Title : Phrack World News XXV/Part 2
Author : Knight Lightning
==Phrack Inc.==
Volume Three, Issue 25, File 10 of 11
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXV/Part 2 PWN
PWN PWN
PWN March 29, 1989 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
German Hackers Break Into Los Alamos and NASA March 2, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Three hours ago, a famous German TV-magazine revealed maybe one of the greatest
scandals of espionage in computer networks: They talk about some (three to
five) West German hackers breaking into several secret data networks (Los
Alamos, Nasa, some military databases, (Japanese) war industry, and many
others) in the interests of the KGB, USSR. They received sums of $50,000 to
$100,000 and even drugs, all from the KGB, the head of the political
television-magazine said.
The following news articles (and there are a lot) all deal with (directly and
indirectly) the recent Spy scandal situation that occurred in West Germany.
The majority of the articles shown here are taken from RISKS Digest, but they
have been edited for this presentation.
This presentation contains some information not previously seen (at least not
in this format).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Computer Espionage: Three "Wily Hackers" Arrested March 2, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Three hackers have been arrested in Berlin, Hamburg and Hannover, and they are
accused of computer espionage for the Soviet KGB. According to the television
magazine "Panorama" (whose journalists have first published the NASA and SPAN
hacks), they intruded scientific, military and industry computers and gave
passwords, access mechanisms, programs and data to 2 KGB officers; among
others, intrusion is reported of the NASA headquarters, the Los Alamos and
Fermilab computers, the United States Chief of Staff's data bank OPTIMIS, and
several more army computers. In Europe, computers of the French-Italian arms
manufacturer Thomson, the European Space Agency ESA, the Max Planck Institute
for Nuclear Physics in Heidelberg, CERN/GENEVA and the German Electron
Accelerator DESY/Hamburg are mentioned. The report says that they earned
several 100,000 DM plus drugs (one hacker evidently was drug addict) over about
3 years.
For the German Intelligence authorities, this is "a new quality of espionage."
The top manager said that they had awaited something similar but are
nevertheless surprised that it happened so soon and with such broad effects.
Summarizing the different events which have been reported earlier -- NASA and
SPAN hacks, Clifford Stoll's report of the "Wily Hacker" -- I regard this as
essentially the final outcome of the Wily Hackers story (with probably more
than the 3 which have now been imprisoned). It is surprising that the
Intelligence authorities needed so long time (after Cliff's Communications Of
The ACM report, in May 1988) to finally arrest and accuse these crackers.
Moreover, the rumors according to which design and production plans of a
Megabit chip had been stolen from Philips/France computers seems to become
justified; this was the background that CCC hacker Steffen Wernery had been
arrested, for several months, in Paris without being accused. CAD/CAM programs
have also been sold to KBG.
Information Provided By
Klaus Brunnstein
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Computer Spy Ring Sold Top Secrets To Russia March 3, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
West German counter-intelligence has uncovered a spy ring centered on computer
hackers suspected of having supplied the Soviet Union with top secret military
and economic information.
They are said to have penetrated computer networks in the United States,
Western Europe and Japan, according to a television report last night.
In a special program, the North German Broadcasting Network said that thousands
of computer codes, passwords and programs which allowed the Soviet Union access
to major computer centers in the Western world have been passed on by the
hackers. They had been recruited by the KGB in 1985 and are alleged to have
supplied the information in return for money and drugs.
In Karlsruhe, the West German Chief Public Prosecutor's Office, which is in
charge of spy cases, would only confirm last night that three arrests have been
made March 2nd during house searches in Hannover and West Berlin.
Those detained were suspected of "having obtained illegally, through hacking
and in exchange for money, information which was passed on to an Eastern secret
service."
But the spokesman did not share West German television's evaluation, which said
the case was the most serious since the unmasking in 1974 of an East German
agent in the office of ex-Chancellor Willy Brandt. The Interior Ministry in
Bonn last night also confirmed several arrests and said the suspects had
supplied information to the KGB. The arrests followed months of investigations
into the activities of young computer freaks based in Hamburg, Hannover and
West Berlin, the ministry said.
According to the television report, the hackers gained access to the data banks
of the Pentagon, NASA Space Center, and the nuclear laboratory in Los Alamos.
They also penetrated leading West European computer centers and armament
companies, including the French Thomson group, the European Nuclear Research
Center, CERN, in Geneva; the European Space Authority, ESA, and German
companies involved in nuclear research.
The Russians are alleged to have put pressure on the hackers because of their
involvement with drugs, and to have paid several hundred thousands marks for
information, the program said.
West German security experts on the evening of March 2nd described the new spy
case as "extremely grave." The KGB has been provided with a "completely new
possibility of attack" on Western high technology and NATO military secrets.
The sources said it was "sensational" that the hackers should have succeeded in
penetrating the US defense data systems from Western Europe.
The North German Broadcasting Network program said its research was based on
information given by two members of the suspected espionage ring.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KGB Computer Break-Ins Alleged In West Germany March 3, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Taken From the International Herald Tribune
Bonn - Three West German computer hackers have been arrested on suspicion of
infiltrating computer networks worldwide to obtain secret data for an East
block intelligence service, prosecutors said on March 2nd.
A spokesman for the federal prosecutor, Alexander Prechtel, confirmed that
three men were arrested, but did not identify the East Block country involved
or the networks infiltrated.
The ARD television networks "Panorama" program, the thrust of which the
spokesman confirmed, said the hackers had passed secrets from a range of highly
sensitive U.S., French, and West German computer networks to the KGB, the
Soviet secret police.
The television report said it was the worst such espionage case to be uncovered
in West Germany since the 1974 exposure of Guenter Guillaume, an East German
spy who was a top aide to Willy Brandt, then the West German chancellor.
Among the systems believed to have been infiltrated were the U.S.: Defense
Department's staff data bank, the U.S. nuclear arms laboratory in Los Alamos,
New Mexico, the National Aeronautics and Space Administration, and U.S.
military supply depots.
The report said other systems entered were at the French arms and electronics
company Thomson SA, a European nuclear-research center in Geneva, the European
Space Agency and the Max-Planck Institute for Nuclear Physics in West Germany.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
News From The KGB/Wily Hackers March 7, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now, five days after the "sensational" disclosure of the German (NDR) Panorama
Television team, the dust of speculations begins to rise and the facts become
slowly visible; moreover, some questions which could not be answered in
Clifford Stoll's Communications of the ACM paper may now be answered. Though
not all facts are known publicly, the following facts seem rather clear.
- In 1986, some hackers from West Berlin and Hannover discussed, in "hacker
parties" with alcohol and drugs, how to solve some personal financial
problems; at that time, first intrusions of scientific computers
(probably CERN/Geneva as hacker training camp) and Chaos Computer Club's
spectacular BTX-intrusion gave many hackers (assisted by newsmedia) the
*puerile impression* that they could intrude *into every computer
system*; I remember contemporary discussions on 1986/87 Chaos Computer
Conferences about possibilities, when one leading CCC member warned that
such hacks might also attract espionage (Steffen Wernery recently
mentioned that German counter-espionage had tried several times to hire
him and other CCC members as advisors -- unsuccessfully).
- A "kernel group" of 5 hackers who worked together, in some way, in the
"KGB case" are (according to Der SPIEGEL, who published the following
names in its Monday, March 6, 1989 edition):
-> Markus Hess, 27, from Hannover, Clifford Stoll's "Wily Hacker" who was
often referred to as the Hannover Hacker and uses the alias of Mathias
Speer; after having ended (unfinished) his studies in mathematics, he
works as programmer, and tries to get an Informatics diploma at the
University of Hagen (FRG); he is said to have good knowledge of VMS
and UNIX.
-> Karl Koch, 23, from Hannover, who works as programmer; due to his
luxurious lifestyle and his drug addiction, his permanent financial
problems have probably added to his desire to sell "hacker knowledge"
to interested institutions.
-> Hans Huebner, alias "Pengo," from Berlin, who after having received
his Informatics diploma from Technical University of West Berlin,
founded a small computer house; the SPIEGEL writes that he needed
money for investment in his small enterprise; though he does not
belong to the Chaos Computer Club, he holds close contacts to the
national hacker scenes (Hamburg: Chaos Computer Club; Munich: Bavarian
Hacker Post; Cologne: Computer Artists Cologne, and other smaller
groups), and he was the person to speak about UUCP as a future
communications medium at the Chaos Communication Congress.
-> Dirk Brezinski, from West Berlin, programmer and sometimes
"troubleshooter" for Siemens BS-2000 systems (the operating system of
Siemens mainframe computers), who earned, when working for Siemens or
a customer (BfA, a national insurance for employees) 20,000 DM (about
$10,800) a month; he is regarded (by an intelligence officer) as "some
kind of a genius."
-> Peter Carl, from West Berlin, a former croupier, who "always had
enough cocaine." No information about his computer knowledge or
experience is available.
After successfully stimulating KGB's interest, the group (mainly Hess and Koch)
committed their well-documented hacks [See Clifford Stoll's "Stalking the Wily
Hacker," Communications of the ACM, May 1988]. SPIEGEL writes that the group
*sold 5 diskettes full of passwords*, from May to December 1986, to KGB
officers which they met in East Berlin; when Bremen University computer center,
their favorite host for transatlantic hacks, asked the police to uncover the
reasons for their high telephone bills, they stopped the action.
This statement of Der SPIEGEL is probably wrong because, as Cliff describes,
the "Wily Hacker" successfully worked until early 1988, when the path from his
PC/telephone was disclosed by TYMNET/German Post authorities. The German
public prosecutors did not find enough evidence for a trial, when examining
Hess' apartment; moreover, they had acquired the material in illegal actions,
so the existing evidence could not be used and finally had to be scratched!
In Hess' apartment, public prosecutors found (on March 3, 1989) password lists
from other hacks. On Monday, March 6, 1989, the Panorama team (who had
disclosed the NASA hack and basically the KGB connection) asked Klaus
Brunnstein to examine some of the password lists; the material which he saw
(for 30 minutes) consisted of about 100 photocopied protocols of a hack during
the night of July 27 to 28, 1987; it was the famous "NASA hack." From a VAX
750 (with VMS 4.3), which they entered via DATEX-P (the German packed-switched
data-exchange network, an X.25 version), where they evidently previously had
installed a Trojan horse (UETFORT00.EXE), they tried, via SET HOST... to
log-into other VAXes in remote institutes. They always used SYSTEM account and
the "proper" password (invisible).
Remark: Unfortunately, DEC's installation procedure works only if a SYSTEM
account is available; evidently, most system managers do not change
the preset default password MANAGER; since Version 4.7, MANAGER is
excluded, but on previous VMS versions, this hole probably exists in
many systems!
Since the hackers, in more than 40% of the cases, succeeded to login, their
first activities were to SET PRIV=ALL; SET PRIO=9, and then to install (via
trans-net copy) the Trojan horse. With the Trojan horse (not displayed under
SHow Users), they copied the password lists to their PCs. When looking through
the password list, Klaus observed the well-known facts: More than 25% female
or male first names, historical persons, countries, cities, or local dishes (in
the Universities of Pisa, Pavia, and Bologna, INSALATA was/is a favorite
password of several people). Only in CASTOR and POLLUX, the password lists
contained less than 5% passwords of such nature easy to guess!
Apart from many (about 39) unsuccessful logins, many different CERN/GENEVA,
NASA systems (CASTOR, POLLUX, Goddard and Ames Space Flight Centers), several
USA, GB, French, Italian and some German institutes connected in SPAN were
"visited." The documented session was from July 27, 10 p.m. to July 28, 1 a.m.
The media report that other hacks (probably not all committed by Hess and Koch
themselves) were sold to KGB. Among them, Electronic and Computer Industry
seem to be of dominant interest for the USSR. If special CAD/CAM programs and
Megabit designs (especially from Thomson/France, from VAX systems) have been
stolen, the advantage and value for the USSR cannot be (over)estimated.
In FRG, the current discussion is whether the hackers succeeded to get into
"kernel areas" or only "peripheral areas." This discussion is ridiculous since
most "peripheral systems" contain developments (methods, products) for future
systems, while the "kernel systems" mainly contain existing applications (of
past architectures).
The well-known hackers (especially CCC) have been seriously attacked by some
media. My best guess is that CCC was itself *a victim* because the group
succeeded to informally get much of the information which they needed for some
of the hacks, and which they finally sold to KGB. Apart from "Pengo," there
doesn't seem to be a close relation between CCC and the KGB/Wily Hackers.
Nevertheless, CCC and others, like Cheshire Catalyst in the USA, have prepared
a climate where espionage inevitably sprang-off.
Information Provided By
Klaus Brunnstein
_______________________________________________________________________________
Pengo Speaks Out About The KGB Hackers And More March 10, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following are statements made by Pengo to Phrack Inc. during an interview
with Knight Lightning;
KL: What is your response to the accusations of being a KGB spy?
P: I have been involved into this espionage circle throughout some months in
1986. I did not actually work for the KGB, nor did I hand out hacker
information to the East. All my hacking activities since then have been
for the pure purpose of personal enlightenment. I never hid my name
before, and I won't go undercover now that the real story comes to the
surface.
In the middle of 1988, I informed the West German authorities (secret
service) about my involvement with the KGB. This is one of the main
reasons for the big busts last week. I have to live with the fact that
some hackers now think I am working for the authorities now. I don't, and
I will try anything to avoid getting into all these secret
service/espionage problems again.
KL: What about the statements made in DER SPIEGEL?
P: They published my name and claimed that I was "very active" for the east,
but also that I am the :most hopeful head in West Berlin's hacking scene."
I now try to make the best out of this publicity.
KL: Klaus Brunnstein made some strong statements about you in RISKS Digest,
what did you think of that?
P: It really upsets me a lot. Klaus Brunnstein doesn't know anything
detailed about this case, but he seems to love seeing himself as the
insider in the German scene. At the last congress I got in kind of a
dispute with him. He could not understand why I, as a computer scientist,
still support hackers. Perhaps this is one of the reasons for his
publication.
KL: Any other comments?
P: What I would be interested in hearing about the reaction to this situation
from the United States hackers' point of view. I have already heard that
most people seem to believe that the whole Chaos Computer Club is an
association of spies. This is of course untrue.
KL: What do you intend to do about the bad press you have received?
P: I have posted a reply to Brunnstein's posting in RISKS (shown in next
article). Apart from Hagbard, those guys never were hackers, and it seems
to turn out that they have really been mere spies.
KL: Were there any other repercussions to this case besides bad publicity?
P: Currently, I'm puzzling out a new way of earning money, since my company
decided to fire me. That's what you get if you play with fire :-)
Luckily, I'm optimist!
-Pengo
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Pengo Speaks In RISKS Digest March 10, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In RISKS Digest, Klaus Brunnstein mentioned my name in the context of the
hacker/espionage case recently discovered by the German authorities. Since Mr.
Brunnstein is not competent to speak about the background of the case, I'd like
to add some clarification to prevent misunderstandings, especially concerning
my role. I think it is a very bad practice to just publish names of people
without giving background information.
I have been an active member of the net community for about two years now, and
I want to explicitly express that my network activities have in no way been
connected to any contacts to secret services, be it Western or Eastern ones.
On the other hand, it is a fact that when I was younger (I'm 20 years old now),
there had been a circle of people which tried to make deals with an eastern
secret service. I have been involved in this, but I hope that I did the right
thing by giving the German authorities detailed information about my
involvement in the case in the summer of 1988.
As long as the lawsuit on this case is still in progress, I am not allowed to
give out any details about it to the public. As soon as I have the freedom to
speak freely about all of this, I'll be trying to give a detailed picture about
the happenings to anyone who's interested.
I define myself as a hacker. I acquired most of my knowledge by playing around
with computers and operating systems, and yes, many of these systems were
private property of organizations that did not even have the slightest idea
that I was using their machines. I think that hackers (people who creatively
handle technology and not just see computing as their job) do a service for the
computing community in general. It has been pointed out by other people that
most of the "interesting" modern computer concepts have been developed or
outlined by people who define themselves as "hackers."
When I started hacking foreign systems, I was 16 years old. I was just
interested in computers, not in the data which has been kept on their disks.
As I was going to school at that time, I didn't even have the money to buy my
own computer. Since CP/M (which was the most sophisticated OS I could use on
machines which I had legal access to) didn't turn me on anymore, I enjoyed the
lax security of the systems I had access to by using X.25 networks.
You might point out that I should have been patient and wait until I could go
to the university and use their machines. Some of you might understand that
waiting was just not the thing I was keen on in those days. Computing had
become an addiction for me, and thus I kept hacking. I hope this clears the
question "why."
It was definitely NOT to give the Russians any advantage over the USA, nor to
become rich and get a flight to the Bahamas as soon as possible. The results
of the court trial will reveal this again, but until then I want to keep rumors
out that the German hackers were just the long (?) arm of the KGB to harm
Western computer security or defense power.
It should also be pointed out that the Chaos Computer Club has in no way been
connected to this recent case, and again, that the CCC as an organization has
never been a "hacker group." The CCC merely handles the press for hackers, and
tries to point out implications of computers and communications for society in
general.
I have already lost my current job, because of my name being published in DER
SPIEGEL and in RISKS. My business partners became anxious about my involvement
in the case. Several projects I was about to complete in the near future have
been cancelled, which forces me to start again at the beginning in some way.
-Hans Huebner
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Klaus Brunnstein Reacts To Pengo In RISKS Digest March 14, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Pengo" Hans Huebner stated that he had no share in the KBG case as I mentioned
in my report. Since I myself had no share in the KGB case (and in this sense,
I am not as good a source as Pengo!), I tried to transmit only information
where I had at least *two independent sources* of *some credibility*. In
Pengo's case (where I was rather careful because I could not believe what I
read), my two sources were:
- The SPIEGEL report (I personally agree that names should be avoided as
long as current investigations are underway; yet in this cases, the names
have been widely published in FRG and abroad);
- A telephone conversation with a leading Chaos Computer Club person after
he had informed me about a public debate at Hannover fair (where the
German daily business newspaper, Wirtschafts, which had organized a
discussion with data protection people and CCC).
I asked him whether he knew of Pengo's contribution; he told me that
he directly asked Pengo, "Did you, without pressure and at your own
will, work for the Russians?" Pengo answered, "Yes." He told me that
he immediately cut-off any contact to Pengo. Evidently, there was a
controversial discussion in Chaos Computer Club whether on should react
in such a strict manner. I understand the strong reaction because the
KGB hackers severely damaged the CCC's attempt to seriously contribute to
the public discussion of some of the social consequences of computers.
They now face, more seriously than before, the problem of being regarded
as members of a criminal gang.
-Klaus Brunnstein
_______________________________________________________________________________