AOH :: P47-02.TXT

Phrack Loopback / Editorial


                              ==Phrack Magazine==

                 Volume Six, Issue Forty-Seven, File 2 of 22

*****************************************************************************

                                Phrack Loopback

-----------------------------------------------------------------------------

G'Day,

You dont know who i am, and i appreciated that but i hope your read my little
note here and take it into consideration.

Ive been into the Australian Hacking Scene (if there is such a thing :-)
for only about 2years, but recenlty opened a h/p bbs here in Australia.
What i am writing and asking is if it is possilbe to place kinda an add of
some description in the next issue of phrack, something to the lines of:-

   H/P bbs recently opened in Australia - JeSteRs BBS +61-7-ASK-AROUND

If your looking for some form of donation $$ just let me know, if your
wondering is his guy a fed or something, mail DATA KING and speak to him, he
was one of the bbs first users and as you know he has written in the Int
Scene for the last too issues, but wont be in Issue #47 or i would have asked
him to place the advertisment in this report.

Regards, Jesta

[Cool!  Nice to see there's BBSs still popping up overseas.  It would be
 nice if I had the number...hell, I'd even call... but oh well,
 I suppose I (and all the Phrack readers) will just have to "ASK-AROUND"]

-----------------------------------------------------------------------------

   Hi Erikb,

    Last week you said you'd accept a bbs ad .. well here it is.
   If you'd publish it in phrack i'd be most grateful!

                                A Gnu BBS!
                           1000's h/p Related texts
     Phrack, CoTNo, B0W, cDc, NiA, CuD, Risks,Sphear,SCAM!,NeuroCactus
          Conferences covering Unix/VMS/System Security/Phreaking
   And absolutely no mention of "The Information Super Highway" anywhere!
                               +617-855-2923

      tnx,
       badbird

[I said I'd print the ad...and now I have.]

-----------------------------------------------------------------------------

ATTN: ALL COMPUTER WHIZ KIDZ..... I DESPARATELY NEED YOUR HELP!!!


Retired R.C.M.P officer formerly involved with priority levels of 
electronic surveillance has informed me that my residential telephone 
appears to have been compromised at a point other than inside or 
immediately outside my residence.

After an intensive evaluation of the premises his conclusion was that 
remote manipulation of the telephone company switch where my circuit 
could be victim was the problem.

The main focus of this exercise is to show how one can infiltrate a 
telephone company's network; remotely manipulate the company's switch; 
process long distance calling;make it appear that the calls originated 
from a particular site and then "fooling" the company's billing 
mechanisms to invoice that particular location.

Is this physically possible? Bell Canada categorically denies this 
possibility. I need proof! How is it done?
Please advise as soon as possible.

I'd sincerely appreciate any help, advise and/or information anyone out 
there can offer in this particular situation.

Please leave a way to get in touch! If you prefer to remain unknown, 
thanks a million, and rest assured that I WILL RESPECT and PROTECT you 
anonimity.

Regards,

John P. Marinelli    jmarinel@freenet.niagara.com

[My take on this is that with relative ease, someone could establish
 call forwarding on a line, make it active to some remote location, and
 call the original number numerous times, causing the owner of the
 hacked line to be billed for all the calls to the forwarded location.

 If anyone knows how to do this, STEP BY STEP on a DMS-100, please,
 contact Mr. Marinelli to help him out with his court case.  I don't
 know a whole lot about NT equipment, so I don't know the
 specifics of how this may have happened, only the generalities.

 Wouldn't it be nice to have the Underground "HELP" someone out
 for a change?]

-----------------------------------------------------------------------------

y0, Black Flag here... heres the info you told me to mail you about the 
GRaP/H (Gainesville Regional Association of Phreakers and Hackers) meetingz

Gainesville, FL
1st + 3rd Saturday of the month, 4pm - ???
meet in The Loop on 13th Street
Black Flag will be casually carrying a 2600
look around, you'll see him.

[Well, looks like the Florida Hackers have a new place to congregate.
 And so do the Florida FBI Field Offices.  :) ]

-----------------------------------------------------------------------------

I was wondering where I could find any virus authoring tools for the PC,
Unix, or VMS.


[You can find Nowhere Man's Virus Creation ToolKit on BBSs around the
 globe.  Have you looked???  I've never heard of UNIX or VMS virus tools.
 Do you know something I don't?  Do you know how a virus works? ]


-----------------------------------------------------------------------------

Chris, found something you might like.  Here's an ad from the latest
PHOENIX SYSTEMS catalog:

THE CALLER ID BLOCKER FIRST TIME AVAILABLE IN THE U.S.

By April, 1995 all telephone companies must deliver callers name and
telephone number to the caller ID system.  The law prohibits any telephone
company from offering customers an option to permanently disable their line
from the ID system.

This means that even if you have an unlisted number, everyone you call will
now have your telephone number and name.  Big brother is now one watching,
now he has your name and number.  No more anonymous calls to the IRS, city
hall, real estate agents, car dealers, health department or anyone.  Many
business professionals use their home telephone to return calls.  Do you
want your patients and clients to have access to your home telephone number?

We are proud to bring you the unique ANONYMOUS 100.  It installs on any
telephone in seconds and completely KILLS THE EFFECTS OF "CALLER ID"!  Yes,
you can have your privacy back.  The ANONYMOUS 100 is FCC approved and
carries a one year guarantee.

#1276...............................................................$69.95

Is it just me, or is this a load of bullshit?  Didn't CA and TX both pass
laws to make CLID illegal in those states?  I know that before MA would
allow it in the state, they told the telco that line blocking had to be
offered free (and it is, on per/call and permanent basis).  Did the feds
pass this new law while I was sleeping, or is this company just playing on
paranoia (not the first time) and trying to make a buck?

Eric

[Well Eric, it looks to me that this is a nifty little box that waits for
 voltage drop and immediately dials *67 before giving you a dialtone.
 Woo Woo!  $69.95!  It certainly is worth that to me to not have to dial
 3 digits before I make a call.  All that wear and tear ruins the
 fingers for typing.  PFFFT....

 About Caller-ID, well, it's legal just about every place I know of.
 I'm sure there are a feel hold-outs, but offering per-line blocking for
 individuals worried about privacy satisfied most Public Utility
 Commissions.  In fact, I think April 1 was the date that all Interconnects
 were supposed to be  upgraded to support the transfer of CLID information
 over long distance calls.  I don't think this has been turned on everywhere,
 but the software is supposed to be in place.

 *67.  Don't dial from home without it.]

-----------------------------------------------------------------------------

This message serves a multifold purpose:

(these response/comments are in referance to Phrack Issue 46 - Sept 20 1994)

A)

A question was brought up concerning a Moterola Flip Phone and the user 
inability to gain access to the programing documentation.  I happen to 
own (legally) a Motorola Flip Phone that I will assume to be the same and 
I was not given the documentation either, though I have not tried asking 
for it.  I will call Motorola and ask for *my* rightful copy and foreward 
my results (if I gain access) to phrack for proper distribution amoung 
appropriate channels.  If I do not gain access, I would appriciate to 
hear from anyone who has (this should not be limited to simply the M. 
Flip Phone, I have interests in all areas).

B)

Later in that issue (Sept 20, 1994) a list of university and colege 
dialups were provided... I live in the 218/701 (right on the border) and 
have a collection of them for addition to the list if you (or anyone 
else) should so desire.  I would post them now, but I have limited time 
and have to dig to find them.  I also have some numbers that some readers 
may find of interest.

C)

My living in the 218/701 is the main reason for my writting.  I used to 
live 612 and knew a lot of people in the area, but now I am stuck here in 
a little shit town (pop. 7000) where the cloest thing to a computer is 
made by John Deere.  I need to find someone in the 218 or 701 to work 
with or meet... if you know anyone...???  The closest BBS is long 
distance and even then it's crap... I would like to start my own, but who 
the fuck would call?  Who the fuck would I invite?  My old H/P friends in 
612 would, but I don't need the heat as they would all go through 950's 
or some other method... I think you understand.

any help would be greatly appreciated  By the way I could also use some 
218/701 ANAC or CN/A... any help here?

Aesop

[In order:

 a) Good luck with Moto.  You'll need it.
 b) Yes, I really still need your university dialups.  Issue 48 will
    have a much more complete list (I hope!)
 c) If anyone knows any bbs'es in those area codes, please send
    them in so I can pass along the info.

 Other) For CNA information, just call your business office.  They ALWAYS
        help.  Especially if you mention that CNA didn't have a current
        record. :) ]

-----------------------------------------------------------------------------

To whom it may concern at phrack, I would like to subscribe to Phrack. I
didn't use PGP because :-

i.     I never had any real need to
ii.    I came across the document below while dinking around with gopher. I
would pretty much guess phrack knows about it already. If you do know about
it, could you tell me another way to ensure my mail privacy?

Thank you.

Xombi.

---------------------BEGIN E-MAIL DOCUMENT---------------------

This section is from the document '/email-lists/Funny'.

 A lot of people think that PGP encryption is unbreakable and that the
NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
deadly mistake. In Idaho, a left-wing activist by the name of Craig Steingold
was arrested  _one day_ before he and others wee to stage a protest at
government buildings; the police had a copy of a message sent by Steingold
to another activist, a message which had been encrypted with PGP and sent
through E-mail.

 Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to 
allow the NSA to easily break encoded messages. Early in 1992, the author, 
Paul Zimmerman, was arrested by Government agents. He was told that he 
would be set up for trafficking narcotics unless he complied. The Government 
agency's demands were simple: He was to put a virtually undetectable 
trapdoor, designed by the NSA, into all future releases of PGP, and to
tell no-one.

 After reading this, you may think of using an earlier version of 
PGP. However, any version found on an FTP site or bulletin board has been 
doctored. Only use copies acquired before 1992, and do NOT use a recent 
compiler to compile them. Virtually ALL popular compilers have been 
modified to insert the trapdoor (consisting of a few trivial changes) into 
any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft, 
Borland, AT&T and other companies were persuaded into giving the order for
the modification (each ot these companies' boards contains at least one
Trilateral Commission member or Bilderberg Committee attendant).

 It took the agency more to modify GNU C, but eventually they did it.
The Free Software Foundation was threatened with "an IRS investigation",
in other words, with being forced out of business, unless they complied. The
result is that all versions of GCC on the FTP sites and all versions above 
2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
with itself will not help; the code is inserted by the compiler into
itself. Recompiling with another compiler may help, as long as the compiler
is older than from 1992.


[Well, uh, gee, I think the fact that this document came from
 /email-lists/Funny speaks for itself.  I'm satisfied with PGP
 for security, but then again, I don't have a lot of information that
 I'm so petrified that I need to keep it encrypted, or that I send
 out in email that I don't care if anyone sees.

 To put aside some of your fears, I personally feel that PGP is ok.
 If the trilateral commission wants your info, they will beat it out
 of you with sticks, with the help of several multi-jurisdictional
 task-forces for Federal law enforcement, while you are under the influence
 of incredibly terrifying and long-lasting hallucinogenic drugs.

 Don't worry.]


-----------------------------------------------------------------------------

Here is a BBS Ad for your next issue:

BBS Name: The King's Domain
Sysop:    Ex-Nihilo
Speeds:   1200-14,400
BBS Type: Remote Access 2.02+
Phone #:  208-466-1679

THe BBS has a good selction of "Hood" files... (hacking/phreaking/anarchy)
journals such as cDc, Phrack, ATI and more... also a good selection of
BBS files which include Doors and Utilities... primarily RA accessories,
but not exclusively... supports rip graphics and is online 24 hrs a day

[Yet another ad!  Is this the rebirth of BBS-dom?]

-----------------------------------------------------------------------------

[Editor's Note:  I got a letter asking me about how to credit card
 merchandise.  I replied that I didn't agree with carding, and that
 if the reader really wanted something, he/she should get a job and buy it.
 This is the response I got.]


What the fuck?  All I wanted was a fucking decent reply.  Get a job, huh?
You know, I thought if you were to talk to one of these supposed
"computer hackers" you could get some usefull information.  Get a job, that
rich coming from someone like you.

When there's something you want...take it...without using your money.

Maybe sometime I'll be able to takl to a hacker not some fucking
hypocritical computer geek
 

[Editor's Note:  I replied to this letter by stating that carding had nothing
 to do with hacking, that it was out and out stealing, and although
 we had published articles about it in Phrack, I wasn't going to help anyone
 do it, and that he/she should try to contact the authors of various
 carding articles directly.  This is the response that got.]

Come on now "Chris", you can do better than that, can't you?
Stealing?  Who's the thief here, eh? See, when I wake up in the morning,
I don't have to worry about secret service, police, or any sort
of military shit being in my apartment.  I don't get busted for doing stupid
things like stealing phone calls off fucking 900 numbers.  I think I
know exactly why you don't card anything - because you're too fucking stupid
or don't even have the balls to do it. Fuck, you'd expect someone like
yourself to have different views about being a thief. Well, I guess it
takes a certain kind of person to hack into shit like you, but why this
person would start flame wars and otherwise just be a total fuckup, I don't
know. Or, maybe it's just the singular person I'm talking too, yeah, that's
probably i...there probably are other, BETTER, hackers who aren't as
fucking arrogant as you.

Well, have fun with your hands and PLAYGIRL's, you fucking little punk-ass
faggot.

And tell your mother that I won't let this affect our relationship.

Punk

aj276@freenet3.carleton.ca

[This is the future of the computer underground??]

-----------------------------------------------------------------------------


BBS AD:

System is called CyberSphincter (playing off of the current word trend of
cyber). The number is 717-788-7435.  The NUP is 0-DAY-WAR3Z!!!
Modem speeds of 14.4 and lower, with no ANSI.  Sysop is Ha Ha Ha.

It's running renegade (we know it can be hacked and I've done it already),
but we seem to believe in honor among thieves, so try to control yourself on
that.

-=strata=-

[ANOTHER AD!]

-----------------------------------------------------------------------------

Hey Erik B...

I'm the remote sysop at the Digital Fallou BBS in 516.  Just recently,
we've been getting a rash of ld callers.  A day or two ago, a guy with
the handle "Digi-Hacker" applied.  His application looked good, execpt that
he stated his alter handle was "Eric Bloodaxe" and that he was the editor
of Phrack.  Now, any lame ass could just "say" that, and we don't want any
liars on board.  :)  So we decided to go right to you thru email.  Did you
apply?  If so, cool.  If this isn't you, that guy is gonna most assuredly
be deleted..

[Well, I hate to say it, but I don't have time to do much of anything
 anymore.  I certainly don't call bbses with any regularity.  I
 do have accounts on SECTEC and UPT, but that's it.  I may call some
 in the future, but for the most part I don't have any time.  If someone
 calls up a bulletin board and applies as "Erik Bloodaxe"  it isn't me.
 (Anyone saying they are Eric Bloodaxe MOST CERTAINLY isn't me. :)  )

 Anyone running BBSes may want to take note of this, so they don't get
 swindled into giving "elite" access to some pretender.  You can
 always email phrack@well.com and ask me if I have applied to your
 bbs. ]

-----------------------------------------------------------------------------

Chris,

I know you don't know me, but I figured you of all people could help me,
and give me an answer quickly.

I just got my phone bill, and on the last page is a page from some
company calling themselves Long Distance Billing Co., Inc.  It has
one call "Billed on behalf of Northstar Communication"  It is a call from
somewhere in FL, for 13 minutes, costing 51.87.  I called LD Inc, and they
said the call was a collect call made from Northstar Comm, and that
my only recourse was to write a letter to Northstar. Needless to say, I
did not accept the collect call, I don't know anyone in 813.  I called
NYNEX, and they said I should write to Northstar and LD INC, but didn't
seem to know anything about either company.  They guy I talked to said it
was real strange that LD INC didn't give me a number to call at
Northstar, since most of this type of thing is handled by phone.  I'm
beginning to wonder exactly how relieable this LD INC company is, who
Northstar is, and most of all who called and how the hell the call was
supposedly accepted by my phone.  This is all the info I know:

BILLED ON BEHALF OF NORTHSTAR COMMUNICATION

1.  SEP 18 923PM COL CLEARWATER FL 813-524-5111 NC 13:00 51.87

--From my phone bill

Northstar Communication
3665 East Bay Drive
Suite 204-192
Largo, FL 34641

--From LD INC

Long Distance Billing Co., Inc.

1-800-748-4309

--From NYNE phone bill.

If you can think of anything I can do, I;d be really greatful.  I don't
have $50 to throw away on a call I never got, and I don't have the
resources you do to try and figure out who the hell these people are.

[It looks to me like you got fucked by someone in Florida using a COCOT
 payphone.  It's kind of odd that NYNEX couldn't help you more...but anyway,
 I wouldn't pay it.

 What I suspect happened was that somsone used one of those handy COCOT
 services where the operators are incredibly stupid and allow calls
 to be accepted when the "calling party" says "YES" to allow a 3rd party or
 collect call, rather than the party being called.  This happened to me at
 my previous work extension by New Yorkers using the ENCORE service (even
 though all our lines were listed to refuse 3rd party and collect calls.)]

-----------------------------------------------------------------------------

I've been having some trouble with the law, so all my notes are stashed at
a friend's casa at the moment.  Can you recommend a good lawyer to defend me
for allegedly hacking some government computers?  I've got a good crim def
guy working with me right now assisting me guring questioning from Special
Agents, but I will need someone that has experience if I get indicted.

[If you are facing computer crime charges, you are definately in
 a world of hurt.  There are very few computer crime-savvy lawyers
 practicing in the World.  The only thing I can suggest is that
 you call EFF, CPSR or EPIC and ask them if they know of any
 lawyers in your area that they can refer you to.  None of these
 groups will help you directly, except under EXTREME circumstances, and
 only if you have been falsely accused, or have had rights violated.
 If you are guilty, and the cops have any evidence, you are going to be
 convicted.

 Remember Baretta?  "If you can't do the time, then don't do the crime."]


-----------------------------------------------------------------------------

Dear Chris,

You probably don't remember me, but we corresponded about 3 years
ago as part of my PhD research.  I was at Edinburgh University
at the time and am not at UMIST in Manchester (British equivalent of MIT).

The reson I'm writing is that I was awarded my PhD last March, and for one
reason and another I've been sidetracked into a completely different field
of research - the British National Health Service and the various ways
computers are being used in it.

I tried getting a publisher interested in the thesis, but with little luck.
I also sent it to Jim and Gordon at CuD on disk for them to stick it on
archive, but they had problems with the formatting of it and don't seem to
have got round to archiving i.

If you're interested I'd be quite happy to send a couple of disks to you
and you can spread it around as you want.  It just seems a shame for the people
on the net not to get a look at it.  It's dressed up in airy-fairy sociological
language - but there's still lots in it that I think would be of interest to
people on the net.  I saw your interview in CuD, and I agree with you about
most of the books written on the CU.  Mine has its faults but it's got less
biographical data and more issue-oriented stuff.

Anyway, get in touch and let me know if I can find a good home for my magnum
opus.

Take care and a belated thanks for all the time you spent in helping me with
the PhD.

Best Wishes,

Paul Taylor
School of Management
UMIST

[Paul:

 Congrats on your PHD, and continued success at UMIST!
 I'm putting your thesis up on the Phrack WWW page so that more
 people can get a look at it!

 Thanks for sending it!]

-----------------------------------------------------------------------------

I read your article on hacking the French among other foreign governments.
Sounds pretty fun, just for kicks the other night I did a search of all the
computers I could get at in China.  One of them was a national power grid
computer. Sounds like it could be fun to play with huh?  The "They Might Kill
Us" part will tend to turn some people off, but not me.

[WOW!  A National Power Grid Computer!  In China!  Gee.  How many times
 have you seen Sneakers?  Take the tape out of your VCR, slowly run
 a rare-earth magnet over it and set it on fire.

 On the other hand, if you were at least partally serious about the
 hacking for America, keep your eyes open.]


-----------------------------------------------------------------------------

Erikb,

Regarding your article in Phrack 46, we here in Columbus would
just like to say that everything except for the Krack Baby's phone number,
which long since went down, and the Free Net template, is total and utter
bullshit.  The Columbus 2600 meetings were NOT started by Fungal Mutoid, he
is just responsible for a much larger turnout since about September (94), and
whoever wrote that has obviously not been to a Columbus meeting recently.
The Columbus 2600's have been here for quite a while, but bacause the H/P
scene consists of 15 people AT THE MOST, many of which haven't the time to
attend, the turnout is almost always low.  I believe the most that have ever
shown up to a meeting is 10, which dwindled to 8 or so before the
meeting was officially half-over.  Nobody knows who wrote the article which
you printed, although no one has been able to contact Fungal Mutoid to ask him.
Just thought we'd clear a few things up, and to those that don't give two
flying shits, we're sorry to have to bring this into a E-mag as great as
this.

Sincerely,

H.P. Hovercraft and
the Columbus H/P Gang

[Thanks for the letter.  Like I always say, I can only report and print what
 I'm told or what is sent to me.  I don't live anywhere but Austin, TX, so
 I don't know the intimacies of other areas.  Thanks for sending in your
 comments though!]

-----------------------------------------------------------------------------

Haiku

Operator hi
who is it that sets my phone
on redial and tone

gives me rest in times
great stress lays its head on my
leads me into joy

cosmos and mizar
give evidence and homage
to your greatness, why

logon/password
on your very first try shall
succeed, as always

oh, A T and T
while great, holds non to the great
power that NYNEX

gives access to in
glee, awaitnig, cautiously,
for signs of entry

illicitly thus
strives to maintain control of
the ESS switch,

not comprehending
that control is simply gained
by a single call

to some stupid yet
revered operator who
believes you in charge

gives out system pass
with some small feat of trick'ry
PAD to PAD, too, works

sounding of the baud
with modem and coupler
connection is made

who is to question
the incidence of this fault
or acknowledge it

security's words
false threats followed by arrest
on illegal grounds

hackers, phreakers grieve
free the unjustly accused
give them freedom to

ROAM with cellular
phones place to place with no charge
test the system's worth

find holes, detect bugs
run systems by remote, yea,
to explore, to seek,

to find a network
of free bits and bytes unharmed--
innocently seen.

who doesn't know that
Bell or Sprint or MCI
would never approve--

believe in 'puter crime,
toll fraud, "access devices,"
free calls to Denmark

Information is
power is imperative
proprietary

please, spare me the grief
accusations being thrown
of phone co. crashes

are fiction unleashed
to the ignorant public
eye to make blame, fear

all phr/ackers, but all
have had their days and faded
into the past, why

must ignorant block
the free flow of knowledge found
angry sysops abound

secret service rais
hoisting games, computers, phones
never to be re-

turned hackers, phreakers
working for government, spies,
lies, deception, all

to walk free while friends
spend years in jail for simply
battling for some change

knowledge is NOT free
equipment costing milliions,
simply cannot pay

the cost for systems
of signal switching; no on e
wants to harm, just try

to use our knowledge
in a constructive way and
look around for things

which further know-how
of packet switching, ANI,
proctor tests and tones

which make little sense
and why is it there, what are
all the test lines for?

central office trash
provides some clues, while phone calls
get angry response

to inquiries re:
loops and lack of barriers,
COCOT carriers

who overcharge cause
frustraton, must be helped
end overbilling

unfairness is only
people not understanding
nor comprehending

that what we do is
NOT always fraud, vengeance or
deceitful reasons

bu for love of the
systems, curiosity's
overwhealming need

to be met and to
feel accomplished, proud, to
do and know something

WELL crackers abound
pirates do multiply, spread
wavez of warez cross coasts

and foreign countries
virus creators seeking
escape, growth, freedom

not for destruction
but for change, to press limits
to find that which makes

us whole, complete, and
accomplished at crossing
the barriers that

bound conventional
people in dead-end jobs with
little self-esteem.

hacking, phreaking, it
is an art form, and a quest
for endless reaches

to seek, to explore, to
realize and accomplish, to
take chances and live

not for rules and laws
but for what things should be but
will not come to pass.


--kyra

[Uh oh, we're getting pretty literary here.  I can see it now:

 Phrack Magazine.  For the Sensitive Hack/Phreak.

 Interesing poem tho...]


-----------------------------------------------------------------------------

Dear Editor of Phrack Magazine;
Ok Erik (mr. editor), there is also a poem that I have written for Wei.

"Thinking of Ding Wei"
(C) 1994, 1995 Oliver Richman.

Come here, let me tell you something,
How I hide my love for Wei Ding:
By forgetting all my thinking!

When in my mind Wei's heart I see..
I want to tell her "wo ai ni",
So her and I will always be.

Her mind is pure, like pretty Jade..
She makes me want to give her aid.
I know that her love will not fade.

My patience tries to move the sea.
But can I deny you and me?
I want our hearts to set us free.

I really love you, dear Ding Wei,
I think about you every day.
Tell me, what more can I say?

[What's this?  Another Poem?  A tribute of Love for some chick named Wei?
 Holy Lord.  We need to get some codes or credit cards or something in here
 to offset this burst of "Heartfelt Emotive Print." ]

-----------------------------------------------------------------------------

the other day upon the stair
i met a man who wasn't there
he wasn't there again today
i think he's from the CIA


[NOW THIS IS MY KIND OF POETRY!  SHORT, SIMPLE, AND FUNNY.
 WHATEVER HAPPENED TO BENNETT CERF???]

-----------------------------------------------------------------------------

As a former AOLite and definite wannabe, and having d/l the log of
the Rushkoff/Sirius hypechat, I could tell from the beginning that it
would be just as you reviewed _Cyberia_ as being.  Every other word
Rushkoff used was Cyberia or Cyberians.  As lueless and vulnerable to hype
as I was, I couldn't help but stand back and listen to all the shit with a
grin.  In the same not, I ran into David Brin on AOL as well, and managed
to get a correspondence goig with him.  He was on discussing all the
research he did on the "Net" and about the papers he was delivering, and,
most importantly (of course), his upcoming BOOK about the Internet and
privacy.  At the time, still under the glossy spell of Wired (which I still
find interesting) and the hype, I was eager to offer him an interview
proposal, which I would have published in Wired if at all possible.

Dr. Brin knew less than *I* did about the Internet.  I can sum up most of
these people's vocabularies in one word:  "BLAH."  They may as well
reiterate that syllable ad infinitum--it amounts to the same thing.

[WOW!

 Hey Cyber-guy, thanks for the super-cyber email.  As we cruise along this
 InfoBanh, exiting in Cyberia, it takes a diligent cyberian like you
 to keep things in check!

 Sorry bout that.  I was overcome with a minor brain malfunction that
 reduced my IQ to that of Douglas Rushkoff.  Doesn't it all make you want
 to puke?

 I heard that yesterday on the soap opera "Loving" some character was hacking
 into food companies to steal recipes.  A month or so back, on "All My
 Children"  (The only soap I watch...but I'm embarrassed to say I watch it
 religiously), Charlie & Cecily were dorking around on the Internet, and
 sent each other email after reading notes they each left on alt.personals.

 The world is coming to an end.]

-----------------------------------------------------------------------------

Yo erikb:

yo dewd.  eye am so paranoid, my t33th are rattling.
what dewd eye dew?
yew are the god of the internet.
how dew eye stop the paranoia?
please print answer in next phrack.
thanx.
m0fo

[Your Acid will wear off in a few hours.  Don't worry.  Enjoy it.
 The CIA does.

 If it doesn't go away in a few days, there are some nice men in
 white lab coats who will be glad to help you out.

 How do you stop the paranoia?  Your answer:  Thorazine!]

-----------------------------------------------------------------------------

This is Nemo Kowalski speaking (aka Paolo Bevilacqua).
I just discovered Phrack at the young age of 31. ;-)
Well, I like it a lot, at least like I enjoyed doing real
things here in Europe, alone and with DTE222, years ago.
I'm going to write something about the first anti-hacker operation
in Italy, "Hacker Hunter," in which, incidentally, I got busted.
Do you think your some of the old stories from altger and Itapac
can be of interest to your readers?

To Robert Clark:

I read "My Bust" and I liked it.  I'm not a native english speaker,
but I think it was well-written, plus principally, I felt a pleasant
"reader sharing writer's experiences" sensation that can separate a good
reading from pure BS.  This is expecially true since I've been busted here
in Italy, and I've learned that things are more similar around the
western world than I would have thought.

The only thing I can't share is your Seattle experience.   Maybe the dichotomy
good druge/bad drugs has a different meaning for you?

Respect,

Nemo

[Nemo:

 Please write as much or as little as you like about the busts in
 Italy!  We have an article this issue about Italy, but any further
 insights into your experiences, esspecially regarding how busts
 are carried out in other countries would be greatly appreciated by
 our readers!

 I look forward to reading whatever you can put together!]

-----------------------------------------------------------------------------

Chris,

As a relative neophyte to hacking, one of the problems I come up with a
lot is identifying systems I locate scanning.  So, I was wondering if Phrack,
or any other zine, had ever published a concise guide to clues to
help identify unknown systems.  If so, could you please let me know what
mag, and what issue.

One last thing, are there any internet sites with info of interest to hackers?
I know about eff.org and freeside.com and a few others, but nothing really
intriguing...any suggestions?

[You will find a good start to identifying strange systems, and in
 locating sites of interest to hackers in the #Hack FAQ we've printed
 in this issue.  ]

-----------------------------------------------------------------------------

For Phrack news, Darkman was busted in Winnipeg City, Canada, for various
reasons, but since I knew him personally I wanted to add my two cents.
For the record, he was busted for warez and porn as well as hacking into the
UoManitoba, and I heard his wife left him because he spent too much time
pirating on IRC.  He was about 38.  He could read fluently in Russign, and
I remember one night we discovered some secret KGB documents from the 50's,
real science fiction thriller stuff, and he read it to me.

Akalabeth

[It's a drag that your friend was busted, and knowing the Canadian
 government, the porn part was probably pretty minor shit in a worldly
 sense.

 I'm kinda intrugued by the "KGB Documents" you found.  Uh, were these on
 the net?  Did you have a cyrillic character set loaded?  How did you
 read these documents?  Were they on paper?

 SEND THEM TO PHRACK!  :)  ]

-----------------------------------------------------------------------------

Top 10 Reasons Why I Should Get My Subscription FREE:

(1)  I'm a programmer/Analyst for an electric utility company in Texas
     (ahh, come on - I'm a fellow Texan!)

(2)  I've read Phrack for years (loyalty scores points - right?)

(3)  I've been involved with compuers since GOD created the PC
     (I began in late 70's-early 80's).

(4)  I'm *not* a narc (shh, don't tell anybody.)

(5)  I *may* have a record (but if I do, it's for minor kind of stuff -
     I'm basically a nice guy).

(6)  I don't like the telephone company (you have to admit they're amusing
     though.)

(7)  I know how to get around on the 'net (can't you tell - I have an AOL
     account <g>.)

(8)  I'm a good source of info regarding all types of mainframe and PC
     programming.

(9)  PLEASE....

(10) I'll quit writing dumb letters and trying to be funny.

[David Letterman is in the background throwing up as I'm typing

 Don't quit your day job...but I'll send you Phrack anyway. :) ]

-----------------------------------------------------------------------------

Hey Chris,

I just read your thing in Phrack abou the US being attacked by our so
called "allies" and I agree with you 110%!  I do believe that we should start
some sort of CyberArmy to fight back.  I don't think that our government
would mind, unless we crashed an economy that they were involved with or
something, but hell, they fuck with us, let's fuck with them.  And you were
saying about phone costs, isn't it possible to just telnet or something over
there?  And why stop at fighting back against our information agressors, why
not fight back against other countries that our government is too chickenshit
to fight against?  Cuba comes to mind.  Well, I hope you reply or something, I
really like Phrack, I try to get it whenever I can manage, but I don't
have an internet address where I can get files.  Keep up the good work.

[Yet another volunteer for the US Cyber Corp!  By God, I'll have
 an army yet.  :)  ]

-----------------------------------------------------------------------------


                              ==Phrack Magazine==

                 Volume Six, Issue Forty-Seven, File 2a of 23

*****************************************************************************

                                Phrack Editorial

What you are about to read is pure speculation on my part.  Do not take
this to be 100% fact, since most of it is hypothesis.  But it sure will
make you think twice.  "Ever get the feeling you're being cheated?"

-----------------------------------------------------------------------------

So...Mitnick was busted.

There certainly are some really odd things regarding the whole mess,
especially with regards to the "investigating" being done by
a certain heretofore unheralded "security" professional and
a certain reporter.

One of the first oddities was the way the Mitnick saga suddenly
reappeared in the popular media.  In February, and seemingly out of
nowhere, the ever diligent John Markoff entered the scene with the
a groundbreaking story.  (Of course this is meant to be sarcastic as
hell.)  Markoff's story dealt with a near miss by federal authorities
trying to apprehend Mr. Mitnick in Seattle about 5 months prior.

Now, if nothing else happened in the whole Mitnick saga, I never would
have given this a second thought, but in light of what followed,
it really does seem odd.  Why would someone write about a subject that
is extremely dated of no current newsworthiness?  "Our top story tonight:
Generalissimo Francisco Franco is still dead."

To be fair, I guess Markoff has had a hard on for Mitnick for ages.
Word always was that Mitnick didn't really like the treatment he got
in Markoff's book "Cyberpunk" and had been kinda screwing with him for
several years.  (Gee, self-proclaimed techie-journalist writes something
untrue about computer hackers and gets harassed...who would have thought.)
So it really isn't that odd that Markoff would be trying to stay abreast
of Mitnick-related info, but it certainly is odd that he would wait
months and months after the fact to write something up.

But wait, a scant month and a half later, Mitnick gets busted!  Not
just busted, but tracked down and caught through the efforts of a
computer security dude who had been hacked by Mitnick.  Breaking the
story was none other than our faithful cyber-newshawk, John Markoff.

"Tsutomo Shimomura, born to an American mother and a Japanese father,
thus becan life as he was destined to live it...going in several
directions at once.  A brilliant neurosurgeon, this restless young man
grew quickly dissatisfied with a life devoted solely to medicine.
He roamed the planet studying martial arts and particle physics,
colelcting around him a most eccentric group of friends, those
hard-rocking scientists The Hong Kong Cavaliers.

"And now, with his astounding jet car ready for a bold assault on the
dimension barrier, Tsutomo faces the greatest challenge of his turbulent
life...

"...while high above Earth, an alien spacecraft keeps a nervous watch on
Team Shimomura's every move..."

Wait a minute...that's Buckaroo Banzai.  But the similarities are almost
eerie.  Security dude by day, hacker tracker by night, ski patrol
rescue guy, links to the NSA!  WOWOW!  What an incredible guy!  What an
amazing story!

But wait!  Let's take a closer look at all of this bullshit, before it
becomes so thick all we can see is tinted brown.

Shimomura was supposedly hacked on Christmas Eve by Kevin Mitnick, which
set him off on a tirade to track down the guy who hacked his system.
Supposedly numerous IP tools were taken as well as "millions of dollars
worth of cellular source code."

First off, Shimomura's TAP is available via ftp.  Modified versions of this
have been floating around for a while.  I suppose it's safe to assume that
perhaps Tsutomo had modified it himself with further modifications (perhaps
even some of the IP/localhost spoofs that the X-consortium guys were
playing with, or maybe other tricks like denial of service and source-routing
tricks...I don't really know, I don't have any such thing authored by
Shimomura.)

Secondly, what is all this cellular source code?  And why did Shimomura have
it?  Could it be that this is really just some kind of smokescreen to make
it seem like Mitnick did something bad?  For those of you who don't know,
Tsutomo is friends with Mark Lottor (yes, the OKI experimenter, and CTEK
manufacturer.).  They have been friends for some time, but I don't know
how long.  Lottor used to be roommates with, lo and behold, Kevin Poulsen!
Yes, that Kevin Poulsen...the guy who before Mitnick was the "computer
criminal de jour."  Poulsen and Mitnick were no strangers.

It wouldn't be too much of a stretch of the imagination to think that
those files were really ROM dumps from phones that Lottor had given
Shimomura.  It also wouldn't be too much of a stretch to imagine that
Mitnick knew Tsutomo, and decided to go poke around, pissing off
Tsutomo who knew that he'd been violated by SOMEONE HE ACTUALLY KNEW!
(It sure does piss me off much more to get fucked over by someone I know
rather than a complete stranger.)

Woah.  If any of that is true, what strange bedfellows we have.  But wait,
it gets better...

Enter John Markoff.  Markoff and Tsutomo have obviously known each other for
a while.  I don't know where they met...but I know they were together
at Defcon, maybe at Hope, and probably at the Tahoe Hacker's conference
a few years back.  (I'd have to go back and look over the group
photos to be certain.)

Markoff already has a stake in the Mitnick story, since it was his book,
"Cyberpunk" that really gave ol' Kevin some coverage.  Now, if Markoff knew
that Mitnick had hacked Tsutomo (from Tsutomo's own mouth), then certainly
any journalist worth his salt would see possibilities.  Gee, what a great
concept!  A colorful computer security guy tracks down one of the world's
most wanted hackers!  What a great story!  Remember that Stoll Guy?

But in order to get the book publishers really hot, it would take some more
press to rejuvinate interest in the Mitnick story.  So the first story,
months after the fact, is printed.

Meanwhile, Tsutomo is supposedly tracking down Mitnick.

How does one track down a hacker?  The legal (and really annoyingly hard way)
is to work with other system administrators and establish a trail via
tcp connects and eventually back to a dialup, then work with phone companies
to establish a trap and trace (which usually takes two or three calls) and
then working with local police to get a warrant.  Somehow Tsutomo seemingly
managed to avoid all this hassle and get a lot done by himself.  How?
Well, the Air Force OSI managed to track down the British Datastream Cowboy
by hacking into the systems he was hacking into the Air Force from.  This is
the easy way.  Hmmm.

I know with a good degree of certainty that Markoff's and Tsutomo's little
escapades pissed off a great many people within law enforcement, but I don't
know exactly why.  If they WERE bumbling around stepping on FBI toes
during the course of their litle hunt, certainly the FBI would have
threatened them with some kind of obstruction of justice sentence if they
didn't stop.  Did they?

Well before any of this had begun, Mitnick had been hacking other places
too. Guess what?  He happened to hack CSCNS, where a certain ex-hacker, Scott
Chasin, runs the security side of things. I remember well over a year ago
talking to Chasin about a hacker who had breeched CNS.  Discussing his
methods, we thought it must be Grok, back from the netherworld, since he
was so skilled.  The hacker also made claims of being wireless to avoid
being traced.  (This also fit into the Grok modus operandi...so we just
assumed it was indeed Grok and left it at that.)  Chasin told the hacker
to get off of CNS, and that he could have an account on crimelab.com, if
he would only use it for mail/irc/whatever, but with no hacking, and on
the agreement that he would leave CSCNS alone.

The agreement was made, but went sour after only a few weeks when the mystery
hacker began going after CSCNS again.  The Colorado Springs FBI was called
in to open an investigation.  This was ages ago, but of course, field agencies
rarely talk.

Back in the present, Tsutomo goes to help out at the Well, where
a certain admin (pei) was having problems with intruders.  This is the
same pei who a few months earlier told Winn Schwartau "The Well has no
security!" Which Winn reported in his newsletter.  (This of course came after
Winn's account on the Well was reactvated by an anonymous person who
posted several messages about Markoff and signed them "km."  DUH!)

So somehow, Tsutomo gets trace information leading back to a cell site in
North Carolina.  How does a private citizen get this kind of information?
Don't ask me!  My guess is that the feds said, give us what you know,
help us out a bit and don't get in our way.  In return, one can surmise
that Tsutomo (and Markoff) got to glean more info about the investigation
by talking with the feds.

So, Mitnick gets busted, and Tsutomo got to ride around in a car with
a Signal Strength Meter and help triangulate Mitnick's cellular activity
to his apartment.  Woo woo!

After all is said and done, Tsutomo has single handedly captured Mitnick,
John Markoff breaks the story on the FRONT PAGE of the New York Times, and
every other computer reporter in America continually quotes and
paraphrases Markoff's story and research as "God's Own Truth."

Mitnick, on the other hand, gets blamed for:

 1) hacking Tsutomo
 2) hacking the Well
 3) hacking Netcom to get credit cards
 4) hacking CSCNS
 5) hacking Janet Reno's Cell Phone
 6) hacking motorola
 7) conversing with foreign nationals
 etc..

Let's look at some these charges:

1) Mitnick was not the first (or only) to hack Tsutomo.  The San Deigo
   Supercomputer Center is a target for a lot of people.  It's a major
   Internet center, and there are all kinds of goodies there, and the
   people who work there are smart guys with nice toys.  Sorry, but
   Mitnick is the scapegoat here.

2) Mitnick was not the first, last, or most recent to hack The Well.
   Like Pei said, "The Well Has No Security."  I know this first hand,
   since I have an account there.  I don't raise a stink about it,
   because I pay by check, and my email is boring.

3) Mitnick was not the person who got the Netcom credit card file.
   That file floated around for quite some time.  He might have had
   a copy of it, but so do countless others.  Sorry.  Wrong again.

4) Mitnick was in CNS.  He was not the only one.  Thanks for playing.

5) The thought that Mitnick could reprogram a MTSO to reboot upon
   recognizing a ESN/MIN pair belonging to one specific individual
   would require that he had hacked the manufacturer of the MTSO, and
   gotten source code, then hacked the cellular carrier and gotten
   a full database of ESN/MIN information.  Both of these things have
   been done by others, and Mitnick certainly could have done them too,
   but I doubt he would have gone to that much trouble to call attention
   to his actions.

6) Motorola, like EVERY other big-time computer industry giant has been
   hacked by countless people.

7) Mitnick reportedly had dealings with foreign nationals, especially
   one "Israeli" that set the CIA up in arms.  Well, sure, if you get on
   IRC and hang out, you are probably going to talk to people from other
   countries.  If you hang out on #hack and know your stuff, you will probably
   end up trading info with someone.  But, playing devil's advocate,
   perhaps the person you might be talking to really isn't a 22 year old
   Israeli student.  Maybe he really is a 40 year old Mossad Katsa working
   in their computer center.  Was Mitnick Jewish?  Would he do "whatever
   it takes to help the plight of Jews worldwide?"  Could he have been
   approached to become one of the scores of sayanim worldwide?  Sure.
   But probably not.  He'd be too hard to call on for the favors when they
   would be needed by Mossad agents.  So, I have some doubts about this.

Less than a month after the whole bust went down, Markoff and Tsutomo
signed with Miramax Films to produce a film and multimedia project
based on their hunt for Mitnick.  The deal reportedly went for
$750,000.  That is a fuckload of money.  Markoff also gets to do a book,
which in turn will become the screenplay for the movie.  (Tsutomo
commented that he went with Miramax "based on their track record."
Whatever the fuck that means.)

Less than a month and they are signed.

Looks to me like our duo planned for all this.

"Hey Tsutomo, you know, if you went after this joker, I could write a book
about your exploits!  We stand to make a pretty penny.  It would be
bigger than the Cuckoo's egg!"

"You know John, that's a damn good idea.  Let me see what I can find.
Call your agent now, and let's get the ball rolling."

"I'll call him right now, but first let me write this little story to
recapture the interest of the public in the whole Mitnick saga.  Once that
runs, they publishers are sure to bite."

Meanwhile Mitnick becomes the fall guy for the world's ills, and
two guys methodically formulate a plot to get rich.  It worked!

Way to go, guys.




AOH Site layout & design copyright © 2006 AOH