Transcription performed by LeahTranscribes[Start of recording]
JACK: Hey, it’s Jack, host of the show. So, the last two episodes talked about hacking in the eighties and nineties, which was primarily phone phreaking. In those episodes I talked about a digital magazine called Phrack, which was incredibly influential to the hacking scene. It wasn’t uncommon to be in a chat room and someone come in and ask, ‘How do I get started as a hacker?’ and then someone else simply say, ‘Go to Phrack’s site, start reading it at Issue #1. By the time you’re all caught up, you’ll be a great hacker.’ It’s probably good to go and listen to the two episodes before this before doing this one just to have the context, but you don’t have to if you’d rather not. But the thing is is that in this episode, I interview two of the Phrack staff. The magazine just celebrated their fortieth anniversary, and I’m pretty sure if you run a hacker magazine for forty years, there’s gotta be some interesting stories in there somewhere.
[Intro music] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries.
JACK: Okay, first let’s start out with some introductions.
SKYPER: Hi, my name is Skyper. I used to be the editor of the Phrack magazine in the year 2000 to 2005, and I’ve joined the Phrack staff recently again as an advisor.
TMZ: Hey, I’m TMZ. I’m one of the current staff and editors of Phrack magazine.
JACK: In your words, can you tell us what is Phrack magazine?
SKYPER: So, Phrack stands for phreaking and hacking. It’s a combination of these two words, and it used to be the manipulation of the phone lines. Effectively, the main goal was to get you free phone calls that are very hard to trace.
TMZ: Phrack magazine — this is all sorts of things hacking-related, to be honest. I think there’s the famous article on how to make a bomb as well, in the bath.
JACK: Yeah, I mean, that — I think I saw that even in — Issue #1, there was a balloon that had acetylene in it that — we put snap caps or pop caps on it and throw some rocks together, and you throw the balloon off a roof, and when it hits the ground, the snap pops — the pops — the little poppers snap, and then it creates a little explosion. I think that was Issue #1. So, it’s interesting how anarchy kinda shows up in Phrack. Like, bombs; what is this doing in a hacker magazine?
SKYPER: I think we have to put this into a different context of where we were forty years ago. Terrorism didn’t really happen, at least not in most countries. So, building bombs was not seen as necessarily something evil or criminal but was just young kids exploring things. What can they do? They didn’t mean to do any harm with them. They were just experimenting.
JACK: [Music] In my opinion, Phrack seems to capture some kind of counter culture. It’s notes-from-the-underground type stuff. Because back in the nineties, cybersecurity wasn’t quite a mainstream profession yet. Like, schools didn’t teach you how to secure networks or how to hack. But nowadays, almost every major university has a major in cybersecurity. So, back in the nineties there was just this underground group of people breaking computers, basically, and talking about it in chat rooms and on forums. You had phreakers, hackers, rippers, crackers, seeders, which welcomed in artists and musicians who were making things on their computers. This was collectively known as the scene back then. I think it was this underground scene that Phrack was born out of and has its roots in.
TMZ: The scene was made by largely people trying things out with their new hardware that they found, or trying to make something, do something that was not supposed to be doing — or that was not engineered to do. So, that’s what the original hacker was all about.
SKYPER: I think if you summarize it, then Phrack contains condensed, hardcore technical articles without any bullshit. The stuff works, and it’s practical.
JACK: I’m fascinated by these two cultures, the cybersecurity professional and the scene hacker. One does it for money and it’s their career, and one does it for fun. It’s their hobby. But they are both passionate about it. One tries to do it in the light, one wants to do it in the shadows, but they both like sharing what they know. What’s the difference, honestly? Attitude? Style? But as computers grew more mainstream, becoming more common in every house, more interest grew in hacking. I mean, I’m sure you’ve gotten some kind of new electronic at some point in your life, and you sat down and you said to yourself, what are all the cool things that this thing can do? So, imagine getting a computer and learning that it can print stuff and play games and make sounds, but then also hearing about some of the secret stuff it can do, like hack other people’s computers.
So, more people got fascinated with hacking and were contributing to things like Phrack, submitting articles on how to do cool, secret stuff on your computer. But also, along with the rise of computers, the cybersecurity profession became popular, which sort of brought in a whole new culture of hackers. These weren’t the roller-blading, cargo pants-wearing, mohawk kids. The cybersecurity professional wears a collared shirt and sometimes a tie. You can see this dark contrast of these two cultures when you go to conferences like Black Hat and Defcon. At Black Hat, you see people wearing suits and ties. They say they’re geeks and nerds, but they don’t look it. At Defcon there’s a lot of people wearing cargo shorts, black shirts, hoodies, having mohawks. At Black Hat, I feel like those people have to be there for work. But at Defcon, I feel like those people want to be there for the fun. Because I grew up in the scene, my heart is still there. We were the kids who tried stuff with no manual or tutorial. We built things that weren’t possible. We did it without permission or rules. We pushed the boundaries and explored a new frontier.
TMZ: Which, also, like a lot of those things, they actually paved the ground for a lot of the security industry that exists now. So, a lot of people’s job, they exist because of some of the the articles that were written there, which is very interesting.
JACK: At this point we’re forty years into Phrack, and some of the articles have historical significance.
SKYPER: Historical significance has the article of the E911 documentation that was released in 1989, I believe. I think it was Issue #24. It was documentation that detailed how the emergency 911 system works in America, and it was the first time that Phrack got into some legal problems with the — with authorities. I think that has some significance because it happened right after Operation Sundevil with the Secret Service hunting hackers. It also sparked the creation of the Electronic Frontier Foundation, because the Phrack person who released that article was so unfairly treated by the government and by the corporates.
JACK: Yeah, I think that article solidified Phrack as the coolest hacker magazine ever, because the founder, Knight Lightning, or one of the early founders, got arrested for publishing the article and then fought the law and won. So, it’s like, I got arrested for hacking, and I beat it and I got off scot-free. That was just such a middle finger to the establishment, of like, no, we’re hackers and we can beat you, and we did beat you in your court — in your arena, in your court of law. We still won. We didn’t do anything wrong. Screw off and leave us alone. That must have been just the most amazing, epic moment for the time, to beat the law. I know there was some other Phrack contributors who didn’t — who weren’t so successful with that E911 article. They pled guilty before they could fight it. But the fact that that happened — and one of the only times that anyone ever has been arrested for a CFAA violation and got off, that’s only like — I can count on one hand, I think, how many times that’s happened, and Phrack was one of them. So, yeah, that was definitely quite an article.
SKYPER: Yeah, Knight Lightning faces sixty years in prison and $122,000 in fine.
TMZ: That’s a lot more money nowadays, I think.
JACK: [Music] Another article which made big waves was titled Smashing the Stack for Fun and Profit.
SKYPER: So, Smashing the Stack for Fun and Profit, Issue #49, was the first article that told to the wider audience how buffer overflows work. So, in the olden days, buffer overflows were used to trigger a computer target to execute a program that is not intended to execute, to break into a computer system, so to say. This article detailed it, how to do it yourself, how you can do it. It was not the first time it was used on the internet. The first time was probably by Robert T. Morris, who wrote the very first internet worm, and there were other articles around how to manipulate the stack, but it was never that detailed, in that clarity, and reaching such a wide audience.
JACK: When this article came out, buffer overflows became the new favorite way hackers would break a system, and it was a favorite because of how successful it was to do. Programs just weren’t designed to stop this from happening, and so many things were vulnerable.
SKYPER: I think the race just started with source code reviews and finding vulnerabilities, disclosing them, irresponsibly disclosing them in the olden days, and then slowly getting an idea of what responsible disclosure is, that not every corporate is your enemy, and trying to work together with them, trying to find common ground, how we can make the internet a better place for everybody.
TMZ: This is one of those cases that — this was a very elite and underground technique known probably just by governments or things like this — that when it hit — when the article was written, it just clicked in so many people’s minds. So, there was this myriad of software that’s abundantly available, and mostly likely vulnerable. They could just fool around with it, like everywhere. So, yeah.
SKYPER: So, just to put this into perspective, when I started out with computer security and hacking, when I wanted to learn how to break a computer system, I’ve been told what you have to do is you have to go to the library. You have to find the book about Robert T. Morris. You have to find and read the articles, the news articles, to piece together information how he did it. Then when Phrack came out with Smashing Stack and Fun and Profit, it was all clear immediately.
JACK: Back then, hackers weren’t very respected. Companies would try to ignore the vulnerabilities that they were told about, almost with the audacity of being upset that somebody would buy their software and then try to break it, as if hackers were the problems, like they were just some punk kids trying to jab their fingers in somebody’s eye.
SKYPER: I think that has flipped, and I always like to compare it against the early companies who did safety assessment for cars. The car industry tried to sue them and outlaw them, and says, what are you doing? You can’t show the people how dangerous it is to drive without a seatbelt. But they did, and now everybody has learned that it is right to have a seatbelt. It’s good to have a seatbelt. The same thing happened with this article and then with the exploit development. In the beginning they were hesitant. They were blaming the hackers for releasing such destructive technology. But if the hackers hadn’t released it, then other governments surely would have exploited these holes anyway.
TMZ: True. Now they don’t do this only for the front. They do this mainly for the profit. It 100% became a business and a career. People are hired now to hack companies to assess their security. You see this every day. There’s a lot of episodes that you covered already that are about this, like companies that — they hired people to do penetration testing and physical security and all those things. This was unthinkable back then, I think.
JACK: There are so many good articles on Phrack.
TMZ: I think the Nmap one, The Port Scanning — The Art of Port Scanning from Issue #51 by Fydor, which followed the release of the Nmap tool…
SKYPER: Nmap was the grandfather of all port-scanners out there.
JACK: Oh, wow. Yeah, Nmap is the defacto tool, almost the standard for how we do port-scanning today. It’s a super simple command line tool, and the person who made Nmap published how to effectively port-scan using the tool on Phrack. That taught millions of people how to port scan. Even today, Nmap is still highly used by just about everyone in cybersecurity. There’s another article in Phrack which goes into detail of how to do GPS jamming.
SKYPER: I like that this article’s in there because it shows that GPS jamming is not really cybersecurity, but it is — GPS in itself is a technology that everybody uses and that nobody ever really thought about how vulnerable it is. Because it is already a weak — a very weak signal coming from the satellites, of course you can jam it. But it was not apparent to everybody until we released the article. Then you could buy jammers. You know, two years later, you’ve got jammers all over the place from China and whatnot for very low money. But it was Phrack first who released that article and got this idea out, that, hey, GPS is actually very easy to jam. No one ever thought about that.
JACK: Hm, that’s a good point. I don’t always know where the line is on whether something is a cybersecurity problem or not. I published an episode recently about a credit card skimmer, and a lot of you complained and said that episode had nothing to do with cybersecurity. It made me wonder, okay, well, if it’s not a cybersecurity problem, whose problem is it? I mean, if you’ve got articles on Phrack, a hacker magazine, that shows you how to exploit a technology and compromise the integrity of it, then maybe that is a cybersecurity problem.
TMZ: Of course we had the Hacker’s Manifesto articles from 1986 that was like…
SKYPER: For me, this is the most significant article in all of Phrack just because it sets out the baseline and the conduct, how hackers should behave, and what hackers should do and should not do, and how we think.
JACK: Oh yeah, I told you about the Hacker Manifesto in one of the previous episodes. One of the Legion of Doom members wrote it and published it first on Phrack, and I’ll give you a short excerpt from it. I’m reading from Phrack here. “This is our world now, the world of the electron and the switch, the beauty of the baud. We explore, and you call us criminals. We seek after knowledge, and you call us criminals. We exist without skin color, without nationality, without religious bias, and you call us criminals. You build atomic bombs. You wage wars. You murder, you cheat, and lie to us, and try to make us believe it’s for our own good, yet we’re the criminals? Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. I am a hacker, and this is my manifesto. You may stop this individual, but you cannot stop us all. After all, we’re all alike.”
SKYPER: Yeah, these things are still valid today, maybe — perhaps even more valid today than they were back then, that we are all equal, that we don’t care about skin color, religion, or nationality.
TMZ: Yeah.
SKYPER: A lot of criminals forget this, and that’s why they are criminals. They are not hackers. If you hack for a nation, you’re not a hacker. You’re actually more concerned about your nationality than about the Hacker Manifesto. We don’t care about that. We only care about skills.
TMZ: Correct. Yeah, I wrote a little bit about it in the last Phrack, Phrack #72.
JACK: We’re gonna take a quick ad break here, but stay with us, because when we get back, we’re gonna get into my favorite Phrack stories. [Music] The first issue of Phrack was published in 1985, before websites were popular. So, it was just hosted on a BBS, and you had to use your home phone and dial into it and read it that way. They wanted the articles to spread, so they encouraged people to mirror in on other people’s BBS in other towns. But eventually when websites became popular, Phrack moved to phrack.com, and that became its new home. But it didn’t stay that way.
SKYPER: I think phrack.com got hacked at least once. The web server was often down, not reachable.
JACK: Somewhere around 1998, phrack.com went offline. It stopped publishing articles for two years, and was down most of the time. I should also mention that Phrack changed owners quite a bit. The original founders went off and did something else. New people came in, and they were doing stuff. But it’s a free magazine, and they never tried to make money. So, it relied on volunteers to keep it going, and they could only spend so many years of their life before going off and doing something else. By 2000, the site looked dead. The website had been mostly offline for the past few years, and no new articles for two years. At that point, it was ran by Mike Schiffman, AKA Route. Skyper wasn’t involved at all, and Mike didn’t even know who Skyper was, but Skyper had a plan. He wanted to revive Phrack, and needed to do something epic to prove his worthiness.
SKYPER: So, I decided to steal a domain, which was phrack.org, which back then was not owned by the Phrack staff. It was owned by somebody who probably didn’t even know about Phrack.
JACK: What? How did you steal a domain?
SKYPER: Luckily in the olden days, these things were rather easy. You would go to the domain registrar — in this example it was a French one, gandi.net — and you would initiate a domain transfer, and it would ask you that — you need the authorization code to transfer it. You would right-click on the web page and say ‘view source code of the web page’, and the authorization code would be written there in the hidden HTML tag, in a form tag. That was all you needed back then to do hacking.
JACK: Wow, so just by looking at the view source of a website, it would show you the authorization code that it was expecting in order to prove that you’re the owner of the site. I mean, it has to compare the authorization code you type in with something, right? So, there’s some logic on the back end somewhere. It just happened to be right there in the source code of the site. It was as simple as just doing view source, and then you could take over anyone’s domain.
SKYPER: But you also have to put this into perspective. Back then, not many browsers had a feature to actually view the source code.
JACK: So, Skyper had phrack.org and wanted to use it to revive phrack.com. But he wasn’t doing this alone. He actually was involved with a few hacking groups, specifically HERT and Teso.
SKYPER: So, HERT is — stands for the Hackers Emergency Response Team. HERT was founded around the same time when the CERTs were founded, the Computer Merchant’s Response Team. It was meant to be a counterweight to the CERT because the community felt that often there, the CERT, the Computer Merchant’s Response Team, didn’t really know what they were doing, and the publications were often not technically correct. So, the community created the Hackers Emergency Response Team, where the hackers published their version of the vulnerability, and their exploits and their assessment of the risk. Yeah, that was what HERT was. Teso was a German/Austrian hacker group who later became more internationally — and went by the name of Team Teso.
JACK: So, with phrack.org in hand and with Teso and HERT behind him, Skyper got busy recreating the site to show he can manage a website like that.
SKYPER: Then I spent many days and many nights to recreate all the articles. I put them in a SQL database that was searchable, and copied all the data. I created the web page and then put it online, and then called Mike Schiffman, who was the editor-in-chief back then. I called him during breakfast. He was literally saying, I’m just having breakfast, but what you’re saying sounds great, so let’s do it. There was no hesitation. It was a combination of people from Teso and HERT who took over the Phrack magazine in 2000, or revived the Phrack magazine in the year 2000.
JACK: So, Skyper was now in control of Phrack, and then officially moved from phrack.com to phrack.org, which is where it remains today. It was a whole new, fresh team. Nobody from the old Phrack staff was around to write any articles or to help, so this new team got busy with a fresh, new issue, Issue #57.
SKYPER: Yeah, my first one already was the first hardcover release ever. So, we decided we want to land with a big bang, and decided for our very first release — not just, are we going to write all the articles ourselves; we also create the first hardcover release, which we will release at a hacker conference, a physical copy.
JACK: So, in 2001 was the first time Phrack had a hard copy created, elevating it to the next level.
SKYPER: Oh, it was fantastic. It was a fantastic success. I think we printed 800 hard copies or so. We all picked them up with a car, with a rented car, and these hard copies were heavy. We picked them up and the printer in the Netherland, and the car almost crashed with all the load in the trunk and the back seats. We drove to the conference and went to the main tent, and announced that we are — I’m going to distribute Phrack in half an hour. We had a great party and handed out the magazines, and lots of alcohol and celebrating and talking about it. It was a fantastic time.
JACK: [Music] So, hackers trying to hack a hacker website is always going to be a thing, and phrack.org had its fair share of attacks. There was a group that particularly was trying to take down Phrack, and they called themselves the Phrack High Council, or PHC.
SKYPER: Yeah, around that time there was a movement called the Anti-Security Movement. It was around the time when hacking really got commercialized. Many, many, many companies entered the community and started to sell cybersecurity technology. Hackers would start working for these companies, and they would sell the secrets that they did not research and did not discover, but that were given to them by the community, and they were making lots of money from it. The community was not very happy about that because, effectively, these people stole from the community. So, a movement emerged called the Anti-Security Movement, and — which basically said, well, that’s not okay. We can’t do that.
Out of that the PHC materialized, and they were probably — let’s call them the radical form of Anti-Security Movement. They would do a witch hunt, and they would try to hunt down every hacker who would work for corporate. I call it hacker cannibalism, where hackers hate other hackers and destroyed other hackers, often unfairly and unjustified. It was really a witch hunt. That went on for some time, and PHC then tried to take over Phrack ‘cause they were not happy with the editorial staff who was running Phrack. Of course they tried to hack into the servers and things that you would do, but they also tried to steal articles or sent out — call for papers and pretending that they were Phrack, but they never owned the domain.
JACK: Oh, how interesting. They tried to pretend to be Phrack by publishing lookalike articles that pretended to expose secrets, but they weren’t actually secrets. A little war was breaking out between the corporate cybersecurity culture and the underground hacker culture. The Phrack High Council thought if Phrack publishes articles on how to hack, that it’ll be used by corporations to make money, so therefore, don’t publish any articles at all, or publish articles that would be detrimental to the cybersecurity professionals out there who are trying to profit from it.
SKYPER: Yeah, they wanted to keep all the secrets among themselves, and so that only they can use them. It’s very selfish and it’s also counterproductive. In an intellectual society, you need to share your ideas to inspire other people and for other people also to verify your ideas and to take your ideas further to the next step. Otherwise it’s stagnation, and you won’t go anywhere.
JACK: Okay, so they tried to publish their article as Phrack, just posing as them. What else?
SKYPER: They actually stole some of the pre-release of Phrack. So, what happened is that — the Phrack stuff always releases the upcoming Phrack release to the community, to some trusted friends, and then after the release to the trusted friends, then it’s released to some lesser-trusted friends, and so on and so on. After a few days it ended up before the official web page release in the hands of a PHC guy. So, this PHC guy knows that we haven’t released it publicly yet, that it’s still a community release only. He modifies the Phrack articles, put some backdoors in there, and then published on his web page, the PHC web page, as a new Phrack release. These backdoors, they weren’t even clever backdoors. They were just very destructive backdoors. They would delete your entire computer.
JACK: Wow. So, have you ever looked up a tutorial online and it had some script or code or something, and that’s what you needed to do, that’s the command you were looking for? So, you just copy and paste it into your computer, but you don’t actually know what it does. Yeah, well, if you would have tried to copy and paste this script, it had the command rm-rf, which would delete your whole hard drive. How funny is that? Obviously Phrack’s staff didn’t put that destructive command in their magazine, but that version of the article still existed out there somewhere. Skyper and his team had brought Phrack back. They were publishing yearly issues of Phrack. But then Skyper moved on to do other things, but there was enough momentum and there was enough people involved with Phrack at that point for it to keep going on its own, but it was slow going. Yearly issues turned into every-other-year issues, and then sometimes there’d be four years between issues.
In 2016, it seemed like that was the last issue of Phrack. Phrack staff just wasn’t there anymore, and there were no issues coming out. But five years after that, in 2021, to all our surprise, a new issue of Phrack was released. We thought it was dead, but we were super happy to see a new issue. I remember hearing people at Defcon tell me that year that they used an exploit that they saw in that new issue of Phrack to make a bunch of money on bug bounties that year. So, it still had teeth and grit and was hard-hitting. Well, at least until things got patched. But that seemed to be the last hurrah for Phrack. [Music] The internal Phrack staff just sort of fizzled out. There wasn’t support much for it. The people were just very loosely involved at that point, and they decided to get together in 2023 to discuss the future of Phrack.
SKYPER: We actually met in Spain to discuss about the future, about Phrack, and we decided that it’s not just for two or three people to decide, that we should really ask Mike Schiffman again and some of the old staffers and previous staffers what their opinion is. Then eventually we had a big phone call with maybe six or eight people of the old staff and new staff on there, and we discussed what we should do. There were various options. Some people said, hey, let’s do one more Phrack and let’s just call it. That’s it, you know, the last Phrack. Then other people said, no, we can’t even do that. The community’s dead. Most importantly, there were the very few of us who said, no, no, the community is always there. There is still a community that deserves a magazine like this. There’s always curiosity out there and always the need for people to publish articles, and we have to provide a platform for them so they can do it, and Phrack is the perfect platform for these articles. So, we were brainstorming about who we could contact out there who has experience with running a magazine, who would enjoy running a magazine, and who’s also technically skilled. Because Phrack, in the end, is a very technical magazine. So, the group that came to our minds were the people who were running already tmp.out magazine.
JACK: tmp.out is very similar to Phrack. It’s an e-zine which posts articles on hacking. It has its own edginess to it. Like, there’s a bunch of ASCII art and hard-hitting articles. It was TMZ here who co-founded tmp.out.
TMZ: So, tmp.out is a group that is a research group that we formed maybe five years ago now. We started in IRC with three people. We just wanted to research ELF, infection techniques of Linux viruses and things like this. We thought it was a very niche area that — we had people in common that wanted to do that. So, we kinda brainstormed a little bit. Then more people were joining, and then eventually we had a Discord channel. There’s like, 1500 people there now. Suddenly the community was like, okay, what if you make a zine, you know, like in the old days? People were like, oh, yeah, I wanted to write the script or whatever. So, we just gave it a go, and we made four volumes already of it so far, and it’s been really, really nice.
SKYPER: We contacted them, and we went — had a phone call together, and the rest is history.
TMZ: [Music] I was honestly speechless when that happened. I was very, very anxious. I remember that I was on vacation, and I just ran to the — I was actually about to catch a flight. So, I just found the quietest corner of the airport lounge that I could find, and had the call with them and took notes of everything. Essentially the idea was like, okay, if you wanted to — you’re gonna go, you know, trust you with that. The former staff also was saying, okay, we maybe should do something different this time, like make Phrack well-known again.
JACK: The tmp.out team had already established themselves as a group who was technical, smart, and could ship articles, and immediately got busy reviving Phrack once again. I had no idea that the teams behind Phrack have shifted so much throughout the forty years. But when it’s volunteer-driven, I suppose that’s what happens. So, the tmp.out team was excited to be taking over Phrack, and wanted to make their first issue a big one. It was 2023, and in the seven years before that, there had only been one Phrack issue released, so a lot of people just thought it was dead. But to show them that it wasn’t dead, they wanted to make a physical copy and release it at Defcon.
SKYPER: Yeah, we just thought, actually, about doing only a online release. We didn’t really thought about actually doing a physical release last year until kinda late in the process. Then we were just like, okay, what if we do it? Can we do it? Do we have some budget? Can we talk to some people? So, we were able to raise some funds, and we were able to get 500 copies down to Vegas. Yeah, it was a first — a very interesting first experience on logistics, because releasing a physical copy of things, it’s not as easy as it sounds. Not only you have to actually make the material, but the distribution, especially at Defcon.
JACK: Wow. Okay, so, last year you actually reached out to me to — you were looking for a place to spread them or give them out.
SKYPER: Yeah, yeah, yeah. So, we had a few of them downstairs, right, and then we were just like, yeah, sure. But we kinda wanted a place more centralized for that, and that was very nice to get some of the copies there at the party, at the Darknet Diaries party. People really liked it. I remember a lot of people were so happy, and I think that’s what made me feel very real. That’s why I was like — a lot of people, they looked at it, and they looked at it as the most precious thing that they ever touched. They say, yeah, I’m here and I like what I do now because of Phrack twenty-five years ago, thirty years ago. So, that’s really very, very nice.
JACK: It was a special moment for me. I mean, the fact that the Phrack staff came in and started handing out Phrack magazines at my party was — I felt like, man, I — this is special. This is cool. I feel honored to have been one of the places to spread it, ‘cause I think you only picked three or four places to spread out the magazines there.
TMZ: Yeah, correct. Thank you for having us. It was really, really…
JACK: I cherish my copy that I got from you. I wish I got it signed. As soon as I left that night, I was like, oh no, how did I not get it signed by you? But yeah, that’s — that feels like a very special book to own. It’s more of a book. It’s in my hand here, and my gosh, this thing is heavy. So, Phrack #71 — I’m just looking through it; it’s very — text. There’s hardly any pictures at all, and I guess that’s because you were saying, we weren’t even thinking about printing it. Then when you finally got around to printing, it was like, okay, well, we’ll just print the articles.
TMZ: Yeah. So, editing this is already hard, you know, for somebody that doesn’t have — that doesn’t work with it, I guess. But we also were like, okay, we keep the style, right? That’s what the first thought — also. So, it’s easier because it’s less editing, but that was still — which is already pretty hard. But we keep the text plain-text style, which a lot of people relate to and really, really like.
JACK: [Music] So, tmp.out proved themselves to be able to ship an issue of Phrack. Great. But Phrack started in 1985. So, with 2025 coming, it would mark the fortieth anniversary of Phrack, which got a lot of people excited to pitch in and help make a great new issue.
SKYPER: Phrack #72 — because it marked our fortieth anniversary, we all wanted to make something very special, so we — the initial idea was to go back to the Netherland to release the magazine there again as a hard copy where we released the first hard copy twenty-four years before. But we got enough funding and we got enough community support to then be able to coordinate a release at three different conferences at the same time, which was in Netherland, and at Defcon in Las Vegas, and at Hope in New York City, and then very smaller conferences all around the world. So, it was beautiful how the community came together and everybody chipped in some dollars and helped us.
JACK: The one that I have actually has Defcon Special Edition written on the cover. So, were there multiple covers?
TMZ: Yes, we had three different covers, actually four. One of them is the — is gonna be released later this year.
SKYPER: I’d like to add something to that. When TMZ says there are four covers, three that are already released, and one of them that will be released at the end of the year — it’s because we’re going to release the PDF online for everybody to print it at home or print it in a professional print shop and get it shipped to their home address.
JACK: So, Phrack Issue #72 was released at Defcon in 2025, and I was there to get a copy of it.
SKYPER: Yeah, this year we turned it up a notch. This year we didn’t show up with 500 copies. We turned up with close to 8,000 copies at Defcon.
JACK: Most if not all articles of Phrack are simply text files. There are no visuals or graphics at all. Well, I should say you could see some ASCII art there, but that’s just still text in the shape of a picture. But this fortieth anniversary edition, man, does it pop. Every page has a graphic on it, and it’s really cool. It feels like a high-quality magazine at this point, and it’s bulky and has a ton of articles in it.
TMZ: Yeah, so, we got the opportunity to have the wonderful people at — from Paged Out!, which is another magazine as well, to do the graphics for us. I mean, as you can — as you know because you saw it already, it just — it’s mind-blowing. The quality is so, so good. I remember when I got the confirmation that they were able to do it, I was so relieved that I didn’t have to do it myself, because, one, I mean, I know that it’s hard for me because I’m not an expert on this. Second, I would never be able to match this quality, or nobody, at least, that is in the current staff. They just — it’s just incredible. I think Phrack never looked that good.
JACK: Yeah, it looks great. It feels like your coming of age, but even forty years later, and it’s looking great. I like that. It makes me excited about the future. Getting — you said 8,000 copies to Defcon?
TMZ: Yeah. We had, I think, around 15,000 copies spread amongst those three conferences.
JACK: Yeah, I mean, gosh, how much does that even weigh? How do you even get that to Defcon?
TMZ: It’s part of the problem as well. First, to solve these issues, we tried to find local printers, right, and it is very, very challenging because the transportation is very costly. So, we found a Vegas printer, and I think for Defcon, that was ten tons or something…
JACK: Ten tons.
TMZ: …of paper.
JACK: Wow.
TMZ: Yeah.
SKYPER: Yeah, so, the logistical issue is that you don’t only have to deliver it by truck to Defcon; you also need manpower on the ground to hand-carry ten tons from the loading bay to the registration desk. So, all these little details we had to learn and figure out.
JACK: It was great to see Phrack all over the place at Defcon this year. People were showing me how excited they were when they got their copy. Some got it signed by the Phrack staff. Some had me sign it for some reason. It was a wonderful time. But what surprised me is that this is such a high-quality magazine, but then thousands of them were given out to everyone just for free?
TMZ: Phrack is for the community always. It’s always free. So, somebody tries to sell you a Phrack, you know that it’s not from us.
JACK: You say you’re never gonna charge for these things.
SKYPER: We’re never gonna charge.
TMZ: No, no.
JACK: It’s so cool having…
TMZ: People are welcome to help us in any way, right? The community is there for this. So, people can help us with article reviews, with art as well, and people did, which is very, very nice to see. This year’s, there’s a lot of people involved. The artists that draw — design the covers, for example, as well. So, there’s several ways that people can help us make this happen, and we do it for them, and they do it for the community as well.
JACK: Wow, it’s impressive that you’re able to make it happen and have such a high-quality print magazine here. This thing is like a hundred pages long.
SKYPER: It needs to be said that of course this thing cost money to print. The printer still wants to be paid. He doesn’t do a favor for Phrack. So, the Defcon print in its own was about $55,000 US dollars. So, this is still money that we had to raise from the community. But the good thing is that many of our friends who were doing Phrack with us in the year 2000 and 2001 and who were reading Phrack with us and who were writing articles for us, now, twenty-four years later, they have all made their fortunes. They’re running big companies. Some of them are trading on the stock exchange. But these people came back to us, and they were happy to support us financially and help us with this immense cost.
JACK: A magazine that launched 10,000 cybersecurity careers, huh?
TMZ: [Laughs] Exactly.
JACK: Well, so, that’s where we’re at today, fortieth anniversary. Well, congrats on forty years of running a thing or keeping it going. It’s so fascinating that it’s community-driven, almost like Dread Pirate Roberts, right? His name lives on, but it’s not always the same person that lives on, right? So, Phrack continues to live on because the community keeps it going.
TMZ: Yep, yep. The community is as strong as ever now, and I think it’s gonna grow even further.
JACK: Yeah. Tell us about the future.
TMZ: Yeah. So, I think we really want to keep the community growing. We want to get a little bit better. So, every time we do a release, we learn a lot about everything like logistics and article reviewing and project management and all those things. So, we’re not experts on this. We also have our day jobs and all those things. So, we’re learning as we go as well. The community, I think, we want it to grow and have more people involved to help us. We have a lot of people that — sometimes they say, yeah, I don’t have time to write an article this year or something like this, but they do have spare time to help with article reviews, so — for example. This is already a very big deal. I think in the future we want to get more people involved. If you want to say in a very brief way, we want to be accessible.
JACK: Okay, so, I got a physical copy, but that’s just ‘cause I happened to be at the right time and right place. Is there a way to get a physical copy by ordering it?
TMZ: Yes. Like, last year, we made it available for self-print at cost, obviously. So, we don’t profit. Of course, you can print anywhere you want. We have just a recommended printer, whatever. It doesn’t really matter because we release the full high-quality PDF as well. So, you can print and edit if you want at your own local print shop, and this year it’s gonna be the same.
JACK: Phrack is currently looking for new articles for their upcoming issue. If you’ve got a new hacking technique or are thinking of researching a specific technology or protocol, reach out to the Phrack staff with your draft or even just an idea. They are very helpful at giving you feedback to help you draft a great article. Even if your English is not very good, they can help co-author the article with you. Of course, you could still read every issue of Phrack free of charge at phrack.org. Here’s to another forty years of an awesome hacker magazine.
OUTRO: [Outro music] A big thank you to Skyper and TMZ for coming on the show and sharing the history and stories of Phrack. It really is looking better than ever, and I can’t wait to see what they make next. In the show notes you’ll find links to where you can order a physical copy of Issue #72, or just download the PDF and print it at home. This show is made by me, the packet tickler, Jack Rhysider, editing by the Ctrl+Alt+Delight Tristan Ledger, mixing by Proximity Sound, and our theme music is by the mysterious Breakmaster Cylinder. I named my dog Regex because nobody understands him, not even me. This is Darknet Diaries.
[End of recording]