AOH :: P24-12.TXT

Phrack World News XXIV Part 2 of 3


                                ==Phrack Inc.==

                     Volume Two, Issue 24, File 12 of 13

            PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
            PWN                                                 PWN
            PWN        P h r a c k   W o r l d   N e w s        PWN
            PWN        ~~~~~~~~~~~   ~~~~~~~~~   ~~~~~~~        PWN
            PWN                Issue XXIV/Part 2                PWN
            PWN                                                 PWN
            PWN                February 25, 1989                PWN
            PWN                                                 PWN
            PWN          Created, Written, and Edited           PWN
            PWN               by Knight Lightning               PWN
            PWN                                                 PWN
            PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN


Shadow Hawk Gets Prison Term                                  February 17, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
An 18 year old telephone phreak from the northside/Rogers Park community in
Chicago who electronically broke into U.S. military computers and AT&T
computers, stealing 55 programs was sentenced to nine months in prison on
Tuesday, February 14, 1989 in Federal District Court in Chicago.

Herbert Zinn, Jr., who lives with his parents on North Artesian Avenue in
Chicago was found guilty of violating the Computer Fraud and Abuse Act of
1986 by Judge Paul E. Plunkett.  In addition to a prison term, Zinn must pay
a $10,000 fine, and serve two and a half years of federal probation when
released from prison.

United States Attorney Anton R. Valukas said, "The Zinn case will serve to
demonstrate the direction we are going to go with these cases in the future.
Our intention is to prosecute aggressively.  What we undertook is to address
the problem of unauthorized computer intrusion, an all-too-common problem that
is difficult to uncover and difficult to prosecute..."

Zinn, a dropout from Mather High School in Chicago was 16-17 years old at
the time he committed the intrusions, using his home computer and modem.  Using
the handle "Shadow Hawk," Zinn broke into a Bell Labs computer in Naperville,
IL; an AT&T computer in Burlington, NC; and an AT&T computer at Robbins Air
Force Base, GA.  No classified material was obtained, but the government views
as 'highly sensitive' the programs stolen from a computer used by NATO which is
tied into the U.S. missile command.  In addition, Zinn made unlawful access to a
a computer at an IBM facility in Rye, NY, and into computers of Illinois Bell
Telephone Company and Rochester Telephone Company, Rochester, NY.

Assistant United States Attorney William Cook said that Zinn obtained access to
the AT&T/Illinois Bell computers from computer bulletin board systems, which he
described as "...just high-tech street gangs."  During his bench trial during
January, Zinn spoke in his own defense, saying that he took the programs to
educate himself, and not to sell them or share them with other phreaks.  The
programs stolen included very complex software relating to computer design and
artificial intelligence.  Also stolen was software used by the BOC's (Bell
Operating Companies) for billing and accounting on long distance telephone
calls.

The Shadow Hawk -- that is, Herbert Zinn, Jr. -- operated undetected for at
least a few months in 1986-87, but his undoing came when his urge to brag about
his exploits got the best of him.  It seems to be the nature of phreaks and
hackers that they have to tell others what they are doing.  On a BBS notorious
for its phreak/pirate messages, Shadow Hawk provided passwords, telephone
numbers and technical details of trapdoors he had built into computer systems,
including the machine at Bell Labs in Naperville.

What Shadow Hawk did not realize was that employees of AT&T and Illinois Bell
love to use that BBS also; and read the messages others have written.  Security
representatives from IBT and AT&T began reading Shadow Hawk's comments
regularly; but they never were able to positively identify him.  Shadow Hawk
repeatedly made boasts about how he would "shut down AT&T's public switched
network."  Now AT&T became even more eager to locate him.  When Zinn finally
discussed the trapdoor he had built into the Naperville computer, AT&T decided
to build one of their own for him in return; and within a few days he had
fallen into it.  Once he was logged into the system, it became a simple matter
to trace the telephone call; and they found its origin in the basement of the
Zinn family home on North Artesian Street in Chicago, where Herb, Jr. was busy
at work with his modem and computer.

Rather than move immediately, with possibly not enough evidence for a good,
solid conviction, everyone gave Herb enough rope to hang himself.  For over two
months, all calls from his telephone were carefully audited.  His illicit
activities on computers throughout the United States were noted, and logs were
kept.  Security representatives from Sprint made available notes from their
investigation of his calls on their network.  Finally the "big day" arrived,
and the Zinn residence was raided by FBI agents, AT&T/IBT security
representatives and Chicago Police detectives used for backup.  At the time of
the raid, three computers, various modems and other computer peripheral devices
were confiscated.  The raid, in September, 1987, brought a crude stop to Zinn's
phreaking activities.  The resulting newspaper stories brought humiliation and
mortification to Zinn's parents; both well-known and respected residents of the
Rogers Park neighborhood.  At the time of the younger Zinn's arrest, his father
spoke with authorities, saying, "Such a good boy! And so intelligent with
computers!"

It all came to an end Tuesday morning in Judge Plunkett's courtroom in Chicago,
when the judge imposed sentence, placing Zinn in the custody of the Attorney
General or his authorized representative for a period of nine months; to be
followed by two and a half years federal probation and a $10,000 fine.  The
judge noted in imposing sentence that, "...perhaps this example will defer
others who would make unauthorized entry into computer systems."  Accepting the
government's claims that Zinn was "simply a burglar; an electronic one... a
member of a high-tech street gang," Plunkett added that he hoped Zinn would
learn a lesson from this brush with the law, and begin channeling his expert
computer ability into legal outlets.  The judge also encouraged Zinn to
complete his high school education, and "become a contributing member of
society instead of what you are now, sir..."

Because Zinn agreed to cooperate with the government at his trial, and at any
time in the future when he is requested to do so, the government made no
recommendation to the court regarding sentencing.  Zinn's attorney asked the
court for leniency and a term of probation, but Judge Plunkett felt some
incarceration was appropriate.  Zinn could have been incarcerated until he
reaches the age of 21.

His parents left the courtroom Tuesday with a great sadness.  When asked to
discuss their son, they said they preferred to make no comment.

                  Information Collected From Various Sources
_______________________________________________________________________________

FBI National Crime Information Center Data Bank               February 13, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Evelyn Richards (Washington Post)

 "Proposed FBI Crime Computer System Raises Questions on Accuracy, Privacy --
      Report Warns of Potential Risk Data Bank Poses to Civil Liberties"

On a Saturday afternoon just before Christmas last year, U.S. Customs officials
at Los Angeles International Airport scored a "hit."

Running the typical computer checks of passengers debarking a Trans World
Airlines flight from London, they discovered Richard Lawrence Sklar, a fugitive
wanted for his part in an Arizona real estate scam.

As their guidelines require, Customs confirmed all the particulars about Sklar
with officials in Arizona - his birth date, height, weight, eye and hair color
matched those of the wanted man.

Sklar's capture exemplified perfectly the power of computerized crime fighting.
Authorities thousands of miles away from a crime scene can almost instantly
identify and nab a wanted person.

There was only one problem with the Sklar case:  He was the wrong man.  The
58-year old passenger - who spent the next two days being strip-searched,
herded from one holding pen to another and handcuffed to gang members and other
violent offenders - was a political science professor at the University of
California at Los Angeles.

After being fingered three times in the past dozen years for the financial
trickeries of an impostor, Sklar is demanding that the FBI, whose computer
scored the latest hit, set its electronic records straight.  "Until this person
is caught, I am likely to be victimized by another warrant," Sklar said.

Nowhere are the benefits and drawbacks of computerization more apparent than
at the FBI, which is concluding a six-year study on how to improve its National
Crime Information Center, a vast computer network that already links 64,000 law
enforcement agencies with data banks of 19 million crime-related records.

Although top FBI officials have not signed off on the proposal, the current
version would let authorities transmit more detailed information and draw on a
vastly expanded array of criminal records.  It would enable, for example,
storage and electronic transmission of fingerprints, photos, tattoos and other
physical attributes that might prevent a mistaken arrest.  Though
controversial, FBI officials have recommended that it include a data bank
containing names of suspects who have not been charged with a crime.

The proposed system, however, already has enraged computer scientists and
privacy experts who warn in a report that the system would pose a "potentially
serious risk to privacy and civil liberties."  The report, prepared for the
House subcommittee on civil and constitutional rights, also contends that the
proposed $40 million overhaul would not correct accuracy problems or assure
that records are secure.

Mostly because of such criticism, the FBI's revamped proposal for a new system,
known as the NCIC 2000 plan, is a skeleton of the capabilities first suggested
by law enforcement officials.  Many of their ideas have been pared back, either
for reasons of practicality or privacy.

"Technical possibility should not be the same thing as permissible policy,"
said Marc Rotenberg, an editor of the report and Washington liaison for
Computer Professionals for Social Responsibility, a California organization.
The need to make that tradeoff - to weigh the benefits of technological
advances against the less obvious drawbacks - is becoming more apparent as
nationwide computer links become the blood vessels of a high-tech society.

Keeping technology under control requires users to double-check the accuracy of
the stored data and sometimes resort told-fashioned paper records or
face-to-face contact for confirmation.  Errors have plagued the NCIC for many
years, but an extensive effort to improve record-keeping has significantly
reduced the problem, the FBI said.

Tapped by federal, state and local agencies, the existing FBI system juggles
about 10 inquiries a second from people seeking records on wanted persons,
stolen vehicles and property, and criminal histories, among other things. Using
the current system, for example, a police officer making a traffic stop can
fine out within seconds whether the individual is wanted anywhere else in the
United States, or an investigator culling through a list of suspects can peruse
past records.

At one point, the FBI computer of the future was envisioned as having links to
a raft of other data bases, including credit records and those kept by the
Immigration and Naturalization Service, the Internal Revenue Service, the
Social Security Administration and the Securities and Exchange Commission.
One by one, review panels have scaled back that plan.

"There's a lot of sensitive information in those data bases," said Lt. Stanley
Michaleski, head of records for the Montgomery County [Maryland] police.  "I'm
not going to tell you that cops aren't going to misuse the information."

The most controversial portion of the planned system would be a major expansion
to include information on criminal suspects - whose guilt has not yet been
established.

The proposed system would include names of persons under investigation in
murder, kidnapping or narcotics cases.  It would include a so-called "silent
hit" feature:  An officer in Texas, for instance, would not know that the
individual he stopped for speeding was a suspect for murder in Virginia.  But
when the Virginia investigators flipped on their computer the next morning, it
would notify them of the Texas stop.  To Michaleski, the proposal sounded like
"a great idea.  Information is the name of the game."  But the "tracking"
ability has angered critics.

"That [data base] could be enlarged into all sorts of threats - suspected
communists, suspected associates of homosexuals.  There is no end once you
start," said Rep. Don Edwards (D-Calif.), whose subcommittee called for the
report on the FBI's system.

The FBI's chief of technical services, William Bayse, defends the proposed
files, saying they would help catch criminals while containing only carefully
screened names.  "The rationale is these guys are subjects of investigations,
and they met a certain guideline," he said.

So controversial is the suspect file that FBI Director William Sessions
reportedly may not include it when he publicly presents his plan for a new
system.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A case similar to Sklar's was that of Terry Dean Rogan, who was arrested five
times because of outstanding warrants caused by someone else masquerading as
him.  He finally settled for $50,000 in damages.
_______________________________________________________________________________

Legal Clamp-Down On Australian Hackers                        February 14, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Julie Power (The Financial Review)

Federal Cabinet is expected to endorse today draft legislation containing tough
penalties for hacking into Commonwealth computer systems.  It is understood
that the Attorney-General, Mr. Lionel Bowen, will be proposing a range of tough
new laws closely aligned with the recommendations of the Attorney-General's
Department released in December.  Mr. Bowen requested the report by the Review
of Commonwealth Criminal Law, chaired by Sir Harry Gibbs, as a matter of
urgency because of the growing need to protect Commonwealth information and
update the existing legislation.

Another consideration could be protection against unauthorized access of the
tax file number, which will be stored on a number of Government databases.

If the report's recommendations are endorsed, hacking into Commonwealth
computers will attract a $48,000 fine and 10 years imprisonment.  In addition,
it would be an offense to destroy, erase, alter, interfere, obstruct and
unlawfully add to or insert data in a Commonwealth computer system.

The legislation does not extend to private computer systems.  However, the
Attorney-General's Department recommended that it would be an offense to access
information held in a private computer via a Telecom communication facility or
another Commonwealth communication facility without due authority.
_______________________________________________________________________________

Multi-Gigabuck Information Theft                               February 8, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Bob Mitchell (Toronto Star)(Edited for this presentation)

A man has been arrested and charged with unauthorized use of computer
information, following a 2-month police investigation.  The suspect was an
associate of a "very big" Toronto company:  "A company that people would know,
with offices across Canada." Police are keeping the company's name secret at
its request.  They say the perpetrator acted alone.

A password belonging to the company was used to steal information which the
company values at $4 billion (Canadian).  This information includes computer
files belonging to an American company, believed to contain records from
numerous companies, and used by large Canadian companies and the United States
government.

"We don't know what this individual was planning to do with the information,
but the potential is unbelievable.  I'm not saying the individual intended to
do this, but the program contained the kind of information that could be sold
to other companies," said Lewers.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Further investigation of the above details led to the following;

Multi-Gigabuck Value Of Information Theft Denied              February 17, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Different facts about the information theft were reported two days after the
original story.

The information in this article is from the Toronto Globe & Mail.  The article
is headlined "Computer Information Theft Detected By Security System, Company
Says."  And it begins as follows:

    "The theft of information from a company's computer program was
     detected by the firm's own computer security system.

     Mike Tillson, president of HCR Corporation, which specializes in
     developing computer software, said yesterday an unusual pattern
     of computer access was noticed on the company's system last week."

The article continues by saying that police reports valuing the "program" at $4
billion (Canadian) were called grossly exaggerated by Tilson:  "It's more in
the tens of thousands of dollars range."  He also said that the illegal access
had been only a week before; there was no 2-month investigation.  And asked
about resale of the information, he said, "It's not clear how one would profit
from it.  There are any number of purposes one could imagine to idle curiosity.
There is a possibility of no criminal intent."

The information not being HCR customer data, and Tilson declining to identify
it, the article goes on to mention UNIX, to mumble about AT&T intellectual
property, and to note that AT&T is not in the investigation "at this stage."
_______________________________________________________________________________

More Syracuse Busts                                            February 6, 1989
~~~~~~~~~~~~~~~~~~~
St. Elmos Fire was arrested after a supposed friend turned him in to the police
and signed an affidavit.  His crimes include hacking into his school's HP3000
and the FBI and Telenet are trying to get him for hacking into another HP3000
system in Illinois.

However, it was the "friend" that was actually the person responsible for the
damage done to the computer in Illinois.  The problem is that Telenet traced
that calls to Syracuse, New York and because of the related crimes, the
authorities are inclined to believe that both were done by the same
individual.

St. Elmos Fire has already had his arraignment and his lawyer says that there
is very little evidence to connect SEF to the HP3000 in Syracuse, NY.  However,,
nothing is really known at this time concerning the status of the system in
Illinois.

                      Information Provided by Grey Wizard
_______________________________________________________________________________

Television Editor Charged In Raid On Rival's Files             February 8, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From San Jose Mercury News

TAMPA, Fla. (AP) - A television news editor hired away from his station by a
competitor has been charged with unlawfully entering the computer system of his
former employer to get confidential information about news stories.

Using knowledge of the system to bypass a security shield he helped create,
Michael L. Shapiro examined and destroyed files relating to news stories at
Tampa's WTVT, according to the charges filed Tuesday.

Telephone records seized during Shapiro's arrest in Clearwater shoed he made
several calls last month to the computer line at WTVT, where he worked as
assignment editor until joining competitor WTSP as an assistant news editor in
October.

Shapiro, 33, was charged with 14 counts of computer-related crimes grouped into
three second-degree felony categories:  Offenses against intellectual property,
offenses against computer equipment and offenses against computer users.  He
was released from jail on his own recognizance.

If convicted, he could be sentenced to up to 15 years in prison and fined
$10,000 for each second-degree felony count.

Bob Franklin, WTVT's interim news director, said the station's management
discovered several computer files were missing last month, and Shapiro was
called to provide help.  Franklin said the former employee claimed not to know
the cause of the problem.

At a news conference, Franklin said: "Subsequent investigation has revealed
that, at least since early January, WTVT's newsroom computer system has been
the subject of repeated actual and attempted 'break-ins.'  The computers
contain highly confidential information concerning the station's current and
future news stories."

The news director said Shapiro was one of two people who had responsibility for
daily operation and maintenance of the computer system after it was installed
about eight months ago.  The other still works at WTVT.

Terry Cole, news director at WTSP, said Shapiro has been placed on leave of
absence from his job.  Shapiro did not respond to messages asking for comment.

Franklin said Shapiro, employed by WTVT from February 1986 to September, 1988,
left to advance his career. "He was very good at what he did," Franklin said.
"He left on good terms."
_______________________________________________________________________________


AOH Site layout & design copyright © 2006 AOH