|
==Phrack Inc.== Volume Two, Issue 23, File 11 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXIII/Part 1 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Back To The Present ~~~~~~~~~~~~~~~~~~~ Welcome to Phrack World News Issue XXIII. This issue features stories on the Chaos Computer Club, more news about the infamous Kevin Mitnick, and details about an Australian-American hackers ring that has been shut down. I also wanted to add a big "thanks" to those of you who did send in news stories and information. Your help is greatly appreciated. :Knight Lightning _______________________________________________________________________________ Armed With A Keyboard And Considered Dangerous December 28, 1988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A follow-up story to the Kevin Mitnick case in the December 24, 1988 edition of the Los Angeles Times says the federal magistrate refused to release Mitnick on bail December 23, 1988; "after prosecutors revealed new evidence that Mitnick penetrated a National Security Agency computer and may have planted a false story on a financial news wire...." Investigators believe that Mitnick may have been the instigator of a false report released by a news service in April that Security Pacific National Bank lost $400 million in the first quarter of 1988. The report, which was released to the NY Stock Exchange and other wire services, was distributed four days after Mitnick had been turned down for a job at Security Pacific [after the bank learned he had lied on a job application about his past criminal record]. The false information could have caused huge losses for the bank had it reached investors, but the hoax was uncovered before that could happen. The prosecutor said Mitnick also penetrated a NSA computer and obtained telephone billing data for the agency and several of its employees. [In refusing bail, the magistrate said,] "I don't think there's any conditions the court could set up based upon which the court would be convinced that the defendant would be anything other than a danger to the community.... It sounds like the defendant could commit major crimes no matter where he is." Mitnick's attorney said prosecutors have no evidence for the new accusations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dark Side Hacker Seen As Electronic Terrorist January 8, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By John Johnson Los Angeles Times "Computer an 'Umbilical Cord to His Soul" When a friend turned him in and Mitnick asked why, the friend replied, "Because you're a menace to society." Mitnick is described as 25, an overweight, bespectacled computer junkie known as a "dark side" hacker for his willingness to use the computer as a weapon. His high school computer hobby turned into a lasting obsession. He allegedly used computers at schools and businesses to break into Defense Department computer systems, sabotage business computers, and electronically harass anyone -- including a probation officer and FBI agents -- who got in his way. He also learned how to disrupt telephone company operations and disconnected the phones of Hollywood celebrities such as Kristy McNichol, authorities said. So determined was Mitnick, according to friends, that when he suspected his home phone was being monitored, he carried his hand-held keyboard to a pay phone in front of a 7-Eleven store, where he hooked it up and continued to break into computers around the country. "He's an electronic terrorist, said [the friend who turned him in], "He can ruin someone's life just using his fingers." Over the last month, three federal court judges have refused at separate hearings to set bail for Mitnick, contending there would be no way to protect society from him if he were freed. Mitnick's lack of conscience, authorities say, makes him even more dangerous than hackers such as Robert Morris Jr., who is suspected of infecting computer systems around the country with a "virus" that interfered with their operations. Mitnick's family and attorney accuse federal prosecutors of blowing the case out of proportion, either out of fear or misunderstanding of the technology. The story details his "phone phreak" background, and his use of high school computers to gain access to school district files on remote computers, where he didn't alter grades, but "caused enough trouble" for administrators and teachers to watch him closely. He used the name "Condor," after a Robert Redford movie character who outwits the government. The final digits of his unlisted home phone were 007, reportedly billed to the name "James Bond." [He and a friend] broke into a North American Air Defense Command computer in Colorado Springs in 1979. [The friend] said they did not interfere with any defense operation. "We just got in, looked around, and got out." What made Mitnick "the best" said a fellow hacker and friend, was his ability to talk people into giving him privileged information. He would call an official with a company he wanted to penetrate and say he was in the maintenance department and needed a computer password. He was so convincing, they gave him the necessary names or numbers. He believed he was too clever to be caught. He had penetrated the DEC network in Massachusetts so effectively that he could read the personal electronic mail of security people working on the case of the mysterious hacker and discover just how close they were getting to him. But caught he was, again and again. Mitnick's motive for a decade of hacking? Not money, apparently... Friends said he did it all simply for the challenge. [His one-time probation officer says,] "He has a very vindictive streak. A whole bunch of people were harassed. They call me all the time." His mastery of the computer was his "source of self-esteem," said a friend. _______________________________________________________________________________ Computer Chaos Congress 88 Report January 3, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Observing Chaos Communication Congress 1988, Hamburg "From Threat To Alternative Networks" On 28-30 December, 1988, Computer Chaos Club (CCC) held its 5th annual "Chaos Communication Congress" at Hamburg/FRG (West Germany). As in previous years, 300 people (mainly aged 16-36, 90% male, with some visitors from Austria and The Netherlands) gathered, carefully observed from newsmedia (German stations, printmedia, press agencies, but also from UK's BBC, and being observed by Business Week's Katie Hafner, who gathered material for a book on hackers, planned by John Markoff and herself). In the chaotic (though creative) congress "organization," two different tracks were visible: -- Technical presentations on networks (UUCP, GEONET, FIDONet, and CCCs emerging "open networks" BTXnet and "Zerberus"), and on a PC-DES encryption developed by a leading CCC member (who had escaped the French police's arrest by travelling to SECURICOM by railway while police waited at the airport); -- Socio-political discussions about "sociology of hackers," "free flow of information" as well as reports about recent events, dominated by the arrest of Steffen Wernery in Paris in Spring 88 when being invited to speak on SECURICOM. CCC speakers reported about their work to install "free networks." In Germany, most of the networks are organized in the form of a "Verein" (an association with legal status, which guarantees tax-free operation): Such networks are access-restricted to their members. The different German science and University networks (and their bridges to international networks) usually restrict access to scientists. Different CCC subgroups are establishing "alternative networks," such as "EcoNet" for communication of ecological data and information, planned to be available, free of cost, to broader social, ecological, peace and political groups and individuals. Apart from traditional technologies (such as GEONET and FIDONet), the German Post Office's Bildschirmtext (Btx) will be used as a cheap communications medium; while CCCs first hack was, years ago, to attack the "insecure Btx-system" (in the so-called "HASPA coup" where they misused the Btx password of the Hamburg savings bank to repeatedly invoke CCC's Btx information at a total prize of 135.000 DM, then about 50.000$), they today begin to use this cheap though very limited medium while more powerful communications media are available. Today, the emerging ISDN technology is verbally attacked by hackers because of the excessive accumulation of personal data; from here, hacks may be attempted when ISDN becomes regionally available in 1989/90. Several speakers, educated Informaticians with grades from West German Informatics departments, professionally work in Software production and in selling hardware/software to economy and state agencies. Among them, several professional UNIX and UUCP users have begun to organize CCC's future UUCP version. Up to now, only few CCC members use (and know about) UNIX systems, but their number may grow within the near future according to CCC's "marketing." One speaker told the audience, "that you can remotely start programs in UUCP." After some learning phase, the broadened availability of UNIX in the hacker scene may produce new threats. The other track of the Congress discussed themes like "sociology of hackers" where a group of politology students from Berlin's Free University analyzed whether hackers belong to the "new social movements" (e.g. groups on peace, nuclear energy, feminist themes). They found that, apart from much public exaggeration (it is not true that hackers can invade *any* computer), hackers are rather "unpolitical" since they are preferably interested in technology. A major topic was "free access to/flow of information." Under the title "freedom of information act," speakers suggested a national legislation which guarantees individual and group rights to inspect files and registers of public interest; the discussion lacked sufficient basic knowledge, e.g. of the respective US legislation and corresponding international discussions in Legal Informatics. Summarizing the Congress and accompanying discussions, active CCC members try hard to demonstrate that they have *no criminal goals* and ambitions (they devoted a significant amount of energy to several press conferences, TV discussions etc). The conference was dominated by young computer professionals and students from the PC scene, partially with good technological knowledge of hardware, software and networks; while some people seem to have good technical insights in VAXsystems, knowledge of large systems seems to be minimal. To some extent, the young professionals wish to behave as the :good old-fashioned hackers": without criminal energy, doing interesting work of good professional quality in networks and other new areas. While former CCCongresses were devoted to threats like Viruses, *no explicit discussion* was devoted *to emerging threats*, e.g. in ISDN or the broadening use of UNIX, UUCP. The new track discussing political and social aspects of computing follows former discussions about "hacker ethics." Here, the superficial, unprofessional discussions of related themes show that the young (mainly) males are basically children of a "screen era" (TV, PCs) and of an education which concentrates on the visible "image," rather than understanding what is behind it. Special Thanks to Dr. Klaus Brunnstein, University of Hamburg - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Chaos Communication Congress 1988 in Hamburg ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Terra of The Chaos Computer Club One of the basic statements of the Chaos Computer Club from Hamburg, in the Federal Republic of Germany is the demand for "The new human right of free exchange of data between all beings, without censorship, for all beings, and for the moment at least world-wide." Other statements include "data free NOW!" and "Free flow of information." Indeed, these ideas are not new, not even in the computer community, but the important thing is that the CCC is now in the process of turning some of the old hacker dreams into reality. For example: they are now creating their own networks, that exchange not only 'club' information, but everything that interest those on the net. This includes genetical engineering and environmental issues. The Chaos Communication Congress that takes place every year in Hamburg is for many hackers even more of a dream. Imagine being a hacker in some lonesome outpost thinking you are the only one that is crazy enough to be smarter than technology, and finding out there is a whole bunch of people that are just as, or even more, crazy. This year is the fifth congress, and advertisement is not needed: The 'family' knows exactly, because it's all in the networks. The congress itself is split up over a number of rooms. There is a hack-room, where the real hacking takes place. There is also a press room, where hackers and journalists together try to bring the hacker message out to the rest of the world. The archive contains all of the 'Chaos papers,' all press clippings, interesting remarks and all issues of the "datenschleuder", the German Hacker Magazine. German 'data travelers' are also present. A 'data traveler' is someone that uses the international data network for gaining access to all sorts of computers all over the world. A famous story is that of a German hacker that tries to reach a friend and finds his phone busy. He then calls his local Datanet access number and goes through all of the computers that he knows his friend is interested in at that moment. His friend, hanging around in some computer in New York gets a message on his screen saying; "Ah here you are, I've been looking around everywhere." Back to this congress. On the first day the emphasis lies on the past. All things that have happened to the CCC in the past year are being discussed. The second day the emphasis lies on the future; and then ideas about the future of the information society is the subject of discussion. CCC says "Information society" is not equivalent to "Informed Society", and more attention should be paid to public use of computer technology. One of the main goals of the CCC is getting people to think about these issues; so that it is no longer just computer maniacs that decide over the faith of the world. "We don't know yet whether the computer is a gift or a timebomb, but it IS going to change everyone's life very soon." _______________________________________________________________________________