In_Secure

Subject: The hacker's rule book Sat Feb 23, 2008 11:54 pm

I. Don't ever maliciously hack a system. Do not delete or modify files
unnecessarily, or intentionally slow down or crash a system.
The lone exception to this rule is the modification of system logs and
audit trails to hide your tracks.

II. Don't give your name or real phone number to ANYONE, it doesn't matter
who they are. Some of the most famous phreaks have turned narcs because
they've been busted, and they will turn you in if you give them a
chance. It's been said that one out of every three hackers is a fed, and
while this is an exaggeration, use this as a rule and you should do
fine. Meet them on a loop, alliance, bbs, chat system, whatever, just
don't give out your voice number.

III. Stay away from government computers. You will find out very fast that
attempting to hack a MilTac installation is next to impossible, and will
get you arrested before you can say "oh shit". Big Brother has infinite
resources to draw on, and has all the time it needs to hunt you down.
They will spend literally years tracking you down. As tempting as it may
be, don't rush into it, you'll regret it in the end.

IV. Don't use codes from your own home, ever! Period. This is the most
incredibly lame thing i've seen throughout my life in the 'underground';
incredible abuse of codes, which has been the downfall of so many people.
Most PBX/950/800s have ANI, and using them will eventually get you
busted, without question. And calling cards are an even worse idea.
Codes are a form of pseudo-phreaking which have nothing to do with the
exploration of the telephone networks, which is what phreaking is about.
If you are too lazy to field phreak or be inventive, then forget about
phreaking.

V. Don't incriminate others, no matter how bad you hate them. Turning in
people over a dispute is a terrible way to solve things; kick their ass,
shut off their phones/power/water, whatever, just don't bust them.
It will come back to you in the end..

VI. Watch what you post. Don't post accounts or codes over open nets as a
rule. They will die within days, and you will lose your new treasure.
And the posting of credit card numbers is indeed a criminal offense
under a law passed in the Reagan years.

VII. Don't card items. This is actually a worse idea than using codes, the
chances of getting busted are very high.

VIII. If for some reason you have to use codes, use your own, and nothing
else. Never use a code you see on a board, because chances are it has
been abused beyond belief and it is already being monitored.

IX. Feel free to ask questions, but keep them within reason. People won't
always be willing to hand out rare accounts, and if this is the case
don't be surprised. Keep the questions technical as a rule. Try and
learn as much as you can from pure hands on experience

X. And finally, be somewhat paranoid. Use PGP to encrypt your files, keep
your notes/printouts stored secretly, whatever you can do to prolong
your stay in the h/p world.

XI. If you get busted, don't tell the authorities ANYTHING. Refuse to speak
to them without a lawyer present.

XII. If police arrive at your residence to serve a search warrant, look it
over carefully, it is your right. Know what they can and can't do, and
if they can't do something, make sure they don't.

XIII. If at all possible, try not to hack off your own phoneline. Splice your
neighbour's line, call from a Fortress Fone, phreak off a junction box,
whatever.. if you hack long enough, chances are one day you'll be
traced or ANI'd.
Don't believe you are entirely safe on packet-switched networks either,
it takes a while but if you scan/hack off your local access point they
will put a trace on it.

XIV. Make the tracking of yourself as difficult as possible for others.
Bounce the call off several outdials, or try to go through at least two
different telco companies when making a call to a dialup.
When on a packet-switched network or a local or wide area network,
try and bounce the call off various pads or through other networks
before you reach your destination. The more bounces, the more red tape
for the investigator and the easier it is for you to make a clean
getaway.
Try not to stay on any system for *too* long, and alternate your calling
times and dates.

XV. Do not keep written notes! Keep all information on computer, encrypted
with PGP or another military-standard encryption program.
Written notes will only serve to incriminate you in a court of law.
If you write something down originally, shred the paper.. itty bitty
pieces is best, or even better, burn it! Feds DO trash, just like us,
and throwing out your notes complete will land in their hands, and
they'll use it against you.

XVI. Finally, the day/night calling controversy. Some folks think it is a
better idea to call during the day(or whenever the user would normally
use his account) as to not arouse the sysadmin's suspicion of abnormal
calling times, while others think it is better to call when nobody is
around.
This is a tough one, as there is no real answer. If the sysadmin keeps
logs(and reads over them) he will definetly think it strange that a
secretary calls in at 3 am.. he will probably then look closer and find
it even stranger that the secretary then grabbed the password file and
proceeded to set him/herself up with a root shell.
On the other hand, if you call during the time the user would normally
call, the real owner of the account may very well log in to see his
name already there, or even worse be denied access because his account
is already in use.
In the end, it is down to your opinion.
And remember, when you make a decision stick to it; remember the time
zone changes.