Hubbry Logo
PhrackPhrackMain
Open search
Phrack
Community hub
Phrack
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Phrack
Phrack
Phrack
View on Wikipedia
from Wikipedia

Phrack
The introduction to Phrack, issue 1
EditorThe Phrack Staff
Former editorsTaran King
Cheap Shades
Knight Lightning
Shooting Shark
Elric of Imrryr
Crimson Death
Dispater
Erik Bloodaxe
Voyager
daemon9/route
Phrackstaff
Circle of the Lost Hackers
The Phrack Staff
Phrack Staff
CategoriesHacking/computer science, phreaking
FrequencyNo set frequency
First issueNovember 17, 1985
Based inWorldwide
LanguageEnglish
Websitephrack.org
ISSN1068-1035

Phrack is an e-zine written by and for hackers, first published on November 17, 1985.[1] It has a wide circulation which includes both hackers and computer security professionals.[2]

Originally covering subjects related to phreaking, anarchy, and cracking,[1] its articles now also cover a wide range of topics including cyber security, physical security, hacking, cryptography, counter culture, and international news.

Phrack has been described as having "its finger on the pulse of hacker culture",[3] and being "hugely influential in the early days of hacker culture".[4]

The magazine is run and published by a team of international volunteers and security professionals. It is available for free.

Publications

[edit]

E-Zine Releases

[edit]

Issues of Phrack are divided in volumes, covering one or more years of publication. Phrack's latest issue is #72.

Volume Year Issues Editors
01 1985-86 #1 to #9 Taran King
Cheap Shades
02 1987-88 #10 to #24 Taran King
Knight Lightning
Shooting Shark
Elric of Imrryr
Crimson Death
03 1989-91 #25 to #36 Taran King
Crimson Death
Dispater
04 1992-93 #37 to #44 Dispater
Erik Bloodaxe
05-06 1994-95 #45 to #47 Erik Bloodaxe
07 1996-97 #48 to #51 Voyager
daemon9/route
08-10 1998-00 #52 to #56 route
11 2001-05 #57 to #63 Phrackstaff
12-13 2007-09 #64 to #66 The Circle of Lost Hackers
14-16 2010-21 #67 to #70 The Phrack Staff
17 2024- #71 to #72 Phrack Staff

Hardcopy Releases

[edit]
Phrack #63 Release Party at WTH 2005

So far, there have been five major hardcopy releases and various smaller "special edition" hardcopy releases.

Each major hardcopy release contains most (but not all) articles of the e-zine release. The printed edition is always released at hacker conferences/camps and always for free and usually a few days before the online release.

Occasionally, Phrack releases a "special edition" hardcopy as well. These are smaller editions, containing three classic articles, three rejected articles (also known as "Off The Record" articles), and three articles from the upcoming release.

Issue Year Place Front Cover
57 2001 Hackers At Large
(The Netherlands)
62 2004 RuxCon
(Australia)
63 2005 What the Hack
(The Netherlands)
71 2024 DefCon 32
72 2025 WHY (The Netherlands)
DefCon 33 (Las Vegas)
HOPE (New York)

History

[edit]
Phrack mascot used on merchandise.

Phrack, first released on November 17, 1985, takes its name from the words "phreak" and "hack".[5] The founding editors of the magazine, known by the pseudonyms "Taran King" and "Knight Lightning", edited most of the first thirty editions.[6] Editions were originally released onto the Metal Shop bulletin board system, where Taran King was a sysop,[1] and widely mirrored by other boards.[5] Its headquarters was in Austin, Texas.

During its first ten years of publication, Phrack was largely associated with telecommunications fraud, providing material for phreakers and information about arrests in the community through its Phrack World News feature articles.[7] Along with the release of articles such as "Smashing The Stack For Fun And Profit" and the editorship of daemon9/route in 1996, Phrack's orientation shifted toward computer security and its focus drew closer to the current definition of hacking (Cybersecurity).

Arrest of Knight Lightning

[edit]
Main article: Operation Sundevil

The 24th issue of Phrack, released February 1989, included a document relating to the workings of Enhanced 911 emergency response systems.[8] This was an administrative document describing which parts of the organization are responsible for what parts of the E911 system.[9] It had been copied from a BellSouth computer and played a major part in a series of Secret Service raids called Operation Sundevil and is featured in Bruce Sterling's book The Hacker Crackdown. Phrack's editor, Knight Lightning, was arrested and charged with access device fraud and transportation of stolen property.[9] The proceedings which ensued are known formally as United States v. Riggs, named for Knight Lightning's co-defendant Robert Riggs.

The Electronic Frontier Foundation filed an amicus brief supporting Knight Lightning, and helped to get the case dropped[10][11] by introducing a witness who showed that Bellcore was selling more detailed documentation to the E911 system for as little as $13 to anyone who asked. The E911 document had initially been valued by the prosecution at almost $80,000.[12] The case was then dropped.[9]

Pre-2000

[edit]

After the arrest of Knight Lightning, and the shutdown of Phrack by the US Secret Service in late December 1989 a few weeks after issue #30 was released, some attempts were made to resurrect Phrack under the editorship of Doc Holiday and Crimson Death. However, the lack of consent from the original editor to accept this Phrack Classic led to a new editorship for issue #33 by Dispater under the name Diet Phrack until issue #41.

Issue #42 was released under the editorship of Erik Bloodaxe in 1992. In September 1994, the first Phrack website appeared with release #46, containing all of the files from the previous issues.

With the growing use of the Internet and interest in computer security, from 1996 Phrack became increasingly oriented toward computer security. The editorship was handed to route along with voyager until 2000 (release #56). During this period, the Phrack website was defaced several times and the magazine was often unavailable.[13]

2000-2006

[edit]
Phrack logo used on Phrack's website.

Since 2001 Phrack has been edited under the alias Phrackstaff.

In 2005, it was announced that the current staff would retire, with the 63rd issue being its last release. A new leadership was expected to start releasing sometime in 2006/2007.

To commemorate Phrack's final appearance, the 63rd issue was to be a hardback edition, released simultaneously at the DEF CON and What the Hack conventions on the 29th July 2005. An e-zine version of the release followed on a few days thereafter. The printer for the hardcopies of Phrack to be distributed at Defcon refused to fulfil the order once they realized that they were printing a hacking book. Two University of Arizona students filled the gap and printed between 100 and 200 copies of Phrack 63 in time for release at Defcon 13. The copies of Phrack 63 distributed at Defcon 13 are each stamped with a "serial" number on the inside of the last page. It is believed that there were 100 numbered copies of Phrack 63 distributed at Defcon. All copies were hand cut and bound; unnumbered copies may be unreleased "extras", or may have cutting errors that meant they were deemed them unfit for distribution.[citation needed]

2007-2009

[edit]

Issue 63 told readers to "expect a new release",[14] and on May 27, 2007, issue 64 was released by a new board of editors who called themselves "The Circle of Lost Hackers" (TCLH).[15] It consisted of a few old staff members and mostly new members. TCLH released four issues up until #66, released on June 11, 2009.

2010-2023

[edit]

The editorship passed to a new staff who did four releases. The magazine declined in popularity. In 2023, the existing staff contacted many ancient staff members (all the way back to 1995: Route, Skyper, Grugq, Mayhem, ...) to discuss to continuation of Phrack or to shut it down for good.

It was decided to find a new editorial staff and to keep Phrack going. A new team was found. Some of the ancient staff joined as advisors.

2024 onwards

[edit]
Phrack #71 release at DefCon 32

Issue #71 was released as a hardcopy and an eZine on the 19th of August 2024.

Issue #72 marked the 40th anniversary of the magazine and was celebrated with a massive release of around 15,000 printed editions and distributed (for free) at multiple hacker conferences around the world.

Content

[edit]

Phrack issues are released irregularly, and the issues are grouped into volumes. Each issue comprises a number of Philes: Stand-alone text files of technical or counter-cultural content. Philes are submitted by members of the hacker underground community, and are reviewed by the editors for publication.

In addition to technical articles, Phrack also provides a focus for news and gossip among the hacker community.[3]

At the 1990 National Computer Security Conference, Sheldon Zenner and Dorothy Denning suggested that Phrack articles contain the same factual content found in other computer and security magazines, but differed in tone.[16]

Notable articles

[edit]

Phrack is especially popular due to the high technical standard of its releases compared to other cybersecurity publications and has made its reputation from a number of high-quality articles.

  • "\/\The Conscience of a Hacker/\/"[17] (aka the Hacker Manifesto), written by The Mentor has been an inspiration to young hackers since the 1980s, it was published in the 7th issue of Phrack.
  • "Smashing The Stack For Fun And Profit",[18] written by Aleph One, published in issue 49, is the "classic paper"[19] on stack buffer overflows, partly responsible for popularizing the vulnerability.[20]
  • "The Art of Scanning", written by Fyodor, published September 1, 1997 in Issue 51 introduced the nmap Internet scanning tool.[21]
  • "Vudo Malloc Tricks",[22] written by MaXX and "Once Upon a free()",[23] were both published in Issue 57.

Regular features

[edit]

Several regular columns are present in most issues of Phrack, such as:

  • Prophile - a profile of an influential individual from the hacking underground.
  • Linenoise - a collection of smaller, often more practical articles.
  • Loopback - answers to emails received by the Phrack staff.
  • Phrack World News - a compilation of reports on the latest counter-culture events.
  • International Scenes - a compilation of testimonies from hackers around the world focusing on national and international activities.

Challenge Coin

[edit]
Phrack Challenge Coin

In 2025, a limited edition of fifty golden "Challenge Coins" were created. These coins are given exclusively to past and future authors.

The engraving on the rim reads: "I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all..."

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Phrack

View on Grokipedia
from Grokipedia

Phrack is an underground electronic magazine dedicated to hacking, phreaking, and computer security, founded in November 1985 by pseudonymous editors Taran King and Knight Lightning.
Initially distributed via bulletin board systems (BBS), Phrack evolved into a digital publication that has endured for over 40 years, irregularly releasing issues containing technical papers, exploits, and cultural commentary from the hacker community.
The magazine profoundly influenced early hacker culture by disseminating knowledge on system vulnerabilities, telecommunications manipulation, and programming techniques, establishing it as a foundational resource for ethical and illicit explorers alike.
A defining controversy arose in 1989 when Phrack published the "Control Office Administration of Enhanced 911 Service" document in Issue 24, detailing emergency telephone system operations; this led to the arrest and indictment of Knight Lightning (Craig Neidorf) on charges of wire fraud and computer fraud under the Computer Fraud and Abuse Act, though he was acquitted after trial, revealing prosecutorial overreach in valuing publicly sourced information at nearly $80,000.
Phrack's commitment to unfiltered technical disclosure has positioned it as a symbol of hacker autonomy, continuing to publish amid evolving digital landscapes despite intermittent hiatuses and legal scrutiny.

Origins and Early Development

Founding and Initial Issues (1985–1987)

Phrack was founded on November 17, 1985, by Taran King, a pseudonymous editor and of the Metal Shop Private BBS, as an electronic newsletter dedicated to sharing knowledge among telephone phreaks and early computer hackers. The inaugural issue, distributed via systems (BBS) accessible to enthusiasts in underground telecommunications communities, included Taran King's introduction to "Phrack Inc.," an article on SAM security by Spitfire Hacker, and a piece on boot tracing for Apple computers by Cheap Shades, emphasizing practical techniques for exploring phone systems and basic intrusions without commercial or institutional support. Initial issues from 1985 to maintained a focus on raw, unfiltered technical explorations, such as methods for manipulating tone-based signaling in analog telephone networks and rudimentary "kracking" approaches to unauthorized system access, alongside anarchy-inspired content reflecting the exploratory ethos of participants. Distribution occurred exclusively through elite-access BBS networks, relying on word-of-mouth recommendations within circles to build readership, as Phrack operated as a volunteer-driven, non-monetized prioritizing firsthand technical insights over mainstream or sanitized accounts. By , this organic dissemination had solidified Phrack's reputation as a cornerstone resource for self-taught practitioners, with issues like Volume One, Issue Seven (September 25, 1986) featuring pro-files of figures such as Scan Man and manifestos articulating the mindset. The 's growth stemmed from its commitment to verifiable, replicable methods shared directly by contributors, fostering a unbound by formal oversight.

Evolution of Format and Distribution

Phrack commenced publication on November 17, 1985, as a series of plain-text "philes" aggregated into Issue 1, primarily distributed via the Metal Shop Private BBS in , operated by Taran King under the . This initial format emphasized simplicity, with content structured as sequential files lacking formal pagination but including basic headers for articles, intros, and credits, all in ASCII to accommodate the constraints of early personal computers and transfers. Contributors adopted pseudonyms such as Knight Lightning (Craig Neidorf) from the outset to shield identities from authorities scrutinizing and hacking discussions, a practice rooted in the decentralized nature of BBS culture that prioritized operational security over attribution. By mid-1986, as Issues 2 through 5 emerged roughly quarterly, the format evolved to incorporate rudimentary indices listing philes by number, title, and author pseudonym within each volume, facilitating easier navigation amid growing issue lengths—typically 5 to 10 files totaling under 50 KB to fit dial-up download limits. Distribution expanded through sysop-to-sysop across interconnected BBS networks, where elite boards like Metal Shop would upload new releases for validated users, leveraging 1200-baud modems for global access despite intermittent connectivity and long wait times for file queues. Early challenges encompassed severe bandwidth restrictions, often necessitating physical swaps at meets or via postal mail among trusted circles, as digital transfers could span hours and were prone to interruptions from phone line or carrier dropouts. This adaptation sustained Phrack's underground readership, which burgeoned from local phreaks to international enthusiasts by , as structured releases encouraged contributions and mirrored the self-organizing ethos of pre-Internet communities reliant on voluntary node operators rather than centralized servers. The pseudonym-driven model not only evaded traceability but also fostered a merit-based exchange, where technical prowess trumped personal fame, though it occasionally led to disputes over authorship in tightly knit circles.

Publication History

Digital E-Zine Releases

Phrack has disseminated its content primarily through digital electronic (e-zine) formats since its founding in November 1985, prioritizing free online availability to facilitate broad dissemination of hacking knowledge and techniques. Over 70 issues have been released digitally as of 2025, with distribution occurring via early methods like floppy disks and systems (BBS) before transitioning to internet-hosted files. This model has enabled global access without financial or physical barriers, aligning with the publication's ethos of sharing technical insights among hackers and security researchers. Release schedules remain irregular, governed by contributor submissions and editorial cycles rather than commercial timetables, allowing focus on quality over frequency—issues typically emerge every 1–3 years in recent decades. The official website, phrack.org, has hosted and archived all digital issues since the , ensuring perpetual, no-cost access to the complete collection, including Issue #72 published on August 19, 2025. This archival approach preserves the zine's historical value while supporting ongoing community engagement. Early issues employed plain ASCII text formatting for broad compatibility with text-based terminals and early digital sharing platforms, emphasizing readable, copy-pasteable code and explanations. By the , formats evolved to include HTML-rendered versions alongside raw text, accommodating web browsers while retaining substantive technical depth and avoiding reliance on or elements that could hinder accessibility. This progression maintained Phrack's commitment to platform-agnostic distribution, prioritizing content utility for practitioners over aesthetic enhancements. The first physical print edition of Phrack was Issue 57, released at the HAL 2001 hacker conference in the . This marked an initial effort to produce tangible copies for event attendees, diverging from the publication's primary digital distribution via bulletin board systems and later the . Subsequent editions followed suit, with Issue 62 appearing in at Ruxcon 2004 in , , limited to conference distribution. These releases emphasized archival value over commercial viability, catering to collectors within the hacker community rather than broad retail sales. Hardcover compilations, such as those for Issues 62 and 63, were produced in small runs by Phrack staff or affiliates, often as premium items for dedicated readers. Issue 63's edition, documented in publicly available PDF scans, exemplifies the format's focus on preserving content in a durable, physical medium. Circulation remained exceedingly low, with copies typically handed out exclusively at underground events, reinforcing Phrack's resistance to mainstream commodification and its identity as a digital-native . Later print efforts, including Issue 71 funded through community donations explicitly for physical production, continued this pattern of event-tied, enthusiast-driven releases. In 2025, Issue 72's limited hardcopy edition was distributed at global conferences starting August 8, underscoring the ongoing preference for scarcity to maintain cultural significance among insiders. These physical manifestations, while rare, serve as artifacts bridging the ephemeral online hacker ethos with tangible preservation, without pursuing mass-market appeal or official merchandising. Empirical evidence from attendee reports and secondary markets indicates print runs in the dozens or low hundreds per issue, far below digital readership figures.

Key Historical Events

The Knight Lightning Arrest and E911 Controversy (1990)

In February 1989, Phrack Issue 24 published an edited version of the "Control Office Administration of Service" document, detailing the operational procedures for BellSouth's E911 routing system, which had been accessed without authorization by Robert T. Riggs (known as ) from a BellSouth computer in 1988. The publication, edited by Phrack co-editor Craig Neidorf (Knight Lightning), aimed to expose technical details of the system, including vulnerabilities in its administration, but prosecutors later alleged it constituted interstate transportation of stolen property valued at approximately $79,000, despite evidence that substantially similar information appeared in publicly available BellSouth training manuals sold for $13. Neidorf, a 20-year-old student at the time, was indicted on January 5, 1990, in federal court alongside Riggs on charges including wire fraud under 18 U.S.C. § 1343 and violations of the (CFAA), facing potential penalties of up to 31 years in prison and $122,000 in fines. The trial, commencing on July 24, 1990, in the U.S. District Court for the Northern District of Illinois, exemplified prosecutorial overreach, as the government's case rested on inflated claims of the document's proprietary value and secrecy, ignoring its partial public availability and the absence of any intent to profit or damage infrastructure. After the prosecution rested on July 27 without presenting evidence of actual harm or of trade secrets—key elements under the statutes invoked—the judge granted a defense motion for , dismissing all charges against Neidorf, while Riggs pleaded guilty to lesser wire fraud counts in a separate proceeding and received a one-year sentence. The outcome underscored the CFAA's early application risks, where mere dissemination of technical information was equated with absent demonstrable economic loss or malicious use, a stance later critiqued for chilling legitimate vulnerability research. Neidorf incurred over $100,000 in legal defense costs, funded partly through hacker community donations, highlighting the financial asymmetry in such prosecutions. The E911 controversy prompted an immediate halt to Phrack's operations following Issue 30's release in December 1989, as U.S. Secret Service actions under targeted Neidorf and associated systems, seizing equipment and subscriber lists in a broader crackdown on publications. Despite this intervention, Phrack resumed with Issue 31 in April 1990 under new stewardship, demonstrating the decentralized nature of underground networks, where editorial control shifted without centralized points of failure, allowing continuation amid legal pressures. This resilience contrasted with authorities' expectations of suppression, as the neutralized narratives framing such disclosures as inherently criminal.

Expansion and Challenges in the 1990s

Following the legal fallout from the E911 document publication and the prosecution of editor Craig Neidorf (pseudonym Knight Lightning), Phrack experienced a brief hiatus but resumed publication in November 1990 with Issue 32 under the editorship of Crimson Death, marking a deliberate resurgence aimed at documenting the evolving landscape of the decade. This revival emphasized operational continuity amid heightened federal scrutiny, with subsequent issues like 33 (September 1991, edited by Dispater) adopting a more cautious "Diet Phrack" format through Issue 41 to minimize legal exposure while sustaining technical discourse. By Issue 42 in March 1993, Erik Bloodaxe (pseudonym for Chris Goggans) assumed editorial duties, reflecting internal shifts toward pseudonymous leadership to shield contributors from prosecution risks under the expanding interpretations of the (CFAA), originally enacted in 1986 but increasingly applied to information dissemination. As telephone diminished in prominence with the maturation of digital switching systems, Phrack's content expanded into Unix cracking techniques and early network intrusions, aligning with the mid-1990s surge in adoption—from approximately 16 million users in 1995 to over 36 million by 1999—and the proliferation of TCP/IP-based vulnerabilities. Issues 25 through 50, spanning late 1989 to 1995, incorporated articles on stack smashing exploits and remote access methods, such as those detailed in Issue 49's "Smashing the Stack for Fun and Profit," which analyzed mechanics in Unix environments without endorsing illicit use. Editorial policies encouraged pseudonyms for authors—evident in greetz sections and bylines like Dispater and Voyager—to mitigate traceability, a pragmatic adaptation to CFAA enforcement actions that had targeted identifiable figures post-1990. The decade's challenges included persistent law enforcement monitoring and internal debates over sustainability, yet Phrack fostered informal ties with emerging hacker gatherings like , which debuted in June 1993 and provided neutral venues for knowledge exchange without Phrack assuming any organizational role. This community influence supported Phrack's distribution growth via FTP mirrors and, by September 1994 with Issue 46, its first dedicated website, facilitating broader access amid BBS decline and prefiguring digital e-zine norms. Such adaptations ensured Phrack's endurance as a technical archive, prioritizing verifiable exploit methodologies over advocacy, even as CFAA amendments in 1994 and 1996 broadened penalties for unauthorized access.

Post-2000 Revival and Continuation

After issue 56 in early 2000, Phrack entered a hiatus before resuming with issue 60, released on December 28, 2002, which featured technical articles on , escapes, and other exploitation methods relevant to emerging web and system vulnerabilities. This revival emphasized peer-reviewed, in-depth analyses amid the rise of online forums and blogs, sustaining Phrack's niche through sporadic, high-quality output rather than frequent updates. Further releases followed irregularly, including issue 64 on May 27, 2007, which included examinations of international underground scenes and historical reflections on , adapting content to address propagation and flaws in a boom era. These issues prioritized empirical demonstrations of vulnerabilities, such as code snippets for verifiable replication, over speculative narratives, distinguishing Phrack from contemporaneous hype-driven discourse. Distribution evolved to a web-centric model via phrack.org, with archives hosted digitally to facilitate global access without costs. The operation remained volunteer-driven, eschewing advertisements and relying on editorial staff and reader contributions for maintenance, thereby avoiding commercial influences that plagued similar publications. This structure enabled persistence despite legal pressures from laws, as content focused on explanatory technical exposition supported by and proofs-of-concept, minimizing risks associated with direct tool dissemination.

Recent Developments and 40th Anniversary (2020s)

In August 2025, Phrack released Issue #72, commemorating the publication's 40th anniversary since its founding in , with a global rollout at major hacking conferences including 33 in , WHY2025 in , and the HOPE conference in . The edition, dated August 19, 2025, featured 16 main articles and 8 contributions under the "Linenoise" section, distributed in 15,000 free physical copies alongside digital availability, accompanied by release parties offering 500 liters of and snacks to foster community engagement. The anniversary issue underscored Phrack's persistence as an independent platform amid increasing state-sponsored cyber operations, including analyses of advanced persistent threats (APTs) attributed to actors like , hardware reverse-engineering techniques, and critiques of modern underground dynamics. At 33, contributors presented on "40 Years of Phrack: Hacking, Zines & Digital ," emphasizing the magazine's role in preserving unfiltered hacker knowledge against corporate and governmental co-optation, while highlighting zine culture's value in chronicling technical dissent outside mainstream channels. This affirmed Phrack's adaptation to challenges, such as encrypted communications and supply-chain vulnerabilities, without reliance on institutional funding, maintaining its focus on raw, peer-validated over sanitized narratives prevalent in commercial publications. The effort involved coordination across international events to evade single-point disruptions, reflecting a deliberate for resilience in an era of heightened and platform dependencies.

Content Structure and Features

Notable Technical Articles and Exploits

Phrack's early issues emphasized techniques, including blue boxing, which exploited multi-frequency tones to seize control of telephone trunk lines and place toll-free calls by emulating operator signaling. Issue 1, published November 17, 1985, introduced foundational methods such as generating 2600 Hz tones to access signaling, enabling unauthorized long-distance routing through electromechanical switches like the 4A crossbar system. These guides detailed hardware constructions, like tone generators using oscillators and filters, and demonstrated empirical success in bypassing billing via specific MF tone sequences (e.g., KP + ST for seize and release). In the , Phrack shifted toward exploits, with issue 49's "Smashing the Stack for Fun and Profit" by Aleph One on November 8, 1996, providing a step-by-step exposition of stack-based buffer overflows in C programs on systems. The article explained overflow mechanics—where excessive input overwrites return addresses on the stack—via assembly code examples, such as crafting to redirect execution to /bin/sh and bypassing non-executable stack protections through return-to-libc precursors. This work empirically validated exploits against vulnerable binaries, influencing tools like and defenses like stack canaries, with verifiable code snippets achieving root access on and x86 architectures. Telco-focused technical disclosures included issue 24's "Control Office Administration of Enhanced 911 Service" on February 25, 1989, which outlined E911 system architecture, including Automatic Location Identification (ALI) databases, Selective Routing (SR) tandem switches, and PSAP interconnections using SS7 protocols for call routing. The document exposed administrative interfaces vulnerable to unauthorized queries, such as tandem access codes for database manipulation, causally linking these revelations to subsequent telco hardening like encrypted ANI/ALI transmissions. Later articles advanced kernel and application exploits, such as issue 64's "Attacking the Core" on May 27, 2007, which dissected kernel-level vulnerabilities across , UltraSPARC, and AMD64, including via slab allocators and bypassing PaX/Grsecurity mitigations through (ROP) chains. Empirical demonstrations targeted and Solaris, showing reliable with payloads evading address randomization. More recently, issue 70's "Exploiting Logic Bugs in JavaScript JIT Engines" on October 5, 2021, analyzed CVE-2018-17463 in V8, using auditing to craft type confusion primitives for arbitrary read/write, validated through and JIT optimization flaws leading to sandbox escape.

Regular Features and Columns

Phrack issues consistently featured , a column aggregating reports on hacking incidents, developments, and related events worldwide, such as telephone company stings or computer worms, often compiled by staff including Knight Lightning and Taran King from as early as Issue 2 in 1986. This section functioned as a centralized update mechanism, drawing from scene rumors and public disclosures to inform readers of ongoing threats and activities. Editorial introductions, typically authored by editors like Taran King, prefaced issues by contextualizing content themes, submission calls, or publication milestones, as seen in the inaugural Issue 1 on November 17, 1985. These pieces maintained editorial oversight while signaling Phrack's commitment to technical and cultural discourse within the hacker community. Prophiles (or Pro-Philes) provided concise biographical sketches of prominent figures, detailing their handles, contributions, and influences, such as profiles on Shooting Shark in Issue 33 (September 15, 1991) or xerub in Issue 70 (October 5, 2021). This recurring feature highlighted key individuals without delving into one-time exploits, fostering recognition of underground expertise. The Phrack Loopback column, introduced in Issue 33, served as an interactive forum akin to letters to the editor, enabling readers to submit questions, discuss challenges, or debate topics relevant to hacking practices. To encourage diverse input, Phrack adopted a submission policy permitting anonymous or pseudonymous articles, ensuring contributor identities remained protected and broadening participation beyond identifiable authors, as explicitly stated in announcements for issues like #50 (April 9, 1997). Many issues incorporated front- or back-matter indices listing articles, authors, and sections by number, facilitating archival and distinguishing Phrack's structured format from transient online posts.

Evolution of Topics from to Modern Hacking

Phrack's inaugural issues in the mid-1980s centered on techniques targeting analog telephone networks, such as generating multifrequency tones to bypass billing systems in AT&T's Ma Bell infrastructure. This focus aligned with the era's dominant paradigm, where physical and tonal manipulations enabled unauthorized access to long-distance services. The prominence of such phreaking content waned as telephone systems digitized following the 1984 divestiture and the adoption of VoIP protocols from the late onward, rendering many analog exploits obsolete due to encrypted signaling and packet-switched architectures. Analysis of early Phrack volumes shows a sharp decline in telco fraud articles by the late 1980s, attributed to heightened carrier security measures and actions like busts in 1987, with sampled issues from 14 to 27 containing few to none compared to multiple per issue in volumes 1-10. By the , coverage pivoted to intrusions and early software vulnerabilities, mirroring the expansion of TCP/IP-based systems and Unix workstations. Into the 2000s, Phrack emphasized software exploit development, including buffer overflows, (ROP), and vulnerability scanning tools, as proliferation exposed widespread flaws in operating systems and applications. This era's articles documented causal pathways from input validation errors to remote code execution, prioritizing reproducible technical dissections over speculative threats. From the , topics broadened to encompass implementations, such as white-box cryptography resistance techniques in Issue 68 (2012), and hardware-level analyses like CPU backdoors in Issue 72 (2025). Vulnerability research extended to embedded systems, exploits, and cloud infrastructure, reflecting adaptations to persistence, side-channel leaks, and realities, while maintaining a commitment to empirical method disclosure absent ideological framing.

Government Prosecutions and Free Speech Debates

In February 1990, Phrack editor Craig Neidorf, under the pseudonym Knight Lightning, published excerpts from the "E911 Document" in issue 24, detailing operational procedures for the emergency dispatch system used by carriers. The U.S. Department of Justice indicted Neidorf on seven counts, including wire fraud under 18 U.S.C. § 1343 and , alleging that the document—obtained via unauthorized access by "" from employee Robert T. Riggs—constituted stolen proprietary property valued at approximately $79,449.99, and that its dissemination in Phrack facilitated further computer intrusions. The trial, United States v. Neidorf, began on July 23, 1990, in the U.S. District Court for the Northern District of Illinois, where prosecutors invoked the recently amended (CFAA, 18 U.S.C. § 1030) to frame publication as interstate transportation of stolen goods. Defense attorneys, led by Sheldon Zenner, demonstrated through witness testimony and exhibits that core elements of the E911 procedures were already publicly accessible via Act requests to entities like the Public Service Commission for as little as $13.50, directly contradicting claims of exclusivity and economic harm. The judge dismissed all charges against Neidorf on July 27, 1990, after the prosecution rested its case, citing insufficient evidence to support the theft narrative and exposing prosecutorial reliance on inflated valuations without causal links to actual system compromises. This prosecution ignited debates over First Amendment applicability to technical disclosures, with Neidorf's legal team arguing that Phrack's role mirrored journalistic reporting on public-interest vulnerabilities, protected as speech unless proven to incite imminent lawless action per (1969). Organizations like the contended that criminalizing such publications risked chilling legitimate security research, as no empirical evidence emerged of E911 disruptions attributable to Phrack's article; instead, carriers independently audited and fortified procedures post-publication, yielding improvements without net harm. Critics of the government's approach, including legal scholars, highlighted CFAA's vagueness in post-1990 applications as enabling suppression of dissent by equating information sharing with complicity in access crimes, often prioritizing agency narratives over verifiable damage causation. Subsequent CFAA enforcement against hackers whose methods echoed Phrack-documented techniques, such as Mitnick's repeated arrests for intrusions chronicled in Phrack news sections (e.g., his guilty plea to possessing unauthorized access codes), underscored proportionality concerns, where statutes designed for targeted were stretched to encompass exploratory activities lacking direct victim losses. While Phrack itself faced no further direct indictments, the Neidorf precedent illustrated how evidentiary thresholds could falter under security imperatives, fostering skepticism toward prosecutorial incentives that amplify threats to bolster institutional authority absent rigorous harm quantification.

Criticisms of Promoting Illicit Activities

Critics within and the field have argued that Phrack promotes illicit activities by disseminating detailed technical guides on exploiting vulnerabilities, thereby equipping potential intruders with actionable knowledge for unauthorized access. For example, publications like the network sniffer in issue 50 () drew criticism from professionals for "giving away" tools that could facilitate and further intrusions without sufficient caveats for defensive use. Media coverage has often portrayed Phrack as glorifying , highlighting its role in fostering an underground ethos that challenges institutional authority through manifestos and exploit tutorials, such as "Smashing the Stack for Fun and Profit" in issue 49 (1996), which provided step-by-step instructions on buffer overflows potentially usable by novices for malicious ends. These accusations persist despite Phrack's explicit disclaimers against illegal conduct and the absence of documented cases where its articles directly caused major breaches; disclosed methods, including early stack-smashing techniques, largely became obsolete as vendors implemented mitigations like non-executable stacks and address randomization in response to the raised awareness.

Debates on Ethical Hacking vs. Criminality

The publication of technical articles in Phrack has sparked ongoing philosophical debates distinguishing exploratory access—driven by curiosity and knowledge-sharing—from actions motivated by malice or profit, with proponents arguing that intent, not method, defines ethics. Adherents to the traditional , as articulated in Phrack's early issues, maintain that unauthorized system probing without damage or data theft serves educational purposes, fostering broader improvements by democratizing technical understanding. For instance, the "Hacker's Manifesto" published in Phrack Issue 7 () posits hacking as a non-criminal pursuit of , equating societal condemnation of it to overlooking larger injustices, provided no harm occurs. This view privileges first-principles reasoning: systems exist to be understood, and barriers to information hinder progress, echoing the ethic's emphasis on access as a right for learning rather than a privilege gated by permission. Critics, including security researcher Dorothy Denning in her article published in Phrack Issue 32 (1990), contend that even non-destructive unauthorized entry constitutes a violation of property rights and trust, potentially eroding system integrity regardless of intent, and advocate for collaborative, authorized channels over unilateral exploration. Denning's piece highlights tensions between sharing norms and institutional security policies, suggesting that open publication risks enabling unskilled actors to replicate techniques maliciously, thus blurring lines into criminality. Phrack's decision to include such counterarguments underscores its role in hosting diverse perspectives, yet it has drawn criticism for not aligning with emerging white-hat standards, which emphasize certifications like (introduced in 2003) and to vendors before public release. This shift reflects a causal move from unregulated 1980s experimentation to post-1990s regulatory frameworks prioritizing legal authorization, where Phrack's resistance—eschewing endorsements of formal training—is seen by detractors as endorsing recklessness over . Empirical evidence supports the pro-exploration side, as underground publications like have historically preceded corporate or official awareness of flaws; for example, the seminal tutorial in Issue 49 (1996) detailed memory corruption techniques, which, while usable illicitly, informed practices adopted industry-wide thereafter, demonstrating how disseminated knowledge accelerates fixes absent monopolized disclosure. Studies of vulnerability timelines indicate that independent researchers, including those in hacker zines, often identify issues months before patches, challenging claims of inherent endangerment by arguing that suppressed information sustains vulnerabilities longer under "responsible" regimes. Opponents counter with data on exploit proliferation post-publication, citing increased attack vectors for unpatched systems, though causal attribution remains contested without isolating intent. 's persistence without adopting white-hat norms thus embodies a of credentialed exclusivity, positing that empirical security gains derive from open scrutiny rather than gated expertise.

Impact and Legacy

Influence on Hacker Culture and Underground Communities

Phrack played a pivotal role in articulating and disseminating the self-reliant ethos of early communities, emphasizing curiosity-driven exploration and resistance to institutional gatekeeping through publications like "The Hacker's Manifesto" in its seventh issue on September 25, 1986, which framed hacking as an innate drive for knowledge unbound by authority. This document, authored under the The Mentor, resonated widely in underground circles, reinforcing norms of anonymous knowledge-sharing and technical defiance that prioritized individual ingenuity over hierarchical structures. By serializing such manifestos alongside practical and hacking techniques, Phrack fostered bonds among dispersed , who adopted its pseudonymous style—evident in handles like Aleph One for seminal tutorials—as a shield against traceability and a symbol of egalitarian participation. The magazine's format, with its raw, unpolished layout and rejection of commercial polish, preserved anti-assimilationist norms, serving as a that modeled decentralized publishing against corporate or governmental co-optation. Reports on hacker gatherings, such as those from the Chaos Communication Congress and early events embedded in issues like Phrack 47, further solidified community ties by chronicling shared defiance and technical triumphs, inspiring groups like the to mirror Phrack's blend of bravado and substance in their own lore. Phrack's "Pro-Phile" columns and interviews amplified this, profiling figures across U.S. and European scenes, including nods to the Chaos Computer Club's early network intrusions, which echoed Phrack's ethos of probing systemic vulnerabilities for collective insight. Sustained influence persists in dissident hacker enclaves, as evidenced by Phrack's 40th anniversary panel at 33 on August 10, 2025, where editors discussed its enduring role in culture and digital dissent, drawing crowds and underscoring its status as a touchstone for underground continuity amid evolving threats. This event highlighted Phrack's archival value in maintaining genealogy, with attendees referencing its manifestos as foundational to modern self-taught defiance in systems transitioning to forums.

Contributions to Computer Security and Vulnerability Disclosure

Phrack's early publications on techniques, such as the use of blue boxes to generate multifrequency tones mimicking operator signals, highlighted systemic flaws in analog switching systems, leading providers to transition toward digital signaling protocols like SS7 with enhanced authentication by the early 1990s. These disclosures informed industry efforts to mitigate unauthorized access, as evidenced by AT&T's phased elimination of exploitable post-1980s exposures. In computer security, Phrack detailed Unix vulnerabilities, including access mode weaknesses in utilities like rsh and file permission bypasses, which system administrators adopted to harden configurations, contributing to vendor patches in BSD and System V releases during the late 1980s and early 1990s. The magazine's technical articles served as a precursor to formalized vulnerability disclosure, providing reproducible exploit code and analyses that enabled proactive defenses without relying on vendor coordination, with patch timelines accelerating as security professionals integrated the findings into audits and fixes. A landmark contribution was the 1996 article "Smashing the Stack for Fun and Profit," which systematically explained exploitation techniques in stack-based architectures, prompting widespread adoption of countermeasures such as stack canaries and in operating systems like and Solaris by the early 2000s. This public exposition debunked assumptions of inherent net harm from disclosure, as empirical data from subsequent years showed increased vulnerability mitigations outpacing exploit proliferation in enterprise environments. As of 2025, Phrack continues to influence defensive strategies through articles on state-sponsored threats, such as the disclosure of North Korean APT tools and infrastructure targeting South Korean entities, following an attempted responsible notification that underscored the value of unfiltered for countering advanced adversaries. These publications equip red-team exercises and blue-team hardening against backdoors and kernel exploits, maintaining Phrack's role in bridging underground with practical enhancements.

Broader Cultural and Societal Reception

Phrack has been depicted in outlets as emblematic of subversive , particularly through coverage of the 1990 federal prosecution of its co-editor Craig Neidorf for disseminating an article on the (E911) emergency response system in issue 24, which authorities initially valued at nearly $80,000 as stolen property. This case underscored perceptions of Phrack as a conduit for potentially disruptive technical disclosures, fueling narratives of as threats to public infrastructure despite the document's public availability for as little as $13 from sources. Criticisms of Phrack for allegedly facilitating criminal exploits, such as telecommunications fraud detailed in its early articles, have persisted in societal discourse, yet empirical assessments reveal limited causal links to major incidents, as evidenced by Neidorf's on all counts in July 1990 after exposed prosecutorial overreach and the absence of proprietary harm. Post- audits and defenses, including those from experts, argued that Phrack's publications informed legitimate vulnerability awareness rather than direct malfeasance, countering claims of systemic endangerment. In parallel, Phrack receives recognition in professional security histories for its prescience, having chronicled innovations like techniques and network reconnaissance tools since 1985, which contributed to broader defensive advancements by exposing systemic weaknesses proactively. Distributed in 15,000 physical copies at events like 33 in August 2025, it continues to cultivate ingenuity among practitioners, positioning it as a talent pipeline for cyber defense against adversarial state actors. External valuations often frame Phrack as a to technocratic centralization, emphasizing hacker-led knowledge sharing as a safeguard for individual agency amid expanding and control apparatuses, in contrast to risk-averse institutional emphases on regulatory over exploratory . This duality—subversive icon versus innovative vanguard—reflects polarized receptions, with security analysts crediting its role in democratizing technical while mainstream critiques prioritize potential societal hazards unsubstantiated by prosecutorial outcomes.

References

  1. https://phrack.org/issues/64/4
  2. https://phrack.org/
  3. https://www.eweek.com/security/famous-hacker-magazine-shuts-down/
  4. https://afine.com/forty-years-of-hacking-phrack-cfp/
  5. https://phrack.org/issues/24/5
  6. https://phrack.org/issues/40/11
  7. https://phrack.org/issues/1/1
  8. https://www.exploit-db.com/exploits/42831
  9. https://phrack.org/issues/7/2
  10. https://phrack.org/issues/7/3
  11. https://groups.csail.mit.edu/mac/classes/6.805/phrack/phrack-index-orig.html
  12. https://phrack.org/issues/20/4
  13. https://phrack.org/issues/59/1
  14. https://media.defcon.org/DEF%2520CON%252033/DEF%2520CON%252033%2520presentations/Richard%2520Johnson%2520-%252040%2520Years%2520Of%2520Phrack%2520Hacking%2520Zines%2520and%2520Digital%2520Dissent.pdf
  15. https://commons.wikimedia.org/wiki/File:Phrack_63_Hardcover.pdf
  16. https://archives.phrack.org/issues/71/phrack-71.pdf
  17. https://www.reddit.com/r/Defcon/comments/1mqfdlc/looking_for_a_copy_of_phrack/
  18. https://www.helpnetsecurity.com/2002/04/04/the-phrack-e911-affair/
  19. https://www.mit.edu/hacker/part4.html
  20. https://www.eff.org/pages/crime-and-puzzlement
  21. https://malicious.life/episode/episode-166/
  22. https://law.justia.com/cases/federal/district-courts/FSupp/739/414/1610447/
  23. https://law.justia.com/cases/federal/district-courts/FSupp/743/556/2593731/
  24. http://hneeman.oscer.ou.edu/CS2413/ethics.pdf
  25. https://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall94-papers/miller-phrack/miller-phrack.html
  26. https://phrack.org/issues/31/10
  27. https://www.exploit-db.com/exploits/42844
  28. https://phrack.org/issues/32/1
  29. https://phrack.org/issues/33/1
  30. https://www.exploit-db.com/papers/42853
  31. https://phrack.org/issues/51/14
  32. https://phrack.org/issues/49/14
  33. https://phrack.org/issues/45/14
  34. https://phrack.org/issues/60/1
  35. https://www.exploit-db.com/exploits/42871
  36. https://it.slashdot.org/story/02/12/28/2046258/new-phrack
  37. https://phrack.org/issues/64/17
  38. https://archives.phrack.org/
  39. https://phrack.org/issues/72/7_md
  40. https://phrack.org/issues/72/14_md
  41. https://www.youtube.com/watch?v=TW-D1I27E08
  42. https://phrack.org/issues/72/19
  43. https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf
  44. https://phrack.org/issues/64/6
  45. https://phrack.org/issues/70/9
  46. https://phrack.org/issues/58/13
  47. https://phrack.org/issues/11/11
  48. https://phrack.org/issues/69/3
  49. https://phrack.org/issues/21/1
  50. https://phrack.org/issues/33/2
  51. https://phrack.org/issues/70/2
  52. https://www.exploit-db.com/exploits/42845
  53. https://www.exploit-db.com/exploits/42861
  54. https://phrack.org/issues/50/1
  55. https://groups.csail.mit.edu/mac/classes/6.805/phrack/phrack-index.html
  56. https://phrack.org/issues/1/1.html
  57. https://phrack.org/issues/68/8
  58. https://phrack.org/issues/72/1.html
  59. https://dl.acm.org/doi/pdf/10.1145/102868.102869
  60. https://www.eff.org/effector/1/0
  61. https://phrack.org/issues/25/9
  62. https://www.cs.cmu.edu/~rdriley/330/papers/Makowski_2011_Smashing_the_Stack_in_2011.pdf
  63. https://phrack.org/issues/67/12
  64. https://www.acsac.org/2006/papers/43.pdf
  65. https://phrack.org/issues/32/3
  66. https://faculty.nps.edu/dedennin/publications/USvsNeidorf.pdf
  67. https://phrack.org/issues/47/9
  68. https://phrack.org/issues/16/8
  69. https://phrack.org/issues/18/7
  70. https://cwe.mitre.org/data/definitions/121.html
  71. https://www.usenix.org/event/sec02/full_papers/lhee/lhee.pdf
  72. https://phrack.org/issues/72/17_md
  73. https://www.nytimes.com/1991/04/21/magazine/in-defense-of-hackers.html
  74. https://www.btlj.org/data/articles2015/vol8/searchable/Yin.pdf
  75. https://warontherocks.com/2025/10/the-leak-that-targeted-the-leakers/
Add your contribution
Related Hubs
User Avatar
No comments yet.