==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 17 of 18 **************************************************************************** International Scenes There was once a time when hackers were basically isolated. It was almost unheard of to run into hackers from countries other than the United States. Then in the mid 1980's thanks largely to the existence of chat systems accessible through X.25 networks like Altger, tchh and QSD, hackers world-wide began to run into each other. They began to talk, trade information, and learn from each other. Separate and diverse subcultures began to merge into one collective scene and has brought us the hacking subculture we know today. A subculture that knows no borders, one whose denizens share the common goal of liberating information from its corporate shackles. With the incredible proliferation of the Internet around the globe, this group is growing by leaps and bounds. With this in mind, we want to help further unite the communities in various countries by shedding light onto the hacking scenes that exist there. If you want to contribute a file about the hacking scene in your country, please send it to us at phrack@well.com. This issue we have files about the scenes in Sweden and Brazil. ------------------------------------------------------------------------------ The Swedish Hacker Scene It's about time to fill up this hole in the worldwide history of hackers published in the Phrack series of articles on national scenes. Since no one else seems to be getting around to do it I'd better do it myself. Sweden was in fact one of the countries in the front line during the birth of computers in the 1940's and 50's. By 1953 KTH university in Stockholm built BESK, at the time being the fastest and most advanced computer in the world. During the late 1960's Linkoping university specialized in computer science and in 1973 the computer society Lysator started out as an offshoot of american hacker culture of the kind you could find at MIT during the 60's and 70's. They are still active and often referred to as the first Swedish hacker society ever, which is indeed true. Now days they still adhere to the international hacker ethic of university societies and among their lines are as well idiots as real bright guys (as is the case of most such societies) and their contributions to the world of e-culture include Project Runeberg; a text archive of Scandinavian literature, and a voluminous FTP archive. There's actually a lot of ASCII work being done at Lysator, including converting Phrack back issues to HTML format. Despite the early interest in computers in Sweden there was no equivalent to the American phreakers of the 1970's. This was not caused by lack of knowledge but rather by dullness. Sweden was during the 70's and early 80's in a period of both economic wealth and social mentality commonly known as "The Welfare State". Everybody was facing the same high economic standards, nobody was really displeased with Swedish society, and the government granted lots of spare-time activities for youths. Thus the growing ground for any outlaw societies was withdrawn. (Eg Hells Angels didn't start out in Sweden until the 80's.) Swedes were in fact too pleased, too wealthy and too filled up with their vision of an almost utopian society to even get the faintest glimpse of an idea to form any underground movements. Even political groupings like Anarchists, Hippies (in Europe referred to as "Provos") or Fascists were almost WIPED OUT by the extreme political climate and wealth of the 70's. Thus, phreaker culture couldn't possibly start out in Sweden at this time, though some freaked out engineers and radio-amateurs might have built blue boxes and similar equipment for their household needs. This state of society caused Sweden to lag behind other European and Scandinavian countries in the field of outlaw hacking. The first hacker activity in Sweden was reported by the authorities in 1980. The hacker in question was a student at Chalmers university in Gothenburg and was sued for manipulating the account system into granting him free access to the mainframe, for which was sentenced to a relatively light fine. Apart from some similar incidents carried out by bright individuals there was no real H/P scene until 1984. Also in 1980 BBS activity started out in Sweden. Most enthusiasts were using a Swedish micro built by Luxor and DIAB in 1978 called ABC-80 (Obviously inspired by the American TRS-80). These enthusiast, however, were well organized engineers running a straight user-group, no anarchists or radicals of any kind were ever involved. In 1984 a magazine called "Rolig Teknik" started out as an offshoot of YIPL/TAP featuring the same kind of material, and by 1987 some journalist "discovered" this magazine, causing a lot of noise throughout The Welfare State and bringing people out in a public debate of how to defeat this magazine. (Though it actually didn't feature any illegal material; even Sweden has the freedom of speech and press written explicit in its constitution, as in the American First Amendment.) "Rolig Teknik" rapidly became a cult media for underground electronic freaks, outlaw radio amateurs, and other antisocial movements. But let's not get ahead of events. By early 1984 two youths aged 17 and 19, clearly inspired by the movie "War Games", hacked their way into several Swedish computer systems using a simple Apple II and a 300 baud modem, notably DAFA-Spar - a register containing public information on every Swedish citizen. Though there were no secret data in this computer, and though these hackers never succeed in gaining root access, the incident was annoying to the authorities. Also this year, some wealthy upper-middle class youths started using the was-to-become major European home computer: the Commodore 64. What the Apple II was for America, the C-64 was for Europe. Enter the software crackers. C-64 was THE symbol of hackerdom to Swedish youths in the 1980's. As software cracker Mr.Z pioneered the hacker scene in 1983 with hundreds and hundreds of cracked games, Swedish hackers somehow got to believe that cracking games was the Big Thing for any hacker. Besides, not many of these guys had modems. By 1987 American game producers were alarmed by the Niagara of cracked C-64 software being downloaded from Europe, causing them to start copy-protecting games that were to be exported to Europe. A closer examination showed that a lot of these cracks were made by Swedish groups, notably Triad and Fairlight. Thus, most Americans to get in touch with the Swedish hacker scene were what you would refer to as the "Warez D00ds" or "Pirates" of the time. Since the Swedes were unable to phreak due to lack of knowledge in the telecom field, American warez d00ds constantly called up Swedish crackers to obtain the latest software. There seems to be some kind of misconception in the American view of the hacker culture of Europe: Not very many hackers in Sweden and the rest of Europe got into phreaking nor net hacking in these early years, perhaps with the exception of the movement in Germany caused by Chaos Computer Club. By tradition most European hackers in general, and Swedish hackers in particular, turned to software cracking and demo programming. (The Demo as an art form was invented in Europe during 1984-86.) None of these activities were actually illegal at the time being, though indeed underground. This might have helped to create the general American view of European hackers as "Idiotic Immature Warez D00ds". In fact, most European hackers look upon software cracking and demo programming with pride, though spreading (warez trading) wasn't considered a real hacker activity, and pirating for economic gain was looked upon with disgust and utter contempt. Software spreading in all forms was finally outlawed in Sweden January 1st 1993. 1986: Enter the Netrunners. By the year 1986 the legendary BBS "Tungelstamonitorn" under the supervision of Jinge Flucht began distributing H/P and Anarchy files. Jinge himself, being a social inspector and thereby fully aware of the state of society, was upset with The Welfare State and thought the Swedes had gone law-abiding in an absurd and unhealthy manner. In his view people seemed to accept laws without ever questioning them, thereby making Sweden into a conformistic utopian hell. Later Jinge joined the Fidonet where he got known for running the most explicit and intense debates in Swedish BBS-culture ever. Probably the H/P files stored at Jinges BBS were the spark that lit the Swedish net hacking scene. Swedish hackers had SEEN "War Games", HEARD about the CCC in Germany, and now they finally got their hands on documents that explained the techniques. In 1987 excerpts from Steven Levy's "Hackers" and Bill Leebs "Out of the Inner Circle" were reprinted in the Swedish computer- magazine "Datormagazin" by editor Christer Rindeblad, creating a common group-awareness among Swedish hackers. ("Out of the Inner Circle" had actually been translated to Swedish already 1985, but was obviously read mostly by security experts and War Games-obsessed wannabe's.) 1987 also saw the birth of the first all-Swedish hacker group ever to make themselves a name outside Scandinavia. This was of course SHA - Swedish Hackers Association. SHA wanted to be a hacker group of international standards and qualities. They collected the best people, storing up a knowledge basis for future use. In the years 1989-92 SHA was at its height, successfully trashing computer companies and computer scrap dumps and gaining access to hundreds of computers. Inspired by the German hackers Pengo and Hagbard in Leitstelle 511 they started having regular meetings on fridays at their own booked table in a restaurant in Stockholm. Their perhaps biggest achievement ever was made in 1991 when they wrote a scanner to exploit the Unix NIS-bug, running it on 30 processes simultaneously, and ending up with some 150.000 passwords whereof 600 gained root access. Though some would say SHA were a bit too fond of the media image of hackers and sometimes had a weakness for hacker cliches, no one can really deny their achievements. Swedish hackers also got a lot attention for their carding activities in 1989. Both Sneaker of SHA and Erik XIV of Agile wrote modulo 10-calculators to produce endless series of valid Visa-numbers. Erik XIV was even on national television, demonstrating the weaknesses of the credit card system. Cynically they were both busted. At Christmas 1990 the Swedish X.25 network Datapak and Decnet were both attacked by a group of UK hackers called 8LGM (8 Little Green Men or 8-Legged Groove Machine - I don't know which one is a media nick). Using a war dialer they scanned about 22.000 entries and successfully accessed 380 of these. This is perhaps the most well-known of all hacks in Sweden, causing a lot of media noise. (The exact figures are a product of the Swedish telephone system AXE that I will write more about in a moment.) As reported in Phrack #43 they were busted and convicted under the new British anti-hacker law. Later Swedish achievements include the phonecard emulator, constructed by Atari ST enthusiast Marvin in 1992, after hearing the Swedish phone company Telia boast of these prepaid phonecards superior security. Though these silicon-based chip phonecards (256 bytes serial EPROMs) couldn't actually be recharged or easily tampered with, he realized there was no problem in emulating the chip with a Motorola 68c705 one-chip computer. Some fake phonecards were manufactured and sold for almost nothing among his very best friends more on a "See, it can be done"-basis than with any intention to defraud Telia or earn heaps of money. Somehow the blueprints for the emulator found its way into the Internet. Swedish hackers in general have a very strong tradition of forming groups, due to their roots in programming activities rather than phreaking. Group awareness and culture is very widespread and accepted within the boundaries of the whole Swedish computer underground. Thus, LOYALTY is very strong among Swedish hackers. Most hackers who get busted by authorities or blackmailed by companies would rather DIE than telling the name of even a single 10-year old warez d00d. While we're at it - hacker busts, and phreaker busts in particular, are carried out in quite a disturbing manner in Sweden. To explain this I must first explain a bit about the Swedish telephone system. Almost all Swedish networks use a system similar to 4ESS, constructed in cooperation by the State Telecom "Televerket" and Swedish telecommunications equipment producers Ericsson Telecom. This system is called AXE, which is an abbreviation for Automatic Cross-Connection Equipment. AXE is used in some 100 countries all over the world and probably one of the most beautiful exchange systems ever developed. AXE is designed for national, metropolitan and rural networks, and the same system nucleus is used in all the different systems. It can control both digital and analog equipment, though it's made with the aim on transforming all Swedish networks from analog to digital connections. It also comes with a fully featured bureaucratic organization for maintenance, administration and economics in general. AXE has the capability of building virtual groups in switching-stations, thus putting your PBX into the telco soup as well, making you believe you have the control over it though it's actually located elsewhere. In short, this is an centralized, monolithic system of the horribly efficient type that telcos love. It tells any amateur to keep their hands off and do something else. Of course it's a system that hackers and phreakers hate, since it's limited to authorities. The filthy crowd do not know what is going on inside these exchanges, and the telcos like to keep it that way. AXE also works with stored program control that resides inside the system core of every switching station. Of course this is all software, and of course State Telecom, upon building AXE, couldn't hold back their Big Brother tendencies. The result is that every call made from anywhere to anywhere, is logged in a central computer. Now that's something! Not only did this equipment wipe out every possibility to box within Sweden, but it also removed all kind of phone privacy. In fact not only calls are logged, but ALL activity performed at your terminal. If you lift the handset, press a digit and hang up, time, date and the digit you pressed is registered. All this data is stored on magnetic tapes for 6 months. Now, luckily Sweden has a strong Computer Privacy Act. You just aren't allowed to set up and use such facilities as you please, not even if you are the State Telecom. There is even a specific authority, "Datainspektionen" (The Computer Inspection Department) with the only purpose of looking after and preserve citizen privacy by protecting individuals from corporate and governmental interests. As a result State Telecom "Televerket" (which later changed name to "Telia" as they were transformed from an authority into a private corporation as of July 1st 1993) were not allowed to give out any of the information gathered in these registers to anyone else than either the calling or the receiving party. Not even the police could have this information in case they weren't suspecting a indictable crime resulting in at least 2 years of prison, such as drug trading or terrorism, and you don't get that kind of penalty for phreaking alone - at least not in Sweden. But Telia could evade these restrictions. In order to successfully phreak using PIN-codes, you have to call an operator using a Swedish version of the 800-number: a 020-number. Telia could then claim the call was made to the owner of that number: AT&T, MCI & Sprint mostly. (There are of course Calling Cards in Sweden as well: "Telia Access" - neither used nor abused by anybody.) As well as these companies have their own intelligence agencies, so have Telia. Once eg AT&T had someone traced for phreaking, Telia could easily produce a complete list of calls made to AT&T operators from a certain number. Telia themselves would even use information they weren't allowed to: they would pull out a list of ALL outgoing calls from the phreaker in question including calls to MCI, girlfriends, mom, dad, grandma... all logged calls. Telia would then call this poor phreaker to their local Swedish office, sticking the endless list under his/her nose, commanding: "TALK, or we will turn you in to the authorities", carefully not to mention that all information on the printout would be absolutely useless in court. The only conclusive evidence would in fact be those calls traced back all the way from America or wherever the phreaker called; in that way rigorously documented. Naturally, the common phreaker had no legal experience and wouldn't know about this. Instead he would talk, giving out detailed information on his/her techniques worthy of a full-time high-educated security consultant. After this session the phreaker was given a bill of the calls that could indeed be proven in court. If he/she didn't pay it - Telia (or any other operator) would end up turning him/her to the authorities anyway. So much for cooperation. Telia themselves would, if they felt it was necessary, go even further than the overseas operators, systematically exposing every weakness in the phreakers personal life, using the information in the computer log for psychological terror. This pattern of treatment of Swedish phreakers seems to be very much the same among all telecom providers in Sweden. Lately Telia, under command of security officer Pege Gustavsson made some noteworthy mistakes though: in their efforts to convict as many phreakers as possible, they called up companies receiving calls from "suspicious" individuals, warning them about this or that person calling them over and over again. This could only mean Telia was also systematically monitoring some Swedish hackers and had formed some security group to carry out this probation. Normally this should have been kept quiet, as Telia are absolutely not allowed to form their own abuse police forces, but at some instance they happened to call up a security company using phreakers as informants. Of course this security company didn't like the idea of having "their" phreakers traced around, and the matter was brought to public attention. Many independent sources agreed that Telia had violated the Swedish Computer Act, and hopefully this brought an end to this wild tracing. You shouldn't be too sure though, since Telia themselves never confessed of doing anything illegal. As you might have understood the Computer Act is quite an important factor in all legal discussions concerning Swedish hacking. This Act came out as a result of general attention focused upon the computers vs. privacy matter in 1973. As Sweden was one of the first countries to make use of computers in governmental administration, and as Swedish authorities were eager to register every possible piece of information, some politically influential individuals started a debate resulting in the founding of the Computer Act and the Computer Inspection Department. As a result Sweden is light years ahead of most countries when it comes to privacy matters. For example there is no problem in having the number identification possibilities on your line deactivated for good, and it won't cost you anything. You can also easily obtain free printouts from any computer register containing information on you, including the register at your local AXE-exchange. To sum this article up I can draw the conclusion that even Sweden has had its handful of bright hackers, each category bringing their straw to the stack. Even though Swedish officials and companies would hardly admit it, these hackers have obviously been very important for this country, at least in forcing system managers, security officials, software producers, policemen, politicians and so on to think things over. Sweden has also attracted outside attention in some cases, and will probably keep doing so. If you should pin- point one group that has meant more to the Swedish scene than any other, it wouldn't be any of the H/P groups, but rather the cracking pioneers Fairlight - a well organized and world-famous warez producer. Linus Walleij aka King Fisher / Triad triad@df.lth.se (Some handles have been changed to protect retired Swedish hackers from luser mail.) Swedish readers may be interested in the fact that I'm currently writing a lengthy text in Swedish (a book actually) providing a closer look at Swedish hacking history, which will be released on hypertext and ASCII sometime later this year. Over and out from Sweden! --------------------------------------------------------------------------- HACKING IN BRAZIL ================= Before talking about hacking here, it's good to describe the conditions of living. Right now, the country is a mix of Belgium and India. It's possible to find both standards of living without travelling long distances. The Southern part of the country concentrate most of the industry, while in the west one can find Amazonia jungle. There are many Brazils, one could say. Beginning with the hacking and phreaking. Hackers and computers enthusiasts have several different places for meeting. When this thing started, by the time of that film "Wargames", the real place to meet hackers and make contacts were the computer shops, game-arcades and "Video-texto" terminals. The computer shops were a meeting place because many of those "hackers" had no computers of their own and the shop-owners would let them play with them as part of a advertising tool to encourage people buying it for their kids. Today that is no longer needed, since prices dropped down and people make a team already at schools or sometimes just join a BBS (most people who buy a modem, end up thinking about setting up a BBS). By the way, most schools are advertising computer training as part of their curricula, to charge more, and like everywhere, I guess, people no longer learn typewriting, but computer-writing, and many brazilian newspapers dedicate a section on computer knowledge once a week, with advertising, hints, general info and even lists of BBS's. A few years ago, the "Video-texto" terminals were also big meeting places. That was part of a effort to make popular the use of a computer linked by modem to get services like msx-games, info on weather, check bank account and so on. Just like the Net, one could do e-mail, by some fancy tricks and other things that could be called hacking. The difference was that it was made by the state-owned telephone company and each time the trick was too well know, it was changed. The only way to keep in touch was keeping in touch with the people who used the system like hell. It's no different than what it happens with the computer gurus. The protocol used for that, X-25 is the same used for the banking money transfers, but don't think it was possible to do anything more than checking how much money one had and a few other classified data. People who used that at home (not too many, since the company didn't think it would be such a hit, and didn't provide for it) could spend their fathers money discovering funny things about the system, like messing with other people's phones and so. One could also use the terminals at the Shopping Centers to make phone calls to their friends without paying. The guy at the other end would be heard by the small speaker. Phreaking here in Brazil is something secret. Apart from the trick described in the section "Letters to read by" at the summer 1994 of the 2600 Magazine, where one would call through locked rotatory telephone, little is known about phreaking. One thing is that people who enrolled in Telecommunications Engineering could call Europe and USA with ease, but they would not tell you how. It must be said that all public phones have metal cables around the cables and that the phone machines are quite tough to break down. I guess it wasn't for beauty. The phones use some sort of metal coins called fichas, which must be bought somewhere. The trick is to use a coin with a string, so it would not be collected. But if the police caught... The police doesn't follow rules about that. Either they put a fine on the guy for that, or arrest him for vandalism or anything else they think of at the moment. It is hassle, anyway. My friend who was doing electrical Engineering told me that boxing in Brazil was impossible. The system is just not good enough to be boxed. Another friend of mine told me that in the Northeast part, where people are a little bit different and more easy-going, the phone system can be boxed, because some top-brass asked the company to let that feature implemented. The Phone company doesn't admit any knowledge about that. Internet access is something quite hard to get today. Until a few weeks ago, the system would not let the creation of a Internet site that was not part of some research project. So, only Universities and like were capable of putting people in the Net Universe. In the University of Sco Paulo, people in the post-graduation courses could get it with ease, but graduating students would have to show some connection to a research project. That in theory, because the students found out that one could use the IBM CDC 4360 to telnet without a Internet account. Also, all the faculties that had computer rooms full of AT 386 which where linked by fiber optics to this computer. Another one did the file transfers between the accounts and the computer at the computer rooms and that ftp was also possible without an account, but only to a few sites, like oakland and so. That lasted for about a year, until that thing was fixed in the router, but only at the Politechnik School. Says the legend that the guys were downloading too much GIF and JPG pictures of Top Models from a ftp site nearby. That spent so much bandwidth that the site started to complain and both things happened: the site stopped to store GIF's of wonderful women in swimsuit and the router was fixed to prevent ftp without a Internet account. One can still today connect the outside world via telnet and many people have accounts in Internet BBS like Isca BBS, Cleveland Freenet and like. The Bad Boy BBS was "in", until it went out of business. This kind of access is not good, though, for it is very slow, sometimes. Also, it is hard to download something bigger than 60 kbyte. The way I devised, downloading the file inside the bbs and uuencoding it. This way you could list the file and capture the screen listing, uudecode it after some editing and have a working .exe or .zip file. By these means one could, inside the Campus, do all downloading one wanted, from anywhere in the world. Outside the campus, it is possible to do it by phone lines, but: the Modem will not go faster than 2400 without character correction (no Zmodem at all). Which makes quite hard to download compressed files. One could an account: that would be possible by these means, but the amount of trash during the phone connection would make it real hard to type in passwords and like. To try doing any kind of thin g but reading letters by modem is some kind of torture. The real thing is to do it by "linha dedicada", a special line for computer transmission. It's much more expensive though, but if you have the money to spend with that... Perhaps the best way to get access to an Internet account though is to be part of the research project "Escola do Futuro" that among other things get schools linked by the Net. That's what I did and they pay me quite well to search for data in the Net, for the students of those schools. The University of Campinas is said to give all students a Internet account regardless of knowledge of what-it-is, as soon as the guy(girl) gets in. Of course here there's BITNET also. That's doomed for extinction, but this or that reason keeps people from closing it down. Most teachers use it, guess there's even some post-graduation work written about that. It's easier to access via modem, also. Old habits die hard. Outside the Campus, for common people, there are few opportunities. The only thing you can get, at least until the opening of commercial internet sites, something about to happen one of these days, is access by mail. You join one BBS with Internet access, and your mail is sent by a Internet account later during the day. This is not a direct access, as one can see, but it's a easy way to access by modem. Problem is that you have to pay if you use it too much. The BBS's that do it don't do it for free, also. Connection to the Compuserve is also possible, but it also costs a lot of money, for my point of view. Because of the newspapers, the knowledge about Internet is spreading fast and the number of sites is growing the same way everywhere else in the world. Even the military people are starting with it. There are plan s to enhance it and make better connections, and some informative material is being translated in Portuguese, like "Zen and the Art of Internet" and made available in the gopher.rnp.br. There are many mirrors from many famous sites, like Simtel20 and at least one Internet BBS, the "Jacare BBS" (Alligator bbs, available by telnetting bbs.secom.ufpa.br - 192.147.210.1 - login bbs. World Wide Web sites are becoming sort of popular also, but still available only to a few people who are lucky enough to get the access. Brazilian hackers are not very fond of sharing the knowledge of how to get access and other things, sometimes because of fear of losing it, sometimes because the greed of it would overcharge the system. There's no hacker magazine here, yet, and very few people confess their curiosity about hacking for knowledge for fear of not finding jobs. Anyway most would-be hackers either get a job and stop hacking for fun or keep their activities secret in order to pursue their objectives. Today, Brazilian Hacker Underground did change a little. Lots of magazines, dealing only with Internet Issues, are being published. There is a hacker zine, the now famous "Barata Eletrica". This and the hacker list I created is starting to unite the computer rats, here. But I had to stop hacking in order to write the e-zine. Too famous to do that. Another guy just started the thing. He did not learn with my mistake and is signing it with his name, also. Received lots of letters, even as far as Mozambique, praising the material, which is very soft, for fear of losing my net access. Twice my account was "freezed". The people at my site are paranoid. Suffered too much from break-ins already. Most BBS's are trying to turn themselves in Internet providers or else, to get e-mail access. There was a fear the State would control the thing, like they did with the Phone system. Can any of you guys imagine what it is, to pay 4.000 US$ dollars for a phone line? In the City of Sao Paulo, (look like L.A., one can say), that's the average price. Cellular is cheaper. Motorola rules. The public phone system was changed again. No more "fichas". At least for long distance calls. It's a small card that looks like plastic one side and magnetic material in the other. m still trying to do 2600 meetings. Oh, once in a while, there is a break-in here and there, and a hacker is interviewed in TV, but people are only now making the difference between the good guys (hackers) and the bad guys (crackers). With Win95, people are losing fear of exchanging virus-sources files. The lack of philes in Portuguese makes it dificult for people to learn about hacking. People who know about it, don't have enough time to write. I started to unite some guys to do a translation of "hacker crackdown", but that's another story. I shortened the name of the book to "crack.gz". Guess what's happened? My account is blocked up to this day. They told me I'll get my access back. One of these days. One of these days I'll re-write this article, and tell the whole thing in detail. Any Portuguese speaker that does not know about my e-zine, try a ftp.eff.org mirror. The URL: ftp://ftp.eff.org/pub/Publications/CuD/Barata_Eletrica