By Albert Samaha
By Steve Weinstein
By Devon Maloney
By Tessa Stuart
By Alison Flowers
By Albert Samaha
By Jesse Jarnow
By Eric Tsetsi
Back in the old days, a kid had to work to get porn. Legions of fat, lonely stamp collectors would pedal miles on Huffy dirt bikes to buy used copies of Juggs at the flea market. Porn was contraband, the ultimate stash. It would be squeezed under mattresses, filed inside MAD magazines, balanced on the back rafters in summer-camp bunks.
Such adventures now sound perfectly quaint. The thrill of the chase has been replaced by the shrill of the modem. Porn is so accessible on the Net that it's almost cliché. Another GIF of a dwarf fisting a llama? How droll.
But in recent months, something has begun to shift. As ever, people are far more compelled by what they can'thave than what they canand despite the files of free downloads on erotica newsgroups, countless more await behind the gated communities of commercial adult sites. The old adolescent lust hunt is on once again. The pay-to-play porn sites are like the "18 and Over" curtain at the video store. The Huffy patrol wants in. And they're hustling passwords to get there.
Jason Brewer, 19, was a high school student when he launched MegaPass (megapass.org), one of the Web's larger hubs for free XXX passwords. Like other similar hubs, such as Password HQ (passwordhq.com) or the aptly named Ooze (ooze.org), MegaPass offers dozens of qualified user names and codes. It usually lists a couple dozen porn sites, provides accompanying reviews ("thumbnailed pics of supposedly 'perfect asses,"' reads a recent one), then doles out any number of qualified passwords to get you into each site for free. (The site does carry an 18-and-over disclaimer.)
Rather than being some chump who coughs up seven bucks a month for Pamela-Tommy mpegs, you can just click a link from MegaPass that gets you right past the velvet rope. Sometimes, you might have to punch in the passwords manually. Other times, you might get linked to a "backdoor," which is essentially like the file cabinet where webmasters keep all their goods; the pictures aren't captioned, but with a title like "peegal.jpg," you pretty much get the idea.
For tragically bored 9-to-5'ers, sites like MegaPass offer a discreet way to kill time on the boss's dime. "It's kind of addictive," confesses one white-collar password junkie. "You'll go for one picture, and end up spending an hour surfing around. It's stupid, but it's fun. I guess there's a thrill in knowing that you're getting stuff for free that you should be paying for."
Upon closer inspection, though, it's not necessarily a case of porn sites getting hacked; it's the Huffy crowd getting had. Someone like Brewer will be the first to explain that many of the seemingly hot passwords are actually the online equivalent of crab dip samples at the deli counter.
"[A porn site] webmaster will give us passwords to their sites as it is a way of advertising what they have," Brewer writes via e-mail. "They will let the password go for however long before they cancel it. Just to give people a taste of what they have to offer. If they like what they see, many will sign up." It's a clever bit of win/win Madison Avenue marketing: if pornmasters were to give away passwords on their own sites, that would devalue their product; by making passwords available, instead, on the alleged black market, surfers feel like they've become dastardly hackers (neat!) and FartHolez.Com still gets a blast of hype. Done deal.
But still, many passwords are indeed stolen. According to David Kerley, an analyst at Jupiter Communications, there are two commonly used tactics. One is a name-generator program, which will visit a site and continually enter a combination of commonly used passwords and user names ("munch" and "rug" seem especially popular) until it gets a match. Another technique, sometimes called "spoofing," involves, essentially, hijacking authorized connections to a pay site's computer server; once on, the spoofer can pluck the password, then sneak away.
New security systems that come bundled in Web browsers make spoofing a bit more difficult these days. But even major men's e-zines like Playboy Online (playboy.com) often turn up on Ooze now and then. Sometimes, it's just a matter of someone making the ill-fated mistake of sending his password to a friend, who then leaks it out to the sharks. Rodger Brown, editorial director of Playboy Online, says that these leaks don't provide a major security risk, since someone needs a credit card to make any transactions. "Our site isn't structured such that a misuse would cause any significant trouble for us," he says. The legal department, he adds, is always swift to take action.
Ultimately, MegaPass and Brewer's other site, All Passwords (allpasswords.com), are less hackers' domains than business plans. Brewer isn't some beady-eyed geek busting through codes all night. Instead of doing the work himself, he says, he's created a slick program which simply obtains the passwords from other password sites. Once collected, the program double-checks that the passwords indeed work and, if so, posts them onto the MegaPass page. All that Brewer has to do is check in to make sure nothing crashes. Because everything's automated, he says he only has to spend about five minutes a day working on the site. In the world of leechers, he's at the top of the food chain.