The Hacker Chronicles - A Tour of the Computer Underground

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker Chronicles - A…the Computer Underground / The Hacker Chronicles - A Tour of the Computer Underground (P-80 Systems).iso / cud2 / cud213e.txt < prev next >

Wrap

Text File | 1992-09-26 | 6KB | 126 lines

------------------------------ From: chron!magic322!edtjda@UUNET.UU.NET(Joe Abernathy) Subject: Hackers Break into DEA Lines Date: Wed, 21 Nov 90 17:32:59 CST ******************************************************************** *** CuD #2.13: File 5 of 5: Hackers & the DEA PBX (J. Abernathy *** ******************************************************************** " Hackers break into DEA lines: Long-distance Service the Target" From: Houston Chronicle, Saturday, Nov. 17, 1990 (p. 1A) By JOE ABERNATHY (Copyright 1990, Houston Chronicle) Computer hackers and others stole long distance service worth up to $1.8 million from the government through the Houston offices of the Drug Enforcement Administration, the agency acknowledged Friday. "We became aware of it last spring," said DEA spokesman Thomas Lentini. "Southwestern Bell telephone security told us that they suspected somebody was hacking into our FTS system. That's the Federal Telephone System." The agency cannot estimate the precise value of the long distance service since it used a dedicated line without per-call billing. But an Arizona prosecutor who specializes in computer fraud has estimated that such a breach can use service worth at least $100,000 a month. Self-described hackers told the Houston Chronicle that hundreds of people around the nation used the government phone lines over a period of 18 months. The DEA has taken measures to protect its system, Lentini said. The thefts were discovered during a nationwide, previously undisclosed Southwestern Bell investigation into the fraudulent use of phone credit cards. "There were some folks that were making unauthorized use of customers' credit cards," said Ken Brasel, Southwestern Bell spokesman. "In our investigation of these people we discovered that they had used these credit cards to call a local number which turned out to be the DEA." By punching in an access code after connecting with this number, callers could place outgoing calls using the federal government's dedicated, private phone lines. "You just had to dial 8 and you could go anywhere," said a hacker who brought the DEA system invasion to the Chronicle's attention. "Hundreds used it." "A guy even walked up to me in Safeway once and asked if I'd heard about the 221 PBX," said another hacker. These two and other hackers, identifying themselves by their computer system "handles" but declining to give their real names, discussed the matter with a Chronicle reporter in a series of late-night conference calls that they initiated. PBX, or private branch exchange, is the name given to the telephone switching systems used in medium to large companies, while 221 is the downtown prefix of the three DEA lines offering access into the federal phone system. "The way the system works is we call an access number that puts us into FTS, then we can call anywhere," Lentini said, explaining that the system was dedicated to upper management's use, typically for calls to Washington. "In effect, they have their own WATS line," Brasel said. "When they talk from here to Washington, they don't go through an AT&T operator." The phone lines were used both for normal calls and for computer data telecommunications, hackers said, and calls were placed around the world. According to the Arizona state attorney general's office, which has become renowned for its vigorous pursuit of hackers, PBXs are a prime source for overseas phone fraud, and give hackers a layer of security. If a call is traced,it is traced back to the company that owns the PBX, not to the hacker. "In the last two years it's just skyrocketed in terms of international" calls, said Gail Thackeray, an assistant attorney general in Arizona. "All of the long distance carriers are under siege." Thackeray estimated in a recent Chronicle interview that PBX abuse will cost industry $500 million this year. According to her formulas, the DEA hackers may have used service worth $100,000 or more during each of the 18 months in which the agency's phone system was compromised. "We have some anti-social, fairly dangerous hackers out there because of the size of tools they have," Thackeray said. Assisted by computers, the hackers find the PBX numbers through trial and error by calling all available numbers in a prefix. "Numbers get passed around like a stock commodity," said one. A breach can go undetected for a long time because the government doesn't render bills on its dedicated phone lines. "Once the break-in was discovered, we immediately changed the access number," Lentini said. "We worked with Southwestern Bell trying to determine who the culprit was and we just couldn't do it," he said. "They were getting into it from pay telephones" as well as from residences and places of employment. "Southwestern Bell is still monitoring our lines for indicators that they're hacking into it again." Referring to the larger investigation of credit card fraud, Brasel urged that consumers exercise caution. "What these guys were doing is calling up and saying 'We're from AT&T and we've had a computer failure' and they say 'We need your credit card number and your PIN (personal identification number),' " he said. "That's like giving someone the key to the bank vault. You just don't do that." ******************************************************************** ------------------------------ **END OF CuD #2.13** ******************************************************************** Downloaded From P-80 International Information Systems 304-744-2253 12yrs+