Earth First! Action Update
Archive of the Earth First! Action Update – the newsletter of the UK EF! network 1991-2012
EFAU 57 - April 1999Back to list of articles in this issue

Fun With Computers On Office Occupations

If before going in to your office you spend a bit of time familiarising yourself with some of the ideas and procedures below you could do quite a bit of 'not immediately noticeable' damage and may even end up with a 'gateway' into their computers for some time to come:

While some of your mates are going through the desk diary, the filing cabinets and the drawers it may be worth you taking a look at the beige box with a telly on it in the corner of the desk.

Before you decide what best action to take you have to have a browse around the PC. If the computer is off, switch it on. The computer may appear to end its starting procedure with a logon box. Many systems save the username of the last person to use the computer in this box, write this name down, if the user has e-mail it can probably be worked out using this username@whatever.co.uk (alternatively find the persons calling card). E-mail addresses are handy to have as viruses and hacking tools can be sent to the unwitting user at a later date. You may try a couple of passwords (look for obscure things written on post-it notes) This probably won't work and after a few tries it will tell you that you are locked out of the network. Just accept this and click cancel until the computer seems to be running.

If the computer is already on then open the Windows Explorer and check out how many drives there are. If there are more than 4 drives then you are probably already attached to the network. The following assumes that Windows 95 or 98 is installed but probably applies to Windows NT too.

Re-formatting

This is quite un-subtle and may cause the least damage of all. In any fair sized company most data will be either stored on a file server or backed up nightly. Having said that most users are crap at doing this (especially those at the top of organisations). If there appears to be no network attachment then this may well be your best option. To format the disk select Start menu - shutdown - restart computer in MSdos mode. When you get the C:\> Prompt type format c: /u

Repartitioning

If you're going to re-format a hard disk then you may as well repartition it too. Repartitioning a drive just makes it a bit harder to recover any data than a simple format. Get to the C:\> prompt. stick a floppy disk in and type sys a: then type copy c:= \windows\command\fdisk.* a: if no file is found then type copy c:\dos\fdisk.* a:. Then format as above. Reboot the PC with the floppy disk in the machine. Type fdisk. Then delete all partitions, reboot again type fdisk again and create 2 or 3 new partitions.

Delete Files

Deleting files on the hard disk in the machine is pretty simple. Highlight the files you want to delete. Select lots by holding the Shift or control key down as you click (experiment with this). Before you press the delete key hold down the shift Key. Do not release the shift key until the confirm file delete box comes up. If you don't hold shift down the files will only go to the recycle bin. After deleting you may as well empty the recycle bin. Click on the recycle bin and choose empty recycle bin from the file menu. To make absolutely sure that the data can't be recovered install a Disk cleanup utility (http://www.execpc.com/~sbd/CleanUp.html) and totally wipe the free space. This is a small utility that will easily fit on a floppy disk. Using this utility makes it almost impossible to recover data, it is much more effective then simply formatting a disk. Deleting files from a network drive is pretty similar. Once you've deleted something go to Start menu - Run type command. then change to the drive that you have deleted from by typing the drive letter followed by a colon (e.g. u:) then type cd/ and then type purge * /a on most networks this will ensure that files are completely deleted.

Changing Files

This is pretty obvious really, rather than deleting files that could possibly be restored from backup, try changing files instead. Arguably the best thing to do is a search for spreadsheet files (*.xls or *.wk*). Find them using the Start menu - Find. stick *.xls, *.wk* in the Named box. Then sort them by modified date by clicking on the modified label, double click on the most recently modified file or one that looks like it may contain important financial information (big files are best). Then simply change the odd number here and there. It may be a long time before they realise the error, and will mean that they have to do a lot of checking throughout that file to look for other errors. They probably won't be able to restore from back-up as they may not know when the change occurred (it may not be discovered for months) and even if they know when the changes were made other parts of the spreadsheet may have been updated since then making a restore from backup impractical.

Inserting A Virus

Before inserting a virus take a look at the properties of any running virus detection program. Next to the clock on the bottom right of the screen there will probably be some small icon indicating that an anti-virus program is running. Double click on it and take a look at the properties. What you have to try and do is to stop the anti-virus program from scanning files but not stop it running. Uncheck any boxes like scan files on Run, copy etc. You may be able to stop it from scanning (exclude) whole disk drives. Viruses that you have brought in will probably be detected so you want to stop the computer from scanning files but make it look like it is still running properly. If you can't do this then you may have to disable the virus protection. This may be discovered earlier.

Macro Viruses

If your virus is a Word virus then before you insert it you must disable Word's own virus protection. Open Word, open Tools - options and click on the General tab. Uncheck the macro virus protection box (do the same in Excel if your virus is in an .XLS file). Now try inserting your virus by either running the program or opening the document. If the virus protection on the machine finds it and you have the option to exclude this virus from the virus list then do so. If not then you will have to disable the anti-virus program. First look at the virus programs properties (as above) and stop it from loading on startup (if that option exists) next close down the icon near the clock in the bottom right of the screen. Then open Windows Explorer and check out what is in C:\windows\start menu\programs\startup. If there is an icon there that looks like it is an anti-virus program delete it. Next go to Start menu - Run. Type sysedit. Look at the win.ini file (within the sysedit box), right near the top of this file there should be two lines that start Load & Run, delete anything that looks like it is anti-virus related on these lines. Next look at the autoexec.bat file (again in the sysedit box) and again delete anything that looks virus related. Now close the sysedit window. Viruses are available for download (zipped up) from www.geocities.com/Baja/2846/ (do a web search for others)

Hacking Tools - for the more computer literate occupier

Back Orifice is a tool that can be downloaded from http://www.toxyn.org/ or http://www.cultdeadcow.com/. This program will give you remote control of the computer if it is attached to the internet. You will be able to change, read and delete files remotely and even randomly make their computer play wav files or shut down from the comfort of your local internet cafe. Back orifice is detected by most anti-virus programs so the host computer must be prepared following the instructions above and the IP address must be noted.

Learn what to do before the occupation. - If you take notes on an occupation then they'll know what to look for. And you'll probably get trashed in court.