TUCoPS :: Cyber Law :: wildhack.txt

Sandza - the articles that started it all

                                                                     Page 1
  File courtesy of Outlaw Labs
      A Forwarded Article:

                       + The Night of the Hackers +

     As you are surveying the dark and misty swamp you come across what
appears to be a small cave.  You light a torch and enter.  You have walked
several hundred feet when you stumble into a bright blue portal...  With a
sudden burst of light and a loud explosion you are swept into... DRAGONFIRE...
Press Any Key if You Dare."

     You have programmed your personal computer to dial into Dragonfire, a
computer bulletin board in Gainesville, Texas.  But before you get any
information, Dragonfire demands your name, home city and phone number.  So,
for tonight's tour of the electronic wilderness you become Montana Wildhack of
San Francisco.

     Dragonfire, Sherwood Forest (sic), Forbidden Zone, Blottoland, Plovernet,
The Vault, Shadowland, PHBI and scores of other computer bulletin boards
are hangouts of a new generation of vandals.  These precocious teenagers
use their electronic skills to play hide-and-seek with computer and
telephone security forces.  Many computer bulletin boards are perfectly
legitimate:  they resemble electronic versions of the familiar cork boards
that are usually in supermarkets and school corridors, listing services and
providing information someone out there is bound to find useful.  But this is
a walk on the wild side, a trip into the world of underground bulletin boards
dedicated to encouraging -- and making -- mischief.

     The phone number for these boards are as closely guarded as a
psychiatrist's home telephone number.  Some numbers are posted on underground
boards; others are exchanged over the telephone.  A friendly hacker provided
Dragonfire's number.  Hook up and you see a broad choice of topics offered.
For Phone Phreaks -- who delight in stealing service from AT&T and other phone
networks .  Phreakenstein's Lair is a potpourri of phone numbers, access codes
and technical information.  For computer hackers -- who dial into other
people's computers -- Ranger's Lodge is chock-full of phone numbers and
passwords for government, university and corporate computers.  Moving through
Dragonfire's offerings, you can only marvel at how conversant these teen-agers
are with the technical esoterica of today's electronic age.  Obviously they
have spent a great deal of time studying computers, though their grammar and
spelling indicate they haven't been diligent in other subjects.  You are
constantly reminded of how young they are.

     "Well it's that time of year again.  School is back in session so let's
get those high school computer phone numbers rolling in.  Time to get straight
A's, have perfect attendance (except when you've been up all night hacking
school passwords), and messing up you worst teacher's paycheck."

     Forbidden Zone, in Detroit, is offering ammunition for hacker civil war -
-tips on crashing the most popular bulletin-board software.  There also are
plans for building black, red and blue boxes to mimic operator tones and
get free phone service.  And here are the details for "the safest and best way
to make and use nitroglycerine," compliments of Doctor Hex, who says he got it
"from my chemistry teacher."

                                                                     Page 2

     Flip through the "pages." You have to wonder if this information is
accurate.  Can this really be the phone number and password for Taco Bell's
computer?  Do these kids really have the dial-up numbers for dozens of
university computers?  The temptation is too much.  You sign off and have your
computer dial the number for the Yale computer.  Bingo -- the words "Yale
University" appear on your screen.  You enter the password.  A menu appears.
You hang up in a sweat.  You are now a hacker.

     Punch in another number and your modem zips off the touch tones.  Here
we come across the inevitably tedious side of all this...  Bulletin boards are
popular.  No vacancy in Bates Motel (named for Anthony Perkin's creepy motel
in the movie "Psycho"); the line is busy.  So are 221 B.  Baker Street, PHBI,
Shadowland and The Vault, Caesar's Palace rings and connects.  This is
different breed of board.  Caesar's Palace is a combination Phreak board
and computer store in Miami.  This is the place to learn ways to mess up a
department store's anti-shoplifting system, or make free calls on
telephones with locks on the dial.  Pure capitalism accompanies such
anarchy, Caesar's Palace is offering good deals on disk drives, software,
computers and all sorts of hardware.  Orders are placed through electronic
mail messages.

     "Tele-Trial":  Bored by Caesar's Palace, you enter the number for
Blottoland, the board operated by one of the nation's most notorious
computer phreaks -- King Blotto.  This one has been busy all night, but
it's now pretty late in Cleveland.  The phone rings and you connect.  To
get past the blank screen, type the secondary password "S-L-I-M-E." King
Blotto obliges, listing his rules:  he must have your real name, phone number,
address, occupation and interests.  He will call and disclose the primary
password, "if you belong on this board." If admitted, do not reveal the phone
number or the secondary password, lest you face "tele-trial," the King warns
as he dismisses you by hanging up.  You expected heavy security, but this
teenager's security is, as they say, awesome.  Computers at the Defense
Department and hundreds of businesses let you know when you've reached them.
Here you need a password just to find out what system answered the phone.
Then King Blotto asks questions -- and hangs up.  Professional computer-
security experts could learn something from this kid.  He knows that ever
since the 414 computer hackers were arrested in August 1982, law-enforcement
officers have been searching for leads on computer bulletin boards.

     "Do you have any ties to or connections with any law enforcement agency
or any agency which would inform such a law enforcement agency of this
bulletin board?"

     Such is the welcoming message from Plovernet, a Florida board known for
its great hacker/phreak files.  There amid a string of valid VISA and
MasterCard numbers are dozens of computer phone numbers and passwords.
Here you also learn what Blotto means by tele-trial.  "As some of you may
or may not know, a session of the conference court was held and the Wizard was
found guilty of some miscellaneous charges, and sentenced to four
months without bulletin boards." If Wizard calls, system operators like
King Blotto disconnect him.  Paging through bulletin boards is a test of
your patience.  Each board has different commands.  Few are easy to follow,
leaving you to hunt and peck your way around.  So far you haven't had the
nerve to type "C," which summons the system operator for a live, computer-to-
computer conversation.  The time, however, has come for you to ask a few
questions of the "sysop." You dial a computer in Boston.  It answers and you
begin working your way throughout the menus.  You scan a handful of dial-up
numbers, including one for Arpanet, the Defense Department's research

                                                                     Page 3

computer.  Bravely tap C and in seconds the screen blanks and your cursor
dances across the screen.

     Hello .  .  .  What kind of computer do you have?

     Contact.  The sysop is here.  You exchange amenities and get "talking."
How much hacking does he do?  Not much, too busy.  Is he afraid of being
busted, having his computer confiscated like the Los Angeles man facing
criminal changes because his computer bulletin board contained a stolen
telephone-credit-card number?  "Hmmmm .  .  .  No," he replies.  Finally,
he asks the dreaded question:  "How old are you?" "How old are YOU," you
reply, stalling.  "15," he types.  Once you confess and he knows you're old
enough to be his father, the conversation gets very serious.  You fear each
new question; he probably thinks you're a cop.  But all he wants to know is
your choice for president.  The chat continues, until he asks, "What time
is it there?" Just past midnight, you reply.  Expletive.  "it's 3:08 here,"
Sysop types.  "I must be going to sleep.  I've got school tomorrow." The
cursor dances "*********** Thank you for Calling." The screen goes blank.

                                - Epilog: -

     A few weeks after this reporter submitted this article to Newsweek, he
found that his credit had been altered, his drivers' licence revoked, and EVEN
His Social Security records changed!  Just in case you all might like
to construe this as a 'Victimless' crime.  The next time a computer fouls
up your billing on some matter, and COSTS YOU, think about it!

     This the follow-up to the previous article concerning the Newsweek
reporter.  It spells out SOME of the REAL dangers to ALL of us, due to this
type of activity!

                          The REVENGE of the Hackers

     In the mischievous fraternity of computer hackers, few things are prized
more than the veil of secrecy.  As NEWSWEEK San Francisco correspondent
Richard Sandza found out after writing a story on the electronic underground's
(DISPATCHES, Nov.  12, 198\ ability to exact revenge can be unnerving.  Also
severe....  Sandza's report:

     "Conference!" someone yelled as I put the phone to my ear.  Then came a
mind-piercing "beep," and suddenly my kitchen seemed full of hyperactive
15-year-olds.  "You the guy who wrote the article in NEWSWEEK?" someone
shouted from the depths of static, and giggles.  "We're going disconnect
your phone," one shrieked.  "We're going to blow up your house," called
another.  I hung up.

     Some irate readers write letters to the editor.  A few call their
lawyers.  Hackers, however, use the computer and the telephone, and for more
than simple comment.  Within days, computer "bulletin boards" around the
country were lit up with attacks on NEWSWEEK's "Montana Wildhack" (a name I
took from a Kurt Vonnegut character), questioning everything from my manhood
to my prose style.  "Until we get real good revenge," said one message from
Unknown Warrior, "I would like to suggest that everyone with an auto-modem

                                                                     Page 4

call Montana Butthack then hang up when he answers." Since then the hackers of
America have called my home at least 2000 times.  My harshest critics
communicate on Dragonfire, a Gainesville, Texas, bulletin board where I am on
teletrial, a video-lynching in which a computer user with grievance dials the
board and presses charges against the offending party.  Other hackers --
including the defendant -- post concurrences or rebuttals.  Despite the
mealtime interruptions, all this was at most a minor nuisance; some was
amusing, even fun.

     FRAUD:  The fun stopped with a call from a man who identified himself
only as Joe.  "I'm calling to warn you," he said.  When I barked back, he
said, "Wait, I'm on your side.  Someone has broken into TRW and obtained a
list of all your credit-card numbers, your home address, social-security
number and wife's name and is posting it on bulletin boards around the
country."  He named the charge cards in my wallet.

     Credit-card numbers are a very hot commodity among some hackers.  To get
one from a computer system and post it is the hacker equivalent of making
the team.  After hearing from Joe, I visited the local office of the TRW
credit bureau and got a copy of my credit record.  Sure enough, it showed a
Nov. 13 inquiry by the Lenox (Mass.) Savings Bank, an institution with no
reason whatever to ask about me.  Clearly some hacker had used Lenox's
password to the TRW computers to get to my files (the bank has since changed
the password).

     It wasn't long before I found out what was being done with my credit-card
numbers, thanks to another friendly hacker who tipped me to Pirate 80, a
bulletin board in Charleston, W.Va., where I found this:  "I'm sure you
guys have heard about Richard Sandza or Montana Wildhack.  He's the guy who
wrote the obscene story about phreaking in NewsWeek.   Well, my friend did a
credit card check on TRW...  Try this number, it' a Visa...  Please nail this
guy bad...   Captain Quieg.

     Captain Quieg may himself be nailed.  He has violated the Credit Card
Fraud Act of 1984 signed by President Reagan on Oct. 12.  The law provides a
$10,000 fine and up to a 15-year prison term for "trafficking" in illegally
obtained credit-card account numbers.  He "friend" has committed a felony
violation of the California computer-crime law.  TRW spokeswoman Delia
Fernandex said that TRW would "be more than happy to prosecute" both of

     TRW has good reason for concern.  Its computers contain the credit
histories of 120 million people.  Last year TRW sold 50 million credit reports
on their customers.  But these highly confidential personal records are so
poorly guarded that computerized teenagers can ransack the files and depart
undetected.  TRW passwords -- unlike many others -- often print out when
entered by TRW's customers.  Hackers then look for discarded printouts.  A
good source:  the trash of banks and automobile dealerships, which routinely
do credit checks.  "Everybody hacks TRW," says Cleveland hacker King Blotto,
whose bulletin board has security system the Pentagon would envy.  "It's the
easiest." For her part, Fernandez insists that TRW "does everything it can to
keep the system secure."

     In my case, however, that was not enough.  My credit limits would hardly
support big-time fraud, but victimization takes many forms.  Another hacker
said it was likely that merchandise would be ordered in my name and shipped to
me -- just to harass me.  I used to use credit-card numbers against someone I
didn't like," the hacker said.  "I'd call Sears and have a dozen toilets

                                                                     Page 5

shipped to his house."

     Meanwhile, back on Dragonfire, my teletrial was going strong.  The
charges, as pressed by Unknown Warrior, include "endangering all phreaks and
hacks."  The judge in this case is a hacker with the apt name of Ax Murderer.
Possible sentences range from exile from the entire planet" to "kill the
dude." King Blotto has taken up my defense, using hacker power to make his
first pleading: he dialed up Dragonfire, broke into its operating system
and "crashed" the bulletin board, destroying all of its messages naming me.
The board is back up now, with a retrial in full swing.  But then, exile
from the electronic underground looks better all the time.

 Please upload to MANY boards!

(Chuck: Whew!)
(Ed: My fingers cramped again!)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH