==Phrack Inc.== Volume Three, Issue 26, File 10 of 11 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN %%%%%%%%%%% %%%%%%%%% %%%%%%% PWN PWN Issue XXVI/Part 2 PWN PWN PWN PWN April 25, 1989 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Reach Out And TAP Someone April 3, 1989 %%%%%%%%%%%%%%%%%%%%%%%%% Two former employees of Cincinnati Bell, who were fired by the company for "good cause" according to Cincinnati Bell Chairman Dwight Hibbard are claiming they installed more than 1200 illegal wiretaps over a 12 year period from 1972 - 1984 at the request of their supervisors at the telco and the local police. Among the alleged targets of the snooping were past and present members of Congress, federal judges, scores of the city's most prominent politicians, business executives, lawyers and media personalities. Leonard Gates and Robert Draise say they even wiretapped the hotel room where President Gerald Ford stayed during two visits to Cincinnati; and this part of their story, at least, has been verified by the now retired security chief at the hotel. As more details come out each day, people in Cincinnati are getting a rare look at a Police Department that apparently spied on itself, and at a grand jury probe that has prompted one former FBI official to suggest that the Justice Department seems more interested in discrediting the accusers than in seeking the truth. Cincinnati Bell executives says Gates and Draise are just trying to "get even" with the company for firing them. But disclosures thus far seem to indicate there is at least some truth in what the two men are saying about the company they used to work for. According to Gates and Draise, they were just employees following the orders given to them by their superiors at Cincinnati Bell. But Dwight Hibbard, Chairman of the Board of Cincinnati Bell has called them both liars, and said their only motive is to make trouble for the company. Cincinnati Bell responded to allegations that the company had specifically participated in illegal wiretapping by filing a libel suit against Gates and Draise. The two men responded by filing a countersuit against the telco. In addition to their suit, four of the people who were allegedly spied on have filed a class action suit against the telco. In the latest development, Cincinnati Bell has gone public with (according to them) just recently discovered sordid details about an extramarital affair by Gates. A federal grand jury in Cincinnati is now trying to straighten out the tangled web of charges and countercharges, but so far no indictments have been returned. Almost daily, Gates and Draise tell further details about their exploits, including taps they claim they placed on phones at the Cincinnati Stock Exchange and the General Electric aircraft engine plant in suburban Evendale. According to Draise, he began doing these "special assignments" in 1972, when he was approached by a Cincinnati police officer from that city's clandestine intelligence unit. The police officer wanted him to tap the lines of black militants and suspected drug dealers, Draise said. The police officer assured him the wiretapping would be legal, and that top executives at the phone company had approved. Draise agreed, and suggested recruiting Gates, a co-worker to help out. Soon, the two were setting several wiretaps each week at the request of the Intelligence Unit of the Cincinnati Police Department. But by around 1975, the direction and scope of the operation changed, say the men. The wiretap requests no longer came from the police; instead they came from James West and Peter Gabor, supervisors in the Security Department at Cincinnati Bell, who claimed *they were getting the orders from their superiors*. And the targets of the spying were no longer criminal elements; instead, Draise and Gates say they were asked to tap the lines of politicians, business executives and even the phone of the Chief of Police himself, and the personal phone lines of some telephone company employees as well. Draise said he "began to have doubts about the whole thing in 1979" when he was told to tap the private phone of a newspaper columnist in town. "I told them I wasn't going to do it anymore," he said in an interview during the week of April 2, 1989. Gates kept on doing these things until 1984, and he says he got cold feet late that year when "the word came down through the grapevine" that he was to tap the phone lines connected to the computers at General Electric's Evendale plant. He backed out then, and said to leave him out of it in the future, and he claims there were hints of retaliation directed at him at that time; threats to "tell what we know about you..." When Dwight Hibbard was contacted at his office at Cincinnati Bell and asked to comment on the allegations of his former employees, he responded that they were both liars. "The phone company would not do things like that," said Hibbard, "and those two are both getting sued because they say we do." Hibbard has refused to answer more specific questions asked by the local press and government investigators. In fact, Draise was fired in 1979, shortly after he claims he told his superiors he would no longer place wiretaps on lines. Shortly after he quit handling the "special assignments" given to him he was arrested, and charged with a misdemeanor in connection with one wiretap -- which Draise says he set for a friend who wanted to spy on his ex-girlfriend. Cincinnati Bell claims they had nothing to do with his arrest and conviction on that charge; but they "were forced to fire him" after he pleaded guilty. Gates was fired in 1986 for insubordination. He claims Cincinnati Bell was retaliating against him for taking the side of two employees who were suing the company for sexual harassment; but his firing was upheld in court. The story first started breaking when Gates and Draise went to see a reporter at [Mount Washington Press], a small weekly newspaper in the Cincinnati suburban area. The paper printed the allegations by the men, and angry responses started coming in almost immediately. At first, police denied the existence of the Intelligence Unit, let alone that such an organization would use operatives at Cincinnati Bell to spy on people. Later, when called before the federal grand jury, and warned against lying, five retired police officers, including the former chief, took the Fifth Amendment. Finally last month, the five issued a statement through their attorney, admitting to 12 illegal wiretaps from 1972 - 1974, and implicated unnamed operatives at Cincinnati Bell as their contacts to set the taps. With the ice broken, and the formalities out of the way, others began coming forward with similar stories. Howard Lucas, the former Director of Security for Stouffer's Hotel in Cincinnati recalled a 1975 incident in which he stopped Gates, West and several undercover police officers from going into the hotel's phone room about a month before the visit by President Ford. The phone room was kept locked, and employees working there were buzzed in by someone already inside, recalled Lucas. In addition to the switchboards, the room contained the wire distribution frames from which phone pairs ran throughout the hotel. Lucas refused to let the police officers go inside without a search warrant; and they never did return with one. But Lucas said two days later he was tipped off by one of the operators to look in one of the closets there. Lucas said he found a voice activated tape recorder and "a couple of coils they used to make the tap." He said he told the Police Department and Cincinnati Bell about his findings, but "...I could not get anyone to claim it, so I just yanked it all out and threw it in the dumpster..." Executives at General Electric were prompted to meet with Draise and Gates recently to learn the extent of the wiretapping that had been done at the plant. According to Draise, GE attorney David Kindleberger expressed astonishment when told the extent of the spying; and he linked it to the apparent loss of proprietary information to Pratt & Whitney, a competing manufacturer of aircraft engines. Now all of a sudden, Kindleberger is clamming up. I wonder who got to him? He admits meeting with Draise, but says he never discussed Pratt & Whitney or any competitive situation with Draise. But an attorney who sat in on the meeting supports Draise's version. After an initial flurry of press releases denying all allegations of illegal wiretapping, Cincinnati Bell has become very quiet, and is now unwilling to discuss the matter at all except to tell anyone who asks that "Draise and Gates are a couple of liars who want to get even with us..." And now, the telco suddenly has discovered information about Gates' personal life. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FBI/Bell Wiretapping Network? April 3, 1989 %%%%%%%%%%%%%%%%%%%%%%%%%%%%% [Edited For This Presentation] Bob Draise/WB8QCF was an employee of Cincinnati Bell Telephone between 1966 and 1979. He, and others, are involved in a wiretapping scandal of monumental proportions. They say they have installed more than 1,000 wiretaps on the phones of judges, law enforcement officers, lawyers, television personalities, newspaper columnists, labor unions, defense contractors, major corporations (such as Proctor & Gamble and General Electric), politicians (even ex-President Gerald Ford) at the request of Cincinnati police and Cincinnati Bell security supervisors who said the taps were for the police. They were told that many of the taps were for the FBI. Another radio amateur, Vincent Clark/KB4MIT, a technician for South-Central Bell from 1972 to 1981, said he placed illegal wiretaps similar to those done by Bob Draise on orders from his supervisors -- and on request from local policemen in Louisville, Kentucky. When asked how he got started in the illegal wiretap business, Bob said that a friend called and asked him to come down to meet with the Cincinnati police. An intelligence sergeant asked Bob about wiretapping some Black Muslims. He also told Bob that Cincinnati Bell security had approved the wiretap -- and that it was for the FBI. The sergeant pointed to his Masonic ring which Bob also wore -- in other words, he was telling the truth under the Masonic oath -- something that Bob put a lot of stock in. Most of the people first wiretapped were drug or criminal related. Later on, however, it go out of hand -- and the FBI wanted taps on prominent citizens. "We started doing people who had money. How this information was used, I couldn't tell you." The January 29th "Newsday" said Draise had told investigators that among the taps he rigged from 1972 to 1979 were several on lines used by Wren Business Communications, a Bell competitor. It seems that when Wren had arranged an appointment with a potential customer, they found that Bell had just been there without being called. Wren's president is a ham radio operator, David Stoner/K8LMB. When spoken with, Dave Stoner said the following; "As far as I am concerned, the initial focus for all of this began with the FBI. The FBI apparently set up a structure throughout the United States using apparently the security chiefs of the different Bell companies. They say that there have been other cases in the United States like ours in Cincinnati but they have been localized without the realization of an overall pattern being implicated." "The things that ties this all together is if you go way back in history to the Hoover period at the FBI, he apparently got together with the AT&T security people. There is an organization that I guess exists to this day with regular meetings of the security people of the different Bell companies. This meant that the FBI would be able to target a group of 20 or 30 people that represented the security points for all of the Bell and AT&T connections in the United States. I believe the key to all of this goes back to Hoover. The FBI worked through that group who then created the activity at the local level as a result of central planning." "I believe that in spite of the fact that many people have indicated that this is an early 70's problem -- that there is no disruption to that work to this day. I am pretty much convinced that it is continuing. It looks like a large surveillance effort that Cincinnati was just a part of." "The federal prosecutor Kathleen Brinkman is in a no-win situation. If she successfully prosecutes this case she is going to bring trouble down upon her own Justice Department. She can't successfully prosecute the case." About $200 million in lawsuits have already been filed against Cincinnati Bell and the Police Department. Several members of the police department have taken the Fifth Amendment before the grand jury rather than answer questions about their roles in the wiretapping scheme. Bob Draise/WB8QCF has filed a suit against Cincinnati Bell for $78 for malicious prosecution and slander in response to a suit filed by Cincinnati Bell against Bob for defamation. Right after they filed the suit, several policemen came forward and admitted to doing illegal wiretaps with them. The Cincinnati police said they stopped this is 1974 -- although another policeman reportedly said they actually stopped the wiretapping in 1986. Now the CBS-TV program "60 Minutes" is interested in the Cincinnati goings-on and has sent in a team of investigative reporters. Ed Bradley from "60 Minutes" has already interviewed Bob Draise/WB8QCF and it is expected that sometime during this month (April) April, we will see a "60 Minutes" report on spying by the FBI. We also understand that CNN, Ted Turner's Cable News Network, is also working up a "Bugging of America" expose. _______________________________________________________________________________ Crackdown On Hackers Urged April 9, 1989 %%%%%%%%%%%%%%%%%%%%%%%%%% Taken From the Chicago Tribune (Section 7, Page 12b) "Make Punishment Fit The Crime," computer leaders say. DALLAS (AP) -- The legal system has failed to respond adequately to the threat that hackers pose to the computer networks crucial to corporate America, a computer expert says. Many computer hackers "are given slaps on the wrist," Mark Leary, a senior analyst with International Data Corp., said at a roundtable discussion last week. "The justice system has to step up...to the fact that these people are malicious and are criminals and are robbing banks just as much as if they walked up with a shotgun," he said. Other panelists complained that hackers, because of their ability to break into computer systems, even are given jobs, sometimes a security consultants. The experts spoke at a roundtable sponsored by Network World magazine, a publication for computer network users and managers. Computer networks have become crucial to business, from transferring and compiling information to overseeing and running manufacturing processes. The public also is increasingly exposed to networks through such devices as automatic teller machines at banks, airline reservation systems and computers that store billing information. Companies became more willing to spend money on computer security after last year's celebrated invasion of a nationwide network by a virus allegedly unleased by a graduate student [Robert Tappen Morris], the experts said. "The incident caused us to reassess the priorities with which we look at certain threats," said Dennis Steinaur, manager of the computer security management group of the National Institute of Standards and Technology. But computer security isn't only a matter of guarding against unauthorized entry, said Max Hopper, senior vice president for information systems as American Airlines. Hopper said American has built a "a Cheyenne mountain-type" installation for its computer systems to guard against a variety of problems, including electrical failure and natural disaster. Referring to the Defense Department's underground nerve center in a Colorado mountain, he said American's precautions even include a three-day supply of food. "We've done everything we can, we think, to protect the total environment," Hopper said. Hopper and Steinaur said that despite the high-tech image of computer terrorism, it remains an administrative problem that should be approached as a routine management issue. But the experts agreed that the greatest danger to computer networks does not come from outside hackers. Instead, they said, the biggest threat is from disgruntled employees or others whose original access to systems was legitimate. Though employee screening is useful, Steinaur said, it is more important to build into computer systems ways to track unauthorized use and to publicize that hacking can be traced. Steinaur said growing computer literacy, plus the activities of some non-malicious hackers, help security managers in some respects. Expanded knowledge "forces us as security managers not be dependent on ignorance," Steinaur said. "Security needs to be a part of the system, rather than a 'nuisance addition,'" Steinaur said, "and we probably have not done a very good job of making management realize that security is an integral part of the system." IDC's Leary said the organization surveys of Fortune 1000 companies surprisingly found a significant number of companies were doing little to protect their systems. The discussion, the first of three planned by Network World, was held because computer sabotage "is a real problem that people aren't aware of," said editor John Gallant. Many business people sophisticated networks." It also is a problem that many industry vendors are reluctant to address, he said, because it raises questions about a company's reliability. Typed For PWN by Hatchet Molly _______________________________________________________________________________ Ex-Worker Charged In Virus Case -- Databases Were Alleged Target Apr 12, 1989 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% by Jane M. Von Bergen (Philadelphia Inquirer) A former employee was charged yesterday with infecting his company's computer database in what is believed to be the first computer-virus arrest in the Philadelphia area. "We believe he was doing this as an act of revenge," said Camden County Assistant Prosecutor Norman Muhlbaier said yesterday, commenting on a motive for the employee who allegedly installed a program to erase databases at his former company, Datacomp Corp. in Voorhees, New Jersey. Chris Young, 21, of the 2000 block of Liberty Street, Trenton, was charged in Camden County with one count of computer theft by altering a database. Superior Court Judge E. Stevenson Fluharty released Young on his promise to pay $10,000 if he failed to appear in court. If convicted, Young faces a 10-year prison term and a $100,000 fine. Young could not be reached for comment. "No damage was done," Muhlbaier said, because the company discovered the virus before it could cause harm. Had the virus gone into effect, it could have damaged databases worth several hundred thousand dollars, Muhlbaier said. Datacomp Corp., in the Echelon Mall, is involved in telephone marketing. The company, which has between 30 and 35 employees, had a contract with a major telephone company to verify the contents of its white pages and try to sell bold-faced or other special listings in the white pages, a Datacomp company spokeswoman said. The database Young is accused of trying to destroy is the list of names from the phone company, she said. Muhlbaier said that the day Young resigned from the company, October 7, 1988 he used fictitious passwords to obtain entry into the company computer, programming the virus to begin its destruction December 7, 1988 -- Pearl Harbor Day. Young, who had worked for the company on and off for two years -- most recently as a supervisor -- was disgruntled because he had received some unfavorable job-performance reviews, the prosecutor said. Eventually, operators at the company picked up glitches in the computer system. A programmer, called in to straighten out the mess, noticed that the program had been altered and discovered the data-destroying virus, Muhlbaier said. "What Mr. Young did not know was that the computer system has a lot of security features so they could track it back to a particular date, time and terminal," Muhlbaier said. "We were able to ... prove that he was at that terminal." Young's virus, Muhlbaier said, is the type known as a "time bomb" because it is programmed to go off at a specific time. In this case, the database would have been sickened the first time someone switched on a computer December 7, he said Norma Kraus, a vice president of Datacomp's parent company, Volt Information Sciences Inc, said yesterday that the company's potential loss included not only the databases, but also the time it took to find and cure the virus. "All the work has to stop," causing delivery backups on contracts, she said. "We're just fortunate that we have employees who can determine what's wrong and then have the interest to do something. In this case, the employee didn't stop at fixing the system, but continued on to determine what the problem was." The Volt company, based in New York, does $500 million worth of business a year with such services as telephone marketing, data processing and technical support. It also arranges temporary workers, particularly in the data-processing field, and installs telecommunication services, Kraus said. _______________________________________________________________________________ Mexico's Phone System Going Private? April 17, 1989 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% By Oryan QUEST (Special Hispanic Corespondent) The Mexico Telephone Company, aka Telefonos de Mexico, aka Telmex, is likely to go private in the next year or two. The Mexican government is giving serious consideration to selling its controlling interest in that nation's communications network, despite very stiff opposition from the local unions which would prefer to see the existing bureaucracy stay in place. The proposed sale, which is part of a move to upgrade the phone system there -- and it *does* need upgrading -- by allowing more private investment, is part of a growing trend in Mexico to privatize heretofore nationalized industries. The Mexico Telephone Company has spent more than a year planning a $14 billion, five-year restructuring plan which will probably give AT&T and the Bell regional holding companies a role in the improvements. One plan being discussed by the Mexican government is a complete break-up of Telmex, similar to the court-ordered divestiture of AT&T a few years ago. Under this plan, there would be one central long distance company in Mexico, with the government retaining control of it, but privately owned regional firms providing local and auxiliary services. Representatives of the Mexican government have talked on more than one occasion with some folks at Southwestern Bell about making a formal proposal. Likewise, Pacific Bell has been making some overtures to the Mexicans. It will be interesting to see what develops. About two years ago, Teleconnect Magazine, in a humorous article on the divestiture, presented a bogus map of the territories assigned to each BOC, with Texas, New Mexico and Arizona grouped under an entity called "Taco Bell." Any phone company which takes over the Mexican system will be an improvement over the current operation, which has been slowly deteriorating for several years. PS: I *Demand* To Be Let Back On MSP! _______________________________________________________________________________