[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]

..[ Phrack Magazine ]..
.:: Phrack World News Issue XXII Part 3 ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #22 | Release date : 1988-12-23 | Editor : Taran King
IndexKnight Lightning & Taran King
Phrack Pro-Phile on Karl MarxKnight Lightning & Taran King
The Judas Contract (Part 2 of the Vicious Circle Trilogy)Knight Lightning
A Novice's Guide To Hacking (1989 Edition)The Mentor
An Indepth Guide In Hacking UnixRed Knight
Yet Another File On Hacking Unixunknown
Computer Hackers Follow A Guttman-Like ProgressionRichard C. Hollinger
A Report On The InterNet WormBob Page
Phrack World News Issue XXII Part 1Taran King
Phrack World News Issue XXII Part 2Knight Lightning
Phrack World News Issue XXII Part 3Knight Lightning
Phrack World News Issue XXII Part 4Knight Lightning
Title : Phrack World News Issue XXII Part 3
Author : Knight Lightning
                                ==Phrack Inc.==

                     Volume Two, Issue 22, File 11 of 12

            PWN                                                 PWN
            PWN        P h r a c k   W o r l d   N e w s        PWN
            PWN        ~~~~~~~~~~~   ~~~~~~~~~   ~~~~~~~        PWN
            PWN                Issue XXII/Part 3                PWN
            PWN                                                 PWN
            PWN           Created by Knight Lightning           PWN
            PWN                                                 PWN
            PWN              Written and Edited by              PWN
            PWN         Knight Lightning and Taran King         PWN
            PWN                                                 PWN

Computer Break-In                                             November 11, 1988
>From Intercom, Vol 28, No. 24, Air Force Communications Command Newsletter
By Special Agent Mike Forche, AFOSI Computer Crime Investigator

A computer hacker penetrated an Air Force Sperry 1160 computer system in the
San Antonio, Texas, area.  The hacker was discovered by alert Air Force
Communications Command computer operators who notified the data base
administrator than an un-authorized user was in the system.  The data base
administrator was able to identify the terminal, password, and USERID (system
level) used by the hacker.

The data base administrator quickly disabled the USERID/password (which
belonged to a computer system monitor).  The data base administrator then
observed the hacker trying to get into the system using the old
USERID/password.  He watched as the hacker successfully gained entry into the
system using another unauthorized USERID/password (which was also a system
administrator level password).

The hacker was an authorized common user in the computer system; however, he
obtained system administrator access level to the government computer on both

Review of the audit trail showed that the hacker had successfully gained
unauthorized access to the computer every day during the two weeks the audit
was run.  In addition, the hacker got unauthorized access to a pay file and
instructed the computer floor operator to load a specific magnetic tape (pay

The hacker was investigated by Air Force Office of Special Investigation
computer crime investigators for violation of federal crimes (Title 18 US Codes
1030 computer fraud, and 641 wrongful conversion of government property), Texas
state crimes (Title 7, Section 33.02 Texas computer crime wrongful access) and
military crimes (obtaining services under false pretense, Uniform Code of
Military Justice, Article 134).

The computer crime investigators made the following observations:

  - USERIDs used by the hacker were the same ones he used at his last base when
    he had authorized system access in his job.  The use of acronyms and
    abbreviations of job titles will hardly fool anyone; plus the use of
    standard USERID base to base is dangerous.

  - The passwords the hacker used were the first names of the monitors who
    owned the USERIDs.  The use of names, phone numbers, and other common
    easily-guessed items have time and time again been beaten by even the
    unsophisticated hackers.

                    Special Thanks To Major Douglas Hardie

"Big Brotherish" FBI Data Base Assailed                      November, 21, 1988
>From Knight-Ridder Newspapers (Columbia Daily Tribune)

               "Professionals Unite To Halt Expansion Of Files"

PALO ALTO, California -- For the first time in more than a decade, civil
libertarians and computer professionals are banding together to stop what many
consider a Big Brotherish attempt by the FBI to keep track of people's lives.

Computer Professionals for Social Responsibility, based in Palo Alto, has been
instrumental in preventing the FBI from expanding its data base to include
information such as credit card transactions, telephone calls, and airline
passenger lists.

"We need computer professionals acting like public interest lawyers to make
sure the FBI is acting responsibly," said Jerry Berman, chief legislative
counsel for the American Civil Liberties Union.

Berman was part of a panel Saturday at Stanford University that went
head-to-head with the FBI's assistant director for technical services, William
Bayse, over expansion of the National Crime Information Center.

Law enforcement officials use the NCIC system's 19.4 million files about
700,000 times a day for routine checks on everyone from traffic violators to
Peace Corps applicants.

"The FBI would like us to believe that they are protecting us from the hick
Alabama sheriff who wants to misuse the system," said Brian Harvey, a computer
expert at the University of California-Berkeley.  "The FBI is the problem."

Not since the fight to pass the Privacy Act of 1974 have computer experts,
civil libertarians, and legislators come together on the issue of citizen
rights and access to information.

In the early 1970s, the government's efforts to monitor more than 125,000 war
protesters sparked concerns about privacy.  The 1974 law limited the movement
of information exchanged by federal agencies.

But computers were not so sophisticated then, and the privacy act has a number
of exceptions for law enforcement agencies, Rotenberg said.  No laws curtail
the FBI's data base.

Two years ago, the FBI announced its plan to expand the data base and came up
with 240 features to include, a sort of "wish list" culled from the kinds of
information law enforcement officials who use the system would like to have.

Rep. Don Edwards, D-Calif., balied at moving ahead with the plan without
suggestions from an independent group, and put together a panel that includes
members of the Palo Alto computer organization.

Working with Bayse, FBI officials eventually agreed to recommend a truncated
redesign of the data base.  It drops the most controversial features, such as
plans to connect the data base to records of other government agencies -
including the Securities and Exchange Commission, the IRS, the Immigration and
Naturalization Service, the Social Security Administration, and the Department
of State's passport office.

But FBI director William Sessions could reject those recommendations and
include all or part of the wish list in the redesign.

The 20-year-old system has 12 main files containing information on stolen
vehicles, missing people, criminal arrests and convictions, people who are
suspected of plotting against top-level government officials, and people for
whom arrest warrents have been issued.

Big Guns Take Aim At Virus                                    November 21, 1988
Taken From Government Computer News

In the aftermath of the most recent virus infection of the Defense Data Network
and Arpanet, Defense Department and National Institute of Standards and
Technology computer security officials are scrambling to head off further

Officials of the facilities struck by the virus met this month to discuss its
nature and impact. The meeting at National Security Agency headquarters in Fort
Meade, Md., included representatives of NSA and NIST as 'observers,' according
to NIST computer security chief Stuart Katzke.

Two days later, NSA and NIST officials met again to discuss how to avert future
infections, Katzke said.  Katzke, who attended both meetings, said no decisions
had been reached on how to combat viruses, and NSA and NIST representatives
will meet again to firm up recommendations.

Katzke, however, suggested one solution would be the formation of a federal
center for anti-virus efforts, operated jointly by NSA's National Computer
Security Center (NCSC) and NIST.

The center would include a clearinghouse that would collect and disseminate
information about threats, such as flaws in operating systems, and solutions.
However, funding and personnel for the center is a problem, he said, because
NIST does not have funds for such a facility.

The center also would help organize responses to emergencies by quickly warning
users of new threats and defenses against them, he said.  People with solutions
to a threat could transmit their answers through the center to threatened
users, he said.  A database of experts would be created to speed response to
immediate threats.

The center would develop means of correcting flaws in software, such as
trapdoors in operating systems.  Vendors would be asked to develop and field
solutions, he said.

NIST would work on unclassified systems and the NCSC would work on secure
military systems, he said.  Information learned about viruses from classified
systems might be made available to the public through the clearinghouse, Katzke
said, although classified information would have to be removed first.

Although the virus that prompted these meetings did not try to destroy data, it
made so many copies of itself that networks rapidly became clogged, greatly
slowing down communications.  Across the network, computer systems
crashed as the virus continuously replicated itself.

During a Pentagon press conference on the virus outbreak, Raymond Colladay,
director of the Defense Advanced Research Projects Agency (DARPA), said the
virus hit 'several dozen' installations out of 300 on the agency's unclassified
Arpanet network.

Thousands Affected

The virus also was found in Milnet, which is the unclassified portion of the
Defense Data Network.  Estimates of how many computers on the network were
struck varied from 6,000 to 250,000.  The virus did not affect any classified
systems, DOD officials said.

The virus hit DARPA computers in Arlington, Va., and the Lawrence Livermore
Laboratories in California as well as many academic institutions, Colladay
said.  It also affected the Naval Ocean Systems Command in San Diego and the
Naval Research Laboratory in Maryland, a Navy spokesman said.

Written in C and aimed at the UNIX operating system running on Digital
Equipment Corp. VAX and Sun Microsystems Inc. computers, the virus was released
November 2, 1988 into Arpanet through a computer at the Massachusetts Institute
of Technology in Cambridge, Mass.

The Virus apparently was intended to demonstrate the threat to networked
systems.  Published reports said the virus was developed and introduced by a
postgraduate student at Cornell University who specializes in computer
security.  The FBI has interviewed the student.

Clifford Stoll, a computer security expert at Harvard University who helped
identify and neutralize the virus, said the virus was about 40 kilobytes long
and took 'several weeks' to write.  It replicated itself in three ways.

Spreading the Virus

The first method exploited a little-known trapdoor in the Sendmail
electronic-mail routine of Berkeley UNIX 4.3, Stoll said. The trapdoor was
created by a programmer who wanted to remove some bugs, various reports said.
However, the programmer forgot to remove the trapdoor in the final production
version.  In exploiting this routine, the virus tricked the Sendmail program
into distributing numerous copies of the virus across the network.

Another method used by the virus was an assembly language program that found
user names and then tried simple variations to crack poorly conceived passwords
and break into more computers, Stoll said.

Yet another replication and transmission method used a widely known bug in the
Arpanet Finger program, which lets users know the last time a distant user has
signed onto a network.  By sending a lengthy Finger signal, the virus gained
access to the operating systems of Arpanet hosts.

The virus was revealed because its creator underestimated how fast the virus
would attempt to copy itself.  Computers quickly became clogged as the virus
rapidly copied itself, although it succeeded only once in every 10 copy

Users across the country developed patches to block the virus' entrance as soon
as copies were isolated and analyzed.  Many users also used Arpanet to
disseminate the countermeasures, although transmission was slowed by the
numerous virus copies in the system.

DARPA officials 'knew precisely what the problem was,' Colladay said.
'Therefore, we knew precisely what the fix was. As soon as we had put that fix
in place, we could get back online.'

Colladay said DARPA will revise security policy on the network and will decide
whether more security features should be added.  The agency began a study of
the virus threat two days after the virus was released, he said.

All observers said the Arpanet virus helped raise awareness of the general
virus threat.  Several experts said it would help promote computer security
efforts.  'Anytime you have an event like this it heightens awareness and
sensitivity,' Colladay said.

However, Katzke cautioned that viruses are less of a threat than are access
abusers and poor management practices such as inadequate disaster protection or
password control.  Excellent technical anti-virus defenses are of no use if
management does not maintain proper control of the system, he said.

Congress also is expected to respond to the virus outbreak.  The Computer Virus
Eradication Act of 1988, which lapsed when Congress recessed in October, will
be reintroduced by Rep. Wally Herger (R-Calif.), according to Doug Griggs, who
is on Herger's staff.

Congressmen Plan Hearings On Virus                            November 27, 1988
>From The Seattle Times (Newhouse News Services)

WASHINGTON - The computer virus that raced through a Pentagon data network
earlier this month is drawing the scrutiny of two congressional committee
chairmen who say they plan hearings on the issue during the 101st Congress.

Democratic Reps. Robert Roe, chairman of the House Science Space and Technology
Committee, and William Hughes, chairman of the crime subcommittee of the House
Judiciary Committee, say they want to know more about the self-replicating
program that invaded thousands of computer systems.

The two chairmen, both from New Jersey, say the are concerned about how
existing federal law applies to the November 2, 1988 incident in which a
23-year-old computer prodigy created a program that jammed thousands of
computers at universities, research centers, and the Pentagon.

Roe said his committee also will be looking at ways to protect vital federal
computers from similar viruses.

"As we move forward and more and more of our national security is dependent on
computer systems, we have to think more about the security and safety of those
systems," Roe said.

Hughes, author of the nation's most far-reaching computer crime law, said his
1986 measure is applicable in the latest case.  He said the law, which carries
criminal penalties for illegally accessing and damaging "federal interest"
computers, includes language that would cover computer viruses.

"There is no question but that the legislation we passed in 1986 covers the
computer virus episodes,' Hughes said.  Hughes noted that the law also includes
a section creating a misdemeanor offense for illegally entering a
government-interest computer.  The network invaded by the virus, which included
Pentagon research computers, would certainly meet the definition of a
government-interest computer, he said.

"The 1986 bill attempted to anticipate a whole range of criminal activity
that could involve computers," he said.

Pentagon Severs Military Computer From Network Jammed By Virus    Nov. 30, 1988
By John Markoff  (New York Times)

NEW YORK - The Pentagon said on Wednesday that it had temporarily severed the
connections between a nonclassifed military computer network and the nationwide
academic research and corporate computer network that was jammed last month by
a computer virus program.

Department of Defense officials said technical difficulties led to the move.
But several computer security experts said they had been told by Pentagon
officials that the decision to cut off the network was made after an unknown
intruder illegally gained entry recently to several computers operated by the
military and defense contractors.

Computer specialists said they thought that the Pentagon had broken the
connections while they tried to eliminate a security flaw in the computers in
the military network.

The Department of Defense apparently acted after a computer at the Mitre
Corporation, a Bedford, Mass., company with several military contracts, was
illegally entered several times during the past month.  Officials at several
universities in the United States and Canada said their computers had been used
by the intruder to reach the Mitre computer.

A spokeswoman for Mitre confirmed Wednesday that one of its computers had been
entered, but said no classified or sensitive information had been handled by
the computers involved.  "The problem was detected and fixed within hours with
no adverse consequences," Marcia Cohen said.

The military computer network, known as Milnet, connects hundreds of computers
run by the military and businesses around the country and is linked through
seven gateways to another larger computer network, Arpanet.  It was Arpanet
that was jammed last month when Robert T. Morris, a Cornell University
graduate student, introduced a rogue program that jammed computers on the

In a brief statement, a spokesman at the Defense Communication Agency said the
ties between Milnet and Arpanet, known as mail bridges, were severed at 10 p.m.
Monday and that the connections were expected to be restored by Thursday.

"The Defense Communications Agency is taking advantage of the loop back to
determine what the effects of disabling the mail bridges are," the statement
said.  "The Network Information Center is collecting user statements and
forwarding them to the Milnet manager."

Several computer security experts said they had been told that the network
connection, which permits military and academic researchers to exchange
information, had been cut in response to the intruder.  "We tried to find out
what was wrong (Tuesday night) after one of our users complained that he could
not send mail," said John Rochlis, assistant network manager at the
Massachusetts Institute of Technology.  "Inititally we were given the run
around, but eventually they unofficially confirmed to us that the shut-off was
security related."

Clifford Stoll, a computer security expert at Harvard University, posted an
electronic announcement on Arpanet Wednesday that Milnet was apparently
disconnected as a result of someone breaking into several computers.

Several university officials said the intruder had shielded his location by
routing telephone calls from his computer through several networks.

A manager at the Mathematics Faculty Computer Facility at the University of
Waterloo in Canada said officials there learned that one of their computers had
been illegally entered after receiving a call from Mitre.

He said the attacker had reached the Waterloo computer from several computers,
including machines located at MIT, Stanford, the University of Washington and
the University of North Carolina. He said that the attacks began on November 3,
1988 and that some calls had been routed from England.

A spokeswoman for the Defense Communications Agency said that she had no
information about the break-in.

Stoll said the intruder used a well-known computer security flaw to illegally
enter the Milnet computers.  The flaws are similar to those used by Morris'
rogue program.

It involves a utility program called "file transfer protocol (FTP" that is
intended as a convenience to permit remote users to transfer data files and
programs over the network.  The flaw is found in computers that run the Unix
operating system.

The decision to disconnect the military computers upset a number of computer
users around the country.  Academic computer security experts suggested that
the military may have used the wrong tactic to attempt to stop the illegal use
of its machines.

"There is a fair amount of grumbling going on," said Donald Alvarez, an MIT
astrophysicist.  "People think that this is an unreasonable approach to be

He said that the shutting of the mail gateways did not cause the disastrous
computer shutdown that was created when the rogue program last month stalled as
many as 6,000 machines around the country.

[The hacker suspected of breaking into MIT is none other than Shatter.  He
speaks out about the hacker community in PWN XXII/4.   -KL]

MCI's New Fax Network                                             December 1988
>From Teleconnect Magazine

MCI introduced America's first dedicated fax network.  It's available now.  The
circuit-switched network, called MCI FAX, takes a slice of MCI's existing
bandwidth and configures it with software to handle only fax transmissions.
Customers - even MCI customers - have to sign up separately for the service,
though there's currently no fee to join.

Users must dedicate a standard local phone line (e.g. 1MB) to each fax machine
they want on the MCI network (the network doesn't handle voice) and in return
get guaranteed 9600 baud transmission, and features like management reports,
customized dialing plans, toll-free fax, cast fax, several security features,
delivery confirmation and a separate credit card.

The system does some protocol conversion, fax messages to PCs, to telex
machines or from a PC via MCI Mail to fax.  The service is compatible with any
make or model of Group III and below fax machine and will be sold, under a new
arrangement for MCI, through both a direct sales force and equipment
manufacturers, distributors and retailers.  For more info 1-800-950-4FAX.  MCI
wouldn't release pricing, but it said it would be cheaper.

Military Bans Data Intruder                                    December 2, 1988
Compiled From News Services

NEW YORK -- The Pentagon has cut the connections between a military computer
network (MILNET) and an academic research network (ARPANET) that was jammed
last month by a "computer virus."

The Defense Department acted, not because of the virus, but rather because an
unknown intruder had illegally gained entry to several computers operated by
the armed forces and by defense contractors, several computer security experts

The Defense Department apparently acted after a computer at the Mitre
Corporation of Bedford, Mass., a company with several military contracts, was
illegally entered several times in the past month.

Officials at several universities in the United States and Canada said their
computers had been used by the intruder to reach the Mitre computer.

A spokeswoman for Mitre confirmed Wednesday that one of its computers had been
entered, but said no classified or sensitive information had been handled by
the computers involved.

"The problem was detected and fixed within hours, with no adverse
consequences," Marcia Cohen, the spokeswoman said.

The military computer network, known as Milnet, connects hundreds of computers
run by the armed forces and businesses around the country and is linked through
seven gateways to another larger computer network, Arpanet.  Arpanet is the
network that was jammed last month by Robert T. Morris, a Cornell University
graduate student.
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.