AOH :: P06-12.TXT

Phrack World News Part 4


                                ==Phrack Inc.==

                    Volume One, Issue Six, Phile #12 of 13

:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:

                         *-=+^ Phrack World News ^+=-*

                               Issue Five/Part 4

                            Compiled and Written By

                               Knight Lightning

:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:

Grown-Up Laws Sought For Computer Criminals
-------------------------------------------
By Dave Skidmore (Associated Press)

WASHINGTON-Teen-age computer hackers are giving way to a new generation of
people who steal information from computers for profit rather than fun, the
head of a House crime panel said Wednesday.

"The hackers were the first generation we saw.  Now we have a lot of
professionals who are getting into the business of accessing computer data
bases," said Rep. William J. Hughes, D-N.J. [609/645-7957 or 202/225-6572], the
sponsor of legislation aimed at helping law enforcement authorities better cope
with the problem.

Hughes commented as the House subcommittee on crime, which he heads, studied
the proposed Computer Fraud and Abuse Act.

Teen-age computer hobbyists, motivated fun and desire for status among fellow
hobbyists, use home computers and the telephone to "hack" into government and
industry data bases.

Now, Hughes said, hackers' techniques are being increasingly used by
industrial spies who sell trade secrets gleaned from corporate computers and
thieves who change bank records to steal millions of dollars.

"Computer crime is probably one of the fastest growing areas of crime. (It's)
going to make the old robbery and burglary a little passe with certain
professionals," he said.

Hughes' bill, cosponsored by Reps. Bill McCollum, R-Fla [202/225-2176], and
Bill Nelson, D-Fla [202/225-3671], creates three new offenses.

1. It forbids unauthorized access to a computer and drops a requirement that
   the government prove information in the computer was used or altered.

2. It outlaws "pirate bulletin boards" used by hackers to trade secret computer
   codes and passwords.

3. It makes it a felony punishable by up to five years in prison and a $250,000
   fine to maliciously cause damage in excess of $1,000 to a computer program
   or data base.

That section of the bill would apply to so-called "Trojan Horse" programs
which, when achieving access to another computer, destroy all the data and
programs in that computer.

The legislation is intended to plug loopholes in anti-crime legislation
passed by Congress in 1984, Hughes said.  It applies to computers used by the
federal government or its contractors and bank and loan association computers.

Hughes said he expected his bill and similar legislations sponsored by Sen.
Paul S. Trible Jr., R-Va [804/771-2221 or 202/224-4024], to reach the House
and Senate floors sometime in May.

                    Information Provided by Blue Buccaneer
-------------------------------------------------------------------------------
The following is a critical breakdown of the above article.
-------------------------------------------------------------------------------
Blue Buccaneer:

Concerning this law: I always thought it would be more fun to hack for cash,
but hey...  Anyway, the three new offenses are what I am not to fond of:

1) "forbids unauthorized access to a computer" (Gosh, really?)  "and drops a
    requirement that the government prove information in a computer was used or
    altered"  Now what kinda law is that?!  The government can just arrest
    someone and not have to prove anything?  COME ON!

2) "It outlaws 'pirate BBSes'"  When will these people learn the correct
   terminology?  Pirates trade warezzzz, not 'secret passwords and codes'.  The
   point is, that because this is a federal law, it will apply to all states.
   We aren't talking pussy-laws anymore.  Wouldn't it be damn awful if just
   running the stupid BBS was a crime?  Besides that, I thought we had a right
   to freedom of the press.  Again, COME ON!

3) "and a $250,000 fine to maliciously cause damage in excess of $1000 to a
   computer program or data base".  Excuse me for asking, but can one
   "maliciously" destroy data?  And isn't a quarter of a million dollars a bit
   much for a teen-ager on a regular allowance?  And that much for $1000
   damage?  Shit, I wish my insurance company paid like that when I wreck my
   car.  Once again, COME ON!

And then, I guess this is the journalist's fault, but what the hell does that
paragraph on Trojan Horses have to do with this shit?  I mean really!  Do you
think Joe Blow in the street is going to go: "Whew, for a minute there I was
afraid that new bill might just skip over those Trojan Horse things."  I'd
kinda assume Trojan Horses were covered under the "maliciously" destroying
data rule.
                        Above written by Blue Buccaneer
_______________________________________________________________________________

Computer Kids, Or Criminals?
----------------------------
Mr. Slippery, age 12, never thought playing on his home computer amounted to
much more than harmless fun -- until a mysterious call from a stranger one day
proved otherwise.  "I got a funny phone call from someone offering me money to
destroy a bank's records," said Slippery, identified by his hacker alias.  "At
that point in time, I realized that that's an incredible way to launder money.
That if I was real smart, I would move out of the whole thing, because that was
an obvious point at organized crime, to me."

Hacking, or using a personal computer to trespass by phone lines into the
private computer systems of corporations, foundations, universities and banks,
is a new form of organized crime, say experts.  In the last year or two, a new,
sophisticated breed of hacker has emerged.  Their ages vary, from the early
hackers who started at 14, and have now entered college, to adults who operate
computerized crime networks, but their motives are similar:  criminal.

When Mr. Slippery started hacking seven years ago he as an exception among
pimply faced, curious kids whose computers were toys for cheap, and typically
harmless, thrills.  For four years, he lived up to his alias, eventually
penetrating top security government computers at the Department of Defense
(DOD) and the National Security Agency (NSA).  Mr. Slippery remained undetected
until his last several weeks as a hacker.  He was never caught, never
convicted.  Toward the end, he realized government security agents were
following him and decided to put away his phone modem for good.

"After about four years of this, though, I started realizing that an entirely
new crowd had sprung up," observes Mr. Slippery, now a 19-year-old ex-hacker.
"You now have the 14 year olds who were running around destroying things seeing
how much trouble they could cause."  Computer crime experts say the hacker
problem is getting worse, even though industries are increasingly reluctant to
discuss the topic.  "The malicious hacker problem is continuing to increase
drastically and is getting far more serious," said Donn B. Parker, author of
Fighting Computer Crime and a computer and data security consultant at SRI
International, a California-based, non-profit research institute.

"The lowering costs of equipment, the attraction of it for new kids coming into
it as a rite of passage, points to increasing vulnerability of American
business to the hacker problem."  Parker's expertise got him hired as a
technical consultant to the movie War Games about two teen-age hackers who
penetrate government defense computers.  Where there is evidence of serious
computer hacker crime is on electronic bulletin board systems (BBSes), where
hackers share gathered intelligence.  "Phone companies have huge investments
in their equipment that is highly vulnerable to the hackers, who have figured
out how to beat them, and have used pirate boards for their intelligence
purposes," said SRI International's Parker.

"A large proportion of these kids are, in fact, juvenile delinquents with other
arrest records."  Recently, a hacker posted this on a local BBS:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I live in Cleveland and the Pheds are fucking everywhere.  This guy who goes by
the alias Lou Zer got caught and they told him if he narced on like 5 people he
would get off with probation so he did that.  Now like half the 2300 club has
been busted and this kid has a lot of problems in the future.  Also I have seen
cops that I know of dressed as fucking federal express guys.  Try and avoid
using them.  Also, here's some PBXs to fuck with.  They belong to Standard Oil.

                                             --Later, Sir Gallahad
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Other BBSs post lists of telephone numbers of Fortune 1000 corporations, banks,
credit bureaus, universities, and foundations.

Admittedly, many of the numbers are invalid, say experts.  Though there are
BBSes that admit members only by invitation and operate as part of a computer
underground, others can be accessed by anyone with a computer and a phone
modem.  Often the boards carry foreboding names like The Sanctuary, Future
World, Dark Side, Deathtrap and Speed Demon Elite.  Computer crime is sometimes
called the perfect crime.  Its perpetrators are anonymous hackers using aliases
like Phantom Phreaker, Big Brother, Bootleg, Sigmund Fraud, and Scan Man.

John Maxfield is a computer security consultant who lives in a downriver
suburb.  Maxfield spends most of his working hours scanning BBSs, and is known
by computer crime experts as a hacker tracker.  His investigative work scanning
boards has resulted in more prosecutions of computer hackers than anyone else
in the field, say sources familiar with his work.  Maxfield, who accepts death
threats and other scare tactics as part of the job, says the trick is knowing
the enemy.  Next to his monstrous, homemade computer system, Maxfield boasts
the only file on computer hackers that exists.  It contains several thousand
aliases used by hackers, many followed by their real names and home phone
numbers.  All of it is the result of four years of steady hacker-tracking, says
Maxfield. "I've achieved what most hackers would dearly love to achieve," said
Maxfield.  "Hacking the hacker is the ultimate hack."

Maxfield estimates there are currently 50,000 hackers operating in the computer
underground and close to 1,000 underground bulletin boards.  Of these, he
estimates about 200 bulletin boards are "nasty," posting credit card numbers,
phone numbers of Fortune 500 corporations, regional phone companies, banks, and
even authored tutorials on how to make bombs and explosives.  One growing camp
of serious hackers is college students, who typically started hacking at 14 and
are now into drug trafficking, mainly LSD and cocaine, said Maxfield.  This is
an example of a recent BBS posting:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
WANTED: LSD, of any kind.  Leave me mail if you're willing to talk prices, I'll
take anything up to $5 a hit.  $3 is more likely.

                                                  --urlord
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The BBSs are versatile teaching tools, too.  Hackers post detailed tutorials
on:

HACKING: Using a personal computer and modem to trespass into the private
         computer systems of corporations, foundations, universities, and
         banks.

CARDING: Using valid credit card numbers obtained from discarded carbons,
         accounts posted at video rental stores, or even by hacking credit
         bureau computers.

TRASHING: Sifting through trash to find discarded credit card carbons,
          receipts, computer passwords, code words, confidential phone company
          directories.

PHREAKING or FONING: Manipulating phone systems, usually to make
                     long-distance calls at no charge.
-------------------------------------------------------------------------------
Below is an excerpt from a four-part tutorial on credit card fraud posted on an
exclusive East Coast BBS for elite advanced hackers:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Carding! By Music Major.  Believe it or not, without carding, a damper would be
put on the computer users of America (and especially Canada).  Can you imagine
trying to save enough money to BUY a 2400 baud modem and a 30 meg drive for a
BBS?  Oh, of course it can be done, but considering that a majority of the
active computer users are still in school, and most do not have a steady job,
it will take too long, and cost too much for this average person to spend on a
BBS.  Working at minimum wage at a part-time job, it would take 30 weeks of
CONSTANT saving to put up the BBS (with good modem and good drive).  Not a
pretty thought! When the going gets tough, the tough go carding!

Music Major goes into more detail on later, he warns younger hackers about the
possible risks of trying a method he claims he invented:  "I have called this
method foning for cards.  To be convincing, you MUST have a fluent tongue and a
semi-deep voice (skip this part if your voice is still cracking--refer back
when you get a real voice)."
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Maxfield's operation is called BoardScan.  He is paid by major corporations and
institutions to gather and provide them with pertinent intelligence about the
computer underground.  Maxfield also relies on reformed hackers.  Letters of
thanks from VISA and McDonald's decorate a wall in his office along with an
autographed photo of Scottie, the engineer on Star Trek's Starship Enterprise.

Often he contacts potential clients about business.  "More often I call them
and say, I've detected a hacker in your system," said Maxfield.  "At that
point, they're firmly entrenched.  Once the hackers get into your computer,
you're in trouble.  It's analogous to having roaches or mice in the walls of
your house.  They don't make their presence known at first.  But one day you
open the refrigerator door and a handful of roaches drop out."

Prior to tracking hackers, Maxfield worked for 20-odd years in the hardware end
of the business, installing and repairing computers and phone systems.  When
the FBI recruited him a few years back to work undercover as a hacker and phone
phreak, Maxfield concluded fighting hacker crime must be his mission in life.

"So I became the hacker I was always afraid I would become," he said.  Maxfield
believes the hacker problem is growing more serious.  He estimates there were
just 400 to 500 hackers in 1982.  Every two years, he says, the numbers
increase by a factor of 10.  Another worrisome trend to emerge recently is the
presence of adult computer hackers.  Some adults in the computer underground
pose as Fagans, a character from a Charles Dickens novel who ran a crime ring
of young boys, luring young hackers to their underground crime rings.

                   Courtesy of Galaxy Girl and Silicon Thief
                       Major Editing by Knight Lightning
          Written by Lisa Olson (News Staff Writer for Detroit News)
-------------------------------------------------------------------------------
A few notes:  It is my assumption that Music Major's Carding Tutorial was
from KL       actually four posts made on the Carding Subboard on Stronghold
-------       East.  If this is true then it would mean that at the time or
              previous to the time of this article Maxfield was on SE.  This
              post was probably taken in before the MASSIVE user purge on
              Stronghold East.
_______________________________________________________________________________



AOH Site layout & design copyright © 2006 AOH