Chapter 18: War Dialers

OVERVIEW

Before the Internet moved from obscurity to part of daily life, electronic communities and information sharing relied on telephone lines, modems, and bulletin board system (BBS) software. Businesses and universities took advantage of modems to provide remote access for systems that required 24-hour management. The system administrator could dial in to the computer rather than driving all the way back to work. These services were largely unknown, being relegated to the ubiquitous phone number. Largely unknown, however, means partially discovered. Many computer hobbyists began searching for these modems, much as modern script kiddies run port scans against Internet networks. You can let an overly caffeinated college student find the unsecured modem on your server, or you can test your company's phone number range yourself. It all goes along with the concept of trust, but verify.

For whatever reason, security tended to be lax on remote access modems. Username and password combinations remained unchanged from the factory defaults or were trivially assigned. Old-school hackers cobbled together software to dial large ranges of phone numbers automatically, hoping to find a modem listening on the other side—sort of the analog equivalent of a port scan, albeit an extremely slow one. This software came to be known as war dialers and was popularized in the 1983 movie War Games. (You might also come across the term Phreaker, but we're interested in function, not nomenclature.)