==Phrack Inc.== Volume Three, Issue 29, File #12 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXIX/Part 3 PWN PWN PWN PWN November 17, 1989 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN The Cuckoo's Egg October 18, 1989 ~~~~~~~~~~~~~~~~ by By Christopher Lehmann-Haupt (New York Times) "Tracking a Spy Through the Maze of Computer Espionage" It all begins with a 75-cent discrepancy in the computer complex's accounting system. Clifford Stoll, the new man in the office, is assigned to reconcile the shortfall. Although an astronomer by training, Stoll has recently seen his grant money run dry and so has been transferred from the Keck Observatory at the Lawrence Berkeley Lab down to the computer center in the basement of the same building. No wizard at computers, he thinks he can pick things up fast enough to get by. So he sets out to look for the 75 cents. He quickly discovers that no glitch in the accounting programs has occurred. No, what seems to have happened is that an unfamiliar user named Hunter briefly logged on to the system, burning up 75-cents worth of time. Since there is no account record for Hunter, Stoll erases him from the system. The problem is solved, or so it seems. But almost immediately, an operator from Maryland on the same network that the Lawrence Berkeley Lab uses complains that someone from Stoll's lab is trying to break into his computer. When Stoll checks the time of the attempt, he discovers that the account of someone named Joe Sventek, who is known to be in England for the year, has been used. So he guesses that the user calling himself Hunter has somehow activated Sventek's account. But who is this hacker (as Stoll begins to refer to him), where is he operating from and how is he getting into the system? Next Stoll sets up systems to alert him every time the hacker comes on line and monitor his activities without his being aware of it. He watches as the hacker tries to lay cuckoo's eggs in the system's nest, by which of course he means programs for other users to feed -- for instance, a program that could decoy other users into giving the hacker their secret passwords. He watches as the hacker invades other computer systems on the networks the Lawrence Berkeley Lab employs, some of them belonging to military installations and contractors. The mystery grows. Telephone traces gradually establish that the hacker is not a local operator, is not on the West Coast and may not even be in North America. But of the various three-letter organizations that Stoll appeals to for help -- among them the FBI, the CIA and even the National Security Agency -- none will investigate, at least in an official capacity. By now a reader is so wrapped up in Stoll's breezily written account of his true adventure in "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage" that he is happy to overlook certain drawbacks in the narrative -- most conspicuously the lack of consistently lucid technical talk and the author's dithering over whether appealing for help to the likes of the FBI and CIA is selling out to the enemy, a qualm left over from the 1960s mentality that still afflicts him and his friends. The only truly annoying aspect of the book is that an endpaper diagram gives away the location of the computer spy. Readers are advised not to look at the endpapers, which do little but spoil the suspense. Unfortunately, the narrative, too, eventually helps dissipate the story's tension. The officials who finally take over the hunt from Stoll are so reluctant to tell him what is happening that all the suspense he has created simply evaporates. Even Stoll seems to lose interest in the identity of his mysterious antagonist, judging by the limp and haphazard way he finally does give us the news. Instead of building his story, he allows himself to be distracted by a banal domestic drama centering on his decision to stop being afraid of emotional commitment and marry the woman he has been living with for seven years. And he continues limply to debate the need of the state to defend the security of communications networks against wanton vandalism, as if there were room for serious discussion of the question. Still, nothing can expunge the excitement of the first two-thirds of "The Cuckoo's Egg," particularly those moments when the author hears his portable beeper going off and bicycles to his lab to read the latest printout of the hacker's activities. Nothing can relieve our discouragement at the bureaucratic runaround that Stoll got. Had a million dollars worth of damage occurred? the FBI kept asking him. "Well, not exactly," he would reply. Then there was nothing the FBI could do. And so it dishearteningly went, although some points should be conceded. Certain individuals in government agencies were extremely helpful to Stoll. The entire issue of computer-network security was after all a new and unexplored field. And the agencies that the author was asking for help probably knew more about the security threat than they were willing to tell him. Finally, nothing can diminish the sense of the strange new world Stoll has evoked in "The Cuckoo's Egg" -- a world in which trust and open communication will determine the quality of the future. Whether such values will prevail will prove a drama of momentous significance. Even if this book finally dissipates that drama, its very presence makes these pages worth dipping into. _______________________________________________________________________________ Digital's Hip To The Standards Thing October 10, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NEW YORK -- During a creative session at a major public relations firm to formulate a new corporate message for Digital Equipment Corporation that reflects the company's new direction promoting and supporting computing industry standards, the shopworn phrase "Digital has it now" was replaced by a new tag line that is more contemporary and tied to DEC's adherence to standards. DECrap by Rapmaster Ken "Digital's Hip to the Standards Thing" I heard some news just the other day It sounded kinda strange and I said, "No way!" But I heard it again from another source It mighta made sense and I said, "Of course!" Now computer biz has a lotta confusion 'Cause operating systems abound in profusion. But there's a whole new wave in data processing Now that Digital's hip to the standards thing. (chorus) Digital's hip to the standards thing! Digital's hip to the standards thing! Way back when a long time ago IBM owned the whole show. But other dudes saw this proprietary mess And formed committees to find out what's best. Some went their own way and built their own software But users were perturbed, "It's just a different nightmare." So they got together to look over the picks Put down their money on good 'ol UNIX (chorus) Digital's hip to the standards thing! Digital's hip to the standards thing! Now Digital always kept their users in mind And pushed VMS as the best of the kind. A lotta folks agreed but kept askin' for UNIX support, "We gotta have more!" Soon DEC saw the light and decided to give UNIX to the masses, (sorta live and let live). So DEC's ridin' the wave ahead of the rest On a backplane boogie board on top of the crest. No doubt about it DEC's sprouted its wings 'Cause Digital's hip to the standards thing. (chorus) Digital's hip to the standards thing! Digital's hip to the standards thing! _______________________________________________________________________________ Hacker Publications November 12, 1989 ~~~~~~~~~~~~~~~~~~~ Here is a general overview of a pair of the more popular hardcopy hacker magazines. 2600 Magazine: The Hacker Quarterly Volume Six, Number Three Autumn, 1989 The cover on this issue features a scene from the Galactic Hackers Convention that took place in Amsterdam, Switzerland, last August. Although it is not explicitly stated or implied, it would appear that the comic illustration portrays the hacker "Shatter" being run over by a bus bearing the label "2600 XPRESS." The articles featured in this issue include: The Nynex Strike Grade "A" Hacking: What Is UAPC? by The Plague Galactic Hacker Party (GHP) British Telecom's Guilty Conscience The Death Of COSMOS? What's Going On - Technological Marvels o U.S. Sprint Billing Problems o U.S. Sprint Voicecards o Other Voiceprints o Surveillance - Hacker Spies (Chaos Computer Club, KGB Hackers discussed) - Nynex Bigotry (Gay And Lesbian Organizations) - Dial-It News (Pacific Bell 900 Services) - Payphone Choices (AT&T, Sprint, MCI, AOS) - Overseas Access (AT&T Calls To Vietnam) - News From The U.K. o Directory Assistance Operators o British Telecom To Buy Tymnet From McDonnel Douglas o Chat Lines Banned - One Less Choice (The Source and Compuserve) - Privacy? What's That? o Bulletin Board User Information o Illegal Aliens Database o Scotland Yard Database o Wiretapping o Bell of Pennsylvania (giving out confidential information) o Personal Smart Card - Hackers In Trouble o Kevin Mitnick o Robert Morris - Hacker Fun o Friday The 13th Virus o Speed Limit Alterations o Delray Beach Probation Office - Telco Literature (FON Line Newsletter) - Calling Card Tutorials - Another Telco Ripoff (C&P Telephone) - Technology Marches Back o French Computer Mixup o New York Telephone Repairman Sent On Wild Goose Chases - And Finally (Bejing Phone Calls) The Secrets of 4TEL Letters - Moblie Telephone Info - A Southern ANI - ROLM Horrors - A Nagging Question (by The Apple Worm) - A Request - Another Request (by THOR ) - The Call-Waiting Phone Tap (Alternative Inphormation) - Interesting Numbers (1-800-EAT-SHIT, 800, 900 numbers) - UNIX Hacking (Unix security, hacking, TCP/IP) - Intelligent Payphones - Retarded Payphones REMOBS by The Infidel Gee... GTE Telcos by Silent Switchman and Mr. Ed Voice Mail Hacking... by Aristotle Punching Pay Phones by Micro Surgeon/West Coast Phreaks Touch-Tone Frequencies 2600 Marketplace Carrier Access Codes Lair of the INTERNET Worm by Dark OverLord Timely Telephone Tips (from a Defense Department Phone Book) There were also plenty of other interesting small articles, pictures, and stories about hackers, telephones, computers and much more. All in all, this is the best issue of 2600 Magazine I have read in several issues (despite the fact that some of the material had appeared in Phrack Inc., LOD/H TJs, and/or Telecom Digest previously). Let's hope they continue to be as good. Are you interested in 2600 Magazine? 2600 (ISSN 0749-3851) is published quarterly by 2600 Enterprises Inc., 7 Strong's Lane, NY 11733. Second class postage permit paid at Setauket, New York. Copyright (c) 1989, 2600 Enterprises, Inc. Yearly subscriptions: U.S. and Canada -- $18 individual, $45 corporate. Overseas -- $30 individual, $65 corporate. Back issues available for 1984, 1985, 1986, 1987, 1988 at $25 per year, $30 per year overseas. Address all subscription correspondence to: 2600 Subscription Department P.O. Box 752 Middle Island, New York 11953-0752 2600 Office Line: 516-751-2600 2600 FAX Line: 516-751-2608 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TAP Magazine Issue 94 1989 The new TAP Magazine is a smaller publication in comparison to 2600. The "outer" cover of this newsletter was a "warning" from The Predat0r concerning the nature of the material inside. The true or "inner" cover of the newsletter had the following: The Information You've Requested Of TAP Publishing Society A Unit Of The Technological Advancement Party Presents... "...a family of people dedicated to the advancement of home computer systems and electronic technology, the study and duplication of related communication networks and the subsequent utilization of one's own ingenuity in today's fast-paced world of creative logic." The articles in this issue of TAP included: TAP RAP: News From The TAP Staff by Aristotle Small Tags Protect Big Stores (continued from TAP 93) Ozone (concerning American Telephone & Telegraph's plans for 1994) Telephone Wires In New York In 1890 Mercury Fulminate by Dark OverLord How To Hack Stamps Hoffman Worked To Help All Of Mankind Police Raid 3 Jefferson Homes In Search For Computer Hackers by Calvin Miller SummerCon '89 by Aristotle (includes a copy of the official SummerCon '89 poster and button, although an error stating that the poster was shown at 1/2 size when in reality, the original was 8 1/2" by 14"). There were a few other interesting "tid bits" of information scattered throughout the four loose pages including the new TAP logo (that was made to resemble CompuTel) and other pictures. The staff at TAP also included a postcard that contained a reader's survey. It asked all sorts of questions about how the reader liked certain aspects of the publication... I found the idea to be potentially productive in improving the quality of the newsletter all around. The cost of TAP is rather cheap... it is free. For an issue send a self addressed stamped envelope to: T.A.P. P.O. Box 20264 Louisville, Kentucky 40220-0264 :Knight Lightning _______________________________________________________________________________ Phrack World News QuickNotes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. 911 Improvement Surcharge in Chicago (October 16, 1989) -- Monday morning, October 16, Chicago Mayor Richard M. Daley announced that he would submit to the city council a plan to increase city telephone taxes by 95 cents per line per month, earmarked for improvements to 911 service. Currently there is no such flat charge, simply a percentage tax rate on local telephone service. Daley's spokespeople commented that 911 service here has been a mess for years, and that many of the suburbs charge $1.00 per line per month, so 95 cents should not be unreasonable. There were no details about what is currently wrong or about what specific improvements Daley has in mind. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2. Hacker Caught by Caller-ID (October 9, 1989) -- MIS Week reported the apprehension of a 15-year old hacker who used his Amiga personal computer to tap into two minicomputers at Grumman. The youngster was from Levittown, Long Island and stumbled into the computer by using a random dialing device attached to his computer. Grumman security was able to detect the intrusions, and the computer's recording of the boy's telephone number led police to his home. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3. 14-Year-Old Cracks TRW Credit For Major Fraud (October 18, 1989) -- A 14-year-old Fresno, California boy obtained secret "access codes" to the files of TRW Credit from a bboard and used them to pose as a company or employer seeking a credit history on an individual whose name he picked randomly from the phone book. From the histories, he obtained credit card numbers which he then used to charge at least $11,000 in mail-order merchandise (shipped to a rented storeroom) and make false applications for additional cards. He also shared his findings on computer bulletin boards. Police began investigating when TRW noticed an unusual number of credit check requests coming from a single source, later found to be the youth's home telephone number. The high school freshman, whose name was not released, was arrested at his home last week and later released to his parents. His computer was confiscated and he faces felony charges that amount to theft through the fraudulent use of a computer. "Here is a 14-year-old boy with a $200 computer in his bedroom and now he has shared his data with countless other hackers all over the nation," said Fresno Detective Frank Clark, who investigated the case. "The potential (for abuse of the information) is incredible." Excerpts provided by Jennifer Warren (Los Angeles Times) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4. Computer Virus Countermeasures Article (October 25, 1989) -- Readers of Phrack Inc. might be interested in an interesting article in the October 1989 issue of DEFENSE ELECTRONICS, page 75, entitled "Computer Virus Countermeasures -- A New Type Of Electronic Warfare," by Dr. Myron L. Cramer and Stephen R. Pratt. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 5. Computer Viruses Attack China (November 6, 1989) -- The Ministry of Public Safety of People's Republic of China found this summer that one tenth of the computers in China had been contaminated by three types of computer virus: "Small Ball," "Marijuana," and "Shell." The most serious damage was found in the National Statistical System, in which "Small Ball" spread in 21 provinces. In Wuhan University, viruses were found in *ALL* personal computers. In China, three hundred thousand computers (including personal computers) are in operation. Due to a premature law system the reproduction of software is not regulated, so that computer viruses can easily be propagated. Ministry of Public Safety now provides "vaccines" against them. Fortunately, those viruses did not give fatal damage to data. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6. More Phone-Card Fraud (October 31, 1989) -- Two men were convicted by Tokyo District Court on Monday, October 30, for tampering with Nippon Telephone and Telegraph calling cards to increase the number of calls they could make. The court ruled that they violated the Securities Transaction Law. One man, Kawai, was sentenced to 30 months in prison, and another, Sakaki, was given an 18-month suspended sentence. Two presiding judges ruled that using falsified telephone cards in pay phones is tantamount to using securities. However, another judge ruled in a separate case last September that tampering with a telephone card does not constitute use of a security, so legal observers say it will be up to the Supreme Court. According to this most recent s ruling, Kawai changed about 1,600 telephone cards, each good for 500-yen worth of telephone calls, into cards worth 20,000 yen. He sold the altered cards to acquaintances for as much as 3,500 yen. Sakaki also sold about 320 tampered cards for about 2 million yen. One of the presiding judges ruled that using tampered telephone cards on public telephones is the same as misleading Nippon Telegraph and Telephone Corporation into believing the cards -- false securities -- were genuine. Taken from The Japan Times - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7. Computer Virus Hits Japanese Quake Data (October 30, 1989) -- Tokyo; A computer virus has destroyed information at the University of Tokyo's seismological and ocean research institutes, a university official and local reports said yesterday. An official of the university's Ocean Reasearch Institute said the virus was detected earlier this month in five of the center's 100 computers, but was believed to have first infected the computers in September. The virus was found only in personal computers being used by researchers and not major computer systems, the official said, requesting anonymity. He said the damage was not serious. He declined to discuss further details, but a report by the Japan Broadcasting Corporation said a virus had also been found in the computers at the university's Earthquake Research Institute. Thanks to Associated Press news services. (Related article follows) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8. First Virus Attack On Macintoshes In Japan (November 7, 1989) -- Six Macs in University of Tokyo, Japan, were found to have caught viruses. Since Since this September, Professor K. Tamaki, Ocean Research Institute, University of Tokyo, has noticed malfunctions on the screen. In October, he applied vaccines "Interferon" and "Virus Clinic" to find his four Macintoshes were contaminated by computer viruses, "N Virus" type A and type B. He then found ten softwares were also infected by viruses. A Macintosh of J. Kasahara, Earthquake Research Institute, University of Tokyo, was also found to be contaminated by N Virus and Score Virus. These are the first reports of real viruses in Japan. Later it was reported that four Macintoshes in Geological Survey of Japan, in Tsukuba, were infected by N Virus Type A. This virus was sent from United States together with an editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9. Hackers Can Tap Into Free Trip (October 1989) -- Attention Hackers: Here is your chance to break into a computer system and walk away with a grand prize. The "hacker challenge" dares any hacker to retrieve a secret message stored in a KPMG Peat Marwick computer in Atlanta. This challenge is being sponsored by LeeMah DataCom Security Corporation, a Hayward, California, consulting firm that helps companies boost computer security. The winner gets an all-expense paid trip for two to either Tahiti or St. Moritz, Switzerland. Hackers with modems must dial 1-404-827-9584. Then they must type this password: 5336241. From there, the hacker is on his own to figure out the various access codes and commands needed to retrieve the secret message. The winner was announced October 24, 1989 at the Federal Computer Show in Washington. Taken from USA Today. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 10. Groaning Phone Network Survives Millions Of Calls (October 18, 1989) -- The nation's telecommunications network was flooded Tuesday (October 17) night by an estimated 20 million attempted telephone calls from people around the nation concerned about friends and family after the earthquake in the bay area. Except for brief failures, the system did not break down under the record load in the areas damaged by the earthquake. AT&T officials said that as many as 140 million long-distance phone calls were placed Wednesday (October 18), the highest number for a single day in history. Excerpts thanks to John Markoff (New York Times) >--------=====END=====--------<