interesting. The contents of DATENSCHLEUDER are often completely outdated by the time it is published. People who poke around in mailboxes are plainly four weeks ahead in terms of information. For this reason, there must be a shift in the exchange of information towards electronic media. For us as well. [Question] What would you suggest to someone who is interested in communication as such? [Answer] On-line! Jump in! Look around to see what he likes, whether he can find something to get started on, something that has to do with his interests. And if he doesn't find anything, then he should see to it that he develops something. At any rate, always be active. Anyone who goes into it with a serious intent will be dissatisfied with what he finds relatively soon. He'll say, Dammit, I'm setting up my own mailbox. That's the electronic equivalent of a newspaper. Telecommunications media make it possible for anyone who has something to say, something to pass along, to do that. Every mailbox has its own handwriting, its own information corners, even if there is a lot of social noise, just as with CD radios. [Question] Are you perhaps planning a mailbox, or something similar? [Answer] We are in the process of programming an electronic carpooling service. The Schwarzmarkt here in Hamburg has had a carpooling service for eight years. We want to use telecommunications and computers to do this. [Question] Free of charge? [Answer] Yes. If someone wants to pay, we'll be glad to take it, but in principle it should not cost anything. [Question] How do you view the situation with modems? [Answer] The situation with modems looks like this. The cheapest are currently made by Tandy, but they are not available right now. There are very inexpensive self-assembly modems, but they do only 300 bauds. If you use them a lot, 300 bauds is simply too slow. So then you get something like the 79 10/79 11; that is why we have developed the kit with a board, which we sell at cost price. [Question] One more question: Is BTX not a competitor to data telecommunication? [Answer] In terms of charges, BTX is designed in such a way that it is simply too expensive. BTX was developed at a time when it was not even possible to foresee micro- and minicomputers. To put it more directly: BTX and the CEPT standard were designed on the drawing board, and most interactive videotext systems are simply BTX systems, and not computers, which forces people who have a BTX system to buy an additional computer. So I simply think that a data network that utilizes the graphic possibilities of a C 64 will find greater distribution than the Bundespost's BTX, which is state-subsidized. [Question] So BTX will not survive in the long run? [Answer] Not as widespread end-user equipment. For specialized purposes and certain companies, it will survive, but only in a very narrow context. Just look at how many hundreds of thousands of C 64s there are and how many thousands of BTX users. Despite this, we will continue to develop and expand our BTX service until the end of this year; but after the higher charges are introduced, we will shut down our BTX. I have a 100-page proposal for setting up a relatively up-to-date information service. We do want to put other ideas in the heads of BTX users and point out other options to them. But we will get out of that area no later than once the charges go up. We are on page 19058 in the Berlin transitional computer, and on page 20305080 in the new one. [Question] OK, that's it! The CCC can also be reached via Datex-P under the name Chaos-Computer-Club c/o Schwarzmarkt, Bundesstrasse 9, 2000 Hamburg 13. [p 16: Article from TAZ Hamburg, 5 July 1985, p 15] Subversive Broadcaster Students' Radio On Wednesday, 26 June, the scene at Oldenfelde High School in Rahlstedt was at times tumultuous. The underground student station "Radio Pelik-huhn" was once again in full swing. For more than 15 minutes, around 500 students enjoyed a colorful mix of good music and information during class time. Every room in the school has a loudspeaker mounted on the wall, whico2Br&%pJ 0HS Lve learned its lesson long ago, before its pride and joy, Bildschirmtext, was dealt a resounding blow last week by the Sparkasse trick. The piecemeal adjustments that they undertook in the past after every announced BTX hack were apparently inadequate. A program that needs so much clearing up is hopelessly contaminated. Naturally, the Bundespost knows this, and it grieves them in particular because BTX had just overcome the last political hurdle on the path to being universally introduced. It also hurts since there is already a dearth of interest in the new medium of communication. According to predictions by the Ministry, BTX should have around 150,000 subscribers by now. In reality, that figure is only a scant 19,000, of which 3,000 are suppliers. It is questionable whether the Bundespost will be able to compensate for its losses from IBM, who set up the system. "Big Blue" will scarcely be able to get out of supplying a new computer program. And that could take two to three years, which is the time that Reinhard Vossbein meant when he declared anyone who subscribes to Bildschirmtext during that period guilty of stupidity. [p 40: Unattributed text] MSG by GAST 20 November 1984, 5:10 a.m. MICKI is thinking about the CCC's BTX gag (bravo, by the way...), and reaches the following conclusion: The more securely a system is protected against unauthorized access, the more unauthorized the people who can uncover weaknesses must be. Ultimately, you have a system to which only the unauthorized have access... In this regard: Keep on doing it! [p 40: Unattributed text of computer program] 10 REM bankrob.ba 20 REM Version 1.00 30 REM (c) 1984 by Wau 40 MOTOR OFF: 'Relay for money key 100 CLS:PRINT"Bankrob.ba -Restart procedure" 110 INPUT "Prior money received: ";MONEY 120 IN=52:'Time value key on 130 OUT=169:'Time value key off 150 CLS:PRINT0,"DM ";MONEY,"in: ";IN;" out: ";OUT; 160 PRINT90,"o<<<< out >>>> O" 170 PRINT130,"i<<<< in >>>> I" 180 PRINT170,"Stop with x " 190 PRINT210,TIME$;:GOTO 1100 200 REM Rhomboid loop 210 MOTOR ON:PRINT40,"IN":PRINT40,TIME$:FOR I=1 TO IN:GOSUB 1000:NEXT I 220 MOTOR OFF:PRINT40,"OUT":FOR I=1 TO IN:GOSUB 1000:NEXT I 230 MOTOR ON:PRINT40,"IN":FOR I=1 TO IN:GOSUB 1000:NEXT I 240 MOTOR OFF:PRINT40,"OUT":FOR I=1 TO OUT:GOSUB 1000:NEXT I 250 MONEY=MONEY+9.97:PRINT0,"DM ";MONEY,"In: ";IN;" Out: ";OUT; 260 GOTO200 1000 REM Speed 1010 X$=INKEY$:IF X$="" THEN RETURN 1020 IF X$="o"THEN OUT=OUT-1:RETURN 1030 IF X$="O"THEN OUT=OUT+1:RETURN 1040 IF X$="i"THEN IN=IN-1:RETURN 1050 IF X$="I"THEN IN=IN+1:RETURN 1060 IF X$<>"x" THEN RETURN 1100 PRINT170,"Continue with x " 1110 MOTOR OFF:PRINT40,"OUT" 1120 X$=INKEY$:IF X$="x" THEN 1150 ELSE 1120 1150 PRINT170,"Stop with x ";GOTO 200 [pp 41-42: Article by "Wau," from TAZ, 22 November 1984] How the Hamburger Sparkasse BTX Code Was Cracked Bildschirmtext Tested for Weaknesses Ever since the coup by the Chaos Computer Club in Hamburg, who used a bug in the Bildschirmtext system to charge fees of DM 135,000 to Hamburger Sparkasse, Bildschirmtext, or BTX, has been a topic of discussion, and the chaotics from the Chaos Club have made headlines. Bildschirmtext is a big joke being played on consumers. For more than seven years, "field tests" were run in Berlin and Dsseldorf. From the very beginning, it was obvious that the system would be introduced following the field tests, regardless of the results of the "tests." The political objective made immense investments possible, thus making it simply impossible to abandon the system. After the "test," the test subscribers could throw away their equipment, since in the meantime it had become technically obsolete. The Bundespost paid for the technical conversion, giving all the subscribers a 1,000-mark credit, financed by the coins spent on pay telephone calls. Nevertheless, around one in six refused this attractive offer and terminated BTX service. The Bundespost predicted 150,000 subscribers by the end of 1984. It was actually a scant 20,000, which includes many who are not active subscribers. In the meantime, the Bundespost has stopped making its own predictions, instead spending a couple of million on programs that are supposed to provide better prognoses. The Bundespost has invested more than DM 700 million in BTX. If you compare this to subsidies for opera houses, then the Bundespost has built a 35,000-mark box for each subscriber. The only problem is that the opera program is still rather monotonous. IBM is the supplier of the computer and of the programs for the current system. They had high hopes about their deal, and wanted to sell their system to a number of countries. After all, approximately 100 people worked on programming for around two years. If you spend DM 20,000 a month for one of these specialists, that makes DM 50 million. A succession of several executives was in charge of the project. There were only a few "minor details" to be improved in the program, and with programs the smaller the correction, the more time they take. Chaos Team Becomes BTX Supplier In the fall of 1984, after long debate, the Chaos Computer Club decided to subscribe to BTX. Naturally as a "supplier," since being a subscriber is not interesting. They started with the least expensive equipment, which was technically refurbished. Still, the first months were torturous. The prevailing mood with home computers is well-known: "Turn it on--it doesn't work." But with the Bundespost, everyone expects that everything will work fine. It is only rarely that you get mail from the Bundespost saying, "Because of work on the system, few telephone calls will be possible on the weekend." With Bildschirmtext, hardly anything worked. Even an accent on a letter in a person's name caused unexpected developments (and this in a "European" system). In terms of computerization, changing names with accepts is offered up as a subversive strategy. Moreover, the blocking and unblocking of pages did not work. Blocked pages were legible, unblocked ones were not. The Bundespost told people who complained that they were doing something wrong. Blocked pages are something like the closed doors in an Advent calendar. On the first of December, the first door is opened (in BTX: unblocked), on the second the second door, and so on. The Bundespost has a Christmas calendar game of chance in Bildschirmtext. Every day, new letters behind a door can be seen, and on 24 December, there is a complete sentence (Season's Greetings from the Bundespost). But without any coercion, all the doors flew open on the first of the month. Either someone at the Bundespost typed something wrong, or the system has yet another small bug. The Chaos Computer Club (CCC) first got wind of this on 12 December, and sent in the complete solution, the prize being telephone credits. It is interesting how many subscribers sent in the solution before the CCC. Does the Bundespost perhaps believe here as well that some chaotics sneaked into the Bundespost to find the solution? However, a major problem with BTX is composing pages. The CCC does a type of electronic newspaper, which is published irregularly. Once a new article has been written and is supposed to be loaded into the system, all eyes focus on the lowest line, waiting for the message "ED007 EXECUTION NOT POSSIBLE AT PRESENT" or otherwise "Won't work right now." In order to penetrate the BTX system, all you need is the connection code. Every subscriber has a different 12-digit number. This access authorization is generally sent by pressing one key. This is practical and reasonably safe. You can imagine it as a nine-digit padlock (the first three numbers are generally zero) on your bicycle shed. Secondly, there is a personal code word. This is comparable to a padlock on the bicycle itself. And you can also put your bicycle in a communal shed. In BTX, this is called a "free-access connection." In that case, anyone can go into the communal shed and, if he knows the number of a particular bicycle lock, he can move about in BTX and take a look at things. A lot of it is free of charge, but some information or offerings cost money. Springer-Verlag reports cost 1 pfennig, FRANKFURTER ALLGEMEINE ZEITUNG reports cost 2 pfennigs, and the owner of the bicycle pays for this, not the cyclist. Test of BTX Weaknesses At some point, discussion at CCC came back to BTX and the policy of the Bundespost to simply ignore or deny the risks of BTX. The question arose of whether this was intentional or just stupid. A test was decided on. Who would be the guinea pig? The Bundespost Ministry in Bonn? A single quote suffices here: BTX is allegedly secure because it is difficult to tap into the telephone lines in this country, since they are all underground. The BTX control facility in Ulm is not that interesting as a test object. It tries to keep the system running. And the Berlin office of BTX is responsible for calming down postal customers when something goes wrong. The Central Telecommunications Office (FTZ) in Darmstadt is the site where technical plans and standards are drawn up. There one might expect to find the practical technicians who worked out the security system. Those are the right people for a test of BTX weaknesses. Without giving it much more thought, the BTX connection of the FTZ was tested one day by the CCC: Do they or do they not have free access? In order to find out, their subscriber number had to first be entered: 06151 83. That is the telephone number for the FTZ. Then there is the prompt for the code word. At this point, you can type in anything and tell from the subsequent error message whether the FTZ has a free-access connection or not. The CCC typed something in, the same telephone number again. The FTZ was careless: There was free access. But even worse, the FTZ had chosen its own telephone number as its secret code word. That is clearly more careless than one would have expected, certainly from Bundespost specialists. A record is kept by the Hamburg data protection commissioner of who worked on Bildschirmtext when. Since the BTX reports when someone was last "on," an "outside use" can often be detected in this way. But scarcely anyone keeps a record of it; it is too tedious. At any rate, the FTZ did not notice the "outside use" by the CCC. This cleared up the question: The Bundespost was not withholding and/or providing false information about BTX out of stupidity. The CCC considered what it should do now. The most obvious thing was of course to get money from the Bundespost. In order to do so, a page for which a fee is charged must be called in by another BTX subscriber. And that can be repeated any number of times. The highest price per page is currently DM 9.99. With 1- pfennig pages from Axel Springer, the CCC tested, at its own expense, how fast money can be collected using that method. In non-automatic operation, it worked out to around DM 10 an hour. For the CCC page, at DM 9.97, this would be DM 10,000 an hour. So you could really get something over night. These fees are charged on the telephone bill--in this case, the FTZ's telephone bill --and transferred to the suppliers a couple of weeks later. Right now, it is not working again, the Bundespost has another bug in the program, and it hopes to be able to pay the fees in February. In principle, however, the money is being recorded. Getting the money would be phase one. What then? Should we sell this breach of security to the Bundespost? We could, as is normal in industry, "hack" DM 100,000 or more and then sell the Bundespost consultation on this problem for a certain percentage of the money. Or get free, lifetime telephone service for the CCC or something like that. The Bundespost had to pay for its gross negligence. In both cases, however, the price would have been silence. Otherwise, the concentrated rage of the postal authorities would have been forthcoming. Consequently, perhaps half a dozen officials would have tried to do something to the CCC. But the CCC wanted enlightenment about the risks of this new system. To this end, the finance transaction had to be made public. Fine, but who should push the starting button for the money transfer? After all, it is an infringement like a parking ticket, although more expensive: a DM 50,000 fine. Will the data protection commissioner do it? He probably would have taken advantage of the opportunity and attempted to achieve an improvement by official means. A politician? Perhaps. But what if he leaks the story? There remained only one option: Do it ourselves, and abrogate our criminal liability by going public with it. A week later, the attempt failed, since the FTZ had in the meantime closed off free access to its connection. Hackers as Data Protection Specialists Several weeks later, Wau gave a presentation at a conference of data protection specialists in Cologne: BTX--El Dorado for Hackers. Cologne was a sea of pin- stripes, and Wau looked like a parrot in the midst of it all. Despite their initial distance, the audience was impressed by his presentation. Only the representative of the Bundespost felt that he was hitting below the belt, and that he did not intend to address those issues. That was dismissed with laughter, since the presentation depicted a series of program bugs drastically and in three dimensions. There is a bug in the sending of electronic mail. The sender can still change the contents after the letter has arrived. You can send a business partner a bid for, say, DM 2,300 and then later change the price, either raising it or lowering it. Another bug means that under certain circumstances the BTX system spits out internal system information. With a little luck, connection code words and secret passwords can be detected in this way. "Nonsense," said the Bundespost representative. And to the offer of cooperation came only the response, "First you have to get serious." It is unclear whether the CCC succeeded in doing so. At the very least, the BTX system finally spit out the connection code word and secret password of the Hamburger Sparkasse after a number of tries with the well-known system bug. Thus, it became possible to carry out the presentation planned for the FTZ with the Sparkasse instead. Almost everything went as planned. Over night, in 12 hours and 59 minutes, a good DM 134,000 was raised. With a portabf @%ѕȁѡen run in a daily newspaper, and a meeting of two dozen people from all over West Germany then took place in Berlin. We then decided to keep in touch and exchange experiences. The idea was simply to put together a magazine, but at that point it was all too vague, and it didn't come off. Next, contacts with the United States were established, with Cheshire Catalyst (the "king" of U.S. hackers, Ed.) and with his magazine TAP, which a bunch of people here in West Germany already knew about and subscribed to. At the Telecom in the fall of 1983, I met him personally and wrote a two-page article about him in a daily newspaper. And this two-page article elicited a great deal of response. By the end of the year, things had progressed far enough to set up a magazine. Previously, the idea was to exchange all information by floppy disk, but everything was incompatible, and it had no purpose. The magazine was announced around the beginning of the year, and we received 100 replies within one week. And so to us in Hamburg, it was obvious: If 100 people want it, then it has to be done. In March, the first issue was finally finished. Once the first and second issues were out, there was a veritable flood of letters. The amount of mail was equivalent to placing both my hands on end. [Question] How many subscriptions does the magazine have? [Answer] We took the course that whoever writes should get information, regardless of whether they send money in. The number of subscriptions fluctuates somewhere over 200. [Question] How do your finances look right now? [Answer] Terrible! The production costs are around 10 pfennigs per copy, for both sides of a DIN A3 page. On the other hand, the most expensive thing is postage, 50 pfennigs a piece. For each copy there are three copies that are not paid for, that we simply send out, as a sample or in response to a request with no money enclosed. It is in fact financed by the skin of our teeth, but we do hope that a number of people are willing to pay for it. If money comes in, then we can continue. [Question] And of the 200 subscriptions has each one paid around DM 30? [Answer] More or less. They came in with the full amount, a couple sent more than that, but unfortunately it was fewer than we had hoped. It costs about DM 1000 to produce one issue of DATENSCHLEUDER. [Question] How long will people receive DATENSCHLEUDER for their DM 30? [Answer] One Chaos year. That is effectively around one year, with around 10 issues. You definitely have to give our address, or they'll come beating your door down for that. [Question] How many regular members do you have now? [Answer] About the membership structure--it's rather open and free. Everyone who has information for us simply contributes it, whether he has a subscription or simply receives DATENSCHLEUDER, or even if he knows nothing about DATENSCHLEUDER. There are people who are working on the modem layout, and we are producing and marketing motherboards, for example. And then we do DATENSCHLEUDER, and also do communication via computer. It is simply an open structure, where anyone who feels like it can join in and leave at any time. But we are thinking about whether we should impose organizational structures on the whole thing. There are a couple of external areas where we are simply encountering problems. But on the other hand, we basically like this open structure. It's a dilemma. [Question] But surely you can provide an approximate number? [Answer] If we approach it in terms of subscriptions, we come up with more than 200, of which around 30 are in Hamburg. But that's very fluid. Should I count a graphic artist who does a couple of pictures for DATENSCHLEUDER as a member? We don't look at it that narrowly. Somebody comes along, finds it interesting, and joins in. That's also how it is at our meetings, which we hold once a week at a bar here in Hamburg. We always get different people there, it's just a regular meeting base. On the other hand, we generally meet once a month to exchange information. [Question] What kind of people are involved? [Answer] It ranges from pilots to a metalworker, people who run their own shops to unemployed people and students. They are between 16 and 35. No one is older than that. [Question] What is your assessment of the legal status of your activities? [Answer] We just don't like being forced into any corner. Now people are saying that it's all criminal, breaking into data bases and getting into 0= u~* t F(v6&\R&tPFP^.v,v,&D&\F0v,&F0^0&\v,&F0&DF0&Duv,&F0&Dbv,&F0&DOv,&AF0&D<PPB*MRD?L,NC.;wu.yyF( PFPv6&tO.F*F(v6&DN0]UF^*NV*F PQRvS.v&D43ۅyK&\&D&D23ۅyK&\ &D33&D$&\"&D&D&D(&\&&Ƅ]U v&DTv&DTP'Bv&DR&\P3FF Fv&\N;~ov&<tv&\R&tP&>>> O" 170 PRINT130,"i<<<< in >>>> I" 180 PRINT170,"Stop with x " 190 PRINT210,TIME$;:GOTO 1100 200 REM Rhomboid loop 210 MOTOR ON:PRINT40,"IN":PRINT40,TIME$:FOR I=1 TO IN:GOSUB 1000:NEXT I 220 MOTOR OFF:PRINT40,"OUT":FOR I=1 TO IN:GOSUB 1000:NEXT I 230 MOTOR ON:PRINT40,"IN":FOR I=1 TO IN:GOSUB 1000:NEXT I 240 MOTOR OFF:PRINT40,"OUT":FOR I=1 TO OUT:GOSUB 1000:NEXT I 250 MONEY=MONEY+9.97:PRINT0,"DM ";MONEY,"In: ";IN;" Out: ";OUT; 260 GOTO200 1000 REM Speed 1010 X$=INKEY$:IF X$="" THEN RETURN 1020 IF X$="o"THEN OUT=OUT-1:RETURN 1030 IF X$="O"THEN OUT=OUT+1:RETURN 1040 IF X$="i"THEN IN=IN-1:RETURN 1050 IF X$="I"THEN IN=IN+1:RETURN 1060 IF X$<>"x" THEN RETURN 1100 PRINT170,"Continue with x " 1110 MOTOR OFF:PRINT40,"OUT" 1120 X$=INKEY$:IF X$="x" THEN 1150 ELSE 1120 1150 PRINT170,"Stop with x ";GOTO 200 [pp 41-42: Article by "Wau," from TAZ, 22 November 1984] How the Hamburger Sparkasse BTX Code Was Cracked Bildschirmtext Tested for Weaknesses Ever since the coup by the Chaos Computer Club in Hamburg, who used a bug in the Bildschirmtext system to charge fees of DM 135,000 to Hamburger Sparkasse, Bildschirmtext, or BTX, has been a topic of discussion, and the chaotics from the Chaos Club have made headlines. Bildschirmtext is a big joke being played on consumers. For more than seven years, "field tests" were run in Berlin and Dsseldorf. From the very beginning, it was obvious that the system would be introduced following the field tests, regardless of the results of the "tests." The political objective made immense investments possible, thus making it simply impossible to abandon the system. After the "test," the test subscribers could throw away their equipment, since in the meantime it had become technically obsolete. The Bundespost paid for the technical conversion, giving all the subscribers a 1,000-mark credit, financed by the coins spent on pay telephone calls. Nevertheless, around one in six refused this attractive offer and terminated BTX service. The Bundespost predicted 150,000 subscribers by the end of 1984. It was actually a scant 20,000, which includes many who are not active subscribers. In the meantime, the Bundespost has stopped making its own predictions, instead spending a couple of million on programs that are supposed to provide better prognoses. The Bundespost has invested more than DM 700 million in BTX. If you compare this to subsidies for opera houses, then the Bundespost has built a 35,000-mark box for each subscriber. The only problem is that the opera program is still rather monotonous. IBM is the supplier of the computer and of the programs for the current system. They had high hopes about their deal, and wanted to sell their system to a number of countries. After all, approximately 100 people worked on programming for around two years. If you spend DM 20,000 a month for one of these specialists, that makes DM 50 million. A succession of several executives was in charge of the project. There were only a few "minor details" to be improved in the program, and with programs the smaller the correction, the more time they take. Chaos Team Becomes BTX Supplier In the fall of 1984, after long debate, the Chaos Computer Club decided to subscribe to BTX. Naturally as a "supplier," since being a subscriber is not interesting. They started with the least expensive equipment, which was technically refurbished. Still, the first months were torturous. The prevailing mood with home computers is well-known: "Turn it on--it doesn't work." But with the Bundespost, everyone expects that everything will work fine. It is only rarely that you get mail from the Bundespost saying, "Because of work on the system, few telephone calls will be possible on the weekend." With Bildschirmtext, hardly anything worked. Even an accent on a letter in a person's name caused unexpected developments (and this in a "European" system). In terms of computerization, changing names with accepts is offered up as a subversive strategy. Moreover, the blocking and unblocking of pages did not work. Blocked pages were legible, unblocked ones were not. The Bundespost told people who complained that they were doing something wrong. Blocked pages are something like the closed doors in an Advent calendar. On the first of December, the first door is opened (in BTX: unblocked), on the second the second door, and so on. The Bundespost has a Christmas calendar game of chance in Bildschirmtext. Every day, new letters behind a door can be seen, and on 24 December, there is a complete sentence (Season's Greetings from the Bundespost). But without any coercion, all the doors flew open on the first of the month. Either someone at the Bundespost typed something wrong, or the system has yet another small bug. The Chaos Computer Club (CCC) first got wind of this on 12 December, and sent in the complete solution, the prize being telephone credits. It is interesting how many subscribers sent in the solution before the CCC. Does the Bundespost perhaps believe here as well that some chaotics sneaked into the Bundespost to find the solution? However, a major problem with BTX is composing pages. The CCC does a type of electronic newspaper, which is published irregularly. Once a new article has been written and is supposed to be loaded into the system, all eyes focus on the lowest line, waiting for the message "ED007 EXECUTION NOT POSSIBLE AT PRESENT" or otherwise "Won't work right now." In order to penetrate the BTX system, all you need is the connection code. Every subscriber has a different 12-digit number. This access authorization is generally sent by pressing one key. This is practical and reasonably safe. You can imagine it as a nine-digit padlock (the first three numbers are generally zero) on your bicycle shed. Secondly, there is a personal code word. This is comparable to a padlock on the bicycle itself. And you can also put your bicycle in a communal shed. In BTX, this is called a "free-access connection." In that case, anyone can go into the communal shed and, if he knows the number of a particular bicycle lock, he can move about in BTX and take a look at things. A lot of it is free of charge, but some information or offerings cost money. Springer-Verlag reports cost 1 pfennig, FRANKFURTER ALLGEMEINE ZEITUNG reports cost 2 pfennigs, and the owner of the bicycle pays for this, not the cyclist. Test of BTX Weaknesses At some point, discussion at CCC came back to BTX and the policy of the Bundespost to simply ignore or deny the risks of BTX. The question arose of whether this was intentional or just stupid. A test was decided on. Who would be the guinea pig? The Bundespost Ministry in Bonn? A single quote suffices here: BTX is allegedly secure because it is difficult to tap into the telephone lines in this country, since they are all underground. The BTX control facility in Ulm is not that interesting as a test object. It tries to keep the system running. And the Berlin office of BTX is responsible for calming down postal customers when something goes wrong. The Central Telecommunications Office (FTZ) in Darmstadt is the site where technical plans and standards are drawn up. There one might expect to find the practical technicians who worked out the security system. Those are the right people for a test of BTX weaknesses. Without giving it much more thought, the BTX connection of the FTZ was tested one day by the CCC: Do they or do they not have free access? In order to find out, their subscriber number had to first be entered: 06151 83. That is the telephone number for the FTZ. Then there is the prompt for the code word. At this point, you can type in anything and tell from the subsequent error message whether the FTZ has a free-access connection or not. The CCC typed something in, the same telephone number again. The FTZ was careless: There was free access. But even worse, the FTZ had chosen its own telephone number as its secret code word. That is clearly more careless than one would have expected, certainly from Bundespost specialists. A record is kept by the Hamburg data protection commissioner of who worked on Bildschirmtext when. Since the BTX reports when someone was last "on," an "outside use" can often be detected in this way. But scarcely anyone keeps a record of it; it is too tedious. At any rate, the FTZ did not notice the "outside use" by the CCC. This cleared up the question: The Bundespost was not withholding and/or providing false information about BTX out of stupidity. The CCC considered what it should do now. The most obvious thing was of course to get money from the Bundespost. In order to do so, a page for which a fee is charged must be called in by another BTX subscriber. And that can be repeated any number of times. The highest price per page is currently DM 9.99. With 1- pfennig pages from Axel Springer, the CCC tested, at its own expense, how fast money can be collected using that method. In non-automatic operation, it worked out to around DM 10 an hour. For the CCC page, at DM 9.97, this would be DM 10,000 an hour. So you could really get something over night. These fees are charged on the telephone bill--in this case, the FTZ's telephone bill --and transferred to the suppliers a couple of weeks later. Right now, it is not working again, the Bundespost has another bug in the program, and it hopes to be able to pay the fees in February. In principle, however, the money is being recorded. Getting the money would be phase one. What then? Should we sell this breach of security to the Bundespost? We could, as is normal in industry, "hack" DM 100,000 or more and then sell the Bundespost consultation on this problem for a certain percentage of the money. Or get free, lifetime telephone service for the CCC or something like that. The Bundespost had to pay for its gross negligence. In both cases, however, the price would have been silence. Otherwise, the concentrated rage of the postal authorities would have been forthcoming. Consequently, perhaps half a dozen officials would have tried to do something to the CCC. But the CCC wanted enlightenment about the risks of this new system. To this end, the finance transaction had to be made public. Fine, but who should push the starting button for the money transfer? After all, it is an infringement like a parking ticket, although more expensive: a DM 50,000 fine. Will the data protection commissioner do it? He probably would have taken advantage of the opportunity and attempted to achieve an improvement by official means. A politician? Perhaps. But what if he leaks the story? There remained only one option: Do it ourselves, and abrogate our criminal liability by going public with it. A week later, the attempt failed, since the FTZ had in the meantime closed off free access to its connection. Hackers as Data Protection Specialists Several weeks later, Wau gave a presentation at a conference of data protection specialists in Cologne: BTX--El Dorado for Hackers. Cologne was a sea of pin- stripes, and Wau looked like a parrot in the midst of it all. Despite their initial distance, the audience was impressed by his presentation. Only the representative of the Bundespost felt that he was hitting below the belt, and that he did not intend to address those issues. That was dismissed with laughter, since the presentation depicted a series of program bugs drastically and in three dimensions. There is a bug in the sending of electronic mail. The sender can still change the contents after the letter has arrived. You can send a business partner a bid for, say, DM 2,300 and then later change the price, either raising it or lowering it. Another bug means that under certain circumstances the BTX system spits out internal system information. With a little luck, connection code words and secret passwords can be detected in this way. "Nonsense," said the Bundespost representative. And to the offer of cooperation came only the response, "First you have to get serious." It is unclear whether the CCC succeeded in doing so. At the very least, the BTX system finally spit out the connection code word and secret password of the Hamburger Sparkasse after a number of tries with the well-known system bug. Thus, it became possible to carry out the presentation planned for the FTZ with the Sparkasse instead. Almost everything went as planned. Over night, in 12 hours and 59 minutes, a good DM 134,000 was raised. With a portabf @%ѕȁѡen run in a daily newspaper, and a meeting of two dozen people from all over West Germany then took place in Berlin. We then decided to keep in touch and exchange experiences. The idea was simply to put together a magazine, but at that point it was all too vague, and it didn't come off. Next, contacts with the United States were established, with Cheshire Catalyst (the "king" of U.S. hackers, Ed.) and with his magazine TAP, which a bunch of people here in West Germany already knew about and subscribed to. At the Telecom in the fall of 1983, I met him personally and wrote a two-page article about him in a daily newspaper. And this two-page article elicited a great deal of response. By the end of the year, things had progressed far enough to set up a magazine. Previously, the idea was to exchange all information by floppy disk, but everything was incompatible, and it had no purpose. The magazine was announced around the beginning of the year, and we received 100 replies within one week. And so to us in Hamburg, it was obvious: If 100 people want it, then it has to be done. In March, the first issue was finally finished. Once the first and second issues were out, there was a veritable flood of letters. The amount of mail was equivalent to placing both my hands on end. [Question] How many subscriptions does the magazine have? [Answer] We took the course that whoever writes should get information, regardless of whether they send money in. The number of subscriptions fluctuates somewhere over 200. [Question] How do your finances look right now? [Answer] Terrible! The production costs are around 10 pfennigs per copy, for both sides of a DIN A3 page. On the other hand, the most expensive thing is postage, 50 pfennigs a piece. For each copy there are three copies that are not paid for, that we simply send out, as a sample or in response to a request with no money enclosed. It is in fact financed by the skin of our teeth, but we do hope that a number of people are willing to pay for it. If money comes in, then we can continue. [Question] And of the 200 subscriptions has each one paid around DM 30? [Answer] More or less. They came in with the full amount, a couple sent more than that, but unfortunately it was fewer than we had hoped. It costs about DM 1000 to produce one issue of DATENSCHLEUDER. [Question] How long will people receive DATENSCHLEUDER for their DM 30? [Answer] One Chaos year. That is effectively around one year, with around 10 issues. You definitely have to give our address, or they'll come beating your door down for that. [Question] How many regular members do you have now? [Answer] About the membership structure--it's rather open and free. Everyone who has information for us simply contributes it, whether he has a subscription or simply receives DATENSCHLEUDER, or even if he knows nothing about DATENSCHLEUDER. There are people who are working on the modem layout, and we are producing and marketing motherboards, for example. And then we do DATENSCHLEUDER, and also do communication via computer. It is simply an open structure, where anyone who feels like it can join in and leave at any time. But we are thinking about whether we should impose organizational structures on the whole thing. There are a couple of external areas where we are simply encountering problems. But on the other hand, we basically like this open structure. It's a dilemma. [Question] But surely you can provide an approximate number? [Answer] If we approach it in terms of subscriptions, we come up with more than 200, of which around 30 are in Hamburg. But that's very fluid. Should I count a graphic artist who does a couple of pictures for DATENSCHLEUDER as a member? We don't look at it that narrowly. Somebody comes along, finds it interesting, and joins in. That's also how it is at our meetings, which we hold once a week at a bar here in Hamburg. We always get different people there, it's just a regular meeting base. On the other hand, we generally meet once a month to exchange information. [Question] What kind of people are involved? [Answer] It ranges from pilots to a metalworker, people who run their own shops to unemployed people and students. They are between 16 and 35. No one is older than that. [Question] What is your assessment of the legal status of your activities? [Answer] We just don't like being forced into any corner. Now people are saying that it's all criminal, breaking into data bases and getting into 0= u~* t F(v6&\R&tPFP^.v,v,&D&\F0v,&F0^0&\v,&F0&DF0&Duv,&F0&Dbv,&F0&DOv,&AF0&D<PPB*MRD?L,NC.;wu.yyF( PFPv6&tO.F*F(v6&DN0]UF^*NV*F PQRvS.v&D43ۅyK&\&D&D23ۅyK&\ &D33&D$&\"&D&D&D(&\&&Ƅ]U v&DTv&DTP'Bv&DR&\P3FF Fv&\N;~ov&<tv&\R&tP&