The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / phrack2 / phrack40.014 < prev next >

Wrap

Text File | 2003-06-11 | 48.8 KB | 947 lines

_______________________________________________________________________________ ==Phrack Inc.== Volume Four, Issue Forty, File 14 of 14 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue 40 / Part 3 of 3 PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Bellcore Threatens 2600 Magazine With Legal Action July 15, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE FOLLOWING CERTIFIED LETTER HAS BEEN RECEIVED BY 2600 MAGAZINE. WE WELCOME ANY COMMENTS AND/OR INTERPRETATIONS. Leonard Charles Suchyta General Attorney Intellectual Property Matters Emanuel [sic] Golstein [sic], Editor 2600 Magazine P.O. Box 752 Middle Island, New York 11953-0752 Dear Mr. Golstein: It has come to our attention that you have somehow obtained and published in the 1991-1992 Winter edition of 2600 Magazine portions of certain Bellcore proprietary internal documents. This letter is to formally advise you that, if at any time in the future you (or your magazine) come into possession of, publish, or otherwise disclose any Bellcore information or documentation which either (i) you have any reason to believe is proprietary to Bellcore or has not been made publicly available by Bellcore or (ii) is marked "proprietary," "confidential," "restricted," or with any other legend denoting Bellcore's proprietary interest therein, Bellcore will vigorously pursue all legal remedies available to it including, but not limited to, injunctive relief and monetary damages, against you, your magazine, and its sources. We trust that you fully understand Bellcore's position on this matter. Sincerely, LCS/sms LCS/CORR/JUN92/golstein.619 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Emmanuel Goldstein Responds ~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following reply has been sent to Bellcore. Since we believe they have received it by now, we are making it public. Emmanuel Goldstein Editor, 2600 Magazine PO Box 752 Middle Island, NY 11953 July 20, 1992 Leonard Charles Suchyta LCC 2E-311 290 W. Mt. Pleasant Avenue Livingston, NJ 07039 Dear Mr. Suchyta: We are sorry that the information published in the Winter 1991-92 issue of 2600 disturbs you. Since you do not specify which article you take exception to, we must assume that you're referring to our revelation of built-in privacy holes in the telephone infrastructure which appeared on Page 42. In that piece, we quoted from an internal Bellcore memo as well as Bell Operating Company documents. This is not the first time we have done this. It will not be the last. We recognize that it must be troubling to you when a journal like ours publishes potentially embarrassing information of the sort described above. But as journalists, we have a certain obligation that cannot be cast aside every time a large and powerful entity gets annoyed. That obligation compels us to report the facts as we know them to our readers, who have a keen interest in this subject matter. If, as is often the case, documents, memoranda, and/or bits of information in other forms are leaked to us, we have every right to report on the contents therein. If you find fault with this logic, your argument lies not with us, but with the general concept of a free press. And, as a lawyer specializing in intellectual property law, you know that you cannot in good faith claim that merely stamping "proprietary" or "secret" on a document establishes that document as a trade secret or as proprietary information. In the absence of a specific explanation to the contrary, we must assume that information about the publicly supported telephone system and infrastructure is of public importance, and that Bellcore will have difficulty establishing in court that any information in our magazine can benefit Bellcore's competitors, if indeed Bellcore has any competitors. If in fact you choose to challenge our First Amendment rights to disseminate important information about the telephone infrastructure, we will be compelled to respond by seeking all legal remedies against you, which may include sanctions provided for in Federal and state statutes and rules of civil procedure. We will also be compelled to publicize your use of lawsuits and the threat of legal action to harass and intimidate. Sincerely, Emmanuel Goldstein - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Exposed Hole In Telephone Network Draws Ire Of Bellcore July 24, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from Communications Daily (Page 5) Anyone Can Wiretap Your Phone Major security hole in telephone network creates "self-serve" monitoring feature allowing anyone to listen in on any telephone conversation they choose. Weakness involves feature called Busy Line Verification (BLV), which allows phone companies to "break into" conversation at any time. BLV is used most often by operators entering conversation to inform callers of emergency message. But BLV feature can be used by anyone with knowledge of network's weakness to set up ad hoc 'wiretap' and monitor conversations, said Emmanuel Goldstein, editor of 2600 Magazine, which published article in its Winter 1991 issue. 2600 Magazine is noted for finding and exposing weaknesses of telecommunications. It's named for frequency of whistle, at one time given away with Cap'n Crunch cereal, which one notorious hacker discovered could, when blown into telephone receiver, allow access to open 800 line. Phone companies have since solved that problem. Security risks are outlined in article titled "U.S. Phone Companies Face Built- In Privacy Hole" that quotes from internal Bellcore memo and Bell Operating Co. documents: "'A significant and sophisticated vulnerability' exists that could affect the security and privacy of BLV." Article details how, after following 4 steps, any line is susceptible to secret monitoring. One document obtained by 2600 said: "There is no proof the hacker community knows about the vulnerability." When Bellcore learned of article, it sent magazine harsh letter threatening legal action. Letter said that if at any time in future magazine "comes into possession of, publishes, or otherwise discloses any Bellcore information" organization will "vigorously pursue all legal remedies available to it including, but not limited to, injunctive and monetary damages." Leonard Suchyta, Bellcore General Attorney for Intellectual Property Matters, said documents in magazine's possession "are proprietary" and constitute "a trade secret" belonging to Bellcore and its members -- RBOCs. He said documents are "marked with 'Proprietary' legend" and "the law says you can't ignore this legend, its [Bellcore's] property." Suchyta said Bellcore waited so long to respond to publication because "I think the article, as we are not subscribers, was brought to our attention by a 3rd party." He said this is first time he was aware that magazine had published such Bellcore information. But Goldstein said in reply letter to Bellcore: "This is not the first time we have done this. It will not be the last." He said he thinks Bellcore is trying to intimidate him, "but they've come up against the wrong publication this time." Goldstein insisted that documents were leaked to his magazine: "While we don't spread the documents around, we will report on what's contained within." Suchyta said magazine is obligated to abide by legend stamped on documents. He said case law shows that the right to publish information hinges on whether it "has been lawfully acquired. If it has a legend on it, it's sort of hard to say it's lawfully acquired." Goldstein said he was just making public what already was known: There's known privacy risk because of BLV weakness: "If we find something out, our first instinct is to tell people about it. We don't keep things secret." He said information about security weaknesses in phone network "concerns everybody." Just because Bellcore doesn't want everyone to know about its shortcomings and those of telephone network is hardly reason to stifle that information, Goldstein said. "Everybody should know if their phone calls can be listened in on." Suchyta said that to be considered "valuable," information "need not be of super, super value," like proprietary software program "where you spent millions of dollars" to develop it. He said information "could well be your own information that would give somebody an advantage or give them some added value they wouldn't otherwise have had if they had not taken it from you." Goldstein said he was "sympathetic" to Bellcore's concerns but "fact is, even when such weaknesses are exposed, [phone companies] don't do anything about them." He cited recent indictments in New York where computer hackers were manipulating telephone, exploiting weaknesses his magazine had profiled long ago. "Is there any security at all [on the network]?" he said. "That's the question we have to ask ourselves." Letter from Bellcore drew burst of responses from computer community when Goldstein posted it to electronic computer conference. Lawyers specializing in computer law responded, weighing in on side of magazine. Attorney Lance Rose said: "There is no free-floating 'secrecy' right . . . Even if a document says 'confidential' that does not mean it was disclosed to you with an understanding of confidentiality -- which is the all-important question." Michael Godwin, general counsel for Electronic Frontier Foundation, advocacy group for the computer community, said: "Trade secrets can qualify as property, but only if they're truly trade secrets. Proprietary information can (sort of) qualify as property if there's a breach of a fiduciary duty." Both lawyers agreed that magazine was well within its rights in publishing information. "If Emmanuel did not participate in any way in encouraging or aiding in the removal of the document from Bellcore . . . that suggests he wouldn't be liable," Godwin said. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Bellcore And 2600 Dispute Publishing Of Article July 27, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Barbara E. McMullen & John F. McMullen (Newsbytes) MIDDLE ISLAND, NY -- Eric Corley a/k/a "Emmanuel Goldstein", editor and publisher of 2600 Magazine: The Hacker Quarterly, has told Newsbytes that he will not be deterred by threats from Bellcore from publishing material which he considers important for his readership. Earlier this month, Corley received a letter (addressed to "Emanuel Golstein") from Leonard Charles Suchyta, General Attorney, Intellectual Property Matters at Bellcore taking issue with the publication by 2600 of material that Suchyta referred to as "portions of certain Bellcore proprietary internal documents." The letter continued "This letter is to formally advise you that, if at any time in the future you (or your magazine) come into possession of, publish, or otherwise disclose any Bellcore information or documentation which either (i) you have any reason to believe is proprietary to Bellcore or has not been made publicly available by Bellcore or (ii) is marked "proprietary," "confidential," "restricted," or with any other legend denoting Bellcore's proprietary interest therein, Bellcore will vigorously pursue all legal remedies available to it including, but not limited to, injunctive relief and monetary damages, against you, your magazine, and its sources." While the letter did not mention any specific material published by 2600, Corley told Newsbytes that he believes that Suchyta's letter refers to an article entitled "U.S. Phone Companies Face Built-In Privacy Hole".that appears on page 42 of the Winter 1991 issue. Corley said "What we published was derived from a 1991 internal Bellcore memo as well as Bell Operating Company documents that were leaked to us. We did not publish the documents. However, we did read what was sent to us and wrote an article based upon that. The story focuses on how the phone companies are in an uproar over a 'significant and sophisticated vulnerability' that could result in BLV (busy line verification) being used to listen in on phone calls." The 650-word article said, in part, "By exploiting a weakness, it's possible to remotely listen in on phone conversations at a selected telephone number. While the phone companies can do this any time they want, this recently discovered self-serve monitoring feature has created a telco crisis of sorts." The article further explained how people might exploit the security hole, saying "The intruder can listen in on phone calls by following these four steps: "1. Query the switch to determine the Routing Class Code assigned to the BLV trunk group. "2. Find a vacant telephone number served by that switch. "3. Via recent change, assign the Routing Class Code of the BLV trunks to the Chart Column value of the DN (directory number) of the vacant telephone number. "4. Add call forwarding to the vacant telephone number (Remote Call Forwarding would allow remote definition of the target telephone number while Call Forwarding Fixed would only allow the specification of one target per recent change message or vacant line)." "By calling the vacant phone number, the intruder would get routed to the BLV trunk group and would then be connected on a "no-test vertical" to the target phone line in a bridged connection." The article added "According to one of the documents, there is no proof that the hacker community knows about the vulnerability. The authors did express great concern over the publication of an article entitled 'Central Office Operations - The End Office Environment' which appeared in the electronic newsletter Legion of Doom/Hackers Technical Journal. In this article, reference is made to the 'No Test Trunk'." The article concludes "even if hackers are denied access to this "feature", BLV networks will still have the capability of being used to monitor phone lines. Who will be monitored and who will be listening are two forever unanswered questions." Corley responded to to Suchyta's letter on July 20th, saying "I assume that you're referring to our revelation of built-in privacy holes in the telephone infrastructure which appeared on Page 42. In that piece, we quoted from an internal Bellcore memo as well as Bell Operating Company documents. This is not the first time we have done this. It will not be the last. "We recognize that it must be troubling to you when a journal like ours publishes potentially embarrassing information of the sort described above. But as journalists, we have a certain obligation that cannot be cast aside every time a large and powerful entity gets annoyed. That obligation compels us to report the facts as we know them to our readers, who have a keen interest in this subject matter. If, as is often the case, documents, memoranda, and/or bits of information in other forms are leaked to us, we have every right to report on the contents therein. If you find fault with this logic, your argument lies not with us, but with the general concept of a free press. "And, as a lawyer specializing in intellectual property law, you know that you cannot in good faith claim that merely stamping "proprietary" or "secret" on a document establishes that document as a trade secret or as proprietary information. In the absence of a specific explanation to the contrary, we must assume that information about the publicly supported telephone system and infrastructure is of public importance, and that Bellcore will have difficulty establishing in court that any information in our magazine can benefit Bellcore's competitors, if indeed Bellcore has any competitors. "If in fact you choose to challenge our First Amendment rights to disseminate important information about the telephone infrastructure, we will be compelled to respond by seeking all legal remedies against you, which may include sanctions provided for in Federal and state statutes and rules of civil procedure. We will also be compelled to publicize your use of lawsuits and the threat of legal action to harass and intimidate. Sincerely, Emmanuel Goldstein" Corley told Newsbytes "Bellcore would never have attempted this with the New York Times. They think that it would, however, be easy to shut us up by simple threats because of our size. They are wrong. We are responsible journalists; we know the rules and we abide by them. I will, by the way, send copies of the article in question to anyone who request it. Readers may then judge for themselves whether any boundaries have been crossed." Corley, who hosts the weekly "Off the Hook" show on New York City's WBAI radio station, said that he had discussed the issue on the air and had received universal support from his callers. Corley also told Newsbytes, that, although he prefers to be known by his nomme de plume (taken from George Orwell's 1984), he understands that the press fells bound to use his actual name. He said that, in the near future, he will "end the confusion by having my name legally changed." Bellcore personnel were unavailable for comment on any possible response to Corley's letter. _______________________________________________________________________________ Interview With Ice Man And Maniac July 22, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Joshua Quittner (New York Newsday)(Page 83) Ice Man and Maniac are two underground hackers in the New England area that belong to a group known as Micro Pirates, Incorporated. They agreed to be interviewed if their actual identities were not revealed. [Editor's Note: They are fools for doing this, especially in light of how Phiber Optik's public media statements and remarks will ultimately be used against him.] Q: How do you define computer hacking? Maniac: Hacking is not exploration of computer systems. It's more of an undermining of security. That's how I see it. Q: How many people are in your group, Micro Pirates Incorporated? Ice Man: Fifteen or 14. Maniac: We stand for similar interests. It's an escape, you know. If I'm not doing well in school, I sit down on the board and talk to some guy in West Germany, trade new codes of their latest conquest. Escape. Forget about the real world. Ice Man. It's more of a hobby. Why do it? You can't exactly stop. I came about a year-and-a-half ago, and I guess you could say I'm one of the ones on a lower rung, like in knowledge. I do all the -- you wouldn't call it dirty work -- phone calls. I called you -- that kind of thing. Q: You're a "social engineer"? Ice Man: Social engineering -- I don't know who coined the term. It's using conversation to exchange information under false pretenses. For example, posing as a telecommunications employee to gain more knowledge and insight into the different [phone network] systems. Q: What social engineering have you done? Maniac: We hacked into the system that keeps all the grades for the public school system. It's the educational mainframe at Kingsborough Community College. But we didn't change anything. Ice Man: They have the mainframe that stores all the schedules, Regents scores, ID numbers of all the students in the New York high school area. You have to log in as a school, and the password changes every week. Q: How did you get the password? Ice Man: Brute force and social engineering. I was doing some social engineering in school. I was playing the naive person with an administrator, asking all these questions toward what is it, where is it and how do you get in. Q: I bet you looked at your grades. How did you do? Ice Man: High 80s. Q. And you could have changed Regents scores? Ice Man: I probably wouldn't have gotten away with it, and I wouldn't say I chose not to on a moral basis. I'd rather say on a security basis. Q: What is another kind of social engineering? Maniac: There's credit-card fraud and calling-card fraud. You call up and say, "I'm from the AT&T Corporation. We're having trouble with your calling-card account. Could you please reiterate to us your four- digit PIN number?" People, being kind of God-fearing -- as AT&T is somewhat a God -- will say, "Here's my four-digit PIN number." Q: Hackers from another group, MOD, were arrested recently and charged with, among other things, selling inside information about how to penetrate credit bureaus. Have you cleaned up your act? Maniac: We understand the dangers of it now. We're not as into it. We understand what people go through when they find out a few thousand dollars have been charged to their credit-card account. Q: Have you hacked into credit bureaus? Ice Man: We were going to look up your name. Maniac: CBI [Credit Bureau International, owned by Equifax, one of the largest national credit bureaus], is pretty insecure, to tell you the truth. Q: Are you software pirates, too? Maniac: Originally. Way back when. Ice Man: And then we branched out and into the hacking area. Software piracy is, in the computer underground, the biggest thing. There are groups like THG and INC, which are international. THG is The Humble Guys. INC is International Network of Crackers, and I've recently found out that it's run by 14 and 15-year-olds. They have people who work in companies, and they'll take the software and they'll crack it -- the software protection -- and then distribute it. Q: Are there many hacking groups in New York? Maniac: Three or four. LOD [the Legion of Doom, named by hacker Lex Luthor], MOD, MPI and MOB [Men of Business]. Q: How do your members communicate? Ice Man: The communication of choice is definitely the modem [to access underground electronic bulletin boards where members leave messages for each other or "chat" in real time]. After that is the voice mail box [VMB]. VMBs are for communications between groups. A company, usually the same company that has beepers and pagers and answering services, has a voice-mail-box service. You call up [after hacking out an access code that gives the user the ability to create new voice mail boxes on a system] and can enter in a VMB number. Occasionally they have outdial capabilities that allow you to call anywhere in the world. I call about five every day. It's not really my thing. Q: Is your group racially integrated? Ice Man: Half of them are Asian. Also we have, I think, one Hispanic. I never met him. Race, religion -- nobody cares. The only thing that would alienate you in any way would be if you were known as a lamer. If you just took, took, took and didn't contribute to the underground. It's how good you are, how you're respected. Maniac: We don't work on a racial basis or an ethnic basis. We work on a business basis. This is an organized hobby. You do these things for us and you get a little recognition for it. Ice Man: Yeah. If you're a member of our group and you need a high-speed modem, we'll give you one, on a loan basis. Q: How does somebody join MPI? Maniac: They have to contact either of us on the boards. Ice Man: And I'll go through the whole thing [with them], validating them, checking their references, asking them questions, so we know what they're talking about. And if it's okay, then we let them in. We have members in 516, 718, 212, 201, 408, and 908. We're talking to someone in Florida, but he's not a member yet. Q: Are any MPI members in other hacking groups? Ice Man: I know of no member of MPI that is in any other group. I wouldn't call it betrayal, but it's like being in two secret clubs at one time. I would want them faithful to my group, not any other group. There is something called merging, a combination of both groups that made them bigger and better. A lot of piracy groups did that. Q: Aren't you concerned about breaking the law? Maniac: Breaking the law? I haven't gotten caught. If I do get caught, I won't be stupid and say I was exploring -- I'm not exploring. I'm visiting, basically. If you get caught, you got to serve your time. I'm not going to fight it. _______________________________________________________________________________ FBI Unit Helps Take A Byte Out Of Crime July 15, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Bill Gertz (The Washington Times)(Page A4) FBI crime busters are targeting elusive computer criminals who travel the world by keyboard, telephone and computer screen and use such code names as "Phiber Optik," "Masters of Disaster," "Acid Phreak" and "Scorpion." "Law enforcement across the board recognizes that this is a serious emerging crime problem, and it's only going to continue to grow in the future," said Charles L. Owens, chief of the FBI's economic crimes unit. Last week in New York, federal authorities unsealed an indictment against five computer hackers, ages 18 to 22, who were charged with stealing long-distance phone service and credit bureau information and who penetrated a wide variety of computer networks. The FBI is focusing its investigations on major intrusions into banking and government computers and when the objective is stealing money, Mr. Owens said in an interview. FBI investigations of computer crimes have doubled in the past year, he said, adding that only about 11 percent to 15 percent of computer crimes are reported to law enforcement agencies. Because of business or personal reasons, victims often are reluctant to come forward, he said. Currently, FBI agents are working on more than 120 cases, including at least one involving a foreign intelligence agency. Mr. Owens said half of the active cases involve hackers operating overseas, but he declined to elaborate. The FBI has set up an eight-member unit in its Washington field office devoted exclusively to solving computer crimes. The special team, which includes computer scientists, electrical engineers and experienced computer system operators, first handled the tip that led to the indictment of the five hackers in New York, according to agent James C. Settle, who directs the unit. Computer criminals, often equipped with relatively unsophisticated Commodore 64 or Apple II computers, first crack into international telephone switching networks to make free telephone calls anywhere in the world, Mr. Settle said. Hackers then can spend up to 16 hours a day, seven days a week, breaking into national and international computer networks such as the academic-oriented Internet, the National Aeronautics and Space Administration's Span-Net and the Pentagon's Milnet. To prevent being detected, unauthorized computer users "loop and weave" through computer networks at various locations in the process of getting information. "A lot of it is clearly for curiosity, the challenge of breaking into systems," Mr. Settle said. "The problem is that they can take control of the system." Also, said Mr. Owens, computer hackers who steal such information from commercial data banks may turn to extortion as a way to make money. Mr. Settle said there are also "indications" that computer criminals are getting involved in industrial espionage. The five hackers indicted in New York on conspiracy, computer-fraud, computer tampering, and wire-fraud charges called themselves "MOD," for Masters of Deception or Masters of Disaster. The hackers were identified in court papers as Julio Fernandez, 18, John Lee, 21, Mark Abene, 20, Elias Ladopoulos, 22, and Paul Stira, 22. All live in the New York City area. Mr. Fernandez and Mr. Lee intercepted data communications from a computer network operated by the Bank of America, court papers said. They also penetrated a computer network of the Martin Marietta Electronics Information and Missile Group, according to the court documents. The hackers obtained personal information stored in credit bureau computers, with the intention of altering it "to destroy people's lives or make them look like saints," the indictment stated. _______________________________________________________________________________ And Today's Password Is... May 26, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~ By Robert Matthews (The Daily Telegraph)(page 26) "Ways Of Keeping Out The Determined Hacker" One of the late Nobel Prize-winning physicist Richard Feynman's favorite stories was how he broke into top-secret atomic bomb files at Los Alamos by guessing that the lock combination was 271828, the first six digits of the mathematical constant "e". Apart from being amusing, Feynman's anecdote stands as a warning to anyone who uses dates, names or common words for their computer password. As Professor Peter Denning, of George Mason University, Virginia, points out in American Scientist, for all but the most trivial secrets, such passwords simply aren't good enough. Passwords date back to 1960, and the advent of time- sharing systems that allowed lots of users access to files stored on a central computer. It was not long before the standard tricks for illicitly obtaining passwords emerged: Using Feynman-style educated guessing, standing behind computer users while they typed in their password or trying common system passwords like "guest" or "root". The biggest security nightmare is, however, the theft of the user-password file, which is used by the central computer to check any password typed in. By the mid-1970s, ways of tackling this had been developed. Using so-called "one-way functions", each password was encrypted in a way that cannot be unscrambled. The password file then contains only apparently meaningless symbols, of no obvious use to the would-be hacker. But, as Denning warns, even this can be beaten if passwords are chosen sloppily. Instead of trying to unscramble the file, hackers can simply feed common names and dates -- or even the entire English dictionary -- through the one-way function to see if the end result matches anything on the scrambled password file. Far from being a theoretical risk, this technique was used during the notorious Project Equalizer case in 1987, when KGB-backed hackers in Hanover broke the passwords of Unix-based computers in America. Ultimately, the only way to solve the password problem is to free people of their fear of forgetting more complex ones. The long-term solution, says Denning, probably lies with the use of smart-card technology. One option is a card which generates different passwords once a minute, using a formula based on the time given by an internal clock. The user then logs on using this password. Only if the computer confirms that the password corresponds to the log-on time is the user allowed to continue. Another smart-card technique is the "challenge-response" protocol. Users first log on to their computer under their name, and are then "challenged" by a number appearing on the screen. Keying this into their smart card, a "response number" is generated by a formula unique to each smart card. If this number corresponds to the response expected from a particular user's smart card, the computer allows access. A number of companies are already marketing smart-card systems, although the technology has yet to become popular. In the meantime, Denning says that avoiding passwords based on English words would boost security. He highlights one simple technique for producing non- standard words that are nonetheless easy to remember: "Pass-phrases". For this, one merely invents a nonsensical phrase like "Martin says Unix gives gold forever", and uses the first letter of each word to generate the password: MSUGGF. Such a password will defeat hackers, even if the password file is stolen, as it does not appear in any dictionary. However, Denning is wary of giving any guarantees. One day, he cautions, someone may draw up a computerized dictionary of common phrases. "The method will probably be good for a year or two, until someone who likes to compile these dictionaries starts to attack it." _______________________________________________________________________________ Outgunned "Computer Cops" Track High-Tech Criminals June 8, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Tony Rogers (Associated Press) BOSTON -- The scam was simple. When a company ordered an airline ticket on its credit card, a travel agent entered the card number into his computer and ordered a few extra tickets. The extra tickets added up and the unscrupulous agent sold them for thousands of dollars. But the thief eventually attracted attention and authorities called in Robert McKenna, a prosecutor in the Suffolk County district attorney's office. He is one of a growing, but still outgunned posse of investigators who track high- tech villains. After the thief put a ticket to Japan on a local plumbing company's account, he was arrested by police McKenna had posing as temporary office workers. He was convicted and sentenced to a year in prison. But the sleuths who track high-tech lawbreakers say too many crimes can be committed with a computer or a telephone, and too few detectives are trained to stop them. "What we've got is a nuclear explosion and we're running like hell to escape the blast. But it's going to hit us," said Chuck Jones, who oversees high-tech crime investigations at the California Department of Justice. The problem is, investigators say, computers have made it easier to commit crimes like bank fraud. Money transfers that once required signatures and paperwork are now done by pressing a button. But it takes time to train a high-tech enforcer. "Few officers are adept in investigating this, and few prosecutors are adept in prosecuting it," Jones said. "You either have to take a cop and make him a computer expert, or take a computer expert and make him a cop. I'm not sure what the right approach is." In recent high-tech crimes: - Volkswagen lost almost $260 million because of an insider computer scam involving phony currency exchange transactions. - A former insurance firm employee in Fort Worth, Texas, deleted more than 160,000 records from the company's computer. - A bank employee sneaked in a computer order to Brinks to deliver 44 kilograms of gold to a remote site, collected it, then disappeared. Still, computer cops have their successes. The Secret Service broke up a scheme to make counterfeit automatic teller machine cards that could have netted millions. And Don Delaney, a computer detective for the New York State Police, nabbed Jaime Liriano, who cracked a company's long-distance phone system. Many company phone systems allow employes to call an 800 number, punch in a personal identification number and then make long-distance calls at company expense. Some computer hackers use automatic speed dialers -- known as "demon dialers" -- to dial 800 numbers repeatedly and try different four-digit numbers until they crack the ID codes. Hackers using this method stole $12 million in phone service from NASA. Liriano did it manually, calling the 800 number of Data Products in Wallingford, Connecticut, from his New York City apartment. He cracked the company's code in two weeks. Liriano started selling the long distance service -- $10 for a 20-minute call anywhere -- and customers lined up inside his apartment. But Delaney traced the calls and on March 10, he and his troopers waited outside Liriano's apartment. On a signal from New York Telephone, which was monitoring Liriano's line, the troopers busted in and caught him in the act. Liriano pleaded guilty to a misdemeanor of theft of services, and was sentenced to three years' probation and community service. Data Products lost at least $35,000. "And we don't know what he made," Delaney said of Liriano. _______________________________________________________________________________ Who Pays For Calls By Hackers? June 12, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Kent Gibbons (The Washington Times)(Page C1) ICF International Inc. doesn't want to pay $82,000 for unauthorized calls by hackers who tapped the company's switchboard. AT&T says the Fairfax engineering firm owns the phone system and is responsible for the calls, mostly to Pakistan. Now their dispute and others like it are in Congress' lap. A House subcommittee chairman believes a law is needed to cap the amount a company can be forced to pay for fraudulent calls, the same way credit card users are protected. Edward Markey, the Massachusetts Democrat who held hearings on the subject said long-distance carriers and local telephone companies should absorb much of those charges. Victims who testified said they didn't know about the illegal calls until the phone companies told them, sometimes weeks after strange calling patterns began. But since the calls went through privately owned switchboards before entering the public telephone network, FCC rules hold the switchboard owners liable. "This is one of the ongoing dilemmas caused by the breakup of AT&T," Mr. Markey said. Before the 1984 Bell system breakup, every stage of a call passed through the American Telephone & Telegraph Co. network and AT&T was liable for fraudulent calls. Estimates of how much companies lose from this growing form of telephone fraud range from $300 million to more than $2 billion per year. The range is so vast because switchboard makers and victims often don't report losses to avoid embarrassment or further fraud, said James Spurlock of the Federal Communications Commission. Long-distance carriers say they have stepped up their monitoring of customer calls to spot unusual patterns such as repeated calls to other countries in a short period. In April, Sprint Corp. added other protective measures, including, for a $100 installation charge and $100 monthly fee, a fraud liability cap of $25,000 per incident. AT&T announced a similar plan last month. Robert Fox, Sprint assistant vice president of security, said the new plans cut the average fraud claim from more than $20,000 in the past to about $2,000 during the first five months of this year. But the Sprint and AT&T plans don't go far enough, Mr. Markey said. ICF's troubles started in March 1988. At the time, the portion of ICF that was hit by the fraud was an independent software firm in Rockville called Chartways Technologies Inc. ICF bought Chartways in April 1991. As with most cases of fraud afflicting companies with private phone systems, high-tech bandits broke into the Chartways switchboard using a toll-free number set up for the company's customers. Probably aided by a computer that randomly dials phone numbers, the hackers got through security codes to obtain a dial tone to make outside calls. The hackers used a fairly common feature some companies offer out-of-town employees to save on long-distance calls. Ironically, Chartways never used the feature because it was too complicated, said Walter Messick, ICF's manager of contract administration. On March 31, AT&T officials told Chartways that 757 calls were made to Pakistan recently, costing $42,935. The phone bill arrived later that day and showed that the Pakistan calls had begun 11 days before, Mr.Messick said. Because of the Easter holiday and monitoring of calls by Secret Service agents, ICF's outside-calling feature was not disconnected until April 4. By then, ICF had racked up nearly $82,000 in unauthorized calls. A year ago, the FCC's Common Carrier Bureau turned down ICF's request to erase the charges. The full commission will hear an appeal this fall. _______________________________________________________________________________ Dutch Hackers Feel Data Security Law Will Breed Computer Crime July 7, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Oscar Kneppers (ComputerWorld Netherland) HAARLEM, the Netherlands -- Dutch hackers will be seriously reprimanded for breaking and entering computer systems, if a new law on computer crime is passed in the Netherlands. Discussed recently in Dutch parliament and under preparation for more than two years, the proposed law calls hacking "a crime against property." It is expected to be made official in next spring at the earliest and will consist of the following three parts: - The maximum penalty for hackers who log on to a secured computer system would be six months' imprisonment. - If they alter data in the system, they could spend up to four years in prison. - Those who illegally access a computer system that serves a "common use" -- like that in a hospital or like a municipal population database -- could soon risk a prison sentence of six years. This pending law does not differentiate between computer crimes committed internally or externally from an office. For example, cracking the password of a colleague could lead to prosecution. Hackers believe this law will only provoke computer crime, because the hackers themselves will no longer offer "cheap warnings" to a computer system with poor security. Rop Gonggrijp, who is sometimes called the King of Hacking Holland, and is currently editor-in-chief of Dutch computer hacker magazine "Hack-tic" warns that this law could produce unexpected and unwanted results. "Students who now just look around in systems not knowing that it [this activity] is illegal could then suddenly end up in jail," he said. Gonggrijp equates hacking to a big party, where you walk in uninvited. Gonggrijp is concerned about the repercussions the new law may have on existing hackers. He said he thinks the current relationship between computer hackers and systems managers in companies is favorable. "[Hackers] break into, for example, an E-mail system to tell the systems manager that he has to do something about the security. If this law is introduced, they will be more careful with that [move]. The cheap warning for failures in the system will, therefore, no longer take place, and you increase chances for so-called real criminals with dubious intentions," he added. According to a spokesman at the Ministry of Justice in The Hague, the law gives the Dutch police and justice system a legal hold on hackers that they currently lack. "Computer criminals [now] have to be prosecuted via subtle legal tricks and roundabout routes. A lot of legal creativity was [previously] needed. But when this law is introduced, arresting the hackers will be much easier," he said. The Dutch intelligence agency Centrale Recherche Informatiedienst (CRI) in The Hague agreed with this. Ernst Moeskes, CRI spokesman, said, "It's good to see that we can handle computer crime in a directed way now." _______________________________________________________________________________ PWN Quicknotes ~~~~~~~~~~~~~~ 1. Printer Avoids Jail In Anti-Hacking Trial (By Melvyn Howe, Press Association Newsfile, June 9, 1992) -- A printer avoided a jail sentence in Britain's first trial under anti-hacking legislation. Freelance typesetter Richard Goulden helped put his employers out of business with a pirate computer program -- because he said they owed him L2,275 in back pay. Goulden, 35, of Colham Avenue, Yiewsley, west London, was conditionally discharged for two years after changing his plea to guilty on the second day of the Southwark Crown Court hearing. He was ordered to pay L1,200 prosecution costs and L1,250 compensation to the company's liquidators. Goulden had originally denied the charge of unauthorized modification of computer material under the 1990 Computer Misuse Act. After his change of plea Judge John Hunter told him: "I think it was plain at a very early stage of these proceedings that you had no defence to this allegation." Mr. Warwick McKinnon, prosecuting, told the jury Goulden added a program to a computer belonging to Ampersand Typesetters, of Camden, north-west London, in June last year which prevented the retrieval of information without a special password. Three months later the company "folded". Mr Jonathan Seitler, defending, said Goulden had changed his plea after realizing he had inadvertently broken the law. _______________________________________________________________________________ 2. ICL & GM Hughes In Joint Venture To Combat Computer Hackers (Extel Examiner, June 15, 1992) -- General Motors Corporation unit, Hughes STX, and ICL have set up a joint venture operation offering ways of combating computer hackers. Hughes STX is part of GM's GM Hughes Electronics Corporation subsidiary. ICL is 80% owned by Fujitsu. Industry sources say the venture could reach $100 million in annual sales within four years. _______________________________________________________________________________ 3. Another Cornell Indictment (Ithaca Journal, June 17, 1992) -- Mark Pilgrim, David Blumenthal, and Randall Swanson -- all Cornell students -- have each been charged with 4 felony counts of first-degree computer tampering, 1 count of second-degree computer tampering, and 7 counts of second-degree attempted computer tampering in connection with the release of the MBDF virus to the Internet and to various BBSs. David Blumenthal has also been charged with two counts of second-degree forgery and two counts of first-degree falsifying business records in connection with unauthorized account creation on Cornell's VAX5 system. He was also charged with a further count of second-degree computer tampering in connection with an incident that occurred in December of 1991. _______________________________________________________________________________ 4. Computer Watchdogs Lead Troopers To Hacker (PR Newswire, July 17, 1992) -- Olympia, Washington -- State Patrol detectives served a search warrant at an East Olympia residence Thursday evening, July 16, and confiscated a personal computer system, programs and records, the Washington State Patrol said. The resident, who was not on the premises when the warrant was served, is suspected of attempts to break into computer files at the Department of Licensing and the State Insurance Commissioner's office. The "hacker's" attempts triggered computerized security devices which alerted officials someone was attempting to gain access using a telephone modem. Patrol detectives and computer staff monitored the suspect's repeated attempts for several weeks prior to service of the warrant. Placement of a telephone call by a non-recognized computer was all that was required to trigger the security alert. The internal security system then stored all attempted input by the unauthorized user for later retrieval and use by law enforcement. Integrity of the state systems was not breached. The investigation is continuing to determine if several acquaintances may be linked to the break in. Charges are expected to be filed as early as next week in the case. CONTACT: Sgt. Ron Knapp of the Washington State Patrol, (206)459-6413 _______________________________________________________________________________ 5. UPI reports that the 313 NPA will split to a new 810 NPA effective August 10, 1994. Oakland, Macomb, Genesee, Lapeer, St. Clair and Sanilac counties as well as small sections of Saginaw, Shiawassee and Livingston counties will go into 810. Wayne, Washtenaw, Monroe, and small parts of Jackson and Lenawee counties will remain in 313. The city of Detroit is in Wayne County and won't change. _______________________________________________________________________________