==Phrack Inc.== Volume Two, Issue 22, File 9 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXII/Part 1 PWN PWN PWN PWN Created by Knight Lightning PWN PWN PWN PWN Written and Edited by PWN PWN Knight Lightning and Taran King PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN What Is Wrong With This Issue? Introduction ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There is a distinct difference in this issue of Phrack World News, which may be attributed to the unfortunate final outcome of my self-enforced exile from the mainstream modem community. In the "prime" days of PWN, many of you may have enjoyed the numerous "bust" stories or the ever suspenseful undercover exposures of security trying to end the hacking community. Those days are over and have been for quite some time. To put it simply, I do not have the economic resources to legally run around on the nation's bulletin boards or to go and gather information on suspected security agents. Perhaps this is for the better. However, I have a feeling that most people disagree and rather enjoyed those types of stories. Its no longer in my hands. Its obvious that I need help with such a task and that help can only come from you, the community itself. I am easily reached... I am on Bitnet. Even people who own MCI Mail, GTE Telemail, or Compuserve accounts can send me mail thanks to experimental gateways. People on ARPAnet, Bitnet, or UUCP should have no problems whatsoever. So please go ahead and drop me a line, I would be interested in what you have to say. :Knight Lightning (C483307@UMCVMB.BITNET) Much of this issue of Phrack World News comes from Internet news sources such as the Risks, Virus-L, and Telecom Digests. Some news stories come from other magazines and newspapers, and a few come from Chamas, the online Bitnet bulletin board run by Terra of the Chaos Computer Club (CCC). A very special thanks goes to The Noid of 314 for all his help in putting this issue together. A couple last things to mention... the upcoming files on hackers abroad have taken a slightly different direction. There will be news on foreign hacker activities presented in PWN (starting this issue), but actual files on the subject will be presented by the hackers themselves so watch for them. _______________________________________________________________________________ Who Is Clifford Stoll? Pre-Issue Information ~~~~~~~~~~~~~~~~~~~~~~ This issue of Phrack World News features many stories about the Internet Worm and other hacking incidents on the Internet. One person who plays a prominent role in all of these stories is Clifford Stoll, a virtual unknown prior to these incidents. However, some checking into other related incidents turned up some very interesting information about Cliff Stoll. Clifford Stoll, age 37 (as of May 2, 1988) was a system's manager at California's Lawrence Berkeley Laboratory. He might still retain this position. Stoll is the master sleuth who tracked down the West German hacker, Mathias Speer, who infiltrated the Internet via the Space Physics Analysis Network (SPAN). The game of "cat and mouse" lasted for 10 months until Clifford Stoll eventually set up an elaborate sting operation using files marked "SDI Network Project" (Star Wars) to get Mathias to stay online long enough to trace him back to Hannover, FRG. I was able to contact Clifford Stoll at LBL (which maintains a node on Bitnet). However, outside of a confirmation of his presence, I was never able to really converse with him. Recently he has been seen on DOCKMASTER, a node on ARPAnet that is operated by the National Security Agency (NSA). He has also been seen as having accounts on many other nodes all across Internet. Either he has come a long way or was just not as well known prior to the Internet Worm incident. For more information see; Time Magazine, May 2, 1988 and/or New Scientist, April 28, 1988 ------------- ------------- Thought you might be interested to know about it. :Knight Lightning _______________________________________________________________________________ Dangerous Hacker Is Captured PWN Special Report ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Last issue, I re-presented some memos from Pacific Bell Security. The first of which featured "Kevin Hacker," who I now reveal as Kevin Mitnick. The original intent was to protect the anonyimity of the said hacker, but now that he has come upon public fame there is no longer a reason to keep his identity a secret. The following memo from Pacific Bell Security was originally seen in Phrack World News Issue XXI/1. This version leaves the legitimate information intact. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - On May 14, 1987, Electronic Operations received a court order directing Pacific Bell to place traps on the telephone numbers assigned to a company known as "Santa Cruz Operations." The court order was issued in order to identify the telephone number being used by an individual who was illegally entering Santa Cruz Operations' computer and stealing information. On May 28, 1987, a telephone number was identified five separate times making illegal entry into Santa Cruz Operations' computer. The originating telephone number was 805-495-6191, which is listed to Bonnie Vitello, 1378 E. Hillcrest Drive, Apt. 404, Thousand Oaks, California. On June 3, 1987, a search warrant was served at 1378 E. Hillcrest Drive, Apt 404, Thousand Oaks, California. The residents of the apartment, who were not at home, were identified as Bonnie Vitello, a programmer for General Telephone, and Kevin Mitnick, a known computer hacker. Found inside the apartment were three computers, numerous floppy disks and a number of General Telephone computer manuals. Kevin Mitnick was arrested several years ago for hacking Pacific Bell, UCLA and Hughes Aircraft Company computers. Mitnick was a minor at the time of his arrest. Kevin Mitnick was recently arrested for compromising the data base of Santa Cruz Operations. The floppy disks that were seized pursuant to the search warrant revealed Mitnick's involvment in compromising the Pacific Bell UNIX operation systems and other data bases. The disks documented the following: o Mitnick's compromise of all Southern California SCC/ESAC computers. On file were the names, log-ins, passwords, and home telephone numbers for Northern and Southern ESAC employees. o The dial-up numbers and circuit identification documents for SCC computers and Data Kits. o The commands for testing and seizing trunk testing lines and channels. o The commands and log-ins for COSMOS wire centers for Northern and Southern California. o The commands for line monitoring and the seizure of dial tone. o References to the impersonation of Southern California Security Agents and ESAC employees to obtain information. o The commands for placing terminating and originating traps. o The addresses of Pacific Bell locations and the Electronic Door Lock access codes for the following Southern California central offices ELSG12, LSAN06, LSAN12, LSAN15, LSAN23, LSAN56, AVLN11, HLWD01, HWTH01, IGWD01, LOMT11, AND SNPD01. o Inter-company Electronic Mail detailing new login/password procedures and safeguards. o The work sheet of an UNIX encryption reader hacker file. If successful, this program could break into any UNIX system at will. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ex-Computer Whiz Kid Held On New Fraud Counts December 16, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Kim Murphy (Los Angeles Times)(Edited For This Presentation) Kevin Mitnick was 17 when he first cracked Pacific Bell's computer system, secretly channeling his computer through a pay phone to alter telephone bills, penetrate other computers and steal $200,000 worth of data from a San Francisco corporation. A Juvenile Court judge at the time sentenced Mitnick to six months in a youth facility. After his release, his probation officer found that her phone had been disconnected and the phone company had no record of it. A judge's credit record at TRW Inc. was inexplicably altered. Police computer files on the case were accessed from outside... Mitnick fled to Israel. Upon his return, there were new charges filed in Santa Cruz, accusing Mitnick of stealing software under development by Microport Systems, and federal prosecutors have a judgment showing Mitnick was convicted on the charge. There is, however, no record of the conviction in Sant Cruz's computer files. On Thursday, Mitnick, now 25, was charged in two new criminal complaints accusing him of causing $4 million damage to a DEC computer, stealing a highly secret computer security system and gaining access to unauthorized MCI long-distance codes through university computers in Los Angeles, California, and England. A United States Magistrate took the unusual step of ordering "Mitnic k] held without bail, ruling that when armed with a keyboard he posed a danger to the community.' "This thing is so massive, we're just running around trying to figure out what he did," said the prosecutor, an Assistant United States Attorney. "This person, we believe, is very, very dangerous, and he needs to be detained and kept away from a computer." Los Angeles Police Department and FBI Investigators say they are only now beginning to put together a picture of Mitnick and his alleged high-tech escapades. "He's several levels above what you would characterize as a computer hacker," said Detective James K. Black, head of the Los Angeles Police Department's computer crime unit. "He started out with a real driving curiosity for computers that went beyond personal computers... He grew with the technology." Mitnick is to be arraigned on two counts of computer fraud. The case is believed to be the first in the nation under a federal law that makes it a crime to gain access to an interstate computer network for criminal purposes. Federal prosecutors also obtained a court order restricting Mitnick's telephone calls from jail, fearing he might gain access to a computer over the phone lines. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dangerous Keyboard Artist December 20, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~ LOS ANGELES (UPI) - In a rare ruling, a convicted computer hacker was ordered held without bail Thursday on new charges that he gained illegal access to secret computer information of Leeds University in England and Digital Equipment Corportation. Kevin David Mitnick, age 25, of Panorama City, is named in two separate criminal complaints charging him with computer fraud. Assistant United States Attorney, Leon Weidman said it is unusual to seek detention in such cases, but he considers Mitnick 'very very dangerous' and someone who 'needs to be kept away from computers.' United States Magistrate Venetta Tasnuopulos granted the no-bail order after Weidman told her that since 1982, Mitnick had also accessed the internal records of the Los Angeles Police Department, TRW Corporation, and Pacific Telephone. "He could call up and get access to the whole world," Weidman said. Weidman said Mitnick had served six months in juvenile hall for stealing computer manuals from a Pacific Telephone office in the San Fernando Valley and using a pay phone to destroy $200,000 worth of data in the files of a northern California company. Mitnick later pentrated the files of TRW Corporation and altered the credit information of several people, including his probation officer, Weidman said. He said Mitnick also used a ruse to obtain the name of the police detective investigating him for hacking when he was a student at Pierce College. He telephoned the dean at 3 a.m., identified himself as a campus security guard, reported a computer burglary in progress and asked for the name of the detective investigating past episodes, Weidman said. The prosecutor said Mitnick also gained access to the police department's computer data and has impersonated police officers and judges to gain information. A complaint issued charges Mitnick with using a computer in suburban Calabases to gain access to Leeds University computer data in England. He also allegedly altered long-distance phone costs incurred by that activity in order to cover his mischief. A second complaint charges Mitnick with stealing proprietary Digital Equipment Corporation software valued at more than $1 million and designed to protect the security of its computer data. Mitnick alledgedly stored the stolen data in a University of Southern California computer. An affidavit filed to support the complaints said unauthorized intrusions into the Digital computer have cost the company more than $4 million in computer downtime, file rebuilding, and lost employee worktime. A computer operator at Voluntary Plan Assistance in Calabasas, which handles disability claims for private firms, told investigators he allowed his friend unauthorized access to the firm's computer. From that terminal, Mitnick gained access to Digital's facilities in the United States and abroad, the affidavit said. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Kevin Mitnick's fate is in the hand's of the court now, but only time will tell what is to happen to this dangerously awesome computer hacker. _______________________________________________________________________________ Trojan Horse Threat Succeeds February 10, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ During the week prior to February 10, 1988, the Chaos Computer Club of West Berlin announced that they were going to trigger trojan horses they'd previously planted on various computers in the Space Physics Analysis Network (SPAN). Presumably, the reason for triggering the trojan horses was to throw the network into disarray; if so, the threat did, unfortunately, with the help of numerous fifth-columnists within SPAN, succeeded. Before anybody within SPAN replies by saying something to the effect of "Nonsense, they didn't succeed in triggering any trojan horses." However the THREAT succeeded. That's right, for the last week SPAN hasn't been functioning very well as a network. All too many of the machines in it have cut off network communications (or at least lost much of their connectivity), specifically in order to avoid the possibility that the trojan horses would be triggered (the fifth-columnists who were referred above are those system and network managers who were thrown into panic by the threat). This is rather amazing (not to mention appalling) for a number of reasons: 1) By reducing networking activities, SPAN demonstrated that the CCC DOES have the power to disrupt the network (even if there aren't really any trojan horses out there); 2) Since the break-ins that would have permitted the installation of trojan horses, there have been a VMS release (v4.6) that entails replacement of ALL DEC-supplied images. Installation of the new version of VMS provided a perfect opportunity to purge one's system of any trojan horses. 3) In addition to giving CCC's claims credibility, SPAN's response to the threat seems a bit foolish since it leaves open the question "What happens if the CCC activates trojan horses without first holding a press conference?" Hiding from the problem doesn't help in any way, it merely makes SPAN (and NASA) look foolish. Information Provided By Carl J. Ludick and Frederick M. Korz - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - This is a perfect example of a self-fulfilling phrophecy. The Chaos Computer Club's announcement that they were going to trigger their Trojan horses in the Space Physics Analysis Network (SPAN) illustrates the potent power of rumor -- backed by plausibility. They didn't have to do anything. The sky didn't have to fall. Nervous managers did the damage for the CCC because they felt the announcement/threat plausible. The prophecy was fulfilled. "And the more the power to them!" :Knight Lightning _______________________________________________________________________________ TCA Pushes For Privacy On Corporate Networks October 19, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Kathy Chin Leong (Computerworld Magazine) SAN DIEGO -- As more and more confidential data winds its way across computer networks, users are expressing alarm over how much of that information is safe from subsidiaries of the Bell operating companies (BOCs) and long-distance firms providing transmission services. This fear has prompted the Tele-Communications Association (TCA) and large network users to appeal to the Federal Communications Commission to clarify exactly what network data is available to these vendors. Users with large networks, such as banks and insurance companies, are concerned that published details even of where a circuit is routed can be misused. "We don't what someone like AT&T to use our information and then turn around and compete against us," said Leland Fong, a network planner at Visa International in San Francisco. Users are demanding that the FCC establish a set of rules and regulations so that information is not abused. At issue is the term "customer proprietary network information" (CPNI), which encompasses packet data, address and circuit information and traffic statistics on networks. Under the FCC's Computer Inquiry III rules, long-distance carriers and Bell operating companies --- specifically, marketing personnel --- can get access to their own customers' CPNI unless users request confidentiality. What his group wants, TCA President Jerry Appleby said, is the FCC to clarify exactly what falls under the category of CPNI. Fong added that users can be at the mercy of the Bell operating companies and long-distance vendors if there are no safeguards established. Customer information such as calling patterns can be used by the operating companies for thier own competitive advantage. "At this time, there are no controls over CPNI, and the users need to see some action on this," Fong said. Spread The Concern At a meeting here during the TCA show, TCA officials and the association's government liason committee met with AT&T to discuss the issue; the group will also voice its concerns to other vendors. Appleby said the issue should not be of concern just to network managers but to the entire company. Earlier this month, several banks, including Chase Manhattan Bank and Security Pacific National Bank, and credit card companies met with the FCC to urge it to come up with a standard definition for CPNI, Appleby said. While the customer information is generally confidential, it is available to the transmission carrier that is supplying the line. The data is also available to marketing departments of that vendor unless a company asks for confidentiality. Fong said that there is no regulation that prevents a company from passing the data along to its subsidiaries. _______________________________________________________________________________ Belgian Leader's Mail Reportedly Read By Hacker October 22, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from the Los Angeles Times Brussels (AP) -- Belgian Prime Minister Wilfried Martens on Friday ordered an investigation into reports that a computer hacker rummaged through his electronic files and those of other Cabinet members. The newspaper De Standaard reported that a man, using a personal computer, for three months viewed Martens' electronic mail and other items, including classified information about the killing of a British soldier by the Irish Republican Army in Ostend in August. The newspaper said the man showed one of its reporters this week how he broke into the computer, using Martens' password code of nine letters, ciphers and punctuation marks. "What is more, during the demonstration, he ran into another 'burglar' ... with whom he briefly conversed" via computer, the newspaper said. _______________________________________________________________________________ Police Find Hacker Who Broke Into 200 Computers October 24, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ London (New York Times) - Police said yesterday that they had found and questioned a 23-year-old man who used computer networks to break into more than 200 military, corporate, and university systems in Europe and the United States during the past five years. The man was asked about an alleged attempt to blackmail a computer manufacturer, but an official for Scotland Yard said that there was not enough evidence to pursue the matter. He was released. The man, Edward Austin Singh, who is unemployed, reportedly told the police he had been in contact with other computer "hackers" in the United States and West Germany who use communications networks to penetrate the security protecting computers at military installations. Singh's motive was simply to prove that it was possible to break into the military systems, police said, and apparently he did not attempt espionage. London police began an investigation after the man approached a computer manufacturer. He allegedly asked the company for $5250 in exchange for telling it how he had entered its computer network. The company paid nothing, and London police tracked the suspect by monitoring his phone calls after the firm had told Scotland Yard about the incident. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - University of Surrey Hacker November 10, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ There has been a lot of recent publicity in the U.K. about the arrest of a hacker at the University of Surrey. There were stories about his investigation by Scotland Yard's Serious Crimes Squad and by the U.S. Secret Service, and much dicussion about the inadequacy of the law relating to network hacking. At this date, he has only been charged with offences relating his unathorised (physical) entry to the University buildings. An interview with the individual, Edward Austin Singh, reveals that his techniques were simply ased on a program which tricked users into unsuspectingly revealing their passwords. "I wrote a program that utilized a flaw that allowed me to call into the dial-up node. I always did it by phoning, never by the network. The dial-up node has to have an address as well, so I was calling the address itself. I called the dial-up node via the network and did it repeatedly until it connected. That happened every 30 seconds. It allowed me to connect the dial-up node at the same time as a legitimate user at random. I would then emulate the system." He used to run this program at night, and specialized in breaking into Prime computer systems. "I picked up about 40 passwords and IDs an hour. We were picking up military stuff like that, as well as commercial and academic," he claims. This enabled him to get information from more than 250 systems world-wide, and (he claims) in touich with an underground hackers network to "access virtually every single computer system which was networked in the US - thousands and thousands of them, many of them US Arms manufacturers." The article states that "Prime Computers have so far declined to comment on his approach to them or his alleged penetration of their computer systems, until the American Secret Service completes its inquiries." Information Provided By Brian Randell _______________________________________________________________________________