Title : Phrack World News XXVIII Part 4
Author : Knight Lightning
==Phrack Inc.==
Volume Three, Issue 28, File #12 of 12
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXVIII/Part 4 PWN
PWN PWN
PWN October 7, 1989 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Woman Indicted As Computer Hacker Mastermind June 21, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by John Camper (Chicago Tribune)
A federal grand jury indicated a Chicago woman Tuesday for
allegedly masterminding a nationwide ring of computer hackers
that stole more than $1.6 million of telephone and computer
service from various companies.
The indictment charges that Leslie Lynne Doucette, 35, of 6748
North Ashland Ave, and 152 associates shared hundreds of stolen
credit card numbers by breaking into corporate "voicemail"
systems and turning them into computer bulletin boards.
Voicemail is a computerized telephone answering machine. After a
caller dials the machine's number he punches more numbers on his
telephone to place messages in particular voicemail boxes or
retrieve messages already there.
The indictment charges that the hacker ring obtained more than
$9,531.65 of merchandise and $1,453 in Western Union money orders
by charging them to stolen bank credit card numbers.
It says the group used stolen computer passwords to obtain
$38,200 of voicemail service and stolen telephone credit card
numbers to run up more than $286,362 of telephone service.
But the biggest haul, more than $1,291,362, according to the
indictment, represented telephone service that was stolen through
the use of Private Branch eXchange (PBX) "extender codes."
A PBX system provides internal telephone service within a
company. If a PBX system is equipped with an extender, a person
can call the PBX system, punch in a code, and dial long distance
at the expense of the company that owns the
system.
The only corporate victims of the alleged fraud named in the
indictment are August Financial Corporation of Long Beach
California, and A-1 Beeper Service of Mobile, Alabama.
Doucette has been held without bond in the Metropolitan
Correctional Center since May 24, when she was arrested on a raid
on her apartment that netted 168 telephone credit card numbers
and 39 extender codes, federal authorities said. The indictment
does not name any members of the alleged ring, but authorities
said the investigation is continuing.
United States Attorney Anton R. Valukas said the indictment is
the nation's first involving abuse of voicemail.
"The proliferation of computer assisted telecommunications and
the increasing reliance on this equipment by American and
international business create a potential for serious harm," he
said.
Authorities said they discovered the scheme last December after a
Rolling Meadows real estate broker reported that hackers had
invaded his company's voicemail system and changed passwords.
Authorities said they traced the calls into the Rolling Meadows
voicemail system to telephones in private homes in Chicago,
Columbus, Ohio, and suburban Detroit, Atlanta and Boston.
Checks on those phones led them to voicemail systems in companies
around the country, they said.
[For more information see Phrack World News XXVII/Part One and
the article entitled, "Computer Intrusion Network in Detroit,"
dated as May 25, 1989 --KL]
_______________________________________________________________________________
Phreaks Abuse East St. Louis Phone Card
September 24, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ East
St. Louis, IL, a dirt-poor minority suburb of the larger Missouri
city by the same name was victimized for several months by
phreaks without realizing it until the phone bills for a one year
period were audited recently.
According to a recent story in the Belleville, IL
(News-Democrat), the city is being billed for phone calls to
dial-a-porn services and from points as far flung as Florida and
Texas.
The monthly phone bill for the city of East St. Louis averages
$5000, and over the past year it has included calls to nearly
every state as well as to "900" area adult talk lines. City
Treasurer Charlotte Moore said the number of questionable calls
in each month's phone bill, which is usually two inches thick,
shows the "need for better policing of phones."
No kidding! The (News-Democrat) obtained copies of the phone
bill for several months under the Freedom of Information Act, and
set about reviewing the places and people called. For example,
from March through May of this year, hundreds of dollars in calls
were made from places in Texas, Florida and elsewhere, and
charged to a Calling Card number assigned to the city.
In one instance, a caller in northern Florida made a 288-minute
call to Miami that cost East St. Louis $39.27. The
(News-Democrat) called the Miami number, and reached a man named
John, who refused to give his last name, and claimed he "...had
never even heard of East St. Louis..."
Calls from one certain number in Houston to places all over the
United States accounted for more than $1000 in charges over
several months. A man who answered the phone at the Houston
number refused to give his name and refused to discuss the
matter, or explain how his phone might have been used for the
fraudulent calls.
Prior to intervention by the newspaper, the city had done
nothing. Apparently they were not even aware of the abuse. On
notification, the local telco cancelled all outstanding PINS, and
issued new ones. Meanwhile, the city of East St. Louis continues
to plead poverty. They are barely able to meet payroll for city
employees, and have skipped a couple of paydays at that. The
city has an extremely poor tax base, and will likely file
bankruptcy in the near future.
_______________________________________________________________________________
The Cuckoo's Egg
October 1, 1989 ~~~~~~~~~~~~~~~~
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer
Espionage by Cliff Stoll, Doubleday, 1989, ISBN
0-385-24946-2 ($19.95)
Book Review by Louise Bernikow, Cosmopolitan, October
1989
Here is a first -- the true story of a man who notices a
seventy-five cent discrepancy in a computer's accounting system
and runs the error down until it leads to a real live spy ring.
Even if you don't know a byte from a bagel, this book will grip
you on page one and hold you as ferociously as the best mystery
stories.
It is astrophysicist-turned-systems-manager Cliff Stoll's first
week on the job at a lab in Berkeley, California. The error
turns up, and he tries to figure out why, partly as an exercise
in learning about the computer system he's going to be working
with. Almost immediately, he discovers that somebody had been
breaking into the computer network using a fake password. That
discovery leads him to other break-ins in other computers,
including some in military installations. He alerts the FBI,
which, since he has lost neither half a million dollars nor any
classified information, says, "Go away, kid."
Stoll presses on, sleeping under his desk at night, monitoring
the system -- a hound waiting for the fox to come out in the
open. There is suspense aplenty, but it's the intensely human,
often funny voice of the man on the trail that makes this book so
wonderful. Stoll's girlfriend, Martha, a law student, seems like
one smart and delightful cookie, and she puts up with his
obsession pretty well. In the end, Stoll becomes a national
hero. The play-by-play is nothing short of fascinating.
[I wonder if anyone got those cookies --KL]
_______________________________________________________________________________
Hackwatch Spokesman Charged
October 2, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from Computing
Australia
Self-styled computer security expert Paul Dummett, alias Stuart
Gill, has been charged with making false reports to the Victoria
Police following an investigation into claims he made in the
daily media late in 1988 and early this year. The articles often
quoted Gill, introducing himself as a spokesman for either
"Hackwatch" or the "DPG monitoring service".
Gill claimed hackers in Australia had gained access codes from
others in the US and lifted $500,000 (US) from the International
Citibank, United States. Other claims include credit card
numbers had been posted on bulletin boards for BBS users' access;
drugs, including steroids, were being sold using bulletin boards;
evidence of this had been given to the police by informers; and
in response, the police had raided several hackers' homes. The
police, including the Criminal Investigation Bureau and the Fraud
Squad's Computer Section, repeatedly denied the claims.
Gill had disappeared, but returned again on September 22 and was
charged in the Frankston Magistrates' Court under his real name,
Paul Dummett. According to court documents, police investigating
Dummett's claims allegedly found Citibank's computer network had
not been illegally accessed on its New York number as Dummett had
claimed. When Dummett appeared in court his legal aid counsel
Serge Sztrajt applied successfully to adjourn the case until
October 20. Dummett did not enter a plea.
_______________________________________________________________________________
PWN Quicknotes ~~~~~~~~~~~~~~ 1.
Hire A Hacker? -- "Some very
notable people in the computer
industry started out as hackers tinkering around in a
mischievous fashion," Ron Gruner, president of Alliant
Computer Systems Corporation told Computerworld why he would
probably hire Robert T. Morris Jr., of Cornell and creator of
Internet worm. - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - 2. Computer Hackers Rip
Off Corporate 800 Lines -- Computer hackers pride themselves
on never having to pay for long distance calls. How do they
do it? Sam Daskam, president of Information Security
Association (ISA), explains: Hackers call corporate numbers
until they find one with an automated switchboard. The
fingers do not do the walking. Automatic caller software is
used. Then they link their computer to try all combinations
of three or four-digit numbers until they find one which
connects them to the company's outside toll or 800 line.
Once they get a dial tone, they can make calls anywhere at
the firm's expense. Taken from the Security Letter 1989. -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - 3. 900 Service Considered -- There has been
talk among some companies about switching from using the 800
toll free numbers to 900 numbers since the ease of use of the
900 numbers has been shown so vividly. This would save the
corporations a large degree of money. - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4.
Grocery Store "Hackers" Sell Drugs And Women -- The VMB
(voice mailbox) system of a wholesale grocer in Los Angeles
was commandeered to a small band of "hackers," who used the
system to run a prostitution ring and disseminate data about
drugs. Finally, valid VMB users complained that they could
not use the service since their passwords were invalidated.
An investigation disclosed that the "hackers" overrode
security features and acquired 200 VMBs for their own use. -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - 5. Phone Phreaks Busted In Upstate New York
-- Once again it seems that Syracuse, New York is ripe for
the picking for law officials to grab hackers involved
computer related crimes. In August the Federal
Communications Commission (FCC) put a local area police
sergeant in charge of contacting a list of local computer
users that were using a local long distance service that
offered national and international calling.
It seems that one user of the service contacted the company
about a large bill, $10,000, that he received. The company
then put a trap on the code and accumulated a list of
unauthorized users to that code. So far the local
authorities, the state police, and the FBI have been brought
in on the case. They have been interviewing those on the
list and so far most have cooperated fully with the police
(most offenders are underage). One user called Gunter has
even allowed the police to use his computer bbs accounts.
The service used by those caught (25 people) where to place
long distance calls to France, Dominican Republic, Kenya, and
Germany. The callers also used the service to call locally
in Syracuse, as one person said that it cleaned up the line
noise. - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - 6. Bulletin Board Scanning Saves
Boy (August 24, 1989) --Undercover police in San Jose,
California, have been watching bulletin boards for several
years, looking for computer users who boast about their
criminal exploits. It was such activity that led them to
Virginians Dean Ashley Lambey, 34, and Daniel T. Depew, 28,
who have been accused of conspiring to kidnap a young boy to
be filmed as they molested him and then killed him. (Article
by Tracie L. Thompson of the San Francisco Chronicle.) - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - 7. German Hackers Attempt To End Smoking (August
29, 1989) -- On Saturday, August 26, 1989, ZDF (the second
German television station and one of the 2 nationwide
television channels) asked their viewers whether they thought
smoking should be banned in public areas. The viewers could
reply by telephone, dialing one telephone number for "yes"
and another telephone number for "no." Within a time frame
slot of 14 minutes, 52,942 telephone calls came in, with a
ratio of 54:46 in favor of prohibiting smoking. This means
that 29,669 voted in favor of a prohibition, and 25,273
opposed it.
On Monday, August 28, 1989, a group of South German hackers
claimed to have manipulated the quota by dialing the "yes"
number with 83 personal computers at a rate of 4 times a
minute; virtually all of their calls came through so that
about the maximum of 4,648 "yes" votes came from their
computers. These circumstances led to new results in the
poll: "Yes" = 25,021 and "No" = 25,273, giving the "no" group
a small majority.
Story by Klaus Brunnstein - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- 8. Immigration Chief Proposes National Computer Screen (June
22,
1989) --LA JOLLA, CA, -- The Commissioner of Immigration and
Naturalization, Alan C. Nelson, today proposed a nationwide
computer system to verify the identities of all job
applicants in order to halt the widespread use of fraudulent
documents by illegal aliens seeking jobs.
Mr. Nelson also suggested standardized identity cards for
immigrants so as to get fuller compliance with a 1986 law
prohibiting employment of illegal aliens.
Creating a national identity card and other ways of checking
legal status or identity have been repeatedly suggested in
Congress as tools in fighting unlawful immigration, but have
also been consistently rejected as potential infringements on
civil liberties.
The national computerized database on everybody is one bad
idea that simply refuses to stay dead, no matter how many
times we drive a stake through its heart -- if the INS didn't
resurrect it, the drug czar or the FBI would. "Eternal
vigilance..."
Story by Roberto Suro (New York Times) - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - 9. West German Computer Hackers Accused Of Spying For
Soviets
(Aug. 17, 1989) -- Associated Press (Frankfurt) -- Three
computer hackers, suspected of giving the Soviet Union
information from military and industrial computers worldwide,
have been indicted on espionage charges, prosecutors said
yesterday. The West German government called the breakup of
the spy ring, which gave the KGB secret data from 12
countries, including the United States, "a major blow" to the
Soviets. In a four-page statement, Kurt Rebman, the chief
federal prosecutor, said it was the first time his office had
prosecuted hackers for endangering national security. Taken
from the Boston Globe - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - 10. Challenge To
Phreaks! (August 31, 1989) -- Nippon Telegraph & Telephone
Corp. (Tokyo) is offering a $7,000 reward to any person or
organization that can invade its FEAL-8 private communication
and data system, according to an Associated Press report that
NTT America Inc. officials could not confirm. The reward
offer supposedly expires 8/31/91. No telephone number or
other information was included. Taken from the Wall Street
Journal. - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - 11. Shadow Stalker Loses Out
(August 7, 1989) -- A 17-year-old Michigan boy has been
charged with posting stolen long-distance telephone codes on
a bulletin board system operated in his home. Brent G.
Patrick, alias "Shadow Stalker" online, was arraigned this
week on one count of stealing or retaining a financial
transaction device without consent. Patrick was released on
$2,500 bond, pending his hearing. The youth faces a maximum
of four years in prison and a $2,000 fine if convicted. His
bulletin board, Wizard Circle, has been closed. - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - 12. Philadelphia Hackers Change Speed Limit -- Recently
an unknown hacker got into the computer that controlled the
speed limit on the Burlington-Bristol Bridge. He proceeded
to change the speed limit from 45 m.p.h. to 75 m.p.h. A lot
of people were stopped and ticketed and judges say they will
not hear any appeals because, "the public should know better
than that no matter what the sign says." The police claim to
have leads, however this is doubtful. - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 13.
Two Story Jump To Escape From Secret Service (July 26, 1989)
-- Red Rebel, a known hacker in Florida was busted by the
United States Secret Service and local authorities. It seems
that in attempt to to escape he actually jumped out a second
story window and ran for a while. The Secret Service
confiscated two computers and a load of disks.
To make matters worse, similar to Oryan QUEST, Red Rebel is
not an American citizen and is likely to be deported. Red
Rebel is charged with resisting arrest, interfering with
evidence, and something concerning credit card fraud.
Information provided by The Traxster. - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 14.
Fraud Alert (September 1989) -- PBX fraud is busting out all
over. Long distance carriers are being overwhelmed by
corporate customers demanding refunds for fraud perpetrated
on them. No long distance carrier covers their customer's
long-term fraud. If you got fraud you got to pay. This is
not like stolen credit cards. This is real serious stuff.
Thieves are dialing into 800 INWATS lines and, via auto
attendants, hacking their way to overseas. The big calls go
to drug-related countries, especially Colombia, Pakistan,
Dominican Republic, and Ecuador. But no one really knows
which countries are drug-related and which aren't. Taken
from Teleconnect Magazine. - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - 15. Motorola
Introduces Network Encryption System (August 4, 1989) --
Motorola Government Equipment Group (GEG) has introduced its
Network Encryption System (NES), which features the latest in
security services for the protection of Local Area Networks
(LANs). Designed in accordance with Secure Data Network
System (SDNS) standards including SDNS electronic key
management, the NES is a flexible internet security solution
for Type I applications.
The NES is unique in COMSEC technology because the protocol
software is loaded via diskette. The NES is installed in the
drop cable between the computer and the transceiver, or as a
gateway device separating a LAN from a backbone network. The
product supports both DoD and ISO internet standards allowing
protection over wide area networks.
The initial product accommodates connection to IEEE 802.3 and
IEEE 802.4 medias. Motorola Inc. has a Memorandum of
Agreement with the National Security Agency and anticipates
product endorsement in the first quarter of next year. The
LAN product represents the first of a family of SDNS products
that will provide complete, interoperable system security
solutions. Additional information on the NES can be obtained
from Joe Marino at (602) 441-5827. - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - 16. The
Death of Shadow 2600: No Accident (July 6, 1989) -- The
following is a message taken from The Central Office:
89Jul06 from fdg @ The Central Office
MY CONDOLENCES TO DAVE FLORY'S FAMILY AND FRIENDS. Do you
all realize WHY a 22 year old died? It says one thing to me.
He was killed by some insane ex-CIA types. Most likely under
orders from the idiots who tried to prosecute him in 1985.
This kind of thing is getting more common under President
Bush. He ran the CIA, and he is now encouraging the same
dirty tricks to silence people who cause "problems." Abbie
Hoffman was done in the same way. A small hypodermic full of
prussic aced. You will hear about more ex-hippies, yippies,
and hackers/phreaks dying mysteriously in the foreseeable
future.
You have been warned. And who am I to know all this?
Believe me, friends, I am highly placed in the government.
You will see more friends die. You may laugh now, but I
decided to leave a public message in hopes of saving a few
lives.
Special Thanks to Epsilon
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17. Legion Of Doom Members Raided In Atlanta (July 21, 1989) --
The Leftist, The Urvile, and The Prophet, all of the world
famous hacking group known as the Legion of Doom, were raided
on July 21, 1989. The day in question is interesting because
two years prior, that was the same day that a nationwide
sweep netted over 80 hackers across the country including
famous names such as Oryan QUEST, Solid State, and Bill From
RNOC.
The charges against the LOD members range from toll fraud to
illegal entry into government computer systems, although as
it is told, the government systems were entered by the Urvile
and the other two had nothing to do with it. Currently, all
three LOD-Atlanta members are still waiting to find out what
will happen to them as charges have not yet been brought
against them, very similar to what happened to the hackers in
1987.
It has been said by security personnel at Michigan Bell that
these LOD busts were a spinoff of the supposed arrest of Fry
Guy on July 19 for his role in the Delray Beach, Florida
probation officer scam (detailed last issue). It is believe
that he had been working closely with LOD-Atlanta (especially
The Leftist) and when caught for the probation office scam,
he got scared and turned over what he knew about LOD.
_____________________________________________________________________