PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue XXXVII / Part Four of Four PWN PWN PWN PWN Compiled by Dispater & Spirit Walker PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Computer Espionage: Can We Be Compromised By The Internet? December 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Extracted from Security Awareness Bulletin The advent of computer networks linking scientists and their research institutions vastly complicates any effort to identify Soviet scientific espionage. For example, foreign travel may become less important, as computers become more directly interconnected, allowing scientists anywhere in the world to talk to each other -- and, in some cases to access information in data bases at Western academic and defense-related institutions. This capability has been available for some time, but in 1989 the USSR took an important step toward increasing the breadth and availability of access, by applying (with Poland, Czechoslovakia, Hungary, and Bulgaria) to be connected to the European Academic Research Network (EARN). Approval of the application in April 1990 provided Soviet and East European users access far beyond simply a link to computers throughout Western Europe. Through EARN, the Soviets would be connected to Internet, a US network serving defense, research, and academic organizations worldwide. A number of threats are inherent in the trend toward computer linkage. The most obvious is the increased ease with which a Soviet can discuss professional matters with Westerners working on similar projects. A user also can put out a blanket request for information on any subject, and it may not always be obvious that the requestor is working for the USSR. In addition, the Soviet Academy of Sciences can use a computer network to issue general invitations to conferences -- in hopes that the responses will identify untapped research institutions or individual scientists that later can be targeted for specific information. Access to data in the computers connected to a network normally is controlled, so that specific files can be read only by authorized users. However, the Soviets have demonstrated that an innovative "hacker" connected to computers containing sensitive information can evade the access controls in order to read that information. In the "Hannover Hacker" case, for example, the Soviet intelligence services used West German computer experts to access US restricted data bases, obtaining both software and defense-related information. _______________________________________________________________________________ Waging War Against War Dialing November 27, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Edmund L. Andrews (New York Times) Special Thanks: Dark Overlord WASHINGTON -- Riding a wave of popular annoyance over telephone sales calls, Congress approved and sent to President Bush a bill that would ban the use of automated dialing devices that deliver pre-recorded messages to the home. The measure would also allow consumers to block calls from human sales-people by placing their names on a "do not call" list. The bill, which passed on voice votes in both the House and Senate, was supported by both Democrats and Republicans, some of whom have recounted their own aggravations with unsolicited sales calls. Although the White House has expressed concerns about what it views as unnecessary regulation, the President has not threatened to veto the bill. The measure, which combines provisions from several separate measures passed previously by both chambers of Congress, bans the use of autodialers for calling most individual homes. The few exceptions would be when a person has explicitly agreed to receive such a call or when the autodialer is being used to notify people of an emergency. When autodialers are used to call businesses, they would be prohibited from reaching more than two numbers at a single business. Many states have already passed laws that restrict autodialers, including about a dozen states that ban them altogether and about two dozen others that restrict their use in various ways. The state laws, however, do not stop a company from using an autodialer in an unregulated state to call homes in state with regulations. In an attempt to curb telemarketing by human sales representatives, the measure would instruct the Federal Communications Commission to either oversee the creation of a nationwide "do not call" list or issue rules ordering companies to maintain their own lists. The bill would allow people who placed their names on such a list to file suits is small claims courts against companies that persisted in calling. The suits could seek up to $500 for each unwanted call, up to a maximum of three calls >from a single company. Finally, the bill would ban unsolicited "junk fax" messages, which are advertisements transmitted to facsimile machines. "This is a victory for beleaguered consumers, who in this piece of legislation have their declaration of independence from junk faxes and junk calls," said Rep. Edward J. Markey, D-Mass., the measure's principal sponsor in the House. Companies that make or use autodialers glumly predicted that the measure would put them out of business and would hurt small advertisers the most. "I think it will put us out of business," said Mark Anderson, owner of the Leshoppe Corp., a New Orleans concern that uses about 160 machines for clients who sell everything from tanning products to health insurance. "What people don't understand is that a lot of mom-and-pop operations use electronic marketing, and use it successfully." Ray Kolker, president of Kolker Systems, the largest maker of autodialers, echoed those views. "Passage of this bill demonstrates that Congress just isn't as concerned about the economy as they think they are," he said. "This will destroy a multibillion-dollar business." Telemarketing has surged in recent years, as the cost of long-distance telephone service has plunged and as consumers have become deluged by floods of catalogues they do not read and envelopes they do not open. According to congressional estimates, the volume of goods and services sold through all forms of telephone marketing has increased from about $72 billion in 1982 to $435 billion in 1990. Over all, an estimated 300,000 people are employed in some facet of telephone marketing. Autodialers, which can each make about 1,500 calls a day, have become one of the most efficient but disliked forms of telemarketing. By one estimate, 20,000 autodialers are in operation at one time, with the capacity of making more than 20 million calls in a single day. During hearings on the issue earlier this year, Sen. Daniel K. Inouye, D-Hawaii, noted irritably that he had been summoned to the telephone only to hear a recorded sales message about winning a trip to Hawaii. The legislation was not opposed by all companies involved in telephone sales. Many marketing experts have long deplored the use of autodialers as a sales tool, arguing that they are counter-productive because they generate more irritation than sales interest. The Direct Marketing Association, a trade group, has expressed cautious support for the legislation and already maintains its own, voluntary "do not call" list. Beyond simply annoying people at home, the autodialers have been known to tie up telephone paging networks and the switchboards of hospitals and universities, and to call people on their cellular telephones. But it remains unclear how effective the "do not call" lists would be in practice, because the two options available to the FCC differ greatly. A national list maintained by the government would effectively protect consumers from all unwanted sales calls. But a requirement that each company maintain its own list would be much more limited, because people might have to call each company to be placed on its individual list. Congressional aides noted that the measure passed Wednesday strongly implied that the FCC should set up its own list, because it provides two pages of detail on just how such a list should be created. _______________________________________________________________________________ Foreign Guests Learn America Is Land Of The Free December 2, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Excerpted from the Orlando Sentinel "Merry Christmas From BellSouth!" A telephone computer glitch gave dozens of foreign travelers at downtown Orlando hotel early Christmas presents Saturday and Sunday. The giving began when a guest at the Plantation Manor, an international youth hotel across from Lake Eola, discovered that pay phones were allowing free long-distance calls to virtually anywhere in the world. As the news spread, the four public phones, which are normally deserted at the hotel, were busy non-stop until Sunday afternoon,when Southern Bell discovered the problem and dispatched technicians to shut off long-distance service. Roger Swain, a clerk at Plantation Manor, said the discovery was made by accident. "One of our guests said he tried to call Houston, Texas, from the second floor," Swain said. The operator told him he didn't need to use coins because the phone was not listed as a public phone. He was on the phone for 40 minutes, and they didn't charge him.' A spokesman for AT&T, which handles long distance for some of Southern Bell's phones, said the problem seemed to be with a Southern Bell computer. "Our equipment is working fine," said Randy Berridge, AT&T spokesman. "If it's a Southern Bell problem, they would bear the costs.' It's possible Southern Bell recouped some money: It still cost 25 cents for a local call. "This is a drop in the ocean to them," one English traveler said of the phone company, which had just covered the cost of his call home at the Sunday rate of $21.74 for each half hour." _______________________________________________________________________________ 8th Chaos Computer Congress December 27-29, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Klaus Brunnstein Special Thanks: Terra of CCC On occasion of the 10th anniversary of its foundation, Chaos Computer Club (CCC) organized its 8th Congress in Hamburg. To more than 400 participants (largest participation ever, with growing number of students rather than teen-age scholars), a rich diversity of PC and network related themes was offered, with significantly less sessions than before devoted to critical themes, such as phreaking, hacking or malware construction. Changes in the European hacker scene became evident as only few people from Netherlands (e.g. Hack-Tic) and Italy had come to this former hackers' Mecca. Consequently, Congress news are only documented in German. As CCC's founding members develop in age and experience, reflection of CCC's role and growing diversity of opinions indicates that teen-age CCC may produce less spectacular events than ever before. This year's dominating theme covered presentations of communication techniques for PCs, Ataris, Amigas and Unix, the development of a local net as well as description of regional and international networks, including a survey. In comparison, CCC '90 documents are more detailed on architectures while sessions and demonstrations in CCC '91 (in "Hacker Center" and other rooms) were more concerned with practical navigation in such nets. Phreaking was covered by the Dutch group HACK-TIC which updated its CCC '90 presentation of how to "minimize expenditures for telephone conversations" by using blue boxes and red boxes, and describing available software and recent events. Detailed information on phreaking methods in specific countries and bugs in some telecom systems were discussed. More information (in Dutch) was available, including charts of electronic circuits, in several volumes of Dutch "HACKTIC: Tidschrift voor Techno-Anarchisten" (news for techno-anarchists). Remark #1: Recent events (e.g. "Gulf hacks") and material presented on Chaos Congress '91 indicate that the Netherlands emerges as a new European center of malicious attacks on systems and networks. Among other potentially harmful information, HACKTIC #14/15 publishes code of computer viruses (a BAT-virus which does not work properly. Remark #2: While few Netherland universities devote research and teaching to security, Delft university at least offers introductory courses into data protection. Different from recent years, a seminar on Computer viruses (presented by Morton Swimmer of Virus Test Center, University of Hamburg) as deliberately devoted to disseminate non-destructive information (avoiding any presentation of virus programming). A survey of legal aspects of inadequate software quality (including viruses and program errors) was presented by lawyer Freiherr von Gravenreuth. Some public attention was drawn to the fact that the "city-call" telephone system radio-transmits information essentially as ASCII. A demonstration proved that such transmitted texts may easily be intercepted, analyzed and even manipulated on a PC. CCC publicly warned that "profiles" of such texts (and those addressed) may easily be collected, and asked Telecom to inform users about this insecurity; German Telecom did not follow this advice. Besides discussions of emerging voice mailboxes, an interesting session presented a C64-based chipcard analysis systems. Two students have built a simple mechanism to analyze (from systematic IO analysis) the protocol of a German telephone card communicating with the public telephone box; they described, in some detail (including an electronmicroscopic photo) the architecture and the system behavior, including 100 bytes of communication data stored in a central German Telecom computer. Asked for legal implications of their work, they argued that they just wanted to understand this technology, and they were not aware of any legal constraint. They have not analyzed possibilities to reload the telephone account (which is generally possible, due to the architecture), and they did not analyze architectures or procedures of other chipcards (bank cards etc). Following CCC's (10-year old charter), essential discussions were devoted to social themes. The "Feminine computer handling" workshop deliberately excluded men (about 25 women participating), to avoid last year's experience of male dominance in related discussions. A session (mainly attended by informatics students) was devoted to "Informatics and Ethics", introducing the international state-of-discussion, and discussing the value of professional standards in the German case. A discussion about "techno-terrorism" became somewhat symptomatic for CCC's actual state. While external participants (von Gravenreuth, Brunnstein) were invited to this theme, CCC-internal controversies presented the panel discussion under the technical title "definition questions". While one fraction wanted to discuss possibilities, examples and dangers of techno- terrorism openly, others (CCC "ol'man" Wau Holland) wanted to generally define "terrorism" somehow academically, and some undertook to describe "government repression" as some sort of terrorism. In the controversial debate, a few examples of technoterrorism (WANK worm, development of virus techniques for economic competition and warfare) were given. _______________________________________________________________________________ Another AT&T 800-Number Outage December 16, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Dana Blankenhorn (Newsbytes) BASKING RIDGE, NEW JERSEY -- AT&T suffered another embarrassing outage on its toll-free "800" number lines over the weekend, right in the middle of the Christmas catalog shopping season. Andrew Myers, an AT&T spokesman, said the problem hit at 7:20 PM on December 13 as technicians loaded new software into computers in Alabama, Georgia, and New York. The software identifies and transfers 800 calls, he said. A total of 1.8 million calls originating in parts of the eastern U.S. were impacted, the company said. Service was restored after about one hour when technicians "backed off" the patch and went back to using the old software. Programmers are now working on the software, trying to stamp out the bugs before it's reloaded. "Obviously we don't like it when a single call doesn't get through, but I wouldn't consider this a serious problem," Myers said. The problem was reported to the Federal Communications Commission over the weekend, and to the press the next day. The latest problem continues a disturbing trend of AT&T service outages in the Northeast. Worse, all the problems have had different causes -- power problems, switch software problems, and cable cuts caused previous outages. _______________________________________________________________________________ US Congress Sets Up BBS For Whistle Blowers December 16, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Dana Blankenhorn (Newsbytes) WASHINGTON, D.C. -- U.S. Congressman Bob Wise and his House Government Operations subcommittee on government information, justice and agriculture have opened a bulletin board service for government whistle-blowers. Wise himself is the system operator, or sysop, of the new board. Newsbytes contacted the board and found it accepts parameters of 8 bit words, no parity, and 1 stop bit, known as 8-N-1 in the trade, and will take calls from a standard 2400 bit/second Hayes- compatible modem. Whistle-blowers are employees who tell investigators about wrong- doing at their companies or agencies, or "blow the whistle" on wrong-doing. Wise said that pseudonyms will be accepted on the BBS -- most private systems demand real names so as to avoid infiltration by computer crackers or other abusive users. Passwords will keep other users from reading return messages from the subcommittee, Wise added. The committee will check the board daily and get back to callers about their charges. The board is using RBBS software, a "freeware" package available without license fee. The executive branch of the U.S. government uses a system of inspectors general to police its offices, most of whom have telephone hotlines for whistle-blowers and accept mail as well. But the inspectors expect whistle- blowers to collect evidence at work, which could get them in trouble. And efforts to contact the whistle-blower by an inspector general representative can identify them to wrongdoers. Theoretically, calls from Congressional staffers will be seen by the bad guys as typical annoying oversight calls. Press Contact: Rep. Bob Wise 202-224-3121 202-225-5527 BBS _______________________________________________________________________________ NIST Extends Review Deadline for Digital Signature December 16, 1991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By John McCormick (Newsbytes) WASHINGTON, DC -- NIST, the National Institute of Standards and Technology (formerly the Bureau of Standards) has taken the unusual step of extending the review period for the controversial digital signature standard which the agency proposed at the end of August. The normal 90-day comment period would already have ended, but the NIST has extended that deadline until the end of February - some say because the agency wishes to tighten the standard. NIST spokespersons deny that there was any need to modify the proposed standard to increase its level of security, but James Bidzos, whose RSA Data Security markets a rival standard, says that the NIST's ElGamal algorithm is too weak and is being promoted by the government because the National Security Agency feels that it can easily break the code when necessary. The new standard is not a way of encrypting messages themselves; that is covered by the existing DES or Data Encryption Standard. Rather, the DSS or Digital Signature Standard is the method used to verify the "signature" of the person sending the message, i.e., to make certain that the message, which might be an order to transfer money or some other important item, is really >from the person who is authorized to send such instructions. As Newsbytes reported back in July, the NSA and NIS had been charged with developing a security system nearly four years ago. The recently announced ElGamal algorithm was previously due to be released last fall, and in the meantime the RSA encryption scheme has become quite popular. At that time, NIST's deputy director, Raymond G. Kammer, told the Technology and Competitiveness Subcommittee of the House (U.S. House of Representatives) Science, Space and Technology Committee that the ElGamal encryption scheme, patented by the federal government, was chosen because it would save federal agencies money over the private RSA encryption and signature verification scheme. Interestingly enough, the only company that currently markets an ElGamal DS system is Information Security Corp., 1141 Lake Cook Rd., Ste. D, Deerfield, IL 60015, a company that fought and won a bitter court battle with RSA over the right to market RSA-based encryption software to the federal government. That was possible because RSA was developed at MIT by mathematicians working under federal grants. ISC's $249.95 Secret Agent, which uses the ElGamal algorithm, was released at last year's Federal Office Systems Expo in Washington. ElGamal is a public key system that can be used just like the RSA system but differs from it in significant theoretical ways. ISC's CEO and president, Thomas J. Venn, has told Newsbytes that the ElGamal system is highly secure, but the ElGamal algorithm is quite different from that of the RSA system, deriving its security from the difficulty of computing discrete logarithms, in finite field, instead of using RSA's very different method of factoring the products of two prime numbers. RSA has fought back by posting a prize for anyone who can crack the RSA scheme. To take a stab at it, send a self-addressed stamped envelope to RSA Data Security, Inc., 10 Twin Dolphin Dr., Redwood City, CA 94065, for the RSA list and the rules. Those with access to Internet e-mail can send a request to challenge-info@rsa.com. _______________________________________________________________________________ PWN Quicknotes ~~~~~~~~~~~~~~ 1. Computer bulletin boards aren't just for dweeby cyberpunks anymore -- at least not in San Francisco. Entrepreneur Wayne Gregori has created SF Net, a decidedly socialble computer network that links up patrons of the city's dangerously hip cafe's. From the Lower Haight to south of Market Street, high-tech trendies are interfacing over cappuccino. All you have to do is buy a ticket from the cafe>, enter a number into an on-site computer and begin your techno-chat at $1 per 15 minutes. The next Gregori test site is Seattle, Washington. (Newsweek, December 2, 1991) _______________________________________________________________________________ 2. The (November 29, 1991 issue of) San Jose Mercury News reported that the San Mateo, California 911 system was brought to it's knees because of a prank . It seems that a disc jockey at KSOL decided to play a recent MC Hammer record over and over and over... as a prank. Listeners were concerned that something had happened to the personnel at the station, so they called 911 (and the police department business line). It seems that a few hundred calls in forty five minutes or an hour was enough to jam up the system. There was no report in the newspaper of any deaths or injuries to the overloaded system. The DJ didn't want to stop playing the record (claiming First Amendment rights), but did insert an announcement to not call the police. _____________________________________________________________________________ 3. Jean Paul Barrett, a convict serving 33 years for forgery and fraud in the Pima County jail in Tuscon, Arizona, was released on December 13, 1991 after receipt of a forged fax ordering his release. It appears that a copy of a legitimate release order was altered to bear HIS name. Apparently no one noticed that the faxed document lacked an originating phone number or that there was no "formal" cover sheet. The "error" was discovered when Barrett failed to show up for a court hearing. The jail releases about 60 people each day, and faxes have become standard procedure. Sheriff's Sergeant Rick Kastigar said "procedures are being changed so the error will not occur again." (San Francisco Chronicle, December 18, 1991, Page A3) _______________________________________________________________________________ 4. AT&T will boosted it's rates on direct-dial, out-of-state calls on January 2, 1992. The increase, to affect weekday and evening calls, would add about 8 cents to the average monthly long-distance bill of $17 and about $60 million to AT&T'd annual revenue. (USA Today, December 23, 1991, Page B1) _______________________________________________________________________________ 5. The following was in the AT&T shareholders quarterly, and is submitted not as a commercial solicitation but because somebody might be interested. A colorful 22-by-28-inch poster that traces the development of the telephone from Bell's first model to the latest high-technology feature phone can be purchased for $12. To order, send a check to Poster, AT&T Archives, WV A102, 5 Reinman Road, Warren, NJ 07059-0647. (Telephone 908-756-1590.)" (Special Thanks: The Tone Surfer) _______________________________________________________________________________ 6. Word has it that the normal toll-free number blue-box is now DEAD in Norway. According to some information received by Phrack, the toll-free numbers got switched onto the regular phone network in the United States, which you can't phreak the same way. (Special Thanks: Nosferatu) _______________________________________________________________________________ 7. In case you've been trying to call Blitzkreig BBS and been unable to connect with it, Predat0r is moving his board into the basement. He said the board would be back up as of February 1st. He also said that master copy of TAP #106 is finished, but he is a year behind on updating his mailing list. Predat0r said that making the copies was no problem but that with the influx of subscribers he was going to have to enlist local help to get the database updated. He also said that if someone paid for ten issues they will get ten issues. (Special Thanks: Roy the Tarantula) _______________________________________________________________________________ 8. There is a new science fiction book about called "Fallen Angels" by Larry Niven. The basis for the book is this: The United States government has been taken over by religious fanatics and militant environmentalists. Soon the United States is an Anti-Technological police state. Two astronauts are shot down over the United States and are on the run. They are on the run from various government agencies such as the (Secret Service like) Environmental Protection Agency. Nivin's wild imagination provides for a great deal of humor as well as some things that are not funny at all, due to the fact that they hit just a little to close to home. The story also mentions the Legion of Doom and The Steve Jackson Games raids. In the "acknowledgments" section at the rear of the book the author has this to say, "As to the society portrayed here, of course much of it is satirical. Alas, many of the incidents --- such as the Steve Jackson case in which a business was searched by Secret Service Agents displaying an unsigned search warrant --- are quite real. So are many of the anti- technological arguments given in the book. There really is an anti- intellectual on-campus movement to denounce 'materialistic science' in favor of something considerably more 'cold and unforgiving.' So watch it." (Special Thanks: The Mad Alchemist) _______________________________________________________________________________ 9. Bell Atlantic Shoots Themselves in the Foot (February 5, 1992) -- Newsbytes reports that Bell Atlantic admits having funded an advocacy group "Small Businesses for Advertising Choice" to oppose HR 3515, a bill regulating the RBOCs' entry into info services. Tennessee Democrat Jim Cooper, the sponsor, called it a "clumsy Astroturf campaign," meaning fake grass roots. Republican co-sponsor Dan Schaeffer was a target of a similar campaign by US West, in which telephone company employees were encouraged to call their representatives on company time to oppose the measure. The bill is HR 3515. To get a copy, call the House Documents Room at (202)225 3456 and ask for a copy. It's free (more accurately, you have already paid for it). _______________________________________________________________________________ 10. Computer Hackers Get Into Private Credit Records (Columbus Dispatch, February 24, 1992) -- DAYTON - Computer hackers obtained confidential credit reports of Midwest consumers from a credit reporting firm in Atlanta. Atlanta-based Equifax said a ring of 30 hackers in Dayton [Ohio] stole credit card numbers and bill-paying histories of the consumers by using an Equifax customer's password. Ronald J. Horst, security consultant for the company said the break-in apparently began in January. Police don't know if the password was stolen or if an employee of the client company cooperated with the hackers. Horst said the hackers were apparently doing it just for fun. No charges have been filed. Equifax will notify customers whose credit reports were taken. _______________________________________________________________________________ 11. Fingerprints And Connected Databases (Summary of an article by Stephen Schwartz, San Francisco Chronicle, February 22, 1992, Page A16) -- A fingerprint found in an unsolved 1984 murder of an 84-year-old woman was kept in the San Francisco police database all these years. Recently the San Francisco fingerprint database was linked with the Alameda County fingerprint database. The old print matched a new one taken in connection with a petty theft case, and so eight years later the police were able to solve the old case (burglary, arson, homicide). The two girls implicated were 12 and 15 at the time. (Special Thanks: Peter G. Neumann of RISKS)