back to article College PRIMOS prankster wreaks havoc with sysadmin manuals

As we edge closer to Christmas, Mondays might be getting just slightly more bearable. To make that more so, we bring you another instalment of Who, Me?, The Register's tales of the mistakes our readers have brought upon themselves. This week, "George" tells us about a time back in the late '70s when he was doing post-grad work …

Page:

  1. gw0udm

    Hmmm

    Surely this is just an example of a poorly configured system? Almost by definition you'd think 'administrator' commands should only be available to administrators?

    This reminds me of experiences in our school computer room in the late 1980s. We had a reasonably number of BBC Bs on a Econet network. Whilst there were various admin commands these were locked down, but a few clever kids in the school wrote various so-called 'crash programs' which could wreak all sorts of havoc. The simple versions simply dropped text (usually abusive) into the keyboard buffer, but the more advanced ones would scramble screens, lock up buffers, play sounds etc.

    There was even a virus version which could be released and then silently spread itself from one computer to another causing random crashes. These so enraged the teacher in charge that he permanently closed the computer room - depriving us of BBC related goodies in the mid-1990s.

    More constructive versions 'pushed' complete files across the network, and I do remember a synchronised rendition of 'Bones' which was great fun:

    https://www.youtube.com/watch?v=bd0WhebWTnk

    1. Anonymous Coward
      Anonymous Coward

      Seem to recall that Acorn's EcoNet by design enabled one machine to push small amount of code to the next machine in the network and run it ... I was working at Acorna t the time during a University summer vacation and seem to recall coming up with a program that scrolled a banner message round all the monitors in the room!

    2. David 132 Silver badge
      Headmaster

      Aaaah, that brings back memories. My school had a lab of about 20 Beebs - mostly Bs, but with a handful of Master 128Ks towards the end of my time there. All were linked over Econet. There was a “hacking toolkit” (ahem) that the cool kids got a copy of (and me, somehow. I was never one of the cool kids.)

      As I recall, it was called “The Gremlin”, and had all the features mentioned above. Crash another machine, send text to the screen/keyboard buffer, capture a copy of the remote screen - much fun for kids whose sense of ethics and diligence was, uh, still forming.

      I also recall having great fun making wiggly patterns on the Microvitec Cub monitors with a large horseshoe magnet. Mr Higgins the computing teacher, if you’re reading this, consider this a very belated apology...

      1. Tom 38 Silver badge

        BBC Bs + Econet - you could change the network id of a network connection on the fly, and if you changed it to the same id as one that a user is already logged in as and they aren't actively using it, you also inherit their session.

        This lead to complex The Sting style schemes to get the lab technician to log in to his admin account in his office, and then distract him with conversation whilst accomplices switched to his id and gave disk quota upgrades to us all.

      2. KittenHuffer

        BBC Micros at college

        I happened to go to a school and a college that were in the pilot for the Computers for Schools project in the early 80's. This meant that I had access to a computer room with a dozen BBCs at a time when most schools only had a single machine.

        Ours were running ENet rather than EcoNet, which meant that they had a central (BBC Micro) server for the admin rather than allowing the 'admin' software to be run from any of the machines.

        We developed a password grabber, cracked the file storage system on the MASSIVE 20MB hard drive, and finished by obtaining a complete list of all user passwords!

        Ah, the joys of youth!

        1. Ol'Peculier

          Re: BBC Micros at college

          We developed a password grabber, cracked the file storage system on the MASSIVE 20MB hard drive, and finished by obtaining a complete list of all user passwords!

          I did exactly the same thing! Didn't get caught, but I was looked at with great suspicion by the staff.

          Happy days!

          1. CrazyOldCatMan Silver badge

            Re: BBC Micros at college

            I did exactly the same thing!

            During my first proper job (mainframe assembler programmer - ah the joys of running the 3270 terminal emulator on IBM PS/2 50z machines connected to a 4mb token-ring..) I got bored a lot. One day, I discovered the joy of MD-DOS system calls and a freeware DOS assembler..

            We used OS/2 LAN Server as our network management and so had a whole heap of print and file servers scattered around the building, none of which had any security at all.

            Then one day, I didcovered the network enumeration API.. one broadcast storm later (and a PC that I hurredly switched off to stop said storm), I had a complete list of all the file servers.

            I amended my code and (overnight) ran it again and ended up with a complete list of all the files on all the servers - most of which had been put there by staff and were unknown to the Powers That Be (and, in quite a few occasions, that was probably just as well - even if in the mid-90's, the porn was pretty low-res..).

            There were quite a few games though, all of which I copied onto floppies and took home.

        2. Nick Ryan Silver badge

          Re: BBC Micros at college

          My alternative was less hi-tech. At Uni (sorry guys) I wrote a simple program that looked exactly like the login system (custom screen, easy to mimic and logged out the current user, me, after recording login details) and ran around a computer room or two, logged in as myself, ran this application and merrily harvested the login details of countless students and staff. They had a bit of a sense of humour failure (sorry, again) when I presented this list to them - including a sys admin login or two.

          Students. We were probably all dicks at some point in time.

          Oh, and I also worked out how to get free laser printing.

          1. sisk Silver badge

            Re: BBC Micros at college

            My alternative was less hi-tech. At Uni (sorry guys) I wrote a simple program that looked exactly like the login system (custom screen, easy to mimic and logged out the current user, me, after recording login details) and ran around a computer room or two, logged in as myself, ran this application and merrily harvested the login details of countless students and staff.

            There was a guy who did that on our EduQuest system (I don't know what OS they ran - I didn't go to school here and the things were on their way out when I started working here) at the high school here. He ended up working for the school district technology department. In fact, for a couple years we had everyone over the age of 20 who had been caught hacking our network when they were in high school working for us.

            Sadly those days are past. We catch far too many kids attempting to hack the network these days to hire them all down the road.

        3. swm

          Re: BBC Micros at college

          At Xerox PARC when they brought up a new TENEX machine they had to get all of the user passwords for the new machine. Rather than bother all of the users they ran a net sniffer for a week and picked up most of the passwords which they then loaded into the new machine.

          In those days passwords were mainly to prevent stupid mistakes rather than for security.

          I once mailed the head of computer security his password but that is another story.

          Long before TCP/IP etc.

      3. gw0udm

        Haha, well you and me were clearly both at the same school, no doubt we shared the room at some point! I remember the Gremlin, I always wanted it but never knew anyone cool enough to give it to me :-(

        Poor old Mr Higgins could not cope, I still remember the fateful day when he kicked us all out because of "one of those wretched virus programs" and locked the door behind us, for it never to open again...

        I did score a reasonable amount of quite nice BBC kit when they cleared the room out a few years later, although sadly not the fabled 6502 second processor. Still more sadly I later got rid of most of it but still have a couple of disk drives including a 3" model which I have never seen before or since on anything except an Amstrad.

        1. David 132 Silver badge

          @gw0udm Oh, that’s hilarious. Soon as I read your original post I thought “oh, that sounds just like my school experience.”

          What are the odds?

          I remember the 6502 co-processor (the “tube”) that was on the BBC B in the corner of the room. It was a file-server, so it had been upgraded - TWO 5.25” disk drives, the tube, and ISTR there was a Teletext decoder there too but I might be mistaken.

          I was there between 1985 (Removes) and 1992 (Upper Sixth). I have fond memories of the place. There were some good teachers there. I recall with particular fondness Mrs Flitcroft the formidable French mistress & the awesome English masters Mr Philpott & Mr Nelson - it sounds corny, but they were dedicated, committed, and really inspired me, so thanks all of you, wherever you are now.

          I went back to the old place a couple of months ago when I was in England on business. Didn’t go in but drove around the car-park (and am probably logged on CCTV as a suspicious lurker, as a result). A lot’s changed. Can’t cross the same river twice, and all that.

          Still hated the mandatory end-of-term cathedral services, though. Two hours on a cold stone (and stone-cold, ahaha) pew? No thanks.

          1. gw0udm

            @David 132

            Well we obviously learned something from those BBCs. Yes there was a Tube but not a Teletext adapter. There was a print server, and my favourite station (number 6, batch) which had an upgraded keyboard and was beautiful to type on.

            Plus an ancient hard disk pack from a mainframe and a weird thing covered in switches which belonged to my friends Dad.

            Yes I enjoyed my time there too but changed beyond recognition... They even let girls in, tsk tsk.

            +1 for shivering in the cathedral too

      4. Anonymous Coward
        Anonymous Coward

        "Mr Higgins the computing teacher, if you’re reading this"

        Red head Southerner with extreme anger issues? Wirral Grammar?

        1. David 132 Silver badge

          AC Red headed southerner?...

          Nope. Dark-haired bearded bloke with no apparent anger issues. It seems it was mandatory in the ‘80s for school IT teachers to have the surname Higgins.

          It’s probably a tradition, or an old charter or something.

          1. Soruk

            Not going to name it, but I'm thinking of a certain school (with a wonky school shop) in Canterbury, based on the description.

            1. Anonymous Custard Silver badge
              Headmaster

              Ah yes the memories of EcoNet come flooding back, the joys of A-level comp-sci in the 80s...

              My teacher foolishly let me borrow a copy of the manual, at which point I of course duly wrote my own versions of all the priviledged commands which worked surprisingly well. I think it may have been a rite of passage thing anyway towards earning system privs, which I ended up with later on (the project I was working on conveniently needed them).

              That said when I did get such privs of course the first thing at least two of my peers (who hated one another) asked was for me to give them the password of the other one (so that they could "have some fun" with the content of the accounts). So I of course duly obliged, by swapping the passwords over so they each had the password of the others account but no longer of their own. To say the resulting Mexican stand-off was quite interesting when they realised they'd got just what they asked for, but not what they actually wanted.

              Even the teacher enjoyed that one, with a stern wagging of finger at me before promptly cracking up laughing and complimenting me on an interesting way of coping with the request and dealing with the two of them.

    3. MJB7

      Re: Poorly configured system

      "Almost by definition you'd think 'administrator' commands should only be available to administrators?"

      You are obviously thinking with the mindset of a 21st century security consultant. The late 70's was a much more innocent time, when it wasn't completely obvious that just trusting people to be responsible wasn't good enough.

      1. Pascal Monett Silver badge

        Agreed.

        However, it must be said that, to discover that you can accidentally fill up the server's hard disk with folders in no time flat is excusable - to go around purposefully disconnecting users without warning "just to see if it works" is a mindset I do not approve of.

        1. Aladdin Sane Silver badge

          You do know that students tend to be complete dicks, right?

          1. hmv

            Being the official wielder of the clue stick to problematic students, I'd take issue with that. _Some_ (a tiny minority) are complete dicks.

            1. DropBear Silver badge

              That is not my experience at all. More specifically, while most students would probably indeed frown upon causing significant problems or harm to others, most of them are absolutely fine "pranking" their peers with stuff that adults (including the same people later on) would find distinctly distasteful.

              1. Alan Brown Silver badge

                "most of them are absolutely fine "pranking" their peers"

                Generally immediately owning up to it, explaining how they did it and having a good wheeze.

                It's the ones who used the "pranking" as a form of bullying who were major dicks - especially as they seldom if ever could take what they dished out. (generally narcissists and we all know where those end up in an organisation)

          2. sisk Silver badge

            You do know that students tend to be complete dicks, right?

            I dunno about college students, but high school and younger groups definitely have a high dick-to-decent-human-being ratio. Thankfully most of them outgrow it eventually.

        2. This post has been deleted by its author

        3. Arion

          Bah Humbug.

          There are situations where this is is healthy; it encourages a preparedness for hardware failure, if there's a likelihood that the system could fail for some reason. It instills the ethic of frequently saving, and backing up.

    4. Peter Gathercole Silver badge

      Econet security

      Unfortunately, the Econet implementation in the original BBC Micro's had very little in the way of security.

      The station ID was coded using a set of dip-switches under the top cover, on the keyboard PCB, but this was read into a location in page 0 of the RAM. As the 6502 and BBC OS did not have any concept of a privilege mode, it was possible to change the station ID with a simple command.

      There was a vague idea of a privileged user when you logged into the file server (and there was some minimal user-seperation on the fileserver), but again, the User ID and whether they were privileged or not was stored in page 0 again, and could easily be changed.

      It was the nature of the machines. There was no real way of securing what was effectively an open workstation.

      When I administered an Econet Level 3 network, I very quickly established that there was nothing that could be secured on the network, and told the teaching staff to only store course records on floppy, never on the fileserver.

      It was a shame really, because it was a rather nice system (with one or two drawbacks, like security and very slow byte-by-byte access to files using OSDCH and OSWRCH)

    5. Velv Silver badge
      Facepalm

      Almost by definition you'd think 'administrator' commands should only be available to administrators?

      Unless, for example, you are a college. Teaching computer related courses. Courses like "System Administration 101"

      1. Ken Hagan Gold badge

        "Unless, for example, you are a college. Teaching computer related courses. Courses like "System Administration 101""

        Too true. Over in the Chemistry department, the course on Explosives is a real blast and in the Microbiology department they have an end-of-course Ebola-snorting contest. It may be possible to teach this more dangerous content merely as book-work, but why would you do that when there is a far more effective Darwinian method of spotting the failing students?

        1. David 132 Silver badge
          Mushroom

          Ken Hagan Over in the Chemistry department, the course on Explosives is a real blast

          Ah yes. And for bonus credits and a guaranteed 'A' grade*, selected students get to manufacture Dioxygen Diflouride.

          * conferred posthumously

          1. Hazmoid

            I remember the school of Chemistry at UWA always stunk of Hydrogen sulfide (rotten egg gas) because of students mucking around.

          2. Glenturret Single Malt

            Whoops, difluoride.

            Second most common spelling mistake I ever met in school chemistry (after "seperate").

            The lead/led confusion (see an earlier post) I find funny.

          3. sisk Silver badge

            Ah yes. And for bonus credits and a guaranteed 'A' grade*, selected students get to manufacture Dioxygen Diflouride.

            You're gonna have your troublemakers manufacture FOOF? Hey, let me know when that lab is scheduled so that I know to be out of town that day.

    6. Mark 85 Silver badge

      I daresay that probably most of those "clever kids" found jobs in security. Exploring, testing, finding work arounds, etc. is the hallmark of a good IT security or pen tester.

    7. Anonymous Coward
      Anonymous Coward

      Poorly configured systems - how about no password on SYSTEM!

      I used Pr1me systems in college, and spent some idle time looking up commands in the online help facility. There was a command called "arid" (add remote id) which was not privileged - if there were other Pr1me systems networked with yours you could act as another user on that system, if you provided the login and password with the "arid" command. Our school had IIRC 6 or 7 Pr1mes networked (dunno what technology they used, surely something proprietary)

      This would be innocuous except that each Pr1me had a SYSTEM account for administration. Some systems had a password on this account, other systems had no password but there was no "time" accounted to it so if you logged in you'd be immediately logged out. However, the "arid" command apparently didn't check this, so you could use it to act as SYSTEM on the Pr1mes where they had stupidly not set a password.

      With that power, I could create accounts on that other system using a script I'd found for that purpose when poking around admin directories. I just had find to find a project number with a lot of time to assign to it. One of the sysadmins had some ridiculous amount of time available, so I was able to create accounts using his project number. That made doing CS assignments a breeze, since while others were waiting 15-20 minutes each time they ran the Pascal compiler on the overloaded Pr1me used for CS, I used a lightly used one dedicated to the business college where compiles finished in seconds!

      Eventually they must have run some sort of accounting check and found an account that didn't belong. So long as I logged in directly they weren't able to catch me since I went in through via modem and they didn't have a way to trace calls from the outside through the university PBX. So they locked the password or something like that, and I used my regular account to use "arid" fix it when I wasn't able to reset my password in the normal way. I don't remember what I thought had happened, but I don't remember thinking they were on to me just that something had got screwed up. I learned later they'd enabled some sort of heavy duty trace facility on that Pr1me thinking they'd catch me, but I guess because I did it via "arid" they missed it and were even more perplexed.

      Then they deleted the account entirely, and while I should have figured the jig was up I got greedy wanting to finish my semester project more quickly and re-created it, and they were able to link it to me though they still weren't sure how I did it despite the trace facility. All they knew was a standard student account was able to create an account on a different Pr1me, so they were probably pretty worried. I got called in for a meeting with the head of IT, explained to him how I did it (at the time he didn't believe me when I told him the SYSTEM account had no password, and assumed I had stolen the password somehow, I bet the admins got an earful when they owned up to it) and was banned from using university computing resources. Luckily this was a couple weeks before graduation so it didn't impact me!

      These days of course they'd probably call the cops, and it would have been a lot worse for me, but at least I didn't deliberately destroy anything. But they were unhappy they had to enable that heavy duty trace facility on all the Pr1mes to catch me, which apparently led to a lot of complaints during the few days they'd done so because it hurt performance so much. Nowadays they'd probably include some fictitiously high cost for that performance penalty in restitution payments...

      1. Nick Ryan Silver badge

        Re: Poorly configured systems - how about no password on SYSTEM!

        It is a shame because these days utterly fictitious values of cost will be assigned to relatively trivial student "experimentations" where no real harm has been done. Yes, you used account time that wasn't yours but if the institution owned then systems then were was no real cost to them, just time slices and a bit of electricity.

        I got banned for a couple of weeks too, and one point I wound up sitting at the student help desk and particularly annoyed the staff there by clearing the queue of students with computer issues quicker than they would have - and genuinely helped them too.

        To show the difference, rather more recently I browsed a colleget network and came across a student PC with an open/anonymous share with rather a lot of pornography on it. I could have pretty much cost them their course by reporting them but instead messaged them and advised them that open shares with such was ill advised and they should stop doing it. The fear from them was ridiculous bearing in mind it was just content that anybody with a non-College network could have accessed easily. I think they appreciated the gentle hint rather than a full censure. On the other hand, September was a terrible time for the network... thousands of new, unpatched and utterly vulnernable PCs from (new) students hitting the network made things glacial at best.

    8. BillG Silver badge
      Devil

      We're Just the Guys to Do It

      Disconnecting students randomly just to see if it works is a dumb waste of a hack. Better to just carefully test it under the radar, then just tuck that nice hack away for a rainy day. Sooner or later you will come upon a situation that "absolutely requires a really futile and stupid gesture be done on somebody's part". Then you can use what you have learned for the betterment of all mankind (IOW crush your enemies).

  2. Anonymous Coward
    Anonymous Coward

    I had fun with a printer attached to a pub's guest wifi network, not bad just the occasional test page.

    I liked to think about the landlords confused expression as a single test page appeared for no apparent reason.

    Anon because I still drink there. :)

    1. Anonymous C0ward
      Paris Hilton

      Oh FFS at least print some pr0n.

    2. Adam 1 Silver badge

      Printer test page, missed a trick there

      [Company Logo]

      Memo

      Directive to all service staff - Beer O'clock Super Special Tuesday

      From this Tuesday afternoon, we will be commencing our new Super Tuesday initiative. We value our regular patrons, so whenever an order is placed for a craft beer, the first one is on the house.

      Cheers

      Management

  3. sorry, what?
    Devil

    Fatal Futil and inter-school rivalry

    I was a young nerd in the very late 70s and had managed to get myself access to the hallowed computer room at my school. This had a real TTY terminal that connected us the PRIMOS machine at a relatively local university. The university hosted logins from a number of schools, each identified by accounts like SCH008 (which was our login). A rival school in the same town had the account SCH007 and they would broadcast brags to us about how much cooler they were, frequently related to a License to Kill.

    One of the super nerds at my school, a chap a year or two older than me, somehow managed to get hold of a useful commands list and found that the FATAL FUTIL command let him mess with other user's processes (I don't remember the detail).

    However, the upshot was that it was SCH008 that gained an effective License to Kill, by way of terminated processes.

    1. Chris 244
      Thumb Up

      Re: Fatal Futil and inter-school rivalry

      Bill would have had the same License as James.

  4. druck
    Facepalm

    A decade of poor configuration

    Such shenanigans were still possible at many universities 10 years later in late 80s on unix systems, where you could inject characters in to other terminals stdin, or boot them off all together with stty 0 > /dev/tty1

    1. Dr Dan Holdsworth Silver badge
      Coat

      Re: A decade of poor configuration

      Another university that shall remain nameless had, in the mid nineties, a fair number of unix machines of various sorts (very few Linux systems back then) all of which had unsecured X sessions on them. As a result, pranks of all sorts abounded; screen flips, random windows popped up on other peoples's X sessions, screen meltdown spoofs and the like.

      All fairly detectable; all you had to do was turn round and look behind you for the most virtuously innocent-looking person in the room, and there was your culprit.

      Mind you, the other trick often played was to log into someone else's system using rhost, start off a Netscape process (a notorious CPU and memory hog) and echo it back to your own machine. Hey presto, your system was still nice and responsive and someone else had a sluggish system with a foreign web browser process running on it. This generally lasted until the victims found out about top.

      This is the beauty of universities; wonderful teaching environments, whether you want to learn or not!

      1. Alan Brown Silver badge

        Re: A decade of poor configuration

        "All fairly detectable; all you had to do was turn round and look behind you for the most virtuously innocent-looking person in the room, and there was your culprit."

        Until people realised that the easiest way of not being detected was to push nutscrape from a computer in the adjoining lab.

    2. Nick Kew Silver badge
      Thumb Up

      Re: A decade of poor configuration

      Not just the late '80s, when xhost + was still a default. Right into the '90s you could - and inevitably sometimes did - make someone else's computer burst into song, tell a joke, admonish the user, or just fart. You could also trivially run your prank from another computer again to leave a false trail in case someone investigated: a local area version of the CIA routing an attack to come from China or Russia.

      But we did it for laughs, and drew the line at actually damaging anyone's work.

      Oh, and this wasn't even a university. Though it was a research institute funded by (many) governments, so not quite the corporate world.

      1. Alan Brown Silver badge

        Re: A decade of poor configuration

        "You could also trivially run your prank from another computer again to leave a false trail in case someone investigated: a local area version of the CIA routing an attack to come from China or Russia."

        Try explaining THAT to a journalist and you get blank stares. They very much work on "XYZ says the attack came from russia, therefore it must be so"

        In one case I got mixed up in, the culprit was a spotty overgrown 14yo (he was actually in his mid 20s, just never grew up) who would bounce attacks all around the world so that he couldn't be traced - forgetting that if you don't want to be traced, you don't behave like an ass in other areas (mainly IRC) and get the direct attention of the organisations you're targetting. (yes, there was a lot of monitoring of the "hacking" channels to see who was boasting of what and it doesn't matter if you bounce through a bunch of proxies when certain orgs keep logs, watch where you first started showing up on the net from and note social network structures (these always giveaway name changes eventually) plus language syntax (it's hard to fake your origins for very long))

        IRC was a great educator as to how attacks were being performed (including social motivations) and a good canary of what was coming down the pipeline.

        1. Mycho Silver badge

          Re: A decade of poor configuration

          I went to university around the time it became compulsory if you wanted to continue working in IT. So I got there in the early aughts.

          It was Kazaa which forced my university to lock things down, since most of the IT labs were unusable when a couple of machines were running it 24/7.

      2. EVP

        Re: A decade of poor configuration

        >Not just the late '80s, when xhost + was still a default. Right into the '90s you could - and inevitably >sometimes did - make someone else's computer burst into song, tell a joke, admonish the user, or >just fart.

        One day, my lab’s sysadmin decided to prank me and opened up a Netscape window on my X terminal’s screen with content that raised some questions among the lab’s staff.

        Next day, I wanted thank him and sent a video clip on the ever so popular series ”This is how mammals reproduce” on the screen of his workstation. I was kind enough to make sure that there were no students obtaining their logins, neither head of the laboratory making his daily complaint about his mailbox being full, in his room. Nor the sysadmin himself, for that matter. He used to leave door to his room open, though, and loudspeakers swithed on. Did I already mention, that he kept his speakers’ volume turned high? Audio track of the educational piece of video raised some questions among the lab’s staff, too.

  5. trevorde

    Value added installer

    Many years ago, I worked on some *really* expensive software. It was about $25k USD *per seat* about 20 years ago. Only problem was the installer only took a few seconds to run. Where is the value in that? I wrote a small, err, 'installer helper' which just displayed a dialog box with a progress bar and some customisable text eg 'Configuring datastore' (there was none), 'Acquiring network connections' (not required), 'Updating discombobulator' etc. The installation procedure went from 20s to well over 10 minutes. Now *that* is value for money!

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019