170: Phrack

Hey, this is Jack, host of the show. So the last two episodes talked about hacking in the 80s and 90s, which was primarily phone-freaking. In those episodes, I talked about a digital magazine called Frack, which was incredibly influential to the hacking scene. It wasn't uncommon to be in a chat room and someone come in and ask, how do I get started as a hacker? And then someone else simply say, go to Frack's site, start reading it at issue one, and by the time you're all caught up, you'll be a great hacker. It's probably good to go and listen to the two episodes before this, before doing this one, just to have the context, but you don't have to if you'd rather not. But the thing is, is that in this episode, I interview two of the FRAC staff. The magazine just celebrated their 40th anniversary, and I'm pretty sure if you run a hacker magazine for 40 years, there's got to be some interesting stories in there somewhere. These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is sponsored by ThreatLocker. Ransomware, supply chain attacks, and zero-day exploits can strike without warning, leaving your business's sensitive data and digital assets vulnerable. But imagine a world where your cybersecurity strategy could prevent these threats. And that's the power of ThreatLocker, zero-trust endpoint protection platform. Robust cybersecurity is a non-negotiable to safeguard organizations from cyber attacks. ThreatLocker implements a proactive, deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team. This least privileged strategy mitigates the exploitation of trusted applications and ensures 24-7, 365 protection for your organization. The core of ThreatLocker is its Protect Suite, including application allow listing, ring fencing, and network control. Additional tools like the ThreatLocker Detect EDR, storage control, elevation control, and configuration manager, enhance your cybersecurity posture, and streamline internal IT and security operations. To learn more about how ThreatLocker can help mitigate unknown threats in your digital environment and align your organization with respected compliance frameworks, visit ThreatLocker.com. That's ThreatLocker.com. This episode is sponsored by Drada. Let's face it, if you're leading GRC at your organization, chances are you're drowning in a sea of spreadsheets every day, balancing security, risk, and compliance. In an ever-changing landscape of threats and regulatory frameworks, it can feel like running a never-ending marathon. Enter Drada's agentic trust management platform designed for leaders like you. Drada automates the tedious task, security questionnaire responses, continuous evidence collection, and much more, saving you hundreds of hours each year. With Drada, you can spend less time chasing documents and more time solving real security problems. With Drada, you also get access to a powerful trust center a live, customizable product that supports you in expediting your never-ending security review requests in the deal process. It's perfect for sharing your security posture with stakeholders or potential customers, cutting down on back-and-forth questions, and building trust at every interaction. Ready to modernize your GRC program and take back your time? Visit drata.com slash darknetdiaries to learn more. That's spelled D-R-A-T-A, drata.com slash darknetdiaries. Okay, first, let's start out with some introductions. Hi, my name is Skyper. I used to be the editor of the FRAC magazine in the year 2000 to 2005. And I've joined the FRAC staff recently again as an advisor. Hey, I'm Tim Zee. I'm one of the current staff and editors of FRAC magazine. In your words, can you tell us what is FRAC magazine? So FRAC stands for freaking and hacking. It's a combination of these two words. And it used to be the manipulation of the phone lines. Effectively, the main goal was to get you free phone calls that are very hard to trace. FRAC Magazine, this is all sorts of things, hacking related, to be honest. I think there is the infamous article on how to make a bomb as well in the past. Yeah, I mean, I think I saw that even in issue one. And there was a balloon that had acetylene in it that we put like snap caps or pop caps on it and throw some rocks together. And you throw the balloon off like a roof. And when it hits the ground, the snap pops, the little popper snap, and then it creates a little explosion. I think that was issue one. And so it's interesting how anarchy kind of shows up in frack. Like bombs. What is this doing in a hacker magazine? I think we have to put this into a different context of where we were 40 years ago. Terrorism didn't really happen, at least not in most countries. And so building bombs was not seen as necessarily something evil or criminal, but it was just young kids exploring things. What can they do? They didn't mean to do any harm with them. They were just experimenting. In my opinion, frack seems to capture some kind of counterculture. It's notes from the underground type stuff. Because back in the 90s, cybersecurity wasn't quite a mainstream profession yet. Like schools didn't teach you how to secure networks or how to hack. But nowadays, almost every major university has a major in cybersecurity. So back in the 90s, there was just this underground group of people breaking computers, basically, and talking about it in chat rooms and on forums. You had freakers, hackers, rippers, crackers, seeders, which welcomed in artists and musicians who were making things on their computers. And this was collectively known as the scene back then. And I think it was this underground scene that frack was born out of and has its roots in. So the scene was made by like largely people trying things out with their new hardware that they found or like trying to like make something, do something that was not supposed to be doing or that was not engineered to do. So that's what the original hacker was all about. I think if you summarize it, then FRAC contains condensed, hardcore technical articles without any bullshit. The stuff works and it's practical. I'm fascinated by these two cultures, the cybersecurity professional and the scene hacker. One does it for money and it's their career. And one does it for fun. It's their hobby. But they're both passionate about it. One tries to do it in the light. One wants to do it in the shadows. But they both like sharing what they know. What's the difference, honestly? Attitude? Style? But as computers grew more mainstream, becoming more common in every house, more interest grew in hacking. I mean, I'm sure you've gotten some kind of new electronic at some point in your life, and you sat down and you said to yourself, what are all the cool things that this thing can do? So imagine getting a computer and learning that it can print stuff and play games and make sounds, but then also hearing about some of the secret stuff it can do, like hack other people's computers. So more people got fascinated with hacking and were contributing to things like FRAC, submitting articles on how to do cool secret stuff on your computer. But also, along with the rise of computers, the cybersecurity profession became popular, which sort of brought in a whole new culture of hackers. These weren't the rollerblading, cargo pants-wearing Mohawk kids. The cybersecurity professional wears a collared shirt and sometimes a tie. You can see the stark contrast of these two cultures when you go to conferences like Black Hat and DEF CON. At Black Hat, you see people wearing suits and ties. They say they're geeks and nerds, but they don't look it. At DEF CON, there's a lot of people wearing cargo shorts, black shirts, hoodies, having Mohawks. At Black Hat, I feel like those people have to be there for work. But at DEF CON, I feel like those people want to be there for the fun. And because I grew up in the scene, my heart is still there. We were the kids who tried stuff with no manual or tutorial. We built things that weren't possible. We did it without permission or rules. We pushed the boundaries and explored a new frontier. At this point, we're 40 years into FRAC, and some of the articles have historical significance. Historical significance has the article of the E911 documentation that was released in 1989, I believe. I think it was issue 24. And it was a documentation that detailed how the emergency 911 system works in America. And it was the first time that FRAC got into some legal problems with the authorities. I think that has some significance because it happened right after Operation Sun Devil with the Secret Service hunting hackers. And it also sparked the creation of the Electronic Frontier Foundation because the FRAC person who released that article was so unfairly treated by the government and by the corporates. Yeah, I think that article solidified Frack as the coolest hacker magazine ever because the founder, Night Lightning, or one of the early founders, got arrested for publishing that article and then fought the law and won. And so it's like, well, I got arrested for hacking and I, and I beat it and I got off scot-free. And that, that was just such a, such a middle finger to the, to the establishment of like, no, we're, we're, we're hackers and we can beat you. And we did beat you in your court, in your arena, in your court of law. We still won. We didn't do anything wrong. Screw off and leave us alone. And that must have been just like the most amazing, epic moment for the time to beat the law. And I know there were some other FRAC contributors that weren't so successful with that E911 article. They pled guilty before they could fight it. But the fact that that happened, and one of the only times anyone ever has been arrested for a CFAA violation and got off, it's only like I can count on one hand, I think, how many times that's happened. and FRAC was one of them. So yeah, that was definitely quite an article. Yeah, Night Lightning faces 60 years in prison and $122,000 in fine. That's a lot more money nowadays, I think. Another article which made big waves was titled Smashing the Stack for Fun and Profit. So Smashing the Stack for Fun and Profit, issue 49 was the first article that told to the wider audience how buffer overflows work. So in the olden days, buffer overflows were used to trigger a computer, a target, to execute a program that is not intended to execute, to break into a computer system, so to say. And this article detailed it, how to do it yourself, how you can do it. It was not the first time it was used on the Internet. The first time was probably by Robert T Morris who wrote the very first Internet worm And there were other articles around how to manipulate the stack but it was never that detailed in that clarity and reaching such a wide audience When this article came out, Buffer Overflows became the new favorite way hackers would break a system. And it was a favorite because of how successful it was to do. Programs just weren't designed to stop this from happening. And so many things were vulnerable. I think the race just started with source code reviews and finding vulnerabilities, disclosing them, irresponsibly disclosing them in the olden days, and then slowly getting an idea of what responsible disclosure is, that not every corporate is your enemy, and trying to work together with them, trying to find common ground, how we can make the internet a better place for everybody. This is one of those cases that this was like a very elite and underground technique, known probably just by governments or things like this that when it hit when the article was written it just like clicked in so many people's minds so there was like this media of software that's like abundantly available and like most likely vulnerable, they could just fool around with it, like everywhere so yeah So just to put this into perspective, when I started out with computer security and hacking, when I wanted to learn how to break a computer system, I've been told what you have to do is you have to go to the library. You have to find the book about Robert T. Morris. You have to find and read the articles, the news articles, to piece together information how he did it. And then when FRAC came out with Smashing Stack and Fun and Profit, it was all clear immediately. Back then, hackers weren't very respected. Companies would try to ignore the vulnerabilities that they were told about, almost with the audacity of being upset that somebody would buy their software and then try to break it as if hackers were the problems, like they were just some punk kids trying to jab their fingers in somebody's eye. I think that has flipped. And I always like to compare it against the early companies who did safety assessment for cars. The car industry tried to sue them and outlaw them and says, what are you doing? You can't show the people how dangerous it is to drive without seatbelt. But they did. And now everybody has learned that it is right to have a seatbelt. It's good to have a seatbelt. And the same thing happened with this article and with the exploit development. In the beginning, they were hesitant. They were blaming the hackers for releasing such destructive technology. But if the hackers hadn't released them, other governments surely would have exploited these holes anyway. True. Now they don't do this only for the front. They do this mainly for the profit. And it 100% became a business and a career. People are hired now to hack companies to assess their security. You see this every day. There's a lot of episodes that you covered already about companies that they hire people to do penetration testing and their physical security and all those things. This was unthinkable back then, I think. There are so many good articles on FRAC. I think the NMAP won the port scanning, the art of port scanning from issue 51 by Fjodor, which followed the release of the NMAP tool. NMAP was the grandfather of all port scanners out there. Oh, wow. Yeah. NMAP is the de facto tool, almost a standard for how we do port scanning today. It's a super simple command line tool. And the person who made NMAP published how to effectively port scan using the tool on FRAC. And that taught millions of people how to port scan. Even today, NMAP is still highly used by just about everyone in cybersecurity. And there's another article in FRAC which goes into detail of how to do GPS jamming. I like that this article is in there because it shows that GPS jamming is not really cybersecurity. But it is GPS in itself is a technology that everybody uses and that nobody ever really thought about how vulnerable it is. And because it is already a very weak signal coming from the satellites, of course you can jam it. But it was not apparent to everybody until we released the article. And then you could buy jammers. Two years later, you could jam us all over the place from China and whatnot for very low money. But it was Frag First who released that article and got this idea out there that, hey, GPS is actually very easy to jam. No one ever thought about that. That's a good point. And I don't always know where the line is on whether something is a cybersecurity problem or not. I published an episode recently about a credit card skimmer, and a lot of you complained and said that episode had nothing to do with cybersecurity. And it made me wonder, okay, well, if it's not a cybersecurity problem, whose problem is it? I mean, if you've got articles on Frack, Hacker Magazine, that shows you how to exploit a technology and compromise the integrity of it, then maybe that is a cybersecurity problem. And of course, we had the Hackers Manifesto article as far from 1986. For me, this is the most significant article in all of FRAC, just because it sets out the baseline and the conduct, how hackers should behave and what hackers should do and should not do and how we think. Oh yeah, I told you about the Hacker Manifesto in one of the previous episodes. One of the Legion of Doom members wrote it and published it first on FRAC. and I'll give you a short excerpt from it. I'm reading from Frack here. This is our world now, the world of the electron and the switch, the beauty of the bod. We explore, and you call us criminals. We seek after knowledge, and you call us criminals. We exist without skin color, without nationality, without religious bias, and you call us criminals. You build atomic bombs. You wage wars. You murder. You cheat and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. I am a hacker, and this is my manifesto. You may stop this individual, but you cannot stop us all. After all, we're all alike. Yeah, these things are still valid today, maybe perhaps even more valid today than they were back then, that we are all equal, that we don't care about skin color, religion, our nationality, And a lot of criminals forget this. And that's why they are criminals, they are not hackers. If you hack for a nation, you're not a hacker. You're actually more concerned about your nationality than about the hacker manifesto, where we don't care about that. We only care about skills. Correct. Yeah, I wrote a little bit about it in the last FRAC, FRAC72. We're going to take a quick ad break here, but stay with us, because when we get back, we're going to get into my favorite FRAC stories. This episode is sponsored by Meter, the company building networks from the ground up. If you employ and work with IT engineers, you're going to know how hard it is for them to do their job well. What your business needs is performant, reliable, secure networking infrastructure. But what you get is IT resource constraints, unpredictable pricing and fragmented tools. What you and your engineers need is a modern platform you can all trust to support your business. Enter Meter. Meter delivers a complete networking stack, wired, wireless and cellular. in one solution that's built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployment, and runs support. That means less time your employees spend writing to multiple vendors and more time working and improving your IT systems. Meter's full-stack solution covers everything from first site survey to ongoing support, giving you a single partner for all your connectivity needs. Thanks to Meter for sponsoring this show. Go to meter.com slash darknet to book a demo now. That's spelled M-E-T-E-R, meter.com slash darknet. And go book a demo. The first issue of Frack was published in 1985, before websites were popular. So it was just hosted on a BBS, and you had to, like, use your home phone and dial into it and read it that way. And they wanted the articles to spread, so they encouraged people to mirror it on other people's BBSs in other towns. But eventually, when websites became popular, FRAC moved to FRAC.com. And that became its new home. But it didn't stay that way. I think FRAC.com got hacked at least once. The web server was often down, not reachable. Somewhere around 1998, FRAC.com went offline. It stopped publishing articles for two years and was down most of the time. I should also mention that FRAC changed owners quite a bit. The original founders went off and did something else. New people came in and they were doing stuff, but it's a free magazine and they never tried to make money. So it relied on volunteers to keep it going and they could only spend so many years of their lives before going off and doing something else. By 2000, the site looked dead. The website had been mostly offline for the past few years and no new articles for two years. And at that point, it was ran by Mike Schiffman, a.k.a. Rout. Skyper wasn't involved at all. And Mike didn't even know who Skyper was, but Skyper had a plan. He wanted to revive FRAC and needed to do something epic to prove his worthiness. And so I decided to steal a domain, which was frac.org, which back then was not owned by the FRAC staff. It was owned by somebody who probably didn't even know about FRAC. How did you steal a domain? Well, luckily in the olden days, these things were rather easy. You would go to the domain registrar. In this example, it was a French one, Gandhi.net. And you would initiate a domain transfer. And it would ask you that you need the authorization code to transfer it. And you would right-click on the web page and save a few source code of the web page. And the authorization code would be written there in a hidden HTML tag, in a form tag. And that was all you needed back then to do hacking. Wow, so just by looking at the view source of a website, it would show you the authorization code that it was expecting in order to prove that you're the owner of the site. I mean, it has to compare the authorization code you type in with something, right? So there's some logic on the back end somewhere. It just happened to be right there in the source code of the site. It was as simple as just doing view source. And then you could take over anyone's domain. But you also have to put this into perspective. Back then, not many browsers had a feature to actually view the source code. So, Skyper had frac.org and wanted to use it to revive frac.com. But he wasn't doing this alone. He actually was involved with a few hacking groups, specifically HERT and Tesso. So, HERT stands for the Hackers Emergency Response Team. And HERT was founded around the same time when the CERTs were founded, the Computer Emergency Response Team. And it was meant to be a counterweight to the CERT because the community felt that often the CERT, the computer emergency response team, didn't really know what they were doing and the publications were often not technically correct. And so the community created the hackers emergency response team where the hackers published their version of the vulnerability and their exploits and their assessment of the risk. And yeah, that was what Hurt was. And Tesso was a German-Austrian hacker group who later became more internationally and went by the name of Team Tesso. So with frack.org in hand and with Tesso and Hurt behind him, Skyper got busy recreating the site to show he can manage a website like that And then I spent many days and many nights to recreate all the articles I put them in an SQL database so it was searchable and copied all the data I created the webpage and then put it online. And then called Mike Schiffman, who was the editor-in-chief back then. I caught him doing breakfast. He was literally saying, I'm just having breakfast, but what you're saying sounds great, so let's do it. There was no hesitation. And it was a combination of people from Tesso and Hurt who took over the FRAC magazine in 2000 or revived the FRAC magazine in the year 2000. So Skyper was now in control of FRAC and it officially moved from FRAC.com to FRAC.org, which is where it remains today. And it was a whole new fresh team. Nobody from the old FRAC staff was around to write any articles or to help. So this new team got busy with a fresh new issue. Issue 57. Yeah, well, the first one already was the first hardcover release ever. So we decided we want to land with a big bang and decided for our very first release, not just are we going to write all the articles ourselves, we also create the first hardcover release, which we released at a hack conference, a physical copy. So in 2001 was the first time FRAC had a hard copy created, elevating it to the next level. It was fantastic. It was a fantastic success. I think we printed 800 hard copies or so. We all picked them up with a car, with a rented car. And these hard copies were heavy. We picked them up in the printer in Netherlands. And the car almost crashed with all the load in the trunk on the back seats. We drove to the conference and went to the main tent and announced that we are going to distribute frack in half an hour. And we had a great party and handed out the magazines and lots of alcohol. and celebrating and talking about it. It was a fantastic time. So hackers trying to hack a hacker website is always going to be a thing. And frac.org had its fair share of attacks. And there was a group that particularly was trying to take down frac. And they called themselves the Frac High Council or PHC. Yeah, around that time, there was a movement called the anti-security movement. and it was around the time when hacking really got commercialized and many, many, many companies entered the community and started to sell cybersecurity technology and hackers would start working for these companies and they would sell the secrets that they did not research and did not discover but that were given to them by the community and they were making lots of money from it. And the community was not very happy about that because effectively these people stole from the community. And so a movement emerged called the anti-security movement, which basically said, well, that's not okay, we can't do that. And out of that, the PHC materialized and they were probably, let's call them the radical form of anti-security movement. they would do a witch hunt and they would try to hunt down every hacker who would work for corporate. I call it hacker cannibalism, where hackers ate other hackers and destroyed other hackers, often unfairly and unjustified. It was really a witch hunt. And that went on for some time and PhDs then tried to take over FRAC because they're not happy with the editorial staff who was running FRAC. Of course, they tried to hack into the servers and things that you would do, but they also tried to steal articles or send out call for papers and pretending that they were FRAC, but they never owned the domain. Oh, how interesting. They tried to pretend to be FRAC by publishing lookalike articles that pretended to expose secrets, but they weren't actually secrets. A little war was breaking out between the corporate cybersecurity culture and the underground hacker culture. The FRAC High Council thought, if FRAC publishes articles on how to hack, that'll be used by corporations to make money, so therefore don't publish any articles at all, or publish articles that would be detrimental to the cybersecurity professionals out there who are trying to profit from it. Yeah, they wanted to keep all the secrets among themselves, and so that only they can use them. It's very selfish, and it's also counterproductive. In an intellectual society, you need to share your ideas to inspire other people. And for other people also to verify your ideas and to take your ideas further to the next step. Otherwise, it's a stagnation and you won't go anywhere. Okay, so they tried to publish an article as FRAC, just posing as them. What else? They actually stole some of the pre-release of FRAC. And so what happened is that the FRAC staff always releases the upcoming FRAC release to the community, to some trusted friends. And then after it's released to trusted friends, then it's released to some lesser trusted friends, and so on and so on. And after a few days, it ended up, before the official webpage release, in the hands of a PHC guy. So this PHC guy knows that we haven't released it publicly yet, but it's still a community release only. And he modifies the FRAC articles, puts some backdoors in there, and then published on his webpage, a PHC webpage, as a new FRAC release. And these backdoors, they were not even clever backdoors. They were just very destructive backdoors. They would delete your entire computer. Wow. So have you ever looked up a tutorial online and it had some script or code or something and that's what you needed to do? That's the command you were looking for? And so you just copy and paste it into your computer, but you don't actually know what it does? Yeah, well, if you would have tried to copy and paste this script, It had the command rm-rf, which would delete your whole hard drive. How funny is that? Obviously, Frack staff didn't put that destructive command in their magazine, but that version of the article still existed out there somewhere. Skyper and his team had brought Frack back. They were publishing yearly issues of Frack. But then Skyper moved on to do other things. But there was enough momentum and there was enough people involved with Frack at that point for it to keep going on its own. But it was slow going. yearly issues turned into every other year issues. And then sometimes there'd be four years between issues. And in 2016, it seemed like that was the last issue of FRAC. FRAC staff just wasn't there anymore. And there were no issues coming out. But five years after that, in 2021, to all our surprise, a new issue of FRAC was released. We thought it was dead, but we were super happy to see a new issue. And I remember hearing people at DEF CON tell me that year that they used an exploit that they saw in that new issue of FRAC to make a bunch of money on bug bounties that year. So it still had teeth and grit and was hard hitting, at least until things got patched. But that seemed to be the last hurrah for FRAC. The internal FRAC staff just sort of fizzled out. There wasn't support much for it. The people were just very loosely involved at that point. And they decided to get together in 2023 to discuss the future of FRAC. and we actually met in Spain to discuss a bit the future about FRAC. And we decided that's not just for two or three people to decide that we should really ask Mike Schiffman again and some of the old staffers and previous staffers what their opinion is. And then eventually we had a big phone call with maybe six or eight people of the old staff and new staff on there. And we discussed what we should do. and there were various options. Some people said, hey, let's do one more frag and let's just call it. That's it, you know, the last frag. And then other people said, no, we can't even do that. The community is dead. And most importantly, there were the very few of us who said, no, no, the community is always there. There is still a community that deserves a magazine like this. There's always curiosity out there and always the need for people to publish articles. and we have to provide a platform for them so they can do it. And FRAC is the perfect platform for these articles. So we were brainstorming about who we could contact out there, who has experience with running a magazine, who would enjoy running a magazine, and who is also technically skilled. Because FRAC in the end is a very technical magazine. So the group that came to our minds were the people who were running already Temp Out magazine. Temp Out is very similar to Frack. It's an e-zine which posts articles on hacking. It has its own edginess to it. Like, there's a bunch of ASCII art and hard-hitting articles. And it was TMZ here who co-founded Temp Out. So Temp Out is a group that is a research group that we formed maybe five years ago now. We started in RSTs with three people. We just wanted to research ELF, infection techniques, Linux viruses, and things like this. We thought it was a very niche area that we had people in common that wanted to do that. And so we kind of brainstormed a little bit. And then more people were joining. And then eventually we had a Discord channel. There's like 1,500 people there now. And suddenly, the community was like, okay, what if we make a zine? Like in the old days, people were like, oh, yeah, I want to write the script or whatever. So we just gave it a go. and we made four volumes already of it so far. And it's been really, really nice. And we contacted them and we had a phone call together and the rest is history. I was honestly speechless when that happened. I was very, very anxious. I remember that I was on vacation and I was actually about to catch a flight. So I just found the quietest corner of the airport lounge that I could find and had the call with them and took notes of everything. Essentially, the idea was like, OK, if you wanted to give it a go, you know, trust you with that. The former staff also was saying like, OK, we maybe should do something different this time, like make FRAC well known again. The Temp Out team had already established themselves as a group who was technical, smart, and could ship articles, and immediately got busy reviving frack. Once again, I had no idea that the teams behind frack have shifted so much throughout the 40 years. But when is volunteer-driven, I suppose that's what happens. So the Temp Out team was excited to be taking over frack and wanted to make their first issue a big one. It was 2023, and in the seven years before that, there had only been one frack issue released. So a lot of people just thought it was dead. But to show them that it wasn't dead, they wanted to make a physical copy and release it at DEF CON. Yeah, we just thought actually about doing only an online release. We didn't really thought about actually doing a physical release last year until kind of late in the process. And then we were just like, okay, what if we do it? You know, can we do it? Do we have like some budget? Can we like talk to some people? So we were able to raise some funds and we were able to get 500 copies down to Vegas. Yeah, it was a very interesting first experience on logistics because releasing a physical copy of things, it's not as easy as it sounds. Not only you have to actually make the material but the distribution especially at DEFCON Wow Okay so last year you actually reached out to me You were looking for a place to spread them or give them out Yeah, yeah, yeah, yeah. So we had a few of them downstairs, right? And then we were just like, yeah, sure. But we kind of wanted a place more centralized for that. And it was very nice to get some of the copies there at the party at the Dark Nerd Artist Party. People really liked it. And I remember a lot of people were so happy. And I think that's what made me feel very realized. That's why I was like, a lot of people, they looked at it and they looked at it as the most precious thing that I ever touched. They say, yeah, I'm here and I like what I do now because of FRAC 25 years ago, 30 years ago. So that's really very, very nice to hear. It was a special moment for me. I mean, the fact that the FRAC staff came in and started handing out frack magazines at my party. I felt like, man, this is special. This is cool. I feel honored to have been one of the places to spread it because I think you only pick like three or four places to spread out the magazines there. Yeah, correct. Thank you for having us. It was really good. I cherish my copy that I got from you. I wish I got it signed. As soon as I left that night, I was like, oh, no. How did I not get it signed by you? But yeah, that feels like a very special book to own. It's more of a book. It's in my hand here. And my gosh, this thing is heavy. So FRAC 71, I'm just looking through it. It's very text. There's hardly any pictures at all. And I guess that's because you were saying, you know, we weren't even thinking about printing it. And then when you finally got around to printing it, it's like, okay, well, we'll just print the articles. Yeah. Yeah, so editing this is already hard for somebody that doesn't work with it, I guess. But we also keep the style, right? That's what the first thought also. So it's easier because it's less editing, which is already pretty hard, but we keep the plain text style, which a lot of people relate to and really, really like. So Tempout proved themselves to be able to ship and issue a frack. Great. But FRAC started in 1985. So with 2025 coming, it would mark the 40th anniversary of FRAC, which got a lot of people excited to pitch in and help make a great new issue. FRAC 72, because it's marked our 40th anniversary, we all wanted to make something very special. So the initial idea was to go back to the Netherlands to release the magazine there again as a hard copy, where we released the first hard copy 24 years before. But we got enough funding and we got enough community support to then be able to coordinate a release at three different conferences at the same time, which was in Netherland and at DEF CON in Las Vegas and at HOPE in New York City. And then very smaller conferences all around the world. So that was beautiful how the community came together and everybody chipped in some dollars and helped us. The one that I have actually has a DEF CON special edition written on the cover. So were there multiple covers? Yes, we have three different covers. Actually, four. One of them is going to be released later this year. I'd like to add something there. When TMZ says there are four covers, three that are already released, And one of them that will be released at the end of the year, it's because we're going to release the PDF online for everybody to print it at home or print it on a professional print shop and get it shipped to their home address. So FRAC issue 72 was released at DEF CON in 2025, and I was there to get a copy of it. Yeah, this year we turned it up a notch. This year we didn't show up with 500 copies. We turned up with close to 8,000 copies at DEF CON. Most, if not all, articles of FRAC are simply text files. There are no visuals or graphics at all. Well, I should say you can see some ASCII art there, but that's just still text in the shape of a picture. But this 40th anniversary edition, man, does it pop. Every page has a graphic on it, and it's really cool. It feels like a high-quality magazine at this point, and it's bulky and has a ton of articles in it. Yeah, so we got the opportunity to have the wonderful people from Pagedout, which is another magazine as well, to do the graphics for us. I mean, as you know, because you saw it already, it's just mind-blowing. The quality is so, so good. And I remember when I got the confirmation that they would do it, I was so relieved that I didn't have to do it myself because, one, I mean, I know that it's hard for me because I'm not an expert on this. And second, I would never be able to match this quality or nobody, at least, that is in the current staff. And they just, like, it's just incredible. And I think, like, FRAC never looked that good. Yeah. It looks great. Yeah. It feels like you're coming of age, but even 40 years later, and it's, like, looking great. I like that. That makes me excited about the future. Getting it, you said 8,000 copies to DEF CON? Yeah. We had, I think, around 15,000 copies spread amongst those three conferences. Yeah, I mean, gosh, how much does that even weigh? How do you even get that to DEF CON? It's part of the problem as well. First, to solve these issues, we tried to find local printers, right? And it is very, very challenging because the transportation is very costly. So we found a Vegas printer. And I think for DEFCON, that was 10 tons or something of paper. Wow. Yeah. Yeah, so the logistical issue is that you don't only have to deliver it by truck to DEFCON. You also need manpower on the ground to hand carry 10 tons from the loading bay to the registration desk. So all these little details we had to learn and figure out. It was great to see FRAC all over the place at DEF CON this year. People were showing me how excited they were when they got their copy. Some got it signed by the FRAC staff. Some had me sign it for some reason. It was a wonderful time. But what surprised me is that this is such a high-quality magazine, but then thousands of them were given out to everyone just for free? FRAC is for the community always. It's always free. So if somebody tries to sell you a frack, you know that it's not from us. So you're never going to charge for these things? We're never going to charge. No, no. It's so cool having... You're welcome to help us in any way, right? The community is there for this. People can help us with article reviews, with art as well. And the people did, which is very, very nice to see. Like this year, there's a lot of people involved. the artists that draw the time, the covers, for example. So there's several ways that people can help us make this happen. And we do it for them and they do it for the community as well. It's impressive that you're able to make it happen and have such a high quality print magazine here. I mean, this thing is like 100 pages long. It needs to be said that, of course, this thing costs money to print. The printer still wants to be paid. He doesn't do a favor for frack. And so the Defcon print in its own was about 55,000 US dollars. So this is still money that we had to raise from the community. But good thing is that many of our friends who were doing frack with us in the year 2000 and 2001 and who are reading frack with us and who are writing articles for us, Now, 24 years later, they have all made their fortunes. They're running big companies. Some of them are traded on the stock exchange. So these people came back to us, and they were happy to support us financially and help us with this immense cost. The magazine that launched 10,000 cybersecurity careers, huh? Exactly. Well, so that's where we're at today. 40th anniversary. Well, congrats on 40 years of running a thing or keeping it going. And it's so fascinating that it's community-driven, almost like Dread Pirate Roberts, right? His name lives on, but it's not always the same person that lives on, right? And so FRAC continues to live on because the community keeps it going. And the community is as strong as ever now. And I think it's going to grow even further. Yeah. Tell us about the future. Yeah. So I think we really want to keep the community growing. We want to get a little bit better. So every time we do a release, we learn a lot about everything, right? Logistics and article reviewings and project management and all those things. So we're not experts on this. We also have our day jobs and all those things. So we're learning as we go as well. And the community, I think, we want to grow and have more people involved to help us. We have a lot of people that sometimes they say, yeah, I don't have time to write an article this year or something like this. But they do have spare time to help with article reviews. So, for example, this is already a very, very good job. I think in the future, we want to get more people involved. If you want to say in a very brief way, we want to be accessible. Okay, so I got a physical copy, but that's just because I happen to be at the right time and right place. Is there a way to get a physical copy by ordering it? Yes. Like last year, we made it available for self-print at cost, obviously, so we don't profit. And of course, you can print anywhere you want. We have just a recommended printer, whatever. It doesn't really matter because we released the full high-quality PDF as well. So you can print and edit if you want at your own local print shop. And this year is going to be the same. FRAC is currently looking for new articles for their upcoming issue if you've got a new hacking technique or are thinking of researching a specific technology or protocol reach out to the FRAC staff with your draft or even just an idea they are very helpful at giving you feedback to help you draft a great article even if your English is not very good they can help co-author the article with you and of course you can still read every issue of FRAC free of charge at FRAC.org here's to another 40 years of an awesome hacker magazine a big thank you to skyper and tmz for coming on the show and sharing the history and stories of frack it really is looking better than ever and i can't wait to see what they make next in the show notes you'll find links to where you can order a physical copy of issue 72 or just download the pdf and print it at home this show is made by me the packet tickler jack Recider. Editing by the Control-Alt-Delight Tristan Ledger. Mixing by Proximity Sound and our theme music is by the Mysterious Breakmaster Cylinder. I named my dog, Regex. Because nobody understands him. Not even me. This is Darknet Diaries. We'll see you next time.