|
==Phrack Inc.== Volume Three, Issue 27, File 10 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXVII/Part 1 PWN PWN PWN PWN June 20, 1989 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Welcome to Issue XXVII of Phrack World News! This issue features articles on SouthernNet's hacker scam, the Florida probation sex incident, bulletin boards in Argentina, fax attacks, computer security, other hacking occurrences, as well as more articles and new information about Kevin David Mitnick (aka Condor), Robert Tappan Morris, Karl Koch (Hagbard Celine, one of Clifford Stoll's "Wily Hackers"), TRW and Social Security Administration, the National Crime Information (NCIC) "Super Database," and many other fun stories. Because of our temporary exile from Bitnet, this will be the last regular issue of Phrack World News until next Fall. Next issue expect to see the full write-up on the details and fun events of SummerCon '89. It is only two days away as of this writing (it kinda begins on Thursday evening for some of us) and it looks to be the best SummerCon ever! A very special thanks goes to Delta Master, Hatchet Molly, and The Mad Hacker who all assisted with this issue's PWN by submitting articles. Hatchet Molly will be serving as a collection agent for Phrack Inc. during the summer. Be sure to forward any news articles to him that seem relevant to PWN and he will get them to me (eventually). He can be reached on the wide area networks at; (Hatchet Molly) TK0GRM2@NIU.BITNET TK0GRM2%NIU.BITNET@CUNYVM.CUNY.EDU One other thing to mention here is a special hello to one of our government readers... Peter Edmond Yee of NASA's Ames Research Center. He had recently remarked that he "had access to Phrack!" I wonder if he thought that Phrack Inc. was top secret or hard to get? Still if he wanted it that badly, Taran King and I thought, "Why not make it easier on him and just send it to his network address?" We did :-))) :Knight Lightning "The Real Future Is Behind You... And It's Only The Beginning!" _______________________________________________________________________________ Mitnick Plea Bargain Rejected By Judge As Too Lenient April 25, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Excerpts from Kim Murphy (Los Angeles Times) "Mr. Mitnick, you have been engaging in this conduct for too long, and no one has actually punished you. This is the last time you are going to do this." Reportedly U.S. District Judge Mariana Pfaelzer unexpectedly rejected the plea bargain of Kevin Mitnick, the hacker once called "as dangerous with a keyboard as a bank robber with a gun." Pfaelzer declared that Mitnick deserves more time behind bars. As reported in recent issues of Phrack World News, "Mitnick pleaded guilty to one count of computer fraud and one count of possessing unauthorized long-distance telephone codes... Mitnick faces one year in prison. Under a plea agreement with the government, he must also submit to three years' supervision by probation officers after his release from prison." On April 24, 1989 Judge Pfaelzer said, "Mr. Mitnick, you have been engaging in this conduct for too long, and no one has actually punished you. This is the last time you are going to do this." She said a confidential pre-sentence report recommended that she exceed even the 18-month maximum prison term called for under mandatory new federal sentencing guidelines. The judge's action voids Mitnick's guilty plea. Both prosecuting and defense attorneys were surprised. Mitnick's attorney said he did not know whether his client would agree to a guilty plea carrying a longer prison term. This could make it harder to bring charges against Mitnick's alleged associates. If Mitnick is brought to trial, testimony from at least one of his associates would be required to convict him, and they would not appear as witnesses without receiving immunity from prosecution. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Hacker Working On Another Plea Bargain May 6, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Excerpts from the Los Angeles Herald Examiner Attorneys said yesterday they are negotiating a second plea bargain for computer hacker Kevin Mitnick, whose first offer to plead guilty was scuttled by a judge because it called for too little time in prison. Mitnick, 25, of Panorama City, California offered in March to serve one year in prison and to plead guilty to computer fraud and possessing unauthorized long-distance telephone codes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mitnick Update May 10, 1989 ~~~~~~~~~~~~~~ Excerpts taken from the Los Angeles Times When last we heard about Kevin Mitnick, the hacker once called "as dangerous with a keyboard as a bank robber with a gun," the judge, Judge Mariana Pfaelzer, had rejected a plea bargain as too lenient, saying Mitnick deserved more than the agreed one year of jail time [see above articles]. According to more recent information, Mitnick has now reached a new agreement, with no agreed-upon prison sentence. He pleaded guilty to stealing a DEC security program and illegal possession of 16 long-distance telephone codes belonging to MCI Telecommunications Corp. The two charges carry a maximum of 15 years and a $500,000 fine. The government agreed to lift telephone restrictions placed on Mitnick since he was jailed in December, 1988. At DEC's request, Mitnick will help the firm identify and fix holes in its security software to protect itself from other hackers. He will also cooperate in the government's probe of Leonard DiCicco, a fellow hacker. (DiCicco is the "friend" who turned Mitnick in.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Kenneth Siani Speaks Out About Kevin Mitnick May 23, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Kevin Mitnick, the hacker "so dangerous that he can't even be allowed to use a phone." "He could ruin your life with his keyboard." "Armed with a keyboard and considered dangerous." These are some of the things that have been said about this person. All of this media hype would be fine if it just sold newspapers. But it has done much more then just sell a few papers. It has influenced those that will ultimately decide his fate. I myself do not know the man, but I have talked to others that do. Including one of the persons that investigated Mitnick. From all I have heard about him, I think he is a slime ball! But even a slime ball should not be railroaded into a prison sentence that others of equal or greater guilt have avoided. I personally feel the man is just a criminal, like the guy that robs a 7/11, no better but certainly not any worse. Unfortunately he is thought of as some kind of a "SUPER HACKER." The head of Los Angeles Police Dept's Computer Crime Unit is quoted as saying, "Mitnick is several levels above what you would characterize as a computer hacker." No disrespect intended, but a statement like this from the head of a computer crime unit indicates his ignorance on the ability of hackers and phone phreaks. Sure he did things like access and perhaps even altered Police Department criminal records, credit records at TRW Corp, and Pacific Telephone, disconnecting phones of people he didn't like etc. But what is not understood by most people outside of the hack/phreak world is that these things are VERY EASY TO DO AND ARE DONE ALL THE TIME. In the hack/phreak community such manipulation of computer and phone systems is all to easy. I see nothing special about his ability to do this. The only thing special about Kevin Mitnick is that he is not a "novice" hacker like most of the thirteen year old kids that get busted for hacking/phreaking. It has been a number of years since an "advanced" hacker has been arrested. Not since the days of the Inner Circle gang have law enforcement authorities had to deal with a hacker working at this level of ability. As a general rule, advanced hackers do not get caught because of there activity but rather it is almost always others that turn them in. It is therefore easy to understand why his abilities are perceived as being extraordinary when in fact they are not. Because of all the media hype this case has received I'm afraid that: 1.) He will not be treated fairly. He will be judged as a much greater threat to society then others that have committed similar crimes. 2.) He will become some kind of folk hero. A Jesse James with a keyboard. This will only cause other to follow in his footsteps. I'm not defending him or the things he has done in any sense. All I'm saying is let's be fair. Judge the man by the facts, not the headlines. Disclaimer: The views expressed here are my own. Kenneth Siani, Sr. Security Specialist, Information Systems Div., NYMA Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you are looking for other articles about Kevin David Mitnick aka Condor please refer to; "Pacific Bell Means Business" (10/06/88) PWN XXI. . .Part 1 "Dangerous Hacker Is Captured" (No Date ) PWN XXII . .Part 1 "Ex-Computer Whiz Kid Held On New Fraud Counts" (12/16/88) PWN XXII . .Part 1 "Dangerous Keyboard Artist" (12/20/88) PWN XXII . .Part 1 "Armed With A Keyboard And Considered Dangerous"(12/28/88) PWN XXIII. .Part 1 "Dark Side Hacker Seen As Electronic Terrorist" (01/08/89) PWN XXIII. .Part 1 "Mitnick Plea Bargains" (03/16/89) PWN XXV. . .Part 1 _______________________________________________________________________________ Computer Intrusion Network in Detroit May 25, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from the San Jose Mercury News (Knight-Ridder News Service) DETROIT -- Secret Service agents smashed what they described as a costly, sophisticated computer intrusion network on Wednesday, May 24, and were surprised to discover it made up largely of teen-agers. The computer systems of more than 20 companies including the Michigan Department of Treasury, Home Box Office cable television services, [and RCA] were infiltrated, according to agents serving search warrants across the country. Federal officials said the infiltrations by the network represented fraud of $200,000 to $1.5 million in appropriated goods, telephone and computer time. Agents expected to arrest some adults when they swept down on eight people who allegedly ran the network in several states. Instead, they found only one adult, in Chicago. The rest were teen-agers as young as 14: Two in Columbus, Ohio; two in Boston, Massachusetts; two in Sterling Heights, Michigan [The Outsider and The Untouchable]; and one in Atlanta, Georgia. Agents expected to make another arrest in Los Angeles. Officials said at least 55 other people nationwide made use of the network's information. In Sterling Heights, Secret Service agents pulled two eighth-grader boys, both 14, out of school and questioned them in the presence of their parents, who apparently were unaware of their activities. James Huse, special agent in charge of the U.S. Secret Service office in Detroit, said the youths admitted involvement in the scheme. He said the eight-graders, because they are juveniles, cannot be charged under federal law and will be dealt with by local juvenile authorities. Authorities believe the mastermind is Lynn Doucett, 35, of Chicago. She was arrested Wednesday, May 24, and is cooperating with authorities, Huse said. Doucett, who was convicted in Canada of telecommunications fraud, supports herself and two children through her computer intrusion activities, which include using stolen or counterfeit credit cards for cash advances or money orders, according to an affidavit filed in U.S. District Court. If convicted, she faces up to 10 years in prison and a $250,000 fine. Special Thanks to Jedi For Additional Information _______________________________________________________________________________ HR 1504 -- Beeper Abuse Prevention Act May 22, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Pagers Don't Commit Crimes, Congressmen Do." The fools in congress assembled are at it again. Three years in jail for selling a pager to a minor? If you didn't believe when Abbie Hoffman said that the drug hysteria was just an excuse for more control of the citizens, think again. In USA Today was a "face-off" on the issues. According to this article, Representative Kweisi Mfume (D-Md) says the following: "The drug business is using the latest technology to promote its deadly trade. One such advance, the paging device, or beeper, is now appearing in classrooms and schoolyards. I have introduced the Beeper Abuse Prevention Act to curtail the use of beepers by young people who deal drugs. It would require the Federal Communications Commission to prescribe regulations that would restrict the possession and use of paging devices by persons under age 21. Law officers say dealers and suppliers send coded messages via beeper to youths in school. The codes translate into messages like "meet me at our regular place after class to pick up the drugs." Drug traffickers are even using 800 numbers now available with regional paging services. A supplier could actually conduct a transaction in Baltimore from Miami, for example. My bill, H.R. 1504, would require any person selling or renting paging devices to verify the identification and age of every customer; encourage parents and businesses to take more responsibility in their children's or employees' activities; make it unlawful for a person to knowingly and willfully rent, sell or use paging devices in violation of rules prescrived by the FCC (there are provisions for stiff fines and up to three-year prison terms for adults who illegally provide beepers to youths); and require parents or businesses who allow the use of beepers to state that intention with and affidavit at the time of purchase." He goes on to say that he recognizes that there are legitimate uses of beepers, but we can no longer stand by and watch drugs flow into our neighborhoods. The opposite side is taken by Lynn Scarlett, from Santa Monica, CA. She asks what beepers have to do with the drug trade, and regulating their use will not put a dent it it. She also says that there is little evidence that gun control keeps guns out of the hands of gangsters, and it will take a good dose of wizardry to keep beepers away from bad guys. She finishes with: "The logic of the Beeper Abuse Prevention Act opens the door for laws to make us sign promises that we won't, we swear, use these things for illicit acts when we buy them. De Tocqueville, that eminent observer of our nation, warned that our loss of freedom would sneak in through passage of quiet, seemingly innocuous and well-intended laws -- laws like H.R. 1504. _______________________________________________________________________________ Computer Threat Research Association (UK) March 31, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For those of you interested an umbrella organization has been established in the United Kingdom to coordinate information on, and research into, all aspects of computer security. In the first instance one of the organization's primary concerns will be combatting the threat posed by computer viruses by acting as a clearing house for virus information and control software. Below is a copy of an initial letter mailed to prospective members: The Computer Threat Research Association The computer threat research association, CoTra is a non-profit making organization that exists to research, analyze, publicize and find solutions for threats to the integrity and reliability of computer systems. The issue that caused the formation of CoTra was the rise of the computer virus. This problem has since become surrounded by fear, uncertainty and doubt. To the average user, the computer virus and its implications are a worry of an unknown scale. To a few unfortunates whose systems have become victims, it is a critical issue. The key advantage of CoTra membership will be access to advice and information. Advice will be provided through publications, an electronic conference (a closed conference for CoTra's members has been created on the Compulink CIX system) as well as other channels such as general postings direct to members when a new virus is discovered. CoTra membership will be available on a student, full or corporate member basis. All software that is held by CoTra that enhances system reliability, such as virus detection and removal software, will be available to all members. It is intended to establish discounts with suppliers of reliability tools and services. A library of virus sources and executables and other dangerous research material will be made available to members who have a demonstrable need. A register of consultants who have specific skills in the systems reliability field will be published by CoTra and reviews of reliability enhancing software will be produced. Your support of CoTra will ensure that you have the earliest and most accurate information about potential threats to your computer systems. CoTra, The Computer Threat Research Association, c/o 144 Sheerstock, Haddenham, Bucks. HP17 8EX _______________________________________________________________________________ Strange Customs Service Clock Department May 1, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Written by Vanessa Jo Grimm (Goverment Computer News)(Page 6) The U.S. attorney for Washington is reviewing an allegation that a Customs Service official violated the Computer Security Act [PL 100-235 presumably] by altering a computer's internal clock. Treasury Department Inspector General Michael R. Hill referred the allegation to the prosecutor after an investigation into year-end spending by Custom officials at the close of Fiscal Year 1988. The allegation involves an official who may have authorized altering the date maintained by the computers that the agency uses for procurement documents, according to Maurice S. Moody, the Inspector General's audit director for Financial Management Service. Moody recently told the House Ways and Means Subcommittee on Oversight the computers are part of the agency's Automated Commercial System. He declined to provide Government Computer News with more details. Allegedly the computer clock was rolled back during the first three days of October of 1988 so that $41.8 million in procurement obligations would be dated in September against fiscal year 1988 appropriations, Moody said. An inspector general report issued in late February concluded Customs had not violated any procurement laws. The inspector general's investigation is continuing, however. "Doesn't $41.8 million worth of procurement on the last day of the fiscal year bother anybody?" asked Rep. Richard T. Shulze (R-Pa). The purchases did bother the inspector general, Moody said, and this concern led to getting the United State attorney attorney. "This problem is endemic in the federal government," he said. "Year-end spending is very common." William F. Riley, Customs controller, said he knew about the rollback, but he and Deputy Commissioner Michael H. Lane refused to say who authorized the action... Subcommittee members continued to press Riley and Lane. "Is the person still at Customs?" asked subcommittee chairman J. J. Pickle (D-Texas). He is working full time and in the position he was at the time," Lane answered. Rep. Beryl F. Anthony, Jr. (D-Ark) asked how Riley became aware of the rollback. "He (the official who authorized the rollback) told me that it was going to be done," Riley said. Rep. Pickle suggested that a high ranking official would have to authorize such an action, but Counsel advised Lane not to reply. He did say neither he nor Commissioner von Raab had made the decision. The balance of the article deals with the actions of Linda Gibbs, who became aware of the incident and reported it to the inspector general after being unable to stop the action. Gibbs also alleged that the action was intended to use available year-end money to cover cost overrun on a contract with Northrop Corp. She also alleged that she had been reassigned and given no new duties. _______________________________________________________________________________