==Phrack Inc.== Volume Two, Issue 24, File 13 of 13 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXIV/Part 3 PWN PWN PWN PWN February 25, 1989 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN The Judas Contract Fulfilled! January 24, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "...the other thing that made me mad was that I consider myself, at least I used to consider myself, a person who was pretty careful about who I trust, basically nobody had my home number, and few people even knew where I really lived..." -The Disk Jockey The following story, as told by The Disk Jockey, is a prime example of the dangers that exist in the phreak/hack community when sharing trust with those who have made The Judas Contract. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Let me briefly explain how I got caught... A hacker named Compaq was busted after someone turned him in for using Sprint codes. While executing the search warrant, the state police noticed that he had an excessive amount of computer equipment which had origins that Compaq could not explain. After checking around (I imagine checking serial numbers that Compaq had not removed), the police found that the equipment was obtained illegally. Compaq then proceeded to tell the police that I, Doug Nelson (as he thought my name was) had brought them to him (true). Meanwhile, Compaq was talking to me and he told me that he was keeping his mouth shut the entire time. Keep in mind that I had been talking to this guy for quite a long time previously and thought that I knew him quite well. I felt that I was quite a preceptive person. As time went by, little did I know, Compaq was having meetings again and again with the state police as well as the Federal Bureau of Investigation (FBI) concerning finding out who I was. He gave them a complete description of me, and where I (correctly) went to school, but again, he was SURE my name was Douglas Nelson, and since my phone had previously been in that name, he felt assured that he was correct. The Police checked with Illinois and couldn't find license plates or a driver's license in that name. He had remembered seeing Illinois license plates on my car. They were stuck until Compaq had a wonderful: He and I had went out to dinner and over the course of conversation, I mentioned something about living in Bloomfield Hills, Michigan. After telling the state police this information, they wrote to Bloomfield Hills and gave a description and asked for any pictures in their files that fit that description. The problem was that several years ago, some friends and I were arrested for joyriding in a friend's snowmobile while he was on vacation. The neighbors didn't know us and called the police. Charges were dropped, but our prints and pictures were on file. Bloomfield Hills sent back 12 pictures, which, according to the police report, "Kent L. Gormat (Compaq) without hesitation identified picture 3 as the individual he knows as Douglas Nelson. This individuals name was in fact Douglas..." A warrant was issued for me and served shortly afterwards by state, local and federal authorities at 1:47 AM on June 27, 1988. Lucky me to have such a great pal. In the 6 months that I was in prison, my parents lived 400 miles away and couldn't visit me, my girlfriend could come visit me once a month at best, since she was so far away, and Compaq, who lived a whole 10 miles away, never came to see me once. This made me rather angry as I figured this "friend" had a lot of explaining to do. As you can see I am out of prison now, but I will be on probation until December 15, 1989. -The Disk Jockey _______________________________________________________________________________ Bogus Frequent Flyer Scheme February 13, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From Associated Press An airline ticket agent piled up 1.7 million bonus air miles via computer without leaving the ground, then sold the credits for more than $20,000, according to a published report. Ralf Kwaschni, age 28, was arrested Sunday when he arrived for work at Kennedy International Airport and was charged with computer tampering and grand larceny, authorities said. Kwaschni, a ticket agent for Lufthansa Airlines, used to work for American Airlines. Police said he used his computer access code to create 18 fake American Airline Advantage Accounts - racking up 1.7 million bonus air miles, according to the newspaper. All 18 accounts, five in Kwaschni's name and 13 under fake ones, listed the same post office box, according to the newspaper. Instead of exchanging the bonus miles for all the free travel, Kwaschni sold some of them for $22,500 to brokers, who used the credits to get a couple of first class, round trip tickets from New York to Australia, two more between London and Bermuda, and one between New York and Paris. It is legal to sell personal bonus miles to brokers Port Authority Detective Charles Schmidt said. Kwaschni would create accounts under common last names. When a person with one of the names was aboard an American flight and did not have an Advantage account, the passengers name would be eliminated from the flight list and replaced with one from the fake accounts. "As the plane was pulling away from the gate, this guy was literally wiping out passengers," Schmidt said. _______________________________________________________________________________ Massive Counterfeit ATM Card Scheme Foiled February 11, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Douglas Frantz (Los Angeles Times) The U.S. Secret Service foiled a scheme to use more than 7,700 counterfeit ATM cards to obtain cash from Bank of America automated tellers. After a month-long investigation with an informant, five people were arrested and charged with violating federal fraud statutes. "Seized in the raid were 1,884 completed counterfeit cards, 4,900 partially completed cards, and a machine to encode the cards with Bank Of America account information, including highly secret personal identification numbers for customers." The alleged mastermind, Mark Koenig, is a computer programmer for Applied Communications, Inc. of Omaha, a subsidiary of U.S. West. He was temporarily working under contract for a subsidiary of GTE Corporation, which handles the company's 286 ATMs at stores in California. Koenig had access to account information for cards used at the GTE ATMs. According to a taped conversation, Koenig said he had transferred the BofA account information to his home computer. He took only Bank Of America information "to make it look like an inside job" at the bank. The encoding machine was from his office. Koenig and confederates planned to spread out across the country over six days around the President's Day weekend, and withdraw cash. They were to wear disguises because some ATMs have hidden cameras. Three "test" cards had been used successfully, but only a small amount was taken in the tests, according to the Secret Service. The prosecuting US attorney estimated that losses to the bank would have been between $7 and $14 million. Bank Of America has sent letters to 7,000 customers explaining that they will receive new cards. _______________________________________________________________________________ STARLINK - An Alternative To PC Pursuit January 24, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ STARLINK is an alternative to PC Pursuit. You can call 91 cities in 28 states during off-peak hours (7pm-6am and all weekend) for $1.50 per hour. All connections through the Tymnet network are 2400 bps (1200 bps works too) with no surcharge and there are no maximum hours or other limitations. There is a one time charge of $50 to signup and a $10 per month account maintenance fee. High volume users may elect to pay a $25 per month maintenance fee and $1.00 per hour charge. The service is operated by Galaxy Telecomm in Virginia Beach, VA and users may sign up for the service by modem at 804-495-INFO. You will get 30 minutes free access time after signing up. This is a service of Galaxy and not TYMNET. Galaxy buys large blocks of hours from TYMNET. To find out what your local access number is you can call TYMNET at (800) 336-0149 24 hours per day. Don't ask them questions about rates, etc., as they don't know. Call Galaxy instead. Galaxy says they will soon have their own 800 number for signups and information. The following is a listing of the major cities covered. There are others that are a local call from the ones listed. Eastern Time Zone Connecticut: Bloomfield Hartford Stamford Florida: Fort Lauderdale Jacksonville Longwood Miami Orlando Tampa Georgia: Atlanta Doraville Marietta Norcross Indiana: Indianapolis Maryland: Baltimore Massachusetts: Boston Cambridge New Jersey: Camden Englewood Cliffs Newark Pennsauken Princeton South Brunswick New York: Albany Buffalo Melville New York Pittsford Rochester White Plains North Carolina: Charlotte Ohio: Akron Cincinnati Cleveland Columbus Dayton Pennsylvania: Philadelphia Pittsburgh Rhode Island: Providence Virginia: Alexandria Arlington Fairfax Midlothian Norfolk Portsmouth Central Time Zone Alabama: Birmingham Illinois: Chicago Glen Ellyn Kansas: Wichita Michigan: Detroit Minnesota: Minneapolis St. Paul Missouri: Bridgeton Independence Kansas City St. Louis Nebraska: Omaha Oklahoma: Oklahoma City Tulsa Tennessee: Memphis Nashville Texas: Arlington Dallas Fort Worth Houston Wisconsin: Brookfield Milwaukee Mountain Time Zone Arizona: Mesa Phoenix Tucson Colorado: Aurora Boulder Denver Pacific Time Zone California: Alhambra Anaheim El Segundo Long Beach Newport Beach Oakland Pasadena Pleasanton Sacramento San Francisco San Jose Sherman Oaks Vernon Walnut Creek Washington: Bellevue Seattle STARLINK is a service of Galaxy Telecomm Division, GTC, Inc., the publishers of BBS Telecomputing News, Galaxy Magazine and other electronic publications. _______________________________________________________________________________ Suspended Sentences For Computer Break-In February 20, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From Personal Computing Weekly "Police Officers Sentenced For Misuse Of Police National Computer" Three police officers hired by private investigators to break into the Police National Computer received suspended prison sentences at Winchester Crown Court. The private investigators also received suspended (prison) sentences, ranging from four to six months. The police officers were charged under the Official Secrets Act of conspiring to obtain confidential information from the Police National Computer at Hendon. One of the police officers admitted the charge, but the other two and the private investigators pleaded Not Guilty. The case arose out of a Television show called "Secret Society" in which private investigator Stephen Bartlett was recorded telling journalist Duncan Campbell that he had access to the Police National Computer, the Criminal Records Office at Scotland Yard and the DHSS (Department of Health & Social Security). Bartlett said he could provide information on virtually any person on a few hours. He said he had the access through certain police officers at Basingstoke, Hampshire. Although an investigation proved the Basingstoke connection to be false, the trail led to other police officers and private detectives elsewhere. Most of the information gleaned from the computers was used to determine who owned certain vehicles, who had a good credit record -- or even who had been in a certain place at a certain time for people investigating marital infidelity. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Of course, the actions for which the officers and others were sentenced, were not computer break-ins as such, but rather misuse of legitimate access. _______________________________________________________________________________ Virus Hoax Caused As Much Panic As The Real Thing February 20, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From Popular Computing Weekly "A Virus Is Up And Running" Michael Banbrook gave his college network managers a scare when he planted a message saying that a virus was active on the college system. Banbrook's message appeared whenever a user miskeyed a password; the usual message would be "You are not an authorized user." It was replaced by the brief but sinister: "A Virus is up and running." When the message was discovered by the college network manager, Banbrook was immediately forbidden access to any computers at the St. Francix Xavier College at Clapham in South London. Banbrook, 17, told "Popular Computing Weekly" that he believed the college has over-reacted and that he had, in fact thrown a spotlight on the college's lackluster network security. The college has a 64 node RM Nimbus network running MS-DOS. "All any has to do is change a five-line DOS batch file" says Banbrook. "There is no security at all" Banbrook admits his motives were not entirely related to enhancing security: "I was just bored and started doodling and where some people would doodle with a notepad, I doodle on a keyboard. I never thought anyone would believe the message." Banbrook was suspended from computer science A-level classes and forbidden to use the college computers for a week before it was discovered that no virus existed. Following a meeting between college principal Bryan Scalune and Banbrook's parents, things are said to be "back to normal." _______________________________________________________________________________ Phrack World News -- Quicknotes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For those interested in the 312/708 NPA Split, the correct date for this division is November 11, 1989. However, permissive dialing will continue until at least February 9, 1990. ------------------------------------------------------------------------------- Anyone who is wondering what Robert Morris, Jr. looks like should have a look at Page 66 in the January 1989 issue of Discover Magazine. _______________________________________________________________________________