IRC CTCP or how file sharing worked in the 1990s…

If you ask youngsters about IRC they usually belive it is a government agency that collects taxes (Actually wrong, that is the IRS – Wikipedia:IRS)…

Well back in the 1990s when the internet was quite new there was no megaupload, rapidshare or edonkey. You’d get files from either private FTPs or search for stuff on certain “blackhat” (well kinda) IRC channels.

Using mIRC

So in a nutshell you’d connect to IRC using your favorite client. For halfway sane users using Windows 95 or 98 in the 1990s that would have been mIRC with a nice addon script like “Invision”.

So you’d connect to a channel where you’d get your favorite stuff and just instantly download whatever you want (namely appz and games – movies and music were not compressed enough back in the days), right?

Wrong!

There were always dozens if not a hundred other people like you also wanting to download stuff. So you were queued. Being place # 139 in the download queue sucks, right? So wait for an hour or two until it’s your turn to download some files? No way, Jose!

So what’s the plan? Well most users were obviously using Windows 95 (or 98) and back in the days these did not come with the “automatic updates” feature, so there were loads of critical vulnerabilities in these. Another flaw was IRC itself as any direct request to another client would reveal the IP address of that computer – and unlike today these were not behind some neat firewall router thingy but directly connected to the internet via a modem. So screw them.

The whole solution was to abuse some common security flaws and send them a nice manipulated TCP package that would let their windows crash into an epic bluescreen. There was even a gui tool to do that back in the days called something like “WinNuke”. Well obviously it was rather easy to script since IRC would show all the cleints in queue in front of you. So you’d just “nuke” all of them and like 95% of them would instantly crash to death while losing their queue place, making the wait much shorter for me…

 

Winnuke – wikipedia article

AOL CDs, their annoyance and before that…

Well if you are as old as me you might remember all these unwanted AOL CDs. I mentioned them in my previous post but to recycle pictures here they are again:

Unwanted AOL CDs
AOL CDs – was there ever anyone who really WANTED them?

 

The good point of these besides using one as a coaster for your coffee cup was the box. Some came with a DVD style case, some even with a metal case. So while you had to dump the actual CDs the case was pretty nice if you bought blank CDR in a paper sleeve like me (cheapest type).

And big surprise for people who aren’t that old: before the infamous AOL CDs they actually distributed floppy disks:

AOL Floppy
AOL floppy discs. They would have been perfect if they came with a blank label…

The good point about floppy disks was that they actually costed money and even if there was crap like AOL on them you could just format (“erase” for the younger generation) them and have a free floppy disk. Hey, back then a 10-pack of floppies costed like 5 dollars and any free floppy was kinda cash gift for us nerds. So unlike the AOL CDs the floppies were always welcome. God knows how many appz and games were copied because AOL gifted us with free storage space. So i blame the whole PC (You could use them on your Amiga as well after formatting) piracy scene on AOL. For the CDs they might have brought more happiness to homes if they used CD-RW, but oh well they missed that opportunity.

Why hackers loved AOL in the 1990s…

If you ask youngsters about AOL they aren’t sure if it’s a car model or an insurance company. But most older folks will either remember AOL for dumping unwanted CD-ROMs in their mailbox or for stupid advertisement.

Unwanted AOL CDs
Coasters for your coffee mug or frisbees? You decide!

Actually AOL was quite interesting in like 1995 – being among the few providers besides Compuserve (RIP) who offered kinda all-in-one solution for Internet access, an e-mail address and a personal homepage. All that may seem god-given these days, but back then you were quite happy to slam loads of money on the counter each month to just have that and being connected to the world. And “loads of money” is to be taken literally since back in the days you didn’t have a flat rate, so you had to pay for every minute you were connected.

That was for sure a problem as AOL (and all similar companies) were not really from charity, so an excessive life online would cost an excessive amount of money back then. And the good old times of blue box ( see here: https://en.wikipedia.org/wiki/Blue_box )  were already over, so no more free or cheap phone calls with our analog modems.

I remember one halfway famous porn website (Shame on me, obviously noone else vistited these in the days) advertising their downloadable videos with a quote like “Fap without looking at the watch” which kinda reflects the whole situation back then. Every minute you were connected was precious.

Well all that was annoying for a hacker like me since i didn’t have much money back then, wouldn’t it have been for a bug feature of AOL back in the days – ROAMING. Most youngsters know that term because it means they can use their cell phone during their vacation to Mexico or elsewhere while paying loads of additional money. Well back in the days it was exactly the same just with using your AOL internet access. That meant if you were a U.S. citizen and went to Germany you could just bring your laptop, dial in your analog modem from any phone line and AOL would bill you everything, your friend in germany would not have to pay a single cent on his phone bill (All AOL internet access numbers abroad were toll free numbers). But when you came home from vacation you might have been surprised that AOL charged you like 5 Dollars per minute in Germany. As i said before – AOL was never a charity organization.

While this sounds (more or less) reasonable just imagine someone from Germany you don’t know had your account credentials (username and password that is). Big surprise when you get your AOL bill. And maybe now i should mention that I am the German guy that these unsuspecting AOL users didn’t know.

Getting AOL password was rather hard by typical hacking. AOL had this bug feature that they would just ask for your password once while setting up the software and saving it along with the rest of the settings in a big monolithic binary file that was encrypted. So no way to read out that password unless you dreamed about encryption ciphers at night. Well but a nice workaround was to simply copy that whole settings file and inserting it into my AOL installation directory. I did that so often that i even made a batch file to replace it from my “incoming” directory.

But yeah, hacking every single client and downloading that rather big file was annoying and some paranoid people checked their AOL account online every day and quickly changed their password once their bill surpassed a few hundred dollars.

 

So i needed a better method of getting a stable supply of AOL credentials (sounding like a junkie here which hits it pretty well regarding my online habits..).

So an easier way of hacking scamming people for their AOL passwords was simly good old social engineering. But instead of calling people asking for their password i just posted an instruction how to hack someone elses AOL account by simply sending an email with your own password to some “special” email address. Ironically there are still some of these pathetic scams online, as you can see i used it as late as 2001… (Proof here: Scam instructions ).

You’d be surprised how many jealous girls and boys tried to “hack” their partners/friends AOL account with this “trick” – i always had dozens of fresh AOL accounts in my inbox that way.

I usually changed the current AOL account if it got close to 1000 Dollar roaming fees – oh well there was that once woman from Brazil who ended up with something like 1600 USD on her AOL bill, but usually it was much less.

And no i was NEVER contacted by AOL or anyone else (besides some hate mail on the email inbox used from that scam).

Well so that is pretty much how i survived between the “blue box era” and the “Flat rate DSL era”.