==Phrack Magazine== Volume Six, Issue Forty-Seven, File 2 of 22 ***************************************************************************** Phrack Loopback ----------------------------------------------------------------------------- G'Day, You dont know who i am, and i appreciated that but i hope your read my little note here and take it into consideration. Ive been into the Australian Hacking Scene (if there is such a thing :-) for only about 2years, but recenlty opened a h/p bbs here in Australia. What i am writing and asking is if it is possilbe to place kinda an add of some description in the next issue of phrack, something to the lines of:- H/P bbs recently opened in Australia - JeSteRs BBS +61-7-ASK-AROUND If your looking for some form of donation $$ just let me know, if your wondering is his guy a fed or something, mail DATA KING and speak to him, he was one of the bbs first users and as you know he has written in the Int Scene for the last too issues, but wont be in Issue #47 or i would have asked him to place the advertisment in this report. Regards, Jesta [Cool! Nice to see there's BBSs still popping up overseas. It would be nice if I had the number...hell, I'd even call... but oh well, I suppose I (and all the Phrack readers) will just have to "ASK-AROUND"] ----------------------------------------------------------------------------- Hi Erikb, Last week you said you'd accept a bbs ad .. well here it is. If you'd publish it in phrack i'd be most grateful! A Gnu BBS! 1000's h/p Related texts Phrack, CoTNo, B0W, cDc, NiA, CuD, Risks,Sphear,SCAM!,NeuroCactus Conferences covering Unix/VMS/System Security/Phreaking And absolutely no mention of "The Information Super Highway" anywhere! +617-855-2923 tnx, badbird [I said I'd print the ad...and now I have.] ----------------------------------------------------------------------------- ATTN: ALL COMPUTER WHIZ KIDZ..... I DESPARATELY NEED YOUR HELP!!! Retired R.C.M.P officer formerly involved with priority levels of electronic surveillance has informed me that my residential telephone appears to have been compromised at a point other than inside or immediately outside my residence. After an intensive evaluation of the premises his conclusion was that remote manipulation of the telephone company switch where my circuit could be victim was the problem. The main focus of this exercise is to show how one can infiltrate a telephone company's network; remotely manipulate the company's switch; process long distance calling;make it appear that the calls originated from a particular site and then "fooling" the company's billing mechanisms to invoice that particular location. Is this physically possible? Bell Canada categorically denies this possibility. I need proof! How is it done? Please advise as soon as possible. I'd sincerely appreciate any help, advise and/or information anyone out there can offer in this particular situation. Please leave a way to get in touch! If you prefer to remain unknown, thanks a million, and rest assured that I WILL RESPECT and PROTECT you anonimity. Regards, John P. Marinelli jmarinel@freenet.niagara.com [My take on this is that with relative ease, someone could establish call forwarding on a line, make it active to some remote location, and call the original number numerous times, causing the owner of the hacked line to be billed for all the calls to the forwarded location. If anyone knows how to do this, STEP BY STEP on a DMS-100, please, contact Mr. Marinelli to help him out with his court case. I don't know a whole lot about NT equipment, so I don't know the specifics of how this may have happened, only the generalities. Wouldn't it be nice to have the Underground "HELP" someone out for a change?] ----------------------------------------------------------------------------- y0, Black Flag here... heres the info you told me to mail you about the GRaP/H (Gainesville Regional Association of Phreakers and Hackers) meetingz Gainesville, FL 1st + 3rd Saturday of the month, 4pm - ??? meet in The Loop on 13th Street Black Flag will be casually carrying a 2600 look around, you'll see him. [Well, looks like the Florida Hackers have a new place to congregate. And so do the Florida FBI Field Offices. :) ] ----------------------------------------------------------------------------- I was wondering where I could find any virus authoring tools for the PC, Unix, or VMS. [You can find Nowhere Man's Virus Creation ToolKit on BBSs around the globe. Have you looked??? I've never heard of UNIX or VMS virus tools. Do you know something I don't? Do you know how a virus works? ] ----------------------------------------------------------------------------- Chris, found something you might like. Here's an ad from the latest PHOENIX SYSTEMS catalog: THE CALLER ID BLOCKER FIRST TIME AVAILABLE IN THE U.S. By April, 1995 all telephone companies must deliver callers name and telephone number to the caller ID system. The law prohibits any telephone company from offering customers an option to permanently disable their line from the ID system. This means that even if you have an unlisted number, everyone you call will now have your telephone number and name. Big brother is now one watching, now he has your name and number. No more anonymous calls to the IRS, city hall, real estate agents, car dealers, health department or anyone. Many business professionals use their home telephone to return calls. Do you want your patients and clients to have access to your home telephone number? We are proud to bring you the unique ANONYMOUS 100. It installs on any telephone in seconds and completely KILLS THE EFFECTS OF "CALLER ID"! Yes, you can have your privacy back. The ANONYMOUS 100 is FCC approved and carries a one year guarantee. #1276...............................................................$69.95 Is it just me, or is this a load of bullshit? Didn't CA and TX both pass laws to make CLID illegal in those states? I know that before MA would allow it in the state, they told the telco that line blocking had to be offered free (and it is, on per/call and permanent basis). Did the feds pass this new law while I was sleeping, or is this company just playing on paranoia (not the first time) and trying to make a buck? Eric [Well Eric, it looks to me that this is a nifty little box that waits for voltage drop and immediately dials *67 before giving you a dialtone. Woo Woo! $69.95! It certainly is worth that to me to not have to dial 3 digits before I make a call. All that wear and tear ruins the fingers for typing. PFFFT.... About Caller-ID, well, it's legal just about every place I know of. I'm sure there are a feel hold-outs, but offering per-line blocking for individuals worried about privacy satisfied most Public Utility Commissions. In fact, I think April 1 was the date that all Interconnects were supposed to be upgraded to support the transfer of CLID information over long distance calls. I don't think this has been turned on everywhere, but the software is supposed to be in place. *67. Don't dial from home without it.] ----------------------------------------------------------------------------- This message serves a multifold purpose: (these response/comments are in referance to Phrack Issue 46 - Sept 20 1994) A) A question was brought up concerning a Moterola Flip Phone and the user inability to gain access to the programing documentation. I happen to own (legally) a Motorola Flip Phone that I will assume to be the same and I was not given the documentation either, though I have not tried asking for it. I will call Motorola and ask for *my* rightful copy and foreward my results (if I gain access) to phrack for proper distribution amoung appropriate channels. If I do not gain access, I would appriciate to hear from anyone who has (this should not be limited to simply the M. Flip Phone, I have interests in all areas). B) Later in that issue (Sept 20, 1994) a list of university and colege dialups were provided... I live in the 218/701 (right on the border) and have a collection of them for addition to the list if you (or anyone else) should so desire. I would post them now, but I have limited time and have to dig to find them. I also have some numbers that some readers may find of interest. C) My living in the 218/701 is the main reason for my writting. I used to live 612 and knew a lot of people in the area, but now I am stuck here in a little shit town (pop. 7000) where the cloest thing to a computer is made by John Deere. I need to find someone in the 218 or 701 to work with or meet... if you know anyone...??? The closest BBS is long distance and even then it's crap... I would like to start my own, but who the fuck would call? Who the fuck would I invite? My old H/P friends in 612 would, but I don't need the heat as they would all go through 950's or some other method... I think you understand. any help would be greatly appreciated By the way I could also use some 218/701 ANAC or CN/A... any help here? Aesop [In order: a) Good luck with Moto. You'll need it. b) Yes, I really still need your university dialups. Issue 48 will have a much more complete list (I hope!) c) If anyone knows any bbs'es in those area codes, please send them in so I can pass along the info. Other) For CNA information, just call your business office. They ALWAYS help. Especially if you mention that CNA didn't have a current record. :) ] ----------------------------------------------------------------------------- To whom it may concern at phrack, I would like to subscribe to Phrack. I didn't use PGP because :- i. I never had any real need to ii. I came across the document below while dinking around with gopher. I would pretty much guess phrack knows about it already. If you do know about it, could you tell me another way to ensure my mail privacy? Thank you. Xombi. ---------------------BEGIN E-MAIL DOCUMENT--------------------- This section is from the document '/email-lists/Funny'. A lot of people think that PGP encryption is unbreakable and that the NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly mistake. In Idaho, a left-wing activist by the name of Craig Steingold was arrested _one day_ before he and others wee to stage a protest at government buildings; the police had a copy of a message sent by Steingold to another activist, a message which had been encrypted with PGP and sent through E-mail. Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to allow the NSA to easily break encoded messages. Early in 1992, the author, Paul Zimmerman, was arrested by Government agents. He was told that he would be set up for trafficking narcotics unless he complied. The Government agency's demands were simple: He was to put a virtually undetectable trapdoor, designed by the NSA, into all future releases of PGP, and to tell no-one. After reading this, you may think of using an earlier version of PGP. However, any version found on an FTP site or bulletin board has been doctored. Only use copies acquired before 1992, and do NOT use a recent compiler to compile them. Virtually ALL popular compilers have been modified to insert the trapdoor (consisting of a few trivial changes) into any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft, Borland, AT&T and other companies were persuaded into giving the order for the modification (each ot these companies' boards contains at least one Trilateral Commission member or Bilderberg Committee attendant). It took the agency more to modify GNU C, but eventually they did it. The Free Software Foundation was threatened with "an IRS investigation", in other words, with being forced out of business, unless they complied. The result is that all versions of GCC on the FTP sites and all versions above 2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC with itself will not help; the code is inserted by the compiler into itself. Recompiling with another compiler may help, as long as the compiler is older than from 1992. [Well, uh, gee, I think the fact that this document came from /email-lists/Funny speaks for itself. I'm satisfied with PGP for security, but then again, I don't have a lot of information that I'm so petrified that I need to keep it encrypted, or that I send out in email that I don't care if anyone sees. To put aside some of your fears, I personally feel that PGP is ok. If the trilateral commission wants your info, they will beat it out of you with sticks, with the help of several multi-jurisdictional task-forces for Federal law enforcement, while you are under the influence of incredibly terrifying and long-lasting hallucinogenic drugs. Don't worry.] ----------------------------------------------------------------------------- Here is a BBS Ad for your next issue: BBS Name: The King's Domain Sysop: Ex-Nihilo Speeds: 1200-14,400 BBS Type: Remote Access 2.02+ Phone #: 208-466-1679 THe BBS has a good selction of "Hood" files... (hacking/phreaking/anarchy) journals such as cDc, Phrack, ATI and more... also a good selection of BBS files which include Doors and Utilities... primarily RA accessories, but not exclusively... supports rip graphics and is online 24 hrs a day [Yet another ad! Is this the rebirth of BBS-dom?] ----------------------------------------------------------------------------- [Editor's Note: I got a letter asking me about how to credit card merchandise. I replied that I didn't agree with carding, and that if the reader really wanted something, he/she should get a job and buy it. This is the response I got.] What the fuck? All I wanted was a fucking decent reply. Get a job, huh? You know, I thought if you were to talk to one of these supposed "computer hackers" you could get some usefull information. Get a job, that rich coming from someone like you. When there's something you want...take it...without using your money. Maybe sometime I'll be able to takl to a hacker not some fucking hypocritical computer geek [Editor's Note: I replied to this letter by stating that carding had nothing to do with hacking, that it was out and out stealing, and although we had published articles about it in Phrack, I wasn't going to help anyone do it, and that he/she should try to contact the authors of various carding articles directly. This is the response that got.] Come on now "Chris", you can do better than that, can't you? Stealing? Who's the thief here, eh? See, when I wake up in the morning, I don't have to worry about secret service, police, or any sort of military shit being in my apartment. I don't get busted for doing stupid things like stealing phone calls off fucking 900 numbers. I think I know exactly why you don't card anything - because you're too fucking stupid or don't even have the balls to do it. Fuck, you'd expect someone like yourself to have different views about being a thief. Well, I guess it takes a certain kind of person to hack into shit like you, but why this person would start flame wars and otherwise just be a total fuckup, I don't know. Or, maybe it's just the singular person I'm talking too, yeah, that's probably i...there probably are other, BETTER, hackers who aren't as fucking arrogant as you. Well, have fun with your hands and PLAYGIRL's, you fucking little punk-ass faggot. And tell your mother that I won't let this affect our relationship. Punk aj276@freenet3.carleton.ca [This is the future of the computer underground??] ----------------------------------------------------------------------------- BBS AD: System is called CyberSphincter (playing off of the current word trend of cyber). The number is 717-788-7435. The NUP is 0-DAY-WAR3Z!!! Modem speeds of 14.4 and lower, with no ANSI. Sysop is Ha Ha Ha. It's running renegade (we know it can be hacked and I've done it already), but we seem to believe in honor among thieves, so try to control yourself on that. -=strata=- [ANOTHER AD!] ----------------------------------------------------------------------------- Hey Erik B... I'm the remote sysop at the Digital Fallou BBS in 516. Just recently, we've been getting a rash of ld callers. A day or two ago, a guy with the handle "Digi-Hacker" applied. His application looked good, execpt that he stated his alter handle was "Eric Bloodaxe" and that he was the editor of Phrack. Now, any lame ass could just "say" that, and we don't want any liars on board. :) So we decided to go right to you thru email. Did you apply? If so, cool. If this isn't you, that guy is gonna most assuredly be deleted.. [Well, I hate to say it, but I don't have time to do much of anything anymore. I certainly don't call bbses with any regularity. I do have accounts on SECTEC and UPT, but that's it. I may call some in the future, but for the most part I don't have any time. If someone calls up a bulletin board and applies as "Erik Bloodaxe" it isn't me. (Anyone saying they are Eric Bloodaxe MOST CERTAINLY isn't me. :) ) Anyone running BBSes may want to take note of this, so they don't get swindled into giving "elite" access to some pretender. You can always email phrack@well.com and ask me if I have applied to your bbs. ] ----------------------------------------------------------------------------- Chris, I know you don't know me, but I figured you of all people could help me, and give me an answer quickly. I just got my phone bill, and on the last page is a page from some company calling themselves Long Distance Billing Co., Inc. It has one call "Billed on behalf of Northstar Communication" It is a call from somewhere in FL, for 13 minutes, costing 51.87. I called LD Inc, and they said the call was a collect call made from Northstar Comm, and that my only recourse was to write a letter to Northstar. Needless to say, I did not accept the collect call, I don't know anyone in 813. I called NYNEX, and they said I should write to Northstar and LD INC, but didn't seem to know anything about either company. They guy I talked to said it was real strange that LD INC didn't give me a number to call at Northstar, since most of this type of thing is handled by phone. I'm beginning to wonder exactly how relieable this LD INC company is, who Northstar is, and most of all who called and how the hell the call was supposedly accepted by my phone. This is all the info I know: BILLED ON BEHALF OF NORTHSTAR COMMUNICATION 1. SEP 18 923PM COL CLEARWATER FL 813-524-5111 NC 13:00 51.87 --From my phone bill Northstar Communication 3665 East Bay Drive Suite 204-192 Largo, FL 34641 --From LD INC Long Distance Billing Co., Inc. 1-800-748-4309 --From NYNE phone bill. If you can think of anything I can do, I;d be really greatful. I don't have $50 to throw away on a call I never got, and I don't have the resources you do to try and figure out who the hell these people are. [It looks to me like you got fucked by someone in Florida using a COCOT payphone. It's kind of odd that NYNEX couldn't help you more...but anyway, I wouldn't pay it. What I suspect happened was that somsone used one of those handy COCOT services where the operators are incredibly stupid and allow calls to be accepted when the "calling party" says "YES" to allow a 3rd party or collect call, rather than the party being called. This happened to me at my previous work extension by New Yorkers using the ENCORE service (even though all our lines were listed to refuse 3rd party and collect calls.)] ----------------------------------------------------------------------------- I've been having some trouble with the law, so all my notes are stashed at a friend's casa at the moment. Can you recommend a good lawyer to defend me for allegedly hacking some government computers? I've got a good crim def guy working with me right now assisting me guring questioning from Special Agents, but I will need someone that has experience if I get indicted. [If you are facing computer crime charges, you are definately in a world of hurt. There are very few computer crime-savvy lawyers practicing in the World. The only thing I can suggest is that you call EFF, CPSR or EPIC and ask them if they know of any lawyers in your area that they can refer you to. None of these groups will help you directly, except under EXTREME circumstances, and only if you have been falsely accused, or have had rights violated. If you are guilty, and the cops have any evidence, you are going to be convicted. Remember Baretta? "If you can't do the time, then don't do the crime."] ----------------------------------------------------------------------------- Dear Chris, You probably don't remember me, but we corresponded about 3 years ago as part of my PhD research. I was at Edinburgh University at the time and am not at UMIST in Manchester (British equivalent of MIT). The reson I'm writing is that I was awarded my PhD last March, and for one reason and another I've been sidetracked into a completely different field of research - the British National Health Service and the various ways computers are being used in it. I tried getting a publisher interested in the thesis, but with little luck. I also sent it to Jim and Gordon at CuD on disk for them to stick it on archive, but they had problems with the formatting of it and don't seem to have got round to archiving i. If you're interested I'd be quite happy to send a couple of disks to you and you can spread it around as you want. It just seems a shame for the people on the net not to get a look at it. It's dressed up in airy-fairy sociological language - but there's still lots in it that I think would be of interest to people on the net. I saw your interview in CuD, and I agree with you about most of the books written on the CU. Mine has its faults but it's got less biographical data and more issue-oriented stuff. Anyway, get in touch and let me know if I can find a good home for my magnum opus. Take care and a belated thanks for all the time you spent in helping me with the PhD. Best Wishes, Paul Taylor School of Management UMIST [Paul: Congrats on your PHD, and continued success at UMIST! I'm putting your thesis up on the Phrack WWW page so that more people can get a look at it! Thanks for sending it!] ----------------------------------------------------------------------------- I read your article on hacking the French among other foreign governments. Sounds pretty fun, just for kicks the other night I did a search of all the computers I could get at in China. One of them was a national power grid computer. Sounds like it could be fun to play with huh? The "They Might Kill Us" part will tend to turn some people off, but not me. [WOW! A National Power Grid Computer! In China! Gee. How many times have you seen Sneakers? Take the tape out of your VCR, slowly run a rare-earth magnet over it and set it on fire. On the other hand, if you were at least partally serious about the hacking for America, keep your eyes open.] ----------------------------------------------------------------------------- Erikb, Regarding your article in Phrack 46, we here in Columbus would just like to say that everything except for the Krack Baby's phone number, which long since went down, and the Free Net template, is total and utter bullshit. The Columbus 2600 meetings were NOT started by Fungal Mutoid, he is just responsible for a much larger turnout since about September (94), and whoever wrote that has obviously not been to a Columbus meeting recently. The Columbus 2600's have been here for quite a while, but bacause the H/P scene consists of 15 people AT THE MOST, many of which haven't the time to attend, the turnout is almost always low. I believe the most that have ever shown up to a meeting is 10, which dwindled to 8 or so before the meeting was officially half-over. Nobody knows who wrote the article which you printed, although no one has been able to contact Fungal Mutoid to ask him. Just thought we'd clear a few things up, and to those that don't give two flying shits, we're sorry to have to bring this into a E-mag as great as this. Sincerely, H.P. Hovercraft and the Columbus H/P Gang [Thanks for the letter. Like I always say, I can only report and print what I'm told or what is sent to me. I don't live anywhere but Austin, TX, so I don't know the intimacies of other areas. Thanks for sending in your comments though!] ----------------------------------------------------------------------------- Haiku Operator hi who is it that sets my phone on redial and tone gives me rest in times great stress lays its head on my leads me into joy cosmos and mizar give evidence and homage to your greatness, why logon/password on your very first try shall succeed, as always oh, A T and T while great, holds non to the great power that NYNEX gives access to in glee, awaitnig, cautiously, for signs of entry illicitly thus strives to maintain control of the ESS switch, not comprehending that control is simply gained by a single call to some stupid yet revered operator who believes you in charge gives out system pass with some small feat of trick'ry PAD to PAD, too, works sounding of the baud with modem and coupler connection is made who is to question the incidence of this fault or acknowledge it security's words false threats followed by arrest on illegal grounds hackers, phreakers grieve free the unjustly accused give them freedom to ROAM with cellular phones place to place with no charge test the system's worth find holes, detect bugs run systems by remote, yea, to explore, to seek, to find a network of free bits and bytes unharmed-- innocently seen. who doesn't know that Bell or Sprint or MCI would never approve-- believe in 'puter crime, toll fraud, "access devices," free calls to Denmark Information is power is imperative proprietary please, spare me the grief accusations being thrown of phone co. crashes are fiction unleashed to the ignorant public eye to make blame, fear all phr/ackers, but all have had their days and faded into the past, why must ignorant block the free flow of knowledge found angry sysops abound secret service rais hoisting games, computers, phones never to be re- turned hackers, phreakers working for government, spies, lies, deception, all to walk free while friends spend years in jail for simply battling for some change knowledge is NOT free equipment costing milliions, simply cannot pay the cost for systems of signal switching; no on e wants to harm, just try to use our knowledge in a constructive way and look around for things which further know-how of packet switching, ANI, proctor tests and tones which make little sense and why is it there, what are all the test lines for? central office trash provides some clues, while phone calls get angry response to inquiries re: loops and lack of barriers, COCOT carriers who overcharge cause frustraton, must be helped end overbilling unfairness is only people not understanding nor comprehending that what we do is NOT always fraud, vengeance or deceitful reasons bu for love of the systems, curiosity's overwhealming need to be met and to feel accomplished, proud, to do and know something WELL crackers abound pirates do multiply, spread wavez of warez cross coasts and foreign countries virus creators seeking escape, growth, freedom not for destruction but for change, to press limits to find that which makes us whole, complete, and accomplished at crossing the barriers that bound conventional people in dead-end jobs with little self-esteem. hacking, phreaking, it is an art form, and a quest for endless reaches to seek, to explore, to realize and accomplish, to take chances and live not for rules and laws but for what things should be but will not come to pass. --kyra [Uh oh, we're getting pretty literary here. I can see it now: Phrack Magazine. For the Sensitive Hack/Phreak. Interesing poem tho...] ----------------------------------------------------------------------------- Dear Editor of Phrack Magazine; Ok Erik (mr. editor), there is also a poem that I have written for Wei. "Thinking of Ding Wei" (C) 1994, 1995 Oliver Richman. Come here, let me tell you something, How I hide my love for Wei Ding: By forgetting all my thinking! When in my mind Wei's heart I see.. I want to tell her "wo ai ni", So her and I will always be. Her mind is pure, like pretty Jade.. She makes me want to give her aid. I know that her love will not fade. My patience tries to move the sea. But can I deny you and me? I want our hearts to set us free. I really love you, dear Ding Wei, I think about you every day. Tell me, what more can I say? [What's this? Another Poem? A tribute of Love for some chick named Wei? Holy Lord. We need to get some codes or credit cards or something in here to offset this burst of "Heartfelt Emotive Print." ] ----------------------------------------------------------------------------- the other day upon the stair i met a man who wasn't there he wasn't there again today i think he's from the CIA [NOW THIS IS MY KIND OF POETRY! SHORT, SIMPLE, AND FUNNY. WHATEVER HAPPENED TO BENNETT CERF???] ----------------------------------------------------------------------------- As a former AOLite and definite wannabe, and having d/l the log of the Rushkoff/Sirius hypechat, I could tell from the beginning that it would be just as you reviewed _Cyberia_ as being. Every other word Rushkoff used was Cyberia or Cyberians. As lueless and vulnerable to hype as I was, I couldn't help but stand back and listen to all the shit with a grin. In the same not, I ran into David Brin on AOL as well, and managed to get a correspondence goig with him. He was on discussing all the research he did on the "Net" and about the papers he was delivering, and, most importantly (of course), his upcoming BOOK about the Internet and privacy. At the time, still under the glossy spell of Wired (which I still find interesting) and the hype, I was eager to offer him an interview proposal, which I would have published in Wired if at all possible. Dr. Brin knew less than *I* did about the Internet. I can sum up most of these people's vocabularies in one word: "BLAH." They may as well reiterate that syllable ad infinitum--it amounts to the same thing. [WOW! Hey Cyber-guy, thanks for the super-cyber email. As we cruise along this InfoBanh, exiting in Cyberia, it takes a diligent cyberian like you to keep things in check! Sorry bout that. I was overcome with a minor brain malfunction that reduced my IQ to that of Douglas Rushkoff. Doesn't it all make you want to puke? I heard that yesterday on the soap opera "Loving" some character was hacking into food companies to steal recipes. A month or so back, on "All My Children" (The only soap I watch...but I'm embarrassed to say I watch it religiously), Charlie & Cecily were dorking around on the Internet, and sent each other email after reading notes they each left on alt.personals. The world is coming to an end.] ----------------------------------------------------------------------------- Yo erikb: yo dewd. eye am so paranoid, my t33th are rattling. what dewd eye dew? yew are the god of the internet. how dew eye stop the paranoia? please print answer in next phrack. thanx. m0fo [Your Acid will wear off in a few hours. Don't worry. Enjoy it. The CIA does. If it doesn't go away in a few days, there are some nice men in white lab coats who will be glad to help you out. How do you stop the paranoia? Your answer: Thorazine!] ----------------------------------------------------------------------------- This is Nemo Kowalski speaking (aka Paolo Bevilacqua). I just discovered Phrack at the young age of 31. ;-) Well, I like it a lot, at least like I enjoyed doing real things here in Europe, alone and with DTE222, years ago. I'm going to write something about the first anti-hacker operation in Italy, "Hacker Hunter," in which, incidentally, I got busted. Do you think your some of the old stories from altger and Itapac can be of interest to your readers? To Robert Clark: I read "My Bust" and I liked it. I'm not a native english speaker, but I think it was well-written, plus principally, I felt a pleasant "reader sharing writer's experiences" sensation that can separate a good reading from pure BS. This is expecially true since I've been busted here in Italy, and I've learned that things are more similar around the western world than I would have thought. The only thing I can't share is your Seattle experience. Maybe the dichotomy good druge/bad drugs has a different meaning for you? Respect, Nemo [Nemo: Please write as much or as little as you like about the busts in Italy! We have an article this issue about Italy, but any further insights into your experiences, esspecially regarding how busts are carried out in other countries would be greatly appreciated by our readers! I look forward to reading whatever you can put together!] ----------------------------------------------------------------------------- Chris, As a relative neophyte to hacking, one of the problems I come up with a lot is identifying systems I locate scanning. So, I was wondering if Phrack, or any other zine, had ever published a concise guide to clues to help identify unknown systems. If so, could you please let me know what mag, and what issue. One last thing, are there any internet sites with info of interest to hackers? I know about eff.org and freeside.com and a few others, but nothing really intriguing...any suggestions? [You will find a good start to identifying strange systems, and in locating sites of interest to hackers in the #Hack FAQ we've printed in this issue. ] ----------------------------------------------------------------------------- For Phrack news, Darkman was busted in Winnipeg City, Canada, for various reasons, but since I knew him personally I wanted to add my two cents. For the record, he was busted for warez and porn as well as hacking into the UoManitoba, and I heard his wife left him because he spent too much time pirating on IRC. He was about 38. He could read fluently in Russign, and I remember one night we discovered some secret KGB documents from the 50's, real science fiction thriller stuff, and he read it to me. Akalabeth [It's a drag that your friend was busted, and knowing the Canadian government, the porn part was probably pretty minor shit in a worldly sense. I'm kinda intrugued by the "KGB Documents" you found. Uh, were these on the net? Did you have a cyrillic character set loaded? How did you read these documents? Were they on paper? SEND THEM TO PHRACK! :) ] ----------------------------------------------------------------------------- Top 10 Reasons Why I Should Get My Subscription FREE: (1) I'm a programmer/Analyst for an electric utility company in Texas (ahh, come on - I'm a fellow Texan!) (2) I've read Phrack for years (loyalty scores points - right?) (3) I've been involved with compuers since GOD created the PC (I began in late 70's-early 80's). (4) I'm *not* a narc (shh, don't tell anybody.) (5) I *may* have a record (but if I do, it's for minor kind of stuff - I'm basically a nice guy). (6) I don't like the telephone company (you have to admit they're amusing though.) (7) I know how to get around on the 'net (can't you tell - I have an AOL account .) (8) I'm a good source of info regarding all types of mainframe and PC programming. (9) PLEASE.... (10) I'll quit writing dumb letters and trying to be funny. [David Letterman is in the background throwing up as I'm typing Don't quit your day job...but I'll send you Phrack anyway. :) ] ----------------------------------------------------------------------------- Hey Chris, I just read your thing in Phrack abou the US being attacked by our so called "allies" and I agree with you 110%! I do believe that we should start some sort of CyberArmy to fight back. I don't think that our government would mind, unless we crashed an economy that they were involved with or something, but hell, they fuck with us, let's fuck with them. And you were saying about phone costs, isn't it possible to just telnet or something over there? And why stop at fighting back against our information agressors, why not fight back against other countries that our government is too chickenshit to fight against? Cuba comes to mind. Well, I hope you reply or something, I really like Phrack, I try to get it whenever I can manage, but I don't have an internet address where I can get files. Keep up the good work. [Yet another volunteer for the US Cyber Corp! By God, I'll have an army yet. :) ] ----------------------------------------------------------------------------- ==Phrack Magazine== Volume Six, Issue Forty-Seven, File 2a of 23 ***************************************************************************** Phrack Editorial What you are about to read is pure speculation on my part. Do not take this to be 100% fact, since most of it is hypothesis. But it sure will make you think twice. "Ever get the feeling you're being cheated?" ----------------------------------------------------------------------------- So...Mitnick was busted. There certainly are some really odd things regarding the whole mess, especially with regards to the "investigating" being done by a certain heretofore unheralded "security" professional and a certain reporter. One of the first oddities was the way the Mitnick saga suddenly reappeared in the popular media. In February, and seemingly out of nowhere, the ever diligent John Markoff entered the scene with the a groundbreaking story. (Of course this is meant to be sarcastic as hell.) Markoff's story dealt with a near miss by federal authorities trying to apprehend Mr. Mitnick in Seattle about 5 months prior. Now, if nothing else happened in the whole Mitnick saga, I never would have given this a second thought, but in light of what followed, it really does seem odd. Why would someone write about a subject that is extremely dated of no current newsworthiness? "Our top story tonight: Generalissimo Francisco Franco is still dead." To be fair, I guess Markoff has had a hard on for Mitnick for ages. Word always was that Mitnick didn't really like the treatment he got in Markoff's book "Cyberpunk" and had been kinda screwing with him for several years. (Gee, self-proclaimed techie-journalist writes something untrue about computer hackers and gets harassed...who would have thought.) So it really isn't that odd that Markoff would be trying to stay abreast of Mitnick-related info, but it certainly is odd that he would wait months and months after the fact to write something up. But wait, a scant month and a half later, Mitnick gets busted! Not just busted, but tracked down and caught through the efforts of a computer security dude who had been hacked by Mitnick. Breaking the story was none other than our faithful cyber-newshawk, John Markoff. "Tsutomo Shimomura, born to an American mother and a Japanese father, thus becan life as he was destined to live it...going in several directions at once. A brilliant neurosurgeon, this restless young man grew quickly dissatisfied with a life devoted solely to medicine. He roamed the planet studying martial arts and particle physics, colelcting around him a most eccentric group of friends, those hard-rocking scientists The Hong Kong Cavaliers. "And now, with his astounding jet car ready for a bold assault on the dimension barrier, Tsutomo faces the greatest challenge of his turbulent life... "...while high above Earth, an alien spacecraft keeps a nervous watch on Team Shimomura's every move..." Wait a minute...that's Buckaroo Banzai. But the similarities are almost eerie. Security dude by day, hacker tracker by night, ski patrol rescue guy, links to the NSA! WOWOW! What an incredible guy! What an amazing story! But wait! Let's take a closer look at all of this bullshit, before it becomes so thick all we can see is tinted brown. Shimomura was supposedly hacked on Christmas Eve by Kevin Mitnick, which set him off on a tirade to track down the guy who hacked his system. Supposedly numerous IP tools were taken as well as "millions of dollars worth of cellular source code." First off, Shimomura's TAP is available via ftp. Modified versions of this have been floating around for a while. I suppose it's safe to assume that perhaps Tsutomo had modified it himself with further modifications (perhaps even some of the IP/localhost spoofs that the X-consortium guys were playing with, or maybe other tricks like denial of service and source-routing tricks...I don't really know, I don't have any such thing authored by Shimomura.) Secondly, what is all this cellular source code? And why did Shimomura have it? Could it be that this is really just some kind of smokescreen to make it seem like Mitnick did something bad? For those of you who don't know, Tsutomo is friends with Mark Lottor (yes, the OKI experimenter, and CTEK manufacturer.). They have been friends for some time, but I don't know how long. Lottor used to be roommates with, lo and behold, Kevin Poulsen! Yes, that Kevin Poulsen...the guy who before Mitnick was the "computer criminal de jour." Poulsen and Mitnick were no strangers. It wouldn't be too much of a stretch of the imagination to think that those files were really ROM dumps from phones that Lottor had given Shimomura. It also wouldn't be too much of a stretch to imagine that Mitnick knew Tsutomo, and decided to go poke around, pissing off Tsutomo who knew that he'd been violated by SOMEONE HE ACTUALLY KNEW! (It sure does piss me off much more to get fucked over by someone I know rather than a complete stranger.) Woah. If any of that is true, what strange bedfellows we have. But wait, it gets better... Enter John Markoff. Markoff and Tsutomo have obviously known each other for a while. I don't know where they met...but I know they were together at Defcon, maybe at Hope, and probably at the Tahoe Hacker's conference a few years back. (I'd have to go back and look over the group photos to be certain.) Markoff already has a stake in the Mitnick story, since it was his book, "Cyberpunk" that really gave ol' Kevin some coverage. Now, if Markoff knew that Mitnick had hacked Tsutomo (from Tsutomo's own mouth), then certainly any journalist worth his salt would see possibilities. Gee, what a great concept! A colorful computer security guy tracks down one of the world's most wanted hackers! What a great story! Remember that Stoll Guy? But in order to get the book publishers really hot, it would take some more press to rejuvinate interest in the Mitnick story. So the first story, months after the fact, is printed. Meanwhile, Tsutomo is supposedly tracking down Mitnick. How does one track down a hacker? The legal (and really annoyingly hard way) is to work with other system administrators and establish a trail via tcp connects and eventually back to a dialup, then work with phone companies to establish a trap and trace (which usually takes two or three calls) and then working with local police to get a warrant. Somehow Tsutomo seemingly managed to avoid all this hassle and get a lot done by himself. How? Well, the Air Force OSI managed to track down the British Datastream Cowboy by hacking into the systems he was hacking into the Air Force from. This is the easy way. Hmmm. I know with a good degree of certainty that Markoff's and Tsutomo's little escapades pissed off a great many people within law enforcement, but I don't know exactly why. If they WERE bumbling around stepping on FBI toes during the course of their litle hunt, certainly the FBI would have threatened them with some kind of obstruction of justice sentence if they didn't stop. Did they? Well before any of this had begun, Mitnick had been hacking other places too. Guess what? He happened to hack CSCNS, where a certain ex-hacker, Scott Chasin, runs the security side of things. I remember well over a year ago talking to Chasin about a hacker who had breeched CNS. Discussing his methods, we thought it must be Grok, back from the netherworld, since he was so skilled. The hacker also made claims of being wireless to avoid being traced. (This also fit into the Grok modus operandi...so we just assumed it was indeed Grok and left it at that.) Chasin told the hacker to get off of CNS, and that he could have an account on crimelab.com, if he would only use it for mail/irc/whatever, but with no hacking, and on the agreement that he would leave CSCNS alone. The agreement was made, but went sour after only a few weeks when the mystery hacker began going after CSCNS again. The Colorado Springs FBI was called in to open an investigation. This was ages ago, but of course, field agencies rarely talk. Back in the present, Tsutomo goes to help out at the Well, where a certain admin (pei) was having problems with intruders. This is the same pei who a few months earlier told Winn Schwartau "The Well has no security!" Which Winn reported in his newsletter. (This of course came after Winn's account on the Well was reactvated by an anonymous person who posted several messages about Markoff and signed them "km." DUH!) So somehow, Tsutomo gets trace information leading back to a cell site in North Carolina. How does a private citizen get this kind of information? Don't ask me! My guess is that the feds said, give us what you know, help us out a bit and don't get in our way. In return, one can surmise that Tsutomo (and Markoff) got to glean more info about the investigation by talking with the feds. So, Mitnick gets busted, and Tsutomo got to ride around in a car with a Signal Strength Meter and help triangulate Mitnick's cellular activity to his apartment. Woo woo! After all is said and done, Tsutomo has single handedly captured Mitnick, John Markoff breaks the story on the FRONT PAGE of the New York Times, and every other computer reporter in America continually quotes and paraphrases Markoff's story and research as "God's Own Truth." Mitnick, on the other hand, gets blamed for: 1) hacking Tsutomo 2) hacking the Well 3) hacking Netcom to get credit cards 4) hacking CSCNS 5) hacking Janet Reno's Cell Phone 6) hacking motorola 7) conversing with foreign nationals etc.. Let's look at some these charges: 1) Mitnick was not the first (or only) to hack Tsutomo. The San Deigo Supercomputer Center is a target for a lot of people. It's a major Internet center, and there are all kinds of goodies there, and the people who work there are smart guys with nice toys. Sorry, but Mitnick is the scapegoat here. 2) Mitnick was not the first, last, or most recent to hack The Well. Like Pei said, "The Well Has No Security." I know this first hand, since I have an account there. I don't raise a stink about it, because I pay by check, and my email is boring. 3) Mitnick was not the person who got the Netcom credit card file. That file floated around for quite some time. He might have had a copy of it, but so do countless others. Sorry. Wrong again. 4) Mitnick was in CNS. He was not the only one. Thanks for playing. 5) The thought that Mitnick could reprogram a MTSO to reboot upon recognizing a ESN/MIN pair belonging to one specific individual would require that he had hacked the manufacturer of the MTSO, and gotten source code, then hacked the cellular carrier and gotten a full database of ESN/MIN information. Both of these things have been done by others, and Mitnick certainly could have done them too, but I doubt he would have gone to that much trouble to call attention to his actions. 6) Motorola, like EVERY other big-time computer industry giant has been hacked by countless people. 7) Mitnick reportedly had dealings with foreign nationals, especially one "Israeli" that set the CIA up in arms. Well, sure, if you get on IRC and hang out, you are probably going to talk to people from other countries. If you hang out on #hack and know your stuff, you will probably end up trading info with someone. But, playing devil's advocate, perhaps the person you might be talking to really isn't a 22 year old Israeli student. Maybe he really is a 40 year old Mossad Katsa working in their computer center. Was Mitnick Jewish? Would he do "whatever it takes to help the plight of Jews worldwide?" Could he have been approached to become one of the scores of sayanim worldwide? Sure. But probably not. He'd be too hard to call on for the favors when they would be needed by Mossad agents. So, I have some doubts about this. Less than a month after the whole bust went down, Markoff and Tsutomo signed with Miramax Films to produce a film and multimedia project based on their hunt for Mitnick. The deal reportedly went for $750,000. That is a fuckload of money. Markoff also gets to do a book, which in turn will become the screenplay for the movie. (Tsutomo commented that he went with Miramax "based on their track record." Whatever the fuck that means.) Less than a month and they are signed. Looks to me like our duo planned for all this. "Hey Tsutomo, you know, if you went after this joker, I could write a book about your exploits! We stand to make a pretty penny. It would be bigger than the Cuckoo's egg!" "You know John, that's a damn good idea. Let me see what I can find. Call your agent now, and let's get the ball rolling." "I'll call him right now, but first let me write this little story to recapture the interest of the public in the whole Mitnick saga. Once that runs, they publishers are sure to bite." Meanwhile Mitnick becomes the fall guy for the world's ills, and two guys methodically formulate a plot to get rich. It worked! Way to go, guys.