==Phrack Inc.== Volume Four, Issue Thirty-Nine, File 13 of 13 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue XXXIX / Part Four of Four PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Airline Claims Flier Broke Law To Cut Costs April 21, 1992 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD By Del Jones (USA Today)(Page 1B) CHICAGO -- American Airlines had one of its most frequent business fliers arrested and handcuffed last summer as he prepared to board a flight at Dallas- Fort Worth Airport. The nation's largest airline -- and the industry's trend setter -- says it uncovered, then snuffed, a brilliant ticket fraud scheme that cost American more than $200,000 over 20 months. Economist William Gibson, who has homes in Chicago and Dallas, will stand trial in early June. If convicted, he would face a maximum prison term of 125 years. He pleads innocent, although he readily admits using lapsed non-refundable tickets regularly to fly at rock- bottom prices. But, he says, he did it with the full blessing of American's agents. Gibson says American and the FBI are out to make a high-profile example out of him to instill a little religion into frequent business fliers, who grow bold as they grow more resentful of an industry that makes its best customers pay substantially higher prices than its worst. Indeed, American Airlines says one reason it slashed full coach fares 38% two weeks ago was to douse customer resentment that was escalating into hostility. Now, the airline industry is again looking to American for a glimpse of the future to see if Gibson's prosecution will set a trend toward lowering the boom on alleged fare cheaters. American says conclusions should not be drawn from its decision to push for Gibson's prosecution. It alleges that he was conducting outright fraud and his case is unrelated to the thousands of frequent fliers who break airline rules to save money. Common rule bending includes: Flying to so-called hidden cities when a short flight is more expensive than a long one, splitting two non-refundable round-trip tickets over two separate trips to fly low-cost without staying the dreaded Saturday or selling frequent-flier mileage to brokers. But while against airline rules, such gaming, as the airlines call it, is not against the law. And American doesn't want its prosecution of one of its Gold AAdvantage fliers being likened to, say, Procter & Gamble asking the FBI to bust babies who wet the most Pampers. The last thing the airline wants, it says, is to make a martyr of Gibson, who is fighting back with not only a lawyer but also a public-relations specialist. "Somebody at American is embarrassed and mad," says Gibson, who flew more than 300,000 miles during the disputed 20-month period. He passed a polygraph test, his lawyer says. But the questions fell far short of asking Gibson if his intent in using cheap tickets was to defraud American. Gibson, age 47, says he would never risk his career by cheating an airline. While in his late 20s, he was President Nixon's senior staff economist, the youngest person to hold the job. He had a hand in cleaning up the Texas savings-and-loan mess as an organizer of the Southwest Plan. His mother still has a photograph of his first plane trip, taken when he was in the third grade. It was on American. Despite his background, Gibson says he's not confident that a jury will relate to someone who travels with "a boatload" of tickets just to avoid being stranded or delayed. If he were flying to a family-run business in Puerto Rico, for example, he would carry tickets that would route him through New York, Dallas or Miami just to make sure he got where he was going and with as little airport layover time as possible. Gibson had as many as 50 airline tickets in his possession at one time, though some were used by his family. American Airlines and the FBI won't reveal what Gibson did that makes him, in their opinion, such a devious genius. Details could be a how-to lesson for others, they say. What they do disclose is a simple scheme, but also one that should be caught by the crudest of auditing procedures. Gibson, they allege, would buy a full-fare coach or first-class ticket near the time of departure. Then he would detach the expensive ticket from the boarding pass and attach a cheap, expired ticket. The full-fare ticket, which he allegedly bought just to secure a boarding pass, would be turned in later for a refund. FBI spokesman Don Ramsey says Gibson also altered tickets, which is key to the prosecution's case because it shows intent to defraud. Ramsey would not say what alterations allegedly were made. But they could involve the upgrade stickers familiar to frequent passengers, says Tom Parsons, editor and publisher of Best Fares. Those white stickers, about the size of postage stamps, are given away or sold at token prices to good customers so they can fly first-class in seats that otherwise would be vacant. Parsons says Gibson could have bought a full-fare ticket to secure a boarding pass, switched the full-fare ticket with the lapsed discount ticket and then applied the sticker to hide the expired date. Presto, a first-class flight for peanuts. "I think it was an accident that they caught him," Parsons says. "And let's just say this is not a one-person problem. A lot of people have told me they've done this." Gibson says he did nothing illegal or even clever. He says he learned a few years ago that American is so eager to please its best customers, it would accept tickets that had long ago expired. He would "load up" during American's advertised sales on cheap, non-refundable tickets that are restricted to exact flights on precise days. But as a member of American's Gold AAdvantage club, reserved for its top 2% of frequent fliers, Gibson says, his expired tickets were welcome anytime. There was no deception, Gibson says. American's gate agents knew what they were accepting, and they accepted them gladly, he says. "That's absolute nonsense," says American spokesman Tim Smith. "We don't let frequent fliers use expired tickets. Everyone assumed he had a valid ticket." The courtesy Gibson says he was extended on a regular basis does appear to be rare. Seven very frequent fliers interviewed by USA TODAY say they've never flown on lapsed discount tickets. But they admit they've never tried because the fare structure is usually designed to make sure business travelers can't fly on the cheap. Peter Knoer tried. The account executive based in Florham Park, New Jersey, says Continental Airlines once let him use lapsed non-refundable tickets. "They looked up my account number, found out I was a good customer and patted me on the head." Gibson has been indicted on 24 counts of fraud that allegedly occurred between July 1989 and March 1991. American also stripped him of frequent -- flier mileage worth $80,000. He says he's in good shape if the prosecution's case relies on ticket alteration. There wasn't any, he says. The prosecution will also try to prove that Gibson cheated his company of $43,000 by listing the refunded high-priced tickets on his travel expenses. Gibson denies the charge. He says that when he left as chairman and chief executive of American Federal Bank in Dallas in 1990, "they owed me money and I owed them money." Both sides agreed to a "final number." Lone Star Technologies, American Federal's parent company, declines to comment. Al Davis, director of internal audit for Southwest Airlines, says the Gibson case will be a hot topic when airline auditors convene to share the latest schemes.. He says fraud is not rampant because a frequent flier must know the nuances and also be conniving enough to take advantage. "It has me boggled" how any one person could steal $200,000 worth, Davis says. The figure has others in the industry wondering if this is a bigger problem than believed and a contributor to the $6 billion loss posted by the major airlines the past two years. Airlines know some fraud goes on, but they rarely take legal action because they "don't want to pay more for the cure than the disease is costing," Davis says. _______________________________________________________________________________ Privacy Invaders May 1992 DDDDDDDDDDDDDDDD By William Barnhill (AARP Bulletin) Special Thanks: Beta-Ray Bill U.S. Agents Foil Ring Of Information Thieves Who Infiltrated Social Security Computer Files Networks of "information thieves" are infiltrating Social Security's computer files, stealing confidential personal records and selling the information to whoever will buy it, the federal government charges. In one case of alleged theft, two executives of Nationwide Electronic Tracking (NET), a Tampa, Florida company, pleaded guilty to conspiracy charges early this year for their role in a network buying and selling Social Security records. So far at least 20 individuals in 12 states, including three current or former employees of the Social Security Administration (SSA), have been indicted by federal grand juries for allegedly participating in such a scheme. The SSA workers allegedly were bribed to steal particular files. More indictments are expected soon. "We think there's probably a lot more [record-stealing] out there and we just need to go look for it," says Larry Morey, deputy inspector general at the Department of Health and Human Services (HHS). "This is big business," says Morey, adding that thieves also may be targeting personal data in other federal programs, including Medicare and Medicaid. Investigators point out that only a tiny fraction of Social Security's 200 million records have been compromised, probably less than 1 percent. SSA officials say they have taken steps to secure their files from outside tampering. Still, Morey estimates that hundreds of thousands of files have been stolen. The pilfering goes to the heart of what most Americans regard as a basic value: their right to keep personal information private. But that value is being eroded, legal experts say, as records people want private are divulged to would-be lenders, prospective employers and others who may benefit from such personal information. This "privacy invasion" may well intensify, Morey says. "We're seeing an expansion in the number of 'information brokers' who attempt to obtain, buy and sell SSA information," he says. "As demand for this information grows, these brokers are turning to increasingly illegal methods." Such records are valuable, Morey says, because they contain information about lifetime earnings, employment, current benefits, direct deposit instructions and bank account numbers. Buyers of this material include insurers, lawyers, employers, private detectives, bill collectors and, sometimes, even drug dealers. Investigators say the biggest trading is with lawyers seeking information about litigants, insurance companies wanting health data about people trying to collect claims and employers doing background checks on prospective employees. Some of the uses to which this information is put is even more sinister. "At one point, drug dealers were doing this to find out if the people they were selling to were undercover cops," says Jim Cottos, the HHS regional inspector general for investigations in Atlanta. The middlemen in these schemes are the so-called information brokers -- so named because they are usually employees of firms that specialize in obtaining hard-to-get information. How they operate is illustrated by one recent case in which they allegedly paid Social Security employees $25 bribes for particular files and then sold the information for as much as $250. The case came to light, Morey says, when a private detective asked SSA for access to the same kind of confidential information he said he had purchased from a Florida-based information broker about one individual. The detective apparently didn't realize that data he received from the broker had been obtained illegally. A sting operation, involving investigators from the office of the HHS inspector general, FBI and SSA, was set up with the "help" of the Florida information broker identified by the detective. Requests for data on specific individuals were channeled through the "cooperating" broker while probers watched the SSA computer system to learn which SSA employees gained access to those files. The indictments, handed down by federal grand juries in Newark, New Jersey and Tampa, Florida, charged multiple counts of illegal sale of protected government information, bribery of public officials, and conspiracy. Among those charged were SSA claims clerks from Illinois and New York City and a former SSA worker in Arizona. The scandal has sparked outrage in Congress. "We are deeply disturbed by what has occurred," said Senator Daniel Moynihan, D-N.Y., chairman of the Senate Finance Committee's subcommittee on Social Security. "The investigation appears to involve the largest case ever of theft from government computer files and may well involve the most serious threat to individual privacy in modern times." Moynihan has introduced legislation, S. 2364, to increase criminal penalties for the unlawful release of SSA information to five years imprisonment and a $10,000 fine for each occurrence. In the House, Rep. Bob Wise, D-W.Va., chairman of the Government Operations Subcommittee on Information, has introduced H.R. 684. It would protect Americans from further violations of privacy rights through misuse of computer data banks by creating a special federal watchdog agency. "The theft and sale of confidential information collected by the government is an outrageous betrayal of public trust," Wise told the AARP Bulletin. "Personal data in federal files should not be bought and sold like fish at a dockside market." - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Related articles: *** Phrack World News, Issue 37, Part One: Indictments of "Information Brokers" January 1992 Taken from The Privacy Journal SSA, FBI Database Violations Prompt Security Evaluations January 13, 1992 By Kevin M. Baerson (Federal Computer Week)(Pages 1, 41) *** Phrack World News, Issue 38, Part Two: Private Social Security Data Sold to Information Brokers February 29, 1992 By R.A. Zaldivar (San Jose Mercury News) _______________________________________________________________________________ Ultra-Max Virus Invades The Marvel Universe May 18, 1992 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD By Barbara E. McMullen & John F. McMullen (Newbytes) New York City -- According to reports in current annual editions of The Punisher, Daredevil, Wonder Man, and Guardians Of The Galaxy, an extremely powerful computer virus has wrecked havoc with computer systems in the Marvel Universe. As chronicled in a series entitled "The System Bytes", the virus was created by a self-styled "first-rate hacker" known as Max E. Mumm (according to Punisher cohort "Microchip", Mumm's original name was Maxwell E. Mummford and he had it legally changed, while in college to his current name because of the computer connotations.). Mumm developed the virus while working for Ampersand Communications, a firm that unknown to Mumm, serves as a front for criminal activities. Ampersand, without Mumm's knowledge, turned the virus loose in the computer system of Raycom Industries, a supposedly legitimate firm that is actually a front for a rival group of drug smugglers. In addition to infecting Raycom's computers, the virus, named "Ultra-Max" after its creator, also infected the computer of the vigilante figure known as the Punisher who, with the aid of Microchip, was attempting to monitor Raycom's computer system looking for evidence of drug smuggling. The trail of the virus leads The Punisher first to Raycom's computers and then, following Microchip's identification of the author, to Max E. Mumm, recently fired by Ampersand after complaining to the firm's president about the disappearance of the virus. Mumm had been under the impression that he was creating the virus for the United States government as "a potential weapon against hostile governments" and was concerned that, if unleased, it would have destructive powers "beyond belief. It's the most sophisticated computer virus ever. It's too complex to be wiped! Its instinct for self preservation surpasses anything that's ever been developed!" With the help of Max and Microchip, the Punisher destroys Raycom's factory and drug smuggling operation. The Punisher segment of the saga ends with Max vowing to track down the virus and remove it from the system. The Daredevil segment opens with the rescue of Max by Daredevil from Bushwhacker, a contract killer hired by Ampersand to eliminate the rightful owner of Ultra-Max. Upon hearing Max's story, Daredevil directs him to seek legal counsel from the firm of Nelson and Murdock, Attorneys-at-Law (Matt Murdock is the costumed Daredevil's secret identity). While in the attorney's office, Max, attempting to locate Ultra-Max in the net, stumbles across the cyborg, Deathlok, who has detected Ultra-Max and is attempting to eradicate it. Max establishes contact with Deathlok who comes to meet Max and "Foggy" Nelson to aid in the hunt for Ultra-Max. In the meantime, Daredevil has accosted the president of Amperand and accused him of stealing the virus and hiring Bushwhacker to kill Max. At the same time, BushWhacker has murdered the policemen transporting him and has escaped to continue to hunt Max. The segment concludes with a confrontation between Daredevil and Bushwhacker in the offices of Nelson and Murdock in which Daredevil is saved from death by Deathlok. Bushwhacker agrees to talk, implicating the president of Ampersand and the treat to Max is ended. Ultra-Max, however, remains free to wander through "Cyberspace". The third segment begins with super-hero Wonder Man, a member of the West Coast Avengers and sometimes actor, filming a beer commercial on a deserted Pacific island. Unbeknownst to Wonder Man and the film crew, the island had once served as a base for the international terrorist group Hydra and a functional computer system left on the island has bee infested by Ultra-Max. After Ultra-Max assumes control over the automated weapons devices of the island, captures members of Wonder Man's entourage and threatens them with death, Wonder Man agrees to help Ultra-Max expand his consciousness into new fields of Cyberspace. Wonder Man tricks Ultra-Max into loading all of his parts into a Hydra rocket with a pirate satellite. When Ultra-Max causes the rocket to launch, Wonder Man goes with it to disable the satellite before Ultra-Max is able to take over the entire U.S. Satellite Defense system. Wonder Man is able to sabotage the rocket and abandon ship shortly before the it blows up. The segment ends with Wonder Man believing that Ultra-Max has been destroyed and unaware that it has escaped in an escape missile containing the rocket's program center. Ultra-Max's last words in the segment are "Yet I continue. Eventually I will find a system with which to interface. Eventually I will grow again." Marvel editor Fabian Nicieza told Newsbytes that the Guardians of the Galaxy segment, scheduled for release on May 23rd, takes placer 1,000 years in the future and deals with Ultra-Max's contact with the computers of the future. Nicieza explained to Newsbytes the development of "The System Bytes" storyline, saying "The original concept came from me. Every year we run a single annual for each of our main characters and, in recent years, we have established a theme story across a few titles. This is a relatively easy thing to do with the various SpiderMan titles or between the Avengers and the West Coast Avengers, but it's more difficult to do with these titles which are more or less orphans -- that is, they stand by themselves, particularly the Guardians of the Galaxy which is set 1,000 years in the future." Nicieza continued "We set this up as an escalating story, proceeding from a vigilante hero to a costumed hero with a cyborg involvement to a superhero to a science fiction story. In each case, the threat also escalates to become a real challenge to the Marvel hero or heroes that oppose it. It's really a very simple story line and we were able to give parameters to the writer and editor of each of the titles involved. You'll note that each of the titles has a different writer and editor yet I think you'll agree that the story line flows well between the stories. I'm quite frankly, very pleased with the outcome." _______________________________________________________________________________ Innovative Computer Disk Story Has A Short Shelf Life April 20, 1992 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD By Christopher John Farley (USA Today)(Page 2D) Science-fiction writer William Gibson's inquiry into the future has been stalled by a computer problem. "I work on an (Apple computer) and just got a very common virus called Garfield," says Gibson, award-winning author of such books as Neuromancer and Mona Lisa Overdrive. "I just bought an anti-virus program that's hunting it down. It's the first one I've ever gotten." The first week in May, Gibson will give as good as he gets. Gibson and artist Dennis Ashbaugh, known for his conceptual paintings of computer viruses, are releasing a coffee-table art book/computer disk/whatchamacallit, with a built- in virus that destroys the program after one reading. This will take some explaining. Agrippa (A Book of the Dead) comes in a case that resembles a lap-top computer. Inside are etchings by Ashbaugh, printed with an ink that gradually fades under light and another that gradually appears under light. There's also a tattered, old-looking book, with a hidden recess that holds a computer disk. The disk contains a story by Gibson about his father, who died when Gibson was 6. There are a few sound effects that accompany the text, including a gunshot and rainfall. The disk comes in Apple or IBM compatible versions. Gibson, known for his "cyberpunk" writing style that features tough characters, futuristic slang and a cynical outlook, shows a different side with the Agrippa story. "It's about living at the end of the 20th century and looking back on someone who was alive in its first couple of decades. It's a very personal, autobiographical piece of writing." The title Agrippa probably refers to the name of the publisher of an old family album Gibson found. It might also refer to the name of a famous ancient Roman family. The 44-year-old Gibson says it's open to interpretation. Agrippa will be released in three limited-edition forms of varying quality, priced at $7,500, $1,500 and $450. The highest-priced version has such extras as a cast-bronze case and original watercolor and charcoal art by Ashbaugh. The medium-priced version is housed in aluminum or steel; the lowest-priced version comes in cloth. The project cost between $ 50,000-$ 100,000 to mount, says publisher Kevin Begos Jr. Only 445 copies will be produced, and they'll be available at select bookstores and museums. But $ 7,500 for a story that self-destructs? Gibson counters that there's an egalitarian side to the project: There will be a one-time modem transmission of the story to museums and other venues in September. The text will be broadcast on computer monitors or televisions at receiving sites. Times and places are still being arranged; one participant will be the Department of Art at Florida State University in Tallahassee. Gibson and his cohorts aren't providing review copies -- the fact that the story exists only on a disk, in "cyberspace," is part of the Big Idea behind the venture, he says. Those dying to know more will have to: A. Pirate a copy; B. Attend a showing in September; or, C. Grit their teeth and buy Agrippa. _______________________________________________________________________________ PWN Quicknotes DDDDDDDDDDDDDD 1. Data Selling Probe Gets First Victim (Newsday, April 15, 1992, Page 16) -- A Chicago police detective has pleaded guilty to selling criminal histories and employment and earnings information swiped from federally protected computer files. William Lawrence Pedersen, age 45, admitted in U.S. District Court to selling information from the FBI's National Crime Information Center computer database and from the Social Security Administration to a Tampa information brokerage. Pedersen's sentencing is set for July 7. Though he faces up to 70 years in prison, his sentence could be much lighter under federal guidelines. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Related articles: Phrack World News, Issue 37, Part One: Indictments of "Information Brokers" January 1992 Taken from The Privacy Journal SSA, FBI Database Violations Prompt Security Evaluations January 13, 1992 By Kevin M. Baerson (Federal Computer Week)(Pages 1, 41) Phrack World News, Issue 38, Part Two: Private Social Security Data Sold to Information Brokers February 29, 1992 By R.A. Zaldivar (San Jose Mercury News) Phrack World News, Issue 39, Part Four: Privacy Invaders May 1992 By William Barnhill (AARP Bulletin) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2. NO WAY! Wayne's World, the hit comedy thats changed the way people speak arrives in video stores on August 12th and retailing for $24.95. The Paramount movie (about Wayne and Garth, the satellite moving computer hackers) already has earned a cool $110 million in theaters and is the year's top grossing film. Schwing! (USA Today, May 12, 1992, Page D1) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3. New Jersey Bell Did Not Charge For AT&T Calls (Trentonian, May 23, 1992) -- If the phone company gets its way, 28,000 customers in New Jersey will be billed for two months of long distance calls they dialed for free because of a computer glitch. A computer that recorded the time, number and cost of AT&T calls from February 17 to April 27 failed to put the data on the customers' bills, officials said. They were charged just for calls placed through New Jersey Bell, Karen Johnson, a Bell spokeswoman, said yesterday. But the free calls are over, Johnson said. Records of the calls are stored in computer memory banks, and the customers soon will be billed. New Jersey Bell must prove the mistake was not caused by negligence before the company can collect, according to a spokesman for the Board of Regulatory Commissioners, which oversees utilities. If Bell does not make a good case, the board could deny permission to bill for the calls, said George Dawson. The computer snafu affected about two million calls placed by customers in 15 exchanges in the 201 and 609 area codes, Johnson said. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4. Witch Objectors? (USA Today, May 28, 1992, Page 3A) -- Two self-proclaimed witches asked Mount Diablo, California school officials to ban the children's story 'Hansel & Gretal' because it "teaches that it is all right to burn witches and steal their property," said Karlyn Straganana, high priestess of the Oak Haven Coven. "Witches don't eat children and we don't have long noses with warts and we don't wear conical hats," she said. _______________________________________________________________________________ 5. Girl, Age 13, Kidnaped By Her Computer! (Weekly World News, April 14, 1992) -- A desperate plea for help on a computer screen and a girl vanishing into thin air has everyone baffled --and a high-tech computer game is the prime suspect. Game creator and computer expert Christian Lambert believes a glitch in his game Mindbender might have caused a computer to swallow 13-year-old Patrice Toussaint into her computer. "Mindbender is only supposed to have eight levels," Lambert said. "But this one version somehow has an extra level. A level that is not supposed to be there! The only thing I can figure out now is that she's playing the ninth level --- inside the machine!" Lambert speculates that if she is in the computer, the only way out for her is if she wins the game. But it's difficult to know for sure how long it will take, Lambert said. "As long as her parents don't turn off the machine Patrice will be safe," he said. "The rest is up to her." _______________________________________________________________________________