[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: PWN/Part 1 ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #41 | Release date : 1992-12-31 | Editor : Dispater
IntroductionDispater
Phrack LoopbackMind Mage & Dispater
Phrack Pro-Phile on SuperniggerSupernigger
Network MiscellanyThe Racketeer
Pirates CoveRambone
Hacking AT&T System 75Scott Simpson
How To Build a DMS-10 Switchcavalier
TTY SpoofingVaxBuster
Security Shortcomings of AppleShare NetworksBobby Zero
Mall Cop FrequenciesCaligula XXI
PWN/Part 1Datastream Cowboy
PWN/Part 2Datastream Cowboy
PWN/Part 3Datastream Cowboy
Title : PWN/Part 1
Author : Datastream Cowboy
                                ==Phrack Inc.==

                  Volume Four, Issue Forty-One, File 11 of 13

              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
              PWN                                             PWN
              PWN              Phrack World News              PWN
              PWN                                             PWN
              PWN           Issue 41 / Part 1 of 3            PWN
              PWN                                             PWN
              PWN        Compiled by Datastream Cowboy        PWN
              PWN                                             PWN
              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN


 Reports of "Raid" on 2600 Washington Meeting                  November 9, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Barbara E. McMullen & John F. McMullen (Newsbytes)

WASHINGTON, D.C. -- The publisher of a well-known hacker magazine claims a
recent meeting attended by those interested in the issues his magazine raises
was disrupted by threats of arrest by security and Arlington, Virginia police
officers.

Eric Corley, also known as "Emmanuel Goldstein," editor and publisher of "2600
Magazine: The Hacker Quarterly," told Newsbytes that the meeting was held
November 6th at the Pentagon City Mall outside Washington, DC was disrupted and
material was confiscated in the raid.

2600 Magazine promotes monthly meetings of hackers, press, and other interested
parties throughout the country.  The meetings are held in public locations on
the first Friday evening of the month and the groups often contact each other
by telephone during the meetings.

Corley told Newsbytes that meetings were held that evening in New York,
Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los Angeles and San
Francisco.  Corley said, "While I am sure that meetings have been observed by
law enforcement agencies, this is the only time that we have been harassed.  It
is definitely a freedom of speech issue."

According to Craig Neidorf, who was present at the meeting and was distributing
applications for membership in Computer Professionals For Social Responsibility
(CPSR), "I saw the security officers focusing on us.  Then they started to come
toward us from a number of directions under what seemed to be the direction of
a person with a walkie-talkie on a balcony.  When they approached, I left the
group and observed the security personnel encircling the group of about 30
gatherers.  The group was mainly composed of high school and college students.
The guards demanded to search the knapsacks and bags of the gatherers.  They
confiscated material, including CPSR applications, a copy of Mondo 2000 (a
magazine), and other material."

He adds that the guards also confiscated film "from a person trying to take
pictures of the guards.  When a hacker called "HackRat" attempted to copy down
the names of the guards, they took his pencil and paper."

Neidorf continued, "I left to go outside and rejoined the group when they were
ejected from the mall.  The guards continued challenging the group and told
them that they would be arrested if they returned.  When one of the people
began to take pictures of the guards, the apparent supervisor became excited
and threatening but did not confiscate the film."

Neidorf also said, "I think that the raid was planned.  They hit right about
6:00 and they identified our group as "hackers" and said that they knew that
this group met every month."

Neidorf's story was supported by a Washington "hacker" called "Inhuman," who
told Newsbytes, "I arrived at the meeting late and saw the group being detained
by the guards.  I walked along with the group as they were being ushered out
and when I asked a person who seemed to be in authority his name, he pointed at
a badge with his name written in script on it.  I couldn't make out the name
and, when I mentioned that to the person, he said 'If you can't read it, too
bad.'  I did read his name, 'C. Thomas,' from another badge."

Inhuman also told Newsbytes that he was told by a number of people that the
guards said that they were "acting on behalf of the Secret Service."  He added,
"I was also told that there were two police officers from the Arlington County
Police present but I did not see them."

Another attendee, Doug Luce, reports, "I also got to the DC meeting very late;
7:45 or so.  It seemed like a coordinated harassment episode, not geared toward
busting anyone, but designed to get people riled up, and maybe not come back to
the mall."

Luce adds that he overheard a conversation between someone who had brought a
keyboard to sell.  The person, he said, was harassed by security forces, one of
whom said, "You aren't selling anything in my mall without a vendors permit!"

Possible Secret Service involvement was supported by a 19 year-old college
student known as the "Lithium Bandit," who told Newsbytes, "I got to the mall
about 6:15 and saw the group being detained by approximately 5 Arlington County
police and 5 security guards. When I walked over to see what was going on, a
security guard asked me for an ID and I refused to show it, saying that I was
about to leave.  The guard said that I couldn't leave and told me that I had to
see a police officer.  When I did, the officer demanded ID and, when I once
again refused, he informed me that I could be detained for up to 10 hours for
refusing to produce identification.  I gave in and produced my school ID which
the police gave to the security people who copied down my name and social
security number."

Lithium Bandit continued, "When I asked the police what was behind this action,
I was told that they couldn't answer but that 'the Secret Service is involved
and we are within our rights doing this."

The boy says he and others later went to the Arlington police station to get
more information and were told only that there was a report of the use of a
stolen credit card and two officers were sent to investigate.  "They later
admitted that it was 5 (officers).  While I was detained, I heard no mention of
a credit card and there was no one arrested."
Marc Rotenberg, director of CPSR's Washington office, told Newsbytes, "I have
really no details on the incident yet, but I am very concerned about the
reports. Confiscation of CPSR applications, if true, is outrageous.  I will
find out more facts on Monday."

Newsbytes was told by the Pentagon City Mall office that any information
concerning the action would have to come from the director of security, Al
Johnson, who was not available until Monday.  The Arlington Country Police
referred Newsbytes to a "press briefing recording" which had not been updated
since the morning before the incident.

Corley told Newsbytes, "There have been no reports of misbehavior by any of
these people.  They were obviously singled out because they were hackers.  It's
as if they were being singled out as an ethnic group.  I admire the way the
group responded -- in a courteous fashion.  But it is inexcusable that it
happened.  I will be at the next Washington meeting to insure that it doesn't
happen again."

The manager of one of New York state's largest malls provided background
information to Newsbytes on the rights of malls to police those on mall
property, saying, "The primary purpose of a mall is to sell. The interior of
the mall is private property and is subject to the regulations of the mall.
The only requirement is that the regulations be enforced in an even-handed
manner.  I do not allow political activities in my mall so I could not make an
exception for Democrats.  We do allow community groups to meet but they must
request space at least two weeks before the meeting and must have proper
insurance.  Our regulations also say that groups of more than 4 may not
congregate in the mall."

The spokeswoman added that mall security can ask for identification from those
who violate regulations and that they may be barred from the mall for a period
of 6 months.

She added, "Some people feel that mall atriums and food courts are public
space.  They are not and the industry is united on this.  If the malls were to
receive tax benefits for the common space and public service in snow removal
and the like, it could possibly be a public area but malls are taxed on the
entire space and are totally private property, subject to their own
regulations.  If a group of 20 or more congregated in my mall, they would be
asked to leave."

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Confusion About Secret Service Role In 2600 Washington Raid   November 7, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Barbara E. McMullen & John F. McMullen (Newsbytes)

WASHINGTON, D.C.-- In the aftermath of an action on Friday, November 6th by
members of the Pentagon City Mall Police and police from Arlington County,
Virginia in which those attending a 2600 meeting at the mall were ordered from
the premises, conflicting stories continue to appear.

Attendees at the meeting have contended to Newsbytes that members of the mall
police told them that they were "acting on behalf of the Secret Service."  They
also maintain that the mall police confiscated material from knapsacks and took
film from someone attempting to photograph the action and a list of the names
of security officers that one attendee was attempting to compile.

Al Johnson, chief of security for the mall, denied these allegations to
Newsbytes, saying "No one said that we were acting on behalf of the Secret
Service.  We were merely enforcing our regulations.  While the group was not
disruptive, it had pulled tables together and was having a meeting in our food
court area.  The food court is for people eating and is not for meetings.  We
therefore asked the people to leave."

Johnson denied that security personnel took away any film or lists and further
said "We did not confiscate any material.  The group refused to own up to who
owned material on the tables and in the vicinity so we collected it as lost
material.  If it turns out that anything did belong to any of those people,
they are welcome to come in and, after making proper identification, take the
material."

In a conversation early on November 9th, Robert Rasor, Secret Service agent-in-
charge of computer crime investigations, told Newsbytes that having mall
security forces represent the Secret Service is not something that was done
and, that to his knowledge, the Secret Service had no involvement with any
Pentagon City mall actions on the previous Friday.

A Newsbytes call to the Arlington County police was returned by a Detective
Nuneville who said that her instructions were to refer all questions concerning
the matter to agent David Adams of the Secret Service.  She told Newsbytes that
Adams would be providing all information concerning the involvement of both the
Arlington Police and the Secret Service in the incident.

Adams told Newsbytes "The mall police were not acting as agents for the Secret
Service. Beyond that, I can not confirm or deny that there is an ongoing
investigation."

Adams also told Newsbytes that "While I cannot speak for the Arlington police,
I understand that their involvement was due to an incident unrelated to the
investigation."

Marc Rotenberg, director of the Washington office of Computer Professionals for
Social Responsibility (CPSR), told Newsbytes "CPSR has reason to believe that
the detention of people at the Pentagon City Mall last Friday was undertaken at
the behest of the Secret Service, which is a federal agency.  If that is the
case, then there was an illegal search of people at the mall.  There was no
warrant and no indication of probable illegal activity.  This raises
constitutional issues. We have undertaken the filing of a Freedom of
Information Act (FOIA) request to determine the scope, involvement and purpose
of the Secret Service in this action."

2600 meetings are held on the evening of the first Friday of each month in
public places and malls in New York City, Washington, Philadelphia, Cambridge,
St. Louis, Chicago, Los Angeles and San Francisco.  They are promoted by 2600
Magazine: The Hacker Quarterly and are attended by a variety of persons
interested in telecommunications and so-called "hacker issues".  The New York
meeting, the oldest of its kind, is regularly attended by Eric Corley a/k/a
Emmanuel Goldstein, editor and publisher of 2600, hackers, journalists,
corporate communications professionals and other interested parties.  It is
known to have been the subject of surveillance at various times by law
enforcement agencies conducting investigations into allegations of computer
crime.

Corley told Newsbytes "While I'm sure that meetings have been observed by law
enforcement agencies, this is the only time that we have been harassed.  It's
definitely a freedom of speech issue." Corley also that he plans to be at the
December meeting in Washington "to insure that it doesn't happen again."

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Conflicting Stories In 2600 Raid; CRSR Files FOIA            November 11, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Barbara E. McMullen & John F. McMullen (Newsbytes)

WASHINGTON, D.C. -- In the on-going investigation of possible Secret Service
involvement in the Friday, November 6th ejection of attendees at a "2600
meeting" from the premises of the Pentagon City Mall, diametrically opposed
statements have come from the same source.

Al Johnson, chief of security for the Pentagon City Mall told Newsbytes on
Monday, November 9th "No one said that we were acting on behalf of the Secret
Service.  We were merely enforcing our regulations.  While the group was not
disruptive, it had pulled tables together and was having a meeting in our food
court area.  The food court is for people eating and is not for meetings.  We
therefore asked the people to leave."

On the same day, Johnson was quoted was quoted in a Communications Daily
article by Brock Meeks as saying "As far as I'm concerned, we're out of this.
The Secret Service, the FBI, they're the ones that ramrodded this whole thing."

Newsbytes contacted Meeks to discuss the discrepancies in the stories and were
informed that the conversation with Johnson had been taped and was available
for review.  The Newsbytes reporter listened to the tape (and reviewed a
transcript).  On the tape, Johnson was clearly heard to make the statement
quoted by Meeks.

He also said "maybe you outta call the Secret Service, they're handling this
whole thing.  We, we were just here", and, in response to a Meeks question
about a Secret Service contact, "Ah.. you know, I don't have a contact person.
These people were working on their own, undercover, we never got any names, but
they definitely, we saw identification, they were here."

Newsbytes contacted Johnson again on the morning of Wednesday, November 11 and
asked him once again whether there was any Secret Service involvement in the
action. Johnson said "No, I told you that they were not involved."  When it was
mentioned that there was a story in Communications Daily, quoting him to the
contrary, Johnson said "I never told Meeks that.  There was no Secret Service
involvement"

Informed of the possible existence of a tape quoting him to the contrary.
Johnson said "Meeks taped me? He can't do that.  I'll show him that I'm not
fooling around.  I'll have him arrested."

Johnson also said "He asked me if the Secret Service was involved; I just told
him that, if he thought they were, he should call them and ask them."

Then Johnson again told Newsbytes that the incident was "just a mall problem.
There were too many people congregating."

[NOTE: Newsbytes stands by its accurate reporting of Johnson's statements.  It
also affirms that the story by Meeks accurately reflects the material taped
during his interview]

In a related matter, Marc Rotenberg, director of the Washington office of
Computer Professionals For Social Responsibility (CPSR) has announced that CPSR
has filed a Freedom of Information Act (FOIA) request with the Secret Service
asking for information concerning Secret Service involvement in the incident.

Rotenberg told Newsbytes that the Secret Service has 10 days to respond to the
request.  He also said that CPSR "is exploring other legal options in this
matter."

The Secret Service, in earlier conversations with Newsbytes, has denied that
the mall security was working on its behalf.

In the incident itself, a group attending the informal meeting was disbanded
and, according to attendees, had property confiscated.  They also contend that
security guards took film from someone photographing the confiscation as well
as a list that someone was making of the guard's names.  In his November 9th
conversation with Newsbytes, Johnson denied that security personnel took away
any film or lists and further said "We did not confiscate any material.  The
group refused to own up to who owned material on the tables and in the vicinity
so we collected it as lost material.  If it turns out that anything did belong
to any of those people, they are welcome to come in and, after making proper
identification, take the material."

2600 meetings are promoted by 2600 Magazine: The Hacker Quarterly and are held
on the evening of the first Friday of each month in public places and malls in
New York City, Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los
Angeles and San Francisco.  They are regularly attended by a variety of persons
interested in telecommunications and so-called "hacker issues".
_______________________________________________________________________________

 Secret Service Grabs Computers In College Raid               December 17, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Joe Abernathy (The Houston Chronicle)(Page A37)

The Secret Service has raided a dorm room at Texas Tech University, seizing the
computers of two Houston-area students who allegedly used an international
computer network to steal computer software.

Agents refused to release the names of the two area men and a third man, a
former Tech student from Austin, who were not arrested in the late-morning raid
Monday at the university in Lubbock.  Their cases will be presented to a grand
jury in January.

The three, in their early 20s, are expected to be charged with computer crime,
interstate transport of stolen property and copyright infringements.

"The university detected it," said Agent R. David Freriks of the Secret Service
office in Dallas, which handled the case.  He said Texas Tech computer system
operators noticed personal credit information mixed in with the software
mysteriously filling up their data storage devices.

The former student admitted pirating at least $6,000 worth of games and
programs this summer, Freriks said.

The raid is the first to fall under a much broader felony definition of
computer software piracy that could affect many Americans.

Agents allege the three used the Internet computer network, which connects up
to 15 million people in more than 40 nations, to make contacts with whom they
could trade pirated software.  The software was transferred over the network,
into Texas Tech's computers and eventually into their personal computers.

The Software Publishers Association, a software industry group chartered to
fight piracy, contends the industry lost $1.2 billion in sales in 1991 to
pirates.

Although these figures are widely questioned for their accuracy, piracy is
widespread among Houston's 450-plus computer bulletin boards, and even more so
on the global Internet.

"There are a lot of underground sites on the Internet run by university system
administrators, and they have tons of pirated software available to download --
gigabytes of software," said Scott Chasin, a former computer hacker who is now
a computer security consultant.

Freriks said the investigation falls under a revision of the copyright laws
that allows felony charges to be brought against anyone who trades more than 10
pieces of copyrighted software -- a threshold that would cover many millions of
Americans who may trade copies of computer programs with their friends.

"The ink is barely dry on the amendment, and you've already got law enforcement
in there, guns blazing, because somebody's got a dozen copies of stolen
software," said Marc Rotenberg, director of Computer Professionals for Social
Responsibility, in Washington.

"That was a bad provision when it was passed, and was considered bad for
precisely this reason, giving a justification for over-reaching by law
enforcement."

Freriks said the raid also involved one of the first uses of an expanded right
to confiscate  computers  used in crime.

"Our biggest complaint has been that you catch 'em and slap 'em on the wrist,
and then give the smoking gun back," he said.

"So they've changed the law so that we now have forfeiture authority."

The Secret Service already has been under fire for what is seen by civil
libertarians as an overly casual use of such authority, which many believe has
mutated from an investigative tool into a de facto punishment without adequate
court supervision.

_______________________________________________________________________________

 Hacker Taps Into Freeway Call Box -- 11,733 Times             October 23, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Jeffrey A. Perlman (Los Angeles Times)(Page A3)

SANTA ANA, CA -- An enterprising hacker reached out and touched someone 11,733
times in August -- from a freeway emergency call box in Orange County.

A computer that monitors the county's emergency call boxes attributed 25,875
minutes of calls to the mysterious caller who telephoned people in countries
across the globe, according to a staff report prepared for the Orange County
Transportation Authority.

"This is well over the average of roughly 10 calls per call box," the report
noted.

About 1,150 bright yellow call boxes have been placed along Orange County's
freeways to connect stranded motorists to the California Highway Patrol.  But
the caller charged all his calls to a single box on the shoulder of the Orange
(57) Freeway.

The hacker apparently matched the individual electronic serial number for the
call box to its telephone number.  It took an investigation by the transit
authority, and three cellular communications firms to unravel the mystery, the
report stated.

Officials with the transit authority's emergency call box program were not
available to comment on the cost of the phone calls or to say how they would be
paid.

But the report assured that "action has been taken to correct this problem.  It
should be noted that this is the first incident of this type in the five-year
history of the program."

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Ring May Be Responsible For Freeway Call Box Scam             October 24, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Jodi Wilgoren (Los Angeles Times)(Page B4)

            "Officials Believe A Hacker Sold Information to Others;
                  LA Cellular Will Pay For The Excess Calls."

COSTA MESA, CA -- As soon as he saw the August bill for Orange County's freeway
call boxes, analyst Dana McClure guessed something was awry.

There are typically about 12,000 calls a month from the 1,150 yellow boxes that
dot the county's freeways.  But in August, there were nearly that many
registered to a single box on the Orange Freeway a half-mile north of Lambert
Road in Brea.

"This one stood out, like 'Whoa!'" said McClure, who analyzes the monthly
computer billing tapes for the Orange County Transportation Authority.  "It
kicked out as an error because the number of minutes was so far over what it is
supposed to be."

With help from experts at LA Cellular, which provides the telephone service for
the boxes, and GTE Cellular, which maintains the phones, McClure and OCTA
officials determined that the calls -- 11,733 of them totaling 25,875 minutes
for a charge of about $1,600 -- were made because the hacker learned the code
and telephone number for the call boxes.

Because of the number of calls in just one month's time, officials believe
there are many culprits, perhaps a ring of people who bought the numbers from
the person who cracked the system.

You'd have to talk day and night for 17 or 18 days to do that; it'd be
fantastic to be able to make that many calls," said Lee Johnson of GTE
Cellular.

As with all cases in which customers prove they did not make the calls on their
bills, LA Cellular will pick up the tab, company spokeswoman Gail Pomerantz
said.  Despite the amount of time involved, the bill was only $1,600, according
to OCTA spokeswoman Elaine Beno, because the county gets a special emergency
service rate for the call box lines.

The OCTA will not spend time and money investigating who made the calls;
however, it has adjusted the system to prevent further fraud.  Jim Goode of LA
Cellular said such abuses are rare among cellular subscribers, and that such
have never before been tracked to freeway call boxes.

The call boxes contain solar cellular phones programmed to dial directly to the
California Highway Patrol or a to a GTE Cellular maintenance line.  The calls
on the August bill included 800 numbers and 411 information calls and hundreds
of calls to financial firms in New York, Chicago and Los Angeles.  That calls
were placed to these outside lines indicates that the intruders made the
connections from another cellular phone rather than from the call box itself.
Each cellular phone is assigned a seven-digit Mobile Identification Number that
functions like a phone number, and a 10- or 11-digit Electronic Service Number
unique to that particular phone (similar to the vehicle identification number
assigned every automobile).  By reprogramming another cellular phone with the
MIN and ESN of the call box phone, a hacker could charge all sorts of calls to
the OCTA.

"That's not legally allowable, and it's not an easy thing to do," McClure said,
explaining that the numbers are kept secret and that reprogramming a cellular
phone could wreck it.  "Most people don't know how to do that, but there are
some."

Everyone involved with the call box system is confident that the problem has
been solved, but officials are mum as to how they blocked potential cellular
banditry.

"I don't think we can tell you what we did to fix it because we don't want it
to happen again," Beno said with a laugh.
_______________________________________________________________________________

 FBI Probes Possible Boeing Computer Hacker                    November 6, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Taken from Reuters

SEATTLE -- Federal authorities said Friday they were investigating the
possibility that a hacker had breached security and invaded a Unix-based
computer system at the aerospace giant Boeing Co.

The Federal Bureau of Investigation confirmed the probe after a Seattle radio
station reported it received a facsimile of a Boeing memorandum warning
employees the security of one of its computer networks may have been violated.

The memo, which had been sent from inside Boeing, said passwords may have been
compromised, a reporter for the KIRO station told Reuters.

KIRO declined to release a copy of the memorandum or to further identify its
source.

The memorandum said the problem involved computers using Unix, the open-ended
operating system used often in engineering work.

Sherry Nebel, a spokeswoman at Boeing's corporate headquarters, declined
comment on the memorandum or the alleged breach of security and referred all
calls to the FBI.

An FBI spokesman said the agency was in touch with the company and would
discuss with it possible breaches of federal law.

No information was immediately available on what type of computer systems may
have been violated at Boeing, the world's largest commercial aircraft
manufacturer.

The company, in addition, acts as a defense contractor and its business
includes work on the B-2 stealth bomber, NASA's space station and the "Star
Wars" project.

Boeing is a major user of computer technology and runs a computer services
group valued at $1 billion.

Much of the company's engineering work is conducted using computer -aided
design (CAD) capabilities.  Boeing currently is pioneering a computerized
technique which uses 2,000 computer terminals to design its new 777 twinjet.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 FBI Expands Boeing Computer Hacker Probe                      November 9, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Samuel Perry (Reuters)

SEATTLE -- Federal authorities expanded their investigation of a computer
hacker or hackers suspected of having invaded a computer system at aerospace
giant and defense contractor Boeing Co.

FBI spokesman Dave Hill said the investigation was expanded after the agency
discovered similar infiltrations of computer records belonging to the U.S.
District Court in Seattle and another government agency.

"We're trying to determine if the same individuals are involved here," he said,
adding more than one suspect may be involved and the purpose of the intrusion
was unclear.

"We don't think this was an espionage case," Hill said, adding federal agents
were looking into violations of U.S. law barring breaking into a computer of
federal interest, but that no government classified data was believed to be
compromised.

"I'm not sure what their motivation is," he told Reuters.

The FBI confirmed the investigation after a Seattle radio station reported it
received a facsimile of a Boeing memorandum warning employees that the security
of one of its computer networks may have been violated.

A news reporter at KIRO Radio, which declined to release the facsimile, said
it was sent by someone within Boeing and that it said many passwords may have
been compromised.

Boeing's corporate headquarters has declined to comment on the matter,
referring all calls to the FBI.

The huge aerospace company, which is the world's largest maker of commercial
jetliners, relies heavily on computer processing to design and manufacture its
products. Its data processing arm operates $1.6 billion of computer equipment.

No information was disclosed on what system at Boeing had been compromised.
But one computer industry official said it could include "applications
involving some competitive situations in the aerospace industry.

The company is a defense contractor or subcontractor on major U.S. military
programs, such as the B-2 stealth bomber, the advanced tactical fighter,
helicopters, the NASA space station and the "Star Wars" missile defense system.

Recently, Boeing has pioneered the unprecedented use of computer-aided design
capabilities in engineering its new 777 twinjet. The design of the 777 is now
mostly complete as Boeing prepares for final assembly beginning next year.

That system, which uses three-dimensional graphics to replace a draftsman's
pencil and paper, includes 2,000 terminals that can tap into data from around
the world.
_______________________________________________________________________________

 Hacker Breaches NOAA Net                                        August 3, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~
 by Kevin Power (Government Computer News)(Page 10)

As a recent breach of the National Oceanic and Atmospheric Administration's
(NOAA) link to the Internet shows, the network not only benefits scientists but
also attracts unwanted attention from hackers.

NOAA officials said an intruder in May accessed the agency's TCP/IP network,
seeking to obtain access to the Internet.  The breach occurred on the National
Weather Service headquarters' dial-in communications server in Silver Spring,
Maryland, said Harold Whitt, a senior telecommunications engineer with NOAA.

Cygnus Support, a Palo Alto, California, software company, alerted NOAA
officials to the local area network security breach when Cygnus found that an
outsider had accessed one of its servers from the NOAA modem pool and had
attempted several  long-distance phone calls.

NOAA and Cygnus officials concluded that the perpetrator was searching for an
Internet host, possibly to locate a games publisher, Whitt said.  Fortunately,
the hacker did no damage to NOAA's data files, he said.

Whitt said intruders using a modem pool to tap into external networks are
always a security concern.  But organizations with Internet access seem to be
hacker favorites, he said.  "There's a lot of need for Internet security,"
Whitt said.

"You have to make sure you monitor the usage of the TCP/IP network and the
administration of the local host.  It's a common problem, but in our case we're
more vulnerable because of tremendous Internet access," Whitt said.

Whitt said NOAA's first response was to terminate all dial-in services
temporarily and change all the numbers.

Whitt said he also considered installing a caller-identification device for the
new lines.  But the phone companies have limited capabilities to investigate
random incidents, he said.

"It's very difficult to isolate problems at the protocol level," Whitt said.
"We targeted the calls geographically to the Midwest.

"But once you get into the Internet and have an understanding of TCP/IP, you
can just about go anywhere," Whitt said.

NOAA, a Commerce Department agency, has since instituted stronger password
controls and installed a commercial dial-back security system, Defender from
Digital Pathways Inc. of Mountain View, California.

Whitt said the new system requires users to undergo password validation at dial
time and calls back users to synchronize modems and log calls.  Despite these
corrective measures, Reed Phillips, Commerce's IRM director, said the NOAA
incident underlies the axiom that networks always should be considered
insecure.

At the recent annual conference of the Federation of Government Information
Processing Councils in New Orleans, Phillips said the government is struggling
to transmit more information electronically and still maintain control over the
data.

Phillips said agencies are plagued by user complacency, a lack of
organizational control, viruses, LAN failures and increasing demands for
electronic commerce. "I'm amazed that there are managers who believe their
electronic-mail systems are secure," Phillps said.  "We provide a great deal of
security, but it can be interrupted.

"Security always gets hits hard in the budget.  But the good news is vendors
recognize our needs and are coming out with cheaper security tools," Phillips
said.

Phillips said the NOAA attack shows that agencies must safeguard a network's
physical points because LANs present more security problems than centralized
systems.

"The perpetrator can dial in via a modem using the common services provided by
the telephone company, and the perpetrator risks no personal physical harm.  By
gaining access to a single system on the network the perpetrator is then able
to propagate his access rights to multiple systems on the network," Phillips
said.

"In many LAN environments a user need only log on the network once and all
subsequent access is assumed to be authorized for the entire LAN.  It then
becomes virtually impossible for a network manager or security manager to track
events of a perpetrator," he said.
_______________________________________________________________________________

 Hackers Scan Airwaves For Conversations                        August 17, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Mark Lewyn (The Washington Post)(Page A1)

                    "Eavesdroppers Tap Into Private Calls."

On the first day of the Soviet coup against Mikhail Gorbachev in August 1991,
Vice President Quayle placed a call to Senator John C. Danforth (R-Mo.) and
assessed the tense, unfolding drama.

It turned out not to be a private conversation.

At the time, Quayle was aboard a government jet, flying to Washington from
California.  As he passed over Amarillo, Texas his conversation, transmitted
from the plane to Danforth's phone, was picked up by an eavesdropper using
electronic "scanning" gear that searches the airwaves for radio or wireless
telephone transmissions and then locks onto them.

The conversation contained no state secrets -- the vice president observed that
Gorbachev was all but irrelevant and Boris Yeltsin had become the man to watch.
But it remains a prized catch among the many conversations overhead over many
years by one of a steadily growing fraternity of amateur electronics
eavesdroppers who listen in on all sorts of over-the-air transmissions, ranging
from Air Force One communications to cordless car-phone talk.

One such snoop overheard a March 1990 call placed by Peter Lynch, a well-known
mutual fund executive in Boston, discussing his forthcoming resignation, an
event that later startled financial circles.  Another electronic listener
overheard the chairman of Popeye's Fried Chicken disclose plans for a 1988
takeover bid for rival Church's Fried Chicken.

Calls by President Bush and a number of Cabinet officers have been intercepted.
The recordings of car-phone calls made by Virginia Governor L. Douglas Wilder
(D), intercepted by a Virginia Beach restaurant owner and shared with Senator
Charles S. Robb (D-Va.), became a cause ce'le'bre in Virginia politics.

Any uncoded call that travels via airwaves, rather than wire, can be picked up,
thus the possibilities have multiplied steadily with the growth of cellular
phones in cars and cordless phones in homes and offices.  About 41 percent of
U.S. households have cordless phones and the number is expected to grow by
nearly 16 million this year, according to the Washington-based Electronics
Industry Association.

There are 7.5 million cellular phone subscribers, a technology that passes
phone calls over the air through a city from one transmission "cell" to the
next. About 1,500 commercial airliners now have air-to-ground phones -- roughly
half the U.S. fleet.

So fast-growing is this new form of electronic hacking that it has its own
magazines, such as Monitoring Times.  "The bulk of the people doing this aren't
doing it maliciously," said the magazine's editor, Robert Grove, who said he
has been questioned several times by federal agents, curious about hackers'
monitoring activities.

But some experts fear the potential for mischief.  The threat to business from
electronic eavesdropping is "substantial," said Thomas S. Birney III, president
of Cellular Security Group, a Massachusetts-based consulting group.

Air Force One and other military and government aircraft have secure satellite
phone links for sensitive conversations with the ground, but because these are
expensive to use and sometimes not operating, some calls travel over open
frequencies.  Specific frequencies, such as those used by the president's
plane, are publicly available and are often listed in "scanners" publications
and computer bulletin boards.

Bush, for example, was accidentally overheard by a newspaper reporter in 1990
while talking about the buildup prior to the Persian Gulf War with Senator
Robert Byrd (D-W.Va.).  The reporter, from the Daily Times in Gloucester,
Massachusetts quickly began taking notes and the next day, quoted Bush in his
story under the headline, "Bush Graces City Airspace."

The vice president's chief of staff, William Kristol, was overheard castigating
one staff aide as a "jerk" for trying to reach him at home.

Some eavesdroppers may be stepping over the legal line, particularly if they
tape record such conversations.

The Electronic Communications Privacy Act prohibits intentional monitoring,
taping or distribution of the content of most electronic, wire or private oral
communications.  Cellular phone calls are explicitly protected under this act.
Local laws often also prohibit such activity.  However, some lawyers said that
under federal law, it is legal to intercept cordless telephone conversations as
well as conversations on an open radio channel.

The government rarely prosecutes such cases because such eavesdroppers are
difficult to catch.  Not only that, it is hard to win convictions against
"listening Toms," lawyers said, because prosecutors must prove the
eavesdropping was intentional.

"Unless they prove intent they are not going to win," said Frank Terranella,
general counsel for the Association of North American Radio Clubs in Clifton,
New Jersey.  "It's a very tough prosecution for them."

To help curb eavesdropping, the House has passed a measure sponsored by Rep.
Edward J. Markey (D-Mass.), chairman of the House telecommunications and
finance subcommittee, that would require the Federal Communications Commission
to outlaw any scanner that could receive cellular frequencies.  The bill has
been sent to the Senate.

But there are about 10 million scanners in use, industry experts report, and
this year sales of scanners and related equipment such as antennas will top
$100 million.

Dedicated scanners, who collect the phone calls of high-ranking government
officials the way kids collect baseball cards, assemble basements full of
electronic gear.

In one sense, the electronic eavesdroppers are advanced versions of the
ambulance chasers who monitor police and fire calls with simpler scanning
equipment and then race to the scene of blazes and accidents for a close look.
But they also have kinship with the computer hackers who toil at breaking into
complex computer systems and rummaging around other's files and software
programs.

One New England eavesdropper has four scanners, each one connected to its own
computer, with a variety of frequencies programmed.  When a conversation
appears on a pre-selected frequency, a computer automatically locks in on the
frequency to capture it.  He also keeps a scanner in his car, for entertainment
along the road.

He justifies his avocation with a seemingly tortured logic.  "I'm not going out
and stealing these signals," he said.  "They're coming into my home, right
through my windows."
_______________________________________________________________________________

 Why Cybercrooks Love Cellular                                December 21, 1989
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by William G. Flanagan and Brigid McMenamin (Forbes)(Page 189)

Cellular phones provide cybercrooks with golden opportunities for telephone
toll fraud, as many shocked cellular customers are discovering.  For example,
one US West Cellular customer in Albuquerque recently received a hefty
telephone bill.

Total: $20,000.

Customers are not held responsible when their phone numbers are ripped off and
misused.  But you may be forced to have your cellular phone number changed.
The cellular carriers are the big losers -- to the tune of an estimated $300
million per year in unauthorized calls.

How do the crooks get the numbers?  There are two common methods: cloning and
tumbling.

Each cellular phone has two numbers -- a mobile identification number (MIN) and
an electronic serial number (ESN).  Every time you make a call, the chip
transmits both numbers to the local switching office for verification and
billing.

Cloning involves altering the microchip in another cellular phone so that both
the MIN and ESN numbers match those stolen from a bona fide customer.  The
altering can be done with a personal computer. The MIN and ESN numbers are
either purchased from insiders or plucked from the airwaves with a legal
device, about the size of a textbook, that can be plugged into a vehicle's
cigarette lighter receptacle.

Cellular companies are starting to watch for suspicious calling patterns.  But
the cloning may not be detected until the customer gets his bill.

The second method -- tumbling -- also involves using a personal computer to
alter a microchip in a cellular phone so that its numbers change after every
phone call.  Tumbling doesn't require any signal plucking.  It takes advantage
of the fact that cellular companies allow "roaming" -- letting you make calls
away from your home area.

When you use a cellular phone far from your home base, it may take too long for
the local switching office to verify your MIN and ESN numbers.  So the first
call usually goes through while the verification goes on.  If the numbers are
invalid, no more calls will be permitted by that office on that phone.

In 1987 a California hacker figured out how to use his personal computer to
reprogram the chip in a cellular phone.  Authorities say one of his pals
started selling altered chips and chipped-up phones.  Other hackers figured out
how to make the chips generate new, fake ESN numbers every time the cellular
phone was used, thereby short-circuiting the verification process.  By 1991
chipped-up, tumbling ESN phones were in use all over the U.S.

The cellular carriers hope to scotch the problem of tumbling with instant
verification.  But that won't stop the clones.

How do crooks cash in?  Drug dealers buy (for up to $ 3,200) or lease (about
$750 per day) cellular phones with altered chips.  So do the "call-sell"
crooks, who retail long distance calls to immigrants often for less than phone
companies charge.  That's why a victim will get bills for calls all over the
world, but especially to Colombia, Bolivia and other drug-exporting countries.
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.