home *** CD-ROM | disk | FTP | other *** search
-
-
- ****************************************************************************
- >C O M P U T E R U N D E R G R O U N D<
- >D I G E S T<
- *** Volume 1, Issue #1.01 (March 31, 1990) **
- ****************************************************************************
-
- MODERATORS: Jim Thomas / Gordon Meyer
- REPLY TO: TK0JUT2@NIU.bitnet
- SUBSCRIBE TO: INTERNET:TK0JUT2@NIU.BITNET@UICVM.uic.edu
-
- COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
- information among computerists and to the presentation and debate of
- diverse views.
- --------------------------------------------------------------------
- DISCLAIMER: The views represented herein do not necessarily represent the
- views of the moderators. Contributors assume all responsibility
- for assuring that articles submitted do not violate copyright
- protections.
- --------------------------------------------------------------------
- This is a short issue to double check the address list. Some addresses
- returned the first issue of 1,200 lines because of length. If you receive
- this, but did not receive the first issue, let us know and we will re-send
- it. If length is a problem, let us know. We will try to keep the file
- length to about 1,000 lines, but we have been informed that some notes
- reject anything over 450-500. As a rule of thumb, every 100 lines
- constitutes about 6 K, so if you are restricted by file size, send along
- your limits.
-
- We also remind people that in the "TK0" response, that's a ZERO,
- not an "OH"!
-
- If people send enough material, we will try to put out an issue every few
- weeks. For space purposes, we will ask that signatures be kept brief and
- that that formatting be at least 65 characters per line.
-
- The feedback on the first issue was generally positive. We would like to
- hear from readers regarding the types of articles you would like to see.
- Content will be determined primarily by the contributions, and we
- especially encourage public domain news articles. We caution all
- contributors to assure no copyright violations occur. We have already been
- involved in a minor squabble with the AUSTIN-AMERICAN STATESMAN (see file
- 3, this issue).
-
- In a recent mail test, we accidentally send out a preliminary mailing list
- due to a glitch in our auto-mailing file. This has been corrected. We
- consider the names and addresses on this list strictly confidential, and
- although the digest is open to all receivers and contributors, the mailing
- list is NOT! Mark Seiden (among others) quickly responded. We reprint his
- thoughtful observations in File 1, and accept his invitation to respond in
- File 2.
-
- There have been requests for back issues of various magazines and
- journals of the computer underground. We believe that many of these
- provide a historical archive for those who desire to chronicle the
- growth and maturity of various groups, or who are interested in
- these files for social science research as documents of a particular
- societal subculture. A number of people have suggested that we
- serve as a clearing house for such documents. Because there has
- been no indication that any of the documents are illegal, and
- because law enforcement agencies have not objected on LEGAL GROUNDS
- to any of these documents publicly or--to our knowledge--privately,
- we assume they are acceptable for distribution.
- Currently available are:
-
- PHRACK (issues 1-30)
- LoD/H (issues 1-4)
- We are missing files 10-14 of LoD/H issue #1. Perhaps
- somebody could pass them along.
- P/Hun (issues 1-3)
- PIRATE Magazine (issues 1-5)
- ATI (issues 1-44; we are missing issues #4 and #10. Could somebody
- send these over?)
- And other lesser digests and journals. We will also maintain
- back issues of CuD.
-
- We stress that possession and/or distribution of these documents
- *IN NO WAY* constitutes support or encouragement of any activities
- describes therein. However, we strongly believe that they should
- be available for those interested in fully understanding the
- computer underground subculture.
-
-
- IN THIS ISSUE:
-
- File 1: "Opening the Kimono too Far" (by Mark Seiden)
- File 2: "Which Witch Hunt?" (Editorial response)
- File 3: CuD's First Copyright Squabble--THE AUSTIN-AMERICAN STATESMAN
- File 4: Satirical article from PHRACK 29, phile 7 (reprint)
-
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- + END THIS FILE +
- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
-
-
- ******************************************************************
- *** Computer Underground Digest / Issue 1.01 - File 1 of 4 ***
- ******************************************************************
-
- From: dagobah!mis@uunet.UU.NET(Mark Seiden)
- Message-Id: <9003300201.AA02651@seiden.com>
- To: uunet!UICVM.uic.edu!TK0JUT2%NIU.BITNET@uunet.UU.NET
- Subject: opening the kimono a bit too far?
- Cc: risks@csl.sri.com
-
- Greetings, 'ackologists and -osophists...
-
- You may have noticed that in the process of setting up the BITNET mailing
- list for CuD [Computer Underground Digest] our Lord of Hosts [Jim Thomas]
- somehow managed to send out to everybody a test transmission containing the
- email address of *everybody* on the mailing list.
-
- This set off my "right to privacy/paranoia" detector, prompting a note to
- him saying "Isn't it nice now that you've told the FBI who we all are"
- whereupon he revealed that, indeed, the list contains "everything from law
- enforcement on one end to at least one LoD [Legion of Doom] member on the
- other." What a pleasant rainbow effect that conjured up...
-
- Consider the DEA officials who have (reportedly) been convincing
- advertisers selling Gro-lites in (among other publications) "High Times" to
- turn over their customer lists. Legend has it that the Orchid Societies are
- up in arms over flak-jacketed drug agents with zero-tolerance for indoor
- plant-growing knocking at their member's doors, and to date discovering
- only orchids... (I expect to read about it in the Wall Street Journal
- gardening column any day now.)
-
- I wonder whether overzealous g-men and women might be interested in just
- who cares about the computer underground, suspecting that perhaps they
- might have some personal involvement? Perhaps some of us are now or were
- once in possession of forbidden knowledge valued by beancounters in excess
- of $5000? Hmmm, that backup tape from that job ten years ago containing,
- jeez, i forget, secrets of incalculable worth (in one case, people with
- questionable smarts took hundreds of man-years [yes, they were all men] and
- still didn't get it right...), and that version of troff source I always
- wanted to fix... Ohmigod, I was on the PHRACK mailing list, and now I'm on
- this one too, and I've been to some of the Hackers' Conferences! Now I
- realize this was one of those elaborate sting operations I keep reading
- about, and I got sucked in right away, naive little me...
-
- I'm expecting the Secret Service to show up at my door any day now. I
- would burn those backup tapes, but that's probably a violation of US Title
- 18, section whatever, "thinking about intending to try to conceal evidence
- of a possible future crime" (and I'm even more afraid of a disk crash).
- (Note for the Tomorrow File: A new source of revenue for lawyers: store
- your hacker-client's backup tapes, which would then be protected as
- privileged communication?)
-
- Thanks a lot, Jim. You're welcome to ask the natural/more serious
- follow-on questions...
-
-
- Mark Seiden, mis@seiden.com, 203 329 2722
-
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- + END THIS FILE +
- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
-
-
- ***************************************************************
- *** Computer Underground Digest Issue #1.01 / File 2 of 4 ***
- ***************************************************************
-
- Mark Seiden raises some good points in the previous file. His concerns
- cluster around a couple of issues:
-
- 1) Is having one's name on a mailing list sufficient to trigger law
- enforcement interest and subject the listee to possible harassment?
-
- 2) Are there law enforcement agents on this list?
-
- 3) Are the moderators part of a sting operation?
-
- Mark's comments, although partly tongue in cheek, indicate the degree to
- which over-zealous law-enforcement actions in recent months have had a
- "chilling effect" on the free flow of information. Let's take each of
- these issues in reverse order.
-
- First, the moderators are not part of a sting, nor are we in any way
- connected with, cooperating with, or otherwise involved in enforcement. One
- moderator works for a computer firm, the other is an sixties-lefty whose
- primary work is as a college professor and researcher of prison culture.
- But, Mark is quite correct in his concern for stings. It is *not* paranoia!
- Gary Marx, in his book UNDERCOVER: POLICE SURVEILLANCE IN AMERICA,
- carefully and convincingly documents the threat of police stings to civil
- liberties, their irony in subverting civil rights to protect society, and
- the contributions to distrust and openness they create. One reason for the
- emergence of this digest is the need many of us feel to raise such issues
- at a time when law enforcement seems to be spending as much time
- investigating computer users as other forms of crime. The emergence in many
- (by now most) federal and state agencies of dedicated "computer crime
- units" can too easily lead to the expansion of the definition of "abuse" to
- justify the existence of these units. Once units exist, they must
- investigate, apprehend and prosecute in order to justify their continued
- existence.
-
- Second, we assume from the mailing list that there are at least a few law
- enforcement agents on the list. We welcome them, and hope others subscribe
- as well. Perhaps they will learn something. Neither moderator is involved
- in illicit activity, unless research is considered a crime, and nothing we
- distribute will be knowingly illegal, violate copyright, or be knowingly
- harmful. The mailing list reflects diverse group. The bulk seems to be
- computerists employed in the private sector, followed by academics, and
- mixed in with students, journalists, and others. We will send CuD to
- anybody who requests it, and we welcome the response of law enforcement
- agents in the debates.
-
- Finally, Mark asks if having one's name on a mailing list is sufficient to
- mark them for an investigation. Unfortunately, if recent history is any
- indication, the answer is *YES*! Mark has already indicated a few examples
- of this. The "Red Squads" of the 1960s and 1970s provide a more chilling
- example. There is overwhelming evidence, including documents we ourselves
- obtained as part of a class action law suit against the Michigan State
- Police, to indicate that law enforcement tactics included gathering lists
- by monitoring letters to editors opposing the Viet Nam war or the "social
- -isms," listed license plates of cars parked near political meetings, and
- by numerous other tactics totally anathema in a democratic society. In once
- instance, police in East Lansing, Michigan, actually investigated a
- political candidate who publicly denounced the war. The information in
- these lists, even if unverified, was shared with employers, state agencies,
- and other law enforcement agencies. These lists resulted in loss of
- employment, promotion, or--in the case of FBI documents we
- obtained--harassment in the FBI's COINTELPRO campaign. This included
- anonymous letters to parents or employers of people on the list and even
- direct physical harassment.
-
- We, in the U.S., seem to have short memories. Especially because of drug
- hysteria, we seem to be willing to enact legislation and permit
- investigative tactics that would otherwise be unacceptable. When the
- target is druggies or racketeers, there is little public outrage. But, now
- the tactics seem to be applied to other behaviors as creative agents find
- new uses for laws that have not yet been tested in the courts.
-
- In the last issue of CuD, we provided a rationale for the use of handles.
- We suggest that if anybody has concern about being on a list they use one.
- For e-mailing, we retain only the addresses and not names. Our mailing list
- of net addresses is encrypted and inaccessible, but even if it were
- obtained, there is insufficient information to be of use to anybody except
- e-mail hucksters marketing their warez.
-
- Thanks for raising the issue, Mark.
-
-
-
- ***************************************************************
- *** Computer Underground Digest Issue #1.01 / File 3 of 4 ***
- ***************************************************************
-
- An article in the AUSTIN-AMERICAN STATESMAN by Kyle Pope is perhaps the
- most balanced news story to cover the Legion of Doom indictments and the
- related confiscation of equipment at Steve Jackson Games in Austin. We had
- intended to reprint the entire article. However, when we called the
- AUSTIN-AMERICAN STATESMAN (are there no "stateswomen," or is the A-AS still
- a bastion of macho sexist swinery?), we were informed that on no account
- would they allow the article to be distributed over the nets. When we asked
- how much of the article they would allow us to extract, they told us that
- we could excerpt *NONE* of it. Not even a single line? "None of it!" Well,
- perhaps the A-AS has contracts with other news services who sell
- computerized versions of the story, but "None of it?" C'mon! "Fair use
- doctrine" allows reasonable reproduction of a copyright article, and after
- consulting with an attorney, we reproduce well under the accepted norm.
- So, we can only assume that the A-AS, while to be commended on a fair
- summary of events, as some very uptight anal-retentive types in the
- managing editor's office who confuse company policy with Constitutional
- protections! The following is drawn from a variety of sources, but all
- quotes come from: "U.S. Computer Investigation Targets Austinites" by Kyle
- Pope (%cr% Austin-American Statesman, March 17, 1990: Pp A-1, A-12).
-
- The article summarizes the background of the Legion of Doom indictments
- (see CuD, 1.00, files 4, 5). In the continuing investigation, federal
- agents and Austin police appeared at the home of a Steve Jackson Employee,
- greeting him with guns drawn at 6:30 a.m. They confiscated his equipment,
- and also took a number of books and other documents, including the M.A.
- thesis of CuD co-moderator Gordon Meyer. Why this document is considered
- worthy of confiscation escapes us, unless academic research is now
- considered subversive, and its possession evidence of evidence of criminal
- mischief. One of the concerns of federal agents was the Cyberpunk science
- fiction work being written at Steve Jackon's. Influenced by science fiction
- novel's such as William Gibson's NEUROMANCER and John Brunner's THE
- SHOCKWAVE RIDER, Cyberpunk mixes science fiction, computer fantasy, and
- alienation in futuristic techno-societies. The A-AS interviewed one writer
- who explained the need for realistic detail in the genre:
-
- Bruce Sterling, an Austin science fiction writer and one
- of the world's best-known Cyberpunk writers, said
- Jackson's game and its computer-related discussions are
- hardly unusual for the genre.
-
- "Cyberpunk is thriller fiction," Sterling said. "It deals
- to a great extent with the romance of crime in the same
- way that mysteries or techno-thrillers do."
-
- He said the detailed discussions in the Jackson games are
- what draws people to them.
-
- "That's the charm of simulation games," he said. "You're
- simulating something that's supposed to be accurate. If
- it's cooked up out of thin air, the people who play these
- games are going to lose interest."
-
- Jackson, though, said he has been told by Secret Service
- agents that they view the game as a user's guide to
- computer mischief.
-
- He said they made the comments when he went to the
- agency's Austin office in an unsuccessful attempt to
- reclaim some of his seized equipment.
-
- "As they were reading over it, they kept making outraged
- comments," Jackson said. "When they read it, they became
- very, very upset.
-
- "I said, 'This is science fiction.' They said, 'No. This
- is real.'" (A-AS, p. A-12).
-
- In their zeal to obtain information about reproduction of an E911 training
- document from a Georgia telecommunications company, federal agencies
- confiscated printers, monitors, CPUs, files, and other equipment from
- Jackson because of suspicion that one of his employees, Loyd Blankenship,
- had contacts with Legion of Doom:
-
- Jackson's attorney said federal officials have told him
- that the 911 information pilfered from Bell South has
- surfaced on a computer bulletin board used at Steve
- Jackson games. But the information apparently has not
- been traced to a user.
-
- Jackson said that neither he nor any of his employees is
- a member of the Legion of Doom.
-
- Blankenship, however, did consult with the group in the
- course of researching and writing the Cyberpunk game,
- Jackson said. Further, the group is listed in the game's
- acknowledgments for its aid in providing technical
- information used in Cyberpunk (A-AS, p. A-12).
-
- ----------------------
-
- These confiscations raise a number of issues. First, it seems that any of
- us can have our equipment, and therefore our livelihoods, threatened by any
- connection law enforcement officials make between an offense and an alleged
- possessor of information.
-
- Second, as of this writing (March 30), to our knowledge none of those being
- investigated in this incident has been indicted. Only the equipment has
- been arrested. This, to us, suggests the frightening spectre of
- confiscation of the equipment of innocent people and disruption of lives.
- The A-AS article indicated that the confiscation is having a devastating
- impact on the economic fortunes of Steve Jackson Games.
-
- Third, it appears that laws originally intended to fight drugs and
- organized crime now are being used to thwart the "dreaded computer
- underground." Confiscation of any personal property that creative agents
- can claim "good faith" potential relationship to either an offense or to
- information about an offense, can be confiscated, including an M.A. thesis
- or a draft of a novel in progress. In addition, if, in their search, agents
- happen upon a few seeds of marijuana, they can, under federal anti-drug
- law, incarcerate the searchee without bail.
-
- Gary Marx has argued that we lose our freedoms not with a sweeping
- crackdown, but gradually. Laws originally intended to fight one "menace"
- now are being applied to another. This "other" menace is, we argue, largely
- a creation of media hysteria, law enforcement ignorance of the nature of
- the computer underground, and a complete failure to recognize the need to
- balance protection of the public commonweal with protections of civil
- liberties.
-
- In a recent government publication (NIJ REPORTS, Jan/Feb '90, pp 2-10), the
- authors lump software piracy in the same category as theft of computer
- chips, computers, or trade secrets. In this classification, it seems that
- stealing a new IBM 486 and giving a copy of Norton Utilities to a friend
- are identical! Uploading that pirated copy from New York to a BBS in
- Atlanta would, therefore, constitute a federal offense that subjects the
- "felon" to the full weight of federal prosecution.
-
- Our point is that, in a rapidly changing techno-world, laws are being used
- in a way perhaps appropriate for addressing such predatory crimes as
- listed in the FBI's Uniform Crime Reports, but they hardly address the
- problems of perceived computer abuse, real or imagined. The use of laws
- intended to combat one type of unacceptable behavior, such as racketeering
- or drug abuse, hardly seem appropriate to their current use by federal
- agents to combat computerists. Disrespect for law begins with its
- oppressive misuse, and we suggest that, ultimately, the apparent attempt of
- federal agents and prosecutors to define a social menace, and then make
- their careers saving the world from it, will subvert the respect for and
- rule of law in the long run.
-
- A final note to the A-AS:
- It is within an author's legal rights to write a number of DIFFERENT
- stories, excerpting different parts of a news article in each, and
- ultimately reprint, legally, the entire story. We are not petty enough to
- do so, but we find it somewhat ironic that a company whose existence
- derives from a free press so arrogantly responses to a legitimate request
- to reprint with a categorical statement that *NOTHING* can be reprinted. Is
- there something wrong with this picture, or did your managing editor just
- have a bad day? We will print a reply if you wish to make one.
-
- Jim Thomas (CuD co-moderator)
-
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- + END THIS FILE +
- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
-
-
- ***************************************************************
- *** Computer Underground Digest Issue #1.01 / File 4 of 4 ***
- ***************************************************************
-
- Several responses have asked why people think that the Legion of Doom has
- been accused of ripping off banks. One reason may be that there is a loss
- of a sense of the "absurd" in contemporary society. Satire, irony, and
- subtlety have been replaced by a sense of the literal, and with this loss
- comes a tendency to accept literature at face value. In a November, 1989,
- issue of PHRACK, an article appeared that was intended as satire. This
- intent was clear in the issues introductory file and in the text of this
- file. For those who have wondered what the articled was about, we reprint
- it here.
-
-
- -------------------------------------------------------------
-
-
- ==Phrack Inc.==
-
- Volume Three, Issue 29, File #7 of 12
-
- The Legion of Doom!
- EFT Division
-
- Presents
-
- HOW WE GOT RICH THROUGH ELECTRONIC FUND TRANSFERS
-
- (OR: GEE! NO, GTE!)
-
-
- A certain number of financial institutions that reside within the
- packet-switched confines of the various X.25 networks use their connections to
- transfer funds from one account to another, one mutual fund to another, one
- stock to another, one bank to another, etc... It is conceivable that if one
- could intercept these transactions and divert them into another account, they
- would be transferred (and could be withdrawn) before the computer error was
- noticed. Thus, with greed in our hearts, an associate and I set forth to test
- this theory and conquer the international banking world.
-
- We chose CitiCorp as our victim. This multinational had two address
- prefixes of its own on Telenet (223 & 224). Starting with those two prefixes,
- my associate and I began to sequentially try every possible address. We
- continued through 1000 in increments of one, then A-Z, then 1000-10000 by 10's
- and finally 10000-99999 by 100's. Needless to say, many addresses were
- probably skipped over in our haste to find valid ones, but many we passed over
- were most likely duplicate terminals that we had already encountered.
-
- For the next few days my associate and I went over the addresses we had
- found, comparing and exchanging information, and going back to the addresses
- that had shown 'NOT OPERATING,' 'REMOTE PROCEDURE ERROR,' and 'REJECTING.' We
- had discovered many of the same types of systems, mostly VAX/VMS's and Primes.
- We managed to get into eight of the VAXen and then went forth on the CitiCorp
- DECNET, discovering many more. We entered several GS1 gateways and Decservers
- and found that there were also links leading to systems belonging to other
- financial institutions such as Dai-Ichi Kangyo Bank New York and Chase
- Manhattan. We also found hundreds of addresses to TWX machines and many
- in-house bank terminals (most of which were 'BUSY' during banking hours, and
- 'NOT OPERATING' during off hours). In fact, the only way we knew that these
- were bank terminals was that an operator happened to be idle just as I
- connected with her terminal (almost like the Whoopie Goldberg movie, "Jumpin'
- Jack Flash," not quite as glamorous ...yet.)
-
- Many of the computers we eventually did penetrate kept alluding to the
- electronic fund transfer in scripts, files, and personal mail. One of the
- TOPS-20 machines we found even had an account EFTMKTG.EFT, (password EFTEFT)!
- All the traces pointed to a terminal (or series of terminals) that did nothing
- but transfer funds. We decided that this was the case and decided to
- concentrate our efforts on addresses that allowed us to CONNECT periodically
- but did not respond. After another week of concentrated effort, we managed to
- sort through these. Many were just terminals that had been down or
- malfunctioning, but there were five left that we still had no idea of their
- function. My associate said that we might be able to monitor data
- transmissions on the addresses if we could get into the debug port. With this
- idea in mind, we set out trying sub-addresses from .00 to .99 on the mystery
- addresses. Four of the five had their debug ports at the default location
- (.99). The fifth was located 23 away from the default. That intrigued us, so
- we put the others aside and concentrated on the fifth. Although its location
- was moved, a default password was still intact, and we entered surreptitiously
-
- The system was menu driven with several options available. One option,
- Administrative Functions, put us into a UNIX shell with root privilege. After
- an hour or so of nosing around, we found a directory that held the Telenet
- Debug Tools package (which I had previously thought existed solely for Prime
- computers). Using TDT, we were able to divert all data (incoming and outgoing
- into a file so we could later read and analyze it. We named the file ".trans"
- and placed it in a directory named ".. ", (dot, dot, space, space) so it woul
- remain hidden. This was accomplished fairly late on a Sunday night. After
- logging off, we opened a case of Coors Light and spent the rest of the night
- (and part of the morning!) theorizing about what we might see tomorrow night
- (and getting rather drunk).
-
- At approximately 9:00 p.m. the following evening, we met again and logged
- onto the system to view the capture file, hoping to find something useful. We
- didn't have to look very far! The first transmission was just what we had bee
- dreaming about all along. The computer we were monitoring initiated by
- connecting with a similar computer at another institution, waited for a
- particular control sequence to be sent, and then transferred a long sequence o
- numbers and letters. We captured about 170 different transactions on the firs
- day and several hundred more in the following week. After one business week,
- we removed the file and directory, killed the TDT routine, and went through th
- system removing all traces that we had been there.
-
- We felt that we had enough to start piecing together what it all meant, s
- we uploaded our findings to the LOD HP-3000 (ARMA) in Turkey. This way we
- could both have access to the data, but keep it off our home systems. We
- didn't bother to tell any of the other LOD members about our doings, as most
- had retired, been busted, or were suspected of turning information over to the
- Secret Service. Using this as a base, we analyzed the findings, sorted them,
- looked for strings being sent, etc.
-
- We came to the conclusion that the transmissions were being sent in the
- following way:
-
-
- XXXXXXXXXXXXTCxxxxxxxxxxxx/NNNNNNNNNNNNCnnnnnnnnnnnnAMzzzzzzz.zzOP#
- X=Originating Bank ID
- T=Transfer (Also could be R(ecieve), I(nquire))
- C=Type of account (Checking--Also S(avings) I(RA) M(oney Market)
- T(rust) W(Other wire transfer ie. Credit Transfer, etc.))
- x=Originating Account Number
- /=Slash to divide string
- N=Destination Bank ID
- C=Type of account (See above)
- n=Destination Account Number
- AMzzzzzzz.zz=Amount followed by dollar and cents amount
- OP#=operator number supervising transaction
-
- After this string of information was sent, the destination bank would the
- echo back the transaction and, in ten seconds, unless a CONTROL-X was sent,
- would send "TRANSACTION COMPLETED" followed by the Destination Bank ID.
-
- We now needed to check out our theory about the Bank ID's, which I figure
- were the Federal Reserve number for the Bank. Every bank in America that deal
- with the Federal Reserve System has such a number assigned to it (as do severa
- European Banks). I called up CitiBank and inquired about their Federal Reserv
- Number. It was the number being sent by the computer. With this information,
- we were ready to start.
-
- I consulted an accountant friend of mine for information on Swiss or
- Bahamanian bank accounts. He laughed and said that a $50,000 initial deposit
- was required to get a numbered account at most major Swiss banks. I told him
- to obtain the forms necessary to start the ball rolling and I'd wire the money
- over to the bank as soon as I was told my account number. This shook him up
- considerably, but he knew me well enough not to ask for details. He did,
- however, remind me of his $1000 consulting fee. A few days later he showed up
- at my townhouse with an account number, several transaction slips and
- paperwork. Knowing that I was up to something shady, he had used one of his
- own false identities to set up the account. He also raised his "fee" to $6500
- (which was, amazingly enough, the amount he owed on his wife's BMW).
-
- My associate and I then flew to Oklahoma City to visit the hall of record
- to get new birth certificates. With these, we obtained new State ID's and
- Social Security Numbers. The next step was to set up bank accounts of our own
- My associate took off to Houston and I went to Dallas. We each opened new
- commercial accounts at three different banks as LOD Inc. with $1000 cash.
-
- Early the next day, armed with one Swiss and six American accounts, we
- began our attack. We rigged the CitiCorp computer to direct all of its data
- flow to a local Telenet node, high up in the hunt series. Amazingly, it still
- allowed for connections from non-909/910 nodes. We took turns sitting on the
- node, collecting the transmissions and returning the correct acknowledgments.
- By 12:30 we had $184,300 in electronic funds in "Limbo." Next we turned off
- the data "forwarding" on the CitiCorp computer and took control of the host
- computer itself through the debug port to distribute the funds. Using its dat
- lines, we sent all the transactions, altering the intended bank destinations,
- to our Swiss account.
-
- After I got the confirmation from the Swiss bank I immediately filled out
- six withdrawal forms and faxed them to the New York branch of the Swiss bank
- along with instructions on where the funds should be distributed. I told the
- bank to send $7333 to each of our six accounts (this amount being small enough
- not to set off Federal alarms). I did this for three consecutive days, leavin
- our Swiss account with $52,000. I signed a final withdrawal slip and gave it
- to my accountant friend.
-
- Over the next week we withdrew the $22,000 from each of our Dallas and
- Houston banks in lots of $5000 per day, leaving $1000 in each account when we
- were through. We were now $66,000 apiece richer.
-
- It will be interesting to see how the CitiCorp Internal Fraud Auditors an
- the Treasury Department sort this out. There are no traces of the diversion,
- it just seems to have happened. CitiBank has printed proof that the funds wer
- sent to the correct banks, and the correct banks acknowledgment on the same
- printout. The correct destination banks, however, have no record of the
- transaction. There is record of CitiBank sending funds to our Swiss account,
- but only the Swiss have those records. Since we were controlling the host whe
- the transactions were sent, there were no printouts on the sending side. Sinc
- we were not actually at a terminal connected to one of their line printers, no
- one should figure out to start contacting Swiss banks, and since CitiBank does
- this sort of thing daily with large European banks, they will be all twisted
- and confused by the time they find ours. Should they even get to our bank,
- they will then have to start the long and tedious process of extracting
- information from the Swiss. Then if they get the Swiss to cooperate, they wil
- have a dead-end with the account, since it was set up under the guise of a
- non-entity. The accounts in Dallas and Houston were also in fake names with
- fake Social Security Numbers; we even changed our appearances and handwriting
- styles at each bank.
-
- I'm glad I'm not the one who will have the job of tracking me down, or
- even trying to muster up proof of what happened. Now we won't have to worry
- about disposable income for awhile. I can finish college without working and
- still live in relative luxury. It's kind of weird having over six-hundred $10
- bills in a drawer, though. Too bad we can't earn any interest on it!
-
-
- ** Since the events described transpired, CitiBank has made their Banking
- Transaction Ports all refuse collect connections. Even by connecting
- with an NUI they now respond "<<ENTER PASSWORD>>". C'est La Vie.
-
- >--------=====END=====--------<
-
-
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- + END OF CuD #1.01 +
- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
- !