My FBI file was for hacking into my school district's AS/400 that handled my school's attendance and grading system. Somehow using a public IP address with no access restrictions allowed a clear telnet path in from home. Compounding username and passwords that were all the same for every employee. I didn't change a thing, just LOLed and told someone. Bad mistake.
This was the late 90s.<p>Oh well, 2 week suspension and kicked off the computers for less than a year. A nice conference with FBI, police, my parents, IT and school administration. Fun times.<p>I learned my lesson to not talk about such things because their egoes were too fragile.<p>When they decided to give students in their website design class ftp accounts on the district wide web/email server running an ancient version of Debian, they didn't disable the shell, just added a login script to a menu for pine, etc. for people who telnetted in, which I'm sure the sysadmin was proud of. However, a few fast CTRL-C's broke out of his script menu loop and got me a shell, and they didn't shadow protect their password files. Ran it through john the ripper and had half the district's e-mail passwords in a default dictionary file including the root pw in a few minutes. LOLed and never told anyone about that.<p>Good times, the 90s....
A person I know studied in East Germany in the early 80s via a very limited exchange program. After the wall came down, she requested her Stasi file.<p>It was fascinating what was in the file - lots of misunderstandings and misinterpretations. For example, she was upset when the Challenger exploded, and this mystified the Stasi informers who had previously identified her as a pacifist (in their minds, the Shuttle was 100% military).<p>Similarly, she was trying to research what happened to a relative who had remained in Germany in the late 30s, and whether she had died of natural causes or been sent to the camps. The Stasi file was filled with speculations on the details of this "sleeper agent" with whom she was trying to establish contact.<p>All this to say that from the mindset of a spy, everything is spy-craft. Everyone's world-view shapes their interpretation of events and reality itself. Was the shuttle a military venture? Partly. Was it also a tool for science? Yup. But the functionaries who looked at her data in the heat of the cold war certainly couldn't see those distinctions.<p>For what it's worth, she was able to get her Stasi file, but has never been able to get a copy of her FBI file.
This story (assuming it's true) should serve as an excellent example of why you need privacy even if you think that you don't. In peace time the NSA is only looking for "terrorist" and leaves everyone alone, but in case of war they would start creating lists for any and everything. All it takes is one "tough" agent trusting their gut feeling/algorithm based on your browsing history and shopping habits to put a target on your back and you are done.<p>EDIT: Replacing "if there's any truth to it" by "assuming it's true". I did not mean to imply that the author made up the whole story and thought both expressions were equivalent.
Did anyone else look into his Stanford biography page? Pretty insane stuff.<p><a href="https://web.stanford.edu/~learnest/" rel="nofollow">https://web.stanford.edu/~learnest/</a><p><a href="http://web.stanford.edu/~learnest/bucket/" rel="nofollow">http://web.stanford.edu/~learnest/bucket/</a><p>In a section headed by an anime girl, he claims to have, "figured out when and how a bunch of other fantasies got into our DNA and will shortly post an article on this web site that will explain how that happened, why it is causing modern humans to make billions of bad decisions each day, and how we and our descendants are likely to be wiped out soon unless we begin dealing with this problem in a rational way."<p>Then there's a weird picture of his face, which is how he thinks he'll look in 2043, when "he plans to croak at age 112".<p>On his bucket list page,<p>"My choice as a troublemaker will be to get shot in the back while running away from an jealous husband in May 2043".<p>Very weird stuff.
>> My mother told the investigators how glad she was to get the glasses back, considering that they cost $8. The sourpuss did a slow burn, then said “Lady, this case has cost the government thousands of dollars. It has been the top priority in our office for the last eight weeks. We traced the glasses to your son from the prescription by examining the files of all optometrists in the San Diego area.” He went on to say that they had been interviewing our friends and neighbors for several weeks.<p>Mom: "And how is that foolishness my problem?"
Around 1983, me and a few friends were into "war dialing". We found a bank, did about a half-day of research (default logins for popular systems used by banks), and were able to get into the system. We all got bored and stopped poking around after a day or so - we were kids, none of us understand anything about banking. But one kid continued to poke around for months, and he was making changes, too - like, creating his own "backdoor" accounts. Well, naturally we all got caught, not because of some technical task force or anything, but rather because the one kid was bragging about it on a bunch of local BBS's. Then he ratted out the rest of us.<p>Keep in mind this was around 1983; it was a different time - "computer crimes" didn't really exist, nor the people to investigate them. And that's basically how we all escaped any significant consequences. I was totally unaware of all this at the time, but it was explained to me later in life (by my mother, who is still bitter about it - sorry, mom; you bought me the Commodore 64! LOL) that the FBI didn't really consider it a crime because nothing was stolen. The local cops proposed "trespassing", but we never stepped foot in the bank; we didn't even know where it was.<p>Thankfully this was just prior to the release of "War Games". Everything changed after that movie. Law enforcement started to pay attention. There were stories about the FBI investigating kids on local BBS's, thinking they were working for the Soviet Union, trying to access military secrets or something like that.
Lesson learned: "We traced the glasses to your son from the prescription by examining the files of all optometrists in the San Diego area." - if you want your possessions found, you can either attach a note with your home address or an AirTag... or simply something _so_ sketchy that an intelligence agency delivers your stuff together with an awesome story.
A friend of mine in 1997 got arrested for poking around in air force computer systems. He was charged with a felony not because he did any damage but because it cost $40k to track him down. He also had to pay that back.<p><a href="https://attrition.org/~jericho/works/security/crime_punishment.html" rel="nofollow">https://attrition.org/~jericho/works/security/crime_punishme...</a><p>"Once again, when computer crime enters the equation, circumstances seem to change. In May of 1997, Wendell Dingus was sentenced by a federal court to six months of home monitoring for computer crime activity. Among the systems he admitted to attacking were the U.S. Air Force, NASA and Vanderbilt University. What is different about this case is the court's order for Dingus to repay $40,000 in restitution to the Air Force Information Warfare Center (AFIWC) for their time and effort in helping to track him."
So... the headline invokes an inappropriate image. The author attracted the attention of the FBI <i>in 1942, when "cryptography" meant wartime codebreaking, and his amateur cypher got lost and then found and turned in by a genuinely concerned citizen</i>.<p>I mean, OK. Sure, it's bad that kids interested in math get caught up in this. But come on, it was the middle of the biggest war in history and real spies were indeed doing real work with codes like that. This says nothing about modern enforcement regimes, nor should it.
This story contains a link to another of his stories (also published in Communications of the ACM, February 1989).<p>Old as it is, it seems quite relevant in our current race-obsessed culture:
<a href="https://web.stanford.edu/~learnest/les/mongrel.htm" rel="nofollow">https://web.stanford.edu/~learnest/les/mongrel.htm</a>
It’s sad that people on positions of authority are always paranoid someone is lying. I was recently pulled over and I was sure I hadn’t done anything and it was on a very busy highway through town and I was literally at a side road so turned off and immediately pulled over. It took seconds. The officer as he approached me put his thumb on the back of my car. From my reading they do that to leave their fingerprints if something goes wrong. He approached and said he just wanted to check if I had my license, something they are not supposed to do since it fosters racial profiling they are supposed to have a reason. But he said I noticed you don’t have an N on your car(the N indicated new drivers) and you looked a little young so wanted to check. Just a bullshit story since I am 40, had 2 teenage kids and a 6 year old in my car and enough facial hair to say I was way beyond a 5 o’clock shadow. Then he began to lecture me how when a car pulls onto a side street it makes him very suspicious. I said well I don’t want anyone getting hit from behind and he replied That he is not affraid of getting hit. All very well I am glad you are not but I had 3 kids in the car and have seen enough videos of officers getting plowed and I didn’t want to be part of that. He let me go and with that I am once again annoyed with the police. If I’ve done something ticket me I’ve never omce fought a ticket. I pay my dues. But like I say that rule is to stop racial profiling so I take it seriously.
He was able to tinker with a radio at age of 10, in 1940. I had my first electronic at 19, in 2003, growing up in India.
Today, almost anyone in the world can have access to the latest tech easily. Great minds were there and are everywhere in the world, they just didn't have access to resources. Think how fast the research monopoly of US is going to shrink.
I got a cease and desist letter from apple around the same age and see it as an achievement I want to frame in the living room (it was when the iPhone 4S and Siri was released. At the time, there was a way you could get Siri working on a jailbroken phone but required running a Siri server that scrapped keys from Apple’s servers. A lot of people were doing what I did a charging for it, so I made a free and public one. I remember the day my VPS provider sent me an email with Apple’s request to shut it down lol)
Be sure to read the follow-up (<a href="https://web.stanford.edu/~learnest/cyclops/bash1.htm" rel="nofollow">https://web.stanford.edu/~learnest/cyclops/bash1.htm</a>) about the challenges the author faced in trying to help move forward a reasonably safe standard for bicycle helmets.
in case you're not aware, the author of this is a known (but not well-known) AI researchers from way, way back.<p>He invented the "finger" protocol. I chose the university I went to based on the qualitty of the plan files so in some sense, he's the reason I ended up at UCSC.
I got a CSIS record at the age of 12 for the same reason. It turned out after someone did a FOIA request that the IRC chatroom I was having some crypto fun in had a CSIS record.<p>Sadly after that a lot of people got spooked and I lost touch with many there. Never got to meet my friend despite living in the same city :(
Off topic: I'm watching Hackers[0] for the first time tonight and this is on Hacker News.<p>[0] <a href="https://www.youtube.com/watch?v=peBuMWtkw8s" rel="nofollow">https://www.youtube.com/watch?v=peBuMWtkw8s</a>
As long as everyone is sharing stories, it was the late '90s in the bay area when I was in high school and poked around in our computer lab systems. Other than running Quake and Starcraft, which we were not supposed to do, it occured to me to install a keylogger on an NT4 machine that was shared by the students and our admin. After finding a stealthy keylogger, installing it and verifying it worked for capturing my own password, I went home excited and nervous. When I got into the lab the next day, I looked around for some privacy and quickly checked the logs. Imagine my satisfaction when her password fell into my lap. I remember it to this day, it was "dj3j". Those were the days, of short passwords at least. I proceeded to immediately remove the log file and keylogger and never used her password, am a white hat through and through. Hopefully she changed it by now...
It makes me wonder -- does everyone end up investigated for their interest in HTTPS and trying to think up encryption methods?<p>It seems even having a passive interest in computer science or cryptocurrency would inevitably lead to one taking a class or buying a book on these topics. The business person in me always brainstorms the various potential business applications of any technology -- and that inevitably leads to a lot of discussion.<p>Any system of policing that results in entire professions and swathes of hobbyists being considered and treated as enemies of the state is essentially the same level of injustice as the witch trials of old and shows our species has not improved all that much.
UK initiative to regulate computer security professionals, <a href="https://www.theregister.com/2022/01/25/ukgov_cybersecurity_profession_regulation_ukcsc/" rel="nofollow">https://www.theregister.com/2022/01/25/ukgov_cybersecurity_p...</a><p><i>> security specialists could be struck off or barred from working if they don’t meet “competence and ethical requirements.” … people who aren’t UKCSC-registered professionals might not be able to claim any new legal defences … similar to the General Medical Council and its register of doctors allowed to practice medicine in the UK.</i>
Can you imagine what will happen when measuring pupil dilation goes mainstream? Any authoritarian govt will be able to measure your <i>true</i> intentions. There is no way to hide your pupil dilation.<p>For example, if you are browsing twitter and see a post of your country "liberating" its enemies. If your pupils and pulse indicate that you don't approve of your country's actions, suddenly you will lose some rights as a citizen. Maybe your house gets raided for "suspicion of terrorism"<p>With AR/VR devices about to go mainstream, this is very possible.<p>Any thoughts?
I had the french secret service come and interrogate me in ~88 (bad cop/good cop) because I had doctored a RS232 cable to be NULL modem, to be able to connect to the X25 "transpac" network using a terminal.
I was 'drafted' in the army back then, basically unpaid slave labour, and I was risking 40+ days in prison for sabotage. I 'escaped' due to a coupe of forward thinking officers who didn't think that was a way to handle a smart 18yo kid.
Was an exchange student at a High School in Michigan (I’m German):
Hacked the local school network to access the cafeteria system and changed my friend’s photo to Tux (Linux mascot). Would also have been able to change the credit of each student - but mentioned to the sys-admins which then challenged me to brute force their Admin password. I successfully did that and they offered me an internship. I learned a lot over the half year that I worked with them, switched from Windows to Debian (on a Mac! I wasn’t allowed to be paid, but they gifted me an iBook before I left).<p>While I was there I also setup a cgi (web) proxy on a host in Germany, called it “cproxy” and shared it with friends in the high school. At the end of my year, I think half the school was using it to circumvent the schools accept/reject list for web browsing. I kept it running and two years later my parents received a call from the FBI, that they wanted to have a word with me (I was back in Germany at that point). Supposedly someone used it for fraud on eBay. I remember how I had to tell my teacher in (German) school that I had to keep my cellphone with me because the FBI was about to call :-)
Fun times! Really glad that the school in Michigan was so supportive and helped me keep my hacker spirit!
> <i>The friendlier one eventually described how much it had cost to investigate another recent case where a person was reported to have pulled down an American flag and stepped on it. Only after the investigation was well under way did they learn that the perpetrator of this nefarious act was only four years old.</i><p>I never cease to be amused and amazed by the incredible lack of imagination discernment law enforcement personnel display at all levels. I'm sure some smart people work at the three letter agencies, but there sure is a range!<p>To me, I take it as a lesson about the dangers of dogmatic following of rules and how such a system will inevitably provoke people into work that have less than zero desired value. Obviously, as 1984 and many other works remind us, the value is in reinforcing the power of the system - but the official line of the system is to say that's not the case.<p>The reason government agencies are so fond of crushing people who have the bad luck to become centered in their gaze is that they know or suspect they are not clever enough to match wits with a below-average four year old and they would never want that possible fact to become public knowledge.
Charming story, but only an American would think 1942 was early in WWII. I’m tempted to roll out the old joke about US foreign policy but I’ll save y’all …
I've wondered if they've kept tabs on me since I was young/dumb...<p>Back before SSL/TLS became a thing, ARP poisoning was all you really needed to find out some <i>fun</i> details. It was basically pretending you're both the network gateway and a client.<p>This and some poor decisions on my part ended up with an expulsion my senior year, never had a phone call like this - just angry people from the state.
First year emigrating to the US, I started a service to automate the laborious College Algebra online homework with WolframAlpha and $20/job Pakistani teens. Had an AdWords campaign running. Calls kept pouring in - majority from Phoenix university students. If you wanted a perfect score, I’d charge you extra. If you wanted an imperfect score, I’d still charge you extra. Life was good, I was naive. I thought I had cracked it. Then I got served. The CEO of the company (one of the biggest educational publishers) was to fly in personally. They thought I ran a huge operation with many departments, since I would routinely change voices and direct customers around departments. Once my lawyers learned the real scale of the operation, they laughed and managed to get all charges dropped.<p>Looking back at it, would I have had a chance, had I approached the company in some defensive role against such activity?
In my college (late 90s) no one cared if you put an interface into promiscuous mode and there was no encryption anywhere. I had so many aim and campus system accounts from packet sniffing I didn’t know where to start. Following aim conversations of people in my dorm was pretty funny though.
>After we left the form by her front door her parents somehow figured out who had done that and, when Bobby’s and my parents learned of this stunt they decreed that we would no longer play together. We followed that guidance for over 40 years.<p>oh
In early e-commerce era in korea, I remember a website storing refund balance into the browser cookies without verification which I told about it to my friend. My friend told that to his friend, and that one was bold enough to steal million dollar amount of goods using that bug, got eventually caught, however was not accused of anything because it was literally the first case of e-commerce related crime committed by teenager. The officials didn't take it seriously. Good old 00's.
When I read this headline I figured it was an exaggeration but after it hung around on HM for a while I clicked the link.<p>Oh, it was Les Ernest. Completely plausible.
> This was just after local citizens of Japanese descent had been rounded up and taken away to concentration camps, though I was not aware of that at the time.<p>Now that was a piece of history I had never herd about:<p><a href="https://www.britannica.com/event/Japanese-American-internment" rel="nofollow">https://www.britannica.com/event/Japanese-American-internmen...</a><p>Apparently Mexican concentration camps were not the US first throw at it.
> At some point the Jack Armstrong program invited listeners to mail in a Wheaties box top to get a decoder ring that could be used to decipher secret messages that would be given near the end of certain broadcasts.<p>I remember seeing that in "A Christmas Story":<p><a href="https://www.youtube.com/watch?v=6_XSShVAnkY" rel="nofollow">https://www.youtube.com/watch?v=6_XSShVAnkY</a>
This gave me a flashback I recall that when I was quite young about age 10 - 13 and I created my own writing system. I think I had read about the Phoenicians and how they made the characters for the alphabet after everyday objects and it inspired me. I recall filling entire notebooks with stories to myself filled with my "language" still English but my writing system.
So my database course used a proprietary database hosted on-campus with IP ACLs. I setup a proxy on the campus cluster and mirrored 90% of it before the lecturer turned it off. I don't understand why they would even look, much less care, about policing closed-source documentation like the Stasi. If it happened these days, it would've been an Aaron Swartz situation.
What a wonderful and adventurous life! I really enjoyed reading that.<p>Makes me think about what stories I’ll have to tell about my life in 40-50 years.
One past thread:<p><i>How I got an FBI record at age 11 from dabbling in cryptography (2015)</i> - <a href="https://news.ycombinator.com/item?id=14229412" rel="nofollow">https://news.ycombinator.com/item?id=14229412</a> - April 2017 (133 comments)
I had to have a sit-down with the school admins because I used the "netsend" command to send the letter q, one time, to every PC in the school. I thought it was just going to go to the computers in the computer lab.
So, Les wrote UNIX finger?!? I clearly remember writing 'kiddie scripts' with lists of every computer in the entire school:<p>finger @w20-575-1<p>finger @w20-575-2<p>etc.<p>just to see who was logged on everywhere. Even though there was nothing to do with that information.
I have 2 such FBI records and every time I do a background check for a job they don't know what it's for and neither do I. I wish there was a way I could find out if it was computer related or not.
> To me, $8 represented 40 round trips to the beach by streetcar, or 80 admission fees to the movies.<p>I guess we can be impressed that round trip municipal public transit is now cheaper than a movie admission fee.
This was a great read! I also love the fact, that this is an old-skool serve via the user's home (~learnest). So much nicer than "You have 2 more Medium articles free this month".
I wonder if gifted and talented programs may also be used to inventory brain capital and feed into algorithmic threat identification, watchlist(s), and/or clandestine services recruiting.
Ran a `netsend` once from the school library. Saw it pop all over everyone's screens, and immediately :homer:'d out of there. Unfortunately don't remember the text I sent.
I got one after I let someone have an account on my Linux server in the mid-90s and they used it to send a very detailed and specific death threat to president@whitehouse.gov.
I love the post. I smiled quite a lot, not only because of the stories themselves, but because of my own childhood tomfoolery, oftentimes including my childhood best friend.
I'm sure more than half of HN has an FBI profile. I know that from an early age I would do internet searches for everything and anything I found fascinating, including hacking, piracy, anonymous proxies, nuclear energy, wilderness survival, firearms, communism, cults, wikileaks, snowden, assange, and a multitude of conspiracy theories.<p>I grew up fine and have never broken the law. But I sometimes wonder if some computer system or agency sees me differently, just based on keywords.