There seems to be a fallacy in the pirate world that all BBS software is
untouchable. However, about a month ago a few people associated with the
Oblivion team took apart .93 (a version number of Vision-X) and found
backdoors. The unfortunate problem with this is that the V-X team put those
backdoors in so they could trace down which Beta site was giving out Beta copies. Well, they found the backdoors and called up several boards and used
them.
1. The story from the people who hacked the boards is this, one of the two
involved was irate becuase he wrote a registration for .93 so anyone could
run it, whether they paid for the software or not. When the V-X team found
out about it, they blacklisted him from being able to logon into any V-X
system. This was done hard-coded, so no sysop could let him in with that
handle. Anyway, the story is they got into several of the BBSes, and even
dropped to DOS to look around, but did not have any intentions on
destroying data. Basically, they wanted to expose the weaknesses of the
software. The problem started when they posted the backdoors on a national
net, which means that now any lamer could use this backdoor for their own
purpose. According to the Oblivion guys, they did not destroy the data,
but some of the lamers that saw the backdoors on the net did. They regret
posting the backdoors. They didn't realize that there are some people who
are malicious enough to destroy data.
2. The Vision-X team are positive that the people who did take down the BBSes
were the Oblivion team, some say they even admitted to doing it. There is
a major paradox in these stories, and at this point it doesn't look like
anyone will ever be able to get the entire truth about what had happened.
Backdoors have never been a good idea, even if the authors are positive they
will never be found. The recent barrage of system crashing prove that the backdoors will indeed be found eventually. On the flip side of the coin, even
if backdoors in BBS software are found, they should be left alone to be used for their original intent. Most authors who put the backdoors into the systems
do it to protect their investment and hardwork. Most BBS programers these days
work on the software for the benefit of the modem community, and expect a
little money in return for their hard work. It is wrong for sysops to use it
without permission. You guys need to stop being cheap asses, and support a
software you want support from. What is the point of running a cracked piece
of software since you cannot get support from the authors and not get the net
they are involved in. The nominal amount of money involved is a good
On April 16, 1992, I was contacted by Kevin Marcus. Marcus learned that we
were investigating individuals who were illegally logging (hacking) into
various computer systems nationwide. Marcus runs a local computer bulletin
board system (BBS) called The Programmer's Paradise. Marcus was concerned
about the illegal activities had had seen on various local BBSs and contacted
me.
Marcus also said that he had received computer messages from a person who goes
by the name (handle) of Knight Lightning in New York who asked him if he heard
anything about our investigation. Knight Lightning told Marcus that on April
3rd a reporter from San Diego by the name of Bigelo had contacted and talked to
him about our ongoing investigation.
-- -- -- -- -- -- -- --
Enclosure 1:
Date: Fri, 10 Apr 1992 18:14:11 -500
To: knight@eff.org
From: Craig Neidorf <knight@eff.org>
Subject: Runaway Teen Hacker Picked Up?
I was just contacted by a reporter in San Diego about a hacker case.
Apparently there is a teenage hacker from Indiana who ran away from home to
California to see some girl there. The local police and the FBI supposedly
picked him up on April 3rd and he remains in their custody uncharged while he
is telling them all sorts of information on hacker rings across the nation.
Does anyone have any clues as to who this kid is or what's going on?
:Knight Lightning
-- -- -- -- -- -- -- --
Enclosure 2:
Date: Thu, 16 Apr 1992 22:25:17 -0400
From: Craig Neidorf <knight@eff.org>
To: tck@netlink.cts.com
Subject: Re: Hi.
Bruce Bigelo, Union Tribune. Left his number at the office. Nothing going on,
but I understand that you called him.
Craig
-- -- -- -- -- -- -- --
Marcus offered to assist us. I asked if he knew of a BBS called Scantronics.
He said that he did and that he had been a member of that BBS and view the
files on that board in the past to see what the board carried. Marcus is a
computer science major at a local college and is doing research in the anti-
virus field. Marcus stated that the board carried a lot of technical data, but
had nothing regarding his subject. Marcus also belongs to other local and out-
of-state BBSs where he talks with other individuals with his same interest.
Marcus stated that he was last on Scantronics BBS about a month ago and he had
seen numerous computer files that involved CBI and carding. Carding is a term
used by hackers who are involved in the illegal or fraudulent use of credit
cards and their numbers. These credit card numbers are obtained from credit
reporting companies such as CBI and TRW, by illegally accessing (hacking) their
way into those company computers and reading or copying private individuals
credit reports and information.
Most copies of credit reports from these companies will show a person's name,
current and previous addresses, social security number, employer, salary, and
all current credit history including all credit cards and their account
numbers. They <the hackers> then use these credit card numbers to obtain
goods.
If one of the hackers used an account number he found on a credit report that
he illegally pulled from the credit reporting company, the victim would most
likely not find out that their card had been illegally used until the next
billing cycle which could be as much as 45 days after the illegal transaction
took place. According to the credit card industry, this is one of the most
risk free and safest way to commit credit card fraud.
Marcus said that the person's name who ran this BBS was Jeremy. He did not
know his last name, but the handle he is known by is "KLUDGE." I asked if he
knew the phone number to this BBS and he gave me 423-4852. The BBS phone
number, the operator's first name, and <the operator's> handle matched the
information we had learned earlier.
Marcus also gave me two disks <that> contained some files which had been
downloaded (left on his BBS) by other persons on his system. He regularly
checks his board and removes or deletes files regarding questionable or illegal
activity such as carding.
I viewed both of these disks and they contained some very interesting files.
These files included various topics <such as> an auto theft manual, CBI manual,
TRW manual, American Express card info, and many other files which if
downloaded or copied by another person, that person could easily gain illegal
access to various credit reporting companies and commit various other illegal
types of activity.
I told Marcus if he came across any further information regarding this type of
activity or further information about the BBS called Scantronics to please
contact me.
On April 17, 1992, I met Marcus and he said that he had logged onto Scantronics
last night by using an access number a friend gave him. This same friend had
let him use his access number to gain access to this BBS on many prior
occasions. He did this on his own, without any direction whatsoever from me or
any other law enforcement official.
Marcus handed me a 5 1/4" computer disk and said that it contained some file
listings and a list of all validated users. Marcus also stated that the disk
contained a copy of the messages that were sent to him through his BBS by the
person in New York regarding our investigation [those messages displayed above
from Knight Lightning].
He asked me if I wanted him to log on and see for myself what was on "KLUDGE's"
BBS. I told him that I would have to consult with the D.A.'s office first.
However, I was unable to get a hold of our D.A. liaison. I told <Marcus> that
I'd get back with him later.
After talking to D.A. Mike Carlton, I advised Marcus not to go into Scantronics
BBS unless it was for his own information. However he said that if he came
across any further information during his normal course of running his own BBS,
he would notify me.
-- -- -- -- -- -- -- --
[The police report also contained 60 pages of printouts of postings and text
files found on Scantronics BBS. It is also made very clear that Kevin Marcus
(aka The Crypt Keeper) accessed Scantronics BBS by using the password and
account number of The Gatsby. Files include:
- "Credit Bureau Information" which sounds harmless enough to begin with and
turns out is actually a reprint of an article from the September 27, 1992
issue of Business Week Magazine
- "Advanced Carding" by The Disk Jockey, which dates back to 1987.
- "The Complete CBI Manual of Operations" by Video Vindicator and Kludge,
dated October 10, 1991.
Aftermath
~~~~~~~~~
On April 23, 1992, a search warrant was issued in the municipal court of the State of California in the county of San Diego which authorized the seizure of:
A. All telephone company subscriber information to include service start date,
copy of most current billing statement, current credit information, and
location of telephone service to the following telephone numbers;
(619)XXX-XXXX and (619)XXX-XXXX and any other telephone number information
in any chain of call forwarding, to or from the listed phone numbers.
B. All telephone company records which includes subscriber information,
service start date, copy of most current billing statement, current credit
information, and location of telephone service phone numbers to which calls
are being forwarded to or from, from the listed phone numbers.
CERTIFICATION TO DEFER NOTIFICATION TO SUBSCRIBER
The Court finds there is substantial probable cause to believe
notification to the subscriber whose activities are recorded in the
records described above would impede or destroy this investigation.
Accordingly, the court certifies the request of the San Diego Police
Department that notification to the subscriber be deferred pending
further order of this court.
On April 30, 1992, a search warrant was issued in the municipal court of the
State of California in the county of San Diego which authorized the search of
Kludge's residence and the seizure of:
All computer equipment and paraphernalia use in computer hacking, or apart
of the BBS known as Scantronics which includes, but is not limited to
monitor(s), keyboard(s), CPU(s), which may or may not contain hard disk
drive(s), floppy drive(s), tape drive(s), CD rom drive(s), modem(s),
fax/modem(s), all hard copies (paper copies) of any computer files which
have been stored or currently stored on/in a computer system, all
documents whether in hard or data form which show how to operate any
computer program or computer file, all memory storage devices which may
include hard disk drive(s), 5 1/4" and 3 1/2" computer memory storage
disks, all computer memory storage and computer back up tapes, and all
computer CD rom disks capable of computer data storage; and, documents and
effects which tend to show dominion and control over said premises and
computer system, including fingerprints, records, handwritings, documents
and effects which bear a form of identification such as a person's name,
photograph, social security number, or driver's license number and keys.
The warrant was used immediately and Scantronics BBS and much more was seized.