______ ______ _____________ ____ ___ ______ / ____|\ / \ /____ ____/\ / | \ / / | / \ / / ____\| / __ |\ \_/ /\____\/ / | / / / / __ |\ / / / / /__/ / | / / / / /| |/ / / / /__/ / | / /__/______ | / / / / / / / | / / | / / |____________|\ |\_____ / / /__ / / /___/ / |___/ / |\_____ / / |_____________\| \|____| / \__\ / |___ |/ |___|/ \|____| / ____ / \ --- / \ \ __ / /\ \ \ \ _/______|_/ / / / \ | | / / / / | ---\( |/ / / / | \|\(/\(/ \(/ | | / / / \ / / \ ___/ / / / Communications of The New Order Issue #5 Fall 1994 "Those who would sacrifice a little privacy for more security, deserve neither privacy nor security." - Ben Franklin Special Thanks: Boo Yaa, Ninja Master, TEK, Gatsby, TDK, Pulse, Invalid Media, Mark Tabas, Marauder, Frosty, Phalcon/Skism, PMF. Good Luck To: Merc and the 602 Crowd, Crypt Keeper and 513 Crowd. Cavalier...."I don't mind standing at a payphone for three hours if its for a good cause." Dead Kat...."I've been on hold forever! I just wasted five dollars of some guys money." DisordeR...."When I die I'm going to prank call god from hell." The Public.."MoD never really split up, they were just in different jails." Voyager....."#hack, the IRC Channel of broken dreams." ========= __/\iNTRo/\__ CoTNo is a 'zine of the computer underground of the 1990's. It is written for H4Qu3r's and pHR3aCK3r's of intermediate to beginning experience. All the information published herein is as accurate as possible and pertains to techniques and devices that actually work. We do not publish any article that is not of an H/P nature. If you wish to comment on or contribute to CoTNo, email us at tno@fc.net, or catch one of us on the iRC or try to catch us in your local Telco dumpster. Ahem... As was hinted at in our last issue, some of our own members were snagged in the so-called "Operation Sundevil '94". One of those was John Falcon (aka Renegade), the uberhacker of Alaska. He was convicted of and incarcerated for a number of cumputer related crimes this summer. For his "offences" he received a 20 month jail sentence. Since rumors about his bust have been running rampant on the 'Net, I've decided to set the facts straight here with the information straight from JF himself. First we'll begin with the information that has been released by the press. Following is an excerpt from the Elmendorf AFB newspaper titled 'Computer Hackers Benefit From Lax Security". My comments appear in [brackets]. ;) [...garbage about security...] Elmendorf (AFB) hasn't been immune to computer crimes and hacker intrusions. During the past 12 months, AFOSI (Air Force Office of Special Invesigations) Detachment 631 has investigated several computer-related crimes, according to Special Agent Michael Vickery, criminal invesigator for Det. 631 [da Fedz]. In one case, and active-duty military member gave his government computer password to a friend [thanks dude!]. His friend used the password to access the military computer system and store files in it [WaReZ!!]. The military member didn't know his friend, an accomplished hacker, was a member of an active computer hacking group based in Colorado -- a group responsible for causing massive damage to DOD (Department of Defense) computer systems. [ooohhh... now we're famous.] The same hacker and an associate also broke into a base building five different time and stole more than $15,000.00 worth of government computer equiptment [see CoTNo #03, article 4]. The hacker continued his illegal activities when he charged more than $1,700.00 in long distance phone calls to the Federal Aviation Administration and Mark Air (local airline)[I was wondering how he managed to call Flatline so much! ;)], and broke into a Seattle-based computer company's system. The investigation involved a multi-agency task force, which included investigators from the AFOSI, 3rd Security Police Squadron, FBI, Secret Service (CIA), and the FAA. The hacker and his accomplice were caught and convicted in federal court. The hacker was sentenced to 20 months confinement, $21,000.00 restitution, and three years of probation, according to Vickery [and Phiber thought he had it bad]. The AFOSI is addressing this new crime in a unique way. In 1978 AFOSI was the first law enforcment agency to create computer crime invesigators. In 1992 AFOSI formed a small squad of these investigators at Bolling AFB, Washington D.C., that manages all computer intrusion invesigations for the agency. These cases need central management so that only one coordinated invesigation is conducted instead of several individual invesigations running concurrently withou coordination. [...deleted garbage...] Once news of the bust started to leak out to the scene, the rumours went wild! Following is a message from JF that debunks some of the rumours. Thanks to Shade for getting in contact with him about this. >From Jfalcon@ice_bbs.alaska.net Wed Nov 16 16:21:20 MST 1994 Greetings, I am Mr. Falcon aka John Falcon. A friend of mine was so gratious as to send me a copy of the alt.2600 posting you made. Let me just cut to the chase. I liked your writing, but you were misinformed on the facts so that is why I am making this posting public because some kind of example must be made. Common myths of my arrest: 1 - The FBI/NSA cracked my hard drive and read all my encrypted mail. A: Christ man, If this was true, do you realize how many of your guys that sit all night on #hack on IRC or some other channel or even all the mail in and out of ripco.com and phantom.com would be monitored and people arrested?! If this were the case, I can assure you my friend I would be talking to you face to face right now and not via computer or anything. 2 - Mr. Falcon left his secring.pgp on his system. A: This is only 50% true. Yes I had my secring.pgp on the system. The reason for it being there was that 3 weeks earlier, the person who is kind enough to post this message for me borrowed my 486 computer and took it to his school. No big deal. Except when he hooked it up to their network, it began to have a little problem. Chalk one up for microsoft, I was using doublespace and lo-and-behold all my data got scrambled. Scary sight to see about 200 megs worth of the latest information just go POOF. But I am sure all the people on the net have experienced this once before. So the week before my computer was brought in by the FBI, I created a new key that I never got to use. As you all know, that every time you make a new key, you can make sure that it will be original unlike DES standard which is a rather fixed algorithm. 3 - FBI/NSA read the RSA encrypted data. A: This couldn't be farther from the truth, all the data on my HD was from a backup over 3 months old. When they did get around to trying to disect (sic) my hard drive they weren't able to read it. Not that there was much to read anyway. The key that they did find couldn't open that file even if it wanted to. Since PGP requires 2 keys, and since I just created my new PGP key the week before, they weren't anble to read jack shit. Also chalk another one up for NORTON UTILITIES. They weren't able to read my DISKREET directory with DES running. You are right though, the FBI is running under a very tight budget and the NSA doesn't have any real jurisdiction because none of what I did compromised NATIONAL SECURITY. If anyone wants to read the report, please mail me an address to the one I will provide at the end of this message and I will try to send you one as soon as possible. It is to laugh...:) 4 - My conviction was because I was a hacker. A: This again is only 50% true, I really am here for Theft and not all because of HACKING. There wasn't enough to get me a reasonalbe long sentence so they nailed me on theft charges. If anything, the amount of 'Hacking' which was actually 'Phreaking' since there weren't any computers involved. Wait, I take that back. Let me go over my conviction. Count 1: Theft of Government Property - How they caught me: Narc Count 2: Fradulent use of an Access Device - How they caught me: Narc Count 3: Fradulent use of a Computer - How they caught me: questionable Count 4: Fradulent use of an Access Device - How they caught me: Narc Now, the count 3, supposedly I hacked into a place called Tera and erased these guys desk top. Then they changed their story and said that it was MOVED, not ERASED. But then they went on and said I went in 13 times. Then they changed their story again and said that there were only 3 entries and 13 attempts. ATTEMPTS DONT COUNT PEOPLE! Then they changed it again and said they don't know who did it 2 times, but they could only actually track me 1 time. Just like I told the court all the time. Being in prison, you get to learn about the law since you got time to kill. There are people using what I call randomizer chips for cellular phones that are able to beat the rap see US v. McNutt on this one. I also congradulate you on giving a very good location as to where I am. You mention 'the birdman of Lompoc.' Well, I never mentioned where I was sent to anyone but my friends and family. Congrats, I live across the street from the 'Birdman of Lompoc'. He is in the USP and I am in the PCI across the street to I recently just read 'The Falcon and the Snowman' and was able to see how the snowman was able to escape. The government is very fucked folks. If I were you, I would keep reading for some more of my posts from prison. I can only hope Phiber Optik is doing the same on the east coast that I am doing here. I won't mention names of the Narc like Magpie and Equalizer or anyone like that :) but I can only say one thing, Keep it alive folks because it gov't is out there and they want to fuck you. Phil Zimmerman, Say 'Hi' from me to all the guys at TNO that host the little shindig you did a few months back. Catch ya on the Flipside... (signed) John Falcon Well there you have it.. the story straight from the horses mouth. JF is a great guy and I was sorry to see him go down (along with the rest of my friends). The busts have completely changed TNo. We now take precautions that would make the NSA envious. We encrypt everything, never discuss 'info' over the phone, and have destroyed all physical evidence (notebooks, trash, ect.) I suggest that YOU take take these same precautions. Also, always, ALWAYS divert. Phone records are always used in cases like this, so make sure that your phone calls bounce through a few systems before they hit your intended target. If you would like to get in contact with JF, here is his info: email: jfalcon@ice_bbs.alaska.net snailmail: Don Fanning #12617-006 3600 Guard Road Lompoc, CA 93436 Please don't send him any 'things', though letters are very welcome. Don't send him books, but photocopies of non-criminal material would make him very happy. At least let him know that he is not forgotten. |>ead|========= (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\ (*) (*)\| (*) |>ead|========= RETAiL SKAMMiNG II ------------------ by DisordeR[TNo] Y0y0y0 This is my greeting to all you out there in white bread land. More retail type scams for you to enjoy. Like usual these are for educational purposes. These are designed to show you that everything is a system. Hacking root on unix, hacking a cell network, or hacking the social system, it is all the same. Ponder on that after this article. Free Car Repair --------------- Driving down the road, your call stalls out. You later find out that you have several hundred dollars in car repairs to come. 'This is lame' you say. This is the solution... Go to a Firestone or Midas or other chain car repair place that can be found anywhere. Go early in the morning. Most of these places will open at 7am or so since they hit the yuppie fucks who want to drop their car off, go to work, and pick it up on their lunch break. Tell them what is wrong, let them tell you what they think is the problem etc. Just play it cool, and keep saying you HAVE to have it fixed because you have to go somewhere important like court or out of town. When they ask "what time do you need this by?" You respond "12:00 and preferrably no later." This gives them about 5 hours(which most car repairs can be done in) to fix your car. They will usually say that is fine since you will be the first or second repair if you are there that early. First thing. Leave them the ignition key and NO door key. Tell them that you lost your door key, and to leave it unlocked as you have nothing valuable in it. Make sure you do not sound nervous and that it sounds like you really did lose your door key. Sign all the paperwork they want you to with bullshit info. When they ask for a number to call you at, say you will be away from the office/home and will just come back at noon, and that they are authorized to do ANY repair needed. If they insist, give them one of those numbers which always ring busy (see #Hack FAQ). Enjoy your morning. Do whatever you want and get ready for the next step. Scope out the repair place. Around noon the place should be quite busy with people reparing cars, new customers coming in, and morning customers picking up their cars. Now, since your doors are not locked, go to your car, use your second ignition key, get in, drive off happy knowing that you ripped off some company that has about 250% markup on parts, and overpriced labor charges. Free repairs to your car. Only catch is you don't go back to the same place...but since there are a ton of Firestone's and Midas repair shops around, no problem. Of course they put your tags down on their paper work so stolen plates wouldn't hurt! Free Diverters -------------- Ever find yourself devoting all your time to scanning for a new diverter of some kind? Praying that you will stumble on some decnet, meridian, or other diverter? Create your own. Most places that offer voice mail are ideal for you. Independent voice mail owners really don't have a clue about phreaking, diverting, or anything of that nature. Look in your yellow pages under 'voice mail' and find some places that offer this service. Don't choose a place like AT&T or USWorst or something since they are a little more keen on the fraud thang. Call the place up and ask questions about their voice mail service. Ask normal questions like 'Do I have my own number?', 'How many messages will it store?", or "Does it have paging service?". Sometime during these questions, ask if it has a dialout feature. If it does, you are in luck. If it doesn't, choose another place. If the place has dialout service, this is the place for you. Now ask about their billing. What you want to find out is if they can do auto billing to a credit card, or if they bill an address. Either way, you should be fine. If they do it all by credit card, then choose that. Use your friend's credit card (with his consent of course). Have the place bill that credit card at the end of each month. If they bill and address, then tell them your address(probably a neighbor's house since you are never home) and you are set. After all that is arranged, you should have a voice mail box, with dialout feature. Since everything is in your friend's name(since you work so much and are hard to reach), you shouldn't get hassled too much. Rememeber, if you use the dialout feature for any reason, make sure you use it for no more than three weeks, in case your 'friend' gets the bill and is cross with you. If he is, set up another with a different friend's credit card number. The Rat Shack Discount ---------------------- How many of you shop at rat shack for any reason? Need a new tone dialer since yours got stepped on? Need some more solder for creating that new box? Like getting discounts just for the hell of it? This is your place. Background. Tandy Corporation owns radio shack. They also own some other stores as well, making them a pretty big company. One of the things you get when working at ANY Tandy store is a discount at all the others. Most people don't realize this, but Computer City is owned by Tandy as well. Since Tandy treats their employees like total shit, this is your chance to take a little out of them on each purchase. Take into account that since Rat Shacks litter the country, they have a virutal monopoly on small electronic parts. Thus, they can get away with unbelievable mark ups on their items. Thus, ripping the customer off. Go into radio shack. Get whatever you want, and take it up to the counter. Tell them that you work for Computer City and get your employee discount. Most Rat Shack employees will know about Computer City being in the chain, but know nothing else about it. From there they will ask what discount you recieve. According to Tandy, you get 10% off at all Rat Shacks if you work at Computer City. So make sure you say 10% (If you said 25% or something, they probably wouldn't question you though). 100% of the time that friend's have used this, they have NOT checked to see if it is true. So now you can but whatever you want at a decent discount. 10% may not seem like a big discount but look at it this way. 10% is more than your tax rate. So at the least you are taking a little money from the government. At most you are taking 10% from Tandy Corporation which really deserves to rot in hell. The ONLY thing they have brough us is a single place where you can buy anything you need for your phreaking desires. When you purchase the items they will ask you for two pieces of information. First, your store number. If you don't know a computer city store number you can do one of two things. Call your local Computer City (If they have one in your area), ask for customer service, and just ask "What is your store number?". They will usually tell you without a question. OR, you can use this one: 29-5260. That is the store number for the Computer City in Denver, CO. The format for their store codes is 29-5XXX with it usually being either 52XX or 51XX depending on the region. The second thing they will ask you for is your social security number. The only thing to remember here is that they begin with a number between 2-5. So don't say "866-69-1010" or something. Also remember the number you use in case the person is a gimp and doesn't type it in right, and has to ask you again. Free New Car Engine ------------------- Deadkat made me aware of this one, and it is quite nice. Jiffy Lube offers a guarantee on their work that goes something like this: They will repair/replace any damaged piece/component of your car that is damaged due to their work. Go do their spiffy 10 minute oil change at a distant Jiffy Lube. After they are done, pay and drive off. A little ways down the road pull over somewhere where you can't be seen, and get under your car. Loosen or remove the oil pan drain plug. Whatever it takes to make oil drip out or leak. Keep driving as the oil drains. After a while your engine will overheat, and probably seize. Bingo. Their faulty workmanship caused your engine to blow up. Have your car towed back to the Jiffy Lube and demand to see their manager. Tell them you were driving down the road enjoying life, and your engine blew up and you don't know why. Tell them you just came from there hours earlier, and want them to look at it and find out what is wrong. Through persistance and social engineering, you should be able to convinve him(since they will find the reason it happened quite easily) that they fucked up and you suffered. Although this is a little more hardcore, it can pay off quite well, especially if you have an old piece of shit for a car. Free Books ---------- Find the company that publishes the book you want. Call them up. Here is an example of what you would say. "Hi. My name is Hank Poecher and I am teaching a class on _________ at __________ College (Highschool). I would like to get a review copy of your book called 'Eye kAn hAcK!@#!". The ISBN number is 3038661010." Usually they will be more than glad to send you a copy as it will be bought by every student, and spread more. If they would like to charge you, just mention the above fact. Many computer related or school type books are getting pretty expensive, so this comes in handy. Free Software II ---------------- Even though I mentioned one way to get software, this method is ideal for those bigger software packages out there. This is a sample conversation you can use. Call up the company who makes/distributes the software... "Hi there, my name is Chester Karma and I am authoring a new book called 'Business Software for the PC' and would like to review your product. Could you send me a copy of your package please?" Usually they are willing, but sometimes there are two objections to this, or two catches. Sometimes they will want the request in writing. This is not a problem. Just write out a letter telling them exactly what they want to hear. Since you are not doing anything in illegal, send it to your house. They will not do anything since the potential for a good review in a major book is a wet dream to them. Sometimes they will ask who your publisher is, and you can drop any name to a MAJOR publisher, or mention that you aren't sure yet, or that you are self published. In any case, just sound convincing. DisordeR[TNo] Any questions, call me vox at 301.688.6311 and ask for 'Director of Ops' That is my work number, so call during business hours please. ========= |\_/| Gopher Holes |\_/| .' o o\ Brought to you by /o o `. _--~~~/ ._ o}~~--_ Rage-303 _--~~{o _. \~~~--_ ( ( . .\|| ) -------- ( ||/. . ) ) ~--___`-' `-'____--~ ~--____`-' `-'___--~ ~~~~~~~ ~~~~~~~ The Intro and What a Gopher Hole is ----------------------------------- This article will tell a little about Gophers, but will be mostly be directed on one thing they have that will let you access almost anything through them. Totaly anonymous. A Gopher Hole is when a Gopher System tries to telnet you to another system but that system is laged to hell, or doesn't exist anymore. So the gopher will give you an error and defualt back to the telnet prompt allowing you to Telnet anywhere you want, Fake Mail, Outdials, Hacking Systems, Anon IRC Services all totaly anonymous. About Gophers and How to find Gopher Holes ------------------------------------------ A Gopher is a somthing that will let you have access to certain information and utilities without having to have an account somewhere. You can do many things from looking though Phone Books to FTPing. Finding a Gopher Hole is easy. All you need is a number to a Gopher in your area code that you can dial anytime you want, just ask around on local BBSes or something like that. Once you dial it up and login you will usally be presented with a sceen similar to the following. Internet Gopher Information Client 2.0 pl10 Online Auraria Shared Information Service --> 1. Information About BOARDNAME/ 2. Local Campus/ 3. Local Library/ 4. Local Media Center/ 5. Community College of Bolivia/ 6. Metropolitan State College of Denmark/ 7. University of Colorado at BFE/ 8. Information Beyond Auraria including Other Colorado Info Systems/ 9. Interesting Things to Explore on the Internet (under construction)/ 10. BoardName Statistics/ The top line is the Gopher Software/Version they are running the Gopher off of. The next line is the Menu you are on. If it is the first/main menu then it will be the Gopher info (like above). The arrow (-->) shows what you have selected, you can move it up and down with the arrow keys. There are four things in a Gopher to take note of, Directories, Telnets, Files and Word Serches. All of the above options are Directories, you can see this because they have a forward slash (/) after the option. You select options by moving the arrow to it and hitting return, or pressing the corresponding number. Internet Gopher Information Client 2.0 pl10 Information Beyond Auraria including Other Colorado Info Systems --> 1. Academe this Week (Chronicle of Higher Education)/ 2. Archie Gateway (FTP Searches)/ 3. CULine 4. Colorado Legislative Database (CLD) 5. Colorado Legislative Information (Higher Education Issues)/ 6. FEDIX/MOLIS/ 7. Hytelnet/ 8. Library of Congress (LC MARVEL)/ 9. Other Gophers (by geographic location)/ 10. Other Gophers (by subject)/ 11. Other Gophers in Colorado/ 12. Phonebooks/ 13. UMS/IRM Gopher/ 14. United Nations/ 15. University of Minnesota Gopher/ 16. WAIS Gateway/ This is the menu we get after selecting option 8. As you can see now we have some options. As an idiot could have guessed that means when you select it you will be telneted somewhere else. This is what we get after selecting 7, then 1 (selecting a command). +-------------------Connect to Hytelnet-------------------+ | | | Warning!!!!!, you are about to leave the Internet | | Gopher program and connect to another host. If | | you get stuck press the control key and the | | ] key, and then type quit | | | | Connecting to oasis.denver.colorado.edu using telnet. | | | | Use the account name "hytelnet" to log in | | | | [Cancel: ^G] [OK: Enter] | | | +---------------------------------------------------------+ This tells us it is going to telnet us, where its going to telnet us to, and the login name to use. So we hit enter and go through the login process to see this.. Welcome to HYTELNET version 6.7 May 14, 1994 What is HYTELNET? Library catalogs Other resources Help files for catalogs Catalog interfaces Internet Glossary Telnet tips Telnet/TN3270 escape keys Key-stroke commands ............................................................. Up/Down arrows MOVE Left/Right arrows SELECT ? for HELP anytime m returns here i searches the index q quits ............................................................. HYTELNET 6.7 was written by Peter Scott E-mail address: aa375@freenet.carleton.ca Unix and VMS software by Earl Fogel Basicaly this is one big Telnet system that will take you to other Gophers, Free Nets, Fee Based Systems (like Delphi and Prodigy$@!) and other info systems. If you can get to hytelnet you are in luck. From here you can go to almost any Gopher System looking for holes (All the good stuff is in ). Internet Gopher Information Client v1.12S EcoGopher! --> 1. Welcome to the EcoGopher Project at the University of Virginia!/ 2. Connect to the U.Va. Resource Tracking System!/ 3. Environmental Groups and Programs/ 4. Archives of Environmental Electronic Mailing Lists/ 5. The Library/ 6. Other Gopher-accessible services/ 7. Katie - Keyword-search of All Text In EcoSystems 8. Environmental CHAT Areas!/ 9. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-). 10. EcoLynx - access to the World Wide Web of Hyper-text! I am showing you this menu because it has all 4 options on it. You can see the Directories marked with "/", then Telnets marked with "", the Word Serches marked with "" and the files marked with "." (BTW, That file is one HUGE Ascii Galary, you can access EcoGopher through Hytelnet). Now, the first thing we would do when we found this menu is select option 10. If it telnets to EcoLynx (which it does) then you have two option. You can either roam around EcoLynx looking for Gopher Holes (which would be useless since WWW doesn't have Gopher Holes), or you can quit back to EcoGopher and search the rest of that before moving on (that what I sugest you do). If we select the following options, (";"=Enter) 6;2;4;12;7;, we will get this. +------------------------IRC Server--------------------------+ | | | Warning!!!!!, you are about to leave the Internet | | Gopher program and connect to another host. If | | you get stuck press the control key and the ] key, | | and then type quit | | | | Connecting to ircd.deamon.co.uk, port 6666 using telnet. | | | | Use the account name "irc" to log in | | | | [Cancel: ^G] [OK: Enter] | | | +------------------------------------------------------------+ Trying 158.152.1.65 ... telnet: connect: Connection refused telnet> Bingo, if you get this consider yourself lucky that you now have a totaly anonymous Telnet Diverter (now all of you have one if you were paying attention to what I was saying and the options I selected). So just go through all the Directories on a gopher looking for a option, and trying it out. Also note that you will have to have telnet once already for this to work, otherwise it will defualt back to the Gopher since you haven't telneted yet. Note: By the time I got to EcoGopher I had already Telneted twice. Info for 303ers --------------- Two of the numbers to Oasis - 303.893.9440, 303.629.0134. Once you connected just press any key and a menu will come up. login: oasis The number to Hytelnet - 303.592.7911. Once you connected hit enter. I have found out that you cannot log into Hytelnet dialing direct anymore because dialing direct puts you on "oasis.denver.colorado.edu" but if you telnet is from Oasis you get connected to "ccnucd.denver.colorado.edu". Note that these are the same addreses as Oasis, this is because they are telneting on different ports. login: hytelnet Info for Everyone ----------------- Here are some places you can go once you get to a Telnet prompt. IRC Services: 134.129.123.1 power.ee.ndsu.NoDak.edu (VAX/VMS) Username: IRC 199.0.65.102 question.tiac.net login: irc Note: This account has been temporarily disabled. 149.156.98.60 student.uci.agh.edu.pl login: irc Password: irc 1st=Realname 2nd=Nick Note: The above system is lagged to HELL 140.113.17.162 4470 gopher.csie.nctu.edu.tw 4470 login: gopher Note: That one says banned from server, then won't let you switch servers. If you get on IRC do a "/who *irc*" to try and find more. The Outro --------- By now you should have a pretty good idea of what a Gopher does, what to look for on a Gopher, how to abuse them and some places you can go once you get to the telnet prompt. The Gopher Hole I gave out has been up for 4 months, about 10 people knew of it before this file, and have done many things with it. Final greets to DeadKat, DisordeR and Mindscrew <-he made me :] ========= Internet Outdial List v3.0 by Cavalier and DisordeR Introduction ------------ There are several lists of Internet outdials floating around the net these days. The following is a compilation of other lists, as well as v2.0 by DeadKat(CoTNo issue 2, article 4). Unlike other lists where the author just ripped other people and released it, we have sat down and tested each one of these. Some of them we have gotten "Connection Refused" or it timed out while trying to connect...these have been labeled dead. Working Outdials ---------------- NPA IP Address Instructions --- ---------- ------------ 215 isn.upenn.edu 'modem' 218 modem.d.umn.edu 'atdt9,xxxXXXX' 412 gate.cis.pitt.edu 'tn3270' 'connect dialout.pitt.edu' 'atdtxxxXXXX' 413 dialout2400.smith.edu Ctrl } gets 'ENTER NUMBER:' 'xxxxxxx' 502 UKNET.UKY.EDU "CONNECT KECNET" @ dial: "OUTDIAL2400 or OUT" 602 acssdial.inre.asu.edu atdt8,,,,,[x][yyy]xxxyyyy 713 128.143.70.101 "connect telnet" then "connect hayes" 713 128.249.27.153 atz 714 modem.nts.uci.edu atdt[area]0[phone] 804 ublan.virginia.edu connect hayes, 9,,xxx-xxxx ??? 128.200.142.121 'atz' ??? dialout.cecer.army.mil 'atz' Need Password ------------- 303 129.82.100.64 login: modem 404 128.140.1.239 .modem8|CR 415 128.32.132.250 "dial1" or "dial2" or "dialer1" 514 132.204.2.1 externe,9+number 703 128.173.5.4 dial2400 -aa ??? 128.95.55.100 This is an unbroken password Dead/No Connect --------------- 201 128.112.88.0 202 modem.aidt.edu 204 umnet.cc.manitoba.ca "dial12" or "dial24" 206 dialout24.cac.washington.edu 215 wiseowl.ocis.temple.edu "atz" "atdt 9xxxyyyy" 218 aa28.d.umn.edu "cli" "rlogin modem" at "login:" type "modem" 305 128.227.224.27 307 modem.uwyo.edu/129.72.1.59 Hayes 0,XXX-XXXX 313 35.1.1.6 dial2400-aa or dial1200-aa or dialout 402 modem.criegthon.edu 404 broadband.cc.emory.edu ".modem8" or ".dialout" 404 emory.edu .modem8 or 413 dialout.smith.edu 416 annex132.berkely.edu atdt 9,,,,, xxx-xxxx 416 pacx.utcs.utoronto.ca modem 503 dca.utk.edu dial2400 D 99k # 503 dialout.uvm.edu 513 r596adil.uc.edu/128.137.33.72 514 132.204.2.11 externe#9 9xxx-xxxx 602 dial9600.telcom.arizona.edu 609 128.119.131.11X (X= 1 - 4) Hayes 609 129.119.131.11x (x = 1 to 4) 609 129.72.1.59 "Hayes" 614 ns2400.ircc.ohio-state.edu "dial" 614 r596adi.uc.edu 615 dca.utk.edu "dial2400" 617 128.52.30.3 2400baud 617 dialout.lcs.mit.edu 617 mrmodem.wellesley.edu 619 128.54.30.1 atdt [area][phone] 619 dialin.ucsd.edu "dialout" 713 128.249.27.154 "c modem96" "atdt 9xxx-xxxx" or "Hayes" 714 130.191.4.70 atdt 8xxx-xxxx 714 modem24.nts.uci.edu 902 star.ccs.tuns.ca "dialout" 916 128.120.2.251 connect hayes/dialout 916 129.137.33.72 ??? 128.112.131.110-114 ??? 128.112.88.1 ??? 128.112.88.2 ??? 128.112.88.3 ??? 128.119.131.11X (1 - 4) ??? 128.120.59.29 UCDNET C KEYCLUB ??? 128.122.138.226-230 dial3/dial12/dial24 ??? 128.169.200.68 dial 2400 d 99Kxxxxxxx ??? 128.173.5.4 ??? 128.200.142.3 ??? 128.200.142.5 ??? 128.54.30.1 nue ??? 128.54.30.1 nue, X to discontinue, ? for Help ??? 128.6.1.41 ??? 128.6.1.42 ??? 129.137.33.72 ??? 129.180.1.57 ??? 129.72.1.59 Hayes ??? 131.212.32.110 atdt 9,xxxxxxx Duluth MN ??? 140.112.3.2 ntu ??? 140.115.1.101 guest ??? 140.115.17.110 u349633 ??? 140.115.70.21 cs8005 ??? 140.115.83.200 guest ??? 140.119.1.110 ? ??? 18.26.0.55 ??? alcat.library.nova.edu ??? annexdial.rz.uni-duesseldorf.de ??? annexdial.rz.uni-duesseldorf.de ??? dial.cc.umanitoba.ca ??? dial24-nc00.net.ubc.ca ??? dial24-nc01.net.ubc.ca ??? dial96-np65.net.ubc.ca ??? dial96.ncl.ac.uk ??? dial9600.umd.edu ??? dialin.creighton.edu ??? dialout.lcs.mit.edu ??? dialout.plk.af.mil ??? dialout.scu.edu ??? dialout1.princeton.edu ??? dialout1200.scu.edu ??? dialout1200.unh.edu ??? dialout24.afit.af.mil ??? dialout24.cac.washington.edu ??? dialout2400.scu.edu ??? dialout9600.scu.edu ??? dswitch.byu.edu "C Modem" ??? engdial.cl.msu.edu ??? gmodem.capcollege.bc.ca ??? hmodem.capcollege.bc.ca ??? irmodem.ifa.hawaii.edu ??? modem-o.caps.maine.edu ??? modem.calvin.edu ??? modem.cis.uflu.edu ??? modem.d.umn.edu/129.72.1.59 Hayes 9,XXX-XXXX ??? modem.ireq.hydro.qc.ca ??? modem12.bcm.tmc.edu ??? modem24.bcm.tmc.edu ??? modem24.bcm.tmc.edu ??? modem_out12e7.atk.com ??? modem_out24n8.atk.com ??? modem_pool.runet.edu ??? modems.csuohio.edu ??? modems.uwp.edu ??? outdial.louisville.edu ??? r596adi1.uc.edu ??? ts-modem.une.oz.au ??? ts-modem.une.oz.au ??? vtnet1.cns.ut.edu "CALL" or "call" ??? wright-modem-1.rutgers.edu ??? wright-modem-2.rutgers.edu Conclusion ---------- If you find any of the outdials to have gone dead, changed commands, or require password, please let us know so we can keep this list as accurate as possible. If you would like to add to the list, feel free to mail us and it will be included in future versions of this list, with your name beside it. Have fun... ========= Notes on Unix Password Security by Voyager will@gnu.ai.mit.edu Introduction ~~~~~~~~~~~~ Standard Unix implementations keep user passwords in the file /etc/passwd. An entry in the password file consists of seven colon delimited fields: Username Encrypted password (And optional password aging data) User number Group Number GECOS Information Home directory Shell ] ] Sample entry from /etc/passwd: ] ] will:5fg63fhD3d:9406:12:Will Spencer:/home/fsg/will:/bin/bash ] Broken down, this passwd file line shows: Username: will Encrypted password: 5fg63fhD3d User number: 9406 Group Number: 12 GECOS Information: Will Spencer Home directory: /home/fsg/will Shell: /bin/bash Password Aging ~~~~~~~~~~~~~~ On some systems you will find passwd entries with password aging installed. Password aging forces the user to change passwords after a System Administrator specified period of time. Password aging can also force a user to keep a password for a certain number of weeks before changing it. ] ] Sample entry from /etc/passwd with password aging installed: ] ] will:5fg63fhD3d,M.z8:9406:12:Will Spencer:/home/fsg/will:/bin/bash ] Note the comma in the encrypted password field. The characters after the comma are used by the password aging mechanism. ] ] Password aging characters from above example: ] ] M.z8 ] The four characters are interpreted as follows: 1: Maximum number of weeks a password can be used before changing 2: Minimum number of weeks a password must be used before changing 3&4: Last time password was changed, in number of weeks since 1970/1/1 Three special cases should be noted: If the first and second characters are set to '..' the user will be forced to change his/her passwd the next time he/she logs in. The passwd program will then remove the passwd aging characters, and the user will not be subjected to password aging requirements again. If the third and fourth characters are set to '..' the user will be forced to change his/her passwd the next time he/she logs in. Password aging will then occur as defined by the first and second characters. If the first character (MAX) is less than the second character (MIN), the user is not allowed to change his/her password. Only root can change that users password. It should also be noted that the su command does not check the password aging data. An account with an expired password can be su'd to without being forced to change the password. The password aging codes are in base-64 format, and can be converted to decimal using the following table: Password Aging Codes +------------------------------------------------------------------------+ | | | Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H | | Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | | | | Character: I J K L M N O P Q R S T U V W X Y Z a b | | Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | | | | Character: c d e f g h i j k l m n o p q r s t u v | | Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | | | | Character: w x y z | | Number: 60 61 62 63 | | | +------------------------------------------------------------------------+ Password Aging Defaults ~~~~~~~~~~~~~~~~~~~~~~~ System wide defaults for password aging are stored in the file /etc/default/passwd. ] ] Sample entry from /etc/default/passwd under System V release 4.0 ] ] MINWEEKS=0 ] MAXWEEKS=500 ] PASSLENGTH=5 ] WARNWEEKS=1 ] MINWEEKS is the default minimum number of weeks a password must be used before changing. MAXWEEKS is the default maximum number of weeks a password can be used before changing. PASSLENGTH is the minimum number of characters a password may contain. WARNWEEKS, which did not exist prior to System V Release 4, is the number of weeks a user is warned that they must change their password. Password Shadowing ~~~~~~~~~~~~~~~~~~ Due to basic design aspects of the Unix system, the file /etc/passwd is world readable. This allows password crackers to steal the encrypted passwords and attempt to crack them. Newer versions of Unix use a scheme known as shadowing to alleviate this problem. On a Unix system with password shadowing, the encrypted password field of the password file is replaced by a special token. When the login and passwd programs see this token in the password field, they switch to the shadowed copy of the password file for the actual encrypted password field. The shadowed copy of the password file is readable only by root and the login and passwd programs run SUID root. Defeating Password Shadowing ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Password shadowing can be defeated on some systems by using getpwent(), as in the following program. Successive calls to getpwent() are made for every line in the passwd file. This method only works for older password shadowing schemes. ] #include ] main() ] { ] struct passwd *p; ] while(p=getpwent()) ] printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd, ] p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell); ] } On systems where getpwent() fails, it is possible to utilize the pwdauth() function for similar purposes. Note that the pwdauth() function is purposefully designed to operate very slowly. This program shows the basics of pwdauth(), for a more complete example of a cracker utilitizing pwdauth() refer to Shadow Crack from The Shining/UPi. ] ] #define MAXLOGIN 8 ] #define MAXPASS 8 ] ] main() ] { ] ] char login[MAXLOGIN]; ] char password[MAXPASS]; ] ] printf("login: "); ] scanf("%s", login); ] ] printf("password: "); ] scanf("%s", password); ] ] ] if (pwdauth(login,password) == 0 ) ] printf("Correct!\n"); ] else printf("Wrong!\n"); ] } ] A third method of defeating password shadowing is to have root priveleges, as root is able to read the shadowed password file directly. The following chart show the location of the shadowed password information and the token left in the /etc/passwd file by various versions of Unix. ] ] Unix Path Token ] ----------------------------------------------------------------- ] AIX 3 /etc/security/passwd ! ] or /tcb/auth/files// ] A/UX 3.0s /tcb/files/auth/?/* ] BSD4.3-Reno /etc/master.passwd * ] ConvexOS 10 /etc/shadpw * ] ConvexOS 11 /etc/shadow * ] DG/UX /etc/tcb/aa/user/ * ] EP/IX /etc/shadow x ] HP-UX /.secure/etc/passwd * ] IRIX 5 /etc/shadow x ] Linux 0.99 /etc/shadow * ] OSF/1 /etc/passwd[.dir|.pag] * ] SCO UNIX R3.2v4.2 /etc/shadow x ] SCO Unix 3.2.x /tcb/auth/files// ] SunOS 4.1+c2 /etc/security/passwd.adjunct ##username ] SunOS 5.0 /etc/shadow ] ] System V Release 3.2 /etc/shadow x ] System V Release 4.0 /etc/shadow x ] System V Release 4.2 /etc/security/* database ] Ultrix 4 /etc/auth[.dir|.pag] * ] UNICOS /etc/udb * ] Format of the shadowed password file ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The format of the shadowed password file differs under various Unix implementations. Many implementations follow the original System V Release 3.2, while others opt for a more complicated yet more efficient database structure. An entry in the System V Release 3.2 shadow file consists of five colon delimited fields: Username Encrypted password (And optional password aging data) Last time password was changed, in number of days since 1970/1/1 Minimum number of days a password must be used before changing Maximum number of days a password can be used before changing System V Release 4 introduced three more fields to the shadow file: The number of days before the password expires that the user will be warned The number of days of inactivity allowed for the user The absolute expiration date for the account ] ] Sample entry from /etc/shadow under System V release 4.0 ] ] will:5fg63fhD3d:8960:1:60:10:90:10000 ] Broken down, this shadow file line shows: Username: will Encrypted password: 5fg63fhD3d Last change: 8960 (Password was last changed on Minimum days: 1 (Password must be kept for 1 day without changing) Maximum days: 60 (Password must be changed every 60 days) Warning days: 10 (User receives 10 days warning of required password change) Inactivity days: 90 (Account disabled if not used for 90 days) Expiration date: 10000 (Account expires on The SunOS adjunct system ~~~~~~~~~~~~~~~~~~~~~~~~ Sun Microsystems introduced changes in their version of the shadow file in SunOS 4.1. An entry in the SunOS passwd.adjunt file consists of seven colon delimited fields: Username Encrypted password (And optional password aging data) ] ] Sample entry from /etc/security/passwd.adjunt under SunOS 4.1 ] ] will:5fg63fhD3d::::ad,p0,p1:dr,dw,dc,da,lo ] Broken down, this passwd.adjunt line shows: Username: will Encrypted password: 5fg63fhD3d Minimum login clearance: Maximum login clearance: Default login clearance: Always audit: ad,p0,p1 Never audit: dr,dw,dc,da,lo NIS ~~~ NIS (Network Information System) in the current name for what was once known as yp (Yellow Pages). The purpose for NIS is to allow many machines on a network to share configuration information, including password data. NIS is not designed to promote system security. If your system uses NIS you will have a very short /etc/passwd file that includes a line that looks like this: +::0:0::: To view the real password file use this command "ypcat passwd" Password cracking ~~~~~~~~~~~~~~~~~ Contrary to popular belief, Unix passwords cannot be decrypted. Unix passwords are encrypted with a one way function. The login program encrypts the text you enter at the "password:" prompt and compares that encrypted string against the encrypted form of your password. Password cracking software uses wordlists. The password cracking program encrypts each word in the wordlist and compares that encrypted string against the encrypted form of the password. If the encrypted forms match, the password is known. To crack passwords, you will need a password cracking program and a wordlist. The best cracking program for Unix passwords is currently Crack by Alec Muffett. For PC-DOS, the best package to use is currently CrackerJack. Larger wordlists will allow you to crack more accounts. ========= ßßßßßßßßß ßÄÄÄÄÄßßßßßßßßßß ßßÄÄÄÄÄÄÄÄßßßßßßßßßß ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ßßÄÄÄÄÄÄÄÄÄÄßßßßßßßßßß ³ Thank you for abusing AT&T ³ ßßÄÄÄÄÄÄÄÄÄÄÄßßßßßßßßßßß ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ßßßÄÄÄÄÄÄÄÄÄßßßßßßßßßßßß ßßßÄÄÄÄÄÄßßßßßßßßßßßßß by The Public & Dead Kat ßßßßßßßßßßßßßßßßßßßß ßßßßßßßßßßßßßßßß ßßßßßßßß Some of the "Frequently Called AT&T Organizations": Account Inquiry Centers (AIC)...................................1-800-325-0138 Provides support for business customer inquiries regarding billing of MTS, WATS and private line. ACCUMASTER Network Management Support...........................1-800-637-0007 Provides custormer service for the following systems: 1. ACCUMASTER Integrator 2. Services Workstation ACCUNET Bandwidth Management Service............................1-800-526-0253 ALLIANCE Teleconference.........................................1-800-544-6363 Call to set up dial-in and dial-out teleconferences. Amcom Software Helpline.........................................1-800-852-8935 Provides customer support for 3B2 Messaging Server. AT&T Easylink...................................................1-800-242-6005 AT&T Paradyne Products..........................................1-800-237-0016 Processes customer trouble reports and arranges repair for Paradyne modems and multiplexors. Call Acquisition/Fault Management Helpline......................1-800-422-6622 Provides customer service for the following systems: 1. Call Accounting System (CAS), CAS+ 2. CDRU, CDRP, Cost Allocator 3. Trouble Tracker Call Center Helpline............................................1-800-344-9670 Provides customer service for the following systems: 1. Call Management System (CMS) 2. CONVERSANT Voice Information System (VIS) 3. Telemarketing Gateway Computer Hotline................................................1-800-922-0354 Handles customer problems relating to AT&T software, computers and net-working products. Corporate Education.............................................1-800-TRAINER Provides training for customers and employees on a wide 8724637 range of AT&T products and services. General Business Systems Branch Offices (GBS)...................1-800-247-7000 Provide small business customers (those with less than 80 stations) sales, lease and overall support for voice products and data systems. Inbound MEGACOM Service.........................................1-800-222-1000 Outbound MEGACOM WATS...........................................1-800-MEGSCOM Processes customer trouble reports and arranges repair for 634-2266 M800/900/MultiQuest Service International Information Service...............................1-800-874-4000 A toll-free service for U.S. customers providing answers to international calling questions (including international rate and dialing instructions). Long Distance Gift Certificates -- Business.....................1-800-222-7747 -- Residence 1-800-222-8555 Sales and service for AT&T Long Distance Certificates Long Distance Repair Service Center (LDRSC).....................1-800-222-3000 Processes customer trouble reports and arranges repair for both residence and business AT&T Long Distance Services. Covers 800 Service, WATS, PRO WATS, and One Line WATS. National Sales & Service Center (NSSC)..........................1-800-222-3111 Provides: -- nationwide sales to residence and very small business customers for corded, cordless answering systems, typewriters and Do-It-Yourself products. -- troubleshooting support for al AT&T consumer products. National Service Assistance Center (NSAC) Supports business customers in the repair of the following product lines: 1. Smaller systems (ComKey, 1 A Key, Horizon(R)).............1-800-526-2000 2. Merlin(R), Spirit(R), FAX, EKTS, System 25................1-800-628-2888 National Special Needs Center (NSNC)......................voice 1-800-233-1222 Handles inquiries for speech and hearing impaired tdd 1-800-833-3232 customers including lease and sale of telecommunications products, billing inquiries for long distance and equipment. National Telemarketing Centers (NTC)............................1-800-CALL-ATT Handles orders for AT&T Card and residence AT&T optional calling plans PBX Technical Service Center....................................1-800-242-2121 Handles questions concerning: Definity Communications System G1, G2, G3 System 75 Dimension PBX PC/PBX Support..................................................1-800-231-1111 Primary Account Sales Centers (PASC)............................1-800-222-0400 Perform a wide range of sales oriented functions for small business customers (those with annual long distance bills of less than $50,000). Residential Billing Inquiry -- residence customers for sales, service and billing of......1-800-555-8111 long distance -- residence and very small business customers for lease,.....1 800-555-8111 sales, service and billing of equipment Share Owner Services (TRANSTECH)................................1-800-348-8288 Provides a wide range of services including stock transfers and dividend payment processing. SDN Repair Service Center.......................................1-800-344-5100 Processes customer trouble reports and arrages repair for Software Defined Network (SDN). Switched 56 Repair Service Center...............................1-800-367-7956 Proceses customer trouble reports and arranges repair for Switched 56 systems. Private Line Repair Service Center..............................1-800-325-1230 Processes customer trouble reports and arranges repair for voice grade PL/DDS/ASDS. Telephone Equipment, Computers & Services.......................1-800-247-1212 Business Marketing Group 38 computers, PCs, System 75 and 85, UNIX(tm), and ISN. For businesses 80 stations +. 8:00am to 6:00pm [EST I found out] The AT&T Catalog................................................1-800-635-8866 The Global Business Communication Systems product catalog for Business, Federal, State and Local Government Custormers. Ask for extension 7000 to order catalog. Voice Messaging Helpline........................................1-800-56-AUDIX Provides custormer service for the following systems: 562-8349 1. Audix Voice Messaging System 2. Voice Mail, AUDIX VP, Inbound Call Director, Voice Power Automated Attendant ADDITIONAL RESOURCES FOR EMPLOYEES "Easy To Do Business With" Reference Manuals. A variety of printed reference materials which include helpful contact information. Ask for a copy of the BCSystems Publications Catalog (# 555-000-010) 1-800-432-6600 A "LAST" RESOURCE FOR EMPLOYEES FIND AT&T Center 1-800-FIND-AT&T A last resource for employees needing additional (346-3288) information on a wide range of AT&T topics, (e.g. products, organizations, addresses, telephone numbers) ========= Revenge Database v1.3 by: DisordeR Things to do to people for revenge. These include local and LD forms. From 'pain in the ass' to 'downright fuckin cruel'. This is just for speculation and not suggesting any actions, so I am not responsible for anything you do. With many of these ideas, you may not be able to do everything you wish, but remember that even the smallest effort on your part can cause a lot of problems on their side. Finding their info. 1) If you have their handle. Check around local area BBSs for their real name in user info. Check with other BBSers or friends who may know the person. Get real name and any other info possible. Even the most abstract of things, regardless of what it is, write it down. It may come in use later down the road. 2) With any info you currently have (mainly focus on getting their name and phone number) get their phone number. If you only have their name try and get their number through the phone books, or information. If you have their number use a CN/A to get more info. Also check with 900 pay/info lines for more info. If you have thier license plate number, go down to the DMV and have thier info pulled. This only costs a couple of bucks. Once you have their info... ._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._. Phone. 1) Call up their local phone provider and act like the victem. A) Install a password on their phone line. This makes it so they can't change their own service without providing that password. The only way around it, is for them to visit a local office, show ID, fill out bullshit paperwork etc. Remember, since most people don't call the phone company that often, it may take them a month until they realize what you have done. B) Add any/all of the following services. 1) Privacy/Non-Publish $2.10/month 2) Caller ID $5.95/month 3) Call Waiting $4.50/month 4) Call Forwarding $1.50/month 5) Three Way $3.50/month 6) Speed Calling (30) $3.00/month 7) Callback $2.95/month $8.50/install 8) LD Block $2.00/month 9) Change Number(Custom) $17.50 (after first time) 10) Change to Custom # $75.00 ----------------------------------- Total $126.50 C) Change their LD service to the most expensive service if you want a quick but subtle revenge. I find it better to change their carrier to MCI. From here ask for a custom 800 number for 'your' line. After that, they will be reached from an 800 number, and all calls will be billed to them, even local. Post up their number as a BBS number on any of the lamer Usenet groups. Since they are with MCI, you can set up and bill conference calls to their number through the right procedures. 2) Visit the victem's house and use your beige on them. Also have a custom little device that will allow you to bridge the line while you are on it, so that you can remove your beige and they will stay on the line. A) Call any 900 numbers you want, including the various 900 services that give information about people. Might as well make them pay for you getting their information. :) I suggest dedicating some time to call 900.97M.ONEY ... each call to that number will bill them 25 bucks. One hour of this can hit around 1500 bucks of damage to their phone bill. B) Set up a string of confs for ten or so days, and make each day last from noon til midnight. For more info on setting up confs, consult CoTNo issue 3, article 6. C) Call the secret service and threaten to kill the president. Make it convincing and be somewhat vague about your plans. This will prompt a quick visit by agents in trenchcoats that will want to play 20 questions about how that person plans to kill the president. D) Prank call people, threaten them, initiate as many COT's (Customer Oriented Trace) as you can. This will flood their house with those wonderful letters from the phone company saying that person was harrasing people, and are the scum of the earth. E) On your way out of their backyard, cut their phone lines. If you can't use them, why should they? If you don't want to do that, hook up the little device to hold the line when you unclip your beige, and call Time/Temp in Japan. That should rack up a decent bill. ._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._. Credit. 1) Pull a CBI on them, or obtain their credit info any way you can. Through enough social engineering, you should be able to get most of the info you need, if not, there are still a few ways to strike out at them. Cancel all their credit cards. Report them as stolen, and ask for a new one to be sent to you, and your old account number put on hold. Next time they are in a store and use it, the cashier will call the cops when the response comes back as 'stolen'. Public humiliation and a hassle in a store is great to watch. 2) Using their info, apply for a credit card they don't have. Usually Diner's Club or Discover or something that isn't as widely used. Fill out all the information as theirs, and send it in. Intercept the mail with the card in it, and send response back that you moved, and give them a new address that is more convenient for you. Now you have a credit card that is in their name, and they don't know about. When the bill is sent to them, it will go to the new address where you are picking up mail. Abuse the hell out of that card. Use it on anything/everything you can. When the bill comes, just ignore it. You should get several months of use out of it or until you max it. When that happens, call in and change your address again and tell them the check is in the mail. By the time the person knows they have that card, gets the bill, there will be a huge amount to pay, interest on it all, and a mark on their credit records indicating late/delinquent pay. 3) Using their existing credit cards, make as many purchases on them as you can. Key here is to make as many that can't be disputed. Make phone calls from local payphones with their CC#. Doing this it becomes very hard for them to prove they didn't do it. Use it at gas stations that have the new pumps with built in credit card payment options. The more they can't dispute, the more they pay. Card as many goods as you can. Get stuff that you need, or use their own card to do some of the other things mentioned above. 4) If all else fails, spread their credit card/calling card numbers as far as you can. Let other people abuse them as much as possible. When they change accounts, do another CBI and respread their info. The more you do this, the more that will rack up on their bills and the harder it will be for them to dispute the bill, and the more of a hassle it is for them to clear their name. ._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._. Misc. If you have their full info, which shouldn't be a problem if you have their name/phone number/address etc, employ a few more harassing ideas. 1) Report their car as stolen. Tell the police the info, that you parked it at some office and when you came out your car was gone. Next time the victem is driving down a road, if a cop ID's the car, they will pull the victem over and harass him. 2) If the person is making a road trip, call Crime Stoppers and give an anonymous tip that the person is trafficking drugs, and has them well hidden in the car. Be somewhat vague but make it believable. 3) Steal their mail whenever you can. Sign them up for any magazine/club offer that comes to them. If they are a member of any existing clubs, then sign them up for additional years, order more merchandise, etc. This works well with Columbia House and the like because the order forms have their info, and just blanks to fill in part numbers/catalog numbers. 4) Their car. Using a wrench and five minutes or so, do one/all of the following: A) Remove bottom bolt from engine mounts. When they start their car, the engine will launch almost straight up into the hood of their car if they have enough torque on their engine. V8's and 350's will rip the hood right off the car. :) B) Remove oil plug, drain oil into container. Make sure you don't leave any sign of what you did. When they start their car and take off, it won't take long before parts start heating, and the engine will overheat, and the pistons will crack. C) Siphon all their gas, and fill their tank with urine/salt/sand. This will clog their entire system, and take some time to flush the system, and get their car operating again. D) Drain brake fluid, replace with water. It will take a few miles before the person realizes his brakes won't work. E) Remove screw on clutch fluid tap. When they try to clutch, it will 'spooj' clutch fluid out the bottom of their car and they will lose pressure. F) Remove drive shaft bolts near transmission. A little ways down the road, they may notive their drive shaft fall to the ground, or hopefully rocket through the back of your car. G) Remove pins in tire stems after letting air out. Not only do they have a few flats, they can't fill up the tires. H) If they leave their window cracked, or you see a prime way to make a small hole in their windows, fill it with urine, a fire extinguisher, or just water. Plenty of fun when they come out the next morning. 5) Card all sorts of shit to their house. Some of the better things to card to them: 50lbs of raw meat, urinals, male strippers, gay porn catalogs, singing telegrams, flowers(pansies), fireworks, cases of toilet paper, bibles, a coffin, sexual toys, bags of cow manure, 6) Get their neighbor's info, and pose as them. Make any/all of the following calls: A) Call the police and tell them you saw the person dragging a dead body through the back yard. B) Call the police and say the person was running through the house waving a machete and holding a gun. C) Call the police and mention that 'shady' characters keep buying stuff in their back yard. 7) Call a local landscaping company, and have them bring a few tons of granite rocks to their house, and re-landscape their front yard while the person is at work. Have them rip up the current grass or whatnot, and dump rocks there. 8) Go to your local book store or 7-11 and get about 100 magazine subscription cards. Fill each one out with the person's info, and send them off. 9) With their full info, call down to public works and tell them that you are going out of town for a few weeks, and need your utilities shut off for the duration. No water, gas, electricity, etc is always a fun thing to overcome. Especially if they don't have use of their phones. I am always looking for 'phresh gnu ideas' on revenge, and as you can see, this is version 1.3 for now. When I add more, I will change the version number and spread it around as far as possible. In future CoTNO's, I may just have 'adder files' with more ideas, and not reprint the whole thing. Thanx goes out to Deadkat, Rage-303, Cavalier, and Synergy for their contributions to the file. DisordeR ========= End of CoTNo #05 We hope the long wait for this issue (6 months) was worth it. Now that TNO has reorganized, we will be producing CoTNo's on a more regular basis. Be sure to check out our other TNo sponsered publications though: #Hack FAQ - The complete reference of Frequently Asked Questions for #hack and alt.2600 F.U.C.K. - Fucked Up College Kids, a collection of Rants about modern American society ranging from the serene to the obscene. Now that we have finished this issue we are off to HoHoCon 94! If your lucky, you'll see us there. And if you ARE going, remember Voyager's sound words of wisdom, "Don't lick the strippers, you don't know where they've been." =========