Open in app

Sign in

Write

Sign in

Diary of a kind-hearted hacker: Part 2

Bill Gates and his private fetishes

Raymond 'Red' Reddington
4 min readAug 27, 2021

DISCLAIMER: This article translated from a private blog of Chinese hacker community. The author of the translation does not take any responsibility about the content of the original article.

Nowadays, security is an outbreak of any software development, whether it is a website, application or service. Talking about services… Almost any mailbox provider approaches a list of security points to fill and even requires some of them, e.g. two-factor authentication, uncommon passwords, etc.

How to use authenticator apps… [iDeaHUNTR]

Back in the 2000s, things were much easier for hacking — captchas were trivial, “cloudflares” and any other DDoS protection services were just a theory and the world was just started to get familiar with testing automation tools. Experimenting with them was not only fun, but also a profitable business.

As my 20-year-old “vow of silence” (set by Microsoft) ended a few months ago, I decided to tell the world about the interesting, dark and outrageous experience from the beginning of the century. The main victim there was the brand new Microsoft Outlook 2002.

Review of Microsoft Outlook 2002 SP-1 [LWN]

There’s always a backdoor to the application, Outlook was not an exception. It can be automated by the VBA, this means it can be automated… Now it’s common to use such fancy tools as Cypress or Cucumber, but at that time there were even no Selenium and the good old HP QT/QTP (today UFT) should wait a few months before its first release. To do such things at that time, the main weapon was the software package called Rational (later bought by IBM).

The only notable email service was MSN Hotmail. Recovered from “eh”, it was stable and secure as never, thus, it was decided to break it via automated login/password combinations. My Rational Robot script should’ve broken through via VBA interface, done some work, and written down the results. Remained the last thing to think—whose account to break? The only man that came to my mind was no one other than Bill Gates. There was only an infinitesimal chance that bgates@hotmail.com, billgates@hotmail.com and any other similar accounts could be his, but it was all worth it.

Bill Gates has just turned 60 [Gentleman’s Journal]

73 logins and 1286 passwords… Not so much for today, but at that time I was expecting a few days of brute-forcing Hotmail servers. With all set-up, I went to sleep on the night of 23rd of June 2001, Saturday. In the morning, I wanted to check if my script was still running, but found it suspended. Also, there were thousands of letters in my inbox folder yielding the same message:

Hey,

We don’t know who you are, but we know where you are from. You stuck your nose where it didn’t belong, and you’d have been punished. But you also found a vulnerability in our system, so we’ll do you a big favor if you’d try to keep away from the idea you’re following.

Goodbye.

The problem with email overload [FT]

But that was not all. There was a much more mysterious thing I wanted to reveal. The logs from the original attack, which I’ve been keeping through the years, and which basically answer the question we’re all looking for in this article. Below shown the small chunk of this log, with trimmed fail attempts.

2001–06–23 11:33:22.507087;*********;FAILED;null
2001–06–23 11:33:24.507087;*********;FAILED;null
2001–06–23 11:33:26.507087;*********;FAILED;null
2001–06–23 11:33:28.507087;*********;SUCCEEDED;iamtheadminoftheworld
...
2001–06–23 15:15:30.507087;*********;FAILED;null
2001–06–23 15:15:32.507087;*********;FAILED;null
2001–06–23 15:15:34.507087;*********;SUCCEEDED;iamtheadminoftheworld
...
2001–06–23 17:53:36.507087;*********;FAILED;null
2001–06–23 17:53:38.507087;*********;SUCCEEDED;iamtheadminoftheworld
2001–06–23 17:53:40.507087;*********;FAILED;null
...
2001–06–23 23:22:42.507087;*********;FAILED;null
2001–06–23 23:22:44.507087;*********;FAILED;null
2001–06–23 23:22:46.507087;*********;SUCCEEDED;iamtheadminoftheworld
2001–06–23 23:22:48.523072;*********;FAILED;null
2001–06–23 23:22:50.523072;*********;FAILED;null
...
2001–06–23 23:50:52.523072;*********;FAILED;null
2001–06–23 23:50:54.523072;*********;FAILED;null
2001–06–23 23:50:56.523072;*********;SUCCEEDED;iamtheadminoftheworld
2001–06–23 23:50:58.523072;*********;FAILED;null
2001–06–23 23:50:00.523072;*********;FAILED;null

67 out of 73 meticulously picked logins (I especially masked them, to keep out from evil hands) had the same password, thus they had the same owner. And he definitely desires to be the admin of the World. Coincidence? Maybe…

Some ancient stuff as references…

Rational Software
Review of Microsoft Outlook 2002
Hotmail “eh”

Bill Gates
Outlook
Hacking
Admin
Hotmail

--

--

Raymond 'Red' Reddington

Written by Raymond 'Red' Reddington

16 Followers

One and only...

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams