==Phrack Magazine== Volume Five, Issue Forty-Five, File 28 of 28 PWN PWN PNW PNW PNW PNW PNW PNW PNW PNW PNW PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Paramount's Hack Attack March 3, 1994 ~~~~~~~~~~~~~~~~~~~~~~~ Reuter News Wire Though the minds of Paramount execs have surely been n potential whackings, computer hacking was the chief focus of execs Bob Jaffe and John Goldwyn last week. The execs got Par to pay a low six-figure fee against mid-six figures to Johnathan Littman for the rights to make a movie from his Sept. 12 LA Times Magazine article "The Last Hacker," and major names are lining up to be involved. It's the story of Kevin Lee Poulsen, a skilled computer hacker who was so inventive he once disabled the phone system of KIIS_FM so he could be the 102nd caller and win the $50,000 Porsche giveaway. Poulsen was caught and has been in jail for the last three years, facing more than 100 years in prison. It was a vicious tug of war between Touchstone, which was trying to purchase it for "City Slickers" director Ron Underwood. Littman, meanwhile, has remained tight with the underground community of hackers as he researches his book. That takes its tool. Among other things, the mischief meisters have already changed his voice mail greeting to render an obscene proposal. ------------------------------------------------------------------------------ Hacker Attempts To Chase Cupid Away February 10, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ UPI News Sources Two bachelors who rented a billboard to find the perfect mate said Thursday they had fallen victim to a computer hacker who sabotaged their voice mail message and made it X-rated. Steeg Anderson said the original recording that informed callers how they may get hold of the men was changed to a "perverted" sexually suggestive message. "We are getting calls from all over the country," he said. "So we were shocked when we heard the message. We don't want people to get the wrong idea." "It's rare, but we've seen this kind of thing before," said Sandy Hale, a Pac Bell spokeswoman. "There is a security procedure that can prevent this from happening, but many people simply don't use it." ------------------------------------------------------------------------------ Wire Pirates March 1994 ~~~~~~~~~~~~ by Paul Wallich (Scientific American) (Page 90) Consumers and entrepreneurs crowd onto the information highway, where electronic bandits and other hazards await them. [Scientific American's latest articles about the perils of Cyberspace. Sound bytes galore from Dorothy Denning, Peter Neumann, Donn Parker, Mark Abene, Gene Spafford and others. Much better than their last attempt to cover such a thing back in 1991.] ------------------------------------------------------------------------------ AT&T Warns Businesses December 8, 1993 ~~~~~~~~~~~~~~~~~~~~~ Business Wire Sources AT&T urges businesses to guard against increased risk of toll-fraud attempts by hackers, or toll-call thieves, during the upcoming holiday season. Last year nationwide toll-fraud attempts increased by about 50 percent during the Christmas week. Hackers "break into" PBXs or voice-mail systems, obtain passwords or access to outside lines, and then sell or use the information to make illegal international phone calls. Toll fraud cost American businesses more than $2 billion in 1993. "Hackers count on being able to steal calls undetected while businesses are closed during a long holiday weekend," says Larry Watt, director of AT&T's Toll Fraud Prevention Center. "Tis the season to be wary." AT&T is the industry leader in helping companies to prevent toll fraud. Businesses that want more information on preventative measures can request AT&T's free booklet, "Tips on Safeguarding Your Company's Telecom Network," by calling 1-800-NET-SAFE. ------------------------------------------------------------------------------ Sadomasochists Meet Cyberpunks At An L.A. Party June 14, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Jessica Seigel (Chicago Tribune) Sadomasochists meet the cyberpunks. Leather meet hypernormalcy. Body piercing meet network surfing (communicating by computer). It was a night for mingling among the subcultures to share their different approaches to messing with mind and body. The recent party at the S&M club "Club Fuck" was organized by "Boing Boing," a zine that focuses on the kinetic, futuristic world of the new frontier known as cyberspace. This place doesn't exist in a physical location, but anyone can visit from their home computer by hooking into vast electronic networks. A blindfolded man dressed in a jock strap and high heeled boots stood on stage while helpers pinned flashing Christmas lights to his flesh with thin needles. Then a man with deer antlers tied to his forehead whipped him. The crowd of mostly twentysomethings who came to the club because of the cyber theme observed with stony expressions. Chris Gardner, 24, an architecture student who studied virtual reality in school, covered his eyes with his hand. No one, really was "fitting in." The sadomasochists looked curiously at the very-average-looking cyber fans, who openly gawked back at the black leather, nudity and body piercing. Sharing subcultures can be so much fun. ------------------------------------------------------------------------------ Intruder Alert On Internet February 4, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~ AP News Sources Intruders have broken into the giant Internet computer network and users are being advised to protect themselves by changing their passwords. The breaks-ins may jeopardize the work of tens of thousands of computer users, warned the Computer Emergency Response Team, based at Carnegie Mellon University in Pittsburgh. "Intruders have already captured access information for tens of thousands of systems across the Internet," said an emergency response team sent out on the network late Thursday. Passwords were obtained by the intruders using a "Trojan horse program," so called because it can enter the main computer for some legitimate purpose, but with coding that lets it remain after that purpose is accomplished. The program then records the first 128 keystrokes when someone else connects to the Internet, and the illegal user later dials in and receives that information. The first keystrokes of a user generally contain such information as name and password of the user. Once they know that the intruders can then sign on as the person whose password they have stolen, read that person's files and change them if they wish. ------------------------------------------------------------------------------ Harding Email Compromised by Journalists February 27, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by C.W. Nevius (SF Chronicle) In another example of the media circus that has dogged Tonya Harding, a number of American journalists have apparently obtained the secret computer code numbers that would allow them to read Harding's personal electronic mail at the Winter Olympics. No reporters have admitted reading Harding's electronic mail, but the apparent access to private communications has caused concern among those covering the Games. The Olympic computer system is one of the most popular communications devices at the Games. Any member of the Olympic family -- media, athlete or Olympic official -- can message anyone else from any of several hundred computer terminals all over the Olympic venues. The flaw in the system is that it is not especially difficult to break the personal code. Every accredited member of the Olympic family is given an identification number. It is written on both the front and back of the credential everyone wears at the Games. Anyone who has a face-to-face meeting with an athlete would be able to pick up the accreditation number, if the person knew where to look. Each person is also given a "Secret" password to access the communication system. At the outset, the password was comprised of the digits corresponding to that person's birth date. Although Olympic officials advised everyone to choose their own password, Harding apparently never got around to doing so. Harding's initial password would have been 1112, because her birthday is the 11th of December. Although none of the writers at the Olympics has admitted reading Harding's personal electronic mail, it would be difficult, if not impossible, to determine if anyone did any actual snooping. There are no records kept of who signs on to the computer from any particular terminal. ------------------------------------------------------------------------------ Reality Check January 1994 ~~~~~~~~~~~~~ by Doug Fine (Spin) (Page 62) I ask accused hacker Kevin Lee Poulsen if, as he approaches three years in jail without trial, he has any regrets about his computer-related activities. Without missing a beat, and breaking a media silence that began with his first arrest in 1988, he answers: "I regret shopping at Hughes Supermarket. I'm thinking of organizing a high-tech boycott." Poulsen is referring to the site of his 1991 bust in Van Nuys, California. There, between the aisles of foodstuffs, two zealous bag-boys -- their resolve boosted by a recent episode of Unsolved Mysteries that featured the alleged criminal -- jumped the 25-year-old, wrestled him to the ground, and handed the suspect over to the security agents waiting outside. Poulsen still kicks himself for returning to Hughes a second time that spring evening. According to court documents, a former hacker crony of Poulsen's, threatened with his own prison sentence, had tipped off the FBI that Poulsen might be stopping by. What, I ask him, had he needed so badly that he felt compelled to return to a supermarket at midnight? "Do you even have to ask?" he says. "Condoms, of course." [A very different Kevin Poulsen story. Get it and read it.] ------------------------------------------------------------------------------ Key Evidence in Computer Case Disallowed January 4, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Los Angeles Staff Writers (Los Angeles Times) (Page B3) U.S. District Judge Ronald Whyte in San Jose said computer tapes found in a storage locker rented by Kevin Lee Poulsen should not have been examined by prosecutors without a search warrant and cannot be used as evidence. Whyte had ruled the tapes admissible last month but changed his mind, saying he had overlooked evidence that should have put a police officer on notice of Poulsen's privacy rights. In addition to illegal possession of classified government secrets, Poulsen faces 13 other charges, including eavesdroping on telephone conversations, and tapping into Pacific Bell's computer and an unclassified military computer network. He could be sentenced to 85 years in prison if convicted of all charges. His lawyer, Paul Meltzer of Santa Cruz, said the sole evidence of the espionage charge is contained on one of the storage locker tapes. Meltzer said a government analyst found that the tape contained a 1987 order, classified secret, concerning a military exercise. Poulsen, who lived in Menlo Park at the time of his arrest in the San Jose case, worked in the mid-1980s as a consultant testing Pentagon computer security. He was arrested in 1988 on some of the hacking charges, disappeared and was picked up in April, 1991, after a tip prompted by a television show. ------------------------------------------------------------------------------ Hacker to ask charges be dropped January 4, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ UPI News Sources An attorney for a former Silicon Valley computer expert accused of raiding confidential electronic government files said Tuesday he will ask to have charges dismissed now that a federal judge has thrown out the government's chief evidence. Attorney Peter Leeming said the government's case against Kevin L. Poulsen is in disarray following a ruling suppressing computer tapes and other evidence seized from a rented storage locker in 1988. ''We're ready to go to trial in the case, and actually we're looking forward to it,'' Leeming said. Poulsen is charged with espionage and other offenses stemming from his hacking into military and Pacific Bell telephone computers. The government alleges that Poulsen illegally obtained confidential military computer codes and confidential information on court-ordered wiretaps. ------------------------------------------------------------------------------ The Password is Loopholes March 1, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~ by Joshua Quittner (Newsday) (Page 61) You'd think that Polytechnic University, in Brooklyn, one of the finer technical schools in the country, would know how to safeguard its computer system against hacker intrusions. And you'd think the same of New York University's Courant Institute, which hosts the mathematical and computer science departments. But a teenage Brooklyn hacker, who calls himself Iceman, and some of his friends say they invaded the schools Internet-connected computers and snatched the passwords of 103 students. Internet break-ins have been a national news story lately, with reports that unknown intruders have purloined more than 10,000 passwords in a burst of activity during recent months. The Federal Bureau of Investigation is investigating, since so many "federal-interest computers" are attached to the wide-open Internet and since it is a crime to possess and use other peoples' passwords. Experts now believe that a group of young hackers who call themselves The Posse are responsible for the break-ins, though who they are and what they're after is unclear. Some people believe the crew is merely collecting passwords for bragging rights, while others suspect more insidious motives. Their approach is more sophisticated, from a technical standpoint, than Iceman's. But the result is the same. Now Iceman, who's 18, has nothing to do with The Posse, never heard of it, in fact. He hangs with a group of budding New York City hackers who call themselves MPI. Iceman told me it was simple to steal 103 passwords on the universities systems since each password was a common word or name. What did Iceman and company do with the passwords? He said mostly, they enjoy reading other people's files and e-mail. "Every once in a while," he said, "you get something interesting." ------------------------------------------------------------------------------ A Rape In Cyberspace December 21, 1993 ~~~~~~~~~~~~~~~~~~~~ by Julian Dibbell (Village Voice) (Page 36) [ Some guy made my MUD character do bad things in a public area. And all the other MUDders could do was sit and watch! WAHHHHH. Get a fucking life, people. Wait, let me restate that; Get a FUCKING REAL LIFE!] ------------------------------------------------------------------------------ Hacking Goes Legit February 7, 1993 ~~~~~~~~~~~~~~~~~~ by Ann Steffora and Martin Cheek (Industry Week) (Page 43) Corporations ARE using "tiger teams" and less glamorous methods to check computer security. [Uh, yeah. Sure they are. Hey, is that an accountant in your dumpster? Better tuck in that tie dude. Don't forget your clipboard! I will put a computer security audit by me, or by anyone from the hacker community, against a computer security audit done by ANY of the following: Coopers & Lybrand, Deloitte & Touche, Arthur Andersen or Price Waterhouse. It's no contest. These people are NOT computer people. Period. Get the hell out of the computer business and go do my fucking taxes.] ------------------------------------------------------------------------------