.oO Phrack Magazine Oo. Volume Seven, Issue Forty-Nine File 3 of 16 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== ------------------------------------------------------------------------------ CUERVOCON 96 CUERVOCON 96 CUERVOCON 96 CUERVOCON 96 CUERVOCON 96 Tengo que hable con mi abogado. ---------------------------------------------------------------- What : A computer/telephony/security conference. (show this part to your boss.) Where: Fort Brown Hotel, Brownsville Texas. When : 28 & 29 December, 1996 Who : The usual gang of cretins. Why : It's winter, and it is 12 degrees outside. The dumpsters are frozen shut, and there are icicles on the payphones. Brownsville is at the Southern-most tip of Texas, right up against...Mexico. Yes, Mexico, land of cheap cerveza, four-dollar strippers, and liberal drinking laws. Mexico, where you too can own your very own Federal law enforcement official for a fistful of pesos. ---------------------------------------------------------------- Speakers Anybody wishing to speak at CuervoCon should send e-mail to the address at the bottom of this announcement. Currently the list includes: u4ea (by teleconfrence) Major ReDragon Caffiend (about her Breasts) daemon9 (about his Breasts) ---------------------------------------------------------------- Events "How Much Can You Drink?" "Fool The Lamer" "Hack The Stripper" "Hack The Web Server" "sk00l" "Ouija Board Hacking" ...as well as a variety of Technical Presentations. ---------------------------------------------------------------- General Information The Fort Brown Hotel will have available to us, 125 rooms at the holiday in @ $55 a room, and $75 rooms at the ramada @ $45 each. The Fort Brown was previously an actual fort when it was closed down by Uncle Sam. It became one large hotel until it was recently purchased and split into the Holiday Inn and the Ramada. The Fort Brown was chosen because it is across the street from the bridge to Mexico. You can call the Fort Brown Ramada at: 210-541-2921 You can call the Fort Brown Holiday Inn at: 210-546-2201 Call for reservations, make sure to tell them your with CuervoCon. Friday and Saturday the con will be in the 'Calvary' room. While Sunday we have the 'Fortress Room' where all the big speakers will be. Friday and Saturday we will have a few speakers and activities. Friday Night mainly, so we can have people arrive on time. We hope to have the con room open 24 hours a day. Brownsville is right on the Mexican border, adjacent to the Mexican town Matamoris. The Gulf of Mexico is 25 miles away. Brownsville has a population just over 100,000. The police force includes 175 officers, and a wide variety of federal law enforcement agencies have a strong presence there as well. The climate is semi-tropical, and the RBOC is SouthWestern Bell. Matamoris is the other half of brownsville. Home of over 1/2 a million people, it is known since the early 1900's as a pit of sin. The federale's are not to be fucked with and it is serviced by TelMex. It is known for its bars, strip clubs and mexican food. Matamoros also has an airport incase you live in Mexico and care to go, via aeromexico. Directions: In Texas Driving - Go anyway you can to get to US 77 South. Take 77 South till it ends in Brownsville. From there you will turn right on International. Proceed all the way down international, right before the bridge, turn left. The Fort Brown will be on the left. For those flying in - We are going to try to have a shuttle going. Also just tell the cab driver, Fort Brown. The Con Registration Fee, aka the pay it when you walk in our we will beat you up, is only 10$ and an additional 5$ for the 'I paid for eliteness sticker' which will let you into the special events, such as hack the stripper. ---------------------------------------------------------------- Celebrity Endorsements Here's what last years participants had to say about CuervoCon: "I attended the CuervoCon 95. I found many people there who, fearing a sunburn, wanted to buy my t-shirts!" -ErikB "I tried to attend, but was thwarted by "No Admittance to The Public" sign. I feel as though I missed the event of the year." - The Public "mmmm...look at all the little Mexican boys..." -Netta Gilboa "Wow! CuervoCon 95 was more fun that spilling my guts to the feds!" - Panther Modern "CuervoCon is our favorite annual event. We know we can give security a day of rest, because you people are all too drunk to give us any trouble..." - AT&T "No moleste, por favor." - TeleMex Don't miss it! ---------------------------------------------------------------- Have you ever hacked a machine in your hometown from a foreign country? Have you ever had to convert dollars into pesos to get your bribe right? Have you ever spent time in a foreign prison, where your "rights as an American" just don't apply? Have you ever been taken down for soemthing that wasn't even illegal half an hour ago? YOU WILL! And the con that will bring it to you? CUERVOCON 96 ---------------------------------------------------------------- CUERVOCON 96 CUERVOCON 96 CUERVOCON 96 CUERVOCON 96 CUERVOCON 96 brought to you by - S.o.B. - TNo - PLA - Phrack - The Guild - F.U.C.K. - SotMESC - Contact Information info@cuervocon.org www.cuervocon.org - Look here for updates. Voice mail system coming up soon. ---------------------------------------------------------------- ----<>---- *** The truth behind the Adult Verification Services ('porno' will set you free) *** By your passively skeptical author, t3. *** 10.30.96 Let's speak for a minute about 'porno'. 'Porno' has saturated the Net to a level in which it's difficult *not* to see it, regardless if you're looking for it. It can be found on the largest web site and the smallest ftp site. It can be found on Usenet, it can be found with any one of numerous search engines. Let's not delude ourselves, porno is *everywhere* and anyone with the motor skills to click a mouse can have access to it. About a year ago a concept came along called 'Adult Verification'. This first started out by people writing crude cgi scripts that would query every person as to their age. 'Are you 18' it would say, and even a sexually aware 9-year old would know to say 'yay' to this. Soon thereafter, someone topped this 4-line piece of code by writing a login interface, most likely it was incorporated into Netscape or some other, less worthy browser. This program made use of the actual browser to authenticate users. Of course one needed a login and password, of which had to be manually added after ample proof of age was received. If one merely wanted to cover one's ass, this would not be a logical solution. This all occurred during which the CDA (Communications Decency Act) had actually existed. On June 7, 1995, the CDA was passed through the Senate to the President, signed, and made a law: (1) in the heading by striking `Broadcasting obscene language' and inserting `Utterance of indecent or profane language by radio communication; transmission to minor of indecent material from remote computer facility, electronic communications service, or electronic bulletin board service'; et al...Now it was illegal to transmit 'indecent material' on the Internet. If this were to actually be adhered to, the Net would shrink so drastically that the current topology would last ten years before needing an upgrade. Is was soon apparent that this act was not going to fly. Groups like the EFF and the ACLU suddenly became extremely busy. Companies such as Apple and Microsoft challenged the constitutionality of such a law and took this directly to court. It was also apparent that the transmission of 'indecent material' would not disappear, but merely go further underground. Indeed, this is exactly what happened. Soon thereafter Adult Verification services began popping up. AVS (Adult Verification Services), Adultcheck, Adultpass, and a slew of others came up with an idea. The idea was to verify a person's adult status by acquiring one's credit card number. This would, ahem, without a doubt, prove that the individual was 18. Why? Because you had to be 18 to have a credit card of course! Someone obviously didn't take into consideration the five or so million pre-adults that would make it their goal to surpass such shotty authentication. It began by the government stating that a credit card is a legal means of verifying one's age, this allowing those distributing 'porno'graphic materials to continue distributing to those 18 and over. The initial means that the 'providers of porn' used to do this was to basically verify the format of the card and not actually run a check on it. As most of us all know, there have been plenty of "Credit Card Generators" produced in the last five years, quite capable of fooling these shotty authentication systems. As this authentication was obviously lacking in the "authentication" part, the next step was to actually validate the cards. This began and ended nearly as quickly, for finding a credit card (for example, in mommy's purse), junior could peruse porn until his dick grew red and chafed. On June 12, 1996 it was was determined that the CDA indeed violated one's constitutional rights and was striken down as a law. More on this at . But it didn't seem to phase the Authentication services. The Authentication Services currently verify age by obtaining a credit card, verifying it, and actually charging a fee for the service. About $9.95 for two years which entitles you to an abundance of graphic, ad, and airbrush-laden web pages and images. This most likely sufficiently scared off the less determined of minors because now they'd be engaging in credit card fraud. It's truly odd that after it has been deemed legal to distribute said porn, that all of these services still insist that it's illegal to do so. Let us realize that Usenet barely flinched when the CDA was in effect, and still offered gigs upon (glorious) gigs of nude bodies to oggle at. After taking a good look at this whole bizarre operation, I have made a few conclusions of my own. Charging $9.95 for two years of access to 'porno'graphy seems a little too good to be true. One must realize that there is a charge to the billing company for each credit card transaction made. I'd be surprised if it wasn't half of this ten bucks. These authentication companies also pay "handsomely" the purveyors of porn. In order for such a service to function, obviously there needs to be an agreement with the distributor and the authenticator. Now, one that distributes 'porno'graphy on the Net will certainly not feel the need to do these Verification Services any favors. The majority of people that do run these explicit sites are certainly not interested in supporting censorship of their material (probably 90% money-making). The AVS's knew this and offered a stipend to those using their services. The AVS's currently work by paying the site that contains 'indecent material' a certain amount each time that site gets another person to sign up with their service. This works by the AVS sending html that is put on a verification page. If one finds this page important enough, they may be convinced to sign up with the service that allows you to access it. The stipend is generally around $4.00, and as high as $7.50. There are many AVS's, and the majority of the said 'sites' use more than one, sometimes all of them for verification. If a particular site uses one AVS exclusively, the AVS will pay on the highest end of their scale for new recruits. If we get into some simple math, we may find some contradictions regarding this. The initial fee to those interested in accessing porn is $9.95. Out of these we can safely say that more than $3.00 goes to simply checking the validity of the card and billing it. This leaves the AVS with $6.95. Now, on the receiving end we have a very minimum of $4.00 going towards each new person that signs up. It's probably safe to say that over 90% of new customers to these AVS's sign-up through 'porno'graphic pages and not directly from the site itself. So $9.95 ends up being $6.95 after expenses, and then the service sends another $4.00 to the person that gave them the account. This leaves the AVS with a maximum of $2.95 total. The costs running an AVS are surely not exorbant, but are certainly not cheap. I have yet to find an AVS running off of anything less than at T1 (1.544mbit) speeds. This translates to an extreme minimum of 1k/month. If you include employees, office space, and incidentals, running any such service couldn't cost less than 5k a month at the very least. This would mean to break even one would have to bring in: 5000/2.95 1694 new customers a month, simply to break even! That's a lot considering the membership lasts for two years. And this is in the *best-case* scenario. I would be hard-pressed to believe that one such service could steadily rely on such a base of new clients every month indefinitely! I have theorized that these services are in fact not self-run moneymaking ventures, but are actually being funded by a higher authority. It's quite feasible to believe that the government, having been challenged and beat, have actually allocated funds to protecting the minors of the Net from obscenity. It's *certainly* not far-fetched, especially with Al Gore (think, Tipper) in an improperly high position. The government could allocate a comparitively paltry sum of one million a year towards funding (even creating) companies that act merely to pay people to be complacent. What if the government merely let relatively computer proficient professionals bid on forming these AVS's? What if? Well, unless i'm overlooking something, I can't see too much illogic to my theory. Another consideration of these services is that even at their current state, they are extremely easy to overcome. So easy, in fact, that their existence will hardly offer much resistance to a horny teenager. Remember, people will do anything to get 'porno'graphy. Such holes in these systems are that the verified member of such an AVS connects to a sexually explicit site, is bounced backed to the AVS for authentication, and is then bounced back again to the page (url) that contains the "naughty stuff". This page can be simply bookmarked and distributed to anyone and their Mom. Why? All the services I've come across (the largest ones) do not authenticate the target url, they target the initial "warning" page and contain information to pass the user on to the naughty stuff. Thus if one single person can obtain the target url, he can bypass all future authentication and can as well pass the url on through various channels, quite easily ending up in the hands of a minor. As well, if stupidity was a metaphor for AVS's, most of the target url's have filenames such as "warning.html" or "granted.html". Any half-respectable search engine (such as AltaVista) is capable of snarfing out such information. Doubly-so because these services will obviously want to advertise their existence. The only method that seems to partially protect minors from 'porno'graphy is the method of installing client-based software such as SurfWatch that try to censor 'porno'graphy. This, as well, relies on a willing company or individual to operate. This works quite archaically by imbedding META tags in html source. For example: This particular tag would be placed in the receiving html of a co-operative service or individual. The client-based software would search for such tags and censor the content accordingly. From my understanding, those using AVS's are not required to embed these tags in their "warning" page html. If they do not, which I would imagine many probably wouldn't, then suddenly these client-based censorship tools are rendered useless. So in conclusion, I would give a big thumbs-down for this whole pathetic means of controlling freedom. The Internet was meant to be a place to free exchange of information. Today a minor is just as able to find explicit material on the Net as he/she is able to dig through Mom and Dad's dresser for copies of Hustler. A minor is just as capable of watching R or X-rated movies, stealing a magazine from a store, or even buying one. It's time to stop using half-assed and crippled ways of protecting kids from obscenity on the Net. If you're a parent and you don't want your child to view such 'porno'graphy, then why not do what you're supposed to do and discipline the kid. Lazy fuckers. t3 .end ----<>---- T.A.C.D Presents... Hacking ID Machines By PiLL Table Of Contents I. What is an ID Machine & who uses them? II. Hardware and software of the ID machines III. Common security of ID Machines IV. What to do once you get in V. Closing VI. Greets Part One: What is an ID machine and who uses them? First we will start with the basics. An IDM or ID Machine is exactly what the name entails. It is a computer that government and large companies use to make security badges and ID cards for employees and visitors. All of the IDM's are DOS based so security, to say the least, sucks. There are four models of IDM's. The one we will be covering the most is the latest and greatest: the ID 4000. Also in the family of IDM's are the 3000, 2000+, and 2000. I have heard of an ID 1000 but I have yet to see or play with one, so if you find one, tell me. The 2000 is DOS 3.3 so I can imagine that an ID 1000 is even a bigger waste of time. IDM's are manufactured by a branch of Polaroid entitled Polaroid Electronic Imaging. If you want more information on IDM's call (800)343-5000 and they will send you some general specs. I will let you know right off the start that these machines sell for as much as $75,000.00 but the average price is around $40,000.00. So getting caught crashing one is NOT a good idea. You are probably wondering what companies use ID machines. Here is a brief list. All of the Colorado and Alaska DMV's, The IRS, The FBI, The U.S. Mint, The Federal Reserve, almost any military branch, Hewlett Packard, Polaroid, Westinghouse (I wouldn't recommend fucking with them: for more information on Westinghouse check out the movie Unauthorized Access available from CDC's home page), and all of the major prisons in the United States. By now you should be getting ideas of the potential fun you can have. Not that I would ever use what I know for anything illegal ;) Part Two: Hardware and Software I will cover each machine in order but you will probably notice that the ID4000 will get by far more attention then any other. Hardware and Software for the 2000+ and 2000 is kind of like teaching someone about the Apple ][ and how to use Logo so I will try not to bore you to much with them. The 2000 series are unique to the others because they are one full unit. The hardware is basically a really cheesy oversized case with a 9 monochrome monitor, a 3 monitor for viewing the victim of the hideous picture it takes, a 286 Wyse computer with 1meg of RAM (really hauls ass), a data compression board, image processing board (*Paris* Board), a signature scanner, a color film recorder or CFR, a WORM Drive, a modem, and most of the time a network card so the data can be stored on a mainframe. The Software of the 2000 series is a really neat database program running under DOS 3.3. If you have never heard of or used EDLIN, I would not recommend playing with a 2000. The only major differences between an ID2000 and an ID2000+ is that the computer on the 2000+ is a HP Vectra 386 with 4megs and a SCSI Interface. That's all you really need to know you probably won't ever encounter one unless you go trashing a lot. The ID3000 is also an HP 386/20 but uses DOS 5.0 and a Matrox Digital Processing board instead of the old Paris board of the 2000 series. This came about when your state ID actually started to remotely resemble you in 1992. Also in the 3000 years their were more peripherals available such as the latest CFR at the time (I think it was the 5000), PVC printers, and bar code label printers. The software is basically DOS 5.0 but this time they use a database shell much like DOSSHELL as the interface with the machine. The 3000 uses SYTOS for data storage and transfer and it is best to dial in using a program called Carbon Copy. The 4000 is the best even though it's not that great. It was is the first IDM in the Polaroid line that let the customer customize the machine to their needs. This is the machine that you see when you go to the DMV, at least in Denver. It consists of a JVC camera, a Matrox processing board, a data compression board, an Adaptec 1505 SCSI card, a 14.4 modem, a network card, and can have any of the following added to it: a PVC printer (in case you didn't know that's what they use on credit cards), a magnetic stripe encoder, a bar code printer, a thermal printer, a CFR (usually the HR6000 like at the DMV), a Ci500 scanner, and signature pad, a finger print pad (interesting note if you have a black light and one of the new Colorado Driver licenses hold it under a black light and look what appears under your picture, you should see your finger print), and a laminator. Now some of you are thinking what about the holograms? Those are actually in the lamination, not on the badge itself. To obtain lamination walk into the DMV and look to the right or left of the machine if you see a little brown box that's what you need, but please remember to leave some for the rest of us that might be next in line. Or you can go to Eagle hardware and buy a bolt cutter for the dumpster but that's a different text file. The 4000 runs DOS 6.0 and Windows 3.1. The actual software for the 4000 is a terrible Visual Basic shell that reminds me of the first time I ran that program AoHell. The only difference is that AoHell did what it was suppose to, the 4000 software is a headache of GPF's , Environment Errors, and Vbrun errors. A nice feature that the 4000 has that the other IDM's don't, is the ability to create and design your own badge. You can even do it remotely ! ! =) . Unfortunately the program Polaroid developed for this makes paintbrush look good. But on a bright note you can import Images. Briefly here is a run down of what exactly happens when you get your picture taken on an ID4000 at the DMV. At the first desk or table the narrow eyed, overpaid, government employee will ask you for some general information like a birth certificate, picture ID, name, address, SSN#, what party you prefer to vote for, and whether or not you want to donate your organs in the event of your untimely demise. You reply by handing her your fake birth certificate and ID that you had printed no more then an hour ago, hoping the ink is dry. "My name is Lee Taxor I reside at 38.250.25.1 Root Ave in the Beautiful Port apartments #23 located in Telnet, Colorado, I prefer to vote for Mickey Mouse of the Disney party, and can't donate my organs because Satan already owns them." The disgruntled employee then enters all your information in the correct fields while never taking an eye off you in fear that you know more about the machine he or she is using then they do (perhaps you shouldn't of worn your Coed Naked Hacking T-shirt that you bought at DefCon 4). As soon as the bureaucrat hits all of the information is sent to a database located in the directory named after the computer (i.e. c:\ID4000\ColoDMV\96DMV.MDB). Then you are directed to the blue screen where you stare at the JVC monitor trying to look cool even though the camera always seems to catch you when you have to blink or yawn or even sneeze. *SNAP* the picture is taken and displayed on the monitor where the employee can laugh at your dumb expression before printing it. If the employee decides to print the picture it is saved as a 9 digit number associated with your database record. The 4000 then compresses the picture and saves it. So the next time you go in and the pull up your record it will automatically find the associated picture and display it on the screen. But in the mean time you grab your fake ID the DMV just made for you and leave happy. In a nut shell that's all there is to these machines. Part Three: Security I think a better topic is lack of security. I have yet to see any of these machines that are remotely secure. Before we go any further the 4000 is best accessed using CloseUp the others using Carbon Copy, But any mainstream communications program will more then likely work. You Dial and it asks you right away for a username and password. whoa, stop, road block right their. Unless of course you know the backdoor that Polaroid put in their machines so they can service them. =) ID4000 Login: CSD (case Sensitive) Password: POLAROID (who would of guessed?) ID3000 Login: CPS Password: POLAROID (god these guys are so efficient) ID2000+ And ID2000 Login: POLAROID (ahh the good old days) Password: POLAROID Now if these do not work because they have been edited out, there are still a few VERY simple ways of getting in to your victims system. The first is to go with every hackers default method of social engineering. The best way to do this is to call them up and say "Hi this is (insert tech name here) with Polaroid Electronic Imaging! How is it going down there at (name of company)." The say "pretty good!" in a funny voice thinking what great customer support. You say "How is the weather been in (location of company)" they reply with the current weather status feeling that they can trust you cause you are so friendly. You say "well (name of person), we were going through our contacts one by one doing routine upgrades and system cleaning to ensure that your database is not going to get corrupted anytime soon and that everything is doing what it is supposed too, if you know what I mean (name of person)." Now they reply "oh yeah" and laugh with you not having a clue of what you are talking about. And they then say "well everything seems to be in order." You say "great sounds good but old *Bob* would have my head if I didn't check that out for myself." Then you ask if the modem is plugged in and wait for the reply. The either say yes or no then you ask them go plug it & give you the number or just give you the number. Then they comply cause they are just sheep in your plan. You say "Hey thanks (name) one more thing would happen to know if user CSD:Polaroid exists or did you guys delete it." If they deleted it ask them to put it back in, giving you administrative access. They probably know how to and will comply. If they need help have them do the following: Click on the combination lock icon at the top of the screen. This will bring them to the administrative screen and they will have the choices of Purge, Reports, and Passwords. Have them click on passwords. Then have them enter you as a new user with CSD as your Name and Polaroid as your Password. After they have done that make sure they give you all the Keys. The keys are basically access levels like on a BBS. Lets some users do certain things while others can not. The only key you need is administrative but have them give you the rest as well. The other keys are Management and Luser I think. The keys are located to the left of the user information that they just entered. Then have them click OK and close the call politely. Ta da!! Here is a list of Polaroid phone techs but I would not advise using Bob or Aryia cause their big wigs and nobody ever talks to them. Senior Techs of Polaroid Regular Techs Bob Pentze (manager) Don Bacher Aryia Bagapour (assistant) Richard Felix Sue Rick Ward Jordan Freeman Dave Webster Call 1-800-343-5000 for more Names =) Part Four: What to Do once you get in Now that your in you have access to all of their database records and photos. Upload your own and have fun with it! Everything you do is logged so here's what you'll want to do when you're done making yourself an official FBI agent or an employee of the federal reserve. Go to all of the available drives which could be a lot since they are on a network and do a search from root for all of the LOG files i.e. C:\DIR /S *.LOG Then delete the fuckers!!!! You can also do this by FDISK or formatting. Just kidding! But if you want to do it the right way then go to the admin screen and purge the error and system logs. Basically if you want the form for government badges or the FBI agents database this is the safest way to go. These computer do not have the ability to trace but it does not mean the phone company doesn't! ANI sucks a fat dick so remember to divert if you decide to do this. If you don't know how to divert I recommend you read CoTNo or Phrack and learn a little bit about phone systems and how they work. Moving around in the software once your past the security is very simple so I'm not going to get into it. If you can get around a BBS then you don't need any further help. Just remember to delete or purge the logs. Part Five: Closing If your looking for some mild fun like uploading the DMV a new license or revoking your friends this is the way to do it. However if you're looking to make fake ID's I recommend you download the badge format and purchase or obtain a copy of IDWare by Polaroid. IDware is a lot like the 4000 software except you only need a scanner not the whole system. As a warning to some of the kids I know of one guy who bought a $50,000.00 ID4000 and paid it off in a year by selling fake ID's. When Polaroid busted him they prosecuted to the fullest and now the guy is rotting in a cell for 25 to 50 years. Just a thought to ponder. Peace PiLL Greetz Shouts go out to the following groups and individuals: TACD, TNO, MOD, L0pht, CDC, UPS, Shadow, Wraith, KaoTik, Wednesday, Zydirion, Voyager, Jazmine, swolf, Mustard, Terminal, Major, Legion, Disorder, Genesis, Paradox, Jesta, anybody else in 303, STAR, BoxingNuN, MrHades, OuTHouse, Romen, Tewph, Bravo, Kingpin, and everyone I forgot cause I'm sure there are a bunch of you, sorry =P. ----<>---- The Top Ten things overheard at PumpCon '96 10. "You gotta problem? Ya'll gotta rowl!" - Keith the security guard 9. "My brain has a slow ping response" - Kingpin 8. "Space Rogue, I've been coveting your pickle." - espidre 7. "If there's space -n shit, then it's Star Trek. Unless there's that little Yoda guy - then it's Star Wars" - Kingpin 6. "I'm the editor of Phrack. Wanna lay down with me?" - A very drunk unnamed editor of Phrack 5. "Let's go find that spic, b_, no offense" - A drunk IP to b_. 4. "I'm lookin for that fat fucker Wozz. He's big, and got a green shirt, and glasses, and curly hair, just like you. As a matta a fact, you gots similar characteristics!" - A drunk IP to wozz. 3. "He was passed out on the floor... so I pissed on him" - An unknown assailant referring to IP 2. "It was the beginning and the end of my pimping career" - Kingpin referring to his escapade of getting paid two dollars for sex. 1. "French Toast Pleeeeze!" - Everyone ----<>---- TOP 0x10 REASONS TO KICK && WAYS TO GET KICKED OUT OF #HACK (Revision 0.1.1) By SirLance 0x0f asking for any information about any Microsoft products 0x0e talking about cars, girls, or anything unrelated to hacking 0x0d flooding with a passwd file contents 0x0c asking how to unshadow passwd 0x0b being on #hack, #warez and #hotsex at the same time 0x0a asking for ops 0x09 using a nick including words like 'zero' 'cool' 'acid' or 'burn' 0x08 asking if someone wants to trade accounts, CCs or WaR3Z 0x07 asking what r00t means 0x06 asking when the latest Phrack will be released 0x05 asking where to get or how to create a BOT 0x04 having the word BOT anywhere in your nick 0x03 having a nick like Br0KnCaPs and SpEak LiK3 Th4t all the time 0x02 asking for flash.c or nuke.c, spoof.c, ipsniff.c or CrackerJack 0x01 thinking #hack is a helpdesk and ask a question 0x00 being on from AOL, Prodigy, CompuServe, or MSN -EOL- ----<>---- International business by HCF Friday, 3:00am 4.12: I get the call: Julie: "You break into computers right...?" Dover: "Yea, what kind..." Julie: "Mac, I think." Dover: "Hmm... Call ``HCF'' at 213.262-XXXX" Julie: "Uh, will he be awake...?" Dover: "Don't worry (snicker) he'll be awake." Friday, 4:00am 4.12 HCF called me at 4am after he got the call from Julie: HCF: "you got me into this mess, I need to barrow your car." Dover: "Umm shure. Ok..." HCF: "I'll be right over..." Friday, 12:30pm 4.12: upon returning the car: HCF: "Umm, got a parking ticket, I'll write you a check later..." (I never got the check.) Kathleen's comment to Julie which was passed to me (days later): Kath: "Why didn't you tell me he was cute, I want him for myself!" When I passed this on to HCF: HCF: "She is *gorgeous* but not without a wet suit..." Here is the story that happened early one Friday morning... The names have been changed to protect the innocent, the guilty, and the innocent-looking guilty.... I was reading up on a new firewall technology, the kind that locks addresses out of select ports based on specific criterion, when the phone rang. "Hello?" The voice of a women, between 18 and 30, somewhat deep like Kathleen Turner's, said, "Uh, hello..." There was an obvious pause. It seemed she was surprised that I was so awake and answered sharply on the second ring. It was in the middle of my working hours; 3:30 AM. There was no delay in the phone's response, no subtle click after I picked up, and the audio quality was clear. "Do you hack?" she asked. Recorder on. Mental note: *stop* getting lazy with the recorder. "No. Are you on a Cell phone?" I responded "No." "Are you using a portable battery operated telephone?" "No. I was told by my friend ..." "Are you in any way associated with local, federal or state law enforcement agencies?" "Oh, I get it. No I'm not. Julie said that you could help me." I knew Julie through a mutual friend. "Could you call me back in 5 minutes." "Well, um, ok." Throughout the whole conversation, the phones on her end were ringing off the hook. As soon as I hung up, Ben, the mutual friend, called. Julie had called him first, and he gave her my number. I got his reassurance that this was legit. Ben was snickering but wouldn't divulge what it was about. By now my curiosity was piqued. The phone rang again, "I need someone who can break into a computer." "Whose computer?" "Mine." It turns out that the woman had hostility bought out the previous owner of this business. The computer in question had both a mission-critical database of some sort and a multi-level security software installed. She had been working under a medium permission user for some time. The computer crashed in such a way as to require the master password (root) in order to boot. The pervious owner moved out of town, could not be contacted, and was most likely enjoying the situation thoroughly. The woman was unaware of any of the technical specifications or configuration of the machine. I was able to find out that it was a Apple Macintosh Color Classic; a machine primarily distributed in Japan. It would be around 10:00 AM in Tokyo. "Why are the phones ringing so often at this time of the morning?" I asked. "I do a lot of international business." I was intrigued, the answer was smoothly executed without a delay or pitch change. I took the job. Upon arriving, I was greeted by a young, stunningly beautiful, woman with long, jet-black hair and stressed but clear green eyes. I checked the room for obvious bugs and any other surveillance. There were calendars on the wall, filled out with trixy and ultra-masculine sounding names like Candy and Chuck. The phones had died down some. The machine in question was obviously well integrated into the environment; dust patterns, scratch marks, worn-out mouse pad; it had been there for some time. There was a PBX, around 6 to 8 voice lines, three phones, and no network, modem or outside connectivity. The security, which we'll call VileGuard, defeated all the "simple" methods of by-passing. None of the standard or available passwords, in any case or combination, worked. A brute-force script would be slow as second failure shut the machine down. I made a SCSI sector copy onto a spare drive and replaced it with the original. This involved tearing open the machine, pulling various parts out, hooking up loose wires, merging several computers, and turning things on in this state. Trivial and routine, I did it rapidly and with both hands operating independently. For those who have never opened the case of an all-in-one Mac, it involves a rather violent looking smack on both sides of the pressure fitted case backing, appropriately called "cracking the case." This did not serve well to calm the nerves of the client. After a few moments of pallor and little chirps of horror, she excused herself from the room. While the SCSI copy preceded, I overheard her taking a few calls in the other room. What I heard was a one-sided conversation, but I could pretty much fill in the blanks, "Hello, Exclusive Escorts, may I help you?" "Would you like to be visited at your home or at a hotel?" "Well, we have Suzy, she's a 5'4" Asian lady with a very athletic body. Very shy but willing, and very sensual, she measures 34, 24, 34." "Big what? Sir, you'll have to speak a little clearer." "Oh, I see, well we have a very well endowed girl named Valerie, she's a double D and measures 38, 24, 34. Would that be more to your liking?" It was not easy to keep from busting up laughing. "He wants you to do what? Well, charge him double." With the new drive installed, and to predictable results, I fired up a hex editor. My experience has been that full-disk encryption typically slows the machine down to the point where the user disables it. At around $5C9E8, I found, "...507269 6E74204D 616E6167 65722045 72726F72... ...Print Manager Error..." in plain text. I searched for some of the known, lower permission, passwords. I found a few scattered around sector $9b4. The hex editor I was using could not access the boot or driver partitions, so I switched to one that could. It's not as pretty of an interface as the last editor, and is rather old. Its saving grace though is that it doesn't recognize the modern warnings of what it can and cannot see. There it was, VileGuard; driver level security. "Eric is endowed with eight and has a very masculine physique." Every male was "endowed with eight," every female had relatively identical measurements. I hunted fruitlessly around the low sectors for what might be the master password. All awhile wishing the find function of the editor would accept regexp. All the other passwords were intercapped on the odd character, but that was a convention of the current owner, and not necessarily used by the past owner. "Oh, you want a girl that is fluent in Greek?" It's not professional for me, and not good salesmanship for her, to have me overheard laughing myself into anoxia. After trying to straighten up and gather my wits together again, I began to consider an alternate possibility. If I don't know the password, what happens if I make it so that the driver doesn't either. Return to the first-installed condition perhaps? It was a thought. It turned out to be a bad thought, resulting in my haphazardly writing "xxxx" over, pretty much, random sectors of the driver partition. "Oh yes sir, Roxanne prefers older men. She appreciates how very experienced they are. I understand sir, and I'm sure she can help you with that." Before I made a second copy and whipped out the RE tools, TMON and MacNosy, I tried booting. The results were, as you'd expect, that the disk didn't mount. Instead, it asked me if I wanted to reinitialize the disk. Pause. Think... ya, why not. This was most definitely farther than I had gotten with the secure driver installed and functional. I canceled and fired up one of many disk formatters I had on hand. Though the formatter wasn't the slickest, it had proven itself repeatedly in the past. Its main quality was that of writing a driver onto a disk that is in just about *any* condition. It's made by a French drive manufacturer. As dangerous as this behavior is, I'm sure it's a planned feature. It could see the drive and allowed me to "update" the driver. A few seconds later, a normal "finished" dialog. "Yes, Stan carries a set of various toys with him. No, I don't believe he normally carries that, but I'm sure if you ask him nicely, he'll drop by the hardware store on his way and pick one up." I rebooted. It worked. I copied over the disk's data and reformatted. Time to try it on the original drive (I had, of course, been working on my copy.) Upon startup, before anything could be accessed, "Please input the master password..." Puts an unusual twist on the phrase, "adverse working conditions" - HCF Note 1: Payment was in currency. Note 2: If you ever think you understand the opposite sex's view on sex, you're underestimating. ----<>---- The Beginners Guide to RF hacking by Ph0n-E of BLA & DOC Airphones suck. I'm on yet another long plane ride to some wacky event. I've tried dialing into my favorite isp using this lame GTE airphone, $15 per call no matter how long you "talk". In big letters it says 14.4k data rate, only after several attempts I see the very fine print, 2400 baud throughput. What kind of crap is that? A 14.4 modem that can only do 2400? It might be the fact they use antiquated 900MHz AM transmissions. The ATT skyphones that are now appearing use imarsat technology, but those are $10/minute. Anyway they suck, and I have an hour or so before they start showing Mission Impossible so I guess I'll write this Phrack article Route has been bugging me about. There are a bunch of people who I've helped get into radio stuff, five people bought handheld radios @ DefCon... So I'm going to run down some basics to help everyone get started. As a disclaimer, I knew nothing about RF and radios two years ago. My background is filmmaking, RF stuff is just for phun. So why the hell would you want to screw around with radio gear? Isn't it only for old geezers and wanna be rentacops? Didn't CB go out with Smokey & the Bandit? Some cool things you can do: Fast-food drive thrus can be very entertaining, usually the order taker is on one frequency and the drivethru speaker is on another. So you can park down the block and tell that fat pig that she exceeds the weight limit and McDonalds no longer serves to Fatchix. Or when granny pulls up to order those tasty mcnuggets, blast over her and tell the nice MCD slave you want 30 happy meals for your trip to the orphanage. If you're lucky enough to have two fast food palaces close to each other you can link them together and sit back and enjoy the confusion. You've always wanted a HERF gun, well your radio doubles as a small scale version. RF energy does strange and unpredictable things to electronic gear, especially computers. The guy in front of me on the plane was playing some lame game on his windowz laptop which was making some very annoying cutey noises. He refused to wear headphones, he said "they mushed his hair...". Somehow my radio accidentally keyed up directly under his seat, there was this agonizing cutey death noise and then all kinds of cool graphics appeared on his screen, major crash. He's still trying to get it to reboot. Of course there are the ever popular cordless phones. The new ones work on 900MHz, but 90% of the phones out there work in the 49MHz band. You can easily modify the right ham radio or just use a commercial low band radio to annoy everyone. Scanning phone calls is OK, but now you can talk back, add sound effects, etc... That hot babe down the street is talking to her big goony boyfriend, it seems only fair that you should let her know about his gay boyfriend. Endless hours of torture. You can also just rap with your other hacker pals (especially useful cons). Packet radio, which allows you up to 9600 baud wireless net connections, its really endless in its utility. How to get started: Well you're supposed to get this thing called a HAM license. You take this test given by some grampa, and then you get your very own call sign. If you're up to that, go for it. One thing though, use a P.O. box for your address as the feds think of HAMs as wackos, and are first on the list when searching for terrorists. Keep in mind that most fun radio things are blatantly illegal anyway, but you're use to that sort of thing, right? If you are familiar with scanners, newer ones can receive over a very large range of frequencies, some range from 0 to 2.6 GHz. You are not going to be able to buy a radio that will transmit over that entire spectrum. There are military radios that are designed to sweep large frequencies ranges for jamming, bomb detonation, etc. - but you won't find one at your local radio shack. A very primitive look at how the spectrum is broken down into sections: 0 - 30MHz (HF) Mostly HAM stuff, short-wave, CB. 30 - 80MHz (lowband) Police, business, cordless phones, HAM 80 - 108MHz (FM radio) You know, like tunes and stuff 110 - 122MHz (Aircraft band) You are clear for landing on runway 2600 136 - 174MHz (VHF) HAM, business, police 200 - 230MHz Marine, HAM 410 - 470MHz (UHF), HAM, business 470 - 512MHz T-band, business, police 800MHz cell, trunking, business 900MHz trunking, spread spectrum devices, pagers 1GHZ+ (microwave) satellite, TV trucks, datalinks Something to remember, the lower the frequency the farther the radio waves travel, and the higher the frequency the more directional the waves are. A good place to start is with a dual band handheld. Acquire a Yaesu FT-50. This radio is pretty amazing, its very small, black and looks cool. More importantly it can easily be moded. You see this is a HAM radio, it's designed to transmit on HAM bands, but by removing a resistor and solder joint, and then doing a little keypad trick you have a radio that transmits all over the VHF/UHF bands. It can transmit approximately 120-232MHz and 315-509MHz (varies from radio to radio), and will receive from 76MHz to about 1GHz (thats 1000MHz lamer!), and yes that *includes* cell phones. You also want to get the FTT-12 keypad which adds PL capabilities and other cool stuff including audio sampling. So you get a killer radio, scanner, and red box all in one! Yaesu recently got some heat for this radio so they changed the eprom on newer radios, but they can modified as well, so no worries. Now for some radio basics. There are several different modulation schemes, SSB - Single Side Band, AM - Amplitude Modulation, FM - Frequency Modulation, etc. The most common type above HF communications is NFM, or Narrow band Frequency Modulation. There are three basic ways communication works: Simplex - The Transmit and Receive frequencies are the same, used for short distance communications. Repeater - The Transmit and Receive frequencies are offset, or even on different bands. Trunking - A bunch of different companies or groups within a company share multiple repeaters. If you're listening to a frequency with a scanner and one time its your local Police and the next it's your garbage man, the fire dept... - that's trunking. Similar to cell phones you get bits and pieces of conversations as calls are handed off among repeater sites. Their radios are programmed for specific "talk groups", so the police only hear police, and not bruno calling into base about some weasel kid he found rummaging through his dumpsters. There are three manufacturers - Motorola, Ericsson (GE), and EF Johnson. EFJ uses LTR which sends sub-audible codes along with each transmission, the other systems use a dedicated control channel system similar to cell phones. Hacking trunk systems is an entire article in itself, but as should be obvious, take out the control channel and the entire system crashes (in most cases). OK so you got your new radio you tune around and your find some security goons at the movie theater down the street. They are total losers so you start busting on them. You can hear them, but why they can't hear you? The answer-- SubAudible Tones. These are tones that are constantly transmitted with your voice transmission - supposedly subaudible, but if you listen closely you can hear them. With out the tone you don't break their squelch (they don't hear you.) These tones are used keep nearby users from interfering with each other and to keep bozos like you from messing with them. There are two types, CTCSS Continuos Tone-Codes Squelch system (otherwise known as PL or Privacy Line by Motorola) or DCS Digital Coded Squelch (DPL - Digital Privacy Line). If you listened to me and got that FT-50 you will be styling because its the only modable dual band that does both. So now you need to find their code, first try PL because its more common. There is a mode in which the radio will scan for tones for you, but its slow and a pain. The easiest thing to do is turn on Tone Squelch, you will see the busy light on your radio turn on when they are talking but you wont hear them. Go into the PL tone select mode and tune through the different tones while the busy light remains on, as soon as you hear them again you have the right tone, set it and bust away! If you don't find a PL that works move on to DPL. There is one other squelch setting which uses DTMF tone bursts to open the squelch, but its rarely used, and when it is used its mostly for paging and individuals. Now you find yourself at Defcon, you hear DT is being harassed by security for taking out some slot machines with a HERF gun, so you figure it's your hacker responsibility to fight back. You manage to find a security freq, you get their PL, but their signal is very weak, and only some of them can hear your vicious jokes about their moms. What's up? They are using a repeater. A handheld radio only puts out so much power, usually the max is about 5 watts. That's pretty much all you want radiating that close to your skull (think brain tumor). So a repeater is radio that receives the transmissions from the handhelds on freq A and then retransmits it with a ton more watts on freq B. So you need to program your radio to receive on one channel and transmit on another. Usually repeaters follow a standard rule of 5.0MHz on UHF and .6MHz on VHF, and they can either be positive or negative offsets. Most radios have a auto-repeater mode which will automatically do the offset for you or you need to place the TX and RX freqs in the two different VCOs. Government organizations and people who are likely targets for hacks (Shadow Traffic news copter live feeds) use nonstandard offsets so you will just need to tune around. Some ham radios have an interesting feature called crossband repeat. You're hanging out at Taco Bell munching your Nachos Supreme listening to the drive thru freq on your radio. You notice the Jack in the Box across the street, tuning around you discover that TacoHell is on VHF (say 156.40) and Jack in the Crack is on UHF (say 464.40). You program the two freqs into your radio and put it in xband repeat mode. Now when someone places their order at Taco they hear it at Jacks, and when they place their order at Jacks they hear it at Taco. When the radio receives something on 156.40 it retransmits it on 464.40, and when it receives something on 464.40 it retransmits it on 156.40. "...I want Nachos, gimme Nachos..." "...Sorry we don't have Nachos at Jack's..." "...Huh? Im at Taco Bell..." Get it? Unfortunately the FT-50 does not do xband repeat, that's the only feature it's lacking. Damn it, all this RF hacking is fun, but how do I make free phone calls? Well you can, sort of. Many commercial and amateur repeaters have a feature called an autopatch or phonepatch. This is a box that connects the radio system to a phone line so that you can place and receive calls. Keep in mind that calls are heard by everyone who has their radio on! The autopatch feature is usually protected by a DTMF code. Monitor the input freq of the repeater when someone places a call you will hear their dtmf digits - if you're super elite you can tell what they are by just hearing them, but us normal people who have lives put the FT-50 in DTMF decode mode and snag the codez... If your radio doesn't do DTMF decode, record the audio and decode it later with your soundblaster warez. Most of the time they will block long-distance calls, and 911 calls. Usually there is a way around that, but this is not a phreaking article. Often the repeaters are remote configurable, the operator can change various functions in the field by using a DTMF code. Again, scan for that code and you too can take control of the repeater. What you can do varies greatly from machine to machine, sometimes you can turn on long-distance calls, program speed-dials, even change the freq of the repeater. What about cordless phones, can't I just dial out on someone's line? Sort of. You use to be able to take a Sony cordless phone which did autoscanning (looked for an available channel) drive down the block with the phone on until it locked on to your neighbors cordless and you get a dialtone. Now cordless phones have a subaudible security tone just like PL tones on radios so it doesn't work anymore. There are a bunch of tones and they vary by phone manufacturer, so it's easier to make your free calls other ways. But as I mentioned before you can screw with people, not with your FT-50 though. Cordless phones fall very close to the 6 meter (50MHz) HAM band and the lowband commercial radio frequencies. There are 25 channels with the base transmitting 43-47MHz and the handset from 48-50MHz. What you want to do is program a radio to receive on the base freqs and transmit on the handset freqs. The phones put out a few milliwatts of power (very little). On this freq you need a fairly big antenna, handhelds just don't cut it - think magmount and mobile. There are HAM radios like the Kenwood TM-742A which can be modified for the cordless band, however I have not found a radio which works really well receiving the very low power signals the phones are putting out. So, I say go commercial! The Motorola Radius/Maxtrac line is a good choice. They have 32 channels and put out a cool 65watts so your audio comes blasting out of their phones. Now the sucko part, commercial radios are not designed to be field programmable. There are numerous reasons for this, mainly they just want Joe rentalcop to know he is on "Channel A" , not 464.500. Some radios are programmed vie eproms, but modern Motorola radios are programmed via a computer. You can become pals with some guy at your local radio shop and have him program it for you. If you want to do it yourself you will need a RIB (Radio Interface Box) with the appropriate cable for the radio, and some software. Cloned RIB boxes are sold all the time in rec.radio.swap and at HAM swap meets. The software is a little more difficult, Motorola is very active in going after people who sell or distribute thier software (eh, M0t?) They want you to lease it from them for a few zillion dollars. Be cautious, but you can sometimes find mot warez on web sites, or at HAM shows. The RIB is the same for most radios, just different software, you want Radius or MaxTrac LabTools. It has built in help, so you should be able to figure it out. Ok so you got your lowband radio, snag a 6 meter mag mount antenna, preferably with gain, and start driving around. Put the radio in scan mode and you will find and endless amount of phone calls to break into. Get a DTMF mic for extra fun, as your scanning around listen for people just picking up the phone to make a call. You'll hear dialtone, if you start dialing first since you have infinitely more power than the cordless handset you will overpower them and your call will go through. It's great listening to them explain to the 411 operator that their phone is possessed by demons who keep dialing 411. Another trick is to monitor the base frequency and listen for a weird digital ringing sound - these are tones that make the handset ring. Sample these with a laptop or a yakbak or whatever and play them back on the BASE frequency (note, not the normal handset freq) and you will make their phones ring. Usually the sample won't be perfect so it will ring all wacko. Keep in mind this tone varies from phone to phone, so what works on one phone wont work on another. Besides just scanning around how do you find freqs? OptoElectronics makes cool gizmos called near-field monitors. They sample the RF noise floor and when they see spikes above that they lock on to them. So you stick the Scout in your pocket, when someone transmits near you, the scout reads out their frequency. The Explorer is thier more advanced model which will also demodulates the audio and decode PL/DPL/DTMF tones. There are also several companies that offer CDs of the FCC database. You can search by freq, company name, location, etc. Pretty handy if your looking for a particular freq. Percon has cool CDs that will also do mapping. Before you buy anything check the scanware web site, they are now giving away their freq databases for major areas. OK radioboy, you're hacking repeaters, you're causing all the cordless phones in your neighborhood to ring at midnight, and no one can place orders at your local drivethrus. Until one day, when the FCC and FBI bust down your door. How do you avoid that?? OK, first of all don't hack from home. Inspired people can eventually track you down. How? Direction Finding and RF Fingerprinting. DF gear is basically a wideband antenna and a specialized receiver gizmo to measure signal strength and direction. More advanced units connect into GPS units for precise positioning and into laptops for plotting locations and advance analysis functions such as multipath negations (canceling out reflected signals.) RF finger printing is the idea that each individual radio has specific characteristics based on subtle defects in the manufacture of the VCO and AMP sections in the radio. You sample a waveform of the radio and now theoretically you can tell it apart from other radios. Doesn't really work though-- too many variables. Temperature, battery voltage, age, weather conditions and many other factors all effect the waveform. Theoretically you could have a computer scanning around looking for a particular radio, it might work on some days. Be aware that fingerprinting is out there, but I wouldn't worry about it *too* much. On the other hand DF gear in knowledgeable hands does work. Piss off the right bunch of HAMS and they will be more than happy to hop in their Winnebego and drive all over town looking for you. If you don't stay in the same spot or if you're in an area with a bunch of metal surfaces (reflections) it can be very very hard to find you. Hack wisely, although the FCC has had major cutbacks there are certain instances in which they will take immediate action. They are not going to come after you for encouraging Burger King patrons to become vegetarians, but if you decide to become an air-traffic controller for a day expect every federal agency you know of (and some you don't) to come looking for your ass. My plane is landing so thats all for now, next time - advanced RF hacking, mobile data terminals, van eck, encryption, etc. EOF ----<>---- 10.16.96 Log from RAgent GrimReper: I work For Phrack GrimReper: Yeah GrimReper: I gotta submit unix text things like every month GrimReper: I've been in Phrack for a long time GrimReper: Phrack is in MASS -> *grimreper* so how much does Phrack pay you? *GrimReper** How much? *GrimReper** Hmm...... *GrimReper** About $142 -> *grimreper* really -> *grimreper* who paid you? *GrimReper** w0rd *GrimReper** CardShoot *GrimReper** Cardsh00t -> *grimreper* hmm, I don't see any "cardsh00t" in the credits for phrack +48 *GrimReper** There is -> *grimreper* you might as well stop lying before I bring in daemon9, +he's another friend of mine -> *grimreper* he's one of the editors of phrack *GrimReper** Get the latest Phrack? *GrimReper** Its gonna have my NN *GrimReper** watch -> *grimreper* not anymore *GrimReper** Go Ahead -> *grimreper* actually *GrimReper** so? -> *grimreper* you will be mentioned -> *grimreper* you'll be known as the lying fuckhead you are, when this +log goes in the next issue ----<>---- 10.24.96 Log from Aleph1 *** ggom is ~user01@pm1-6.tab.com (ggom) *** on irc via server piglet.cc.utexas.edu ([128.83.42.61] We are now all piglet) *ggom* i am assembling a "tool shed". A "shed" for certain "expert" activity. Can you help? -> *ggom* maybe... go on *ggom* i represent certain parties that are looking for corporate information. this would fall under the "corporate espionage" umbrella *ggom* this information could probably be obtained via phone phreak but access to corporate servers would be a plus...can you help? -> *ggom* a) how do I know you are not a cop/fed? b) why did you come to #hack to ask for this? b) what type of data you after? c) what type of money are you talking about? *ggom* where else should i go to ask for this stuff???????? -> *ggom* you tell me. How do you know about #hack? *ggom* looked it up on the irc server...figured this was a good place to start........... i am talking about 4 to 5 figures here for the information -> *ggom* you are also talking 4 to 5 years -> *ggom* #hack is visited regularly by undercovers and the channel is logged -> *ggom* talking openly about such thing is not smart *ggom* whatever........... man, if you are GOOD, you are UNTRACEABLE. i guess i am looking in the wrong place...... -> *ggom* you been watching way to many times "Hackers" and yes #hack is the wrong place... *ggom* we are on a private channel.........suggest a more private setting.... -> *ggom* sorry you started off on a bad foot. If you got a million to spare for such information you would also have the resources to find the appropiate person to do the job. So you either are full off it, are a fed, or just plain dumb. This conversation ends here. *ggom* later *ggom* not talking a million.. talking 5 to 6 figures......... you are right *ggom* talk to me....... *ggom* talk to me....... ----<>----