Electronic Undergound Affilation Monthly Volume 2, Issue 5 August 1999 -- text only version -- /* PDF & Webfriendly Version is Available on the EUA's website at http://eua.tzo.org/geninfo/zine.htm *\ The newbie's guide to the arts of Hacking, Phreaking, Cypher- & Cryptopunking, w3-surfing, bad-assed type of mag that give people the inside information. Are you interested? Do you want to know more? The Electronic Underground Affiliations sole purpose is to provide current information about network security, Internet news, information about the local scene and how you fit into it all. The reason hackers seek out new knowledge is not for personal profit, but for general knowledge. ------------------------------------------------------------------------------ Phreaking: For Dummies Sentencing of the Century by Enigma Coverage of Kevin Mitnick Trial by Brainkandy What The Court have to say Guide to LAN & WAN Security (Pt 2) "Petition For Writ of Certiorari" by Archive New E-Mail Attack H A C K E R N E W S N E T W O R K Advisory provided by The Raven "Hacking ARPANET - Part 6" Zip Boxes by The Source by the Texan D-E-C-L-A-S-S-I-F-I-E-D-S Websites & Supporters (H/P Related Materials) Community News EUA 411& General Going’s On About the EUA and Shout Outs And Coming Next Edition... ------------------------------------------------------------------------------ About this Edition of the EUA Zine Welcome to the August 99 edition of the EUA Monthly. Well this month has really come around to be fun. The EUA now is now at eua.tzo.org - full time. We are offering contributing members access to ftp space, e-mail, and normal web access. Thanks to Enigma for the inbound memory chips! We'll be adding a some more memory to the box as soon as they get in. We'll also be moving the site over to SPARC Station here in the next few months - we are working on firming up the details now. We are also going to be shifting to a ISDN line for the site as well. The P166 win box the server is on now is just not carrying the weight very well. So we will be doing some upgrading to the system and services we offer. All the fun and excitement that is the EUA HQ's and we are looking for support. Not going to say much else, but if you have a service that you want to offer or provide support in some fashion, please contact us and let us know. L8R All - EUA Staff FINE PRINT & LEGAL DISCLAIMER: The E.U.A. will, from time to time, contain articles on activities that are illegal. WE DO NOT CONDONE ILLEGAL ACTIVITIES. This information is provided purely for informational and educational purposes only. E.U.A. and the Information Attic is protected under the First Amendment of the United States Constitution. We do not promote, endorse, or condone the use of any information in this publication for the purpose of illegal or illicit gain. This publication may contain articles and/or topics that may be offensive to some people. If you can not handle these topics PLEASE DO NOT READ THIS PUBLICATION. Again YOU should NOT participate in any actions that can be construed as illegal by the United States, Regional, and Local Governments. This information is purely for educational and informational use only. With that, the lawyers & judges should be happy. Looking for a Mentor? Are you looking for a mentor and a teacher in the dark arts of hacking and phreaking? Want to learn all you can about how computer and telephone networks really work? Well join us on irc.xnet.org in #EUA and join in. Old School Style or hit our web sites at one of the: http://www.eua.tzo.org/ The EUA Monthly will be reposting information from HNN, the Hacker News Network. Their mission: The Hacker News Network's mission is twofold. Our first mission is to deliver the real news from the computer underground for the computer underground. The reporting will not be dumbed down to match the computer illiteracy of the average TV viewer. Our second mission is to report the activities of the underground without the biases of the mainstream media. You will not see the terms "hacker" and "criminal" used interchangeably, nor the phrases "brilliant misguided youth" and "script kiddie". The HNN site is updated every day, except weekends and holidays with the latest news effecting the hacker scene. We try to have the days update posted before 12 noon EST. If you want to share something cool you have seen or heard about, write it up with links if appropriate and send it to submit@hackernews.com. We will credit the contributor of each story. Electronic Underground Affiliation is a organization that was originally started in the early 90's by a few of the Chicagoland hacker's who were started to get disgusted with societies sudden plunge into the realms of the bit and the baud. Tired of the way things were going Archive, Highlander, Fringe, Subhuman, and about a dozen others in the Old School Chicagoland Hacker Community decided to loosely form the an Affiliation in a way to guide, leading the next generation of hackers into the dark arts and mystery of hacking old school style. Basing our ethics on the old school beliefs, the EUA has grown by leaps and bounds. The EUA is aimed itself at aligning and organizing various cells of hacker’s, phreaks, cipher-&cryptopunks throughout the world. The EUA is predominately made up of old school hackers & phreaks that act in various positions from mentors to information brokers to coders. We are an organization that cares about the Freedom of Information and the continued Free Exchange of Ideas. PHREAKING FOR DUMMIES BY: Enigma INDEX: 1) Basic Switching 2) PBX's 3) RedBox 4) BeigeBox 5) ANI 6) Blue Box 7) Trashing 8) Trucking 9) Social Engineering (ex. teleconference) 10) E-911 System 11) Lineman's Handset 12) Definitions 13) Kinds of Lines INTRO: I want to help other people learn how the phone company works. And how it can be beneficial to you. But first you must learn the basics, so I have written an article for people who want the basics, this can also be used as a memory jogger, and or a resource in case you have forgotten something and you want to freshen up on it. BASIC SWITCHING Now to start out with we will start out with the basic plan on how the fone company is connected. You might think that it is just a bunch of lines connected together to a CO (Central Office) but it is not that simple. There is something called a switch which routes all the fone calls which are made, for example: _______ ________ ________ _______ • my • • local • • local • • your • • house •---------• switch •---• switch •------• house • •_______• •________• •________• •_______• This shows that when I call your house from LA to San Francisco, it routes from my house to my local switch to your local switch to your house. Each town had its own switch (depending on size). The lines that connects my local switch to your local switch are called 'trunk lines'.There can be many switches in between where you are and where you are calling which routes the calls. Lets say that my local switch got overloaded and shut itself down then the all the calls that are handled bye that switch are automatically handled by the next switch in line which in line, until the overloaded switch is back up and running. Now that we know the basics of how we all call each other then lets go to the next part. PBX's-This stands for Private Branch eXchange. These are private switch's that are (usually) owned by big corporations which the employees of the company dial an 800 number. But what most people that write text don't include or just don't bluntly don't know is that PBX's is an actual branch of the phone co. switch. They are usually 1-800-555-xxxx where the 'x' is that is the rest of the number. Today they are not only 800 they can be 888 because there are so many corporations. Lets take a big company like Microsoft, they would have many more that just 1 PBX, they might have 100 and there is another number for each of them. Now the way they work is, the employee dials the number for the PBX lets say it is 1-800-555-2893 they would dial this number and hear an osolating tone, like a police sirens. The employee enters his 4 digit code, then there will be options like outdial, area code location and ect.. Well, what we are targeting here is the outdial. All we have to do is dial an 800 number with the 555 exchange and listen for osolating tones of an automated voice that says "Please enter you four digit ey number" you get 3 times then it will disconnect you, just keep trying to guess the password then when you do, if you do, you can pick the choice of outdial and you can dial anywhere in the world at that companies expense. TIPS-some tips are look for 800 numbers on like a magazine or on the TV and they will have like call 1-800-425-9308 to contact us well where the '425' is you change it with '555' and that might work. Once you get into the PBX and crack the passwd I would suggest that you don't actually call through the outdial from you house because they could have an ANI(Automatic Number Identifier) and get your home fone number and call the FEDS and they will arrest you for Telecommunications Fraud. RedBox - Well this box simulated the tones that a payfone makes when you put change in. First of all you need to know some stuff about the payphone. First, you should notice (if you haven't already) that payphones make beeps when coins are dropped into the change bucket, nickel = 1 beep, dime = 2 beeps, quarter = 3 beeps. Some payphones have an antitheft chip on it and that filters the beeps that the payphone makes so those are not potential targets, you have to find a payphone that makes beeps on its own and when you found one of them, then you are ready for the next step. We are on to make the actual box. Now in most older plans it requires you to go to Radio Shack and go get crystals and stuff, I got an easier way. Get a tape recorder and go to the payphone that makes tones, then record them. Take the tape that you recorded it on and get your Walkman and go to the payphone with them on and dial the number you want to dial first, then it will say "please deposit 1 dollar and 35 cents" then you just press play and hold the earpiece to the receiver and let is go till the voice says "thanks you." You might come across sometimes where there will be someone breaking in and saying , "This is the coin operator, your coins are not registering" you just say thank you ill hang up and try again, they say "OK thank you for using coin operator" then you have to hold the earpiece closer to the receiver so that it will hear the coin tones. BeigeBox - This is a box used by hooking a shredded fone wire and a phone and connecting it to a Telephone Network Interface (TNI) in so making it a temporary phone in which the person that owns the TNI is paying for the call. Well, first off all you have to get used to the hardware you use to do this. On your house somewhere there is a gray box that says Customer Service / Telephone co. access. Open either side and get used to it and look at where the red and green wires are. Then take a phone wire that runs from the jack to the phone in your house. Cut the connector that is plugged into the wall and shred the wires (red and green, the rest are unnecessary) so that the actual wire is showing. Now take the other connector and leave it in your phone. Now when you go to the victim's TNI take the shredded wires that you shredded and find the green and red wires in the TNI then connect the two green wires together and then the two red wires together. You should now have a dial tone in with you can dial anywhere you want to. OK there is one other way to do and this is by trucking, in other words it means that you go looking for a telco truck, then you check to see if the door is locked or not. If it is unlocked then you open the truck then you look for a thing that looks like a phone but with alligator clips at the end of it. This is called a lineman's handset and what they do with this is check if the line is working properly. Now when you get it then you got a $500 dollar piece of equipment, and a beige box all in one. The two cords that run from the handset are colored, usually red and black. Now the red cord gets connected to the red wire in the TNI , and the black cord gets connected to the green wire in the TNI. Now I bet you are asking what if I cant get to a truck that is open that has a lineman's handset. Well, there is a simple solution to this minor problem, you make one. If you shredded the wires then you go up to the hardware store and get some alligator clips($.50) and take copper part of the wires from the wires that you shredded and put them through the little holes and the very end. Now you have your very own lineman's handset (except for the DTMF tones that might be on the handset, and the polarity lights). But you are now wondering if I have to unscrew the screws that the read and greens wires are at then I might get caught. Well, there is one main reason to have alligator clip / lineman's handset, you just clip the alligator clips to the screws because, metal conducts current really well , (didn't we learn that in 1st grade)? ANI- ANI stands for Automatic Number Identification. There is really not that much to say about it but I will put as much as possible on it. OK an ANI is able to hold a 10 digit number. Mostly used on computer systems, and like PBX's. How it works is just simply, when you dial in to the number this little device will log your number how long you stayed on. Now what they can do is call up the fone company and tell them that there was a number that appeared on there ANI that might have illegally used there system for unlawful acts. The fone company will be like, ohh ok we will be of the most service we can. They will ask for the logged fone number then will give out all the information to them about the cutover that was doing these unlawful acts. Then the company that was the victim calls the local police (FBI and SS only come in if the crime was committed across state lines) the police will come in question you, get your phone bill to see if you called the number, then will prosecute you if they have enough evidence, not a lot is needed in this kind of case. Most people might not have noticed this but a Caller ID is in fact a type of an ANI , except you cant use the *67 to block your number, ANI's always get your number. BlueBox - You will not be able to use this box anywhere in the US anymore just because the phone company protected there systems through filters and such. What you would have to do is make a box with a crystal and if you didn't get the exact tone you wouldn't get the free phone call. You had to get a 2600mhz tone and what it would do is reset the trunk lines and allow you to call anywhere in the world at the phone companies expense. Now what you do to do this is find a working 800 number (not to hard to find, can be 888 also) then when the person on the other end says hello (or whatever) just say ohh im sorry i got the wrong number after they hang up you will hear silence, that is what you want to hear, so now you get the blue box out and play the 2600mhz tone in to the receiver and let it play for about 10 - 20 seconds just to make sure it registers. Now you go and dial any number that you want to, this is better than the red box because you don't have to keeps playing the tones every 3 mins or so. Then you just enjoy the free phone call and let the phone company deal with any problems. The 2600mhz tone was discovered by a phreaker named Captian Crunch and he took the whistle he got out of a Caption Crunch box and blue into the receiver and it worked, the whistle was exactly the precise tone needed to reset the trunks. But remember this box does not work any more, telco finally wised up and found out about it and spent millions upgrading there systems, if you think about it, it is pretty funny. Trashing - Yes you heard right trashing, that means jumping into the dumpsite and sifting through the phone companies trash. Now there are rules you mush follow or you will get caught and possibly fined. You should go with at least 2 people (you and a friend) should go. One will actually go through the garbage and the other one will look out for telco employees, cops, and just people that could be a possible threat to you and your whole operation. Go when there are few people, maybe on a Saturday and or Sunday, there is only one person there, if it is a switch, and they come on 10 hour shifts and change shifts around like 2:00 AM maybe. Now go when it is drizzling just a little bit so that it makes it harder to see you. Where something like a big jacket and baggy pants so that it throws off your weight. Where lightly tinted sunglasses. Now you should bring a bag or some kind of backpack, after all we are just going to the library, right? When you go make sure you look like you went to that specific spot for a reason like going to smoke, or play ball. Don't be too loud or someone might know that you are there and will start yelling at you to get the hell out. OK before going to your local phone switch to go trashing, go there without the intention of trashing, just for one time. Make a visual of where all the exits are, the fastest way to get out of the parking lot. Notice any cameras or and kind of security device that might get you caught. Even if you can take a pad of paper and draw the place out so that if you bring a new person they have an idea of where to go in and out at. When you find all your places to go in and out then you are finally ready to go trashing and on your way to learning more about the phone company on your own that being taught, it is more fun doing it yourself. Now we are all ready to go, but wait what the hell are we looking for? Well, what every young willing new and upcoming phreak wants as much info on the phone company as they can get. Well, they first thing you can start with are looking for manuals. If you get a manual this practically maps the phone company out. Some manuals explain what all the green boxes are, what those things on the poles are called, mainly all the hardware. There are also manuals on how to operate systems running on the phone companies computers. Others tell you codes that they use like for example 'RC830' means coin phone , it doesn't really mean that just an example. Others are like technicians handbooks. Now are you still weary about going through garbage? Ya still are, OK ill give you some other reasons. You can find out Cable and Pair numbers for local business's or schools. Me and my friend got Cable and Pair numbers for our high school, and a lot of other classified info on our high school. Many of the switches don't have shredders and if they do then they don't use them because if all this info is known about the phone company, then they aren't doing a very good job. Well, on to the dumpster. You should bring a razor or knife to cut the bags open. Go in there and pick out any paper you see in the dumpster, even if it has coffee stains on it from the paranoid switchtechs. Stuff as many papers into your bag(s) as scientifically possible. Then when all is in your bag run like crazy, someone might have seen you. Take all your discoveries home and find anything worth keeping, like password, or phone numbers. There is a main must when looking through the dumpster , always keeps anything hand written, it could be something that a secretary wrote for the 'big' boss. Ohh and don't stay more than 10 min per trip. Trucking - Trucking involved lots of guts and a good eye. This is one thing that is farley new to the phone company. See since a lot of the phone company building don't throw there old manuals away any more there is a new way to do it. Trucking. This means finding an Ameritech truck with the stuff you need (manuals, lineman's handsets, tools, etc...). Now one of the rules of trucking is, no vandalism. Don't do take a crow bar to the window and raid the telco van. That is not right and you will not be a 'real' phreak if you decide to do break-in the van, anyway it draws attention. What you do is on a day off school go to the phone company (the switch) , in the middle of the day vans are coming in and out of the switch, this means a perfect time to truck. Now when trucking you have to check 'every' door, because one might be open while all the rest are locked. When in the truck don't stay long at all( *never* stay longer than 5-8 mins in the truck) or the tech might come out and call the police on his cell. When in the van (if it is a sliding door one) take either the handsets or the manuals, to start off with, because these are of the utmost importance to you, if you really want to learn more about the phone company. Now if there is a utility truck, or one of those trucks that have all the little doors on the sides, then you try every door you can because those are loaded with tons of great hardware. In those, just grab what you can because those trucks are not going to have a lot (if any) manuals. The more you got the better off, do just grab as much as you can in as little time as you can. Usually those trucks are used for the sewers, but not always, I cant stress enough, get in and get out or you will get interrogated to hell. That is really all there is to know about trucking, except that you need to know what you are doing so that you don't get caught, chewed up, and spit out like a piece of meat. Social Engineering - This is a technique used by many phreakers/hackers to get passwords , usernames , and just about anything they want. The court appointed definition is a way of impersonating a victim to succeed in getting confidential information not intended for the use it is supposed to be used for. My definition is a way of acting like someone else by using your creativity and known vocabulary to fake out anyone and everyone that you have to in order to get what you need. Now this is where you need to put your acting class into persecutive. After trashing, find some fone numbers and then dial one and some part of your phone company will pick up. Try to persuade them into thinking you are on a job up on a pole on a lineman's handset. This is one of the advantages to being at a payphone and doing this, you make the scene. Make up some B.S. story that you are on your first job and need the dialup to the recent change system (RCMAC) because you need to change the features on the residents house. They can do two things, give it to you or not give it to you. Many people think that is it hard to trick telco but it isn't, if you get the right lingo then you can really act like you know what you are talking about, rather than make it sound like it is your first day. Also you can get free 411 out of them. Just keep talking to them and they will say you have to talk to your 'so-and-so' you just keep giving them B.S. and then they will get pissed at you and be like, listen I cant give you any information on this, you just calmly say, may I please have that number at least? Well, see it isn't that hard to trick someone into giving you what you want, just act yourself (with the exception of a deeper voice) and keep the operator talking, convince her that you know what you are talking about instead of just a teenage phreaker wannabe. You can also get some practice on social engineering ,(and getting back at enemies) just by dialing and 800 number and acting dumb. The way you do this is by setting up teleconferences. Teleconferences are things where you get an 800 number and an access number and 15 people dial this number and all talk for as long as you want. Now there are many different services that do these, this is the ATT on : 1-800-232-1234 . Dial this number someone will answer and be like hello this is ATT teleconference service, what is your teleconference ID? Say I never set a teleconference up before. They will be like what is your name, give then a fake name. They will say who is the host, say I am. Then they will ask what phone number will this be billed to, give them an enemies number or just a random number (before you go to a payphone call random numbers at home and find one where no one is home) they will say i am going to check billing i will call you back on the number you just gave me, say no I'm not home yet can you call me on my cell phone? They will be like sure what is the number (give them the payphone's number). They will only ask you a couple more questions such as, how many people will be dialing in? , and how long will the conference last (always say an hour because there is a thing called autoextend which does just that) , they will ask what time will the conference start, and would you like the operator to dial the participants, or will it be participant dial in?, say participant dial in. Then just wait till the conference time and you are in with a free conference. E-911 System - This system is the exactly what it looks like, it is the Emergency 911 system used by fire and police. Now you may not think that this is a very popular system now, but it is useful and it is gaining popularity. So what am I going to with a system that tracks fire and police calls? Well, that is what a lot of people don't understand is that in itself it is a switch. Because it has a digital(most) 11 digit ANI. That is sweet just with that but there is more. They have a ANAC, a regular switching system for outgoing and incoming calls. Basically it has everything that a regular switching system has, with only a few minor exceptions. I am not going to get into detail on this, I just want you to know some of the different kinds of phone switches, equipment, etc... Lineman's Handset - Yes, I am adding this because probably 50% of the people I talk to that say they know something or another about phones don't know what a lineman's handset is. So here it is. It is a piece of hardware that telco techs use to test to see if the line is working after they do a job. Most have a mute button, polarity lights, memory, pulse/tone dial, and DTMF tones built into them. Also, the really new ones have a display screen and they are digital. Now they have two wires going from the bottom of it one is black the other red. When the tech uses it he opens up the Telephone Network Interface(TNI) box and connects the black wire to the screw with which the green wire is in and the red to the red. Then you get a tone and you are free to dial anywhere you feel like dialing, for free. DEFINITIONS: Band - The range of frequencies between defined limits. Baud - A unit of signaling speed representing the number of desecrate signal events per second. When each signal event represents one bit per second, baud means bits per second. WATS (Wide Area Telephone Service)- Permits calls to predefined geographical areas but only in 1 direction. You are allowed incoming or outgoing, not both. LATA (Local Access and Transport Area) - Most people think LATA is some big elaborate network of switches, just because it was in a couple movies. Well, I want to clarify that it int, basically all it is, is your service area. ESS(Electronic Switching System)- Not to be confused with the Electromechanical Switching System, this uses electronic or computer controlled devices to manage switching operations. Currently there have been 5 ESS's made. The 1AESS and 2ESS-5ESS. After the 3ESS they are digital. The ESS is made by Northern Telecom. Telex - A dial-up telegraph service allowing subscribers to communicate directly with one another through a public network. Not a big deal, eh? Crossbar Switch - These kinds of switches were used back in the 80's and early 90's in big cities such as LA, Chicago, and NY. What it is, is a switch by which vertical pathways are connected with horizontal pathways. Duplex - Full duplex transmission lines allow communication in two directions simultaneously, while half-duplex permits two way conversation but not simultaneously. Electromechanical Switching System - Equipment, switches, speech paths, and control equipment by electromechanical components such as relays. Asynchronous - Each information character transmitted is individually synchronized by the use of start and stop elements. Other than these elements, there is no set pattern of transmission. Public Switched Network (PSN) - This provides switching services for public communications. End Office - A local office at the lowest level in the switching hierarchy, connecting directly to the customers lines. KINDS OF LINES Many a people have asked me 'so exactly how many Kbps does this kind of line transfer?' and it is a fair question. So in this section I will be talking about T-1, T-3, ISDN, FDDI, 56k, 36k, Cable, and a little of Ethernet. T-1: A T-1 trunk contains 24 channels, and each channel is capable of handling 64,000 bits per second of transmission. An additional 64,000 bits is required for error checking, so one T-1 line required a bandwidth of 1.5444 Mbps. 64,000 bps channel x 24 channels= 1.536 Mbps 8 bps per sample x 8,000 samples per second = 64,000 bps Total= 1.5444 Mbps ( 1.5444 Mbps is known in the telecommunications industry as DS-1 [digital signal level ] ) As for T lines go I really only know T-1 that well. Figure 1-1 will show you the rest. Fig 1-1 __________________________________________ |Signal Speed # of T-1 channels | |__________________________________________| |DS-1 1.544 Mbps 1 | |DS-2 6.312 Mbps 4 | |DS-3 45 Mbps 28 | |DS-4 275 Mbps 168 | |__________________________________________| FDDI-Fiber Distributed Data Interface: This is a very popular and upcoming way to transmit data. It transmits at 100 Mbps bandwidth. It is a lot more expensive that Token Ring, and Ethernet people still like the upcoming fiber transmissions. Also FDDI is immune to electromechanical interference's. 36k and 56k- Though most of us know what these are, I know I would still get flame mail for not putting it in. So 36k is supposed to transmit at 36 Kbps but you are lucky if you even get 6 Kbps. As for 56k you are lucky if you get 11 Kbps. Also on a 56k transmission you are only allowed 53 Kbps, that is if you can even get that high of a transmission rate. ISDN (Integrated Services Digital Network): An ISDN user can carry on a voice phone call while also viewing video images or retrieving data from a computer. All these different types of information can travel over a signal ISDN interface circuit packet. ISDN interfaces between local exchanges and end users could replace some T-1 trunks. ISDN lines are 64 Kbps each channel (2 channels) and you can use them together for data, or split them 1 for data one for voice. Cable-This is probably one of the newest ways to transmit data. I think that about 50% of all cable companies offer this (give or take a little). It transfers data at 512 Kbps. You cannot split this into two different line, but you can get cable TV right on your computer monitor. This is probably the cheapest way to transmit data quickly, it is around $300 for a cable modem, then you just pay regular cable service bill. The Sentencing of the Century by: brainkandy After the amazing event Friday, when the State of California dropped the charges against Kevin Mitnick, you would think that there could be no more good in this everlasting "process of justice." Well, thats where it has changed hands in so many days. After myself waking two hours late, then finding out that my ride experienced the same, we got on to the road around noon in the blue Ford Escort Wagon, more commonly known as the "Free Kevin-mobile". We made good time, and got ahead almost 10 minutes, but hit some crazy traffic because there was some kind of spill or accident on the southbound highway. We were now minutes behind schedule, and pulled into the parking lot at almost 1:50 pm. We went our way looking for the courtroom, although it was not correctly posted. We wandered, and finally found that there were multiple cases being heard by the judge. We walked in just about 2:15, and caught the end of another trial, which led to the sentencing of Kevin Mitnick. The sentencing was according to the plea agreement Kevin signed in March. Some information was spit out and some things were covered again by the court and the lawyers. The issue of restitution was discussed, and a 5 minute recess was given. That gave a chance to talk a bit, and Kevin's aunt passed around a small notepad for people to write their addresses and telephone numbers in. After that, the hearing continued, and the conversation on the issue of restitution was continued. Next, the issue was discussed of Mitnick being transfered to a half way house, which was shot down in flames by the judge. Finally, Donald Randolph, Mitnick's lawyer brought up the issue that Kevin should be able to stay in MDC instead of having to be transfered to another prison due to the fact that MDC served a kosher diet, while the other prison didn't. The Bureau of Prisons will decide where Kevin is to be imprisoned, since the judge strongly refused to make that recommendation to the BOP. The value of restitution of over $1.5 million was drastically reduced to a tidy sum of $4125. This amount is to go to the "victims" named in the case. He is required to start paying the restitution while imprisoned, and will continue until the sum is taken care of. He must also pay $350 to the government. Along with this, he is to serve the 54 months. That figure was knocked a little, which was cut to 46 months, due to 8 months of credit; plus time served, which will make him eligible for release in early 2000. After all this, me and my friend went off to the old 'hacker hangout', Dennys on Ramirez Street. :) The figure of only $4000 restitution stuck in our minds for the remainder of the trip, and is going to ring through the minds of hackers worldwide. We loudly reminded each other of the fine figure all the way to San Diego, and my house. Well, thats it from the mouth of me. Peace out, Free Kevin! Guide to LAN & WAN Security (Pt 2) by Archive 4.3.2 Role of the Computer System Security Plan Develop a Computer Systems Security Plan (CSSP) for Level 2 and Level 3 LANs and WANs. CSSPs are currently outlined in OMB Bulletin No. 90-08 and are an effective tool for organizing LAN security. The CSSP format provides simplicity, uniformity, consistency, and scalability. The CSSP is to be used as the risk management plan for controlling all recurring requirements, including risk updates, personnel screening,training, etc. Note that a Computer Security Act CSSP is not necessarily required for all Level 2 LANs and WANs. See Appendix D, Sample Security Plan, for an example of a LAN Computer System Security Plan. See Appendix F, LAN/WAN Security Plan Checklist, for a method to review security plans for compliance with OMB guidance. 4.3.3 Risk Assessment As required by the AISSP Handbook, risk assessments include: identification of informational and other assets of the system; threats that could affect the confidentiality, integrity, or availability of the system; system vulnerabilities/susceptibility to the threats; potential impacts from threat activity; identification of protection requirements to control the risks; and selection of appropriate security measures. Risk assessment for general purpose systems, including LANs/WANs, are required at least every five years, or more often when there are major operational, software, hardware, or configuration changes. Section 3, "Risk Assessments", may be used as a guide for the risk assessment process. See also appropriate NIST publications (e.g., FIPS PUB 65, Guideline for Automatic Data Processing Risk Analysis). 4.3.4 The Contingency Plan In view of the importance of contingency planning, Appendix E contains a sample Contingency Plan that can be amplified and tailored to specific LANs. This sample plan follows the requirements of the DHHS AISSP Handbook, OMB Circular No. A-130, and FIPS PUB 87, Guidelines for ADP Contingency Planning, March 1981. For additional guidance, see also: Information Technology Installation Security, Federal Systems Integration and Management Center (FEDSIM), GSA, December 1988. 4.3.5 An Annual Review & Training Session An ideal approach would be to conduct a yearly LAN meeting where LAN management, security, and end-user personnel can get together and review the security of the system. LAN meetings are an ideal way to satisfy both the security needs/updates of the system and the training/orientation needs of the individuals who are associated with the system. The process can be as simple as reviewing the CSSP, item by item, for additions, changes, and deletions. General discussion on special security topics such as planned network changes and OPDIV management concerns can round out the agenda. A summary of the meeting is useful for personnel who were unable to attend, for managers, and for updating the management plan. An often overlooked fact is that "LAN security" is only as good as the security being practiced. Information and system security is dependent on each user. Users need to be sensitized, trained, and monitored to ensure good security practices. 4.3.6 Update Management/Budget Plan The management/budget plan is the mechanism for getting review and approval of security requirements in terms of specific projects, descriptions, responsibilities, schedule, and costs. This plan should be updated yearly to reflect the annual review findings. APPENDIX A: DEFINITIONS Accreditation. The authorization and approval, granted to an ADP system or network to process sensitive data in an operational environmental, and made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meet prespecified technical requirements for achieving adequate data security. 1,2 Application System. An application system is a software package that processes, transmits, or disseminates information according to established internal procedures. An application system is run at an automated information system facility. A word processor usually runs only one application system. A mainframe computer may run thousands of application systems. 3 Automated Information System (AIS). An AIS is the organized collection, processing, transmission, and dissemination of information in accordance with defined procedures. 2,3,4 Automated Information System (AIS) Facility. An AIS facility is an organizationally defined set of personnel, hardware, software, and physical facilities, a primary function of which is the operation of an automated information system(s) and an application system(s). AIS facilities range from large centralized computer centers to individual stand-alone microprocessors such as personal computers and word processors. 3 Certification. A technical evaluation made as part of and in support of the accreditation process, that establishes the extent to which a particular computer system or network design and implementation meet a prespecified set of security requirements. 1,2 Computer Security. Computer Security is the protection of a computer system against internal failures, human errors, attacks, and natural catastrophes that might cause improper disclosure, modification, destruction, or denial of service. 1,2 Computer System Security Plan (CSSP). This plan is a document describing the security and privacy requirements of a given system and the agency's plan to meet these requirements. 2,5 Information Technology Utility (ITU). An ITU is an organizationally defined set of personnel, hardware, software, and physical facilities, a primary function of which is to coordinate the operation of geographically dispersed automated information systems and automated information system facilities. ITUs range in size from wide area networks covering widely dispersed geographical areas to local area networks covering a single office. 3 Local Area Network (LAN). A data network, located on a user's premises, within a limited geographic region. Communication within a local area network is not subject to external regulation; however, communication across the network boundary may be subject to some form of regulation. 6 Personnel Security. Personnel security refers to a program that determines the sensitivity of positions and screens individuals who participate in the design, operation, or maintenance of automated information systems or who have access to such systems. 3 Physical Security. Physical security refers to the combination of devices that bar, detect, monitor, restrict, or otherwise control access to sensitive areas. Physical security also refers to the measures to protect a facility that houses AIS assets and its contents from damage by accident, malicious intent, fire, loss of utilities, environmental hazards, and unauthorized access. 3 Sensitive Information. Sensitive information is any information, the loss, misuse, disclosure, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under section 552a of Title 5, United States Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy. 2,3,7 Wide Area Network (WAN). A WAN is an arrangement of data transmission facilities that provides communications capability across a broad geographic area (e.g., DIMES). ____________ 1 FIPS Pub 102, Guideline for Computer Security Certification and Accreditation, September 1983. 2 DHHS IRM Circular # 10, "Automated Information Systems Security Program," September 30, 1991 3 DHHS Automated Information Systems Security Program Handbook, February 1, 1991 4 OMB Circular No. A-130, Management of Federal Information Resources, Appendix III, "Security of Federal Automated Information Systems," December 12, 1985. 5 OMB Bulletin No. 90-08, "Guidance for the Preparation of Security Plans for Federal Computer Systems that Contain Sensitive Information," July 9, 1990. 6 FIPS PUB 11-3, Dictionary for Information Systems, 1991 (ANSI X3.172-1990) 7 Computer Security Act of 1987, January 8, 1988, P.L. 100-235 You've Got Mail scopped & scanned by The Raven An information security consultant said Wednesday he's discovered a serious flaw in network security and anti-virus software products -- a flaw that could threaten the Internet's e-mail infrastructure. According to Robert Rosenberger, he's developed an e-mail-borne attack which can potentially defeat most major security products -- not by slipping by undetected, but by attacking the security software head-on as it tries to scan email attachments. While most security software products can successfully protect themselves against code that tries to disable them, Rosenberger claims they also contain programming errors which render them unable to handle what he calls "pathological events". One example is a recursive e-mail attachment, or multiple attachments within attachments. According to Rosenberger, when security products encounter such specially crafted files at the local or server level, most will crash, and take the operating system with them. "I know of products where I can own the box, just by sending an e-mail that nobody receives. I can own the e-mail server, the gateway server -- anything that's part of the e-mail infrastructure," Rosenberger said. Besides consulting to corporations and government agencies, Rosenberger is the author of the Computer Virus Myths Web site which critizies anti-virus software vendors for whipping up what he calls virus hysteria in an attempt to boost sales. Rosenberger recently notified Network Associates, Symantec, and several other major antivirus software vendors about his findings and most have promptly responded by upgrading their products to thwart the attack, which he calls the E-mail Infrastructure Security vulnerability. Officials of the firms were not immediately available for comment. A representative of the Computer Incident Advisory Capability (CIAC) Wednesday said that organization was not aware of Rosenberger's findings. Officials from the Computer Emergency Response Team (CERT) were not immediately available for comment. While he hasn't publically released information about his exploit, Rosenberger says others could potentially discover similar flaws. "In about three weeks, every wannabe hacker on the planet is going to know about this and post some kind of sample file, and they're going to be a lot better than mine." Mitnick Moved to County Jail contributed by ryan In a swiftly executed move Kevin Mitnick has been moved from the Metropolitan Detention Center - Los Angeles, to the San Bernardino County Jail. Unfortunately the SBC does not offer Kosher meals, since Kevin wishes to exercise his right to freedom of religion he has not eaten since his transfer late Wednesday afternoon. The defense lawyers will file a motion with the court for Kevin's immediate return to MDC-L.A. The SBC does allow visitors as long as 24 hours notice is given. FREE KEVIN http://www.kevinmitnick.com/home.html The Internet Auditing Project contributed by Aleph One Security Focus has posted a very interesting report in their guest forum section. The folks at SSR went and scanned 36 million IPs, that was about 85% of the internet at the time, for 18 common security vulnerabilities. They came up with some rather scary results. The article also introduces the idea of the International Digital Defense Network (IDDN), a possible public interest project which, if implemented, could dramatically influence the security of the Internet. This is a must read for anyone even remotely interesting in system security. Security Focus http://www.securityfocus.com/templates/forum_message.html?forum=2&head=32&id=32 ToorCon Less Than One Month Away contributed by skalore The first annual ToorCon is set to take place in less then one month, on September 3rd-4th, at the Price Center in The University of California, San Diego. ToorCon is San Diego's only comprehensive computer security conference, and will feature lectures that range from topics such as; IDS, Stack-based buffer overflows, secure remote communications, and more. ToorCon will also feature staff members from Attrition.org and ToorCon will reporters from the San Diego Union Tribune. And of course, after the day's lectures, San Diego's friendly neighbor to the south, Mexico, is available 24 hours, for partying and fun. HNN Cons page http://www.hackernews.com/cons/cons.html Government has a Hard Time with Bureaucracy contributed by evilwench A little intrigue, some misdirected governments funds, just what has been going on with government network security anyway? FIDNet has been proposed but is now facing opposition, which looks very similar to what happened with Defensewide Information Systems Security Program (DISSP) back in 1996. So what happened? Where did the money go? Then last year there was Defensewide Information Assurance Program (DIAP) which also failed. Now FIDNet looks like it to will fail. Just what the hell is going on? Network World Fusion - Registration May be Required (It's worth it though) http://www.nwfusion.com/cgi-bin/go2.cgi?url=/news/1999/0802feat.html&uid=656d61696c Network-centric Warfare to be Used by Military contributed by Code Kid The San Jose Mercury News has an interesting interview with Vice Adm. Arthur K. Cebrowski, president of the Naval War College in Newport, R.I., on what he describes as network-centric warfare and how the armed forces are adapting to it. San Jose Mercury News http://www.sjmercury.com/svtech/news/indepth/docs/qa081199.htm Regional Computer Forensics Lab Set Up in San Diego contributed by bluesky With $600,000 provided by two federal grants officials have set up the San Diego Regional Computer Forensics Laboratory with the support of 32 federal, state and local law enforcement agencies. The lab will be manned by 14 FBI trained specialists from local police agencies, including the San Diego Police Department and the Sheriff's Department. The lab will conduct court-approved wiretap operations that call for intercepting Internet communications as well as data recovery and analysis from seized computer systems. San Diego Union Tribune http://www.uniontrib.com/news/uniontrib/fri/metro/news_2m6lab.html *************************************** Hacking ARPANET -- Part VI by The Source *************************************** This last part of the Hacking ARPANET series provides some more iformation on the types of things that you can learn from the EXEC, and concludes by explaining how to log onto the system and how passwords are structured. Once you are onto the EXEC, as explained in Part I, you should get into the QUERY function which is also explained earlier. QUERY will tell you just about all you need to know about anyone, including their business phone numbers and the locations of certain military employees. @N TOP NIC/Query is a database system containing information about the Defense Data Network (DDN)... 1. INTERNET PROTOCOLS -- Describes Internet protocols 2. PROGRAMS -- Describes programs available on DDN hosts 3. PERSONNEL -- Directory of DDN users 4. HOSTS -- Describes DDN hosts 5. RFCS -- Requests For Comments technical notes 6. IENS -- Internet Experiment Notes 7. NIC DOCUMENTS -- Documents available from the NIC _ for back, ^ for up, + for top, or menu # (1-7): 4 HOSTS ----- We have selected menu item 4, "HOSTS". HOSTS -- Describes DDN hosts 1. BY NAME -- Description of hosts by DDN hostname 2. BY CPU -- List of hosts by CPU type 3. BY OS -- List of hosts by Operating System _ for back, ^ for up, + for top, or menu # (1-3): 1 If we were especially interested in working on one or another computer, a CRAE, for example, we would select menu item 2. Or, if we wanted to learn a new operating system, we could select menu item 3. But let's see what's available under menu item 1: HOSTS BY NAME -- Description of hosts by DDN hostname To show the entry for a host, type its official name or nickname. To get a menu of hostnames, select the appropriate choice below. 1. ARPANET HOSTS-A-G 2. ARPANET HOSTS-H-R 3. ARPANET HOSTS-S-Z 4. MILNET HOSTS-A-F 5. MILNET HOSTS-G-M 6. MILNET HOSTS N 7. MILNET HOSTS-O-Z 8. ARPANET TACS 9. MILNET TACS 10. GATEWAYS _ for back, ^ for up, + for top, or menu # (1-10): 10 GATEWAYS 1. AERONET-GW 2. AMES-NAS-GW 3. ARPA-MILNET-GW 4. BBN-CRONUS-GW 5. BBN-FIBERA-GW 6. BBN-MILNET-GW 7. BBN-MINET-A-GW 8. BBN-NET-GATEWAY 9. BBN-PR-GW 10. BBN-VAN-GW 11. BBN-X25-GW 12. BRAGG-PR-GW1 13. BRAGG-PR-GW2 14. BRL-GATEWAY 15. BRL-GATEWAY2 16. CIT-CS-GW 17. CMU-GATEWAY 18. COLUMBIA-GW 19. CORNELL-GW 20. CSNET-PDN-GW 21. CSS-GATEWAY 22. CSS-RING-GW 23. DARPA-GW 24. DCEC-GATEWAY 25. DCEC-MILNET-GW 26. DCEC-PSAT-IG 27. DCN-GATEWAY 28. DTNSRDC-GW 29. HARVARD-GW 30. HUEY-GW 31. IPTO-GW 32. ISI-GATEWAY 33. ISI-MCON-GW 34. ISI-MILNET-GW 35. ISI-PSAT-IG 36. LBL-MILNET-GW 37. LL-GW 38. LL-PSAT-IG 39. LOUIE-GW 40. MARYLAND-GW 41. MIT-GW 42. NLM-GW 43. NOSC-GW 44 NRL-CSS-GW 45. NSRDCOA-GW 4.. NYU-GW 47. PURDUE-CS-GW 48. RAD-PSAT-IG 49. RIACS-GW 50. S1-B-GW 51. SAC-GATEWAY 52. SAC-GW-2 53. SAC-MILNET-GW 54. SRI-C3ETHER-GW 55. SRI-MILNET-GW 56. SRI-PR-GW1 57. SRI-PR-GW2 58. SRI-PR-GW3 59. STANFORD-GATEWAY 60. TACTNET-GW 61. UDEL-GW -- University of Delaware 62. UR-CS-GW -- University of Rochester 63. UTAH-GATEWAY -- University of Utah 64. UW-VLSI-GW -- University of Washington 65. WISC-GATEWAY -- University of Wisconsin 66. WSMR-NET-GW -- White Sands Missile Range 67. YALE-GW -- Yale University 68. YUMA-GW -- Army Yuma Proving Ground MILNET TACS 1. ACCAT-TAC 2. AFGL-TAC 3. AFSC-AD-TAC 4. AFSC-HQ-TAC 5. AFSC-SD-TAC 6. AFWL-TAC 7. AMES-TAC 8. ANNIS-MIL-TAC 9. ARDC-TAC 10. ARPA1-MIL-TAC 11. ARPA2-MIL-TAC 12. BBN-MIL-TAC 13. BRL-TAC 14. BROOKS-AFB-TAC 15. CINCPAC-TAC 16. CORADCOM-TAC 17. CORADCOM2-TAC 18. DARCOM-TAC 19. DAVID-TAC 20. DCEC-MIL-TAC 21. DCEC-TAC 22. DDN-PMO-MIL-TAC 23. DUGWAY-MIL-TAC 24. FRANKFURT-MIL-TAC 25. GUNTER-TAC 26. KOREA-TAC 27. MICOM-TAC 28. MINET-BRM-TAC 29. MINET-CPO-TAC 30. MINET-HDL-TAC 31. MINET-HLH-TAC 32. MINET-LON-TAC 33. MINET-OBL-TAC 34. MINET-RAM-TAC 35. MINET-RDM-TAC 36. MINET-SIG-TAC 37. MINET-VHN-TAC 38. MITRE-TAC 39. NCAD-MIL-TAC 40. NORL-MIL-TAC 41. NPS-TAC -- Naval Postgraduate School 42. NSWC-TAC -- Naval Surface Weapons Center 43. NWC-TAC -- Naval Weapons Center 44. PAX-RV-TAC -- Naval Electronics Systems Command 45. PENTAGON-TAC -- Air Force Data Services Center/SFA 46. RADC-TAC -- Rome Air Development Center 47. RAND2-MIL-TAC -- The Rand Corporation 48. ROBINS-TAC -- Warner-Robins ALC/MMECDM 49. SAC1-MIL-TAC -- Strategic Air Command/ADXCC Headquarters 50. SAC2-MIL-TAC -- Headquarters, Strategic Air Command 51. SCOTT-TAC -- Air Force Communications Command 52. SCOTT2-MIL-TAC -- Air Force Communications Command 53. SRI-MIL-TAC -- SRI International 54. STLA-TAC -- Army Information Systems Command - St. Louis 55. TINKER-MIL-TAC -- Tinker Air Force Base 56. USGS2-TAC -- U.S. Geological Survey 57. USGS3-TAC -- U.S. Geological Survey 58. WPAFB-TAC -- Aeronautical Systems Division/ADOS 59. WSMR-TAC -- White Sands Missile Range 60. YUMA-TAC -- Army Yuma Proving Ground 43. NWC-TAC -- Naval Weapons Center SRI-MIL-TAC SRI International (SRI-MIL-TAC) Telecommunications Sciences Center Network Information Center 333 Ravenswood Avenue Menlo Park, California 94025 NetNumber: 26.3.0.73 Configuration: C/30 Protocols: TCP/TELNET,ICMP Liaison: Roode, R. David ROODE@SRI-NIC (RAND2-MIL-TAC) Room 145 1700 Main Street Santa Monica, California 90406 NetNumber: 10.0.0.7 Configuration: C/30 Protocols: TCP/TELNET,ICMP Liaison: Collins, Colleen S. Colleen@RAND-UNIX (213) 393-0411 PROGRAMS -------- The EXEC also stores a list of programs and you can find out where to look for them on various network nodes. The programs are organized by menu as in the examples below: PROGRAMS 1. BY NAME 2. PROGRAM LIST 2 PROGRAM LIST 1. 11COPY 2. 2LABEL 3. @ 4. PROGRAMS-A 5. PROGRAMS-B 6. PROGRAMS-C 7. PROGRAMS-D 8. PROGRAMS-E 9. PROGRAMS-F 10. PROGRAMS-G 11. PROGRAMS-H 12. PROGRAMS-I 13. PROGRAMS-J 14. PROGRAMS-K 15. PROGRAMS-L 16. PROGRAMS-M 17. PROGRAMS-N 18. PROGRAMS-O 19. PROGRAMS-P 20. PROGRAMS-Q 21. PROGRAMS-R 22. PROGRAMS-S 23. PROGRAMS-T 24. PROGRAMS-U 25. PROGRAMS-V 26. PROGRAMS-W 27. PROGRAMS-X 28. PROGRAMS-Y 29. PROGRAMS-Z menu # (1-29): @ Examines a file and creates a checksum of each page. Upon subsequent runs it will detect which pages have changed and print only the altered pages, so that they can be added to the existing listing in place of the old pages. Has special features for updating cross-reference listings from compilers. CMU hosts (called AT) MIT-AI MIT-ML MIT-MC SRI-KL 4 PROGRAMS-A 1. A6502 2. ACCTS 3. ACT 4. ACTFRK 5. ADA 6. ADUMP 7. AGE-1 8. AGII 9. AI-HANDBOOK 10. AID 11. AIQUIZ 12. ALG606 13. ALGOL 14. ALGOL-W 15. ALIAS 16. ALLPRT 17. ALTER 18. ALTER.SNO 19. ALTRAN 20. ANALYSIS 21. ANALYZ 22. APEX-III 23. APL 24. APL.GST 25. APL25.KST 26. APLCOM 27. APLED 28. APT-III 29. ARCBITS 30. ARCHIVE-LOOKUP 31. ASSEMBLER-F 32. ASSEMBLER-G 33. ASSEMBLER-HONEYWELL 34. ASSEMBLER-IBM 35. ASSIST 36. AT 37. AUG3 38. AUGMEN 39. AUGMENT 9 AI-HANDBOOK The AI Handbook is aimed at making the results of AI research accessible to the large, multi-disciplinary community of scientists who want to build AI systems in their own problem areas. Students and researchers at Stanford and other AI laboratories have prepared over 300 short articles describing the fundamental ideas, useful thechniques, and exemplary programs developed in the field over the last 20 years. These articles have been written for computer- literate scienists and engineers in other fields who are unfamiliar with AI reserch and jargon. The Handbook will provide a scientist who, for instnce, might want to knoge" front end, with information about all of the relevant AI techniques and existing systems, as well as abundant pointers into the field's literature. SUMEX-AIM menu # (1-39): 15 ALIAS Allows a dummy name to be set up for a program. CMU hosts SUMEX-AIM SRI-KL menu # (1-39): 35 ASSIST ASSIST is a compiler fo a large subset of the IBM Assembler Language instruction set. ASSIST is oriented toward instructional use but is also useful for program checkout. ASSIST features simplified I/O statements and detailed assembly and execution error messages. ASSIST was developed at Pennsylvania State University and the University of Tennessee. UCLA-CCN menu # (1-39): 3 ACT Acquisition of Cognitive Procedures, combines a semantic network data-base with a production system to simulate human cognition. ACT possesses a number of learning mechanisms which have been used to model the learning of procedural skills such as language comprehension and geometry theorem proving. It can also model human limitations. SUMEX-AIM menu # (1-39): PERSONNEL To view information about an individual when you know his or her LAST NAME Type: LASTNAME (where 'LASTNAME' is the person's last name; e.g., Smith) PARTIAL NAME Type: LASTN... (where 'LASTN...' is a partial spelling of the person's last name followed by three periods, e.g., Sm...) FULL NAME Type: FULLNAME (where 'FULLNAME' is the person's last name followed by a comma and his or her first name; e.g., Smith, Mary) IDENT Type: XYZ (where 'XYZ' is the ident) MA... There are 631 matching entries. Accetta, Michael (MA) MIKE.ACCETTA@CMU-CS-A (412) 578-7681 Asato, Mino (MA1) NEEAPAC@HAWAII-EMH (808) 471-3444 (AV) 421-6834 Amaro, Manny (MA10) MAMARO@SIMTEL20 (505) 678-9500 (AV) 258-9500 (FTS) 898-9 500 Aguilar, Mary (MA11) mary@RAND-UNIX (213) 393-0411 Aronstein, Michael (MA12) ARONSTEIN@BBNA (619) 224-3243 Adams, Marilyn (MA13) MADAMS@BBNA (617) 497-3678 Abe, Michael (MA14) PACDET@PAXRV-NES (808) 471-0821 Ackerman, Mark (MA15) ACKERMAN@JPL-VLSI (818) 354-4467 Altenau, Mike (MA17) CENCOMS-F4@USC-ISID -- Addison, Michael (MA19) MARCOMMS@PAXRV-NES (703) 521-8835 Allerding, Martin (MA20) 600140@LANL (703) 326-7028 ... LOGIN ----- ARPANET very graciously tells us just about all we know to be able to log into the system in the related HELP file below: .HELP LOGIN Only people with authorized accounts may log in on this system, though some programs can be run without logging in. Type "HELP GUEST" for a list of these "free" programs. Type "HELP ACCOUNT" for information on opening an account. To log in, type the word LOGIN (this may be abbreviated L) followed by a space, your project name, a comma, and your programmer name: L PRJ,PRG This will lo you in, and type out any system messages or personal mail for you wich may exist. You can stop the message typeout by typing the CALL eg (CONTROL-C twice from other characters in place of the "," namely: / - types only system messages that have been posted since you last logged in. . - suppresses all messages. % - lets you specify a new password. In order to log in from the network or remotely, you must have a password. For a more complete description of LOGIN options, see the printed Monitor Command Manual or its online version MONCOM.BH[S,DOC], whose updates are in MONCOM.UPD[S,DOC]. Rembember, ARPANET has already shown us how to find out the PRG (programmer name) part of the login: .FINGER INT where INT are the initials of a programmer. If the initials don't exist you will get an error message. Keep trying until you find the correct initials. Passwords are often the same as the programmer's initials. If not, then try the programmer's first name which you can learn from using the Personnel option on the menu in the Exec's QUERY. Once you have a password, you may then log onto just about any ARPANET computer. Instead of typing "O 0,11", enter the machine's NetWork number! All that's left to be hacked is the first section of the logon code -- the PRJ name, which may be as long as three letters and which may include nubmers. HAPPY HACKING! THIS SERIES OF ARTICLES WAS BROUGHT TO YOU BY **THE SOURCE**. COPY IT; SPREAD IT AROUND; USE IT FREELY BUT DON'T FORGET TO PUT THE AUTHOR'S NAME IN IT _____ / / /____i__p__BOX__/ Yes the rumors are true, I have made a new phreaking box that works and it is called the zip box. In this post I will explain the use of the box, the materials needed , and the construction of the box. So grab some pistachios and get ready to enter a whole new world of phreaking. -Texan Introduction: The zip box is a brand new box untill now impossible, one because the service it exploits is brand new , two because the USB zip drive just came out. Whats that? What does it do?... No No my friend you should be questioning what does'nt it do. The brand new technology of the USB zip drive takes advantage of a Ma-Bell service that we just found out existed. By exploiting this service the zip box gives you ultimate control over any ones phone line, Its like RCmac, Line Tapping, a beige box , and DATU put together. The details of the box will be explained in full in the article so read on. Contents: I)Materials needed II)Construction III)Use and how it works IV) Commands I Materials needed: 1) USB zip drive (USB = Universal Serial Bus) 2) USB cords 3) DTMF tones (Dual Tone Multi Frequency Tones, the tones your phone plays) 4) Telephone cord 5) Two Alligator clips 6) Zip Disk 7) Wire Strippers II Construction: 1) In this step you will transfer some phone tones(DTMF tones) to the zip disk so go to a friends house or use you zip drive but get these tones on a disk, try downloading a phreak program which has DTMF tones built into it or just put them on your computer your self.THE NEXT STEP IS VERY IMPORTANT, IF YOU DO NOT GET THESE TONES IN THE RIGHT ORDER THE WHOLE BOX WILL NOT WORK! The tones will be separated by a comma. 5,5,5,7,7,6,8,*,5,#,5,*,5,0. Record those tones in that exact same sequence THREE TIMES. Once you have completed that place the disk into your Zip drive. 2) For this second step you will need the alligator clips the phone cord,the USB cord,and the wire strippers. First of all cut off the connector from BOTH ends of the phone cord and one end of the USB cord. Second strip the wires on the phone cord so that the Red(Ring) and Green(Tip) are exposed on both sides. Just like you are making a beige box. Now do the same to the Usb cord except there will just be ONE larger wire in the middle in which you need to strip. Now on the phone cord connect each of the wires on one end to the alligator clips. The last stage of this step is to connect the USB cord to the end of the phone cord that does not have the alligator clips on it. You can do this by twisting the phone wires around the stripped end of the USB cord. This is what is should look like: (1) (5) (4) (3) ____>>> []]==============~~---------------___ >>> (6) (2) (1) Alligator Clips (2) Stripped ends of the phone cord (3) Phone cord (4) Where USB cord and phone cord are twisted together (5) USB cord (6) USB Connector 3) Now for the completion of the Zip Box. Take the USB connector and connect it into the USB port into the back of you zip drive, and dont worry about power because once it is plugged in to a phone line it will have plenty of power. Now get ready to roll. III Use and how it works: Now that all systems are on go its time to be amazed. 1)This first usage step is exactly like beige boxing. First off, You need to find you closet neighborhood Bell terminal. Once found you need to open it up and clip in by connecting the end of the phone cord with the alligator clips on it, to the terminal. Be sure you connect the red wire on the phone cord to the Ring, and the green wire on the phone cord to the Tip. If this is completed properly then the yellow power-light on your zip drive should light up if not adjust the alligator clips untill it does. 2) This is the step, where the technical stuff happens its time for explaining.The Bell service that makes the Zip Box possible is called ONCO(Omni National Call Operations). This service is a very new and high tech service implemented by bell in late 1998, This service is very fast reliable and allows linemen to do all their work under one system. Although only a VERY FEW amount of places actually have their linmen testing the service. They have activated the service in every part of the country. Most Bell employees even dont know it exists. And the thing bell likes about it the most is that it is very secure (except for this one glitch they looked over)and secondly it is completely automated so they save a bag of money. To acsess this system one has to have a special box that sends encrypted data pulses along the phone line and also DTMF tones. What you have just constructed works exactly the same as the boxes those few linemen have. The makings of the USB zip drive when connected to a phone line makes it send the exact same frequency of pulses as the bell mechanism does,and the zip disk makes the DTMF tones available. And the way you communicate with ONCO is by pressing the eject button on the zip drive which sends and electric surge throught the zip drive then onto through the phone line to our old friend ONCO.Well enough explaining let me get to the usage part again. Now that you are connected to the bell terminal you need to connect to ONCO, you do this by pressing the eject button on your zip drive SEVEN TIMES very rapidly. After doing this you zip drive should start screaming and and blinking like crazy for like 30 seconds, during this period in which it sounds like you zip is about to blow up what is happening is that the Zip disk is being accses and the dtmf tones are being sent over the line and played for ONCO. After the tones go through you know that ONCO excepted the tones if the light on the zip drive is blinking very steadily and slowly.Your in, but if this does not happen and the zip drive light just turned off completly it means that ONCO has disconected you because you entered the wrong... so go back and record them right. Now the way ONCO gives and recieves commands is alot like Mores code. You enter them through a series of punches on the eject button.I will list all the commands here.The official name for the codes is ONCOCT meaning Omni National Call Operations Code Transference, but the slang word used in Bell Labratores is CotTalk(don't ask me why). First of all... If the command you entered was excepted by ONCO then the zip drive light will Turn on for 3 seconds, if it was an unknown command the light will flash rapidly six times. Whenever you end a command you hold down the eject button for 9 seconds. The First thing you do when on ONCO is enter the number you are wanting to make changes too. The way you enter this number,(and dont forget the area code)is to type it in a series of quick presses of the eject button the amount of times that add up to that number, and after each number hold the eject key down for 5 seconds and after you have entered the whole number you should hold it down fro 9 seconds to show ONCO that it is the end of the command. So say you wanted the nubmer to be 817-294-1353, the commmadn format would be as follows: Key: = one quick hit on the eject key <*press> = the amount of seconds to hold down. <5 secondpress><5secondpress> <5secondpress> <5secondpress> <5 secpress> <5 secpress> <5 secpress> <5 secpress> <5sec press> <9 second press> (Yes i know the commands are primitive and unpractible but ONCO is in its beging stage so once their technologies increase ill be there to make an updated zip box, but that wont be till some time in the the next few years so we'll have to go with this. Hey it works and its powerful so I wouldnt be complaining.) Now that you are in ONCO and you have the number typed in your ready to make changes. There in the range of 100 to 130 commands for ONCO,I will list about 12 of the most used ones. But first im going to give you definitons for the codes Ol' Ma uses. Definitions: CO(CallOut): Makes the line so that when dialed you will here a dial tone and from their you can make a call to any where in the world. CF(CallForward): Forwards the persons call to a designated number. FFC(FeeFreeCalling): Makes the designated line stop recieving bills and capable of making free calls whenever and where ever for free. CS(CancelService): Cancels the service of the designated line. MPP(MakePayPhone): Transforms the designated number into a payphone. FT(FraudTarget): Puts a flag on designated numbers line saying that the owner of the line is trying to rip off the phone company basicly, and all FT reports are sent to the police so that person would be arested. MOL(MakeOperatorLine): Tells the switch that the designated number is and operator, so when people press '0' some of the calls should go to that line. RC(Recieve Call): Makes the number only able to recieve calls and not to dial out. DC(DialCall): Makes the selected number only able to dial out calls and not able to recieve any. LT(LineTap): Activates a tap on the designated line. LR(LineRepair): Says that a lineman needs to be sent to the phoneline owners house in order to make repairs. CN(ChangeNubmer): Changer number to what you want it to be. IV Commands: CO: <9secpress> CF: <5secpress> ***Number*** <9secpress> FFC: <9secpress> CS: <9secpress> MPP: <9secpress> FT: <9secpress> MOL: <9secpress> RC: <9secpress> DC: <9secpress> LT: <9secpress> LR: <9secpress> CN: <5secpress> ***number*** <9secpress> *Note for CN(Change Number) and CF(Call Forward) you enter the number in the same fashion i entered the earlier example. The commands are pretty easy to Remember because of the pattern they are in. You can also experiment with new commands by yourself. The commands usually take effect within 10 minutes. That is all for the zip box right now i will be sure to make and update one in future years. It works you just gotta put a little effort into gettin the supplies and learning how to use the system. Also if any of you have an ONCO docs ill be happy to take all i can get so send them to texanixi@hotmail.com. Werd out. Any Questions about the zip box or the ONCO sytem contact me: AIM: TEXAN31337 irc(EFnet): Texan email: Texanixi@hotmail.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Shout outs go to all my grewps, Baud Squad, League of Assasins, Phoot Clan, and Jiggas. PEACE! D-E-C-L-A-S-S-I-F-I-E-D-S http://719.cbj.com/ What is TechAds? TechAds is a online classified site that caters to the desires of the hacker community. The site is run and operated by the 719 group, you can peruse the links bellow to see if you can find what you need or want or you can place your ad for that old Comodore 64 you have in the attic. http://www.CandianTom.com The full Harmless Strategies members website on CD-ROM All the files and texts from the Members website in one place! Three years of accumulating the best software and tutorials for beginners and experts alike. Learn to use trojans like back orifice and masters paradise! Adult site passwords! Control viruses, make them and kill them! Incredible collection of software! Included on this cd is the latest software programs which will allow you to crack, hack ,reverse engineer, and more! These are mostly shareware programs! You do not need to buy the cd in order to obtain these programs. Simply send me an email with the program or text file you want and i will send it to you through email or send you the url! They are included on the cd for people who do not want to be tracked or spend hours downloading from their service provider. SoftIce Used by the best crackers in the world! UltraEdit Must have editor for crackers and reversers NukeNabber Detect people trying to access your machine through your modem! Windows Washer Automate the cleansing of your cache and history files and more! NeoTrace Find out exactly where your packets are sent Dll Show Know when a trojan is planted in your machine! Type it in Automates filling out forms. Use it to attack password programs. The Cleaner 2 Detects all known trojans on your machine. Directory Snoop Find files that are supposed to be erased! Unerase data easily! EnCase Software used by law enforcement agencies to get private data. BC Wipe Use this program with encase (above) to insure your data is gone forever! BlowFish Encrypt your data with military strength WWWHack Make your own passwords for any adult or password protected site on the net! Glide Another great password buster Nag Buster Get rid of annoying nag screens on shareware Oscar 10.3 Thousands of serials and cracks for the latest shareware. Romeo Hundreds of serial numbers in an easy to use program. Texts * ICQ Hacking utilities The famous Jolly Roger Cookbook Serials- more than 9,000 in one searchable text! The MIT complete guide to lockpicking Anarchist Cookbook Harmless Strategies Anyone Can do Phreaking Telephones Universal Product Codes How to Nuke people, How to Mailbomb! * These tutorials and software are offered on the cd but are also available freely on the internet! If you have trouble collecting any of the above articles please send me an email and they will be provided to you free of charge through email or I will send you the URL where they can be located. The purpose of providing them on the cd is to avoid tracking and save you time charges through your service provider. (Do not request more than three at one time!) Your purchase will include one year of website access in the Harmless Strategies Member Site! As well as the weekly newsletter! Everything is contained on a CD-Rom delivered anywhere in the world for the ridiculously low price of only $45.00 (US) $60.00 Canadian funds This price includes shipping anywhere in the world! Send payment of $45.00 US, $60.00 Canadian funds to; Thomas Yeomans RR#3, New Germany Nova Scotia, Canada B0R 1E0 L-0-P-H-T PRODUCTS http://www.l0pht.com LOPHTCRACK 2.5 Description: Over 500,000 downloads and still going strong. The NT IT community has embraced L0phtCrack 2.5 as the password auditing tool of choice. Pricing: The trial period is 15 days, after which the product must be registered for $100. A command-line, stripped down version of the program is available for free with source code. Site licences are also available SLINT Description: Source code security analyzers are available in the underground and are being used to scan commercial product for vulnerabilities. Render the PD warez obsolete with ·SLINT. Pricing: · mailto:business@l0pht.com. BLACK CRAWLING SYSTEMS ARCHIVE CD-ROM Description: The Black Crawling Systems Archives CD will be especially useful to all Network Administrators, Hackers, Computer Security Professionals, Phreakers, Computer Teachers, Crackers, Lab Monitors, Virus Writers, Communication Specialists, and anyone else that wishes to have a copy of this unique archive collection for their personal use. Pricing: $25.00 plus $5.00 for shipping and handling in United States currency for each CD ordered Electronic Underground Affiliation thanks the following orginizations for their assistance in providing information for you. Drop them a email and say thanks! L0pht Heavy Industries admin@l0pht.com H N N ® The Hacker News Networks contact@hackernews.com Probe Industries Magazine Philes (PIMP®) Currently Offline attrition.org modify@attrition.org The Fray cronus@iol.ie Columbia 2032 c2032@thglobe.com CrashCentral.com Absolute_Matter@hotmail.com engima@Crashcentral.com The Electronic Underground Affiliations proudly presents our newest Digital Distributors Site http://www.attrition.org/~modify/texts/zines/EUA questions or comments: modify@attrition.org SUBSCRIPTION INFORMATION You want to subscribe to the zine all you need to do is email with SUBSCRIBE as the subject line of to euamonthly@eua.tzo.org We work on trying to personally get in touch with each and everyone who signs up for the EUA Monthly. But if you do not hear from us a while, do not get depressed, keep checking the EUA Monthly Zine site and download it once it hits the street. The Raven ARTICLES AND STAFF JOURNALISTS Do you have the skills to write for us? Do you have the time to comit? Do you have a late breaking techno article that you’d like to see in digiprint? Well drop us a line and send us your 411. We are always looking for more information and articles to put into the zine. Remember this is a member driven zine so the more that you add and submit, the more help it is to your fellow readers. Enjoy & L8R -- Archive REDISTRIBUTION CARRIERS Do you want to carry a copy of the EUA Monthly Zine on your BBS, ftp or website? Contact us by email and let us know where to send the copy of the zine to and we’ll get it to you. If you have a site that wants to carry it just let us know and link it to our website. If you run a bbs, we’ll upload at our cost. Well the honestly, we don’t know. EUA is re-thinking some ideas on how to format the zine to be more informative and helpful to our users. We are going to be playing with some ideas that may come to fruit. One idea is to get the zine on a quarterly format, to ease the burden on our end. With the zine just being a hobby and time a major factor, we want to try to keep the zine going and operational while meeting the needs of our readers. If you have any ideas or suggestions let us know. Some of the things that you can look forward to in next edtion are: I know I said it in Issue 4 but I’m going to say it again in Issue 5: Unix Stuff How to Hack Unix System IV Sendmail by ZHart Bourne Shell Programing and much, much more. The Electronic Underground Affiliation is aimed at setting a new standard in the hacker community based on the old school idea for the “Free Exchange of Information and Ideas.” Electronic Underground Affiliation Special Thanks and Credits go to the following for their article submissions and help with publication for this months edition of the E.U.A.: Enigma - Phreaking For Dummies Texan - Zip Boxes Raven - E-Mail Attack Brainkandy - Coverage Mitnick Trial ß-Editor/Publishers Archive & Raven SoCal Digital Publishing Brainkandy IL Digital Publishing Enigma Chicagoland Digital Publishing Fringe GA Digital Publishing Napalm1o NC Digital Publishing Raven PA Digital Publishing CyberMonk CA Digital Publishing Phrack Wolf Canadian Digital Publishing Necro/Zarkov Australian Digital Publishing -vacancy- EUA Digital Promotions & Public Relations Officer -vacancy- Social Engineering Department Phrack Wolf EUA Webmaster Forensic & Joe Nobody Phreaking Department Enigma Graphics various members of EUA EUA Coder Null Value EUA NT Department Konceptor Electronic Underground Affiliation E.U.A. Staff & Shout Outs EUA Visit our website @ http://www.eua.tzo.org/ back issues of EUA Monthly Idea: The Free Exchange of Information and Knowledge. Purpose: To Ensure that Information and Knowledge are available to anyone seeking. Goal: To enlist the assistance, wisdom, knowledge and information of as many IS specialists, hackers, crypto- &cypherpunks, users as possible. Ethic: Unlike society, the EUA does not be hindered by the social stigmas of our day. We will not discriminate others on the basis of: 1) Sex, 2) Race, 3) Religious Beliefs, 4) Affiliation, 5) Physical Impairments, or 6) Age. The Moto: “Aut Hack Vincere Aut Mori” "To Hack and Conquer or to Die"