Volume Four, Issue Thirty-Seven, File 12 of 14 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue XXXVII / Part Two of Four PWN PWN PWN PWN Compiled by Dispater & Spirit Walker PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Operation Sun-Devil Nabs First Suspect February 17, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Michael Alexander (ComputerWorld)(Page 15) "Defendant Pleads Guilty To Possession Of Access Codes, Faces 10-year Term" The U.S. Department of Justice said last week that it had successfully completed its first prosecution in the Operation Sun-Devil investigation. Robert Chandler [a/k/a The Whiz Kid and former bulletin board system operator of the Whiz House in 619 NPA], 21, pleaded guilty in federal court in San Diego to a single felony for possessing 15 or more access codes, which can be used illegally to make toll-free telephone calls, said Scott Charney, who heads the Justice Department's computer crime unit in Washington, D.C. Chandler also admitted to using the access codes, Charney said. Chandler will be sentenced on May 11. The legal maximum penalty is 10 years' imprisonment, but federal prosecutors will probably recommend probation, assuming the sentencing guidelines and the judge handling the case permit it, Charney said. Chandler may also be required to make restitution of a still-undetermined amount for telephone calls made with the access code. On May 7 and 8, 1990, U.S. Secret Service and local law enforcement officials executed more than 20 search warrants [more like 27] in 14 cities in a nationwide crackdown on computer crime code called Operation Sun-Devil. Federal law enforcers said the raid was aimed at rounding up computer-using outlaws who were engaged in telephone and credit-card fraud. Approximately 42 computers and 23,000 disks were swept up in the dragnet, but until last week there were no indictments or convictions in the investigation. The Justice Department has been severely criticized by Computer Professionals for Social Responsibility (CPSR), the Electronic Frontier Foundation (EFF), and other advocacy groups for its handling of Operation Sun-Devil cases. CPSR has charged that federal law enforcers trampled on the First and Fourth Amendment rights of those targeted in the raids. _______________________________________________________________________________ No More Fast Times For Spicoli ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Night Ranger On November 19, 1991, Spicoli was awaken by Pima County (Arizona) Sheriffs and some other agents in his apartment. They showed him their search warrants, which was obtained under the suspicion of "Computer Fraud and/or Theft" and asked him to step outside. They began dismantling his computer system, which ran his bulletin board called "Fast Times." It was not a hack/phreak bulletin board and contained no information that would normally be construed as such. The main reason he ran the board was because he was writing it himself. The authorities took many items not related to his computer, including his VCR. He was not charged with any crimes and additionally he was informed that he was "free to go." This incident is very similar to what happened with the hacker "Mind Rape." Late last year, his home was raided and lots of items were seized, but no charges followed. Spicoli attempted to hire private legal counsel, but discovered that it was beyond his means financially. Since then, he has chosen to go with the public defender's office. Weeks later, it was revealed that his case concerned an undisclosed, but presumably large amount of stolen money and he was charged with various felonies. He further learned that the authorities had been monitoring him over a period of at least three months. Anyone who had contact with him between August and November should be careful. His computer is now in the hands of the government. This is the second major bust in Arizona during the last half of 1991. With people like Gail Thackeray residing there and anti-hacker companies such as Long Distance For Less and U.S. West it is definitely not the place for any kind of hacking. _______________________________________________________________________________ U2 Shakes Up New England Bell February 24, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Steve Morse (The Boston Globe)(Page 15) Irish rockers U2 left local telephone operators hasping for breath. In an unprecedented move designed to thwart scalpers, tickets for U2's March 17 show at Boston Garden went on sale through telephone charge only -- and the result was a long morning for the phone company. "It was complete gridlock. I don't know how else to describe it. The bombed us right out of the water," said Joanne Waddell, a New England Telephone manager. "We expected a lot of calls ... but this was unbelievable. Our operators were clicking away like crazy out there." The Garden show sold out in 4 1/2 hours, said Doug Borg of Tea Party Concerts, adding that it took that long because there was a two-ticket limit per person -- another step taken to frustrate scalpers. "The demand was overwhelming. I heard there were a half-million calls in the first hour," said Larry Moulter, president of Boston Garden. The telephone company said exact figures were not yet available, but Moulter's information is consistent with a recent U2 sale in Atlanta, where more than one million calls, many from eager fans with automatic redial, were logged. "I don't really have a number. It's safe to say thousands, many thousands," said Peter Cronin, a spokesman for New England Telephone. He admitted there were minor delays in getting a dial tone, but that it was "not a serious situation. If people stayed on the line, they'd get dial tone in a few seconds." There were 100 lines selling sales for the Garden concert. They checked for duplicate names, credit card numbers and addresses (to help enforce the limit of two per person) and caught 'some' attempts to use a card number more than once. _______________________________________________________________________________ Federal Agents Raid WCFL; Station Silenced, Forced Off Air January 28, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Patrick Townson (Telecom Digest) In an unusual move by the Federal Communications Commission, a far southwest suburban radio station in the Chicago area has been forced off the air by the FCC which alleges illegal activity at the station. WCFL-FM (104.7), a station licensed in Morris, IL with no connection to the station using the same call letters in Chicago several years ago was silenced by FCC officials who raided the station accompanied by members of the United States Marshall's Office on Friday, January 24. Prompted by complaints from other broadcasters in the Chicago area, an FCC field inspection team on January 16 found WCFL was beaming its signal at more than twice its authorized power of 11,000 watts, and was using a nondirectional rather than directional antenna as called for in its license to operate. The effect of the violations was to broacast a more powerful signal toward Chicago and elsewhere, and "to increase the likelyhood of interference with other stations," acccording to Dan Emrick, chief of investigations for the FCC's office in Chicago. The FCC had cited the station for similar offenses in 1990, and fined the owners $3000. Emrick said there was no record of payment. Tim Spires is the General Manager of WCFL, and an officer of the parent company 'MM Group' which is based in Ohio. Neither Mr. Spires nor other officials of 'MM Group' would make any response to the FCC action which forced the station off the air at 1:00 PM last Friday. Emrick said federal officers entered the station shortly before 1:00 PM and served the appropriate legal papers on employees on duty. FCC staffers then siezed the broadcasting studio and transmitting equipment. After giving the obligatory sign off message and station identification over the air, power was killed to the transmitter. Employees were ordered to leave the premises, which was closed with a US Marshall's Seal. Emrick went on to say the station would not be allowed to return to the air until the station settles its account with the FCC and completes construction of a directional antenna. At that point, the station would be permitted to operate 'in probation' while the Commission did further technical inspections, and the probation status would continue for an unspecified period of time afterward. A press release was finally issued by the 'MM Group' yesterday which said in part that WCFL " ... went off the air voluntarily in order to install a new antenna; bring their transmitter into compliance with FCC regulations and better serve their listening area." _______________________________________________________________________________ New Cellular Phones Raise A National Security Debate February 6, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By John Markoff (New York Times)(Page D1) Advocates of privacy rights are challenging the nation's most clandestine intelligence-gathering agency over how much confidentiality people will have when communicating via the next generation of cellular telephones and wireless computers. The issue has emerged at meetings this week of an obscure committee of telecommunications experts that is to decide what kinds of protections against eavesdropping should be designed into new models of cellular phones. People concerned with privacy are eager to incorporate more potent scrambling and descrambling codes in equipment to prevent the eavesdropping that is so easy and so common in the current generation of cellular phones. But privacy advocates contend that the industry committee has already decided not to adopt the maximum level of protection because of pressure from the National Security Agency, whose intelligence gathering includes listening in on phone conversations in foreign countries and intercepting data sent by computers. The privacy-rights faction contends that the security agency opposes codes that are hard to crack because the equipment might be used overseas. "The NSA is trying to weaken privacy technology," said Marc Rotenberg, Washington director of Computer Professionals for Social Responsibility, a public advocacy group organized by computer scientists and engineers. "At stake is nothing less than the future of our privacy in the communications world." The standards setting group is made up of cellular telephone equipment manufacturers and service providers. The National Security Agency is the Defense Department Agency in charge of electronic intelligence gathering around the world for use by many other branches of the government. Officials of the agency, who have been participating in the meetings as observers, said their only interest in the matter was insuring that the government's own secure telephones were compatible with the new cellular phones. They said that agency officials have specifically been told not to participate in the standards-setting effort, and indeed some engineers attending the meetings said they have felt no outside pressure. But other engineers involved in the standards process said the agency's presence had loomed large in earlier technical meetings during the past two years. "I would talk to people and they would say, 'The NSA wouldn't like this, or wouldn't like that,'" said one committee member, who spoke on the condition that he not be identified. The Agency's Long Reach The debate is important, the privacy advocates say, not just for cellular phones but for many other emerging technologies that communicate using radio signals, which are easier to intercept than information sent over conventional telephone lines. These include wireless "personal communicators" that transmit and receive data, and portable "notebook" computers. But the dispute also illustrates that even as the cold war ebbs, the National Security Agency is still wielding influence over many United States high-technology industries. Indeed, executives from a number of high- technology companies say the agency is hampering their efforts to compete for business overseas by forcing them to make products for foreign markets that are different from products sold domestically. The agency exercises this power in evaluating some of the applications by companies to export high-technology products. In that role, critics say, the agency has opposed exports of equipment fitted with advanced encryption systems that are increasingly vital to modern business. Buyers Can Shop Elsewhere The agency's critics say it is almost impossible to contain the proliferation of encryption technologies and that customers who are deterred from buying it in the United States will simply shop abroad or steal the technology. "The notion that you can control this technology is comical," said William H. Neukom, vice president for law and corporate affairs at Microsoft Corporation, the big software publisher. Critics also say that it is ludicrous that encryption systems used in popular software programs receive the type of Government scrutiny that might be expected for weapons. "The notion that our our products should be classified as munitions, and treated that way just doesn't make sense at all," Mr. Neukom said. Privacy advocates have also challenged the committee's intention not to publish the algorithm on which the encryption technology is based. Traditionally, cryptographers have said that the best way to ensure that encryption techniques work is to publish the formulas so they can be publicly tested. The committee has said that it will not disclose the formula because it does not want to criminals an opportunity to crack the code. But publishing the formula is only a danger only if the formula is weak, said John Gilmore, a Silicon Valley software designer, and privacy advocate. If the formula is strong, disclosing it publicly and letting anyone try to crack it would simply prove it works. The code, however, is simple to break, say a number of engineers who have examined it. Several committee members said they realized that the security agency would never permit the adoption of an unbreakable privacy scheme. "The cynics in the bar would say that you're never going to get anything by the NSA that they can't crack trivially anyway," said Peter Nurse, chairman of the authentication and privacy subcommittee of the standards committee and an engineer at Hughes Network Systems. NSA Role Denied But a number of engineers who worked on the technical standard insist that the agency has had no overt role in setting it. "The standard was based on the technical deliberations of some of the best experts in North America," said John Marinho, chairman of the standards committee and an executive at AT&T. He said the committee relied on the NSA only for guidance on complying with United States regulations. He also said that the new standard would offer far more privacy protection than is available under the present cellular telephone system. Today, although it is against the law to eavesdrop on a cellular telephone conversation, many individuals modify commercial radio scanners so they can receive the frequencies on which cellular calls are transmitted. _______________________________________________________________________________ FBI Eavesdropping Challenged February 17, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from The Washington Post WASHINGTON -- Cellular telephones and other state-of-the art telecommunications technology are seriously challenging the FBI's ability to listen to the telephone conversations of criminal suspects, law enforcement officials say. The FBI is seeking $26.6 million next year to update its eavesdropping techniques. Normally tight-lipped FBI officials become even more closed- mouthed when the subject of investigative "sources and methods" comes up. But a review of the bureau's 1993 budget request provides an unusual glimpse into the FBI's research on electronic surveillance and its concerns about new technologies. "Law enforcement is playing catchup with the telecommunications industry's migration to this technology," said the FBI's budget proposal to Congress. "If electronic surveillance is to remain available as a law enforcement tool, hardware and software supporting it must be developed." The new technologies include digital signals and cellular telephones. At the same time, there has been an increase in over-the-phone transmission of computer data, which can be encrypted through readily available software programs, say industry experts and government officials. The FBI's five-year research effort to develop equipment compatible with digital phone systems is expected to cost $82 million, according to administration figures. The FBI effort is just a part of a wider research program also financed by the Pentagon's secret intelligence budget, said officials who spoke on condition of anonymity. Electronic surveillance, which includes both telephone wiretaps and microphones hidden in places frequented by criminal suspects, is a key tool for investigating drug traffickers as well as white-collar and organized crime. Conversations recorded by microphones the FBI placed in the New York City hangouts of the Gambino crime family are the centerpiece of the government's case against reputed mob boss John Gotti, now on trial for ordering the murder of his predecessor, Paul Castellano. Taps on the phones of defense consultants provided key evidence in the Justice Department's long running investigation of Pentagon procurement fraud, dubbed "Operation Ill Wind." But with the advent of digital phone signals, it is difficult to unscramble a single conversation from the thousands that are transmitted simultaneously with computer generated data and images, industry officials said. "In the old days all you had to do was take a pair of clip leads and a head set, put it on the right terminal and you could listen to the conversation," said James Sylvester, an official of Bell Atlantic Network Services Inc. But digital signal transmission makes this task much more difficult. Conversations are broken into an incoherent stream of digits and put back together again at the other end of the line. John D. Podesta, a former counsel to the Senate Judiciary's law and technology subcommittee, said the FBI and other law enforcement agencies are simply victims of a technological revolution. For more than 50 years the basic telephone technology remained the same. _______________________________________________________________________________ Nynex Will Go On-line With Listings February 20, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Adam M. Gaffin (adamg@world.std.com)(Middlesex News, Framingham, MA) You can now let your fingers do the walking electronically through the Yellow Pages. Nynex yesterday announced an online Yellow Pages available to anyone with a computer and modem, becoming the first regional Bell operating company to offer an electronic Yellow Pages database. The 1984 court order that broke up AT&T had barred such efforts, but that provision was overturned last year. The service, at least at first, will offer listings only, rather than ads, from close to 300 Nynex directories -- the company serves most of New York and New England, except for Connecticut. Users will also be able to scan UPI news and financial information, according to Kurt Roessner, president of Nynex Information Technologies, the subsidiary that will run the service. Ultimately, the company hopes to begin offering and displaying Yellow Pages-like ads to users, Roessner said yesterday. Users will require special software to access the information through the Minitel network, a French system that has so far failed to catch on in the U.S. Nynex will provide the software for free to users of MS-DOS, Macintosh, Apple II and Commodore computers, Roessner said. Roessner said Nynex eventually hopes to offer the service on other, more popular computer networks. Minitel was chosen because Nynex has offered its Yellow Pages information to French subscribers for almost two years, he said. Nynex will charge 61 cents a minute -- $36.60 an hour -- the same as French users pay. However, Roessner acknowledged this may be more than Americans are willing to pay and that the company will look at lowering the rate. CompuServe, the nation's largest consumer-oriented computer network, charges $12.80 an hour -- but drops that to just 50 cents an hour to people who use an AT&T directory of national toll-free numbers. The Nynex project is the latest in a series of efforts by large companies to sell information to consumers via computer. Some, such as an effort by Knight- Ridder in the mid-1980s, have ended in spectacular failure. Last year, Nynex dropped its own information "gateway" service after losing several million dollars. CompuServe and several other online services, however, reportedly earn sizable profits. Phone-company information services have been surrounded by controversy. Opponents, who include organizations representing newspaper publishers, say it is unfair to allow a company that provides the means of distribution to also offer services -- a common comparison is to a turnpike authority that also ran a trucking company. Roessner, however, said he hopes the phone company can cooperate with, rather than fight, other potential "information providers." He said he has already talked with officials at a number of newspapers who seem more willing to work with the phone company on joint projects than their national organizations would let on. _______________________________________________________________________________ Civil Jury Rules Against AT&T in Patent Violation Case February 9, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Paul Deckelman (United Press International/UPI) NEW YORK -- A jury ruled American Telephone & Telegraph Company infringed upon somebody else's patent for telephone switching equipment and awarded the plaintiff $34.6 million, an attorney said. AT&T contends the suit is without merit and said it will appeal the verdict. The six-member jury at the federal district court in Midland, Texas, returned its verdict after having heard six days of testimony in the case, brought against the telecommunications giant by Collins Licensing L.P., of Dallas. The plaintiff's lawyer, Joseph Grear, of the Chicago-based firm of Rolf Stadheim Ltd., held out the possibility that the total award could go substantially higher, due to interest accruing back to 1985. An AT&T spokesman dismissed the possibility. U.S. District Court Judge Lucius Bunton is considering the jury's recommendation. Grear claimed AT&T's 5ESS digital central office switching device infringed upon a 1976 federal patent for a "Time Space Time (TST) Switch" awarded to the late Arthur A. Collins. Collins was the founder of Collins Radio Co., now a division of Rockwell International Inc., of El Segundo, California. "Arthur Collins was a pioneer in the field of digital telecommunications. The jury's verdict provides recognition of Mr. Collins' substantial research and development investment in, and important technical contributions to, the field of digital telephony," Grear said. AT&T's Network Systems division came out with the device in the early 1980s, using it for central-office telephone switching equipment used to route calls to the proper exchange and number. The suit, filed in December 1990, originally named Southwestern Bell, of Dallas, as a co-defendent. That portion of the case, however, was dismissed when the regional telephone company argued it had not violated the patent because it did not make the disputed switching equipment -- it had only bought it from AT&T. But AT&T contends that Collins' patent was not valid. Spokesman Curt Wilson said the Federal Patent Office is currently examining the patent in question in a separate proceeding at the request of both AT&T and Collins Licensing. "We think they will invalidate that patent and we won't have to pay," he said. There is no firm time frame for the anticipated Patent Office ruling. Wilson added that even if the patent is found by the government to have been valid, AT&T does not believe its equipment used Collins' discovery, and thus feels it did not infringe upon the patent. "The jury found in our favor on seven of the original eight counts of the suit," Wilson said, "and on the remaining claim, awarded them $34 million, 70 times less than the amount they had originally sought." We believe this suit is totally without merit," the spokesman asserted. "The patent is not valid -- and we expect the patent office to agree." _______________________________________________________________________________ User "Bill Of Rights" Introduced January 23, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TAMPA, FLORIDA.-- .The North American Directory Forum (NADF) introduced a "User Bill of Rights" to address security and privacy issues regarding entries and listings concerning its proposed cooperative public directory service. NADF members also approved continuing efforts on an experimental publish directory pilot at their eighth quarterly meeting. The "User Bill of Rights" addresses the concerns of the individual user or the user's agent, and is in response to issues brought to the attention of the NADF. Final plans were completed for the X.500 directory pilot scheduled to begin in the first quarter of this year. The pilot will be used by the NADF to validate its technical agreements for providing a publich directory service in North America. The agreements have been recorded in standing documents and include the services that will be provided, the directory schema and information sharing required to unify the directory. It will test the operation of X.500 in a large-scale, multi-vendor environment. All NADF members are participating in the pilot. The members are AT&T, Bell Atlantic, BellSouth Advanced Networks, Bellcore representing US West, BT North America, GE Information Services, IBM, Infonet, MCI Communications Corp., Pacific Bell, Performance Systems International, US Postal Service and Ziff Communications Co. Joining the NADF at this meeting are Canada Post Corporation and DirectoryNet, Inc. The NADF was founded in 1990 with the goal of bringing together major messaging providers in the U.S. and Canada to establish a public directory service based on X.500, the CCITT recommendation for a global directory service. The forum meets quarterly in a collaborative effort to address operational, commercial and technical issues involved in implementing a North American directory with the objective of expediting the industry's transition to a global X.500 directory. This quarter's meeting was hosted by the IBM Information Network, IBM's value-added services network that provides networking, messaging, capacity and consulting services. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - USER BILL OF RIGHTS (for entries and listings in the Public Directory) The mission of the North American Directory Forum is to provide interconnected electronic directories which empower users with unprecedented access to public information. To address significant security and privacy issues, the North American Directory Forum introduces the following "User Bill of Rights" for entries in the Public Directory. As a user, you have: I. The right not to be listed. II. The right to have you or your agent informed when your entry is created. III. The right to examine your entry. IV. The right to correct inaccurate information in your entry. V. The right to remove specific information from your entry. VI. The right to be assured that your listing in the Public Directory will comply with US or Canadian law regulating privacy or access information. VII. The right to expect timely fulfillment of these rights. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Scope of Intent - User Bill of Rights The North American Directory Forum is a collection of service providers that plan to offer a cooperative directory service in North America. This is achieved by interconnecting electronic directories using a set of internationally developed standards known as the CCITT X.500 series. In this context, the "Directory" represents the collection of electronic directories administered by both service providers and private operators. When an entry containing information about a user is listed in the Directory, that information can be accessed unless restricted by security and privacy controls. A portion of the Directory -- The Public Directory -- contains information for public dissemination. In contrast, other portions of the Directory may contain information not intended for public access. A user or user's agent may elect to list information in the Public Directory, a private directory, or some combination. For example, a user might publicly list a telephone number or an electronic mail address, and might designate other information for specific private use. The User Bill of Rights pertains to the Public Directory. Source: NADF, January 1992