Hacking It 90’s Style

It’s time once again for all Millenials to gather around the campfire and I, an Intenet tribal elder, will once again mesmerize you with tales passed down from Sysadmin to Sysadmin. For these are the continuing tales of the life force we call Internet spoken by those who were there to experience it many moons ago… (cue howling wolf).

This hack had a good run in the early to mid 90’s and is seen occasionally in this day and age in the dial up world. It had to do with luring someone to a page that interested them and getting them to click on a particular script… Not for a mere few cents in booty like Google AdWords pays today, I’m talking 99 cents per minute level booty!

During the heyday of dial up internet, people got accustomed to hearing that familiar dial tone, beeping, and subsequent squeal of the answering modem as they connected to the Internet via their local ISP. Hearing that sequence of events squawk through the speakers meant we were connected and ready to surf. Some users, though, elected to silence their modems and rely on the primitive Windows 95 icon to tell them they were connected.

Now, in the early days of Windows 95, Winsock Dialer was the method used to connect to dial up ISP’s. It was not initially part of Windows and had to be installed via a floppy disk (which ISP’s provided free of charge). These disks usually included the dialer and modem script with commands that were sent to the modem telling it what to do. It is in this script that astute users could send commands to the modem to tell it to dial quietly. Other commands in the modem initialization string could serve other functions, but the speaker and sound related ones were usually limited to:

M0  Speaker always off
M1  Speaker on during connection
M2  Speaker always on (very noisy)
L0  Lowest volume
L1  Lowest volume (redundant)
L2  Medium volume
L3  Maximum volume

And so on. The point is that a text based initialization file was all that was needed by Winsock (and other dialers) to get your modem to connect to your ISP. And it was this security hole that nefarious Internet underlings exploited to rake in millions from unsuspecting dupes. Here’s how…

Two VERY popular (and still popular) niches of the Internet are pornography and free (illegally) software. Newsgroups were the method of the day, but websites were starting to appear that offered “FREE” content and thousands of pictures, software, etc.. When people would visit these sites, they were told that in order to access their “FREE” content, they had to download some files or even download and run a program that would “set up” their computer to get the free material anonymously, faster, whatever it took to get the person to agree.

Once downloaded and run, the script would actually change the dialer settings of the Winsock script to dial an ISP with a 900 number, and also change the speaker settings on the modem. Once loaded, the script was executed which basically told the modem to hang up and reconnect. The sound of the modem disconnecting is usually a very faint clicking noise. If unnoticed, the unsuspecting web surfer’s connection was disabled and re-established using this silent pay-by-minute 900 number instead of their usual ISP. Some astute people would hear the disconnect click and suspect foul play, others though were a trustworthy bunch that, since the modem dialed silently, had no idea they were connecting to high priced dial in service.

The user was then taken to the site which, as promised, delivered endless hours of viewing pleasure to the unsuspecting client… until the phone bill came! In those days, disputes on the bills were not usually tolerated by the phone companies, so the client paid the phone bill, in turn paying the hackers. If they were not clever enough to figure the time frames, the blame sometimes fell on unsuspecting teenagers in the family that were blamed for countless hours on Corey Feldman party lines.

Now, off to bed ya go! The Elder’s will regale you with tales of Internet old some other time!

Leave a Reply

Your email address will not be published. Required fields are marked *