==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 16 of 18 THE TRUTH, THE WHOLE TRUTH AND NOTHING BUT THE TRUTH- -a story of the 'BT-Hacker' scandal. By Steve Fleming Sitting in a chilly university computer department in northern England was in itself exhilarating. The mid-February climate made it cold; my head was buzzing with voices chatting freely about gaining access to secret computers, acquiring free telephone calls and how to fashion 'bombs' to maim or kill lecturers and 'Senior Vice Principles'. There was nobody else in the room, all the company was just under a meter from me in CyberSpace, that alternative universe where anything is possible and everyone is somebody they want to be. The stories were extraordinary - in fact they were incredible, an eclectic mix of fact and fantasy bound together by expert social engineering. These CyberSpace 'cafes' are the BBS' - Bulletin Board Services - and are the stock-in-trade of the electronic community. The Internet is connected to some of them, but the best ones, the ones with the best chat and the most exciting files are not - you get the dial-in number from another user, and have to then beg to use the service. It is interesting to note that the Internet has now become a generic term for on-line communication and suffers as a result of its inappropriate use. Blaming the Internet for anything is like apportioning culpability to 'society' - fine for academics but otherwise a shallow construct. I have known some computer experts in my time, and still some 'reformed hackers' count as my best friends - I really wanted to find out if a major British computer could be hacked or if it had been done. The UK has some of the most draconian secrecy laws anywhere on the planet, so if secrets are found, they tend to be kept secret. When people start talking in CyberSpace, they really talk and talk and talk. Their voice has no tone or volume, no emotion or mood - it can be like talking with a form of electronic psychopath sometimes. But there are inventive ideas 'on-line', and sometimes you can SHOUT, but this is quite rude, mostly pictorial punctuation (the smiley) is the key. You can indicate a smile :-) or a frown {:-( and you can even indicate sarcasm ;-) with a sly wink. It's interesting to note that irony is not really a north American thing at all; sarcasm is a CyberSpace thing. I wouldn't say that I am an expert, I wouldn't even say that I was very good with computers, I'm always learning. My qualifications are in science; Biology and Psychology, not computing. What this gives me is an urge to investigate assuming a null hypothesis - I disprove things in short. It's funny to think that most of the press followed a placed PR line that I must be a '... twisted computer boffin who had broken into an '...entirely robust...' computer system'. And my, did that title stick - friends from Hong Kong to Turkey called to say I was a computer expert all over the world! This was very effective and obviously placed by someone with powerful influence, perhaps advertising influence? It doesn't really matter, bad journalism is all over and we all have a living to earn - I however, would never do it at the expense of a colleague. There was the vision of news editors screaming, "... get me some secrets!" - they simply couldn't believe that a freelance with only a few published pieces could have brought in such an impressive story with a scandal at every level - so they capitulated with the 'boffin' lie and went back to boring, standard, sloppy 'background' on this 'hacker'. It was actually a bit of a personal tragedy, my on-line persona was cracked, there wasn't very much in my life at all, quite a boring person really; like most journalists who spend a lot of time observing rather than doing. The Today newspaper had some hot tip-off's from people I'd interviewed in the past, one man in particular who had lied in a silky and attractive way for two and a half hours had been doing the same to them. The fact that I wrote for a 'gay magazine'. Shock horror, a definite Philby, Burgess & McLean story breaking. What a bit of investigate journalism that wasn't, I wrote under my own name! Was he a spy, was he working for Libya, Israel, MI-6, MI-5, the Labour Party, Duncan Campbell, Richard Gott... and then there was the 'shit-bagging'. This happens when tardy investigators are ignorant of the facts, automatically they assume it should be them who had the story, if only they'd had the time. But this is all history now, and I forgive them all... but I never forget. How could a temporary member of staff see all this secret information? The list forming in the mind of the press (and I do think in situations like these one surprisingly tiny mind) went something like this: 1. They aren't secrets at all. 2. BT would know if anyone had looked at the secret stuff, so they'll catch the whistle-blower; probably working for computer security within BT. 3. Fleming is a computer expert, he's hacked the system and is spinning a story to prevent him being found out - and he's not a 'real' journalist and we are. Well, there was clear evidence that the stuff was very sensitive, so strike number 1 from the list. How could they wait for stage two, if it is the case it may take days or weeks, so they couldn't have that - anyway the Independent had shown it could be done away in time or place of Fleming. The only option was; who's there, who'll talk, and how can we retain credibility as journalists - repudiate the freelance! There was no shortage of shit-bag material; 'various anonymous sources... unconfirmed reports... it seems likely etc.' Some even fancied the idea that the details were shocking, but lets just do it all ourselves and dump on Fleming from a great height? It really was like being on a maggot farm, wading through pen after pen of repulsive, brainless, panicked... maggots. The truth is that there was no great skill involved in cracking BT's computer, it was so easy my pet parrot could have done it with only one claw. Many companies are confused about computer security and what it means. The sharp young suits talk about 'magneto-optical storage facilities' and 'EPROM or WORM access'. The captains of industry nod sagely, they run the ship and leave the deck scrubbing to junior officers. These proud, self important and generally thick as two short planks when it comes to computers men, authorise huge budgets for the whiz-kids who play with the money, buy new things, install new software, 'patch' the operating system, attach ISDN cards, issue user ID's after extensive family checks. You name it, and these guys do it, and they love it. They install password checkers that look for hackers (or errors) and disconnect users for 15 minutes if they get their passwords wrong three times. The captains of industry still discuss 'wireless' and 'word processors'. The bright young men should be allowed to deal with all the computer stuff, it's not that the captains can't understand it or anything like that, they just don't have the time. Staff who have to work the systems couldn't care less about the 'advanced software engineering' that went into the system. There is as much 'social engineering' as any other sort when it comes to computers for industry. So they have to remember passwords that change regularly and they have to remember to get that report done, and see the boss and train the new staff and type that letter and claim those expenses and design that form and... it's a lot to remember. When folk have a lot to remember they make lists, and those lists include passwords - sounds like an opportunuty for 'trashing'. They simply look through the rubbish and see what they can see. Sometimes someone writes down a password on a post-it note to let someone into their computer for some reason, that person enters the password and makes a note in their diary of it and pops the sticky in the bin. Then, in these busy offices, staffing levels are being cut. The managers need a dozen staff, and have four. They are allowed to contract from a temp agency and top up the office. These people are often unemployed graduates. Clever, but very, very bored. They don't get paid much, 4.00 an hour. That's what I was paid to write a nationwide database suite for BT but there I have to stop, the gag is cutting into me. They just want a decent job, and try to impress in case they get offered one, and the companies play on this and exploit without mercy. 4.00 an hour and they want unbridled enthusiasm, ideas, loyalty, commitment - who are they trying to kid! The computer administrators say they can't give temporary access to the system, '... it can't be done.' Well what do you suggest? 'You'll just have to make do, it's the system, can't help, sorry.' You need a dozen workers, perhaps 6 need to be on the system, you have 5 passwords plus another of the departmental manager making six. Why not let the temps use these passwords and you can get on with the more important stuff, can't be any harm in that? It's not as if we're using them? However, temps are just that, temporary - they move on. Consequently with all the changes you make up a folder with all the passwords and then they can just flick through that to find a password, it doesn't seem all that insecure does it? And there we have it, passwords being shared, passed, written down, typed in and shouted across the office. You can forget about any notion of security, the moment you take that step the whole system is pointless, you may as well print out all the secret information and sell it in Dillons - it would certainly make the phone book a best seller! Better still if the marketer's got what they wanted, put it on CD-ROM and charge a fortune for it at christmas; The Multimedia Secrets Collection, 199.95! The ideal christmas gift for the spy in your life. Includes music from around the world. BT, it's good to talk! NB it may be an offence to talk to anybody about this. Now you see why BT are keen to quell this espial, they know the situation, but don't want it publicised, it's very embarrassing for goodness sake - they have a contract to advise the government on computer security! Frankly, I couldn't care less if some BT mandarin gets a red face, it is no concern of mine. What is, is the fact that these secrets are not encrypted and are broadcast around the country on computers and are available to just about anyone who cares to look at it. The only warning displayed was 'Unauthorised access is an offence under the Computer Misuse Act (1990)' - but this access isn't unauthorised, is it? This notion of 'confidential' is a joke. BT's computers happily broadcast your ex-directory telephone number (and soon your name) down the line unless you make the choice to prevent it. What is confidential about that? The public interest is of prime importance here. The scandalous intimition in my legal gag is that I am risking national security? Me! Well I have a lot to say about that, it's not me that allows any old temp to see secrets, and I have never printed a single telephone number or details of any equipment, unlike some respected others. I brought the fact this could be done to light in a responsible journalistic manner. If I was such an expert, the intelligence service would have snapped me up immediately, BT would have paid me off and the government could have avoided embarrassment. But I'm not, I'm a journalist. The Independent published this story and I have respect for them, they took a risk and then wanted to distance themselves from me, which I understand. It was however a lonely, cold and frightening experience which is not yet over. The governments of these lands talk big about how the information superhighway will change all our lives, and how committed they are to servicing this new form of infrastructure leading to a new, fresh and exciting dimension - but they also punish, abuse, prosecute, imprison and destroy the lives of the people who may be far better able to exploit their ignorance and expose the sensitive underbelly of their power - their information. If you ask me, the old guys will make CyberSpace just as ugly and corrupt as the society they have already spawned, nurtured and set on a path of destruction out here. I for one don't want or need their advice, support or money - let them lay in the bed they have made, I'll stay in CyberSpace. ------------------------------------------------------------------------------ - Related Info Appended by the Editor - DCS DISPLAY CUSTOMER SUMMARY ??/??/?? 11:41 Name : THE CHIEF CONSTABLE Telephone No : 031-315 2007 NQR Account No : 8077 0366 Address: LOTHIAN & BORDERS POLICE Customer Type: BUSINESS VOLUME POLICE HEADQUARTERS Installations: 1 5 FETTES AVE EDINBURGH LINE DETAILS EH4 1RB Installed : 26/08/88 Line Status : B/W Curr State : Inst Class'n : BUS SINGLE EXCL ORDER Exchange Type: TXDX03 RECEPTION MARKER Recent Order : YES Contr Signed : BILLING REPAIR CONSENT Method of Pay: ORDINARY ACCOUNT : NO Systems Bus : C A/C U/Enquiry: NO Servicecare : NO Sup Serv Bus : D D/M Case : NO O/S fault : NO Cust Options : STANDARD VRUF Hist fault : NO OSC Ind : NO Hazard : CUSTOMER CONTACTS Warning : Issue : NO Notes : YES BRDCST MANAGERS USING NJR-PLEASE DNB"NJRNEWS" FOR UPDATE ON CALLOUT PROBLEM ES 4A_ O-O DCRD PRODUCT TARIFF DETAILS ??/??/?? 11:41 Exchange Name : DEAN Tel No : 031-315 2007 NQR Installed : 26/08/88 a/c No : 8077 0366 Inst Class'n : BUS SINGLE EXCL Notes : YES S/S No : QTY PROD ID SHORT DESC or MSC / CP NOTE TARIFF:RATE TOTAL 1 A14499 C EXCH LINE + LINEBOX 32.66 32.66 * 1 A10117 C BASIC DIAL PHONE 4.70 4.70 * 1 A12481 C PRIVACY SET NO 8 51.75 51.75 * TARIFF GRAND TOTAL : 89.11 ES 4A_ O-O DIN DISPLAY NOTE DETAILS ??/??/?? 11:41 Installation : THE CHIEF CONSTABLE Tel no : 031-315 2007 NQR Name WRITTEN < AUTHOR > EXPIRES 8/ 2/94 JOSEPHINE/8813 8/ 2/95 A/.D LTR SENT FOR 0506843235,0313322106 0506881101 AND 0313152007 DCS DISPLAY CUSTOMER SUMMARY ??/??/?? 11:43 Name : LOTHIAN & BORDERS POLICE Telephone No : 031-332 2106 NQR Account No : 8076 9640 Address: POLICE HEADQUARTERS Customer Type: PAYPHONE BUS 5 FETTES AVE Installations: 1 EDINBURGH EH4 1RB LINE DETAILS Installed : 04/10/83 Line Status : B/W Curr State : Inst Class'n : BUS PAYPHONE ORDER Exchange Type: TXDX03 RECEPTION MARKER Recent Order : NO BMC/C/N/ / / Contr Signed : YES BILLING REPAIR CONSENT Method of Pay: ORDINARY ACCOUNT : ** Systems Bus : D A/C U/Enquiry: NO Servicecare : S Sup Serv Bus : C D/M Case : NO O/S fault : NO Cust Options : SINGLE LINE OPTION Hist fault : NO OSC Ind : NO Hazard : CUSTOMER CONTACTS Warning : Issue : COM Notes : YES ES 4A_ O-O DCRD PRODUCT TARIFF DETAILS ??/??/?? 11:43 Exchange Name : DEAN Tel No : 031-332 2106 NQR Installed : 04/10/83 a/c No : 8076 9640 Inst Class'n : BUS PAYPHONE Notes : YES S/S No : QTY PROD ID SHORT DESC or MSC / CP NOTE TARIFF:RATE TOTAL 1 A17867 C PAYP LINE SKTD SGL LINE TG10 32.66 32.66 * 1 A19493 C OPTION 50 NON-ISDN SITE LINE 0.00 0.00 * 1 A11790 C INTERNAL EXTN OFF MASTER SCKT 0.00 0.00 * 1 A17817 O MINSTREL PLUS PHONE Outright sale FREE GIFT - NO GUARANTEE 1 A11810 C METER PULSE FACILITY 6.70 6.70 * 1 A19398 C PAYPHONE 190MP TABLE-TOP MODEL Outright sale KEYHOLDER BETTY MITCHELL ON 031.311.3338 1 Standard Care charge on A19398 12.00 12.00 * TARIFF GRAND TOTAL : 51.36 ES 4A_ O-O DIN DISPLAY NOTE DETAILS ??/??/?? 11:43 Installation : LOTHIAN & BORDERS POLICE Tel no : 031-332 2106 NQR Name WRITTEN < AUTHOR > EXPIRES 8/ 2/94 JOSEPHINE/8813 8/ 2/95 A/.D LTR SENT FOR 0506843235,0313322106 0506881101 AND 0313152007