Attacking Wifi Nets with Traffic Injection
I'm very a lot grateful to him. I benefited quite a bit discussing with him. I'm additionally grateful to my mother and father who inspired me and supplied such a motivation, so I turned in a position to carry out this. I'm additionally grateful to all my buddies and those that helped me immediately or not directly in completion of my venture. CONTENTS •Introduction •Crime Definition •Legal guidelines which were violated •Doable Punishments (IT ACT + INTERNATIONAL LAWS) •Illegal Losses and Positive aspects •Working of Assaults •Description of Instruments INTRODUCTION This time period paper relies on “attacking wifi nets with visitors injection” additionally nown as packet injection which merely means the hacking of wi-fi networks with totally different methods to ship further quantity of visitors (packets, frames, duplicate copies) on a community by which a hacker can in a position to entry the data and id consumer is utilizing. Some methods are wi-fi community sniffing, DOS (denial of service assault), Man within the center assault and so on. Assaults on wi-fi LANs (WLAN’s) and wireless-enabled laptops are a fast and simple method for hackers to steal information and enter the company community.
Many forms of instruments are used to carry out hacking. A few of them are named as aircrack-ng, airjack and so on. thts paper will later give temporary data on instruments used , working of instruments ,losses and features with hacking and so on. These sort of assaults are referred to as INTEGRITY assaults. Wi-fi networks broadcast their packets utilizing radio frequency or optical wavelengths. A contemporary laptop computer laptop can hear in. Worse, an attacker can manufacture new packets on the fly and persuade wi-fi stations to just accept his packets as professional. We already know 802. 11 networks are weak.
Open networks are liable to any well-known LAN perimeter assault WEP is weak. Site visitors injection has modified issues like •Elevated DoS (denial of service) capabilities •Dramatically decreased WEP cracking achievement time •Permits visitors tampering •Permits stations assaults CRIME DEFINITION Cyber Crime –A criminal offense the place the pc is used as a instrument or goal. Cyber crime encompasses any prison act coping with computer systems and networks (known as hacking). Moreover, cyber crime additionally consists of conventional crimes performed by the Web.
For instance; hate crimes, telemarketing and Web fraud, id theft, and bank card account thefts are thought-about to be cyber crimes when the unlawful actions are dedicated by the usage of a pc and the Web. Hacking – Site visitors injection assaults comes below hacking. It's outlined as whomever with the intent to trigger or understanding that he's more likely to trigger wrongful loss or harm to the general public or any individual destroys or deletes or alters any data residing in a pc useful resource or diminishes its worth or utility or impacts it injuriously by any means, commits hacking.
Hacking might also happen when an individual willfully, knowingly, and with out authorization or with out affordable grounds to consider that she or he has such authorization, destroys information, laptop applications, or supporting documentation residing or current inside or exterior to a pc, laptop system, or laptop community. Apart from the destruction of such information, hacking might also be outlined to incorporate the disclosure, use or taking of the information commits an offense in opposition to mental property.
This paper is a survey of wi-fi assault instruments specializing in 802. 11 and Bluetooth. It consists of assault instruments for 3 main classes: confidentiality, integrity, and availability. Confidentiality assault instruments give attention to the content material of the information and are finest identified for encryption cracking. Integrity assaults instruments give attention to the information in transmission and embrace body insertion, man within the center, and replay assaults. Lastly, availability assault instruments give attention to Denial of Service (DoS) assaults. Legislation That Have Been Violated
The legal guidelines which were violated are part 43,65 and 66 of IT ACT 2000. Part 43 of IT ACT 2000, defines as If any individual with out permission of the proprietor or some other one that is accountable for a pc, laptop system or laptop community, — (a) Accesses or secures entry to such laptop, laptop system or laptop Community; (b) Downloads, copies or extracts any information, laptop information base or data from such laptop, laptop system or laptop community together with data or information held or saved in any detachable storage medium; c) Introduces or causes to be launched any laptop contaminant or laptop virus into any laptop, laptop system or laptop community; (d) Damages or causes to be broken any laptop, laptop system or laptop community, information, laptop information base or some other applications residing in such laptop, laptop system or laptop community; (e) Disrupts or causes disruption of any laptop, laptop system or laptop community; (f) Denies or causes the denial of entry to any individual licensed to entry any laptop, laptop system or laptop community by any means; g) Offers any help to any individual to facilitate entry to a pc, laptop system or laptop community in contravention of the provisions of this Act, guidelines or rules made there below; (h) Expenses the companies availed of by an individual to the account of one other individual by tampering with or manipulating any laptop, laptop system, or laptop community, Part 65 of IT ACT 2000, defines as, Tampering with laptop supply paperwork
Whoever knowingly or deliberately conceals, destroys or alters or deliberately or knowingly causes one other to hide, destroy or alter any laptop supply code used for a pc, laptop applications, laptop system or laptop community, when the pc supply code is required to be stored or maintained by regulation in the meanwhile in drive, shall be punishable with imprisonment as much as three years, or with tremendous which can prolong as much as two lakh rupees, or with each. Part 66 of IT ACT 2000, defines as, (1) Whoever with the intent to trigger or understanding that he's more likely to trigger rongful loss or harm to the general public or any individual destroys or deletes or alters any data residing in a pc useful resource or diminishes its worth or utility or impacts it injuriously by any means, commits hacking. (2) Whoever commits hacking shall be punished with imprisonment as much as three years, or with tremendous which can prolong as much as two lakh rupees, or with each. POSSIBLE PUNISHMENTS (IT ACT + Worldwide legal guidelines) Cyber crime is a sort of crime that not solely destroys the safety system of a rustic but in addition its monetary system. One supporter of laws in opposition to cyber crime, Rep.
Lamar Smith (R-Texas), said, "Our mouse might be simply as harmful as a bullet or a bomb. " Cyber attackers ought to be penalized and punished severely and most cyber crimes have penalties reflecting the severity of the crime dedicated. Though previously many legal guidelines in opposition to cyber crimes have been inadequate, regulation enforcement companies and governments have just lately proposed many modern plans for combating cyber crimes. Punishment Cybercrime should be handled very critically as a result of it causes numerous harm to companies and the precise punishment ought to rely upon the kind of fraud used.
The penalty for illegally accessing a pc system ranges from 6 months to five years. The penalty for the unofficial modification on a pc ranges from 5 to 10 years. Different penalties are listed beneath: Telecommunication service theft: The theft of telecommunication companies is a quite common theft and is punished with a heavy tremendous and imprisonment. Communications intercept crime: This can be a Class-D crime which is adopted by a extreme punishment of 1 to five years of imprisonment with a tremendous.
Different cyber crimes like telecommunication piracy, offensive materials dissemination, and different cyber frauds additionally belong to this class. Info Know-how Act-2000: In response to this act, totally different penalties can be found for various crimes. A number of the penalties are as follows: Pc supply doc tampering: The one that adjustments the supply code on the web site or any laptop program will get a punishment as much as three years of imprisonment or tremendous. Pc hacking: The person who hacks the pc or laptop gadgets will get an imprisonment as much as three years or a tremendous.
Authorities protected system: An act of attempting to achieve entry to a system which is a protected system by the federal government, will end in imprisonment for 10 years and a heavy tremendous. The introduction of such penalties have result in a drastic discount within the cyber crime charges as increasingly more criminals have gotten conscious of the penalties associated to them. Spreading the phrase concerning the penalties of cyber crime can function a deterrent in opposition to such crime. Penalties regarding cyber crime will fluctuate relying on the nation and laws in place. Punishments in accordance with IT ACT 2000
The one that commits the crime shall be liable to pay damages by the use of compensation not exceeding one crore rupees to the individual so affected in accordance with part 43 of IT ACT. The one that commits the crime shall be punishable with imprisonment as much as three years, or with tremendous which can prolong as much as two lakh rupees, or with each in accordance with part 65 of IT ACT. Whoever commits hacking shall be punished with imprisonment as much as three years, or with tremendous which can prolong as much as two lakh rupees, or with each in accordance with part 66 of IT ACT 2000 INTERNATIONAL LAWS In USA part 18 U. S. C. § 1030 A) a tremendous below this title or imprisonment for no more than ten years, or each, within the case of an offense below subsection (a)(1) of this part which doesn't happen after a conviction for one more offense below this part, or an try to commit an offense punishable below this subparagraph; and (B) a tremendous below this title or imprisonment for no more than twenty years, or each, within the case of an offense below subsection (a)(1) of this part which happens after a conviction for one more offense below this part, or an try to commit an offense punishable below this subparagraph; In Canada
The one that commits the crime is responsible of an indictable offence and liable to imprisonment for a time period not exceeding ten years, or is responsible of an offence punishable on abstract conviction. UNLAWFUL LOSSES AND GAINS Losses as a consequence of hacking Hackers focused main firms together with Sony, RSA Safety, and Citigroup, but in addition governmental web sites and smaller companies. Many firms might have prevented the assaults. Due to their vulnerabilities, they not solely misplaced cash, but in addition risked dropping shoppers, status and market share. Multitudes of individuals have been affected by their safety breaches Current stories confirmed hackers earned $12. billion in 2011, primarily by spamming, phishing, and on-line frauds. Some firms have made their monetary losses public, whereas others selected to not disclose them. Right here’s a high 5 of the declared losses brought on by hackings from final 12 months till current. Undeclared losses might even exceed these ones. 1. $171 million – Sony Hacked in April to June 2011, Sony is by far probably the most well-known latest safety assault. After its Ps community was shut down by LulzSec, Sony reportedly misplaced nearly $171 million. The hack affected 77 million accounts and remains to be thought-about the worst gaming group information breach ever.
Attackers stole priceless data: full names, logins, passwords, e-mails, residence addresses, buy historical past, and bank card numbers. 2. $2. 7 million – Citigroup Hacked in June 2011, Citigroup was not a tough goal for hackers. They exploited a fundamental on-line vulnerability and stole account data from 200,000 shoppers. Due to the hacking, Citigroup stated it misplaced $2. 7 million. Only a few months earlier than the assault, the corporate was affected by one other safety breach. It began at Epsilon, an electronic mail advertising and marketing supplier for two,500 giant firms together with Citigroup.
Specialists estimated that the Epsilon breach affected tens of millions of individuals and produced an total $four billion loss. three. $2 million – Stratfor Final Christmas wasn’t so joyful for Stratfor World Intelligence. Nameless members hacked the US analysis group and revealed confidential data from four,000 shoppers, threatening they may additionally give particulars about 90,000 bank card accounts. The hackers said that Stratfor was “clueless…in relation to database safety”. In response to the prison grievance, the hack value Stratfor $2 million. four. $2 million – AT&T The US service was hacked final 12 months, however stated no account data was uncovered.
They stated they warned a million prospects concerning the safety breach. Cash stolen from the hacked enterprise accounts was utilized by a gaggle associated to Al Qaeda to fund terrorist assaults in Asia. In response to stories, refunding costumers value AT&T nearly $2 million. 5. $1 million – Constancy Investments, Scottrade, E*Commerce, Charles Schwab The latest declared losses have been in a brokerage rip-off. A Russian nationwide was charged within the US with $1. four million in laptop and hacking crimes. $1 million was stolen from inventory brokerages Constancy Investments, Scottrade, E*Commerce, and Charles Schwab.
The remainder of the cash was taken from fraudulent tax refunds, with the stolen identities of greater than 300 folks. Positive aspects To Hackers * To make use of your laptop: * as an Web Relay Chat (IRC) server - hackers would not need to focus on brazenly about their actions on their 'personal' servers * as Storage for Illicit Materials (ex. pirated software program, pirated music, pornography, hacking instruments and so on) * as a part of a DDoS Assault - the place many computer systems are managed by hackers in an try to trigger useful resource hunger on a sufferer's computer systems or networks * To steal companies and/or priceless information For thrill and pleasure * To get even - perhaps an IT workers who was terminated, or different events you've got 'wronged' * As a publicity stunt - an instance of which was reported in 1998 by Jim Hu in MTV "hack" backfires * Data/Experiment/Moral - some hackers probe a pc system to search out its safety vulnerabilities after which inform the system administrator to assist enhance their safety * One other potential purpose is that the hackers would possibly undergo from a illness known as Asperger syndrome (AS).
They're people who find themselves excellent with numbers and at specializing in an issue for a really lengthy time period, however usually are not good in social relationships. How AS can presumably be linked to hacking habits was mentioned extra completely by M. J. Zuckerman in his 'USA At this time' article, What fuels the thoughts of a hacker? * Curiosity * To spy on buddies, members of the family and even enterprise rivals * Status - bragging rights of their social circle (notably in the event that they've hacked high-profile websites or techniques) * Mental Problem Cash - though most hackers usually are not motivated by monetary acquire; criminals make cash through the use of hacking methods both to * arrange pretend e-commerce websites to gather bank card particulars * acquire entry to servers that comprise bank cards particulars * have interaction in different types of bank card fraud WORKING OF ATTACKS Earlier than learning about how visitors injection assaults works there are some fundamental phrases we shoud should know WEP Wired Equal Privateness (WEP) is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP.
The WEP algorithm is meant to guard wi-fi communication from eavesdropping. A secondary perform of WEP is to forestall unauthorized entry to a wi-fi community. WEP encrypts the payload of knowledge packets. Administration and management frames are at all times transmitted within the clear. WEP makes use of the RC4 encryption algorithm. The shared-secret key's both 40 or 104 bits lengthy. The bottom line is chosen by the system administrator. This key should be shared amongst all of the stations and the AP utilizing mechanisms that aren't specified within the IEEE 802. 11. FRAMES Each the station and AP radiate and collect 802. 1 frames as wanted. The format of frames is illustrated beneath. Many of the frames comprise IP packets. The opposite frames are for the administration and management of the wi-fi connection. There are three courses of frames. The administration frames set up and keep communications. These are of Affiliation request, Affiliation response, Reassociation request, Reassociation response, Probe request, Probe response, Beacon, Announcement visitors indication message, Disassociation, Authentication, Deauthentication varieties. The SSID is a part of a number of of the administration frames.
Administration messages are at all times despatched within the clear, even when hyperlink encryption (WEP or WPA) is used, so the SSID is seen to anybody who can intercept these frames. Authentication Authentication is the method of proving id of a station to a different station or AP. Within the open system authentication, all stations are authenticated with none checking. A station A sends an Authentication administration body that comprises the id of A, to station B. Station B replies with a body that signifies recognition, addressed to A. Within the closed community structure, the stations should know the SSID of the AP as a way to hook up with the AP.
The shared key authentication makes use of a normal problem and response together with a shared secret key. Site visitors injection fast HOWTO •1 Insert adapter •2 Load driver and activate adapter •three Set driver into monitor mode (actual 802. 11 mode) •four Set applicable channel •5 Open PF PACKET/RAW socket on interface (Linux solely) •6 Use your socket and play • Nonetheless, you want a 802. 11 stack over your socket and/or good libs • and instruments so you'll be able to talk WORKING – This part of time period paper describes the working of assault through the use of one instrument known as INJECTION WIZARD
Injection Wizard is an utility for injecting visitors into WEP-protected Wi-Fi networks, like aireplay-ng, but it surely's rather more simple to make use of and it will probably work with worse situations (for instance, extra interferences, weaker transmitted/obtained alerts, extra restricted entry factors, and so on). The upper the visitors of the community, the sooner we can crack a WEP key with instruments like aircrack-ng, airsnort, dwepcrack, weplab, WEPAttack, WEPCrack, and so on. Nevertheless, injecting visitors shouldn't be simple since you should construct or seize a body that causes a response body in some other station (that's, a wi-fi node).
This utility carries out robotically all of the wanted actions to construct a body that causes a response in different station. These actions might be summarized within the following sequence of steps: 1. The appliance scans Wi-Fi networks and exhibits a listing of WEP-protected networks, then it permits the person to pick one among them. 2. It joins the chosen community and screens that community as a way to discover a information body. three. It tries to extract a keystream prefix from the captured body after which it tries to increase the keystream as much as 40 bytes by the use of the W.
A. Arbaugh's inductive chosen plaintext assault. four. It tries to discover a host (for instance, a related laptop, a community gadget, and so on), which has an IP handle belonging to a predefined vary, by injecting cast ARP packets. 5. After discovering an lively host, it injects ARP packets focused at that host. A number of the advantages of this utility are easiness of use (as a consequence of its graphical interface, automated operation, and so on) androbustness (detection/administration of community disconnections, repetition of failed actions, and so on).
Furthermore, the Arbaugh's inductive assault might be carried out by any Wi-Fi interface supporting injection in monitor mode, as a result of the interface driver would not want any further patch because it's normal to occur with the Bittau's fragmentation assault. Apart from its greater applicability, this assault is mostly extra dependable than Chop-Chop assault for recovering a keystream of a given measurement, as a result of it would not should inject any body bigger than wanted. This utility is distributed below the phrases of the GNU Common Public License model 2 (learn the license. tm file for extra particulars) and comes with completely no guarantee. The writer assumes no duty derived from the use or the distribution of this program. The copyright of this utility is owned by Fernando Pablo Romero Navarro (Could 2010). Injection Wizard has made use of (with handy modifications) the next free software program purposes: * scapy (model 2. zero. 1), distributed below the license: GNU GPL model 2. Copyright: Philippe Biondi,2009 (http://www. secdev. org/tasks/scapy). * python-wifi (model zero. three. 1), distributed below the license: GNU LGPL model 2. 1.
Copyright: Roman Joost, 2004-2008 Software program Necessities For the consumer utility (graphical interface): •Any system with a latest Java digital machine: JRE model 1. 6 or later. For the server utility: * A Linux field with a latest kernel, so it ought to assist Wi-fi Extensions model 22 or later (since kernel model 2. 6. 21) and the mac80211 stack for Wi-Fi interfaces (since kernel model 2. 6. 24, it's supported by many Wi-Fi adapter drivers). * A Wi-Fi community interface driver supporting injection in monitor mode (typically it is required to patch the motive force for supporting this characteristic). The iw system command, if it is not supplied by your Linux distribution you may get it by putting in the aircrack-ng bundle or by compiling the supply code that may be downloaded from: http://wi-fi. kernel. org/obtain/iw. * A Python interpreter with model 2. 5, later variations may additionally work. Directions 1. Uncompress the injwiz. zip file. 2. Copy the consumer listing on a system with a Java digital machine accessible from the command path (for instance, launch a shell, enter the consumer listing, execute the command: java -version and verify the command outputs the JRE model quantity). .
Copy the server listing on a Linux field. If the consumer and server directories weren't copied on the identical machine, it is best to edit the runserver. sh script (within the server listing) and exchange the IP handle: 127. zero. zero. 1 with the IP handle of the Linux field's community interface that's hooked up to the identical community that the consumer machine (i. e. the pc that hosts the clientdirectory). four. Enter the server listing and run the script: . /runserver. sh (the Python interpreter ought to be accessible from the command path. You possibly can verify this by operating: ython -V from the command line and verifying that the interpreter model is confirmed). 5. On the consumer machine, enter the consumer listing and run both the script: . /runclient. sh (for Linux or Unix-like working techniques offering a shell appropriate with the Bourne shell and whose path for the executable file is: /bin/sh) orrunclient. bat (for Home windows). DESCRIPTION OF TOOLS The instruments used for packet injection functions are divided into two classes and software program 1. Software program Severe hackers often use Linux-based open supply penetration check instruments from which to launch their assaults.
This part particulars a few of the extra standard instruments that can be utilized to go looking out and hack wifi networks. •Aircrack-ng: This suite of instruments consists of 802. 11 WEP and WPA-PSK key cracking applications that may seize wi-fi packets and recuperate keys as soon as sufficient data been captured. Aircrack-ng helps newer methods that make WEP cracking a lot sooner. This software program has been downloaded over 20,000 instances. •Airjack: An 802. 11 packet injection instrument, Airjack was initially used as a growth instrument to seize and inject or replay packets.
Specifically, Airjack can be utilized to inject cast deauthentication packets, a basic method utilized in many denial-of-service and Man-in-the-Center assaults. Repeatedly injecting deauthentication packets right into a community wreaks havoc on the connections between wi-fi shoppers and entry factors. •AirSnort: AirSnort is wi-fi LAN (CLAN) instrument which recovers WEP encryption keys. AirSnort works by passively monitoring transmissions, after which computing the encryption key when sufficient packets have been gathered.
After that time, all information despatched over the community might be decrypted into plain textual content utilizing the cracked WEP key. •Cain ;amp; Ready: This can be a multi-purpose instrument that may intercept community visitors, utilizing data contained in these packets to crack encrypted passwords utilizing dictionary, brute-force and cryptanalysis assault strategies, document VoIP conversations, recuperate wi-fi community keys, and analyze routing protocols. Its principal objective is the simplified restoration of passwords and credentials. This software program has been downloaded over 400,000 instances. CommView for WiFi: This industrial product is designed for capturing and analyzing wifi community packets. CommView for WiFi makes use of a wi-fi adapter to seize, decode, and analyze packets despatched over a single channel. It permits hackers to view the listing of community connections and very important IP statistics and study particular person packets. •ElcomSoft Wi-fi Safety Auditor: That is an all-in-one cracking resolution that robotically locates wi-fi networks, intercepts information packets, and makes use of cryptanalysis methods to crack WPA/WPA2 PSKs.
This software program shows all obtainable wi-fi networks, recognized by channel quantity, AP MAC handle, SSID, pace, load, and encryption parameters. Whereas these capabilities might be present in open supply instruments, ElcomSoft gives a extra polished product for skilled use by wi-fi safety auditors. •Ettercap: Ettercap can be utilized to carry out man-in-the-middle assaults, sniff dwell connections, and filter intercepted packets on the fly. It consists of many options for community and host evaluation. This shareware has been downloaded almost 800,000 instances. Firesheep: This can be a plug-in to the Firefox browser that enables the hacker to seize SSL session cookies despatched over any unencrypted community (like an open wifi community) and use them to presumably steal their proprietor’s identities. This can be very frequent for web sites to guard person passwords by encrypting the preliminary login with SSL, however then by no means encrypt the rest despatched after login, which leaves the cookie (and the person) weak to “sidejacking.
” When a hacker makes use of Firesheep to seize these cookies, he might then use the SSL-authenticated session to entry the person’s account. Hotspotter: Like KARMA, Hotspotter is one other wi-fi assault instrument that mimics any entry level being looked for by close by shoppers, after which dupes customers into connecting to it as a substitute. •IKECrack: That is an open supply IPsec VPN authentication cracking instrument which makes use of brute drive assault strategies to investigate captured Web Key Trade (IKE) packets to search out legitimate VPN person id and secret key mixtures. As soon as cracked, these credentials can be utilized to achieve unauthorized entry to an IPsec VPN. KARMA: This evil twin assault listens to close by wi-fi shoppers to find out the title of the community they're trying to find after which pretends to be that entry level. As soon as a sufferer connects to a KARMA evil twin, this instrument can be utilized to redirect internet, FTP, and electronic mail requests to telephone websites as a way to steal logins and passwords. •Kismet: Kismet takes an intrusion detection method to wi-fi safety, and can be utilized to detect and analyze entry factors inside radio vary of the pc on which it's put in.
This software program stories SSIDs (Service Set Identifiers – used to tell apart one wi-fi community from one other) marketed by close by entry factors, whether or not or not the entry level is utilizing WEP, and the vary of IP addresses being utilized by related shoppers. •NetStumbler: This instrument turns any WiFi-enabled Home windows laptop computer into an 802. 11 community detector. NetStumbler and dozens of comparable “battle driving” applications can be utilized with different assault instruments to search out and hack into found wifi networks. •WireShark: WireShark is a freeware LAN analyzer that can be utilized to passively seize 802. 11 packets being transmitted over a wifi community.
This software program has been downloaded tens of millions of instances. 2. •For hackers that desire a turn-key bundle, there are additionally hardware wi-fi hacking instruments obtainable. We’ve highlighted one known as WiFi Pineapple. It’s a easy, small, transportable gadget that may be carried into any hotspot and used to draw any laptop computer looking for a wifi entry level. The Pineapple makes use of a way known as an Evil Twin assault. Hackers have used instruments like KARMA to do the identical factor for years, however with Pineapple, now you should buy a bit of hardware for less than $100 that permits you to turn into a hacker with out downloading or putting in any software program. Right here’s what their web site says: “After all all the Web visitors flowing by the pineapple corresponding to e-mail, prompt messages and browser classes are simply seen and even modified by the pineapple holder. ”
REFERENCES http://www. cse. wustl. edu/~jain//cse571-07/ftp/wireless_hacking/index. html http://www. cs. wright. edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks. htm#_Toc77524642 http://www. webopedia. com/TERM/C/cyber_crime. html http://www. wi-fiplanet. com/tutorials/article. php/3568066 file:///C:/Customers/jsk/Desktop/Wi-fi%20Hackers%20101. htm