Title : Phrack World News VIII
Author : Knight Lightning
==Phrack Inc.==
Volume One, Issue Nine, Phile #10 of 10
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
{-=*> Phrack World News <*=-}
*Issue VIII*
Created by Knight Lightning
Written by
Knight Lightning and Sally Ride
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Welcome readers to PWN Issue VIII! The last few months have been pretty slow
in the area of real news and this issue we feature; Phrack World Reprints.
That's right, unfortunately most of the information in this issue is from
outside sources. I hope you find it equally as interesting and remember...
No News Is Good News!
______________________________________________________________________________
TMC Cracks Down August 26, 1986
---------------
Byline article by F. Alan Boyce, Associated Press Writer
Raleigh (AP) -- The use of home computers to pirate long-distance telephone
access codes and credit card numbers is increasing and may warrant more
prosecution and tighter security, federal authorities said Tuesday.
U.S. Attorney Sam Currin said five recent indictments for computer fraud
stemmed from a six-month investigation involving home computers and computer
bulletin boards in 23 states. By telephoning some computers, people with the
proper passwords could get numbers that would let them charge phone calls to
unsuspecting victims or make purchases with stolen credit cards.
"One bulletin board contained more than 100 stolen telephone access numbers
and 15 stolen credit card numbers," Curri said. "With the use of computers
becoming much more prevalent in our society, we're going to see a lot more of
this type of activity."
The probe began with Telemarketing Communications (TMC) of Raleigh, where an
estimated $100,000 was lost to unauthorized calls in six months.
Investigators were aided by an unidentified 16-year-old high school student
who had been caught by Telemarketing officials after making $2,000 worth of
illegal calls, officials said.
"That was a tremendous benefit to us in this investigation," Currin said.
"High school kids today are computer-smart. They know what they're doing."
The juvenile was not charged and has made restitution, Currin said.
U.S. Secret Service Agent William Williamson said the youth provided passwords
and used his own computer to reach the highest levels of bulletin boards
operated by those indicted.
A federal grand jury in Greensboro charged three North Carolina men Monday
with illegally possessing charge-account numbers and telephone long-distance
access codes obtained through home computers.
Robert Edward Lee II of Durham was charged with devising a method for
defrauding Telemarketing Communications (TMC). The grand jury also charged
Michael William McCann of Dobson with possessing more than 15 unauthorized
telephone access codes and account numbers owned by Telemarketing
Communications, TransCall America and General Communication Inc. Tyrone
Columbus Bullins of Reidsville was charged with possessing 17 unauthorized
charge numbers and 15 unauthorized telephone access codes and account numbers.
Ralph Sammie Fig of Knightdale and James Thomas McPhail of Goldsboro were
indicted on similar charges by a grand jury in the Eastern District Aug. 19.
Currin said each could face up to 10 years in prison and a $250,000 fine if
convicted under tough laws passed in 1984.
"The potential for fraud in this area is very great," he said. "We have an
obligation to prosecute violators. Companies themselves, if they're going to
stay in business and remain viable, also have an obligation to promote their
own internal security systems."
Mike Newkirk of TeleMarketing Communications said it was difficult to protect
codes without making systems too hard for the average customer to use.
"There are programs that break codes in security systems such as ours as the
computer operator is even sleeping," he said. "It can be randomly broken and
he can wake up the next morning and just check the file."
Newkirk said his company was considering installing equipment that could deny
telephone access to phones where trouble arises. But he said other
alternatives, like having operators answer calls to screen for access codes,
would be too expensive.
Williamson, however, said one company that changed from computer answering to
operators reported 5,600 callers hung up when asked for proper codes.
Information Provided By Sally Ride:::Space Cadet
______________________________________________________________________________
Here's a news story out of Vancouver, Washington that shows an unusual twist
on the old cat and mouse game we phreaks play with the feds and phone cops.
The story should be entitled...
FEDS TRASH HACKER
-----------------
However, it's really headlined.......
Teen Age Suspect In Local Computer Probe October 10, 1986
----------------------------------------
by Thomas Ryll The Columbian
A 15-year-old suspected hacker who reportedly used the nickname "Locksmith" is
the subject of the first local sheriff's office investigation of alleged use
of a computer for illegal long-distance telephone use.
Clark County deputies seized the teen-ager's computer, related equipment, and
bags of software Tuesday when they acted on a search warrant naming Tony E.
Gaylord, 10317 N.W. 16th Ave, a Columbia River High School student.
At one point in the investigation, trash from the Gaylord residence was
examined for evidence of telephone numbers that had allegedly had been
misused, according to the warrant.
The warrant, signed by District Court Judge Robert Moilanen, states that
officials of American Network have discovered illegal long-distance calls that
have cost the company more than $1,700. Items to be seized at the residence
were to be evidence of first-degree theft and second-degree computer trespass.
No formal charges have been filed. Gaylord who was at school when his
computer was seized, was not arrested, said Ronee Pillsbury, the sheriff's
office investigator on the case. The county prosecutor's office is reviewing
reports, and "we still have quite a bit of work to do on the case," she said.
American Network is a long-distance telephone service company with offices in
Vancouver. Although the firm has prosecuted computer hackers on its own, the
sheriff's office has never been involved, Pillsbury said. Despite the fact
that federal statutes often are involved, "American Network has not had much
cooperation from the federal people, who have had a 'don't-come-to-us'
attitude."
The novelty of the case is further indicated by mention of the computer
trespass law, a recent state statute that reflects a law enforcement problem
that has grown with the proliferation of home computers. With modems and
other equipment, unscrupulous users, sometimes called "phreakers," have
tampered with computer records, made unauthorized telephone calls, pilfered
bank accounts and otherwise misused equipment.
The local case surfaced in October 1985, when an American Network "abuse
analyst" examined company "switch reports" that "alerted her to a pattern she
associated with computer hacking," according to the search warrant affidavit,
which includes a list of telephone numbers all over the country that allegedly
were illegally dialed.
Investigation of another hacker led to Gaylord; one day in August, the
family's garbage was searched by American Network investigators after
Vancouver Sanitary Service workers bagged it and set it aside.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Some notes from Sally Ride:::Space Cadet:
----------------------------------------
A novel case in many respects! Not only was evidence collected by the phone
cops trashing a hacker's garbage, with the cooperation of the garbage company
but this is the first case involving the local sheriff's department.
I have discovered the reason no charges have yet been filed in the case is
because of an even more unique twist in this tale. American Network, commonly
called Amnet and sister company of Savenet, has joined forces with MCI in the
prosecution of this case and may bring in our good old friend TMC as well to
aid in the persecution of Locksmith.
During an interview with April Brown of American Network Security I was
informed the problems for the Locksmith have only just begun. The article
mentions $1,700 worth of calls. Well, that was when they first swore out the
warrant. Amnet now has identified about $4,000 worth of toll and linked it to
our friend Tony. But that's not all. After providing information on the case
to MCI an amount tripling the Amnet long distance charges has been connected
with this case. The Amnet agent had not received an indication from TMC on
the amount they are bringing to the case.
The question I have is why are these companies joining forces for the first
time, that I'm aware of, to dump so hard on this one little guy out of this
remote neck of the woods? Part of the reason appears to be because Amnet
approached Tony's parents in late 1985 about their son's activities and were
rudely turned away, according to April Brown.
The other unusual thing about this story is the quote from Amnet about the
lack of cooperation received from the federal authorities. Here I thought the
feds were hot to trot to nail as many of us as possible. I guess not as hot
as Amnet wants them to be.
Typed and editorialized by Sally Ride:::Space Cadet
______________________________________________________________________________
Football Phreaking? October 1, 1986
-------------------
MIAMI (UPI) -- The University of Miami and MCI reached an agreement Wednesday
that will keep the long-distance carrier from pressing charges against
Hurricane football players who made long-distance calls using someone else's
access card number.
Miami Athletic Director Sam Jankovich met with officials of MCI
Telecommunications Inc. and said that the matter had been resolved. The
company had threatened to press legal action.
An investigation by the Miami athletic department and MCI found up to 34
players were involved along with an undetermined number of other students.
The Miami Herald said the bill for the calls could have been as high as
$28,000.
Many of the calls allegedly were made from New Orleans where the Hurricanes
played in the Sugar Bowl New Year's Day. "We had a telephone conversation and
visited with MCI officials and another meeting has been set for Friday to go
over people who still have a balance," Jankovich said. "MCI has informed me
they will not press charges against the student athletes involved. We have 12
players who still owe money. We will sit down with those 12 and develop a
payment schedule on Friday."
David Berst, director of enforcement for the NCAA in Mission, Kansas, said he
was unsure if the NCAA would investigate the matter.
Just goes to show, if you get caught, claim to be a dumb jock...
Information from +++The Mentor+++
______________________________________________________________________________
MCI Gets Scammed October 10, 1986
----------------
ORLANDO, Fla. (UPI)--Jessica Barnett's phone bill this month was no quick
read--it ran 400 pages long and totaled $90,152.40.
"Who could pay a $90,000 phone bill? I'll have to mortgage my house to pay my
bill," said the 28-year-old housewife, who contacted MCI Telecommunications
Corp. in Atlanta shortly after opening the 2-inch thick bill.
"I called them and said, 'Hi, I've got this high bill.' They asked how much,
and when I told them they laughed. They said, 'You've got to be kidding.'"
MCI spokeswoman Laurie Tolleson said computer hackers apparently discovered
the Barnett's personal code and used it to make long-distance calls.
Most of the calls were made to Tennessee, and some lasted nearly two hours,
Tolleson said. Others were placed to Georgia, Alabama and Maryland.
"It's like they call continuously 24 hours a day, all day," Barnett said. "I
don't see the point in making these calls. If I was going to do something
like that, I'd be exotic and call Europe--not Tennessee or Norcross, Ga."
It was not Barnett's first problem with the phone company--she received a
$17,000 bill in July. She thought things were straightened out when she did
not get a bill last month, but the bill that arrived Monday included $70,000
in past-due charges. She said she and her husband, Jim, are not taking the
mix-up too seriously. "He kidded that now he knows what I do all day,"
Barnett said.
"What can you do? It doesn't bother me as long as I don't have to pay it. I
feel bad for MCI. I think they're getting ripped off."
Typed by Sally Ride:::Space Cadet
______________________________________________________________________________
MCI Introduces VAX Mailgate
---------------------------
VAX Mailgate is a software product that combines the strengths of Digital
Equipment Corp.'s "All-In-1" Integrated Office And Automation System with MCI
Mail's public electronic mail service for around-the-world business
communication.
Information From USA Today-Special MCI Edition
______________________________________________________________________________
MCI Card Fraud Detection Unit - The Online Security System 11/7/86
-----------------------------
The following is a brief description of the new on-line security system for
the MCI Card. The system developed in order to provide real-time detection of
excessive (and therefore potentially fraudulent) card usage. Rather then
depending on FREWS reports for their current Early Warning System, they are
now able to investigate and arrest card abuse as it occurs, rather than
waiting until damage has been done.
A. Detection
In order to detect possible fraud as it occurs, a counting mechanism in
the Fraud Detection Unit will be tracking call attempts for every MCI Card
authorization code on a continuous basis. Generic parameters based on
number of call attempts in a specified period (currently 15 calls in a 25
minute period) are used to identify potential card abuse. As soon as the
threshold is reached for any one code, Security and Investigation will be
notified, via PC screen, hardcopy, and audible alarm.
B. Verification
Upon notification of a potential problem, Security and Investigations will
first pull up the account record to check the Note Screen for anything
that may indicate Card abuse (i.e., non-payment, Card lost, stolen, or
never received). They will then try to contact the customer to verify
whether the Card is being used legitimately or not. For problems detected
after business hours, the customer will be contacted the following
morning.
C. Deactivation
If the customer has not been making the calls, or if the account phone
number is found to be illegitimate, the code will be deactivated
immediately in the Card Authorization Center. If the customer cannot be
reached, Security and Investigations will continue to monitor call volumes
on the code and will deactivate the code only if the high volumes continue
or reappear.
D. Reactivation
Codes deactivated due to fraud can only be reactivated by Security and
Investigations.
______________________________________________________________________________