Hacking at Dartmouth in 1969

It probably doesn’t say much about my character that when I first encountered the world of computers back in 1969 at Dartmouth College, my thoughts quickly turned to how I could use them for my own subversive goals. Yes, I was an early hacker. This was in the days before Microsoft, before Apple, even before Unix and the C programming language.  And now that there is no doubt that the statue of limitations applies (it’s been 45 years), I am ready to come clean.

Sitting in a corner of the campus in those days was a low, concrete, windowless, almost bunker-like building whose architecture appeared out of place amongst the Georgian style of most of the other structures. This was the Kiewit Computer Center. Inside was a GE-635 computer, a behemoth that took up a large part of the building. Per the specs on the Dartmouth College site the CPU had a speed of 300 KHz and the storage was on the order of 340 MB. This beast was tended by a group of computer science majors, headed by the two resident computer gods, Tom Kurtz and John Kemeny, the inventors of the BASIC programming language and both professors at Dartmouth (Kemeny later became president of the college).

The operating system was the Dartmouth Time Sharing System (DTSS), an early example of a multi-user OS that allowed the computer to be shared simultaneously among lots of users. I remember entering the Kiewit Center and then turning to the right, where there was a room full of teletypes for students to use. Each teletype printed on a roll of yellow paper. There were no monitors in those days. Each student had access to 2KB of memory and could log on with their student ID number and first 3 letters of their last name as their default password. Computer usage was very much encouraged at Dartmouth. I remember doing Physics homework on the computer. There were also a number of entertainment programs. One was called DATE and was smart-alacky attempt at an artificial intelligence program designed to entertain your date. Dartmouth was all male at the time and dates had to be imported from neighboring New England schools.

Compared to modern programming languages, BASIC was torture, but we didn’t know any better. Single letter variables, line numbers, no source code formatting, GOTOs — ugh! Nevertheless it was easy to learn and write, if not to read. I wrote some BASIC programs, but soon even the at-the-time huge memory space of 2KB began to seem cramped. It was at this point that I decided to turn to a life of crime and figure out how to steal some passwords.

I wrote a program that emulated the sign-on to the the system and left it running on a teletype. The next person who sat down at that teletype would write in his user ID and password, at which point the teletype would turn off, after having written the information to a data file. Sneaky! Doing this I collected a number of passwords, including some from the systems programmers. One fellow even had 307KB of memory!

Looking over the program listing (yes I did keep the original listing all these years — chalk it up to a guilty conscience), the code is pretty simple. The DTSS log on message with current date and time are printed out. After entering the user ID, the user types in the password on a line that was previously overprinted with different characters. The log on screen looked like this:

DARTMOUTH TIME-SHARING
TERMINAL 130 ON AT 13:48 14 JAN 70, 078 USERS
DTSS TILL 20:00. LIST CNEWS*** 13 JAN70.
USER NUMBER --
XXXXXXXX <--PASSWORD

The clever part of the code is this:

570 LET Q(0)=1
580 LET Q(1)=4
590 CHANGE Q TO Q$
600 PRINT Q$
620 STOP

I discovered empirically that ASCII 4, which is End of Transmission or EOT, would turn off the teletype if printed. In that early BASIC you would define a string as an array, with the first value the length of the string, and then convert the array to a string (indicated by a value terminated by “$”). So, after my victim entered his password, the teletype would die. Since teletypes tended to die randomly anyway in those days, no one thought much of it. They would just turn it back on and start over.

Looking at the list of passwords, they are not much worse than those exposed through today’s password security breaches.  Most people didn’t bother changing their default 3 letters of their last name password.  Of course when the default password is known to be the first 3 letters of your last name, it’s clear there was not a lot of concern about security in those days. It was a simpler era, minus the Internet, viruses, worms and Trojan Horses (excepting my little malignant program). Nevertheless, if you, C42769, are still using “TRACE” as your password, I urge you to change it now.

Besides just demonstrating proof of concept, I didn’t really make use of my hacking results. There were no credit cards to steal in those days, and snooping around files containing other students’ Physics homework proved to be unexciting. Sobered by this, I turned away from a life of computer crime and instead became a doctor, though I have maintained my interest in computers and hacking in the non-evil sense of the word .

Yet as I sit here typing this on a portable computer far more powerful than that which filled a whole building at Dartmouth in the 1970s, I still get nostalgic for those cold, snowy New Hampshire days, and the clatter of teletypes.