Memories of Sub7

Back in 1998, Cult of the Dead Cow released this revolutionary hacker tool called Back Orifice. Despite its dumb interface, it was fun to play with and I used it to jump into random home computers all over the world, mostly just exploring a users files. About a year after that is when I found a similar program called Sub7.

Sub7 was amazing. Not only did it have a nice, clean interface, it allowed me to do amazing things to random computer users, like see whatever their webcam could see, listen to their room through their microphone, watch their screen, control their mouse, type on their keyboard, change their Windows themes, open and close their CD tray, make official-looking alert boxes pop up on their screens, play sounds for them to hear, flip their screen upside down, reboot their computer, and so much more. I had a blast with this program for a year or two. I never infected a computer with the server software myself – I just scanned IP ranges that I found from users on IRC and from email headers. Nearly every IP range I scanned would find at least 1 computer to “hack” into.

I was surprised one day when my redneck neighbor Tom told me that he had been doing the exact same thing, finding infected computers and spying on them with Sub7. We became pretty good friends after that and regularly exchanged lists of infected computers with each other. I taught Tom to do more than just spy on users by actually having some FUN with them.

At the time, everyone used either Windows 95 or Windows 98. I created several kinds of “theme” packs for each system and uploaded files whenever I got into a new system. It would change a few of their key system sounds to silly things like farts or other annoying noises. It also changed their startup screen and their shutdown screen. Instead of seeing only the words “Windows 95” on bootup, they would see added text which made it say something like, “A hacker has infected your Windows 95 machine and has complete control over everything you do! Have a nice day!” The shutdown screen displayed something similar. I had other screens that were a little more subtle, but I can’t remember what many of them said. I made at least one set of them that advertised phonelosers.org, thinking it would be great if people started emailing me because phonelosers.org hacked their computer. Surprisingly, these systems wouldn’t usually disappear from my list of infected machines immediately after I uploaded these images. Either they didn’t care or they just didn’t know what to do about it.

I built my collection of mp3 music with Sub7. I think at the time the only way to get pirated music was from Usenet. We didn’t have Napster or Limewire or torrents back then. There were FTP sites and IRC channels to get music from, but I just wasn’t into piracy enough to bother with all that. But when I started finding mp3 files of popular music on peoples’ computers, I began slowly downloading them on my speedy 56k modem. This, of course, slowed down their internet connection to unbearable speeds. Sometimes they would log off in the middle of my download and I would end up with an incomplete song, something I wouldn’t notice until I was listening to music and it would stop playing before the song finished. It was a fun way to build up a music collection though. And it was a really sad thing when I’d find a computer full of mp3 tunes that I really wanted, but they would log off before I could take it all and I’d never find them again.

I won’t even get into all of the personal data I found on peoples computers, but there was a ton of it. I read financial documents, letters to friends and family, diaries and telephone books. I remember reading this incredibly long journal that a guy was writing in Microsoft Word, detailing his sadness and feelings over the divorce he was going through. I popped up a window on his screen one night that looked like a standard Windows alert box, telling him to hang in there and it would all get better soon. I bet he was confused to have his computer try and console him.

I did something to about 10 users in Bend, Oregon that I’m not too proud of. I deleted all of their files. At the time I was involved in a battle with Tannest and she worked at her brother’s Internet Service Provider in Bend. So I would regularly scan the IP ranges for her ISP (BendNet) and when I found an infected one, I would log in and delete pretty much the entire hard drive. I would leave most of the Windows directory intact so that their system wouldn’t actually crash. Then I would pop up an alert box titled BendNet Services. It would read, “You are currently more than 30 days past due on your internet bill. We have removed all of your computer files and will not return them until your bill is paid in full. Thank you for using BendNet internet. -Tannest.” I used her real name, of course. I’m sure she had a tough time convincing the angry users that stormed into her office that they weren’t the ones responsible for deleting all of their files. I seriously felt bad about doing this to people, but the hilarity of pissing off Tannest outweighed the guilt so I kept doing it. After awhile I could never find infected BendNet users anymore, so I always wondered if Tannest started scanning for them herself so she could contact them and fix their machines before I got to them.

I also helped a lot of infected people in my local area. After going through their files and figuring out what their ICQ member number was (Remember when we all used ICQ? Ugh, past, I don’t miss you at all.) I would send them a message on ICQ, using my real account, and explain to them that their machine was infected. I’d direct them to a website that contained a program that would remove Sub7 from their computer so that nobody else could hack them. I made a few local friends by doing this, people that I kept in touch with for years afterward and even met some of them in real life.

I could make a user’s modem dial phone numbers by adding standard modem commands to certain files. A few times I would want to know the identity of a computer that I had access to, but I couldn’t figure it out from their files, so I’d command their modem to hang up from their internet connection and call my home. A look on my caller ID box would give me their identity. Once they logged back on, I would remove my phone number. I could set up their systems to automatically dial any phone number I wanted each time they turned on their computer. It sure was tempting to buy a 1-900 number and make computers all over the country dial my number.

It was fun era of pretending to be a hax0r in the late 90’s and early 00’s and I doubt it’ll ever be so easy again. It’s just too bad that I never used Sub7 to pull any truly epic pranks on anyone. I saw other people post webcam shots of computer users looking thoroughly confused at the weird messages popping up on their computer, but I rarely found computers with webcams attached to them. That’d sure be a fun thing to do today with everyone owning laptops that have built-in webcams and microphones in them.

Defcon 17

defcon 17 badgeOnce again, I flew to Las Vegas this year for Defcon. It went a little like this…

Thursday: Drove to the airport with plenty of time to spare. I expected to have my backpack searched extra because I had about 200 PLA CDs in it, all stacked neatly at the bottom in two rows. On an x-ray machine it probably looked like two cylinders. But he took me over to the bag searching area and open a different part of the bag and swabbed the inside with cotton, then put it in a machine. Either looking for drug or bomb residue, I guess. That’s when I remembered that I used that compartment of my backpack on July 4th to stuff all the trash from our fireworks. He didn’t tell me why he did that, but I wonder if they had something that picked up some gun powder residue. After that he dug in the regular part to see my stacks of CDs. Then let me go.

The plane ride was boring. The guy next to me kept drifting off to sleep and leaning on me. I kept elbowing him awake. Had a layover in San Francisco and that plane was delayed by an hour, but I didn’t mind since it gave me more time to charge up my dying iPhone. The girl next to me on the next plane kept bumping into me, she kicked me once, flipped her hair into my face another time. I ignored her a listened to a podcast the whole time.

I listened to the latest episode of 2600’s Off The Hook and was surprised to hear them play Rob T. Firefly’s latest hit song, called Bell Odyssey, at the end of it. Thirteen years ago I wrote this song in a PLA issue and he decided last week to actually record it, and it’s amazing. Go take a listen to it on robvincent.com or listen to it at the end of Off The Hook for July 29th, 2009.

I-Ball rented a car for the weekend so he was able to pick me up from the airport and take me to the hotel. We walked around for awhile and ended up in the room he was staying in, where there were stations set up all over the room for soldering electronic Ninja Party badges. Both of us soldered a couple of them. I checked my Twitter and noticed that Pinguino was at Defcon. A few minutes later, I noticed that Pinguino just happened to be in the same room as me. So I went over and said hi to her. We hadn’t seen each other in 8 or 9 years. I also finally met Strom Carlson.

Got a message from RijilV and T. that they were at Peppermill, so me, I-ball and RTF walked over there to have some dinner with them. Then we hung out in the Chillout room for awhile and met Labythan (an old school Cal’s Forums guy). That’s about all I can remember from Thursday.

Friday: Woke up early and hung out at the hotel’s food court for a large portion of the morning and afternoon, working. Bumped into Rogueclown and RTF for awhile. Then Paul and Larry from PaulDotCom, who gave me a Hack Naked party pass. Went to the Playboy Club with a bunch of i-hacked.com people. I think it was Adam (not completely sure) who sent two of the employees over to me to try and get me to dance and drink with them. Not sure what their angle was, I declined everything. I thought they were trying to lure me into a private room for an expensive dance or something. Apparently Surbo was snapping pictures of us. Beer was free and I drank a lot.

Later we went to a party at the Hard Rock Hotel, which was in a small room and way too full. I ended up sitting in the hall for awhile, resting and texting. Before we left, hevnsnt wanted to sit at the elevators on Floor 5, constantly hit the buttons and cheer for people when the doors opened. There were about 10 to 15 of us doing that for 30 minutes until a hotel guy came up and told us to stop.

Saturday: Hung out by the PaulDotCom table for probably an hour, chatting with them and random people who walked by. I met Rachel and Georgia from GRM n00bs and a girl named Drollee (I’m sure that’s spelled horribly wrong) who was a listener of The Phone Show and had called in and talked to me on the air a week or two before. Then for the next 2 days, I seemed to bump into her nonstop. The PaulDotCom guys were nice enough to let me put about 200 PLA CDs on their table to give away for free.

Drolley & RBCP

Me, Surbo and hevnsnt entered the social engineering contest and I ended up meeting notkevin at that. We expected them to give us an assignment or something, but we were just told to social engineer anything we wanted as long as we didn’t drop any docs. So we got the hotel’s housekeeping frequencies and listened to them dispatch things to rooms. Then we called those rooms to talk to the guests about whatever they needed and tried to make them as unhappy as possible. “You need an extra cot in your room? Sure, that’ll be $100 extra per night and I just charged it to your credit card.” One lady said she was coming down to the front desk to get me fired, so we went down there and stood next to her the whole time and listened.

I-hacked got honorable mention for our entry, which is their nice way of saying we’re huge losers. We got to play a couple of the calls for a crowd of people and it got some laughs. I couldn’t stick around for the closing ceremonies since I needed to catch my plane. But notkevin brought me and I-ball up to his room and gave us some really cool t-shirts. Thanks, notkevin!

There was the Podcaster’s Meetup where a huge panel of podcasters did a live show, which I wasn’t cool enough to be invited onto. I got to meet Stankdawg there, and a few other people whose names I can’t remember. One guy lives in Eugene, just 45 minutes from me, and we talked shit about tr0n for awhile. There were parties afterwards. I talked to Grey Frequency a lot and I finally introduced myself to Jason Scott. Bumped into yomama, thepublic, nekid amy.

Oh yeah, I twittered a lot throughout the weekend which occasionally caused people to show up and say hello. And during the podcaster’s meetup, altalp tried to send a phone up to the room and have me paged for a phone call, but the hotel staff wouldn’t cooperate. So instead she had them deliver a trash can to me. I didn’t notice it until after the meetup was over and the party started, but there was a big, gray trashcan sitting in the middle of the floor for the rest of the night. I explained to several people that it was my trashcan and one guy was nice enough to take a picture of me standing next to my trashcan. I didn’t take many pictures on my own camera and I’m counting on all these other people to send me pictures so hopefully that happens soon. If you have pictures you think I’ll like, my email address is bradcarter at notla.com. Maybe I can stick some pictures in this entry eventually.


(thanks, Labythan, for this pic!)

Sunday: I met Shane! He’s a guy that I worked with in 1993 in Indiana and I lost touch with until just a few months ago when I noticed a video of him online from Shmoocon. I saw him briefly after the social engineering contest, then briefly in a hall somewhere, but on Sunday we actually got to hang out for awhile and do some catching up. I was able to impress him with my memory of everyone’s names from our old job, asking him if he still kept in touch with anyone. So that was really cool and I guess I’ll be seeing him at various cons from now on.

I refrained from blowing money on any t-shirts this year except for one that I had to have. It was at the EFF table and required a $40 donation. $40 for a t-shirt, but I did it anyway. It’s for a good cause. What really sucked was that they were out of that t-shirt by Sunday, so it has to be mailed to me. I went to lunch at Kadie’s with Stankdawg. I swapped CDs with dualcore. I actually bought his CDs. I told him that I didn’t own any CDs at all and I would just rip them and give them to friends, which he said he was fine with. Damn this physical media!

Went to Kadie’s again with I-Ball to have dinner, then we went to closing ceremonies. Had to leave early since I had a plane to catch. Stopped by the goon room to say goodbye to RijilV. Met notkevin and went to his room to claim our prizes of XXXL t-shirts. (That’s the only size they had left.) Went to the parking garage and I-ball couldn’t find his rental car. We walked down 4 stories looking for it before he finally spotted it. He got me to the airport about an hour before my flight, plenty of time to charge my iPhone so I could listen to podcasts for 2 hours.

I think this is a new feature, or maybe I’m just noticing it for the first time – when I’m listening to podcasts I can hit a “2x” button and it doubles the speed of the shows. Not the pitch at all, just the speed. So I was able to listen to 4 hours of podcasts during my 2 hours of flight. The people on those shows talk too slow anyway. As long as there’s not much music, it sounds fine.

So that was my Defcon. Pictures later. Or you can listen to an audio review of it by me, linear and Rogueclown by going to www.phonelosers.org/phoneshow/ and listening to the 8/3/2009 episode or clicking here.

One last thing…on the drive home after the airport, I was listening to the HipTrax podcast, which is a music podcast that the Geek Dads do. And I’m in love with this new song called Ode To Alderaan by Glenn Case. It’s a great tune and great lyrics. Listen to it.

Glenn Case – Ode To Alderaan
Found at Ode To Alderaan on KOhit.net

Defcon 2008

I’m going to Defcon tomorrow. If you’d like to contact me this weekend, you might try emailing MOBILE at notla.com, which will text my cell phone. You can also leave me a voice message at 541-550-2930. And Twitter will be texting me nonstop all weekend – I’ll probably think about even updating it myself occasionally. See you there!

Rubicon 2003


Thursday, 3-27-2003: Time to prepare for Rubicon. Is0tek and GreenGod arrived at my house around 8pm. We went out and hijacked fast food frequencies all over the area and ended up going to bed around midnight or so. We plan to get up around 5am and leave for Detroit.


Sunday, 3-30-2003: Our Rubicon adventure started on Thursday night – GreenGod (aka AssNeck) and isotek showed up at my house around 8pm or so. Neither EvilCal or Adrenaline wanted to come this year so it was just 3 of us. We had a quick meal at Applebee’s where we screwed with their TVs, then drove around Alton and screwed with drive-thrus, then went back to my house and went to sleep early. We woke at 5:00am and began the drive to Detroit. It’s about a 9 hour drive from Alton and I drove all of it but the last hour, when AssNeck took over.

The first interesting thing we saw on I-55 was RijilV’s car. On Thursday morning I’d received a call from him telling me he broke down about 90 minutes away from Alton on the way there. I offered to come and get him but he’d already hitch hiked part of the way there. So we noticed his on the way up and stopped to take a few pictures and steal all of the valuables from it. I scored a car battery charger/starter, some nice jumper cables, bungee cord and other miscellaneous items from the trunk. Apparently his tire went flat after he left it too. He said the engine blew up but it had a flat when we got there. You have to give him credit for leaving it halfway on the side of the road with the hood open like that…


my first picture of his car.  at this point, i'm still laughing at the site of it.assneck walking around in the rainrijilv's flat tireisotek and assneck in front of rijilv's car

We got to our room and, as usual, took the phone jack out of the wall to see if we had access to any other rooms. This time we did! Turns out that we have access to both line 1 and line 2 of the room directly below us. We decided to order a shitload of room service for them from their line, then stand down there and watch them try to deny ordering it. Then we decided to wait until Sunday morning for that. But that plan was derailed when the guests checked out the night before and the room became vacant. Here’s a few pictures of is0tek opening the jack and testing the lines…



During a speech, AssNeck videotapes, is0tek plays with a vx5 and Rious watches.
It was no surprise to us that such a fine hotel like Holiday Inn would carry “Phone Loser Monthly” on their magazine rack.
In a lame attempt to mimmick last years furniture stacking end, we put a chair on the bed as we left to check out. WE ARE SUCH REBELS. PHEER US!

Wendy’s suffered a horrible wraith this year. They were unfortunate enough to have a business running right next door to a hacker convention. Their wireless drive-thru headsets were utterly useless for much of the weekend. A few times they had a fat guy (the manager) standing out at the drive-thru speaker, telling customers not to listen to the hooligans cursing at them through the speaker. The hooligans would reply with, “Don’t listen to the fat man! He is lying to you! He doesn’t really work there!” After that didn’t work for them, they had no choice but to turn off the drive-thru speakers completely and put a sign up telling customers to pull up to the window and order. They would sometimes decide to put the drive-thru speaker back in business and start taking orders again but that would never last very long. Here are a few sound clips of “somebody” screwing with customers:

  • Who Said That?? This is our first attempt at messing with the drive-thru. Is0tek is mean to a customer and the drive-thru girl exclaims, “Who said that?” Then the customer drives away and the drive-thru girl sounds rather amused about it.
  • Lawsuit Lady This lady has got to be the stupidest customer Wendy’s has ever served. The drive-thru girl can’t hear the order because somebody is keying over the customer while she tries to place an order. Then after we have our say with the customer, an employee and a manager rush out to try and explain what’s going on to the lady. They explain about a half dozen times before the customer finally understands. The whole time she’s ranting to the employees, saying things like “I WILL get a law suit!” and “I WILL call headquarters!” and “I’ll slam dunk his behind and get my whole family on his behind!”
  • I’m New Here Me and the drive-thru girl get into a fight with a customer about which one of us is the real Wendy’s employee. Horrible sound quality on this one.
  • You Smell Funny We tell a customer that he smells funny and an employee rushes out to explains things to him. The girl laughing is an employee in the store. The person yelling at me is a customer. And the guy trying to reason with me is the employee that came outside.

The con was fairly tame this year, compared to last year. There was virtually no destruction as far as I know, except for the incident where somebody tried to drill and crowbar open an elevator access panel. We left kind of early on Sunday morning but from what we hear, the police didn’t even escort the atendees out this year and the hotel staff wasn’t threatening the RC staff with massive lawsuits. Here are a few surprising pictures of the non-destruction. Take special note of the courtesy phone NOT missing and the big lobby water fountain with NO bubbles in it on Sunday morning.



CNN segment on hackers at Rubicon

My Defcon 2000 Review


July 2000: I’m stealing this old review of mine from Defcon 8 from UPL021. And there’s nothing linear can do about it!

So I went to this thing called DefCon and now I’m going to write about it. We were stupid enough to book our flights with PriceLine.com which got us better rates but really crappy flight times and days. My flight left Illinois at 10:30pm on Thursday night and arrived at 1:00am Friday morning.

LogicBox was supposed to meet me at the airport but he was 20 minutes late so I ended up leaving with these two old people who were there. Well, actually they were my parents. See, I had never met them before and this DefCon was my first time ever meeting them (long story). So I’m proud to say that I’m probably the only person who’s ever met their parents for the first time at a hacker conference.

I arrived at the Alexis Park Hotel on Friday morning and was lucky enough to get there before the registration line started wrapping itself around the hotel. I paid my money, got my badge and walked around in the lobby. I walked 2 full circles around the sitting area. Then I ventured outside and walked up to the pool. It got hot so I walked back inside for awhile and got a Coke for the low low price of $2.00, tax included. Then I walked around the eating area in circles and back into the lobby. I walked over to
the pay phones and slapped some PLA stickers on the phones. Then I walked around the lobby some more for a few minutes. Much later I walked out the front doors and discovered that I could hang a right, walk along the side of the building and get into the lobby through the side doors or from the pool area. So I did this a few times and then did it again in reverse. Then I walked around the pool area, through the courtyard and to another pool, around that pool and turned around, then repeated the process. From there I walked a few more circles in the hotel lobby. This is where I started to get kind of bored. I walked up to a guy standing by a wall.

“Hi, are you here for Defcon?,” I asked.

“Yeah.”

“Cool.”

I walked back down the hall towards registration so I could walk around the registration lines and see if I knew anybody and a DefCon Goon was like, “You can’t go in there!” and I said “It’s okay, I’m RBCP!!” and he threatened to take away my badge and throw me out. So I had no choice but to go down the street to Subway and have something to eat. I got a footlong sandwich
on white bread, turkey, lettuce and mayo and a large Pepsi. It was really good. On the way back some nerdy kid beat me up for looking stupid. That really sucked but only lasted for a few minutes because I pretended to be unconscience.

I went back to the hotel and made a bunch of phone calls to people who were supposed to be there but none of them answered their phones. After sitting around in the lobby for awhile, The Public and Nekid Amy approached. We walked around for awhile, went up to his room and I got to meet Zens who I hadn’t heard from for awhile. Just an hour or so later I got a call from LogicBox who told me to come into the con room and find their table. Funny, because I’d already passed by his table a few times and had a look at the shirts they were selling but I guess we didn’t notice each other. I went up to the table and stared him down until he said, “Oh, hi!”

Pesto was there and broke into tears and started telling me how much he loved me and how cool I was and stuff. Then he jumped up onto a table and started dancing for me and that’s when I left the con room forever. Okay well, that didn’t really happen. Awhile later I met up with el_jefe and Apok0lyps and I walked around with el_jefe for awhile and finally told him that he was really boring and I was going to go find someone else to hang out with.

That night we geared up for a huge party in barkode’s room! We got all kinds of booze and black lights and a big-ass sound system. Then el_jefe came in and started dancing this scary jig in front of me and soon after that some dude’s girlfriend puked all over the floor. Just as things were getting crazy I noticed that it was after 10:00pm which is way past my usual bedtime so LogicBox said I could stay on his floor at the Excalibur so I went there and went to sleep, however I DID stay up to nearly 11:00pm watching dumb 80’s movies. Man I’m nuts sometimes.

Throughout the weekend, me and Logicbox caused as much trouble as we could on the FRS frequencies. The FCC thought these channels would be used by a few family members at a time to keep in touch at the malls or while camping or whatever. I bet they never thought that a few thousand hackers would all be using the same channel at once. This made for some interesting conversations with people we didn’t know. We kept yelling at everyone to get the hell off OUR channel. They would yell back that it was THEIR channel. We would tell them that we bought the channel from the FCC just last week and we had the receipt to prove it. They would start yelling obscenities and playing tones at us. It was like being on a conf. only on a much larger scale.

We also yelled at girls when they came on the channel, told them that girls didn’t know how to use radios, girls belong in the kitchen and not at hacker cons, girls shouldn’t be wasting time on the radio when they could be pleasing a man. Needless to say, the girls didn’t think this was very funny.

Hmm, so that’s about it for my DefCon experience. I finally got to meet linear but it took so long to find him that by the time we met it was almost time for him to leave. Damn you, linear!


DEFCON 8 PICTURES:


My Defcon 8 paass
Soon after arriving at Defcon I got a call from Cal on my cell phone who told me to meet him out front in a few minutes. I wasn’t surprised to find out that he rides the short bus.
This is one of those stupid I’m Taking A Picture Of You While You’re Taking A Picture Of Me pictures. That’s SlapAyoda. I didn’t take this, someone must have swiped my camera. Damn hackers!
SlapAyoda walking around on the walls in Barkode’s room.
This is the phone in Barkode’s room. It’s got an elite PLA sticker on it. See? That’s why I took the picture okay? Even though it’s all blurry and you can’t even see the stupid thing.
LogicBox and Pozer bridging a couple of walkie talkie channels together hoping to annoy everyone listening.
My birthmom & I, up in the mountains somewhere
In a swimming pool, somewhere in Vegas
Barkode gets a little crazy and tells us that money is insignificant or something and throws a few thousand dollars up into the air saying he trusts us all not to steal it. I pocket a few hundred and quickly go home.
After the money incident, this picture shows SlapAyoda comforting Barkode as if trying to talk him down from a high ledge while Pesto is scooping up money like a madman and shoving it down the front of his pants.
This is a picture of me, Logicbox and Carolyn Meinel. You can listen to Carolyn Meinel’s hilarious ranting about hackers on my sound clips page. I stole this picture from Barkode’s site and there’s nothing he can do about it.