The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / phrack2 / phrack32.011 < prev next >

Wrap

Text File | 2003-06-11 | 64.5 KB | 1,358 lines

KL ^*^ KL ^*^ KL ^*^ KL ^*^ KL K N I G H T L I N E Issue 01/Part II of III 17th of November, 1990 Written, compiled, and edited by Doc Holiday KL ^*^ KL ^*^ KL ^*^ KL ^*^ KL --- F R O M T H E W I R E _______________________________________________________________________________ HEADLINE ADAPTING DIGITAL SWITCH -- Fujitsu To Expand In U.S. Byline: ROBERT POE DATE 11/15/90 SOURCE COMMUNICATIONSWEEK (CWK) Issue: 322 Section: PUBLIC NETWORKING Page: 33 (Copyright 1990 CMP Publications, Inc. All rights reserved.) RALEIGH, N.C.-Fujitsu Ltd. is boosting efforts to adapt its digital exchange to the U.S. network, in anticipation of the $40 billion public switch changeout expected in the United States over the next 10 to 15 years. Fujitsu plans to increase the number of U.S. staff members in charge of selling and engineering the Fetex-150 switch to 600 by 1994 from the current 100, officials at the Tokyo-based company said. The increase will shift development of sophisticated switch features from Japan to the United States, said one observer familiar with Fujitsu Network Switching of America Inc., based here. FILLING U.S. NEEDS Most of the current staff there is working on testing the performance and network conformance of software developed in Japan, the observer said. With the expansion, the subsidiary will be responsible for developing functions and capabilities required by U.S. customers. The Fetex-150 is Fujitsu's export-model exchange switch, with more than 8.8 million lines installed or on order in 17 countries. None have been sold in the United States, but the recently announced plans confirm longstanding speculation that the Japanese manufacturer is planning a major push into the U.S. When Fujitsu won a major switch tender in Singapore last autumn, competitors complained it was selling the equipment at cost to win a prestigious contract that would serve as a stepping-stone to the United States. WOOING THE BELLS Fujitsu said its switch has passed Phase 1 and Phase 2 evaluations by Bell Communications Research Inc., Livingston, N.J., the research arm of the seven U.S. regional Bell companies. Although the Bellcore certification is considered essential to selling to the Bells-which account for about 75 percent of U.S. telephone lines-it may not be enough for the company to break into a market dominated by AT&T and Nashville, Tenn.-based Northern Telecom Inc. Those two manufacturers have more than 90 percent of the U.S. market. A share like that, coupled with Bell company inertia in changing to new suppliers, leaves foreign public switch manufacturers largely out in the cold, analysts said. The U.S. subsidiaries of Siemens AG, L.M. Ericsson Telephone Co., NEC Corp. and GEC Plessey Telecommunications Ltd. have found the U.S. market tough to crack, though each has had limited success and is further along than Fujitsu. `INHERENT CONSERVATISM' "There's an inherent conservatism on the part of their {U.S.} customer base," said Robert Rosenberg, director of analytical services at The Eastern Management Group, Parsippany, N.J. "These are huge companies with billions of dollars invested in their current equipment. "Even if Fujitsu comes up with a switch that has all the bells and whistles that an engineer could ever want, if all the support systems have to be rebuilt in order to fit that switch into the network, his manager won't let him install it," Rosenberg said. _______________________________________________________________________________ Telephone Services: A Growing Form Of "Foreign Aid" Keith Bradsher, {The New York Times}, Sunday, October 21, 1990 (Business section, page 5) Americans who make international telephone calls are paying extra to subsidize foreign countries' postal rates, local phone service, even schools and armies. These subsidies are included in quarterly payments that American telephone companies must make to their counterparts overseas, most of these are state-owned monopolies. The net payments, totaling $2.4 billion last year, form one of the fastest-growing pieces of the American trade deficit, and prompted the Federal communications Commission this summer to begin an effort that could push down the price that consumers pay for an international phone call by up to 50 percent within three years. The imbalance is a largely unforeseen side effect of the growth of competition in the American long-distance industry during the 1980's. The competition drove down outbound rates from the United States, while overseas monopolies kept their rates high. The result is that business and families spread among countries try to make sure that calls originate in the United States. Outbound calls from the United States now outnumber inbound calls by 1.7-to-1, in minutes -- meaning American phone companies have to pay fees for the surplus calls. The F.C.C. is concerned that foreign companies are demanding much more money than is justified, given the steeply falling costs of providing service, and proposes to limit unilaterally the payments American carriers make. Central and South American countries filed formal protests against the F.C.C.'s plan on October 12. Although developed countries like Britain and Japan account for more than half of United States international telephone traffic, some of the largest imbalances in traffic are with developing countries, which spend the foreign exchange on everything from school systems to weapons. The deficit with Columbia, for example, soared to $71 million last year. International charges are based on formulas assigning per-minute costs of receiving and overseas call and routing it within the home country. But while actual costs have dropped in recent years, the formulas have been very slow to adjust, if they are adjusted at all. For example, while few international calls require operators, the formulas are still based on such expenses. Furthermore, the investment required for each telephone line in an undersea cable or aboard a satellite has plummeted with technological advances. A trans-Pacific cable with 600,000 lines, announced last Wednesday and scheduled to go into service in 1996, could cost less than $1,000 per line. Yet the phone company formulas keep charges high. Germany's Deutsche Bundespost, for example, currently collects 87 cents a minute from American carriers, which actually lose money on some of the off-peak rates they offer American consumers. MORE CALLS FROM THE U.S. ARE GENERATING A GROWING TRADE DEFICIT U.S. telephone companies charge less for 1980 0.3 (billions of overseas calls than foreign companies 1981 0.5 U.S. dollars) charge for calls the United States. So 1982 0.7 more international calls originate in the 1983 1.0 United States. But the U.S. companies pay 1984 1.2 high fees to their foreign counterparts for 1985 1.1 handling those extra calls, and the deficit 1986 1.4 has ballooned in the last decade. 1987 1.7 1988 2.0 1989 2.4 (estimate) (Source: F.C.C.) THE LONG DISTANCE USAGE IMBALANCE Outgoing and incoming U.S. telephone traffic, in 1988, the latest year for which figures are available, in percent. Whom are we calling? Who's calling us? Total outgoing traffic: Total incoming traffic: 5,325 million minutes 3,155 million minutes Other: 47.9% Other: 32.9% Canada: 20.2% Canada: 35.2% Britain: 9.1% Britain: 12.6% Mexico: 8.8% Mexico: 6.2% W. Germany: 6.9% W. Germany: 5.4% Japan: 4.4% Japan: 4.3% France: 2.7% France: 3.4% (Source: International Institute of Communications) COMPARING COSTS: Price range of five-minute international calls between the U.S. and other nations. Figures do not include volume discounts. Country From U.S.* To U.S. Britain $2.95 to $5.20 $4.63 to $6.58 Canada (NYC to $0.90 to $2.25 $1.35 to $2.26 Montreal) France $3.10 to $5.95 $4.72 to $7.73 Japan $4.00 to $8.01 $4.67 to $8.34 Mexico (NYC to $4.50 to $7.41 $4.24 to $6.36 Mexico City) West Germany $3.10 to $6.13 $10.22 * For lowest rates, callers pay a monthly $3 fee. (Source: A.T.&T.) WHERE THE DEFICIT FALLS: Leading nations with which the United States has a trade deficit in telephone services, in 1989, in millions of dollars. Mexico: $534 W. Germany: 167 Philippines: 115 South Korea: 112 Japan: 79 Dominican Republic: 75 Columbia: 71 Italy: 70 (Source: F.C.C.) Israel: 57 Britain: 46 THE RUSH TOWARD LOWER COSTS: The cost per telephone line for laying each of the eight telephone cables that now span the Atlantic Ocean, from the one in 1956, which held 48 lines, to the planned 1992 cable which is expected to carry 80,000 lines. In current dollars. 1956 $557,000 1959 436,000 1963 289,000 1965 365,000 1970 49,000 1976 25,000 1983 23,000 (Source, F.C.C.) 1988 9,000 1992 5,400 (estimate) _______________________________________________________________________________ A few notes from Jim Warren in regards to the CFP conference: Greetings, Some key issues are now settled, with some minor remain for resolution. CONFERENCE DATES, LOCATION & MAXIMUM SIZE We have finally completed site selection and contracted for the Conference facility. Please mark your calendars and spread the word: First Conference on Computers, Freedom & Privacy March 25-28,1991, Monday-Thursday SFO Marriott, Burlingame, California (just south of San Francisco International Airport; on the San Francisco Peninsula, about 20 minutes from "The City") maximum attendance: 600 PLEASE NOTE NAME CHANGE We have found *ample* issues for a very robust Conference, limited only to computer-related issues of responsible freedom and privacy. After questions regarding satellite surveillance, genetic engineering, photo traffic radar, wireless phone bugs, etc., we decided to modify the Conference title for greater accuracy. We have changed it from "Technology, Freedom & Privacy" to "Computers, Freedom & Privacy." ONE MORE NIT TO PICK Until recently, our draft title has included, "First International Conference". We most definitely are planning for international participation, especially expecting presentations from EEC and Canadian privacy and access agencies. These will soon have significant impacts on trans-border dataflow and inter- national business communications. However, we were just told that some agencies require multi-month clearance procedures for staff attending any event with "International" in its title. **Your input on this and the minor issue of whether to include "International" in our Conference title would be appreciated.** ATTRIBUTION (BLAME) We are building the first bridge connecting the major, highly diverse villages of our new electronic frontier. Such construction involves some degree of exploration and learning. These title-changes are a result of that learning process. Please attribute all responsibility for the fluctuating Conference title to me, personally. I am the one who proposed the first title; I am the one who has changed it to enhance accuracy and avoid conflict. Of course, the title will be settled and finalized (with your kind assistance) before the Conference is formally announced and publicity statements issued -- soon! Thanking you for your interest and continued assistance, I remain, Sincerely, --Jim Warren, CFP Conf Chair jwarren@well.ca.sf.us _______________________________________________________________________________ [Reprented from TELECOM digest. --DH] FROM: Patrick Townson <telecom@eecs.nwu.edu> SUBJECT: Illinois Bell Shows Real CLASS For several months now, Illinois Bell has been hawking CLASS. Brochures in the mail with our bills and newspaper advertisements have told us about the wonderful new services soon to be offered. It was just a question, they said, of waiting until your central office had been converted. The new features being offered are: *66 Auto Call Back: Call back the last number which called you. No need to know the number. *69 Repeat Dial: If the number you dialed was busy, punching this will keep trying the number for up to 30 minutes, and advise you when it can connect. *60 Call Screening Enter: # plus number to be screened out plus # * plus number to be re-admitted plus * # plus 01 plus # to add the number of the last call you received, whether or not you know the number. 1 To play a list of the numbers being screened. 0 For a helpful recording of options, etc. Distinctive Ringing Up to ten numbers can be programmed in. When a call is received from one of these numbers, your phone will give a special ring to advise you. Multi-Ring Service Two additional numbers can be associated with your number. When someone dials one of these two numbers, your phone will give a special ring. With both Distinctive Ringing and Multi-Ring Service, if you have Call Waiting, the Call Waiting tones will be different from the norm also, so that you can tell what is happening. With Multi-Ring Service, you can have it programmed so the supplementary numbers associated with your main number are forwarded when it is forwarded, or do not observe forwarding, and 'ring through' despite what the main number is doing. Alternate Answer Can be programmed so that after 3-7 rings, the unanswered call will be automatically sent to another line *WITHIN YOUR CENTRAL OFFICE*. If the number assigned as an alternate is itself busy or forwarded OUTSIDE YOUR OFFICE then Alternate Answer will not forward the call and continue to ring unanswered. Transfer on Busy/ This is just another name for 'hunt'. The No Answer difference is that hunt is free; Transfer on Busy/NA costs a couple bucks per month. Like Alternate Answer, it must forward only to a number on the same switch. Unlike hunt, it will work on NA as well. Unlike Alternate Answer, it works on busy as well. Caller*ID will be available 'eventually' they say. Now my story begins: From early this summer to the present, I've waited patiently for CLASS to be available in Chicago-Rogers Park. Finally a date was announced: October 15 the above features would be available. In mid-September, I spoke with a rep in the Irving-Kildare Business Office. She assured me *all* the above features would be available on October 15. My bill is cut on the 13th of each month, and knowing the nightmare of reading a bill which has had changes made in mid-month (page after page of pro-rata entries for credits on the old service, item by item; pro-rata entries for the new service going in, etc) it made sense to implement changes on the billing date, to keep the statement simple. She couldn't write the order for the service to start October 13, since CLASS was not officially available until the fifteenth. Well, okay, so its either wait until November 13 or go ahead and start in mid-month, worrying about reading the bill once it actually arrives. I've been ambivilent about CLASS since it is not compatible with my present service 'Starline', but after much thought -- and since all installation and order-writing on Custom Calling features is free now through December 31! -- I decided to try out the new stuff. She took the order Wednesday afternoon and quoted 'sometime Thursday' for the work to be done. In fact it was done -- or mostly done -- by mid-afternoon Thursday. But I should have known better. I should have remembered my experience with Starline three years ago, when it took a technician in the central office *one week* to get it all in and working correctly. Still, I took IBT's word for it. I got home about 5:30 PM Thursday. *You know* I sat down right away at the phone to begin testing the new features! :) The lines were to be equipped as follows: Line 1: Call Waiting Line 2: Call Forwarding Three Way Calling Speed Dial 8 Call Forwarding Busy Repeat Dialing *69 Speed Dial 8 Auto Call Back *66 (second line used mostly by modem; Busy Repeat Dialing *69 so Call Waiting undesirable) Call Screening *60 Alternate Answer (supposed to be programmed to Voice Mail; another CO; another area code ╒708σ; even another telco ╒Centelσ). Busy Repeat Dialing did not work on the second line (not installed) and Alternate Answer worked (but not as I understood it would) on the first line. Plus, I had forgotten how to add 'last call received' to the screening feature. It is 5:45 ... business office open another fifteen minutes ... good! I call 1-800-244-4444 which is IBT's idea of a new way to handle calls to the business office. Everyone in the state of Illinois calls it, and the calls go wherever someone is free. Before, we could call the business office in our neighborhood direct ... no longer. I call; I go on hold; I wait on hold five minutes. Finally a rep comes on the line, a young fellow who probably Meant Well ... After getting the preliminary information to look up my account, we begin our conversation: Me: You see from the order the new features put on today? Him: Yes, which ones are you asking about? Me: A couple questions. Explain how to add the last call received to your call screening. Him: Call screening? Well, that's not available in your area yet. You see, it will be a few months before we offer it. Me: Wait a minute! It was quoted to me two days ago, and it is on the order you are reading now is it not? ╒I read him the order number to confirm we had the same one.σ Him: Yes, it is on here, but it won't work. No matter what was written up. Really, I have to apologize for whoever would have taken your order and written it there. Me: Hold on, hold on! It *is* installed, and it *is* working! I want to know how to work it. Him: No it is not installed. The only features we can offer you at at this time are Busy Redial and Auto Callback. Would you like me to put in an order for those? Me: Let's talk to the supervisor instead. Him: (in a huff) Gladly sir. Supervisor comes on line and repeats what was said by the rep: Call Screening is not available at this time in Chicago-Rogers Park. At this point I am furious ... Me: Let me speak to the rep who took this order (I quoted her by name.) Supervisor: I never heard of her. She might be in some other office. Me: (suspicious) Say, is this Irving-Kildare? Supervisor: No! Of course not! I am in Springfield, IL. Me: Suppose you give me the name of the manager at Irving-Kildare then, and I will call there tomorrow. (By now it was 6 PM; the supervisor was getting figity and nervous wanting to go home.) Supervisor: Here! Call this number tomorrow and ask for the manager of that office, 1-800-244-4444. Me: Baloney! Give me the manager's direct number! Supervisor: Well okay, 312-xxx-xxxx, and ask for Ms. XXXX. Me: (suspicious again) She is the manager there? Supervisor: Yes, she will get you straightened out. Goodbye! Comes Friday morning, I am on the phone a few minutes before 9 AM, at the suggested direct number. Ms. XXXX reviewed the entire order and got the Busy Repeat Dial feature added to line two ... but she insisted the original rep was 'wrong for telling you call screening was available ..' and the obligatory apology for 'one of my people who mislead you'. I patiently explained to her also that in fact call screening was installed and was working. Manager: Oh really? Are you sure? Me: I am positive. Would you do me a favor? Call the foreman and have him call me back. Manager: Well, someone will call you later. Later that day, a rep called to say that yes indeed, I was correct. It seems they had not been told call screening was now available in my office. I told her that was odd, considering the rep who first took the order knew all about it. I asked when the Alternate Answer 'would be fixed' (bear in mind I thought it would work outside the CO, which it would not, which is why it kept ringing through to me instead of forwarding.) She thought maybe the foreman could figure that out. Maybe an hour later, a techician did call me to say he was rather surprised that call screening was working on my line. He gave a complete and concise explanation of how Alternate Answer and Transfer on Busy/No Answer was to work. He offered to have it removed from my line since it would be of no value to me as configured. One question he could not answer: How do you add the last call received to call screening? He could find the answer nowhere, but said he would see to it I got 'the instruction booklet' in the mail soon, so maybe I could figure it out myself. I got busy with other things, and put the question aside ... until early Saturday morning when I got one of my periodic crank calls from the same number which has plagued me for a couple months now with ring, then hangup calls on an irregular basis. For the fun of it, I punched *69, and told the sassy little girl who answered the phone to quit fooling around. She was, to say the least, surprised and startled by my call back. I don't think I will hear from her again. :) But I decided to ask again how to add such a number to call screening, so I called Repair Service. The Repair Service clerk pulled me up on the tube *including the work order from two days earlier* and like everyone else said: Repair: You don't have Call Screening on your line. That is not available yet in your area. We are adding new offices daily, blah, blah. I *couldn't believe* what I was hearing ... I told her I did, and she insisted I did not ... despite the order, despite what the computer said. Finally it was on to her supervisor, but as it turned out, her supervisor was the foreman on duty for the weekend. Like the others, he began with apologies for how I 'had been misinformed' ... no call screening was available. Me: Tell ya what. You say no, and I say yes. You're on the test board, no? I'll hang up. You go on my line, dial *60, listen to the recording you hear, then call me back. I will wait here. Take your time. When you call back, you can apologize. Foreman: Well, I'm not on the test board, I'm in my office on my own phone. Me: So go to the test board, or pick me up in there wherever it is handy and use my line. Make a few calls. Add some numbers to the call screening; then call me back with egg on your face, okay? Foreman: Are you saying call screening is on your line and you have used it? Me: I have used it. Today. A few minutes ago I played with it. Foreman: I'll call you back. (Fifteen minutes later) ... Foreman: Mr. Townson! Umm ... I have been with this company for 23 years. I'll get to the point: I have egg on my face. Not mine really, but the company has the egg on the face. You are correct; your line has call screening. Me: 23 years you say? Are you a member of the Pioneers? Foreman: (surprised) Why, uh, yes I am. Me: Fine organization isn't it ... Foreman: Yes, it certainly is. You know of them? Me: I've heard a few things. Foreman: Look, let me tell you something. I did not know -- nor *did anyone in this office know* that call screening was now available. We were told it was coming, that's all. Me: You mean no one knew it was already in place? Foreman: No, apparently not ... I think you are the only customer in the Rogers Park office who has it at this time. Because the assumption was it was not yet installed, the reps were told not to take orders for it ... I do not know how your order slipped through. Me: Will you be telling others? Foreman: I have already made some calls, and yes, others will be told about this on Monday. Me: Well, you know the *81 feature to turn call screening on and off is still not working. Foreman: I'm not surprised. After all, none of it is supposed to be working right now. You seem to know something about this business, Mr. Townson. Me: I guess I've picked up a few things along the way. We then chatted about the Transfer on Busy/No Answer feature. I asked why, if my cell phone on 312-415-xxxx had the ability to transfer calls out of the CO and be programmed/turned on and off from the phone itself, my wire line could not. 312-415 is out of Chicago-Congress ... he thought it might have to do with that office having some different generics than Rogers Park ... but he could not give a satisfactory answer. Patrick Townson _______________________________________________________________________________ The following article appeared in the U-M Computing Center News (October 25, 1990, V 5, No 18, Pg 10) [This article was also reprinted in TELECOM digest -DH] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NSFNET DEMONSTRATES INTERCONTINENTAL ISO TRANSMISSION [Editor's note: The following article is reprinted, with modifications, from the September 1990 issue of the Link Letter (Vol 3, No 4), published by the Merit/NSFNET backbone project] At the end of September, partners in the National Science Foundation Network (NSFNET) announced a succesful demonstration of intercontinental data transmission using the International Standards Organization Conectionless Network Protocol (ISO CLNP). The international exchange of ISO CLNP packets was demonstrated betweeen end systems at the NSFNET Network Operations Center in Ann Arbor and in Bonn, West Germany, using the NSFNET backbone infrastructure and the European Academic Supercomputer Initiative (EASInet) backbone. The prototype OSI implementation is intended to provide wide area connectivity between OSI networks, including networks using the DECNet Phase V protocols. The new software was integrated into the NSFNET's "packet switching" (data transmission) nodes by David Katz and Susan Hares of the Merit Computer Network, with support from IBM's software developement departments in Milford, CT and Yorktown Heights, NY. NSFNET is the first federally supported computer network to acheive international ISO CLNP transmission on an operating network, according to Merit's Hans-Werner Braun, Principle Investigator for the NSFNET Project. The Prototype ISO implementation is being designed to coexist with NSFNET's operational Internet Protocol (IP) network, and is a significant step towards offering ISO services on the NSFNET backbone. Eric Aupperle, President of Merit and acting director of ITD Network Systems, says that "the demonstration shows that we're capable of transporting ISO traffic. Now we're working to deploy this experimental service as fast as possible." An implementation of CLNP was first demonstrated by Merit/NSFNET staff at the InterOp '89 conference. That implementation of CLNP was originally developed as part of the ARGO project at the University of Wisconsin, Madision, with the support of the IBM Corporation. by Ken Horning DTD Network Systems. _______________________________________________________________________________ {Middlesex News}, Framingham, Mass., 11/2/90 Prodigy Pulls Plug on Electronic Mail Service For Some By Adam Gaffin NEWS STAFF WRITER Users of a national computer network vow to continue a protest against censorship and a new charge for electronic mail even though the company kicked them off-line this week. Brian Ek, spokesman for the network, Prodigy, said the "handful" of users had begun harassing other users and advertisers on the service and that some had even created programs "to flood members' 'mailboxes' with (thousands of) repeated and increasingly strident harangues," he said. But leaders of the protest say they sent only polite letters -- approved by the company's legal department -- using techniques taught by the company itself. Up to nine of them had their accounts pulled hips week. Protests began in September when the company said it would cut unlimited electronic mail from its monthly fee -- which includes such services as on-line airline reservations, weather and games -- and would charge 25 cents for every message above a monthly quota of 30. Ek says the design of the Prodigy network makes "e-mail" very expensive and that few users send more than 30 messages a month. But Penny Hay, the only organizer of the "Cooperative Defense Committee" whose account was not shut this week, said she and others are upset with Prodigy's "bait and switch" tactics: The company continues to promote "free" electronic mail as a major feature. She said Prodigy itself had spurred use of e-mail by encouraging subscribers to set up private e-mail ``lists'' rather than use public forums and that the charges will especially hurt families, because the quota is per household, not person. Ek said relatively few members protested the rate chqange. Gary Arlen, who publishes a newsletter about on-line services, called the controversy "a tempest in a teapot." Hay, however, said the group now has the backing of nearly 19,000 Prodigy users -- the ones advertisers would want to see on-line because they are the most active ones on the system and so more likely to see their ads. The group is also upset with the way the company screens messages meant for public conferences. Other services allow users to see "postings" immediately. "They are infamous for this unpredicible and unfathomable censorship," Hay said. "We feel what we are doing is not censoring because what we are essentially doing is electronic publishing," Ek said, comparing the public messages to letters to the editor of a family newspaper. Neil Harris, marketing director at the competing GEnie service, said many people would feel intimidated knowing that what they write is being screened. He said GEnie only rarely has to deleted messages. And he said GEnie has picked up several thousand new customers from among disgruntled Prodigy users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Conversations with Fred," {Middlesex News}, Framingham, 11/6/90. The story is bizarre but true, swears Herb Rothman. Seems Prodigy, the network run as a joint venture by Sears and IBM, wouldn't let somebody post a message in a coin-collecting forum that he was looking for a particular Roosevelt dime for his collection. Upset, the man called "member services." The representative told him the message violated a Prodigy rule against mentioning another user in a public message. "What user?" the man asked. "Roosevelt Dime," the rep replied. "That's not a person!" the man said. "Yes he is, he's a halfback for the Chicago Bears," the rep shot back. Rothman is one of those alleged compu-terrorists Prodigy claims is harassing other users and companies that advertise on the service by sending out thousands upon thousands of increasingly hostile messages in protest of a Prodigy plan to begin charging users who send more than 30 e-mail messages a month. Rothman and the others say they sent very polite messages to people (Penny Hay of Los Angeles says her messages were even approved by the Prodigy legal department) telling them about the new fees and urging them to protest. What's really happening is that Prodigy is proving its complete arrogance and total lack of understanding of the dynamics of on-line communication. They just don't get it. People are NOT going to spend nearly $130 a year just to see the weather in Oregon or order trips to Hawaii. Even the computerphobes Prodigy wants to attract quickly learn the real value of the service is in finding new friends and holding intelligent "discussions" with others across the country. But Prodigy blithely goes on censoring everything meant for public consumption, unlike other nationwide services (or even bulletin-board systems run out of some teenager's bedroom). Rothman's story is not the only one about capricious or just plain stupid censoring. Dog fanciers can't use the word ``bitch'' when talking about their pets, yet the service recently ran an advice column all about oral sex. One user who complained when a message commenting on the use of the term "queen bitch" on "L.A. Law" was not allowed on was told that "queen b***h" would be acceptable, because adults would know what it meant but the kiddies would be saved. So when the supposed technology illiterates Prodigy thinks make up its user base managed to get around this through the creation of private mail "lists" (and, in fact, many did so at the urging of Prodigy itself!), Prodigy started complaining of "e-mail hogs," quietly announced plans to levy charges for more than a minute number of e-mail messages each month and finally, simply canceled the accounts of those who protested the loudest! And now we are watching history in the making, with the nation's first nationwide protest movement organized almost entirely by electronic mail (now don't tell Prodigy this, but all those people they kicked off quickly got back onto the system -- Prodogy allows up to six users per household account, and friends simply loaned their empty slots to the protest leaders). It's truly amazing how little faith Prodigy has in the ability of users to behave themselves. Other systems have "sysops" to keep things in line, but rarely do they have to pull messages. Plus, Prodigy is just being plain dumb. Rothman now has a mailing list of about 1,500. That means every time he sends out one of his newsletters on collectibles, he sends 1,500 e-mail messages, which, yes, costs more for Prodigy to send over long-distance lines and store in its central computers. But if they realized their users are generally mature, rather than treating them as 4-year-olds, Rothman could post just one message in a public area, that everybody could see. Is this any way to run an on-line system? Does Prodigy really want to drive away the people most inclined to use the service -- and see all those ads that pop up at the bottom of the screen? Prodigy may soon have to do some accounting to the folks at IBM and Sears, who by most accounts have already poured at least $750 million into "this thing." - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - With your computer and modem, you can reach Fred the Middlesex News Computer anytime, day or night, at (508) 872-8461. Set your parameters to 8-1-N and up to 2400 baud. _______________________________________________________________________________ HEADLINE Cops Say Hacker, 17, `Stole' Phone Service Byline: By Joshua Quittner DATE 10/31/90 SOURCE Newsday (NDAY) Edition: NASSAU AND SUFFOLK Section: NEWS Page: 02 (Copyright Newsday Inc., 1990) State Police arrested a 17-year-old computer hacker at his terminal yesterday afternoon, and charged the Bethpage High School student with using his computer to run up more than $1 million worth of long-distance telephone calls on credit card numbers he deciphered. State Police Senior Investigator Donald Delaney, who supervised the investigation and arrest of John Farrell, of 83 S. Third St., said that the case was among the first to rely on new technology developed by telecommunications engineers to track long-distance telephone-service abusers. Investigators believe that as early as December, 1989, Farrell was using his computer and a homemade electronic device, known as a black box, to sequentially dial telephone numbers, which double as credit card numbers. By automatically calling the numbers in sequence, Farrell hoped to trigger a signal indicating a valid credit card number. However, AT&T, which recently developed software to detect such sequential dialing, alerted Delaney's office in September of Farrell's alleged attempts. In July, investigators surreptitiously placed a "pen register" - a device that records all numbers dialed from a particular phone line - on Farrell's telephone, Delaney said. State Police and U.S. Secret Service agents - the federal agency has been taking an active part in computer crimes and investigates credit card fraud - staked out Farrell's house yesterday afternoon. Shortly after 3 p.m., when the youth arrived home from school, technicians monitoring his telephone line signaled the police that he had already turned on his computer and was using an illegal credit card number to access an electronic bulletin board in Illinois, police said. Officers, armed with a search warrant, then entered the house and arrested Farrell. Delaney said Farrell found over 100 long-distance credit card numbers, from four long-distance carriers, and posted them on rogue electronic bulletins boards in Virginia, Chicago, Denmark and France. Although he allegedly made most of the illegal calls, other hackers also used the numbers. The majority of the calls - more than $600,000 worth - were billed to four corporate card numbers, said Delaney, who added that the phone company is responsible for such losses. Farrell was arrested and charged with six felonies, including grand larceny, computer trespass and criminal possession of stolen property. The charges carry a maximum penalty of four years in prison. He was released into the custody of his parents last night. Neither Farrell nor his parents could be reached for comment yesterday. Farrell was associated with a group of hackers who called themselves Paradox, Delaney said. _______________________________________________________________________________ HEADLINE Menacing calls started out as prank, says participant Byline: Katharine Webster and Graciella Sevilla Credit: Staff Writer Notes: Editions vary : Head varies DATE 10/28/90 SOURCE The San Diego Union and Tribune (SDU) Pub: UNION Edition: 1,2,3,4,5,6 Section: LOCAL Page: B-1 (Copyright 1990) A three-year campaign of telephoned threats and ethnic slurs directed against the Jewish owner of a National City pawn shop started out as a "stupid prank" that grew to include more than 100 people, according to one of the young men who participated in the harassment. "Little did I know when I started this three years ago, that it would escalate into my brother calling (David Vogel) 10 times a day," said Gary Richard Danko, 21, of Chula Vista, who cooperated with the FBI investigation that resulted in the indictment Wednesday of his older brother and two other men on civil rights charges. Michael Dennis Danko, 23, and Brett Alan Pankauski, 22, both of Chula Vista, and Jeffrey Alan Myrick, 21, of Paradise Hills in San Diego, pleaded not guilty in U.S. District Court yesterday to a six-count indictment charging them with wire fraud and felony conspiracy to violate the civil rights of David Vogel, a 66-year-old Jewish immigrant who escaped the Holocaust. Pankauski was released on $10,000 bail and admonished to avoid all contact with Vogel. But Danko and Myrick were held without bail pending an Oct. 4 detention hearing after federal prosecutor Michael McAuliffe convinced Magistrate Irma Gonzalez that they posed substantial flight risks. On Wednesday, Gary Danko and a friend, Robert John Byrd, 21, also of Chula Vista, pleaded guilty to one misdemeanor count of conspiring to violate Vogel's civil rights, according to a spokesman for the U.S. attorney's office. The two friends, who met while working at a 7-Eleven, were released and agreed to testify at the trial of the remaining three defendants. Though the arrests climaxed a five-month investigation involving the FBI, U.S. attorney's office and the Department of Justice, Gary Danko said yesterday that the menacing phone calls to numbers picked "at random" from the telephone book began years ago. The group of friends, most of whom have known each other since elementary school, all used to make crank phone calls, Danko said, even to each other. They also experimented with breaking codes for answering machines and changing the outgoing message to something profane. While he said he stopped making the calls to Vogel a couple of years ago, his brother and others "took it out to a degree to torment the guy." "I feel bad that it turned out this way," Danko said. "I wish there was some way I could make it up to David (Vogel)." "I know how he feels," Danko added. "Ever since I've had my own phone line I've had harassing phone calls between 2 and 6 in the morning to the point where I've changed my phone number three times." Danko denied that he, his brother, or any of the other defendants in the case were racists or that they had targeted Vogel for any particular reason. He said that the defendants made crank calls to many people, and that the anti-Jewish nature of the calls to Vogel was probably based on a "lucky guess" that he was Jewish. According to the indictment, Michael Danko, Myrick, and Pankauski made phone calls in which they referred to Nazi concentration camps and Hitler, while threatening to harm Vogel and his pawn-shop business. Vogel said he began receiving the phone calls -- which included racial slurs and taunts about his wife -- in 1987. Sometimes he received up to 12 calls a day, creating a "personal hell." Earlier this year, he finally hired a private investigator, who then turned the case over to the FBI. "It caused suffering for us like the concentration camps did for my family," Vogel said. "It was horrible." Another relative of Gary and Michael Danko, who asked not to be identified, said he thought the calls to Vogel continued only "because they got a reaction out of him -- he screamed and yelled at them." But he said Vogel was probably not the only Jew targeted in the phone calls. The relative agreed with FBI agents, who described these incidents as isolated and not connected with organized racist groups such as the Skinheads. Instead, he said, the brothers thought they were doing "something funny." He said he thought they still didn't realize they were doing something wrong, even though he had "yelled and screamed at them" to stop. Gary Danko is a computer "hacker" who works at a computer store, he said. Michael Danko was unemployed. FBI agents began investigating the calls in May, when they placed a tape recorder on Vogel's phone. It only took a few moments before the first hate call came in. Agents traced the calls to a number of phone booths and then began putting together the wire-fraud case. In addition to the civil rights violations, the indictment alleges that the three defendants conspired to obtain unauthorized AT&T long-distance access codes to make long-distance phone calls without paying for them. If convicted of the civil rights and wire-fraud charges, the defendants could face up to 15 years in prison and $500,000 in fines. In addition, they face various additional charges of illegally obtaining and using the restricted long-distance access codes. Yesterday, Vogel angrily rejected the notion that these callers were less than serious in their intentions. "They're full of baloney. They don't know what they are talking about," he said. _______________________________________________________________________________ HEADLINE SHORT-CIRCUITING DATA CRIMINALS STEPS CAN BE TAKEN TO DETECT AND PREVENT COMPUTER SECURITY BREACHES, BUT BUSINESSES HESITATE TO PROSECUTE Byline: Mary J. Pitzer Daily News Staff Writer Notes: MONDAY BUSINESS: COVER STORY THE PRICE OF COMPUTER CRIME. Second of two parts DATE 10/22/90 SOURCE LOS ANGELES DAILY NEWS (LAD) Edition: Valley Section: BUSINESS Page: B1 (Copyright 1990) Along with other telecommunications companies, Pacific Bell is a favorite target for computer crime. "We're a victim," said Darrell Santos, senior investigator at Pacific Bell. "We have people hacking us and trying to get into our billables. It seems like a whole lot of people are trying to get into the telecommunications network." But the company is fighting back. About seven employees in its investigative unit work with different law enforcement agencies to track down criminals, many of whom use the phone lines to commit computer crimes. In cooperation with authorities Pacific Bell investigators collect evidence, trace calls, interview suspects and testify in court. They even do their own hacking to figure out what some of their chief adversaries are up to. "We take a (telephone) prefix and hack the daylights out of it. We hack our own numbers," Santos said. "Hey, if we can do it, think of what those brain childs are doing." Few companies are nearly so aggressive. For the most part computer crime is a growing business that remains relatively unchecked. State and federal laws against computer crime are in place, but few cases are prosecuted. Most incidents go unreported, consultants say. "We advise our clients not to talk about losses and security because just talking about them in public is a breach," said Donn Parker, a senior managment consultant at SRI International in Palo Alto. "Mostly companies handle incidents privately or swallow the loss." Most problematic is that few companies have tight enough security to protect themselves. "On a scale of one to 10, the majority of companies are at about a two," said Jim Harrigan, senior security consultant at LeeMah Datacom Security Corp., which sells computer security products. Current laws are strong enough to convict computer criminals, security experts say. But they have been little used and sentences are rarely stiff, especially because so many violators are juveniles. Fewer than 250 computer crime cases have been prosecuted nationally, according to Kenneth Rosenblatt, head of the Santa Clara County district attorney's high technology unit. Rosenblatt co-authored California's recent computer crime law, which creates new penalties such as confiscation of computer equipment. Under a strengthened federal Computer Fraud and Abuse Act, Cornell University graduate student Robert T. Morris Jr. was convicted of unleashing a computer virus in Internet, a large computer network tying universities and government facilities. Though the virus was not intended to destroy programs, it infected thousands of computers and cost between $100,000 and $10 million to combat, according to author and hacking expert Cliff Stoll. Morris was sentenced to three years probation and a $10,000 fine. A major problem in policing computer crime is that investigators are understaffed and undertrained, Rosenblatt said. While Los Angeles and other police departments have computer crime units, most are not geared for it, he said. And violent crimes take precedence. Rosenblatt would like to see greater regional cooperation and coordination among local law enforcement agencies. Because investigators are understaffed, they must depend on their victims to gather enough evidence to convict the culprits. And that can be fraught with difficulties, Kenneth Weaver, criminal investigator in the San Diego district attorney's office, said at a recent security conference in Newport Beach. In one case a company's computer system crashed and its programs were erased 30 days after an employee left the firm. With six months of backup tapes, the company was able to document what had happened. The District Attorney's office asked to estimate how much money had been lost. The total came to $3,850, well below the $5,000 in damages needed for a felony case, Weaver said. And then the information was delayed 14 months. It needed to be reported in 12 months for the D.A. to go forward with the case. "We were prevented from prosecuting," Weaver said. In California, 71 percent of the cases result in convictions once arrests are made, according to the National Center for Computer Crime Data. But when prosecutors do make a case, there can be more trouble. Some prominent people in the computer industry have complained that a 2-year investigation by the U.S. Secret Service infringed on civil rights. The investigation, code-named Operation Sun Devil, was started to snare members of the Legion of Doom, an elite hacker group. The Secret Service suspected that they had broken into BellSouth Corp.'s telephone network and planted destructive programs that could have knocked out emergency and customer phone service across several states. Last spring, hacker dens in 13 cities were raided. Two suspects have been charged with computer crimes, and more arrests are expected. But a group called EFF, formed in July by Lotus Development Corp. founder Mitchell D. Kapor and Apple Computer Inc. co-founder Stephen Wozniak, has objected to the crackdown as overzealous. "The excesses of Operation Sun Devil are only the beginning of what threatens to become a long, difficult, and philosophically obscure struggle between institutional control and individual liberty," Kapor wrote in a paper with computer expert and Grateful Dead lyricist John Perry Barlow. So far, the foundation has granted $275,000 to Computer Professionals for Social Responsibility to expand its ongoing work on civil liberties protections for computer users. The foundation also is offering legal assistance to computer users who may have had their rights infringed. For example, it provided legal support to Craig Neidorf, publisher of an online hacking "magazine." Neidorf had been charged with felony wire fraud and interstate transportation of stolen property for publishing BellSouth network information. Neidorf said he was not aware the information was stolen. EFF claimed that Neidorf's right to free speech had been violated. The government dropped its case after EFF representatives found that the apparently stolen information was publicly available. Companies that want to prosecute computer crime face other dilemmas. "The decision to bring in public authorities is not always the best," said Susan Nycum, an attorney at Baker & McKenzie in Palo Alto. In a criminal case, the company loses control over what information is made public in the trial. But companies can pursue civil remedies that enable them to keep a lower profile. Suing for theft of trade secret, for example, would be one avenue, Weaver said. Many companies are reluctant to beef up security even if they know the risks from computer crime. First, they worry that making access to computers more difficult would lower productivity. There also is concern that their technical people, who are in high demand, might leave for other jobs if security becomes too cumbersome. Expense is another factor. Serious security measures at a large installation can cost an average of $100,000, though a smaller company can be helped for about $10,000, said Trevor Gee, partner at consulting company Deloitte and Touche. "They hear all the rumors, but unless you illustrate very specific savings, they are reluctant," Gee said. Proving cost savings is difficult unless the company already has been hit by computer crime. But those victims, some of whom have suffered losses in the millions, are usually security experts' best customers, consultants say. Much of the vulnerability to computer crime comes simply from lax security. Access is not restricted. Doors are not locked. Passwords are easily guessed, seldom changed and shared with several workers. And even these basic security measures are easy to put off. "You hear a lot of, `We haven't gotten around to changing the password because. . .," Roy Alzua, telecommunications security program manager at Rockwell International, told the security conference. So what should companies do to plug the gaping security holes in their organizations? Consultants say that top management first has to make a commitment that everyone in the operation takes seriously. "I've seen companies waste several hundreds, if not thousands, of dollars because management was not behind the program," Deloitte & Touche's Gee said. "As a result, MIS (management information systems) professionals have a tough time" pressing for more security. Once top executives are convinced that there is a need for tighter security, they must establish policies and procedures, consultants say. Gee suggests that in addition to training programs, reminders should be posted. Such issues as whether employees are allowed to use computers for personal projects should be tackled. Management also should decide what systems and information need to be secured. "They need to zero in on the information they are really concerned about," said Gregory Therkalsen, national director of information security services for consultants Ernst & Young. "About 95 percent of the information in the average company nobody cares about." Before tackling complicated security systems, companies should pay attention to the basics. "Lock a door. It's as easy as that," Alzua said. Companies should make sure that the passwords that come with their computers are changed. And then employees should not use common words or names that are easy to guess. Using a combination of numbers and letters, although difficult to remember, is more secure. Another basic measure is to have a system that automatically checks the authorization of someone who dials into the company's computers from the outside. Then, companies should develop an electronic audit trail so that they know who is using the system and when. And companies should always take the time to make backups of their computer files and store them in a place safe from fire and flood. A wide variety of software is available to help companies protect themselves. Some automatically encode information entered into the system. Others detect viruses. For a more sophisticated approach, LeeMah Datacom has a system that blocks a computer tone from the telephone line until the correct access code is entered. The company has held contests challenging hackers to break into its system. No one has, the company said. SRI is developing a system that would monitor computer activity around the clock with the supervision of a security guard. SRI is implementing the system for the FBI and plans to make it a commercial product. No company would want to have a perfectly secure system, consultants say. That would mean shutting out most employees and staying off networks that can make operations more efficient. While still balancing the need for openess, however, there is much that can be done to prevent computer crime. And although there is no perfect solution, companies don't need to stand by waiting to become the next victim. _______________________________________________________________________________ HEADLINE BELL CANADA'S NEW LOOK TELEPHONE NUMBERS PUZZLE SOME CUSTOMERS DATE 09/26/90 SOURCE CANADA NEWS-WIRE (CNW) Contact: For further information, contact: Irene Colella (416) 581-4266; Geoff Matthews, Bell Canada (416) 581-4205. CO: Bell Canada SS: IN: TLS Origin: TORONTO Language: ENGLISH; E Day of Week: Wed Time: 09:56 (Eastern Time) (Copyright Canada News-Wire) RE CN --- BELL CANADA'S NEW LOOK TELEPHONE NUMBERS PUZZLE SOME CUSTOMERS --- TORONTO - Bell Canada's new look telephone numbers in Southern Ontario are causing puzzlement among some customers in the 416 area code. In late 1988 Bell found itself running short of telephone numbers in the Golden Horseshoe because of rapid business and residential growth as well as the increasing popularity of cellular telephones, fax machines and new services like Ident-A-Call. To accommodate continuing growth, the company had to come up with a means of creating new number combinations. The solution was found by assigning local exchanges made up of combinations which had previously been reserved as area codes elsewhere in North America. Until March of this year the three numbers (known as a central office code) which begin a telephone number never had a zero or a one as the second digit. Anything from two through nine could appear in that position, but combinations with zero or one were used only as area codes. But with more than four million telephone numbers in use throughout the Golden Horseshoe Bell was simply running out of the traditional central office code combinations. By creating new central office codes such as 502, 513, 602 and 612, the company has access to up to one million new telephone numbers. Some customers, however, have found the new numbers a little confusing. When the new numbers were introduced last March, Bell mounted an extensive advertising campaign telling customers throughout the 416 area code to dial 1 plus 416 or 0 plus 416 for all long distance calls within the area code in order to ensure calls to these numbers could be completed. Bell spokesman Geoff Matthews says that while the ad campaign was extremely effective in changing dialing habits, a number of customers are scratching their heads when they first see the new telephone numbers. ``In some cases we are finding that business customers have not programmed their telephone equipment to permit dialing the new numbers,'' Matthews said, ``but some people think it is simply a mistake when they see a telephone number beginning with 612 for example. Most are satisfied once they have received an explanation.'' Creating the million new telephone numbers should see Bell Canada through several years, Matthews said, after which a new area code will be introduced. The 416 area code is the first in Canada to reach capacity. A number of U.S. cities have faced a similar situation, Matthews said, and have introduced similar number plans. Bell Canada, the largest Canadian telecommunications operating company, markets a full range of state-of-the-art products and services more than seven million business and residence customers in Ontario, Quebec and part of the Northwest Territories. Bell Canada is a member of Telecom Canada -- an association of Canada's major telecommunications companies. For further information, contact: Irene Colella (416) 581-4266; Geoff Matthews, Bell Canada (416) 581-4205. _______________________________________________________________________________ HEADLINE Keeping The PBX Secure Byline: Bruce Caldwell DATE 10/15/90 Issue: 291 Section: TRENDS Page: 25 (Copyright 1990 CMP Publications, Inc. All rights reserved.) Preventing toll fraud through the corporate PBX can be as simple, albeit inconvenient, as expanding access codes from four digits to 14. "When we had nine-digit codes, we got hurt bad," says Bob Fox of US Sprint Communications Co., referring to the phone company's credit card numbers. "But when we moved to 14-digit codes and vigorous prosecution, our abuse dropped off the table." At most companies, the authorization code for remote access, used by employees to place calls through the corporate PBX while away from the office, is only four digits. Many companies are "hung up on the four-digit authorization code," says Fox, mainly because it's easier for the executives to remember. But all it takes a hacker to crack open a four-digit code is about 20 minutes. To help their customers cope with PBX abuse, MCI Communications Corp. has prepared a tip sheet describing preventative measures (see accompanying chart). PBX fraud may display itself in a particular pattern: The initial stage will show a dramatic increase in 950-outbound and 800-outbound services, which allow a surreptitious user to "cover his tracks" by jumping from one carrier to another-a technique known as "looping." In time, knowledge of the unsecured system may become widespread, resulting in heavy use of services connected with normal telecommunications traffic. Customers are advised to audit systems for unusual usage and to change codes on a regular basis. Steady tones used as prompts to input access codes should be avoided, because that is what hacker-programmed computers look for. Instead, MCI advises use of a voice recording or no prompt at all, and recommends automatic termination of a call or routing it to a switchboard operator whenever an invalid code is entered. An obvious source of help is often overlooked. Explains Jim Snyder, an attorney in MCI's office of corporate systems integrity, "The first thing we tell customers is to contact their PBX vendor to find out what kind of safeguards can be built into the PBX." _______________________________________________________________________________ HEADLINE WATCH YOUR PBX Column: Database DATE 04/02/90 SOURCE COMMUNICATIONSWEEK (CWK) Issue: 294 Section: PRN Page: 24 (Copyright 1990 CMP Publications, Inc. All rights reserved.) Many managers of voice systems would be "horrified" if they realized the low levels of security found in their PBXs, according to Gail Thackeray, an assistant attorney general for the state of Arizona. Thackeray made her comments to a group of financial users at a computer virus clinic held by the Data Processing Management Association's Financial Industries chapter. Thackeray, who investigates computer crimes, said that PBXs often are used by network criminals to make free long distance phone calls at the expense of the companies that own the PBXs. "PBX owners are often unaware that if $500,000 worth of fraud comes from your PBX, the local carrier is not going to absorb that loss," she said. The PBX also is often the first source of break-in by computer hackers, who use the free phone service to get into a user's data system, she said. "PBXs are the prime method for international toll fraud and hackers attacking and hiding behind your corporate identity," Thackeray said. Richard Lefkon, Citicorp's network planner and president of DPMA's financial industries chapter, said users are more likely to take steps toward protecting a PBX than a network of microcomputers. "A PBX is expensive, so if you add 15 to 20 percent to protect it, it's a justifiable expenditure," Lefkon said. "If you have a PC which costs a couple of thousand dollars, unless you think you're special, you are going to think twice before investing several hundred dollars per PC to protect them." _______________________________________________________________________________