Alessio Stefan : 16 July 2024 10:41
Imagine a time before firewalls and ubiquitous encryption, when the digital frontier was wide open for exploration. Hackers weren’t criminals, they were pioneers, fueled by an insatiable thirst for knowledge. Unraveling the secrets of communication networks like GSM, pushing the boundaries of computer technology. These weren’t just technical feats, they were groundbreaking discoveries. Forget online forums and instant messaging , these trailblazers forged connections in a world of limited resources. But how? What fueled their relentless curiosity? What environment fostered such groundbreaking innovation? Prepare to journey back to a bygone era, where breakthroughs like Nmap fingerprinting emerged from the shadows, and passion was the most potent weapon. Let’s delve into the story of The Hacker’s Choice (THC), one of the most influential hacker groups that emerged in 1995. Even today, they continue to inspire passionate individuals to explore the world of hacking with a collaborative and open-minded approach.
The group has graciously agreed to share their story directly with RHC, a tale filled with passion, persistence, and even a brush with espionage. Don’t let the term “hacker” mislead you; the word has been misused in the past to portray them as criminals, but in reality they are thinkers, explorers, and even artists. Let’s give them the respect they deserve. Hacking is a culture with values and principles far removed from those of criminals, even in the digital realm.
In the following lines, you’ll find the essence of our conversation with two valued members of Hacker’s Choice. We extend our sincere gratitude for their willingness to share their experiences and shed light on unique culture. Their story is a testament to how a simple idea can be transformed into something truly remarkable. You might not be familiar with them, but these individuals played a crucial role in shaping the landscape of modern cybersecurity. Their contributions, including the refinement of Nmap and other tools, continue to influence the field today.
Supporta RHC attraverso:
Where should I start if not with the founder? Van Hauser is a security researcher well known within the infosec community for two amazing security tools he developed: THC-Hydra, the all-in-one solution for brute forcing, and THC-ipv6, a framework used to attack IPv6 protocols. His journey started in the ’90s, when his hunger for information drove him to play with mail boxes and modems to connect with other computers.
After spending time digging in the internet underground, he stumbled upon hidden online communities where pirated software was shared. To him, this discovery was a revelation; it meant free software. Places like Warez BBS had a small subsection regarding hacking, phreaking, and anarchy. However, the information stored there was often incomplete or inaccurate; essentially, they were used just as a side channel with a strong focus on pirated software.
No central platform offered both current information and effective communication channels. This frustration pushed him to create his own BBS called L.O.R.E. BBS, initially as a personal project where he could share his hacking and phreaking creations, such as tools or helpful information. While the system could technically handle hundreds of users, this deliberate choice aimed to encourage active participation and information sharing. Removing inactive members, L.O.R.E. BBS collected 50 active members. Their sole purpose was the pursuit of knowledge, entirely focused on learning and not on illegal activities or financial gain. At the time, only two other similar environments existed but the high-quality content and exponential growth of L.O.R.E. BBS quickly made it to become #1 hacking hub in Europe.
Seeking new frontiers, members of another group created a credit card calculator and gave it to L.O.R.E as contributors, this sparked VH’s interest leading to join forces in order to create new things. This is how the birth of the THC group came about. The name was originally a playful reference to marijuana (though VH never partook). During the same call when the group formed, they also came up with “The Hacker’s Choice” as a supposed meaning for the acronym.
Membership in the group required fulfilling two criteria: possessing knowledge or skills to contribute and developing new cool tools and being a good fit for the group’s personality and objectives. Projects by the collective are created with a clear mission: to educate others and provide free, open access. The majority of the members were German but also from Vietnam, the UK, and other parts of the world, thanks to the external communication and influence of THC. With the passage of time, more and more people joined.
The group prioritized collective advancement over individual recognition, this was evident in their practices which ensured everyone had free access to learn about computer security. The group operates as a collaborative umbrella, fostering a space where members can freely release their creations and benefit from the collective’s “quality assurance” stamp, gaining wider recognition. THC never hacked into the system; they were doing their stuff just for fun and fame, not to profit.
Public perception of hacking differed significantly back then, and while it could be viewed as either positive or negative, the line often blurred. Companies were generally seen as the “good guys,” while independent hackers were often stereotyped as malicious, regardless of their intentions. Maintaining anonymity was essential, and joining a group offered a sense of community and recognition within that closed circle. That’s why the underground scene was likely more active in the past; this dynamic began to shift around 2010 with a growing recognition of ethical hackers and self-taught security researchers.
THC’s growing notoriety attracted the unwanted attention of governments around two decades ago. VH said they were considered “persons of interest” to governments. Back then (when hacking outside corporate walls was still widely condemned), a German government agent approached a minor THC member under a false pretense to gather information without success.
Years later, the German government approached VH with a proposal: to hire THC for targeted training and offensive operations. This recognition of THC’s expertise, while validating, conflicted with VH’s evolving perspective. He rejected the offer for offensive operations, but remained open to training, as his philosophy centered on freely available knowledge. Before that however happened, the revelations by Edward Snowden caused a significant shift in VH’s (and the whole group) understanding on how governments act in the digital world. He then was determined to keep his passion for security research separate from government influence.
In 2005, THC celebrated a momentous 10th anniversary with a party in Germany, drawing over 150 attendees from around the world. For VH, it was a moment of immense pride—a culmination of his efforts in connecting people through a BBS, now witnessing his idea thrive in a real-world setting. The event was marked by a flurry of new project releases and the forging of valuable connections with like-minded individuals.
Building on his earlier research, VH delved into the attack vectors of the IPv6 protocol, achieving significant breakthroughs. These discoveries earned him invitations to present his findings at top security conferences in the world. When questioned about his focus on this emerging protocol, VH’s response embodied the core of THC’s philosophy: “That’s how I work. I see a gap and strive to fill that void.” Unlike some who chase the development of the most impressive tools, THC prioritizes venturing into uncharted territory. THC-Hydra embodies this spirit of innovation; while numerous brute-force tools existed, they often lacked flexibility, were tied to specific protocols, and suffered from neglect. VH envisioned a versatile solution capable of attacking diverse protocols with a single tool; this vision is reflected in Hydra’s enduring popularity and ongoing maintenance. Amap, an application scanner developed by THC, exemplifies the power of exploring uncharted territory. Instead of relying on the traditional method of banner grabbing (common at the time), Amap adopted a novel approach. It implements the fingerprint technique, tricking the target into responding to specific requests (like SSL handshakes or specific data patterns). By comparing these responses to a comprehensive database storing the combinations, Amap accurately identifies the underlying technology employed by the target. While Amap is now considered outdated, with more advanced alternatives available, its impact on the field of network security remains significant. Notably, the program’s innovative fingerprint technique caught the attention of Fyodor, the creator of Nmap. He recognized its potential and integrated the fingerprinting techniques into Nmap, significantly enhancing its capabilities, additionally the –thc flag was also implemented to credit them for their pioneering work.
Another significant contribution from VH was the development of AFL++. This security-oriented fuzzer, built upon Google’s American Fuzzy Lop (AFL), utilizes genetic algorithms to automate software testing for vulnerabilities. While the initial version faced limitations in efficiency and maintainability, AFL++ significantly improved stability, speed, and customization through modular design. This project exemplifies VH’s collaborative spirit, as it represents a joint effort with really smart hackers and researchers to enhance an existing tool for better performance. VH was motivated by the competent and intelligent individuals in the AFL++ team.
AFL++ logo
VH’s vision and experience have demonstrably been a pillar of the information security community. As such, his response to the question of how the field has changed over the years was particularly insightful. The security landscape was wide open back in the days, the main change is the entry bar. Curiosity and technical skills were once sufficient because everything was vulnerable, but the field has become more specialized for both attackers and defenders.
The security landscape has undergone a dramatic shift, moving from a centralized hub of knowledge to a more fragmented ecosystem. In the past, community was king. Connecting with other passionate individuals, often starting as hobbyists, was the cornerstone of learning. Through shared experiences and discoveries on Bulletin Board Systems (BBS) with limited capacity, a sense of camaraderie fostered deep expertise. Today, the landscape is vastly different. While online resources and learning platforms like HackTheBox abound,independent learning reigns supreme. Universities are also stepping up, offering dedicated cybersecurity programs. VH views this shift as a natural progression, neither inherently good nor bad, but a response to the ever-expanding frontiers of cybersecurity knowledge. However, this new reality presents both opportunities and challenges. The sheer volume of undiscovered territory demands increased specialization. The “jack of all trades” approach, reminiscent of polymaths like Pythagoras in ancient Greece, is no longer as advantageous. Deep specialization, much like the scientific advancements that followed Greek philosophical exploration, will be key to unlocking the next level of security advancements.
It’s now evident: collaboration with other groups is not just what sparked THC, but the fuel that keeps it constantly evolving. Whispers of different powerful groups had reached VH’s collective. w00w00 was one such group, a breeding ground for future luminaries like Gordon Lyon (creator of nmap) and Jeff Foristal (one of the first to report SQL injection), their philosophy was really simple – “Hack For Fun ”. TESO, a group that flourished in the early 2000s, made significant contributions to the bugtraq mailing list and tools released at high pace. Their work was also instrumental in shaping the content shared on Phrack magazine. To make you understand how smart these people were just know they have created the first ever shellcode generator called hellkit. The 2004 disbandment of TESO wasn’t the end of their story. Some members, like Skyper, resurfaced within THC. Skyper is the second THC active member that decides to talk directly to RHC, the results of an interesting dialogue about his view on THC.
A childhood tale of free phone calls from public booths, recounted by his father’s friend, ignited Skyper’s lifelong fascination with hacking at a mere 11 years old. Back then connecting to other computers was possible through dial-up modems using telephone lines, unlimited dial-up access means that you can stay online for extended periods. Skyper’s interest in manipulating technology likely led him to phreaking techniques on blue boxes and exploiting vulnerabilities in older phone lines to reroute modem calls internationally, testing exploits through these established connections.
Skyper’s interest in THC predated his crowdsourcing into the group. Prior to joining, he actively participated in TESO, he actively encouraged others to engage in dialogue about security, honing his skills as they collaboratively sought robust solutions. He always thrived on sharing new ideas and the friendly rivalry between TESO and THC fueled his passion for security research. When TESO disbanded, Skyper found a new home in THC. He took the initiative to register a domain name for the group and secure the coveted .org extension.
Skyper views THC as a collective of diversely skilled individuals, united by a meticulous approach to detail. The group’s resistance to corruption stems from their core principles: a rejection of commercial pressures, a focus on protecting citizens’ security, and a passion for network exploration that prioritizes knowledge over fame. Skyper emphasizes that information sharing is just one piece of the puzzle, obsession with the problem itself is crucial for truly cracking it. This relentless focus, he argues, helps hackers bang their heads against the wall until they find a way through to break things. Obsession fueled the group’s spirit, especially during a critical period of dormancy lasting roughly 15 years. Despite dwindling membership, the remaining members refused to let THC fade, their unwavering dedication led to a revival, reigniting the group’s activity
Skyper wholeheartedly embraced THC’s “fill the gaps” philosophy. However, he recognized the need for appropriate safeguards, particularly when dealing with security vulnerabilities. Around 2005, Skyper started a research project exploring the security of GSM networks, particularly the encryption of mobile traffic. This project involved the development of a GSM scanner project, a collaborative effort with other researchers. They achieved a PoC cracking a5/1 algorithm in 2006. The project culminated in a successful prototype – a cheap custom device capable of analyzing GSM network traffic using rainbow-table attack in 2008. Here’s the original board used to crack the traffic. It was able to crack a GSM message in 21 seconds when consuming 3000-watt power supply.
Skyper intended to present his findings, including details of the device, at Hack The Box Conference in Dubai (2008). Reflecting on his actions before leaving the UK, his country of residence, Skyper acknowledges a certain lack of experience. His friend and boss, aware of the potential consequences, suggested Skyper cautiously approach the UK government with his research on GSM network security. This suggestion stemmed from a chilling reality: two previous researchers, one a prominent professor from Sussex, had been silenced after uncovering similar vulnerabilities. The GCHQ (British Intelligence Agency) discusses his GSM network security research. He envisioned presenting his findings at a conference and, to his surprise, received a seemingly positive response. GCHQ apparently gave him the green light to proceed, but the fate of previous researchers loomed large. Upon arrival at Heathrow Airport reality took a jarring turn of events. Five law enforcement officers detained him and confiscated his equipment.
Even more concerning, they placed him on a “terrorist watchlist”. For two years, every boarding pass bore the mark of the infamous triple X code. The results are rigorous extra security checks and lengthy interrogations (up to an hour) upon entering the UK. Confiscated equipment rendered his presentation impossible, however a day after arriving at the conference a US colleague arrived with his own equipment. This allowed them to showcase their discoveries at the conference after all. The research community refused to remain silent in the face of Skyper’s ordeal. They became his voice, amplifying the outrage over his treatment and scream against such blatant oppression. “I was too naive” he concedes, at that time the government likely felt they should be the sole custodians of specific technical knowledge. Skyper’s research, they may have perceived, challenged their authority. He felt disgusted by the UK government because of the treatment of him. However, there seems to be a shift in perspective even in governments. They understood that researchers are nothing more than what they are, not threats or criminals.
Governments aren’t the only entities facing challenges with THC. Private companies also have their fair share of clashes with the collective. Back then, Nokia devices powered by Symbian OS, used as Kernel interface to manage system calls, were a prime target for THC’s vulnerability research. The hackers discovered a buffer overflow vulnerability in the user-land application. This vulnerability, due to the lack of proper sanity checks, allowed them to exploit the application and leak data from the kernel level. Exploiting the vulnerability, THC successfully extracted and published the Nokia firmware online. Needless to say, Nokia was not pleased with their proprietary software being freely available and threatened the group with legal action. Faced with a potential lawsuit, THC opted to take down the firmware. This experience served as a valuable lesson for Skyper, he learned that you cannot win every fight and “you need to choose your fights wisely”.
Skyper currently leads THC’s latest project: a set of free Disposable Root Servers. Skyper vividly recalls the challenges of maintaining a 24/7 remote Unix shell back in the day. Back then, VPS weren’t yet an option, making them invite-only affairs. Server ownership was the norm, requiring physical maintenance and emergency interventions. Drawing from these past experiences, Skyper recognized the potential of today’s tech-savvy individuals who simply lack a readily available Unix shell to showcase their skills. This realization fueled this project which aims to provide a platform that ignites the same passion for learning he experienced in his youth. THC offers a limited set of resources, like CPU power and network connections. However, there’s a twist: by creating and sharing valuable tools or code with the community users can earn tokens to remove the restrictions of their server. It’s a smart learning experience, rewarding sharing and collaboration – a modern-day gold rush for smart individuals! The policy behind the Disposable Root Servers is clear : “if you are the only one to benefit, don’t use it!”. Skyper sees this project as his way of giving back to the community. He recognizes the good fortune of THC members and their current ability to provide resources that he himself lacked in his early days.
Skyper was a Phrack editor (which will published a new number this year) and returned Fyodor’s greetings with a tag line on phrack domain, to view it just use dig nmap.phrack.org TXT
Skyper, a current software developer, finds himself increasingly drawn to the artistic aspects of computer science. He’s captivated by the challenge and satisfaction of building things entirely from the ground up. When asked about the future of hacking, Skyper offered an optimistic outlook. He believes hacking won’t vanish entirely, there’s an inherent human curiosity to share knowledge and explore how things work, especially when it comes to finding smarter ways to improve existing solutions. The human desire to share knowledge and find innovative solutions will continue to drive progress.
Skyper is right : security and hacking have undergone a dramatic transformation. Back in the day, vulnerabilities were abundant, but the tools to exploit them were scarce. Today, the situation has flipped: we have sophisticated tools at our disposal, but systems are significantly more hardened. Anonymity was paramount back then and the thrill of intellectual discovery, not fame or prestige, fueled hackers efforts. Skyper observes a stark contrast, today many groups are driven by a business mindset. However, the spirit of independent learning persists. In the pre-internet boom days of the 90s and early 2000s, the mark of a skilled hacker wasn’t just technical prowess, but resourcefulness. Mastering Unix was essential according to Skyper. While he was a computer science student in Germany he devoured every Unix book in the library and even imported them from the US, becoming a valuable resource for his peers as the university itself lacked these crucial learning materials.
Regarding the new generation, Skyper recognizes the rise of Bug Bounty Hunters who bombard servers with thousands of requests solely to find vulnerabilities, report them, and potentially earn a small reward for their efforts. While their methods can be noisy, they simultaneously put daily pressure on websites and companies to improve their security and was something we didn’t see in the past. Today, success in red (offensive security) or blue (defensive security) teams often demands deep expertise in a specific vertical. What truly worries him, however, is the rise of real-world attackers, particularly ransomware operators.Their tactics are far removed from the controlled simulations of legitimate red teams, posing a serious threat that requires innovative solutions. Skyper also expresses concern about the growing threat of nation-state actors and Advanced Persistent Threats (APTs). He emphasizes the need to address not just the technical attacks themselves, but also the propaganda and fake news that often accompany them. these two areas – defending against real-world attackers and combating misinformation – as crucial gaps that the next generation of cybersecurity professionals must address and help security to rise. The landscape has evolved far beyond his own experiences and he admits it is time to pass the torch to a new generation equipped with the specialized skills and fresh perspectives needed to tackle these evolving threats.
VH and Skyper engaged in a conversation beyond just telling their stories, and they were open to answering a small set of questions. We are honored to host these two members of one of the best Hacker Groups ever existed. A big shout out to them and thanks again for their availability.
RHC: Hi VH and Skyper, thanks for joining us at RHC! To get started, let’s imagine someone who knows nothing about security. How would you describe the THC Group to them in a simple and clear way?
VH: cool research on security & hacking, nothing illegal
Skyper: We make sure that if it says “secure” on the tin that it is indeed secure. We expose fishy security and dodgy governments and organizations
RHC: Beyond the technical stuff, what has the THC group meant to you on a personal level?
VH: connecting to other great minds, meeting up, friendship
Skyper: A band of brothers who I can call at any time for any reason, knowing they will pick up the phone.
RHC: Within the security field are there any hackers, security researchers, or professionals whose work particularly motivates you?
VH: Michal Zalewsky. a genius and humble soul
Skyper: There are too many to list here. As a youngster I was inspired by all the phone phreaks and phrack magazine (I downloaded my first issue in 92 from a BBS) and then in later time by the groups such as ADM, TESO, LSD and security.is
RHC: Outside of security are there any inspirational figures, films, or works of art that influence you in your personal or professional life, even if they aren’t directly related to security?
VH: Dead Poets Society – critical thinking
Skyper: “Art of Strategy ” (the TL;DR of Art Of War). Nietzsche and Kafka – provocative for their times. There are many others that inspired me but never did I ever get inspired by any politician. Ever.
RHC: As you said, the security landscape has definitely evolved. Based on your experience, what advice would you give to someone just entering the cybersecurity field?
VH: try to find a topic you are passionate about and concentrate on that. most of what you do should be self-teaching and researching on the internet.
Skyper: Read all books. All of them. Then read them again. Understand every detail. The nitty gritty. Then keep asking “why? And why not done differently?”.
RHC: Over your careers, you’ve likely tackled a wide range of research projects. Can you each share one that you found particularly interesting or challenging, and explain why?
VH: My research on fuzzing and incorporating my results into AFL++. lots of funds and learning.
Skyper: The GSM cracking project had it all. We ended up re-inventing cryptanalytic attacks that much later somebody else told me were already mentioned by Shamir in one of his papers – but it felt great to have discovered some of the attacks on our own accord.
RHC: The term “hacker” can sometimes be used broadly. In your opinion, does it apply to both ethical security researchers and malicious actors, or do you see a distinction?
VH: an ethical security researcher can be a hacker, a criminal I would consider more of a blackhat. but there are no clear borders
Skyper: “Hacker ” is the new cool again. No longer a bad guy – those we name these days APT, ransom-groups or my all time favorite: arseholes. I pity them as they are hacking for all the wrong reasons. They are not freedom fighters but motivated by greed, power and tribalism.
RHC: The cybercrime landscape is certainly expanding rapidly. Does this growing threat concern you, and if so, why? What are some of the most effective ways to counter these criminal activities?
VH: No, it is the natural way. criminal float to where the best risk/reward/effort ratio is to be found. to combat: MFA, install updates asap, do not believe any email, phone call or video call – or person that you meet and be wary.
Skyper: It’s a cat & mouse game. Neither has gained on the other over the last 30 years. They are still good and equal matches. Fighting arseholes is a complex problem. These criminals are (mostly) smart people. I wish they would use their brain cycles to cure cancer or some other amazing work.
RHC: Are there any instances you’re aware of where groups with similar initial goals to yours ended up on a criminal path?
VH: no (but I would not know, not that this did not happen)
Skyper: There are some but not many.
RHC: What’s the difference between a ‘choice’ and an ‘hacker’s choice’?
VH: the group’s name basically means: “these tools are what a real good hacker would choose”
RHC: What’s your best ‘hacker’s choice’ you have ever done?
VH: for me thc-scan, amap, thc-ipv6, afl++
RHC: What benefits come from supporting organizations that advocate for digital rights and freedoms, like the EFF?
VH: they benefit society and hackers and we sponsor them. benefits for THC: none.
Skyper: Major donors like us get free hoodies every year (anyone donating more than 3k USD I think) LOL. Jokes aside, they do great work. Support them. They fight stupidly, without sending a single TCP packet.
RHC: In the THC-Hydra you state “Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway)”, why and what’s the meaning behind this message?
VH: After Snowden showed how secret service organizations do anything they want without much oversight or repercussions I wanted to make a statement that I am not OK with that, and that they are not allowed to use my tools (which they ignore – I know for sure they ignore that). but the debian org said such a policy is not allowed for open software, so I had to switch this to “please …”
RHC: What’s your situation now and what would be the future of THC?
VH: I am working as a team lead in an IT security hacking/consulting company and am very happy with my job.
RHC: We appreciate your insights. Please feel free to share any additional thoughts you may have with the audience.
Skyper: Keep going down those dark rabbit holes that nobody else dares to go down. Explore them. It is in those dark places where you will shine the brightest. Keep exploring. Keep hacking. YOU. ARE. NOT. ALONE.
The THC Group is still alive and spreading their message: It’s not about being the best. It’s about venturing into uncharted territories, constantly pushing forward until you discover the missing piece that fills the gap. They have demonstrated this through various past research projects, some of which we haven’t mentioned here, like first kernel level keylogger (RedDragon), first to clone ePassport (vanjeek), first to release Solaris Kernel modules (plasmoid) and first for various windows exploit (jc).
No matter what security field interests you, today a high degree of specialization is needed. The same relentless pursuit of knowledge and problem-solving that fueled the THC collective for nearly three decades can help current and new generations develop the laser focus needed to excel in today’s specialized security fields.
Collectives like THC may become less common, but that doesn’t mean their core principles should disappear. In fact, it’s the opposite, we need to emphasize them more and more especially with the new threats the infosec industry needs to face daily. Both VH and Skyper noted how THC members made donations (in their own name) to organizations that work on privacy and security in the digital realm.
Their work was well-compensated and they chose to give back to the community with donation and sensibilization without economical purpose. We should be incredibly grateful for THC’s lasting influence on the international scene. Their commitment to offering free services empowers individuals to delve deeper into problem-solving while directly helping the industry with new tools and discoveries.
If you have an idea, a problem to solve, or a burning desire for knowledge, THC’s resources are a great place to start :
Deepest appreciation to VH and Skyper for their invaluable time and contributions to this article (photos included). Fueled by your insightful words and unwavering dedication, you’ve once again demonstrated the depth of your commitment to the community. Through your words, you’ve laid bare not just your past and present, but the seeds you’re planting for the future. Long life to THC!