==Phrack Inc.== Volume 0x0b, Issue 0x3a, Phile #0x0d of 0x0e |=----------------=[ P H R A C K W O R L D N E W S ]=------------------=| |=-----------------------------------------------------------------------=| |=---------------------------=[ phrackstaff ]=---------------------------=| Content in this news does not reflect the opinion of any particluar phrack staff member. The news is exclusively done by the scene and for the scene. In cleartext this means that we honestly do not care if you feel uncomfortable or offended by the news - in fact PWN is a place many people use to express _their_ opinion and to tell the world about what's going wrong. You have the chance to complain about this at: loopback@phrack.org. If you feel the need to submit news, do so at: disorder@phrack.org. If you think you are smart enough to moderate the PWN in Phrack #59 then take a deep breath and think about it again. If you still think you can make it, mail us at phrackstaff@phrack.org. Today's PWN is dedicated to the MPAA, the FBI, SecretService and any other world domination organization. 0x01: cDc media control 0x02: Hack-orist 0x03: First international treaty on cybercrime 0x04: CALEA - how we pay others to spy on us 0x05: various news |=[ 0x01 - cDc media control ]=------------------------------------------=| At Hope2000/NYC cDc leadership announced a new project of building an infrastructure of tunnels and access points to grant unrestricted access to the internet to users from foreign countries who are legally not allowed to surf outside the government applied borders of 'their' internet. China was one of their targets. The very same group announced on the 26th of Nov their cooperation with the FBI to plan, build and deploy best-of-breed electronic surveillance software. http://cultdeadcow.com/details.php3?listing_id=425 The story rushed through the newstickers of the world and was soon picked up by other news agencies...not realizing the excellent work of satire by cDc. http://www.vnunet.com/News/1127639 Amazing how easy it is to bluff big new agencies.....no comment. FBI's new toy (Magic Lantern, virus-like keystroke logger): URL: http://www.msnbc.com/news/660096.asp?cp1=1 Reports are coming in about the new FBI traffic matching device becoming fully operational. Traffic matching devices are long known to various agencies but have not been used widely across the internet. The basic idea is to build a network of drones/sniffers which records traffic 'waves' for a limited time period. A master can search through all drones/sniffers and determine the path of a 'wave' (e.g traffic peak) through the internet. The results are the same for crypted (ssh, ipsec, ..) or bounced connections - as long as traffic flows from the source to the destination. Padding the traffic with random data does not fool the device. This is basic knowledge for anyone familiar with wavelets transformation (Random padded data would just result in a few more 'wavelet stars' in a visualized wavelet transformation). SSH in line mode (axssh) is not enough to fool the device. Splitting the traffic stream into many fake streams may fool the device. The required amount of traffic is most often not acceptable. URL: http://hes.iki.fi/pub/ham/unix/utils/ URL: http://www.wavelets.com |=[ 0x02 - Hack-orist ]=--------------------------------------------------=| Russ Cooper want all of you virus writers/Hackorists in jail: http://www.wired.com/news/politics/0,1283,49313-2,00.html Hackers face life imprisonment under 'Anti-Terrorism' Act: http://www.securityfocus.com/news/257 Electronic Pearl Harbor and the fear against Super-Hackers: http://www.securityfocus.com/news/280 Random quotes: "Most of the terrorism offenses are violent crimes, or crimes involving chemical, biological, or nuclear weapons. But the list also includes the provisions of the Computer Fraud and Abuse Act that make it illegal to crack a computer for the purpose of obtaining anything of value [..]. Likewise, launching a malicious program [..] are included in the definition of terrorism." "To date no terrorists are known to have violated the Computer Fraud and Abuse Act." "... the five year statute of limitations for hacking would be abolished retroactively -- allowing computer crimes committed decades ago to be prosecuted today -- and the maximum prison term for a single conviction would be upped to life imprisonment. There is no parole in the federal justice system. Those convicted of providing "advice or assistance" to cyber crooks, or harboring or concealing a computer intruder, would face the same legal repercussions as an intrude." |=[ 0x03 - First international treaty on cybercrime ]=-------------------=| The Council of Europe (CoE) published their latest elaboration of the Cybercrime treaty. The Council has been established after World War II in 1949. Since then the CoE takes care of the preparation and the negotiation of European conventions and agreements. In its 52 years of existence the CoE published 185 treaties (one paper every 4 month - that's what you pay taxes for). Most of the treaties are publicly available on the internet - with all classified information stripped out (yes, you also pay taxes for the dude who strips out the information we are all most interested in). Let's sum up what this 'First international treaty on cybercrime' is about: - Anti-warez, computer-related fraud, violation of network security. - Powers and procedures such as the search of computer networks and interception. - Fostering international co-operation. - As written in the preamble: "to protect the society against cybercrime". - (Article 19/2.2c) Allows 'competent authorities' to modify or delete data on a suspect's computer. - Force different ISP's to log and disclose traffic-data of a suspect up to a maximum of 90 days (Article 16 + 20/1b.ii + 21). - Extradition of suspects who are punishable under these laws (A 24/1-7). - Mutual assistance to the widest extent possible. A29 explicitely gives a requesting party the right to order a requested party to seizure or disclose computer data. The treaty has been opened for signature on 23/11/01. 27 out of 43 countries gave their signature on the same day (including UK, Netherlands, Italy, Iceland, Germany, France, ...). Four non-member States of the Council of Europe signed the same as a sign of respect and support (USA, South Africe, Japan and Canada). The entire treaty is available at: http://conventions.coe.int/Treaty/EN/projets/FinalCybercrime.htm |=[ 0x04 - Communications Assistance for Law Enforcement Act ]=----------=| aka CALEA [1]. 'The mission of the CALEA Implementation Section is to preserve Law Enforcement's ability to conduct lawfully-authorized electronic surveillance while preserving public safety, the public's right to privacy, and the telecommunications industry's competitiveness.' CARL CAMERON, FOX NEWS CORRESPONDENT (voice-over): The company is Comverse Infosys, a subsidiary of an Israeli-run private telecommunications firm, with offices throughout the U.S. It provides wiretapping equipment for law enforcement. Here's how wiretapping works in the U.S. Every time you make a call, it passes through the nation's elaborate network of switchers and routers run by the phone companies. Custom computers and software, made by companies like Comverse, are tied into that network to intercept, record and store the wiretapped calls, and at the same time transmit them to investigators. The manufacturers have continuing access to the computers so they can service them and keep them free of glitches. This process was authorized by the 1994 Communications Assistance for Law Enforcement Act, or CALEA. Senior government officials have now told Fox News that while CALEA made wiretapping easier, it has led to a system that is seriously vulnerable to compromise, and may have undermined the whole wiretapping system. Indeed, Fox News has learned that Attorney General John Ashcroft and FBI Director Robert Mueller were both warned Oct. 18 in a hand-delivered letter from 15 local, state and federal law enforcement officials, who complained that "law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was enacted." Congress [probably means Comverse --DBM] insists the equipment it installs is secure. But the complaint about this system is that the wiretap computer programs made by Comverse have, in effect, a back door through which wiretaps themselves can be intercepted by unauthorized parties. Adding to the suspicions is the fact that in Israel, Comverse works closely with the Israeli government, and under special programs, gets reimbursed for up to 50 percent of its research and development costs by the Israeli Ministry of Industry and Trade. But investigators within the DEA, INS and FBI have all told Fox News that to pursue or even suggest Israeli spying through Comverse is considered career suicide. And sources say that while various F.B.I. inquiries into Comverse have been conducted over the years, they've been halted before the actual equipment has ever been thoroughly tested for leaks. A 1999 F.C.C. document indicates several government agencies expressed deep concerns that too many unauthorized non-law enforcement personnel can access the wiretap system. And the FBI's own nondescript office in Chantilly, Virginia that actually oversees the CALEA wiretapping program, is among the most agitated about the threat. But there is a bitter turf war internally at F.B.I. It is the FBI's office in Quantico, Virginia, that has jurisdiction over awarding contracts and buying intercept equipment. And for years, they've thrown much of the business to Comverse. A handful of former U.S. law enforcement officials involved in awarding Comverse government contracts over the years now work for the company. Numerous sources say some of those individuals were asked to leave government service under what knowledgeable sources call "troublesome circumstances" that remain under administrative review within the Justice Department. Comments from Mr. Dean, Vice President for Technology Policy: "From the beginning, both the political Right and Left warned Congress and the FBI that they were making a huge mistake by implementing CALEA. That it would jeopardize the security of private communications, whether it's between a mother and her son or between government officials. The statement just issued by law enforcement agencies has confirmed our worst fears." Do you want to know more? [1] http://www.askcalea.net/ |=[ 0x05 - various news ]=-----------------------------------------------=| Uncle Sam wants you to become a 'High-Tech-Crime-Network certificated investigator' today! I thought the CISSP requirements cant be topped.... http://www.htcn.org/ 2001 - Captured the flag ssh and login exploitable heh i remember joking about these things a few years ago DeCSS has been ruled "speech" by a California State Appeals Court, overturning the lower court ruling. Good news! http://www.wired.com/news/print/0,1294,48075,00.html http://www.courtinfo.ca.gov/courts/courtsofappeal/6thDistrict/ http://slashdot.org/yro/01/11/01/1953236.shtml http://www.theregister.co.uk/content/55/22613.html Operation Buccaneer (aka Operation Sundevil-II). (announced as the 'multi billion dollar bust' in the media). http://www.theregister.co.uk/content/4/23329.html http://www.wikipedia.com/wiki/DrinkOrDie |=[ EO PWN ]=------------------------------------------------------------=|