thievco.txt

  1. Directory
  2. History
  3. thievco.txt
About Thievco
Updated 8/28/98 
  
Founded in 1982, Thievco, Inc. is headquartered in San Francisco, and 
has branch offices all over the world.  From humble beginnings, Thievco 
has grown from it's three founding members to an organization of over 
20,000 employees world-wide. 

Thievco is the market leader in penetration testing, security evaluation, 
mass profiling, privacy invasion, wiretapping, mass blackmail, extortion, 
insider trading, media manipulation, and bribing of public officials. 

Thievco offers a wide range of products and services, from hostile 
penetration testing contracted for by your competitors, to public 
relations work to cover up the successful intrusion. 

Thievco conducts extensive research and development in the following 
areas:  Penetration and manipulation of government, corporate, financial, 
and medical databases; Storage and correlation of large data sets; 
Monitoring and modifying financial and stock market information systems; 
and Corporate planning strategies and their effects on company valuation. 
As a result of our extensive R&D efforts, Thievco has virtually no 
competition in these areas. 

Thievco is a publicly traded company on the  NASDAQ stock 
exchange under the symbol TVCO. 

                            Thievco Corporate Communications 

-----------

the TRUTH About Thievco 
Updated 8/29/98 
  
...Of course,  that's all a lie. 

Back when we were all 12 or 13, Chron, The Locust, and  I were a bunch of
warez puppies.  Of course, it was called being a 'rodent' back then.  Anyway,
we'd frequently get our Apple ][ warez , and they'd have some group name in a
splash screen before the game.  The games would boot up, "Cracked By..."
proudly displayed for the world to see. 

Back then, software was mostly passed around by trading disks.  We'd have
get-togethers where we'd all bring a computer, and boxes and boxes of disks,
and make disk copies all night.  This was the peak of the copy-protection era,
so piracy usually took a little work.  One would have to have the right disk
copying program, or the right patch, or know which halftracks to grab. 
Consequently, the cracker (this is copy-protection cracker, mind you. 
Considered an admirable skill) would then get to blaze their name on the disk
for all the leeches, like ourselves, to see.  We thought these guys were really
cool. 

Clearly, we needed to form a group.  Thievco was born. 

We'd amuse ourselves with replacing the graphics files on our favorite games,
or modify the BASIC loader file to bload a Thievco screen first, and then give
the modified disks out to our friends. 

At some point when I was 13, I got my first modem.  It was a Novation
Applecat.  I read through the docs, and managed to install it myself in slot 
2 of my Golden ][ (an Apple ][+ clone from Taiwan.  It was only $600 at the 
time when real ][+'s were $1200.) 

I was vaguly familiar with the concept of BBS's.  I'd seen the guy who I'd
bought the Golden ][ from using them... which is why I wanted the modem in
the first place.  I got a BBS number from somewhere, and fired up the Catfur
disk that came with the modem.  I have no recollection of which BBS it was or
who the Sysop was.  I created an account, and ended up chatting with the
Sysop at one point.  He was very helpful and patient, and took his board in
order to fire up his copy of Catfur, and send me a better term prog.  It might
have been ASCIIExpress, I can't remember.  I think that's one of the only
times I ever got to use the proprietary 1200 BAUD half-duplex feature of the
Applecat, which was normally a 300 BAUD modem.  I believe I also picked
up some more BBS numbers from his sign-off. 

I happily spent the next month calling boards in New York (from California)
and calling AE lines for the hour-something it took to download a 143K disk
image.  Until Mom got the phone bill.  Whoops, $200.  I guess calling other
area codes wasn't such a good idea. 

No problem.  The next month, I was very careful to stay within my area code,
415.  This was back when nearly all of the SF Bay Area was 415.  What used
to be 415 is now 415, 510, 925, 950...  anyway...  Of course, I was on more
often now... I was starting to keep up with some of the discussion boards. 
Next phone bill arrives, $200 again.  Whoops.  I guess it's time to investigate
the difference between a local call, and local-toll. 

Don't ask me how, but I managed to keep the modem, and get my own phone
line installed.  I think I had some of my own money with which to pay back
Mom. 

So, now I can be on-line most of the time, and I don't have to wait until 10:00
P.M. when the house phone won't be tied up. 

By now, I've got accounts on a number of local BBS's, as Blue Boar of
Thievco.  So what?  What's Thievco?  Well...nothing, really.  Just the three of
us. 

I had a computer, modem, and my own phone line.   So, I started a BBS. 

Welcome to The Thievco Main Office. 

I can't remember the name of the program I started with.. It was obviously one
of the Applecat BBS progs, since back then most host-to-modem
communication was proprietary.   I ran it on my Golden ][ with a green
composite screen, the Applecat in slot 3 (I'd managed to bend a pin in slot2 at
one point) and one 143K floppy drive.  I had room for a few text files, a
handful of forums, and user e-mail.  The BBS program was a mixture of
BASIC and assembly (modem drivers were in Assembly) so I was able to
make modifications pretty easily.  In fact, now that I think about it, we didn't
think there was anything unusual about the fact that someone had written a
commercial quality program, and distributed it for free in source-code form. 
Hmm.   Anyway, so I made some mods, such as the k00l!!!11!! spinning
cursor. 

It wasn't long before we learned of another new BBS in our local calling area,
The Forbin Project.  (Please note:  This was NOT the Forbin Project BBS that
the Procomm guys ran.)  It became a sort of sister BBS to ours.  There were a
number of joint Thievco/Forbin Project events put on.  The Sysops of TFP,
The Intruder and Commander Zer0, became good friends of ours.  Over the
next few years, we had regular get-togethers to eat Pizza, go on Picnics, go to
the movies, or go to the Laserium.  We'd also occasionally attend an event put
on by The Inner Circle, another local BBS in Berkeley.  The Inner Circle folks
were a bit older than most of us, so we weren't always welcome. 

We'd collected a whole circle of BBS friends that were our primary peer
group.  We'd spend most weekends in the dumpsters of the high-tech
companies of Silicon Valley. 

One problem with running the BBS was that I'd tied up my computer.  I'd
occasionally take it down to play games.. frequently an Ultima..  at which 
point I'd just answer the phone voice and chat with whomever was on the other 
end of the line.  Sometimes they'd just ask what was up with the board, and 
I'll tell 'em I was working on it, and to call back later.  Sometimes we'd 
chat for a little while if it was one of the users I knew better.   But, the 
board eventually got a little more popular, and it was getting to be less 
practical for me to just take it down.  I needed a game machine. 

Chron's first machine of his own was a C64, and I'd seen from using his that it
was really a good little game machine.  Prices had dropped to a pretty
reasonable level for most 8-bit machines, so I was able to pick up a C64 and a
1541 for around $300-$400.  This was, of course, a little embarrasing after
participating in so many my-apple-is-better-than-your-commie (or atari, or
whatever) wars. 

Chron started a BBS (A Thievco Branch Office.. I can't remember the name)
on his C64.  He had a couple of drives, so he had the luxury of occasionally
being able to slip a disk into the second one for one of his users to download. 
I had no space for games.  I'd had to add a second drive for the message
boards.  I think he got a second C64 at some point to play on while his BBS
was up. 

Chron was a little more reckless in his phone use that I was.  He wanted to be
able to call around a little more.  So, when I'd stay over at his house for the
night, we'd call the White House and ask to speak to Reagan, or we'd call
Information in different parts of the US and ask how the weather was..  Some
operators got a bit snotty, but many were happy to chat.  They didn't have
much else to do at 1:00 A.M. +...  Sometimes we'd call the local ANI number
and try to get the address for some person we knew via some BBS that we
wanted to screw with.  It's not easy to pretend to be a PacBell tech when
you've got a 16-year-old voice. 

Chron got busted for MCI codes.  I can't say it was too much of a shock... he
was scanning them and using them from his home line.  They presented a
(unsigned) warrant at the door to his Dad, and came into his room and took
everything that looked computer-related.  The searched every drawer, the
closet, etc..  Just for good measure, they took a beer and some porn they had
found in his room, and left them in the middle of the floor.  Then they 
invited his Dad in to "see if they got everything."  His Dad was overly 
cooperative.. never challenged the suspicious warrant, never questioned what 
was going on, didn't argue when MCI & PacBell claimed $1600 in phone calls, 
and he just paid them.  Chron never saw his equipment again, and I don't 
think he got charged.   He was under 18 at the time.  They never went after 
any of his friends.  We weren't Uber-phreaks..  We couldn't take over a switch 
if our lives depended on it.  The extent of our "boxing" consisted of playing a
quarter-tone over the commie speaker and thinking it was cool.  We exploited
the absolutely pathetic authtication method that was used by MCI for long
distance.  (5 digits?  Shared by every MCI customer?) 

That put a bit of a cramp in his BBS.  We got him some loaner equipment here
and there, but he never tried to set up shop again.  We spent most of the
following months worrying that they woud come after the rest of us, or they
would prosecute Chron, or they'd do something with the userlist from the
BBS.  I had a big magnet near my computer for a while after that. 

But, they never did anything, and the Thievco Main Office lived on... At one
point I had met a girl via my BBS that I would talk to onthe phone for the next
couple of years, and eventually marry.  I had started working a little here and
there to pay for my phone line and equipment.  I worked running backups and
cleaning the computer room for a small local software company, I was a
playtester for a few game companies, etc... 

Then.. I finished high school.  I was 17.  I had run TMO for over four years,
and racked up I don't remember how many thousand calls.  Back then, what
caller number you were was one of the first things to scroll past your screen,
much link the counters on web sites now.  But, I was header for college, the
bane of BBS's everywhere.  I posted my goodbyes and thanks to everyone..let
those stay for a week or two, and retired it. 

I can remember how quiet my room was without the computer running.  That
Golden ][ had run nearly non-stop for all that time, in the same room I slept in,
and I had gotten used to the sounds.  Even when I would keep the speaker off,
I could still hear the relays close when I got a call, followed by the drives
going.  Anyone who spent a lot of time in front of an Apple will have those
various sounds burnt into their brain.  I bet I could play the boot sound of an
Apple ][ over the PA at Defcon, and half the people there could instantly
identify it. 

I checked out the green-screen, and there was the waiting-for-call screen burnt
deep into the monitor.  I packed up the diskettes, packet up my hardware, and
headed off for college. 

The TMO BBS never went back up.  I spent a year at a four-year college, got
married the next year, put school on the back-burner, started working full-time,
had kids, grew up. 

I wasn't the only one.  The Forbin Project went down when CZ went to
college.  The Inner Circle went down when the Sysop graduated from college. 
All my BBS friends scattered in different directions and went off and had lives.

You have to realize that all of the above WAS my teenage years.  This wasn't
something I did on the side, or as just a hobby.  I'm a computer geek
through-and-through.  On average, I've spent probably 10 hours a day in front
of a computer since I was 12.  I knew my friends because of the BBS.  I met
my wife via my BBS.  I make my living now because of skills I learned starting
back then. 

My 10-year wedding anniversary is next month.  I'll be 29 by then.  After living
in the same house since we got married, we recently moved.  Prepatory to that,
I cleaned out the garage.  I sold a van-load of obsolete hardware to a surplus
electronics store.  The load included a Golden ][ with an Applecat, related
disk-drives and expansion cards, and a phosphor-burned green screen.  There
was a 1541 disk drive... some Thievco member's old (real) Apple ][+ that had
been cannibalized, a bunch of 8-bit computer books (Beneath Apple DOS,
1541 programmer's manual, Central Point manuals....)  As well as tons of XT
and 286-class IBM compatible hardware, an Osbourne, some dead printers...
too much junk.  I think I got $50 for the whole load. 

I have no idea why I kept the old 8-bit hardware for so long.  It hadn't been on
in 10 years.  I guess I wanted to make sure that any possible monetary value
was completely depreciated out of it.  Still, I couldn't help but be a little
depressed when I got rid of it. 

Geeze.  I'm starting to sound really pathetic. 

Jump to the present.  I have been working in the networking field for over 8
years now.  I've always had an interest in computer security, and in the last
several years, I've managed to steer my career and leverage my networking
skills so that now I'm one of the people who runs the Corporate Information
Security department for a large software company.  I'm getting paid great,
getting to do exactly what I want, and loving every minute.  I get paid to go to
Defcon.  I run the firewalls, get T3 Internet links to play with, have a large
security budget, and as many machines as I need. 

So why dredge up Thievco again?  Why does Thievco.com exist? 

Ever since I discovered the web a few years ago, it has been clear to me that
this is the new BBS..  this is where folks build their communities now.  I don't
mean to denegrate the Internet, or Usenet, or e-mail, or IRC, or whatever your
favorite IP-based thing is.  I'm not one of those people who thinks the Internet
IS the Web.  I hope I'll make that abundantly clear with my work in the future. 
Suffice it to say that the Web part of the Internet is how you're going to reach
the world.  The Web is the killer app that has however many million people
connecting to the Internet. 

This is how I get to hang with the hackers. 

Ok.. so I've been dragging my butt... I "discovered the web" four years ago. 
Why Thievco, why now? 

Because of what I do for a living, and my professional associations, I have....
a situation.  I take the security of my company (my day job) seriously.  I'm a
smart guy, I pay attention, and I think I know what it takes to really keep 
up on security issues.  I subscribe to the appropriate mailing lists, I go to 
Defcon, I listen to the Hack Stars talk to each-other after a presentation, or 
in the elevator. 

And what did I find out?  We're screwed.  The Hack Stars know, in their
respective areas of expertise, how to waltz right through the security
mechanisms. 

I'm starting to make connections about the bits and pieces I hear from them. 
I'm starting to see problem areas that haven't really been publicised yet, and
won't be the common attack for a year or more. 

I'm starting to get a clue. 

So...here's the situation I was talking about.  I know something.  If I'm 
going to be an honest security worker, I have to tell people about it.  
Someone is likely to be unhappy about it, such as the company that produces 
the product that I'm going to share information about.  I work for a large 
software company.  The company I work for often partners with other computer 
companies, including ones I may have infomation about. 

I can't, while representing my day job in ANY capacity, publish this
information.  It can't come from my corporate e-mail address, it can't live on
my company's web servers.  It can't appear to originate from the IP addresses
associated with my employer. 

When faced with something they don't understand, people react badly.  People
don't understand computer security.  It's not intuitivly obvious to many people
why it's a good idea to get this information out in the open.  They don't
understand why it's important to give the details.  They don't understand why
we have to tell people that there is a problem at all.  What do you mean we
screwed up?  Geeze!  That's embarassing... let's hide it!  On an emotional
level, that's how people thing about security problems, even people who should
know better. BTW, have you seen my first rant? :) 

People really have to train themselves to respond correctly when faced with a
security hole in their products.  The correct response is "Thank you for 
finding a bug in our product that we should have spotted ourselves had we 
done ANY due dilligence in trying to make it secure."  Not "They published 
WHAT?  Who are these evil hackers?  Why didn't they tell US so we could hush 
it up?  Go call their ISP and have their site shut down before someone sees 
it!"  Of course, the hacker probably mailed them about the problem weeks ago,
and they ignored him. 

The reality is that hackers get many more incorrect responses than correct
responses.  BTW, have you seen my first rant? :) 

Obviously, I need some sort of alternate identity that isn't associated with my
job at all.  But wait, I already have one... one that is dear to me and that I
already have a certain amount of love for. 

It's very freeing to have a forum to present in again.  Since I launched 
the site a few days ago, I've been up until 2:00 in the morning every night 
working on it. 

Be afraid. 

Welcome to Thievco.com 
"Stealing your secrets since 1982." 

    -BB 

I really like that ending.  But... I'm talking and I can't shut up..  I have 
two more items of business that are appropriate for this page.  

First off, let's get this business of the definition of "hacker" out of the 
way. 

How does Thievco define hacker? 

Not cracker.  Crackers break into systems.  A cracker may have the skill set
of a hacker or not.  Usually not, since all the good hackers I know don't feel
the need to break into systems without permission.  Heck, there's plenty of
folks that will pay them to break into systems they own.  Notice that even the
work "cracker" isn't clear, since that's what we used to call the guys who 
could crack copy protection. 

Not script kiddies.  They don't know enough about what they're doing.  I'm
pushing the term "lacker." 

So what is a hacker?  Go to the top of this page, and re-read it.  Read what
I've been doing since I was 12.  That's a hacker.  They don't have to have
done it for years, they don't have to do it for a living, they don't have to be
particuarly good at it.  They have to be doing it to learn.  It doesn't
neccessarily have anything to with computers, networks, or security.  
Those just have a lot of draw for hackers.  It's OK for hackers to be
motivated by wanting to show up big companies that claim to sell secure 
products. 

The problem is, the media is only interested in computer hackers, and only if
it has to do with breaking security.  The media doesn't want to report on Theo
De Raadt who spends his days debugging BSD code so we can have a secure
OS.  They don't want to report on the kind of guy who wrote a BBS and gave
out the source so I could run a BBS out of my bedroom.  Now there's some
REAL hackers. 

Let's see how long it takes for someone to read this, pick out the fact that
I did the smallest bit of phreaking, and decided that that is what hackers
are all about and that we're all evil. 

Ok, last item.  I obviously got a bit nostalgic while writing this, so I'm 
going to abuse you attention even furthur, and ask for leads on folks in the
BBS scene in the SF east-bay in the period 1982-1987.  Looking for these folks: 

Commander Zero, The Intruder, The Penguin, The Kingpin (not the one from
the L0pht,) A Huge Janus, Baron GTS, EEKaMouse, Raistlin Majere, 

I'm in contact with: 

Me, Chron, The Locust, Sexy Sara, Luscious Lisa, Marge, DeDe 

It's time for a reunion party. 

DOWNLOAD FILE
MD5
f2746bf3a00aef1de4631325eb8cc004

AAAAH! MY EYES! Click here if you prefer a black and white color scheme.