home *** CD-ROM | disk | FTP | other *** search
-
- ==Phrack Inc.==
-
- Volume Four, Issue Forty-One, File 11 of 13
-
- PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
- PWN PWN
- PWN Phrack World News PWN
- PWN PWN
- PWN Issue 41 / Part 1 of 3 PWN
- PWN PWN
- PWN Compiled by Datastream Cowboy PWN
- PWN PWN
- PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
-
-
- Reports of "Raid" on 2600 Washington Meeting November 9, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Barbara E. McMullen & John F. McMullen (Newsbytes)
-
- WASHINGTON, D.C. -- The publisher of a well-known hacker magazine claims a
- recent meeting attended by those interested in the issues his magazine raises
- was disrupted by threats of arrest by security and Arlington, Virginia police
- officers.
-
- Eric Corley, also known as "Emmanuel Goldstein," editor and publisher of "2600
- Magazine: The Hacker Quarterly," told Newsbytes that the meeting was held
- November 6th at the Pentagon City Mall outside Washington, DC was disrupted and
- material was confiscated in the raid.
-
- 2600 Magazine promotes monthly meetings of hackers, press, and other interested
- parties throughout the country. The meetings are held in public locations on
- the first Friday evening of the month and the groups often contact each other
- by telephone during the meetings.
-
- Corley told Newsbytes that meetings were held that evening in New York,
- Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los Angeles and San
- Francisco. Corley said, "While I am sure that meetings have been observed by
- law enforcement agencies, this is the only time that we have been harassed. It
- is definitely a freedom of speech issue."
-
- According to Craig Neidorf, who was present at the meeting and was distributing
- applications for membership in Computer Professionals For Social Responsibility
- (CPSR), "I saw the security officers focusing on us. Then they started to come
- toward us from a number of directions under what seemed to be the direction of
- a person with a walkie-talkie on a balcony. When they approached, I left the
- group and observed the security personnel encircling the group of about 30
- gatherers. The group was mainly composed of high school and college students.
- The guards demanded to search the knapsacks and bags of the gatherers. They
- confiscated material, including CPSR applications, a copy of Mondo 2000 (a
- magazine), and other material."
-
- He adds that the guards also confiscated film "from a person trying to take
- pictures of the guards. When a hacker called "HackRat" attempted to copy down
- the names of the guards, they took his pencil and paper."
-
- Neidorf continued, "I left to go outside and rejoined the group when they were
- ejected from the mall. The guards continued challenging the group and told
- them that they would be arrested if they returned. When one of the people
- began to take pictures of the guards, the apparent supervisor became excited
- and threatening but did not confiscate the film."
-
- Neidorf also said, "I think that the raid was planned. They hit right about
- 6:00 and they identified our group as "hackers" and said that they knew that
- this group met every month."
-
- Neidorf's story was supported by a Washington "hacker" called "Inhuman," who
- told Newsbytes, "I arrived at the meeting late and saw the group being detained
- by the guards. I walked along with the group as they were being ushered out
- and when I asked a person who seemed to be in authority his name, he pointed at
- a badge with his name written in script on it. I couldn't make out the name
- and, when I mentioned that to the person, he said 'If you can't read it, too
- bad.' I did read his name, 'C. Thomas,' from another badge."
-
- Inhuman also told Newsbytes that he was told by a number of people that the
- guards said that they were "acting on behalf of the Secret Service." He added,
- "I was also told that there were two police officers from the Arlington County
- Police present but I did not see them."
-
- Another attendee, Doug Luce, reports, "I also got to the DC meeting very late;
- 7:45 or so. It seemed like a coordinated harassment episode, not geared toward
- busting anyone, but designed to get people riled up, and maybe not come back to
- the mall."
-
- Luce adds that he overheard a conversation between someone who had brought a
- keyboard to sell. The person, he said, was harassed by security forces, one of
- whom said, "You aren't selling anything in my mall without a vendors permit!"
-
- Possible Secret Service involvement was supported by a 19 year-old college
- student known as the "Lithium Bandit," who told Newsbytes, "I got to the mall
- about 6:15 and saw the group being detained by approximately 5 Arlington County
- police and 5 security guards. When I walked over to see what was going on, a
- security guard asked me for an ID and I refused to show it, saying that I was
- about to leave. The guard said that I couldn't leave and told me that I had to
- see a police officer. When I did, the officer demanded ID and, when I once
- again refused, he informed me that I could be detained for up to 10 hours for
- refusing to produce identification. I gave in and produced my school ID which
- the police gave to the security people who copied down my name and social
- security number."
-
- Lithium Bandit continued, "When I asked the police what was behind this action,
- I was told that they couldn't answer but that 'the Secret Service is involved
- and we are within our rights doing this."
-
- The boy says he and others later went to the Arlington police station to get
- more information and were told only that there was a report of the use of a
- stolen credit card and two officers were sent to investigate. "They later
- admitted that it was 5 (officers). While I was detained, I heard no mention of
- a credit card and there was no one arrested."
- Marc Rotenberg, director of CPSR's Washington office, told Newsbytes, "I have
- really no details on the incident yet, but I am very concerned about the
- reports. Confiscation of CPSR applications, if true, is outrageous. I will
- find out more facts on Monday."
-
- Newsbytes was told by the Pentagon City Mall office that any information
- concerning the action would have to come from the director of security, Al
- Johnson, who was not available until Monday. The Arlington Country Police
- referred Newsbytes to a "press briefing recording" which had not been updated
- since the morning before the incident.
-
- Corley told Newsbytes, "There have been no reports of misbehavior by any of
- these people. They were obviously singled out because they were hackers. It's
- as if they were being singled out as an ethnic group. I admire the way the
- group responded -- in a courteous fashion. But it is inexcusable that it
- happened. I will be at the next Washington meeting to insure that it doesn't
- happen again."
-
- The manager of one of New York state's largest malls provided background
- information to Newsbytes on the rights of malls to police those on mall
- property, saying, "The primary purpose of a mall is to sell. The interior of
- the mall is private property and is subject to the regulations of the mall.
- The only requirement is that the regulations be enforced in an even-handed
- manner. I do not allow political activities in my mall so I could not make an
- exception for Democrats. We do allow community groups to meet but they must
- request space at least two weeks before the meeting and must have proper
- insurance. Our regulations also say that groups of more than 4 may not
- congregate in the mall."
-
- The spokeswoman added that mall security can ask for identification from those
- who violate regulations and that they may be barred from the mall for a period
- of 6 months.
-
- She added, "Some people feel that mall atriums and food courts are public
- space. They are not and the industry is united on this. If the malls were to
- receive tax benefits for the common space and public service in snow removal
- and the like, it could possibly be a public area but malls are taxed on the
- entire space and are totally private property, subject to their own
- regulations. If a group of 20 or more congregated in my mall, they would be
- asked to leave."
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
- Confusion About Secret Service Role In 2600 Washington Raid November 7, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Barbara E. McMullen & John F. McMullen (Newsbytes)
-
- WASHINGTON, D.C.-- In the aftermath of an action on Friday, November 6th by
- members of the Pentagon City Mall Police and police from Arlington County,
- Virginia in which those attending a 2600 meeting at the mall were ordered from
- the premises, conflicting stories continue to appear.
-
- Attendees at the meeting have contended to Newsbytes that members of the mall
- police told them that they were "acting on behalf of the Secret Service." They
- also maintain that the mall police confiscated material from knapsacks and took
- film from someone attempting to photograph the action and a list of the names
- of security officers that one attendee was attempting to compile.
-
- Al Johnson, chief of security for the mall, denied these allegations to
- Newsbytes, saying "No one said that we were acting on behalf of the Secret
- Service. We were merely enforcing our regulations. While the group was not
- disruptive, it had pulled tables together and was having a meeting in our food
- court area. The food court is for people eating and is not for meetings. We
- therefore asked the people to leave."
-
- Johnson denied that security personnel took away any film or lists and further
- said "We did not confiscate any material. The group refused to own up to who
- owned material on the tables and in the vicinity so we collected it as lost
- material. If it turns out that anything did belong to any of those people,
- they are welcome to come in and, after making proper identification, take the
- material."
-
- In a conversation early on November 9th, Robert Rasor, Secret Service agent-in-
- charge of computer crime investigations, told Newsbytes that having mall
- security forces represent the Secret Service is not something that was done
- and, that to his knowledge, the Secret Service had no involvement with any
- Pentagon City mall actions on the previous Friday.
-
- A Newsbytes call to the Arlington County police was returned by a Detective
- Nuneville who said that her instructions were to refer all questions concerning
- the matter to agent David Adams of the Secret Service. She told Newsbytes that
- Adams would be providing all information concerning the involvement of both the
- Arlington Police and the Secret Service in the incident.
-
- Adams told Newsbytes "The mall police were not acting as agents for the Secret
- Service. Beyond that, I can not confirm or deny that there is an ongoing
- investigation."
-
- Adams also told Newsbytes that "While I cannot speak for the Arlington police,
- I understand that their involvement was due to an incident unrelated to the
- investigation."
-
- Marc Rotenberg, director of the Washington office of Computer Professionals for
- Social Responsibility (CPSR), told Newsbytes "CPSR has reason to believe that
- the detention of people at the Pentagon City Mall last Friday was undertaken at
- the behest of the Secret Service, which is a federal agency. If that is the
- case, then there was an illegal search of people at the mall. There was no
- warrant and no indication of probable illegal activity. This raises
- constitutional issues. We have undertaken the filing of a Freedom of
- Information Act (FOIA) request to determine the scope, involvement and purpose
- of the Secret Service in this action."
-
- 2600 meetings are held on the evening of the first Friday of each month in
- public places and malls in New York City, Washington, Philadelphia, Cambridge,
- St. Louis, Chicago, Los Angeles and San Francisco. They are promoted by 2600
- Magazine: The Hacker Quarterly and are attended by a variety of persons
- interested in telecommunications and so-called "hacker issues". The New York
- meeting, the oldest of its kind, is regularly attended by Eric Corley a/k/a
- Emmanuel Goldstein, editor and publisher of 2600, hackers, journalists,
- corporate communications professionals and other interested parties. It is
- known to have been the subject of surveillance at various times by law
- enforcement agencies conducting investigations into allegations of computer
- crime.
-
- Corley told Newsbytes "While I'm sure that meetings have been observed by law
- enforcement agencies, this is the only time that we have been harassed. It's
- definitely a freedom of speech issue." Corley also that he plans to be at the
- December meeting in Washington "to insure that it doesn't happen again."
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
- Conflicting Stories In 2600 Raid; CRSR Files FOIA November 11, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Barbara E. McMullen & John F. McMullen (Newsbytes)
-
- WASHINGTON, D.C. -- In the on-going investigation of possible Secret Service
- involvement in the Friday, November 6th ejection of attendees at a "2600
- meeting" from the premises of the Pentagon City Mall, diametrically opposed
- statements have come from the same source.
-
- Al Johnson, chief of security for the Pentagon City Mall told Newsbytes on
- Monday, November 9th "No one said that we were acting on behalf of the Secret
- Service. We were merely enforcing our regulations. While the group was not
- disruptive, it had pulled tables together and was having a meeting in our food
- court area. The food court is for people eating and is not for meetings. We
- therefore asked the people to leave."
-
- On the same day, Johnson was quoted was quoted in a Communications Daily
- article by Brock Meeks as saying "As far as I'm concerned, we're out of this.
- The Secret Service, the FBI, they're the ones that ramrodded this whole thing."
-
- Newsbytes contacted Meeks to discuss the discrepancies in the stories and were
- informed that the conversation with Johnson had been taped and was available
- for review. The Newsbytes reporter listened to the tape (and reviewed a
- transcript). On the tape, Johnson was clearly heard to make the statement
- quoted by Meeks.
-
- He also said "maybe you outta call the Secret Service, they're handling this
- whole thing. We, we were just here", and, in response to a Meeks question
- about a Secret Service contact, "Ah.. you know, I don't have a contact person.
- These people were working on their own, undercover, we never got any names, but
- they definitely, we saw identification, they were here."
-
- Newsbytes contacted Johnson again on the morning of Wednesday, November 11 and
- asked him once again whether there was any Secret Service involvement in the
- action. Johnson said "No, I told you that they were not involved." When it was
- mentioned that there was a story in Communications Daily, quoting him to the
- contrary, Johnson said "I never told Meeks that. There was no Secret Service
- involvement"
-
- Informed of the possible existence of a tape quoting him to the contrary.
- Johnson said "Meeks taped me? He can't do that. I'll show him that I'm not
- fooling around. I'll have him arrested."
-
- Johnson also said "He asked me if the Secret Service was involved; I just told
- him that, if he thought they were, he should call them and ask them."
-
- Then Johnson again told Newsbytes that the incident was "just a mall problem.
- There were too many people congregating."
-
- [NOTE: Newsbytes stands by its accurate reporting of Johnson's statements. It
- also affirms that the story by Meeks accurately reflects the material taped
- during his interview]
-
- In a related matter, Marc Rotenberg, director of the Washington office of
- Computer Professionals For Social Responsibility (CPSR) has announced that CPSR
- has filed a Freedom of Information Act (FOIA) request with the Secret Service
- asking for information concerning Secret Service involvement in the incident.
-
- Rotenberg told Newsbytes that the Secret Service has 10 days to respond to the
- request. He also said that CPSR "is exploring other legal options in this
- matter."
-
- The Secret Service, in earlier conversations with Newsbytes, has denied that
- the mall security was working on its behalf.
-
- In the incident itself, a group attending the informal meeting was disbanded
- and, according to attendees, had property confiscated. They also contend that
- security guards took film from someone photographing the confiscation as well
- as a list that someone was making of the guard's names. In his November 9th
- conversation with Newsbytes, Johnson denied that security personnel took away
- any film or lists and further said "We did not confiscate any material. The
- group refused to own up to who owned material on the tables and in the vicinity
- so we collected it as lost material. If it turns out that anything did belong
- to any of those people, they are welcome to come in and, after making proper
- identification, take the material."
-
- 2600 meetings are promoted by 2600 Magazine: The Hacker Quarterly and are held
- on the evening of the first Friday of each month in public places and malls in
- New York City, Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los
- Angeles and San Francisco. They are regularly attended by a variety of persons
- interested in telecommunications and so-called "hacker issues".
- _______________________________________________________________________________
-
- Secret Service Grabs Computers In College Raid December 17, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Joe Abernathy (The Houston Chronicle)(Page A37)
-
- The Secret Service has raided a dorm room at Texas Tech University, seizing the
- computers of two Houston-area students who allegedly used an international
- computer network to steal computer software.
-
- Agents refused to release the names of the two area men and a third man, a
- former Tech student from Austin, who were not arrested in the late-morning raid
- Monday at the university in Lubbock. Their cases will be presented to a grand
- jury in January.
-
- The three, in their early 20s, are expected to be charged with computer crime,
- interstate transport of stolen property and copyright infringements.
-
- "The university detected it," said Agent R. David Freriks of the Secret Service
- office in Dallas, which handled the case. He said Texas Tech computer system
- operators noticed personal credit information mixed in with the software
- mysteriously filling up their data storage devices.
-
- The former student admitted pirating at least $6,000 worth of games and
- programs this summer, Freriks said.
-
- The raid is the first to fall under a much broader felony definition of
- computer software piracy that could affect many Americans.
-
- Agents allege the three used the Internet computer network, which connects up
- to 15 million people in more than 40 nations, to make contacts with whom they
- could trade pirated software. The software was transferred over the network,
- into Texas Tech's computers and eventually into their personal computers.
-
- The Software Publishers Association, a software industry group chartered to
- fight piracy, contends the industry lost $1.2 billion in sales in 1991 to
- pirates.
-
- Although these figures are widely questioned for their accuracy, piracy is
- widespread among Houston's 450-plus computer bulletin boards, and even more so
- on the global Internet.
-
- "There are a lot of underground sites on the Internet run by university system
- administrators, and they have tons of pirated software available to download --
- gigabytes of software," said Scott Chasin, a former computer hacker who is now
- a computer security consultant.
-
- Freriks said the investigation falls under a revision of the copyright laws
- that allows felony charges to be brought against anyone who trades more than 10
- pieces of copyrighted software -- a threshold that would cover many millions of
- Americans who may trade copies of computer programs with their friends.
-
- "The ink is barely dry on the amendment, and you've already got law enforcement
- in there, guns blazing, because somebody's got a dozen copies of stolen
- software," said Marc Rotenberg, director of Computer Professionals for Social
- Responsibility, in Washington.
-
- "That was a bad provision when it was passed, and was considered bad for
- precisely this reason, giving a justification for over-reaching by law
- enforcement."
-
- Freriks said the raid also involved one of the first uses of an expanded right
- to confiscate computers used in crime.
-
- "Our biggest complaint has been that you catch 'em and slap 'em on the wrist,
- and then give the smoking gun back," he said.
-
- "So they've changed the law so that we now have forfeiture authority."
-
- The Secret Service already has been under fire for what is seen by civil
- libertarians as an overly casual use of such authority, which many believe has
- mutated from an investigative tool into a de facto punishment without adequate
- court supervision.
-
- _______________________________________________________________________________
-
- Hacker Taps Into Freeway Call Box -- 11,733 Times October 23, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Jeffrey A. Perlman (Los Angeles Times)(Page A3)
-
- SANTA ANA, CA -- An enterprising hacker reached out and touched someone 11,733
- times in August -- from a freeway emergency call box in Orange County.
-
- A computer that monitors the county's emergency call boxes attributed 25,875
- minutes of calls to the mysterious caller who telephoned people in countries
- across the globe, according to a staff report prepared for the Orange County
- Transportation Authority.
-
- "This is well over the average of roughly 10 calls per call box," the report
- noted.
-
- About 1,150 bright yellow call boxes have been placed along Orange County's
- freeways to connect stranded motorists to the California Highway Patrol. But
- the caller charged all his calls to a single box on the shoulder of the Orange
- (57) Freeway.
-
- The hacker apparently matched the individual electronic serial number for the
- call box to its telephone number. It took an investigation by the transit
- authority, and three cellular communications firms to unravel the mystery, the
- report stated.
-
- Officials with the transit authority's emergency call box program were not
- available to comment on the cost of the phone calls or to say how they would be
- paid.
-
- But the report assured that "action has been taken to correct this problem. It
- should be noted that this is the first incident of this type in the five-year
- history of the program."
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
- Ring May Be Responsible For Freeway Call Box Scam October 24, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Jodi Wilgoren (Los Angeles Times)(Page B4)
-
- "Officials Believe A Hacker Sold Information to Others;
- LA Cellular Will Pay For The Excess Calls."
-
- COSTA MESA, CA -- As soon as he saw the August bill for Orange County's freeway
- call boxes, analyst Dana McClure guessed something was awry.
-
- There are typically about 12,000 calls a month from the 1,150 yellow boxes that
- dot the county's freeways. But in August, there were nearly that many
- registered to a single box on the Orange Freeway a half-mile north of Lambert
- Road in Brea.
-
- "This one stood out, like 'Whoa!'" said McClure, who analyzes the monthly
- computer billing tapes for the Orange County Transportation Authority. "It
- kicked out as an error because the number of minutes was so far over what it is
- supposed to be."
-
- With help from experts at LA Cellular, which provides the telephone service for
- the boxes, and GTE Cellular, which maintains the phones, McClure and OCTA
- officials determined that the calls -- 11,733 of them totaling 25,875 minutes
- for a charge of about $1,600 -- were made because the hacker learned the code
- and telephone number for the call boxes.
-
- Because of the number of calls in just one month's time, officials believe
- there are many culprits, perhaps a ring of people who bought the numbers from
- the person who cracked the system.
-
- You'd have to talk day and night for 17 or 18 days to do that; it'd be
- fantastic to be able to make that many calls," said Lee Johnson of GTE
- Cellular.
-
- As with all cases in which customers prove they did not make the calls on their
- bills, LA Cellular will pick up the tab, company spokeswoman Gail Pomerantz
- said. Despite the amount of time involved, the bill was only $1,600, according
- to OCTA spokeswoman Elaine Beno, because the county gets a special emergency
- service rate for the call box lines.
-
- The OCTA will not spend time and money investigating who made the calls;
- however, it has adjusted the system to prevent further fraud. Jim Goode of LA
- Cellular said such abuses are rare among cellular subscribers, and that such
- have never before been tracked to freeway call boxes.
-
- The call boxes contain solar cellular phones programmed to dial directly to the
- California Highway Patrol or a to a GTE Cellular maintenance line. The calls
- on the August bill included 800 numbers and 411 information calls and hundreds
- of calls to financial firms in New York, Chicago and Los Angeles. That calls
- were placed to these outside lines indicates that the intruders made the
- connections from another cellular phone rather than from the call box itself.
- Each cellular phone is assigned a seven-digit Mobile Identification Number that
- functions like a phone number, and a 10- or 11-digit Electronic Service Number
- unique to that particular phone (similar to the vehicle identification number
- assigned every automobile). By reprogramming another cellular phone with the
- MIN and ESN of the call box phone, a hacker could charge all sorts of calls to
- the OCTA.
-
- "That's not legally allowable, and it's not an easy thing to do," McClure said,
- explaining that the numbers are kept secret and that reprogramming a cellular
- phone could wreck it. "Most people don't know how to do that, but there are
- some."
-
- Everyone involved with the call box system is confident that the problem has
- been solved, but officials are mum as to how they blocked potential cellular
- banditry.
-
- "I don't think we can tell you what we did to fix it because we don't want it
- to happen again," Beno said with a laugh.
- _______________________________________________________________________________
-
- FBI Probes Possible Boeing Computer Hacker November 6, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Taken from Reuters
-
- SEATTLE -- Federal authorities said Friday they were investigating the
- possibility that a hacker had breached security and invaded a Unix-based
- computer system at the aerospace giant Boeing Co.
-
- The Federal Bureau of Investigation confirmed the probe after a Seattle radio
- station reported it received a facsimile of a Boeing memorandum warning
- employees the security of one of its computer networks may have been violated.
-
- The memo, which had been sent from inside Boeing, said passwords may have been
- compromised, a reporter for the KIRO station told Reuters.
-
- KIRO declined to release a copy of the memorandum or to further identify its
- source.
-
- The memorandum said the problem involved computers using Unix, the open-ended
- operating system used often in engineering work.
-
- Sherry Nebel, a spokeswoman at Boeing's corporate headquarters, declined
- comment on the memorandum or the alleged breach of security and referred all
- calls to the FBI.
-
- An FBI spokesman said the agency was in touch with the company and would
- discuss with it possible breaches of federal law.
-
- No information was immediately available on what type of computer systems may
- have been violated at Boeing, the world's largest commercial aircraft
- manufacturer.
-
- The company, in addition, acts as a defense contractor and its business
- includes work on the B-2 stealth bomber, NASA's space station and the "Star
- Wars" project.
-
- Boeing is a major user of computer technology and runs a computer services
- group valued at $1 billion.
-
- Much of the company's engineering work is conducted using computer -aided
- design (CAD) capabilities. Boeing currently is pioneering a computerized
- technique which uses 2,000 computer terminals to design its new 777 twinjet.
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
- FBI Expands Boeing Computer Hacker Probe November 9, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Samuel Perry (Reuters)
-
- SEATTLE -- Federal authorities expanded their investigation of a computer
- hacker or hackers suspected of having invaded a computer system at aerospace
- giant and defense contractor Boeing Co.
-
- FBI spokesman Dave Hill said the investigation was expanded after the agency
- discovered similar infiltrations of computer records belonging to the U.S.
- District Court in Seattle and another government agency.
-
- "We're trying to determine if the same individuals are involved here," he said,
- adding more than one suspect may be involved and the purpose of the intrusion
- was unclear.
-
- "We don't think this was an espionage case," Hill said, adding federal agents
- were looking into violations of U.S. law barring breaking into a computer of
- federal interest, but that no government classified data was believed to be
- compromised.
-
- "I'm not sure what their motivation is," he told Reuters.
-
- The FBI confirmed the investigation after a Seattle radio station reported it
- received a facsimile of a Boeing memorandum warning employees that the security
- of one of its computer networks may have been violated.
-
- A news reporter at KIRO Radio, which declined to release the facsimile, said
- it was sent by someone within Boeing and that it said many passwords may have
- been compromised.
-
- Boeing's corporate headquarters has declined to comment on the matter,
- referring all calls to the FBI.
-
- The huge aerospace company, which is the world's largest maker of commercial
- jetliners, relies heavily on computer processing to design and manufacture its
- products. Its data processing arm operates $1.6 billion of computer equipment.
-
- No information was disclosed on what system at Boeing had been compromised.
- But one computer industry official said it could include "applications
- involving some competitive situations in the aerospace industry.
-
- The company is a defense contractor or subcontractor on major U.S. military
- programs, such as the B-2 stealth bomber, the advanced tactical fighter,
- helicopters, the NASA space station and the "Star Wars" missile defense system.
-
- Recently, Boeing has pioneered the unprecedented use of computer-aided design
- capabilities in engineering its new 777 twinjet. The design of the 777 is now
- mostly complete as Boeing prepares for final assembly beginning next year.
-
- That system, which uses three-dimensional graphics to replace a draftsman's
- pencil and paper, includes 2,000 terminals that can tap into data from around
- the world.
- _______________________________________________________________________________
-
- Hacker Breaches NOAA Net August 3, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~
- by Kevin Power (Government Computer News)(Page 10)
-
- As a recent breach of the National Oceanic and Atmospheric Administration's
- (NOAA) link to the Internet shows, the network not only benefits scientists but
- also attracts unwanted attention from hackers.
-
- NOAA officials said an intruder in May accessed the agency's TCP/IP network,
- seeking to obtain access to the Internet. The breach occurred on the National
- Weather Service headquarters' dial-in communications server in Silver Spring,
- Maryland, said Harold Whitt, a senior telecommunications engineer with NOAA.
-
- Cygnus Support, a Palo Alto, California, software company, alerted NOAA
- officials to the local area network security breach when Cygnus found that an
- outsider had accessed one of its servers from the NOAA modem pool and had
- attempted several long-distance phone calls.
-
- NOAA and Cygnus officials concluded that the perpetrator was searching for an
- Internet host, possibly to locate a games publisher, Whitt said. Fortunately,
- the hacker did no damage to NOAA's data files, he said.
-
- Whitt said intruders using a modem pool to tap into external networks are
- always a security concern. But organizations with Internet access seem to be
- hacker favorites, he said. "There's a lot of need for Internet security,"
- Whitt said.
-
- "You have to make sure you monitor the usage of the TCP/IP network and the
- administration of the local host. It's a common problem, but in our case we're
- more vulnerable because of tremendous Internet access," Whitt said.
-
- Whitt said NOAA's first response was to terminate all dial-in services
- temporarily and change all the numbers.
-
- Whitt said he also considered installing a caller-identification device for the
- new lines. But the phone companies have limited capabilities to investigate
- random incidents, he said.
-
- "It's very difficult to isolate problems at the protocol level," Whitt said.
- "We targeted the calls geographically to the Midwest.
-
- "But once you get into the Internet and have an understanding of TCP/IP, you
- can just about go anywhere," Whitt said.
-
- NOAA, a Commerce Department agency, has since instituted stronger password
- controls and installed a commercial dial-back security system, Defender from
- Digital Pathways Inc. of Mountain View, California.
-
- Whitt said the new system requires users to undergo password validation at dial
- time and calls back users to synchronize modems and log calls. Despite these
- corrective measures, Reed Phillips, Commerce's IRM director, said the NOAA
- incident underlies the axiom that networks always should be considered
- insecure.
-
- At the recent annual conference of the Federation of Government Information
- Processing Councils in New Orleans, Phillips said the government is struggling
- to transmit more information electronically and still maintain control over the
- data.
-
- Phillips said agencies are plagued by user complacency, a lack of
- organizational control, viruses, LAN failures and increasing demands for
- electronic commerce. "I'm amazed that there are managers who believe their
- electronic-mail systems are secure," Phillps said. "We provide a great deal of
- security, but it can be interrupted.
-
- "Security always gets hits hard in the budget. But the good news is vendors
- recognize our needs and are coming out with cheaper security tools," Phillips
- said.
-
- Phillips said the NOAA attack shows that agencies must safeguard a network's
- physical points because LANs present more security problems than centralized
- systems.
-
- "The perpetrator can dial in via a modem using the common services provided by
- the telephone company, and the perpetrator risks no personal physical harm. By
- gaining access to a single system on the network the perpetrator is then able
- to propagate his access rights to multiple systems on the network," Phillips
- said.
-
- "In many LAN environments a user need only log on the network once and all
- subsequent access is assumed to be authorized for the entire LAN. It then
- becomes virtually impossible for a network manager or security manager to track
- events of a perpetrator," he said.
- _______________________________________________________________________________
-
- Hackers Scan Airwaves For Conversations August 17, 1992
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by Mark Lewyn (The Washington Post)(Page A1)
-
- "Eavesdroppers Tap Into Private Calls."
-
- On the first day of the Soviet coup against Mikhail Gorbachev in August 1991,
- Vice President Quayle placed a call to Senator John C. Danforth (R-Mo.) and
- assessed the tense, unfolding drama.
-
- It turned out not to be a private conversation.
-
- At the time, Quayle was aboard a government jet, flying to Washington from
- California. As he passed over Amarillo, Texas his conversation, transmitted
- from the plane to Danforth's phone, was picked up by an eavesdropper using
- electronic "scanning" gear that searches the airwaves for radio or wireless
- telephone transmissions and then locks onto them.
-
- The conversation contained no state secrets -- the vice president observed that
- Gorbachev was all but irrelevant and Boris Yeltsin had become the man to watch.
- But it remains a prized catch among the many conversations overhead over many
- years by one of a steadily growing fraternity of amateur electronics
- eavesdroppers who listen in on all sorts of over-the-air transmissions, ranging
- from Air Force One communications to cordless car-phone talk.
-
- One such snoop overheard a March 1990 call placed by Peter Lynch, a well-known
- mutual fund executive in Boston, discussing his forthcoming resignation, an
- event that later startled financial circles. Another electronic listener
- overheard the chairman of Popeye's Fried Chicken disclose plans for a 1988
- takeover bid for rival Church's Fried Chicken.
-
- Calls by President Bush and a number of Cabinet officers have been intercepted.
- The recordings of car-phone calls made by Virginia Governor L. Douglas Wilder
- (D), intercepted by a Virginia Beach restaurant owner and shared with Senator
- Charles S. Robb (D-Va.), became a cause ce'le'bre in Virginia politics.
-
- Any uncoded call that travels via airwaves, rather than wire, can be picked up,
- thus the possibilities have multiplied steadily with the growth of cellular
- phones in cars and cordless phones in homes and offices. About 41 percent of
- U.S. households have cordless phones and the number is expected to grow by
- nearly 16 million this year, according to the Washington-based Electronics
- Industry Association.
-
- There are 7.5 million cellular phone subscribers, a technology that passes
- phone calls over the air through a city from one transmission "cell" to the
- next. About 1,500 commercial airliners now have air-to-ground phones -- roughly
- half the U.S. fleet.
-
- So fast-growing is this new form of electronic hacking that it has its own
- magazines, such as Monitoring Times. "The bulk of the people doing this aren't
- doing it maliciously," said the magazine's editor, Robert Grove, who said he
- has been questioned several times by federal agents, curious about hackers'
- monitoring activities.
-
- But some experts fear the potential for mischief. The threat to business from
- electronic eavesdropping is "substantial," said Thomas S. Birney III, president
- of Cellular Security Group, a Massachusetts-based consulting group.
-
- Air Force One and other military and government aircraft have secure satellite
- phone links for sensitive conversations with the ground, but because these are
- expensive to use and sometimes not operating, some calls travel over open
- frequencies. Specific frequencies, such as those used by the president's
- plane, are publicly available and are often listed in "scanners" publications
- and computer bulletin boards.
-
- Bush, for example, was accidentally overheard by a newspaper reporter in 1990
- while talking about the buildup prior to the Persian Gulf War with Senator
- Robert Byrd (D-W.Va.). The reporter, from the Daily Times in Gloucester,
- Massachusetts quickly began taking notes and the next day, quoted Bush in his
- story under the headline, "Bush Graces City Airspace."
-
- The vice president's chief of staff, William Kristol, was overheard castigating
- one staff aide as a "jerk" for trying to reach him at home.
-
- Some eavesdroppers may be stepping over the legal line, particularly if they
- tape record such conversations.
-
- The Electronic Communications Privacy Act prohibits intentional monitoring,
- taping or distribution of the content of most electronic, wire or private oral
- communications. Cellular phone calls are explicitly protected under this act.
- Local laws often also prohibit such activity. However, some lawyers said that
- under federal law, it is legal to intercept cordless telephone conversations as
- well as conversations on an open radio channel.
-
- The government rarely prosecutes such cases because such eavesdroppers are
- difficult to catch. Not only that, it is hard to win convictions against
- "listening Toms," lawyers said, because prosecutors must prove the
- eavesdropping was intentional.
-
- "Unless they prove intent they are not going to win," said Frank Terranella,
- general counsel for the Association of North American Radio Clubs in Clifton,
- New Jersey. "It's a very tough prosecution for them."
-
- To help curb eavesdropping, the House has passed a measure sponsored by Rep.
- Edward J. Markey (D-Mass.), chairman of the House telecommunications and
- finance subcommittee, that would require the Federal Communications Commission
- to outlaw any scanner that could receive cellular frequencies. The bill has
- been sent to the Senate.
-
- But there are about 10 million scanners in use, industry experts report, and
- this year sales of scanners and related equipment such as antennas will top
- $100 million.
-
- Dedicated scanners, who collect the phone calls of high-ranking government
- officials the way kids collect baseball cards, assemble basements full of
- electronic gear.
-
- In one sense, the electronic eavesdroppers are advanced versions of the
- ambulance chasers who monitor police and fire calls with simpler scanning
- equipment and then race to the scene of blazes and accidents for a close look.
- But they also have kinship with the computer hackers who toil at breaking into
- complex computer systems and rummaging around other's files and software
- programs.
-
- One New England eavesdropper has four scanners, each one connected to its own
- computer, with a variety of frequencies programmed. When a conversation
- appears on a pre-selected frequency, a computer automatically locks in on the
- frequency to capture it. He also keeps a scanner in his car, for entertainment
- along the road.
-
- He justifies his avocation with a seemingly tortured logic. "I'm not going out
- and stealing these signals," he said. "They're coming into my home, right
- through my windows."
- _______________________________________________________________________________
-
- Why Cybercrooks Love Cellular December 21, 1989
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- by William G. Flanagan and Brigid McMenamin (Forbes)(Page 189)
-
- Cellular phones provide cybercrooks with golden opportunities for telephone
- toll fraud, as many shocked cellular customers are discovering. For example,
- one US West Cellular customer in Albuquerque recently received a hefty
- telephone bill.
-
- Total: $20,000.
-
- Customers are not held responsible when their phone numbers are ripped off and
- misused. But you may be forced to have your cellular phone number changed.
- The cellular carriers are the big losers -- to the tune of an estimated $300
- million per year in unauthorized calls.
-
- How do the crooks get the numbers? There are two common methods: cloning and
- tumbling.
-
- Each cellular phone has two numbers -- a mobile identification number (MIN) and
- an electronic serial number (ESN). Every time you make a call, the chip
- transmits both numbers to the local switching office for verification and
- billing.
-
- Cloning involves altering the microchip in another cellular phone so that both
- the MIN and ESN numbers match those stolen from a bona fide customer. The
- altering can be done with a personal computer. The MIN and ESN numbers are
- either purchased from insiders or plucked from the airwaves with a legal
- device, about the size of a textbook, that can be plugged into a vehicle's
- cigarette lighter receptacle.
-
- Cellular companies are starting to watch for suspicious calling patterns. But
- the cloning may not be detected until the customer gets his bill.
-
- The second method -- tumbling -- also involves using a personal computer to
- alter a microchip in a cellular phone so that its numbers change after every
- phone call. Tumbling doesn't require any signal plucking. It takes advantage
- of the fact that cellular companies allow "roaming" -- letting you make calls
- away from your home area.
-
- When you use a cellular phone far from your home base, it may take too long for
- the local switching office to verify your MIN and ESN numbers. So the first
- call usually goes through while the verification goes on. If the numbers are
- invalid, no more calls will be permitted by that office on that phone.
-
- In 1987 a California hacker figured out how to use his personal computer to
- reprogram the chip in a cellular phone. Authorities say one of his pals
- started selling altered chips and chipped-up phones. Other hackers figured out
- how to make the chips generate new, fake ESN numbers every time the cellular
- phone was used, thereby short-circuiting the verification process. By 1991
- chipped-up, tumbling ESN phones were in use all over the U.S.
-
- The cellular carriers hope to scotch the problem of tumbling with instant
- verification. But that won't stop the clones.
-
- How do crooks cash in? Drug dealers buy (for up to $ 3,200) or lease (about
- $750 per day) cellular phones with altered chips. So do the "call-sell"
- crooks, who retail long distance calls to immigrants often for less than phone
- companies charge. That's why a victim will get bills for calls all over the
- world, but especially to Colombia, Bolivia and other drug-exporting countries.
- _______________________________________________________________________________
- ^L
-