[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]

..[ Phrack Magazine ]..
.:: PWN/Part03 ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #33 | Release date : 1991-09-15 | Editor : Dispater
Introduction to Phrack 33Dispater & Knight Lightning
Phrack Profile of Shooting SharkCrimson Death & Shooting Shark
A Hacker's Guide to the InternetThe Gatsby
FEDIX On-Line Information ServiceFedix Upix
LATA Referance ListInfinite Loop
International Toll Free Code ListThe Trunk Terminator
Phreaking in GermanyNinja Master
TCP/IP: A Tutorial Part 1 of 2The Not
A REAL Functioning RED BOX SchematicJ.R. "Bob" Dobbs
Phrack World News Special Edition IV (CyberView 91)Bruce Sterling
PWN/Part01Crimson Death
Title : PWN/Part03
Author : Dispater
                                ==Phrack Inc.==

                Volume Three, Issue Thirty-Three, File 13 of 13

              PWN                                             PWN
              PWN              Phrack World News              PWN
              PWN                                             PWN
              PWN          Issue XXXIII / Part Three          PWN
              PWN                                             PWN
              PWN            Compiled by Dispater             PWN
              PWN                                             PWN

Pentagon Welcomes Hackers!                                    September 9, 1991
>From USA Today

     The FBI is investigating an Israeli teen's claim that he broke into a
Pentagon computer during the gulf war.  An Israeli newspaper Sunday identified
the hacker as Deri Shraibman, 18.  He was arrested in Jerusalem Friday but
released without being charged.  Yedhiot Ahronot said Shraibman read secret
information on the Patriot missle -- used for the first time in the war to
destroy Iraq's Scud missles in midflight.
     "Nowhere did it say 'no entry allowed'," Shraibman was quoted as telli
police.  "It just said 'Welcome.'"  The Pentagon's response:  It takes
"computer security very seriously," spokesman Air Force Capt. Sam Grizzle said
Sunday.  Analysts say it isn't the first time military computers have been
entered.  "No system of safeguards exists ... that is 100% secure," says Alan
Sabrosky, professor at Rhodes College in Memphis.

Telesphere Sued By Creditors; Forced Into Bankruptcy
Compiled from Telecom Digest (comp.dcom.telecom)

     On Monday, August 19, Telesphere Communications, Inc. was sued by a group
of ten creditors who claim the company best known for its 900 service isn't
paying its bills.  The group of creditors, all information providers using 900
lines provided through Telesphere claim they are owed two million dollars in
total for services rendered through their party lines, sports reports,
horoscopes, sexual conversation lines and other services.  They claim
Telesphere has not paid them their commissions due for several months.  The
group of creditors filed in U.S. Bankruptcy Court in Maryland asking that an
Involuntary Chapter 7 bankruptcy (meaning, liquidation of the company and
distribution of all assets to creditors) be started against Telesphere.

     The company said it will fight the effort by creditors to force it into
bankruptcy.  A spokesperson also said the company has already settled with more
than 50 percent of its information providers who are owed money.  Telesphere
admitted it had a serious cash flow problem, but said this was due to the large
number of uncollectible bills the local telephone companies are charging back
to them.  When end-users of 900 services do not pay the local telco, the telco
in turn does not pay the 900 carrier -- in this case Telesphere -- and the
information provider is charged for the call from a reserve each is required to

     But the information providers dispute the extent of the uncollectible
 charges.  They claim Telesphere has never adequately documented the charges
placed against them (the information providers) month after month.  In at least
one instance, an information provider filed suit against an end-user for
non-payment only to find out through deposition that the user HAD paid his
local telco, and the local telco HAD in turn paid Telesphere.  The information
providers allege in their action against the company that Telesphere was in
fact paid for many items charged to them as uncollectible, "and apparently are
using the money to finance other aspects of their operation at the expense of
one segment of their creditors; namely the information providers..."
Telesphere denied these allegations.

     Formerly based here in the Chicago area (in Oak Brook, IL), Telesphere is
now based in Rockville, MD.

Theft of Telephone Service From Corporations Is Surging         August 28, 1991
by Edmund L. Andrews (New York Times)

     "It is by far the largest segment of communications fraud," said Rami
Abuhamdeh, an independent consultant and until recently executive director of
the Communications Fraud Control Association in McLean, Va.  "You have all
this equipment just waiting to answer your calls, and it is being run by people
who are not in the business of securing telecommunications."

     Mitsubishi International Corp. reported losing $430,000 last summer,
mostly from calls to Egypt and Pakistan.  Procter & Gamble Co. lost $300,000 in
l988.  The New York City Human Resources Administration lost $529,000 in l987.
And the Secret Service, which investigates such telephone crime, says it is now
receiving three to four formal complaints every week, and is adding more
telephone specialists.

     In its only ruling on the issue thus far, the Federal Communications
Commission decided in May that the long-distance carrier was entitled to
collect the bill for illegal calls from the company that was victimized.  In
the closely watched Mitsubishi case filed in June, the company sued AT&T for
$10 million in the U.S. District Court in Manhattan, arguing that not only had
it made the equipment through which outsiders entered Mitsubishi's phone
system, but that AT&T, the maker of the switching equipment, had also been paid
to maintain the equipment.

     For smaller companies, with fewer resources than Mitsubishi, the problems
can be financially overwhelming.  For example, WRL Group, a small software
development company in Arlington, Va., found itself charged for 5,470 calls
it did not make this spring after it installed a toll-free 800 telephone
number and a voice mail recording system machine to receive incoming calls.
Within three weeks, the intruders had run up a bill of $106,776 to US
Sprint, a United Telecommunications unit.

     In the past, long-distance carriers bore most of the cost, since the
thefts were attributed to weaknesses in their networks.  But now, the phone
companies are arguing that the customers should be liable for the cost of
the calls, because they failed to take proper security precautions on their

     Consumertronics, a mail order company in Alamogordo, N.M., sells brochures
for $29 that describe the general principles of voice mail hacking and
the particular weaknesses of different models.  Included in the brochure is a
list of 800 numbers along with the kind of voice mail systems to which they are
connected.  "It's for educational purposes," said the company's owner, John
Williams, adding that he accepts Mastercard and Visa.  Similar insights can be
obtained from "2600 Magazine", a quarterly publication devoted to telephone
hacking that is published in Middle Island, N.Y.

Proctor & Gamble                                                August 22, 1991
Compiled from Telecom Digest

     On 8-12-91, the "Wall Street Journal" published a front page story on an
investigation by Cincinnati police of phone records following a request by
Procter & Gamble Co. to determine who might have furnished inside information
to the "Wall Street Journal".  The information, ostensibly published between
March 1st and June 10th, 1991, prompted P&G to seek action under Ohio's Trade
Secrets Law.  In respect to a possible violation of this law, a Grand Jury
issued a subpoena for records of certain phone calls placed to the Pittsburgh
offices of the "Wall Street Journal" from the Cincinnati area, and to the
residence of a "Wall Street Journal" reporter.  By way of context, the
Pittsburgh offices of the "Wall Street Journal" allegedly were of interest in
that Journal reporter Alecia Swasy was principally responsible for covering
Procter & Gamble, and worked out of the Pittsburgh office.

     On 8-13-91, CompuServe subscriber Ryck Bird Lent related the Journal story
to other members of CompuServe's TELECOM.ISSUES SIG.  He issued the following

      "Presumably, the records only show that calls were placed between
       two numbers, there's no content available for inspection.  But
       what if CB had voice mail services?  And what if the phone number
       investigations lead to online service gateways (MCI MAil, CIS),
       are those also subject to subpoena?"

     At the time of Mr. Lent's post, it was known that the "Wall Street
Journal" had alleged a large amount of phone company records had been provided
by Cincinnati Bell to local police.  An exact figure did not appear in Lent's
comments.  Thus, I can't be certain if the Journal published any such specific
data on 8-12-91 until I see the article in question.

     On 8-14-91, the Journal published further details on the police
investigation into possible violation of the Ohio Trade Secrets Law.  The
Journal then asserted that a Grand Jury subpoena was issued and used by the
Cincinnati Police to order Cincinnati Bell to turn over phone records spanning
a 15-week period of time, covering 40 million calls placed from the 655 and 257
prefixes in the 513 area code.  The subpoena was issued, according to the "Wall
Street Journal", only four working days after a June 10th, 1991 article on
problems in P&G's food and beverage markets.

     Wednesday [8-14-91], the Associated Press reported that P&G expected no
charges to be filed under the police investigation into possible violations of
the Ohio Trade Secrets Law.  P&G spokesperson Terry Loftus was quoted to say:
"It did not produce any results and is in fact winding down".  Lotus went on to
explain that the company happened to "conduct an internal investigation which
turned up nothing.  That was our first step.  After we completed that internal
investigation, we decided to turn it over to the Cincinnati Police Department".

     Attempts to contact Gary Armstrong, the principal police officer in charge
of the P&G investigation, by the Associated Press prior to 8-14-91 were
unsuccessful.  No one else in the Cincinnati Police Department would provide
comment to AP.

     On 8-15-91, the Associated Press provided a summary of what appeared in
the 8-14-91 edition of the "Wall Street Journal" on the P&G investigation.  In
addition to AP's summary of the 8-14-91 Journal article, AP also quoted another
P&G spokesperson -- Sydney McHugh.  Ms. McHugh more or less repeated Loftus'
8-13-91 statement with the following comments: "We advised the local Cincinnati
Police Department of the matter because we thought it was possible that a crime
had been committed in violation of Ohio law.  They decided to conduct an
independent investigation."

     Subsequent to the 8-14-91 article in the Journal, AP had once again
attempted to reach Officer Gary Armstrong with no success.  Prosecutor Arthur
M. Ney has an unpublished home phone number and was therefore unavailable for
comment on Wednesday evening [08-14-91], according to AP.

     In the past few weeks, much has appeared in the press concerning
allegations that P&G, a local grand jury, and/or Cincinnati Police have found a
"novel" way to circumvent the First Amendment to the U.S. Constitution.  In its
8-15-91 summary of the 8-14-91 Journal article, AP quoted Cincinnati attorney
Robert Newman -- specializing in First Amendment issues -- as asserting:
"There's no reason for the subpoena to be this broad.  It's cause for alarm".
Newman also offered the notion that:  "P&G doesn't have to intrude in the lives
of P&G employees, let alone everyone else".

     The same AP story references Cincinnati's American Civil Liberties
Union Regional Coordinator, Jim Rogers, similarly commenting that: "The
subpoena is invasive for anyone in the 513 area code.  If I called "The Wall
Street Journal", what possible interest should P&G have in that?"

     In a later 8-18-91 AP story, Cleveland attorney David Marburger was quoted
as observing that "what is troublesome is I just wonder if a small business in
Cincinnati had the same problem, would law enforcement step in and help them
out?"  Marburger also added, "it's a surprise to me," referring to the nature
of the police investigation.

     In response, Police Commander of Criminal Investigations, Heydon Thompson,
told the Cincinnati Business Courier "Procter & Gamble is a newsmaker, but
that's not the reason we are conducting this investigation."  P&G spokesperson
Terry Loftus responded to the notion P&G had over-reacted by pointing out: "We
feel we're doing what we must do, and that's protect the shareholders.  And
when we believe a crime has been committed, to turn that information over to
the police."

     Meanwhile, the {Cincinnati Post} published an editorial this past
weekend -- describing the P&G request for a police investigation as "kind of
like when the biggest guy in a pick-up basketball game cries foul because
someone barely touches him."  Finally, AP referenced what it termed "coziness"
between the city of Cincinnati and P&G in its 8-18-91 piece.  In order to
support this notion of coziness, Cincinnati Mayor David Mann was quoted to say:
"The tradition here, on anything in terms of civic or charitable initiative, is
you get P&G on board and everybody else lines up."  As one who lived near
Cincinnati for eight years, I recall Procter & Gamble's relationship with
Cincinnati as rather cozy indeed.

Hacker Charged in Australia                                     August 13; 1991
     The Associated Press reports from Melbourne that Nahshon Even-Chaim, a
20-year old computer science student, is being charged in Melbourne's
Magistrates' Court on charges of gaining unauthorized access to one of CSIRO's
(Australia's government research institute) computers, and 47 counts of
misusing Australia's Telecom phone system for unauthorized access to computers
at various US institutions, including universities, NASA, Lawrence Livermore
Labs, and Execucom Systems Corp. of Austin, Texas, where it is alleged he
destroyed important files, including the only inventory of the company's
assets.  The prosecution says that the police recorded phone conversations in
which Even-Chaim described some of his activities.  No plea has been entered
yet in the ongoing pre-trial proceedings.


Dial-a-Pope Catching on in the U.S.                             August 17, 1991
>From the Toronto Star

     The Vatican is reaching out to the world, but it looks as if Canada won't
be heeding the call.  In the U.S., if you dial a 900 number, you can get a
daily spiritual pick-me-up from Pope John Paul II.  The multilingual, Vatican
-authorized service, affectionately known as Dial-a-Pope, is officially titled
"Christian Messaging From the Vatican."  A spokesman from Bell Canada says
there is no such number in this country.  But Des Burge, director of
communications for the Archdiocese of Toronto, says he thinks the service, for
which U.S. callers pay a fee, is a good way to help people feel more connected
to the Pope.  (Toronto Star)

PWN Quicknotes
1.  Agent Steal is sitting in a Texas jail awaiting trial for various crimes
    including credit card fraud and grand theft auto.

2.  Blue Adept is under investigation for allegedly breaking into several
    computer systems including Georgia Tech and NASA.

3.  Control C had his fingerprints, photographs, and a writing sample
    subpoenaed by a Federal Grandy Jury after Michigan Bell employees,
    and convicted members of the Legion of Doom (specifically The Leftist
    and the Urvile) gave testimony.

    Control C was formerly an employee of Michigan Bell in their security
    department until January 1990, when he was fired about the same time
    as the raids took place on Knight Lightning, Phiber Optic, and several
    others.  Control C has not been charged with a crime, but the status
    of the case remains uncertain.

4.  Gail Thackeray, a special deputy attorney in Maricopa County in Arizona,
    has been appointed vice president at Gatekeeper Telecommunications Systems,
    Inc., a start-up in Dallas.  Thackeray was one of the law enforcers working
    on Operation Sun-Devil, the much publicized state and federal crackdown on
    computer crime.  Gatekeeper has developed a device that it claims is a
    foolproof defense against computer hackers.  Thackeray said her leaving
    will have little impact on the investigation, but one law enforcer who
    asked not to be identified, said it is a sure sign the investigation in on
    the skids. (ComputerWorld, June 24, 1991, page 126)

5.  Tales Of The Silicon Woodsman -- Larry Welz, the notorious 1960s
    underground cartoonist, has gone cyberpunk.  He recently devoted an entire
    issue of his new "Cherry" comice to the adventures of a hacker who gets
    swallowed by her computer and hacks her way through to the Land of Woz.
    (ComputerWorld, July 1, 1991, page 82)

6.  The Free Software Foundation (FSF), founded on the philosophy of free
    software and unrestricted access to computers has pulled some of its
    computers off the Internet after malicious hackers <MOD> repeatedly deleted
    the group's files.  The FSF also closed the open accounts on the system to
    shut out the hackers who were using the system to ricochet into computers
    all over the Internet following several complaints from other Internet
    users.  Richard Stallman, FSF director and noted old-time hacker, refused
    to go along with his employees -- although he did not overturn the decision
    -- and without password access has been regulated to using a stand-alone
    machine without telecom links to the outside world.
    (ComputerWorld, July 15, 1991, page 82)

7.  The heads of some Apple Macintosh user groups have received a letter from
    the FBI seeking their assistance in a child-kidnapping case.  The FBI is
    querying the user group leaders to see if one of their members fits the
    description of a woman who is involved in a custody dispute.  It's unclear
    why the FBI believes the fugitive is a Macintosh user.
    (ComputerWorld, July 29, 1991, page 90)

8.  Computer viruses that attack IBM PCs and compatibles are nearing a
    milestone of sorts.  Within the next few months, the list of viruses will
    top 1,000 according to Klaus Brunnstein, a noted German computer virus
    expert.  He has published a list of known malicious software for MS-DOS
    systems that includes 979 viruses and 19 trojans.  In all, there are 998
    pieces of "malware," Brunnstein said.
    (ComputerWorld, July 29, 1991, page 90)

9.  High Noon on the Electronic Frontier -- This fall the Supreme Court of the
    United States may rule on the appealed conviction from U.S. v. Robert
    Tappan Morris.  You might remember that Morris is the ex-Cornell student
    who accidentially shut down the Internet with a worm program.  Morris is
    also featured in the book "Cyberpunk" by Katie Hafner and John Markoff.

10. FBI's Computerized Criminal Histories -- There are still "major gaps in
    automation and record completness" in FBI and state criminal records
    systems, the Congressional Office of Technology has reported in a study on
    "Automated Record Checks of Firearm Purchasers:  Issues and Options."  In
    the report, OTA estimates that a system for complete and accurate "instant"
    name checks of state and federal criminal history records when a person
    buys a firearm would take several years and cost $200-$300 million.  The
    FBI is still receiving dispositions (conviction, dismissal, not guilty,
    etc.) on only half of the 17,000 arrest records it enters into its system
    each day.  Thus, "about half the arrests in the FBI's criminal history
    files ("Interstate Ident-ification Index" -- or "Triple I") are missing
    dispositions.  The FBI finds it difficult to get these dispositions."  The
    OTA said that Virginia has the closest thing to an instant records chck for
    gun purchasers.  For every 100 purchasers, 94 are approved within 90
    seconds, but of the six who are disapproved, four or five prove to be based
    on bad information (a mix-up in names, a felony arrest that did not result
    in conviction, or a misdemeanor conviction that is not disqualifying for
    gun ownership) (62 pages, $3 from OTA, Washington, D.C. 20510-8025,
    202/224-9241, or U.S. Government Printing Office, Stock No.052-003-01247-2,
    Washington, D.C.  20402-9325, 202/783-3238).
    (Privacy Journal, August 1991, page 3)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Founded in 1974, Privacy Journal is an independent monthly on privacy in the
   computer age. It reports in legislation, legal trends, new technology, and
   public attitudes affecting the confidentiality of information and the
   individual's right to privacy.

   Subscriptions are $98 per year ($125 overseas) and there are special
   discount rates for students and others.  Telephone and mail orders accepted,
   credit cards accepted.

                                Privacy Journal
                                P.O. Box 28577
                        Providence, Rhode Island  02908

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.