Title : Phrack World News XXVIII Part 1
Author : Knight Lightning
==Phrack Inc.==
Volume Three, Issue 28, File #9 of 12
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXVIII/Part 1 PWN
PWN PWN
PWN October 7, 1989 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Welcome to Issue XXVIII of Phrack World News!
This issue of Phrack World News contains stories and articles
detailing events from June - October, 1989 and features Bellcore,
Chalisti, Chaos Computer Club, Clifford Stoll, The Disk Jockey,
Fry Guy, The Grim Phreaker, Legion of Doom, The Leftist, Major
Havoc, Kevin Mitnick, Robert Morris, Oryan QUEST, The Prophet,
Red Rebel, Shadow Stalker, Shadow 2600, Terra, The Urvile, and
much more so keep reading.
"The Real Future Is Behind You... And It's Only The
Beginning!"
_______________________________________________________________________________
Judge Suggests Computer Hacker Undergo Counseling
July 17, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Karen E. Klein (New York Times)
LOS ANGELES -- A federal judge has suggested that Los Angeles
computer hacker Kevin Mitnick be sentenced to a one-year
residential treatment program to break his "computer addiction."
Although she did not finalize her sentence, U.S. District Judge
Mariana R. Pfaelzer said Monday that she thought Mitnick had
some problems that would
benefit from counseling.
Pfaelzer will actually pass sentence at a hearing set for
Tuesday, July 18.
The idea that a computer "junkie" who cannot control his urge to
break into computers could be helped with a program similar to
Alcoholics Anonymous is a new one, Harriet Rossetto, director of
the treatment program, told the judge.
"His behavior is an impulse disorder," Rossetto said. "The
disease is the addiction, whether it be drugs, alcohol, gambling,
hacking, money or power."
Rossetto, who was contacted by Mitnick's family, said Mitnick
would be the first person addicted to computer crime to be
treated in the Bet T'shuvah program , a 20-bed residential
treatment program for Jewish criminal offenders.
"It's not willful conduct, what Kevin does," she said. "He's
tried to control his behavior but hacking gives him a sense of
power, makes him feel like somebody when he's depressed or he's
lost a job."
Mitnick, age 25, has been in federal prison for seven months
since his arrest
last December on computer fraud charges.
He pleaded guilty in May to possessing 16 unauthorized MCI
long-distance codes and to stealing a computer security program
from the Digital Equipment Corporation in Massachusetts.
Mitnick has been described in court as a computer whiz who could
break into secured systems and change telephone or school records
at will. He told the judge on Monday, July 17 that he wants to
stop hacking.
"I sincerely want to change my life around and be productive
rather than destructive," Mitnick said.
"With counseling to break the addictive pattern I feel I have
towards computer hacking, I can take an active role and I don't
have to have the compulsive behavior again."
Assistant U.S. Attorney James R. Asperger said that the
government does not oppose Mitnick's release from prison to be
treated at Bet T'shuvah.
"The judge has taken this case very seriously. It shows computer
hacking is not like a Nintendo game," Asperger said.
Mitnick has cooperated with FBI investigators since his pleaded
guilty and helped bring charges against his former best friend,
Leonard DiCicco, 23, of Calabasas, Asperger said.
DiCicco, who initially tipped the FBI to Mitnick's crimes, has
agreed to plead guilty to a charge of aiding and abetting the
transportation of a stolen computer program.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Authorities Backed Away From Original Allegations
July 23, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Karen E. Klein (New York Times)
LOS ANGELES -- Shortly after computer hacker Kevin Mitnick was
arrested last December (1988), he was characterized as an extreme
threat who could wreak electronic chaos if he got near so much as
a telephone without supervision.
Police and FBI agents started trying to corroborate the flurry of
rumors that arose about the malicious actions of the computer
whiz from suburban Panorama City, whose case attracted national
attention.
Three judges denied Mitnick, age 25, bail on the ground that he
was a danger to society and ordered him held in a high-security
jail cell.
But after separating the Mitnick myth from the reality,
authorities backed away from many of their original allegations.
"A lot of the stories we originally heard just didn't pan out, so
we had to give him the benefit of the doubt," said James R.
Asperger, the assistant U.S. attorney who handled Mitnick's case.
Mitnick, pudgy and nervous, appeared in court last week to
apologize for his crimes and to ask for treatment to help break
his compulsive "addiction" to computers.
U.S. District Judge Mariana R. Pfaelzer sentenced him to serve
one year in
prison -- including the nearly eight months he already has served
-- and then to undergo six months of counseling and treatment
similar to that given to alcoholics or drug addicts.
"I think he has problems that would benefit greatly from this
kind of therapy," Pfaelzer said. "I want him to spend as much
time as possible in counseling."
The case that began with a bang ended with Asperger pointing out
that the one-year prison term is the stiffest sentence ever
handed out in a computer fraud case.
Mitnick originally was accused of using unauthorized MCI
long-distance codes to tap into Leeds University computers in
England and of stealing a $4 million computer security system
from the Digital Equipment Corporation in Massachusetts.
He ultimately agreed to plead guilty to possessing 16
unauthorized MCI long-distance codes and to stealing the computer
security program. The other charges were dismissed.
Alan Rubin, Mitnick's lawyer, said he felt vindicated by the
outcome of the case.
Rubin contended from the start that computerphobia and adolescent
exaggeration led authorities to mistakenly brand Mitnick a
malicious criminal.
"Once the snowball starts rolling, you can't stop it," said
Rubin, who waged an unsuccessful campaign up to the federal
appeals court to get bail for his client.
Far from being serious, Rubin said, Mitnick's actions were mostly
immature, adolescent pranks.
He pointed to evidence that Mitnick was able to electronically
cut off telephone service to people he was angry with and once
sent an enemy a $30,000 hospital telephone bill.
"It was the computer equivalent of sending your friend 14
pizzas," he said.
Many of the legends surrounding Mitnick came from the subculture
of computer hackers -- and specifically from a man who was once
Mitnick's best friend, Leonard Mitchell DiCicco, age 23, of
Calabasas, California.
DiCicco, who had a falling out with Mitnick over a $100 bet, told
computer security specialists at the Digital Equipment
Corporation that Mitnick had been trespassing on their system.
They in turn contacted the FBI agents, who arrested Mitnick.
What DiCicco told investigators may or may not have been entirely
truthful, Rubin said.
"I have no idea what his motives were," Rubin said.
But DiCicco, who alerted authorities to Mitnick's crime, had the
tables turned on him after the government refused to grant him
absolute immunity for his testimony against Mitnick.
When the prosecution said they might charge him with a crime,
DiCicco clammed up and refused to cooperate any further. But
from his prison cell, Mitnick agreed to cooperate and provided
enough incriminating evidence for the government to charge
DiCicco.
DiCicco is expected to plead guilty to a charge of aiding and
abetting the interstate transportation of stolen property -- the
computer security program -- on Monday.
Asperger said he was not sure whether DiCicco would get a
sentence similar to Mitnick's.
"Although they were friends and partners in computer hacking,
(DiCicco) appeared to play a subordinate role (in the crime),"
Asperger said.
Other rumors about Mitnick's conduct came from fellow hackers,
who may have blown the stories out of proportion.
"It's a very strange sub-culture, with a lot of jealousies,"
Rubin said. "Part of it is bragging about how macho you are and
what systems you've broken into. It's very immature in a lot of
ways."
But prosecutors, citing Mitnick's various scrapes with computer
misconduct since he was 13, aren't willing to let him off the
hook entirely.
"I think there's some substance to these things (the rumors that
arose in Mitnick's case), an awful lot of them," said Los Angeles
FBI chief Lawrence Lawler, who is a computer buff himself and
followed Mitnick's case closely.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you are looking for other articles about Kevin David Mitnick aka Condor
please refer to;
"Pacific Bell Means Business" (10/06/88) PWN XXI. . .Part 1
"Dangerous Hacker Is Captured" (No Date ) PWN XXII . .Part 1
"Ex-Computer Whiz Kid Held On New Fraud Counts" (12/16/88) PWN XXII . .Part 1
"Dangerous Keyboard Artist" (12/20/88) PWN XXII . .Part 1
"Armed With A Keyboard And Considered Dangerous" (12/28/88) PWN XXIII. .Part 1
"Dark Side Hacker Seen As Electronic Terrorist" (01/08/89) PWN XXIII. .Part 1
"Mitnick Plea Bargains" (03/16/89) PWN XXV. . .Part 1
"Mitnick Plea Bargain Rejected As Too Lenient" (04/25/89) PWN XXVII. .Part 1
"Computer Hacker Working On Another Plea Bargain" (05/06/89) PWN XXVII. .Part 1
"Mitnick Update" (05/10/89) PWN XXVII. .Part 1
"Kenneth Siani Speaks Out About Kevin Mitnick" (05/23/89) PWN XXVII. .Part 1
_______________________________________________________________________________
BITNET/CSNET Announce Merger and Formation of CREN August 18, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Washington, DC
-- Two of the nation's leading academic and research computer
networks announced today that final steps are being taken to
merge their organizations.
Ira Fuchs, President of BITNET, and Bernard Galler, Chairman of
CSNET, jointly reported that the two networks, which together
include 600 colleges, universities, government agencies, and
private sector research organizations, will unite to form the
Corporation for Research and Educational Networking, CREN.
Galler, a Professor of Electrical Engineering and Computer
Science at the University of Michigan, commented: "The aims of
CSNET and BITNET -- to support and promote the use of computer
networks on campuses and within research organizations -- have
converged over the last several years. We believe that by
bringing these two networks into a single organization, we will
be able to provide better service to our network users and more
effectively participate in the fast-changing national network
environment."
Fuchs, Vice President for Computing and Information Technology at
Princeton University, sees the move as a strengthening factor:
"The need for campus networks and the introduction of new
technology make it necessary to build a common base of network
services using the most progressive technology available. By
eliminating overlap between our two organizations, we will
become more efficient, and more importantly, we can take a
stronger role in the the formation of the national education and
research network. We can achieve this goal faster and at lower
cost by leveraging the efforts of the two major academic
networking organizations."
The merger of CSNET and BITNET has been studied for more than a
year by a planning group consisting of representatives from both
networks. CSNET currently lists 145 institutional and corporate
members, and BITNET 480 members. Together, the two networks
cover all 50 states and 32 foreign countries, including Japan,
Brazil, Mexico, and Argentina. Both maintain gateways to EARN
(European Academic Research Network), NetNorth (Canada), and the
National Internet.
The planning group's recommendations to merge were approved by
the BITNET, Inc. Trustees and the Directors of the University
Corporation for Atmospheric Research, operators of CSNET for the
last five years. An information packet on the merger is being
mailed to all members of both networks this week, with a ballot
for BITNET members, who must approve the final legal steps under
the provisions of BITNET By-Laws. In an advisory vote last
winter, BITNET members approved the merger in principle by more
than 90% of those voting.
A gradual transition period is planned to bring together CSNET
and BITNET services. CREN plans to continue use of EDUCOM and
Bolt, Beranek and Newman (BBN) to provide technical and general
management services to its members.
EDUCOM President Kenneth M. King commented, "We are entering a
particularly challenging period in the creation of an advanced
national network infrastructure for research and education. CREN
will play a major role in the future of these computer networks,
which are becoming more and more important to the conduct of
research and the quality of education. EDUCOM is pleased to have
an opportunity to support the services and activities of CREN. "
Frank Heart, Senior Vice President, BBN Systems and Technologies
Corporation, said, "In keeping with its long involvement in the
development of networking technologies, BBN is pleased to play a
major supporting role in the evolution of BITNET and CSNET."
The proposed CREN Board includes Fuchs and Galler;
Douglas Bigelow. . . . . Wesleyan University
William Curtis . . . . . University Corporation for Atmospheric Research
David Farber . . . . . . University of Pennsylvania
Suzanne Johnson. . . . . INTEL Corporation
Mark Laubach . . . . . . Hewlett-Packard Corporation
Philip Long. . . . . . . Yale University
Dennis Ritchie . . . . . AT&T Bell Laboratories
Martin Solomon . . . . . University of South Carolina
Douglas Van Houweling. . University of Michigan
William Yundt. . . . . . Stanford University
For more information, contact
Corporation for Research and Educational Networking
Suite 600
1112 16th Street NW
Washington, DC 20036
(202) 872-4215
[Obviously they decided not to call it ONEnet --KL]
_______________________________________________________________________________
CERT Internet Security Advisory August 16, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From Kenneth R. van Wyk
Many computers connected to the Internet have recently
experienced unauthorized system activity. Investigation shows
that the activity has occurred for several months and is
spreading. Several UNIX computers have had their "telnet"
programs illicitly replaced with versions of "telnet" which log
outgoing login sessions (including usernames and passwords to
remote systems). It appears that access has been gained to many
of the machines which have appeared in some of these session
logs. (As a first step, frequent telnet users should change
their passwords immediately.) While there is no cause for panic,
there are a number of things that system administrators can do to
detect whether the security on their machines has been
compromised using this approach and to tighten security on their
systems where necessary. At a minimum, all UNIX site
administrators should do the following:
o Test telnet for unauthorized changes by using the UNIX
"strings" command to search for path/filenames of possible log
files. Affected sites have noticed that their telnet programs
were logging information in user accounts under directory names
such as "..." and ".mail".
In general, we suggest that site administrators be attentive to
configuration management issues. These include the following:
o Test authenticity of critical programs - Any program with
access to the network (e.g., the TCP/IP suite) or with access
to usernames and passwords should be periodically tested for
unauthorized changes. Such a test can be done by comparing
checksums of on-line copies of these programs to checksums of
original copies. (Checksums can be calculated with the UNIX
"sum" command.) Alternatively, these programs can be
periodically reloaded from original tapes.
o Privileged programs - Programs that grant privileges to users
(e.g., setuid root programs/shells in UNIX) can be exploited to
gain unrestricted access to systems. System administrators
should watch for such programs being placed in places such as
/tmp and /usr/tmp (on UNIX systems). A common malicious
practice is to place a setuid shell (sh or csh) in the /tmp
directory, thus creating a "back door" whereby any user can
gain privileged system access.
o Monitor system logs - System access logs should be periodically
scanned (e.g., via UNIX "last" command) for suspicious or
unlikely system activity.
o Terminal servers - Terminal servers with unrestricted network
access (that is, terminal servers which allow users to connect
to and from any system on the Internet) are frequently used to
camouflage network connections, making it difficult to track
unauthorized activity. Most popular terminal servers can be
configured to restrict network access to and from local hosts.
o Passwords - Guest accounts and accounts with trivial passwords
(e.g., username=password, password=none) are common targets.
System administrators should make sure that all accounts are
password protected and encourage users to use acceptable
passwords as well as to change their passwords periodically, as
a general practice. For more information on passwords, see
Federal Information Processing Standard Publication (FIPS PUB)
112, available from the National Technical Information Service,
U.S. Department of Commerce, Springfield, VA 22161.
o Anonymous file transfer - Unrestricted file transfer access to
a system can be exploited to obtain sensitive files such as the
UNIX /etc/passwd file. If used, TFTP (Trivial File Transfer
Protocol - which requires no username/password authentication)
should always be configured to run as a non-privileged user and
"chroot" to a file structure where the remote user cannot
transfer the system /etc/passwd file. Anonymous FTP, too,
should not allow the remote user to access this file, or any
other critical system file. Configuring these facilities to
"chroot" limits file access to a localized directory structure.
o Apply fixes - Many of the old "holes" in UNIX have been closed.
Check with your vendor and install all of the latest fixes.
If system administrators do discover any unauthorized system
activity, they are urged to contact the Computer Emergency
Response Team (CERT).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -
Internet Cracker On The Loose: Who Is He?
October 2, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There
is a cracker on the loose in the Internet. This is the
information made public so far. Traces of the cracker were found
at the Institute for Advanced Studies in Princeton. He also left
traces at one of the Super computer centers. Both CERT and the
FBI have been called.
The technique that is being used is as follows:
1) He has a modified telnet that tries a list passwords on
accounts. Username forwards and backwards, username + pw,
etc.
2) He seems to have a program call "ret", that is breaking into
root.
3) He seems to be getting a list of victim machines via people's
.rhosts files.
4) He copies password files to the machines that he is currently
working from.
5) He is good about cleaning up after himself. He zeros out log
files and other traces of himself.
6) The breakins are occurring between 10 PM Sunday nights and 8
AM Monday mornings.
7) He seems to bring along a text file of security holes to the
machines he breaks into.
8) Backtracing the network connections seem to point to the
Boston area as a base of operations.
The system administrator at IAS found a directory with the name
".. " (dot dot space space). The files mentioned above were
found in this directory.
_______________________________________________________________________________
Worried Firms Pay Hush Money To "Hackers" June 12, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Richard Caseby (London Times)
"Are London Firms Offering Amnesty To Hacker Thieves?"
Firms in the City of London are buying the silence of hackers who
break into their computers and steal millions of pounds.
At least six London firms have signed agreements with criminals,
offering them amnesty if they return part of the money. The
firms fear that if they prosecute they will lose business when
customers learn that their computer security is flawed.
In several of the case the losses exceeded 1 million pounds, but
only a tenth of the total was returned.
The Computer Industry Research Unit (CIRU) which uncovered the deals and which
is advising the Department of Trade and Industry in data security, believes the
practice of offering amnesties is widespread.
"Companies who feel vulnerable are running scared by agreeing to these immoral
deals. Their selfishness is storing up serious problems for everyone else,"
said Peter Nancarrow, a senior consultant.
Police have warned that deals struck with criminals could
possibly lead to an employer being prosecuted for perverting the
course of justice.
Detective Inspector John Austin, of Scotland Yard's computer
fraud squad, said, "Employers could find themselves in very deep
water by such strenuous efforts to protect the credibility of
their image."
Legal experts say the firms are making use of section five of the
Criminal Law Act 1967 which allows them to keep silent on crimes
and privately agree on compensation. However, an employer
becomes a witness to the offense by taking evidence from a
criminal when the deal is drawn up.
Hackers steal by electronically transferring funds or by
programming a computer to round off all transactions by a tiny
amount and diverting the money to a separate account.
In one case, an assistant programmer at a merchant bank diverted
8 million pounds to a Swiss bank account and then gave back 7
million in return for a non-disclosure agreement protecting him
against prosecution.
Such thefts have spread alarm throughout London, with consultants
offering to penetrate the computer networks of banks and finance
houses to pinpoint loopholes before a hacker does.
The biggest contracts cost up to 50,000 pounds and can involve a
four month investigation in which every weakness is explored.
Detectives have found that computer security at many London
institutions is riddled with loopholes. A city of London police
operation, codenamed Comcheck, revealed wide spread weaknesses.
Firms were asked to track the number of unauthorized logons over
Easter bank holiday.
Some companies unable to tell whether hackers had penetrated
their network, while others lacked any security defenses.
In addition to theft, companies are vulnerable to blackmail.
Hackers can threaten to sabotage computers by inserting "viruses"
and "logic bombs" --rogue programs which can paralyze a system.
This type of threat has prompted the offer of a new insurance
policy underwritten by Lloyd's which specifically covers viruses
and other computer catastrophes.
______________________________________________________________________