==Phrack Inc.== Volume Three, Issue Thirty-Three, File 13 of 13 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue XXXIII / Part Three PWN PWN PWN PWN Compiled by Dispater PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Pentagon Welcomes Hackers! September 9, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~ >From USA Today The FBI is investigating an Israeli teen's claim that he broke into a Pentagon computer during the gulf war. An Israeli newspaper Sunday identified the hacker as Deri Shraibman, 18. He was arrested in Jerusalem Friday but released without being charged. Yedhiot Ahronot said Shraibman read secret information on the Patriot missle -- used for the first time in the war to destroy Iraq's Scud missles in midflight. "Nowhere did it say 'no entry allowed'," Shraibman was quoted as telli police. "It just said 'Welcome.'" The Pentagon's response: It takes "computer security very seriously," spokesman Air Force Capt. Sam Grizzle said Sunday. Analysts say it isn't the first time military computers have been entered. "No system of safeguards exists ... that is 100% secure," says Alan Sabrosky, professor at Rhodes College in Memphis. _______________________________________________________________________________ Telesphere Sued By Creditors; Forced Into Bankruptcy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Compiled from Telecom Digest (comp.dcom.telecom) On Monday, August 19, Telesphere Communications, Inc. was sued by a group of ten creditors who claim the company best known for its 900 service isn't paying its bills. The group of creditors, all information providers using 900 lines provided through Telesphere claim they are owed two million dollars in total for services rendered through their party lines, sports reports, horoscopes, sexual conversation lines and other services. They claim Telesphere has not paid them their commissions due for several months. The group of creditors filed in U.S. Bankruptcy Court in Maryland asking that an Involuntary Chapter 7 bankruptcy (meaning, liquidation of the company and distribution of all assets to creditors) be started against Telesphere. The company said it will fight the effort by creditors to force it into bankruptcy. A spokesperson also said the company has already settled with more than 50 percent of its information providers who are owed money. Telesphere admitted it had a serious cash flow problem, but said this was due to the large number of uncollectible bills the local telephone companies are charging back to them. When end-users of 900 services do not pay the local telco, the telco in turn does not pay the 900 carrier -- in this case Telesphere -- and the information provider is charged for the call from a reserve each is required to maintain. But the information providers dispute the extent of the uncollectible charges. They claim Telesphere has never adequately documented the charges placed against them (the information providers) month after month. In at least one instance, an information provider filed suit against an end-user for non-payment only to find out through deposition that the user HAD paid his local telco, and the local telco HAD in turn paid Telesphere. The information providers allege in their action against the company that Telesphere was in fact paid for many items charged to them as uncollectible, "and apparently are using the money to finance other aspects of their operation at the expense of one segment of their creditors; namely the information providers..." Telesphere denied these allegations. Formerly based here in the Chicago area (in Oak Brook, IL), Telesphere is now based in Rockville, MD. ______________________________________________________________________________ Theft of Telephone Service From Corporations Is Surging August 28, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Edmund L. Andrews (New York Times) "It is by far the largest segment of communications fraud," said Rami Abuhamdeh, an independent consultant and until recently executive director of the Communications Fraud Control Association in McLean, Va. "You have all this equipment just waiting to answer your calls, and it is being run by people who are not in the business of securing telecommunications." Mitsubishi International Corp. reported losing $430,000 last summer, mostly from calls to Egypt and Pakistan. Procter & Gamble Co. lost $300,000 in l988. The New York City Human Resources Administration lost $529,000 in l987. And the Secret Service, which investigates such telephone crime, says it is now receiving three to four formal complaints every week, and is adding more telephone specialists. In its only ruling on the issue thus far, the Federal Communications Commission decided in May that the long-distance carrier was entitled to collect the bill for illegal calls from the company that was victimized. In the closely watched Mitsubishi case filed in June, the company sued AT&T for $10 million in the U.S. District Court in Manhattan, arguing that not only had it made the equipment through which outsiders entered Mitsubishi's phone system, but that AT&T, the maker of the switching equipment, had also been paid to maintain the equipment. For smaller companies, with fewer resources than Mitsubishi, the problems can be financially overwhelming. For example, WRL Group, a small software development company in Arlington, Va., found itself charged for 5,470 calls it did not make this spring after it installed a toll-free 800 telephone number and a voice mail recording system machine to receive incoming calls. Within three weeks, the intruders had run up a bill of $106,776 to US Sprint, a United Telecommunications unit. In the past, long-distance carriers bore most of the cost, since the thefts were attributed to weaknesses in their networks. But now, the phone companies are arguing that the customers should be liable for the cost of the calls, because they failed to take proper security precautions on their equipment. Consumertronics, a mail order company in Alamogordo, N.M., sells brochures for $29 that describe the general principles of voice mail hacking and the particular weaknesses of different models. Included in the brochure is a list of 800 numbers along with the kind of voice mail systems to which they are connected. "It's for educational purposes," said the company's owner, John Williams, adding that he accepts Mastercard and Visa. Similar insights can be obtained from "2600 Magazine", a quarterly publication devoted to telephone hacking that is published in Middle Island, N.Y. ______________________________________________________________________________ Proctor & Gamble August 22, 1991 ~~~~~~~~~~~~~~~~ Compiled from Telecom Digest On 8-12-91, the "Wall Street Journal" published a front page story on an investigation by Cincinnati police of phone records following a request by Procter & Gamble Co. to determine who might have furnished inside information to the "Wall Street Journal". The information, ostensibly published between March 1st and June 10th, 1991, prompted P&G to seek action under Ohio's Trade Secrets Law. In respect to a possible violation of this law, a Grand Jury issued a subpoena for records of certain phone calls placed to the Pittsburgh offices of the "Wall Street Journal" from the Cincinnati area, and to the residence of a "Wall Street Journal" reporter. By way of context, the Pittsburgh offices of the "Wall Street Journal" allegedly were of interest in that Journal reporter Alecia Swasy was principally responsible for covering Procter & Gamble, and worked out of the Pittsburgh office. On 8-13-91, CompuServe subscriber Ryck Bird Lent related the Journal story to other members of CompuServe's TELECOM.ISSUES SIG. He issued the following query: "Presumably, the records only show that calls were placed between two numbers, there's no content available for inspection. But what if CB had voice mail services? And what if the phone number investigations lead to online service gateways (MCI MAil, CIS), are those also subject to subpoena?" At the time of Mr. Lent's post, it was known that the "Wall Street Journal" had alleged a large amount of phone company records had been provided by Cincinnati Bell to local police. An exact figure did not appear in Lent's comments. Thus, I can't be certain if the Journal published any such specific data on 8-12-91 until I see the article in question. On 8-14-91, the Journal published further details on the police investigation into possible violation of the Ohio Trade Secrets Law. The Journal then asserted that a Grand Jury subpoena was issued and used by the Cincinnati Police to order Cincinnati Bell to turn over phone records spanning a 15-week period of time, covering 40 million calls placed from the 655 and 257 prefixes in the 513 area code. The subpoena was issued, according to the "Wall Street Journal", only four working days after a June 10th, 1991 article on problems in P&G's food and beverage markets. Wednesday [8-14-91], the Associated Press reported that P&G expected no charges to be filed under the police investigation into possible violations of the Ohio Trade Secrets Law. P&G spokesperson Terry Loftus was quoted to say: "It did not produce any results and is in fact winding down". Lotus went on to explain that the company happened to "conduct an internal investigation which turned up nothing. That was our first step. After we completed that internal investigation, we decided to turn it over to the Cincinnati Police Department". Attempts to contact Gary Armstrong, the principal police officer in charge of the P&G investigation, by the Associated Press prior to 8-14-91 were unsuccessful. No one else in the Cincinnati Police Department would provide comment to AP. On 8-15-91, the Associated Press provided a summary of what appeared in the 8-14-91 edition of the "Wall Street Journal" on the P&G investigation. In addition to AP's summary of the 8-14-91 Journal article, AP also quoted another P&G spokesperson -- Sydney McHugh. Ms. McHugh more or less repeated Loftus' 8-13-91 statement with the following comments: "We advised the local Cincinnati Police Department of the matter because we thought it was possible that a crime had been committed in violation of Ohio law. They decided to conduct an independent investigation." Subsequent to the 8-14-91 article in the Journal, AP had once again attempted to reach Officer Gary Armstrong with no success. Prosecutor Arthur M. Ney has an unpublished home phone number and was therefore unavailable for comment on Wednesday evening [08-14-91], according to AP. In the past few weeks, much has appeared in the press concerning allegations that P&G, a local grand jury, and/or Cincinnati Police have found a "novel" way to circumvent the First Amendment to the U.S. Constitution. In its 8-15-91 summary of the 8-14-91 Journal article, AP quoted Cincinnati attorney Robert Newman -- specializing in First Amendment issues -- as asserting: "There's no reason for the subpoena to be this broad. It's cause for alarm". Newman also offered the notion that: "P&G doesn't have to intrude in the lives of P&G employees, let alone everyone else". The same AP story references Cincinnati's American Civil Liberties Union Regional Coordinator, Jim Rogers, similarly commenting that: "The subpoena is invasive for anyone in the 513 area code. If I called "The Wall Street Journal", what possible interest should P&G have in that?" In a later 8-18-91 AP story, Cleveland attorney David Marburger was quoted as observing that "what is troublesome is I just wonder if a small business in Cincinnati had the same problem, would law enforcement step in and help them out?" Marburger also added, "it's a surprise to me," referring to the nature of the police investigation. In response, Police Commander of Criminal Investigations, Heydon Thompson, told the Cincinnati Business Courier "Procter & Gamble is a newsmaker, but that's not the reason we are conducting this investigation." P&G spokesperson Terry Loftus responded to the notion P&G had over-reacted by pointing out: "We feel we're doing what we must do, and that's protect the shareholders. And when we believe a crime has been committed, to turn that information over to the police." Meanwhile, the {Cincinnati Post} published an editorial this past weekend -- describing the P&G request for a police investigation as "kind of like when the biggest guy in a pick-up basketball game cries foul because someone barely touches him." Finally, AP referenced what it termed "coziness" between the city of Cincinnati and P&G in its 8-18-91 piece. In order to support this notion of coziness, Cincinnati Mayor David Mann was quoted to say: "The tradition here, on anything in terms of civic or charitable initiative, is you get P&G on board and everybody else lines up." As one who lived near Cincinnati for eight years, I recall Procter & Gamble's relationship with Cincinnati as rather cozy indeed. _______________________________________________________________________________ Hacker Charged in Australia August 13; 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Associated Press reports from Melbourne that Nahshon Even-Chaim, a 20-year old computer science student, is being charged in Melbourne's Magistrates' Court on charges of gaining unauthorized access to one of CSIRO's (Australia's government research institute) computers, and 47 counts of misusing Australia's Telecom phone system for unauthorized access to computers at various US institutions, including universities, NASA, Lawrence Livermore Labs, and Execucom Systems Corp. of Austin, Texas, where it is alleged he destroyed important files, including the only inventory of the company's assets. The prosecution says that the police recorded phone conversations in which Even-Chaim described some of his activities. No plea has been entered yet in the ongoing pre-trial proceedings. _______________________________________________________________________________ Dial-a-Pope Catching on in the U.S. August 17, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From the Toronto Star The Vatican is reaching out to the world, but it looks as if Canada won't be heeding the call. In the U.S., if you dial a 900 number, you can get a daily spiritual pick-me-up from Pope John Paul II. The multilingual, Vatican -authorized service, affectionately known as Dial-a-Pope, is officially titled "Christian Messaging From the Vatican." A spokesman from Bell Canada says there is no such number in this country. But Des Burge, director of communications for the Archdiocese of Toronto, says he thinks the service, for which U.S. callers pay a fee, is a good way to help people feel more connected to the Pope. (Toronto Star) ______________________________________________________________________________ PWN Quicknotes ~~~~~~~~~~~~~~ 1. Agent Steal is sitting in a Texas jail awaiting trial for various crimes including credit card fraud and grand theft auto. _______________________________________________________________________________ 2. Blue Adept is under investigation for allegedly breaking into several computer systems including Georgia Tech and NASA. _______________________________________________________________________________ 3. Control C had his fingerprints, photographs, and a writing sample subpoenaed by a Federal Grandy Jury after Michigan Bell employees, and convicted members of the Legion of Doom (specifically The Leftist and the Urvile) gave testimony. Control C was formerly an employee of Michigan Bell in their security department until January 1990, when he was fired about the same time as the raids took place on Knight Lightning, Phiber Optic, and several others. Control C has not been charged with a crime, but the status of the case remains uncertain. _______________________________________________________________________________ 4. Gail Thackeray, a special deputy attorney in Maricopa County in Arizona, has been appointed vice president at Gatekeeper Telecommunications Systems, Inc., a start-up in Dallas. Thackeray was one of the law enforcers working on Operation Sun-Devil, the much publicized state and federal crackdown on computer crime. Gatekeeper has developed a device that it claims is a foolproof defense against computer hackers. Thackeray said her leaving will have little impact on the investigation, but one law enforcer who asked not to be identified, said it is a sure sign the investigation in on the skids. (ComputerWorld, June 24, 1991, page 126) _______________________________________________________________________________ 5. Tales Of The Silicon Woodsman -- Larry Welz, the notorious 1960s underground cartoonist, has gone cyberpunk. He recently devoted an entire issue of his new "Cherry" comice to the adventures of a hacker who gets swallowed by her computer and hacks her way through to the Land of Woz. (ComputerWorld, July 1, 1991, page 82) _______________________________________________________________________________ 6. The Free Software Foundation (FSF), founded on the philosophy of free software and unrestricted access to computers has pulled some of its computers off the Internet after malicious hackers repeatedly deleted the group's files. The FSF also closed the open accounts on the system to shut out the hackers who were using the system to ricochet into computers all over the Internet following several complaints from other Internet users. Richard Stallman, FSF director and noted old-time hacker, refused to go along with his employees -- although he did not overturn the decision -- and without password access has been regulated to using a stand-alone machine without telecom links to the outside world. (ComputerWorld, July 15, 1991, page 82) _______________________________________________________________________________ 7. The heads of some Apple Macintosh user groups have received a letter from the FBI seeking their assistance in a child-kidnapping case. The FBI is querying the user group leaders to see if one of their members fits the description of a woman who is involved in a custody dispute. It's unclear why the FBI believes the fugitive is a Macintosh user. (ComputerWorld, July 29, 1991, page 90) _______________________________________________________________________________ 8. Computer viruses that attack IBM PCs and compatibles are nearing a milestone of sorts. Within the next few months, the list of viruses will top 1,000 according to Klaus Brunnstein, a noted German computer virus expert. He has published a list of known malicious software for MS-DOS systems that includes 979 viruses and 19 trojans. In all, there are 998 pieces of "malware," Brunnstein said. (ComputerWorld, July 29, 1991, page 90) _______________________________________________________________________________ 9. High Noon on the Electronic Frontier -- This fall the Supreme Court of the United States may rule on the appealed conviction from U.S. v. Robert Tappan Morris. You might remember that Morris is the ex-Cornell student who accidentially shut down the Internet with a worm program. Morris is also featured in the book "Cyberpunk" by Katie Hafner and John Markoff. _______________________________________________________________________________ 10. FBI's Computerized Criminal Histories -- There are still "major gaps in automation and record completness" in FBI and state criminal records systems, the Congressional Office of Technology has reported in a study on "Automated Record Checks of Firearm Purchasers: Issues and Options." In the report, OTA estimates that a system for complete and accurate "instant" name checks of state and federal criminal history records when a person buys a firearm would take several years and cost $200-$300 million. The FBI is still receiving dispositions (conviction, dismissal, not guilty, etc.) on only half of the 17,000 arrest records it enters into its system each day. Thus, "about half the arrests in the FBI's criminal history files ("Interstate Ident-ification Index" -- or "Triple I") are missing dispositions. The FBI finds it difficult to get these dispositions." The OTA said that Virginia has the closest thing to an instant records chck for gun purchasers. For every 100 purchasers, 94 are approved within 90 seconds, but of the six who are disapproved, four or five prove to be based on bad information (a mix-up in names, a felony arrest that did not result in conviction, or a misdemeanor conviction that is not disqualifying for gun ownership) (62 pages, $3 from OTA, Washington, D.C. 20510-8025, 202/224-9241, or U.S. Government Printing Office, Stock No.052-003-01247-2, Washington, D.C. 20402-9325, 202/783-3238). (Privacy Journal, August 1991, page 3) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Founded in 1974, Privacy Journal is an independent monthly on privacy in the computer age. It reports in legislation, legal trends, new technology, and public attitudes affecting the confidentiality of information and the individual's right to privacy. Subscriptions are $98 per year ($125 overseas) and there are special discount rates for students and others. Telephone and mail orders accepted, credit cards accepted. Privacy Journal P.O. Box 28577 Providence, Rhode Island 02908 (401)274-7861 _______________________________________________________________________________