Free Permanent Record by Edward Snowden
Authors: Edward Snowden
myself extra lives and letting me do things like see through walls. Also, there wasn’t a lot of money on the Internet back then, at least not by today’s standards. The closest that anyone I knew or anything I read ever came to theft was “phreaking,” or making free phone calls.
If you asked some of the big-shot hackers of the day why, for example, they’d hacked into a major news site only to do nothing more meaningful than replace the headlines with a trippy GIF proclaiming the skills of Baron von Hackerface that would be taken down in less than half an hour, the reply would’ve been a version of the answer given by the mountaineer who was asked his reason for climbing Mount Everest: “Because it’s there.” Most hackers, particularly young ones, set out to search not for lucre or power,but for the limits of their talent and any opportunity to prove the impossible possible.
I was young, and while my curiosity was pure, it was also, in retrospect, pretty psychologically revealing, in that some of my earliest hacking attempts were directed toward allaying my neuroses. The more I came to know about the fragility of computer security, the more I worried over the consequences of trusting the wrong machine. As a teenager, my first hack that ever courted trouble dealt with a fear that suddenly became all I could think about: the threat of a full-on, scorched-earth nuclear holocaust.
I’d been reading some article about the history of the American nuclear program, and before I knew it, with just a couple of clicks, I was at the website of the Los Alamos National Laboratory, the country’s nuclear research facility. That’s just the way the Internet works: you get curious, and your fingers do the thinking for you. But suddenly I was legitimately freaked out: the website of America’s largest and most significant scientific research and weapons development institution, I noticed, had a glaring security hole. Its vulnerability was basically the virtual version of an unlocked door: an open directory structure.
I’ll explain. Imagine I sent you a link to download a .pdf file that’s kept on its own page of a multipage website. The URL for this file would typically be something like website.com/files/pdfs/filename.pdf. Now, as the structure of a URL derives directly from directory structure, each part of this URL represents a distinct “branch” of the directory “tree.” In this instance, within the directory of website.com is a folder of files, within which is a subfolder of pdfs, within which is the specific filename.pdf that you’re seeking to download. Today, most websites will confine your visit to that specific file, keeping their directory structures closed and private. But back in those dinosaur days, even major websites were created and run by folks who were new to the technology, and they often left their directory structures wide open, which meant that if you truncated your file’s URL—if you simply changed it to something like website.com/files—you’d be able to access everyfile on the site, pdf or otherwise, including those that weren’t necessarily meant for visitors. This was the case with the Los Alamos site.
In the hacking community, this is basically Baby’s First Hack—a totally rudimentary traversal procedure known as “dirwalking,” or “directory walking.” And that’s just what I did: I walked as fast as I could from file to subfolder to upper-level folder and back again, a teen let loose through the parent directories. Within a half hour of reading an article about the threat of nuclear weapons, I’d stumbled upon a trove of files meant only for the lab’s security-cleared workers.
To be sure, the documents I accessed weren’t exactly the classified plans for building a nuclear device in my garage. (And, anyway, it’s not as if those plans weren’t already available on about a dozen DIY websites.) Instead, what I got was more along the lines of confidential
If you asked some of the big-shot hackers of the day why, for example, they’d hacked into a major news site only to do nothing more meaningful than replace the headlines with a trippy GIF proclaiming the skills of Baron von Hackerface that would be taken down in less than half an hour, the reply would’ve been a version of the answer given by the mountaineer who was asked his reason for climbing Mount Everest: “Because it’s there.” Most hackers, particularly young ones, set out to search not for lucre or power,but for the limits of their talent and any opportunity to prove the impossible possible.
I was young, and while my curiosity was pure, it was also, in retrospect, pretty psychologically revealing, in that some of my earliest hacking attempts were directed toward allaying my neuroses. The more I came to know about the fragility of computer security, the more I worried over the consequences of trusting the wrong machine. As a teenager, my first hack that ever courted trouble dealt with a fear that suddenly became all I could think about: the threat of a full-on, scorched-earth nuclear holocaust.
I’d been reading some article about the history of the American nuclear program, and before I knew it, with just a couple of clicks, I was at the website of the Los Alamos National Laboratory, the country’s nuclear research facility. That’s just the way the Internet works: you get curious, and your fingers do the thinking for you. But suddenly I was legitimately freaked out: the website of America’s largest and most significant scientific research and weapons development institution, I noticed, had a glaring security hole. Its vulnerability was basically the virtual version of an unlocked door: an open directory structure.
I’ll explain. Imagine I sent you a link to download a .pdf file that’s kept on its own page of a multipage website. The URL for this file would typically be something like website.com/files/pdfs/filename.pdf. Now, as the structure of a URL derives directly from directory structure, each part of this URL represents a distinct “branch” of the directory “tree.” In this instance, within the directory of website.com is a folder of files, within which is a subfolder of pdfs, within which is the specific filename.pdf that you’re seeking to download. Today, most websites will confine your visit to that specific file, keeping their directory structures closed and private. But back in those dinosaur days, even major websites were created and run by folks who were new to the technology, and they often left their directory structures wide open, which meant that if you truncated your file’s URL—if you simply changed it to something like website.com/files—you’d be able to access everyfile on the site, pdf or otherwise, including those that weren’t necessarily meant for visitors. This was the case with the Los Alamos site.
In the hacking community, this is basically Baby’s First Hack—a totally rudimentary traversal procedure known as “dirwalking,” or “directory walking.” And that’s just what I did: I walked as fast as I could from file to subfolder to upper-level folder and back again, a teen let loose through the parent directories. Within a half hour of reading an article about the threat of nuclear weapons, I’d stumbled upon a trove of files meant only for the lab’s security-cleared workers.
To be sure, the documents I accessed weren’t exactly the classified plans for building a nuclear device in my garage. (And, anyway, it’s not as if those plans weren’t already available on about a dozen DIY websites.) Instead, what I got was more along the lines of confidential
Similar Books
The Hero Strikes Back
Moira J. Moore
Days of Love and Blood
R.S. Carter
Domination
Lyra Byrnes
Order of the Air Omnibus: Books 1-3
Melissa Scott
Recoil
Brian Garfield
As Night Falls
Jenny Milchman
Steamy Sisters
Jennifer Kitt
Full Circle
Connie Monk
Forgotten Alpha
Joanna Wilson
Scars and Songs
Christine Zolendz, Frankie Sutton, Okaycreations