Copy Link
Add to Bookmark
Report
Modernz 05
***************************************************************************
** // USING AND ABUSING C.B.I. // **
** by **
** the GHOST **
** of the **
** Panther Modernz **
** (C)Nov. 26, 1990 **
***************************************************************************
PART 1: Introduction
The purpose of this phile is to make the CBI credit referral
service accessibleto the novice user, and to phacilitate account hacking
for the more experienced hacker. I will attempt to explain the basics of
CBI, simple commands, and the two methods phor achieving new accounts.
Sysops and phellow hackers are most welcome to copy and distribute this
phile, so long as ALL CREDITS REMAIN INTACT AND UNALTERED. And I mean that,
peons.
PART 2: What the hell IS CBI?
CBI is a credit referral service,
similar to TRW (though rather inferior). Basically, with the advent of
large-scale credit use for high-end purchases, a need arose for a service
which various businesses, banks, lending agents etc. could quickly and
easily get a complete credit history on a potential customer. Thus, these
establishments can have at their beck and call your entire credit
history: all your credit cards, their limits, any mortgages you have and
their current status, as well as various other tidbits such as loans, car
repossessiondefaulted extensions of credit, and the like. Some peoples
credit files are quite extensive, while others are surprisingly
incomplete. This, I suppose, reflects the ammount of credit usage the
individual in question has employed. To make these credit referral services
quickly and easily accessible, these companies have been kind enough to
place all their records in an online databasewhich can be called and
referenced by a legitimate account-holder via modem. Forutunately for us,
the hacker community, this wonderful database can also be called and
accessed illegally. THAT is where the phun begins.
PART 3: Okay, how do Iget on?
To make the lives of the various legal users of their system
easier, CBI has established numerous access points to their database.
Unfortunately, at the timeof the writing of this phile, I only have two
working dialup for CBI. They are: 1-713-591-8100 Houston, Texas
1-804-466-1619 Norfolk, Virginia
Also, the voiceline for CBI's 'Equifax Credit Information Services' is 1-201-842-7500. Call it and social engineer yourself a dialup or six. Once
you're ready to call, TAKE PRECAUTIONS. NEVER call a CBI dialup directly, or
just through a code. ESPECIALLY if you're trying to hack out an account.
Rather, use an outdial, or better yet, use several outdials. Make it HARD for
them to track you down. AT THE VERY LEAST, use a diverter. I usually use a
single outdial, which seems to be safe enough for simply accessing the system.
As I said, for hacking, a more 'layered' approach is advisable. Okay, so now
you've dialed the number from your cheesy outdial. The system connects.
But, nothing appears on your screen. CBI does not recognize the
standard 'carriage return' generated by your 'return' key. Rather, CBI
accepts [cntrl-s] (^s) as a return. So, to awaken the system, hit cntrl-s
(you may need to follow this with a return sometimes). Wait a few seconds
and you'll see: (LA)PLEASE SIGN-ON: The system has no echo, so you may want
to call with half duplex for some visualre-assurance. You now enter your
account. Accounts appear in two formats: 613bb2114-c2 OR 613bb2114-c2,az,p.
The system will accept either one (ie, the 'az,p.' is not necessary).
After you finish typing in the account, hit [cntrl-s] again. There will be
a few seconds brief wait, and if the account you entered is valid, the system
will say: W5B3 - PROCEED Blammo. You're in.
PART 4: How to pull files
Once you're in, there are 2 BASIC commands that you need to know to pull
peoples files. There are various other commands for more powerful accounts,
but as a low end user, you need not worry about these, and if you area a
more experienced user, then you don't need ME to tell them to you!
The files in the CBI database are referenced by either name and address or
social security number. If you know either of these for your prospective
target,you're in business. First, the easy one: To pull a persons credit
file with their SS number, enter this command: id-sss-###-##-####.[cntrl-s]
Where #'s are the digits of the SS #. Do not forget the period at the end of thecommand, it IS necessary. Also, remember to enter the command with
control-s, NOT return. Next, the more useful method of pulling a file. Enter
the following: nm-first,last.ca-house #, streetname, streettype, town, state, zipcode. [cntrl-s] As for the name, you MUST have the full last name, but you only need to enter the first initial or a partial name. For the address, spelling the streetname and town correctly are important. Also, the zipcode is NOT NECESSARY. You can just put the period after the state and hit ^s. Streettype refers to blvd, st, rd, ln, ct...etc, you get the idea...you can either spell it out or use the common abbreviation. For towns or streets with
2 words, ie 'Seaside Heights' enter it exactly as is, for example:
nm-lamer,joe.ca-666,wanker,ln,seaside heights,nj.^s
***************************************************************************
PART 5: What's this weird number shit?
When you successfully pull a file, you'll see something like this:
*WAD,DICK SINCE 08/24/85 FAD 07/09/90 FN-300
72B,WOMBAT,BV,SCROTUM,SD,01010,TAPE RPTD 07/85
223,DERF,DR,TESTICLE,TX,43524,TAPE RPTD 09/87
BDS-09/14/58,SSS-121-32-1234
01 ES-,DERFLINK INC,HOSEHEAD,CA
02 EF-,SELF EMPLOYED,SCROTUM,SD
03 E2-,ADMIN,BEVCO ELECTR.,NJ
So what the hell does this shit mean? Well, obviously, it begins with the person's name. 'SINCE' refers to the first time Equifax generated a file on thisperson, while FAD is the last time the file was updated. Next is listed the person's places of residence, both present and past. (RPTD is the last date that they were still listed as being at that address). The 'BDS-' line contains the
person's birthdate and social security number, and sometimes their age as
well. The following '01 ES' type lines concern the person's employers,
again both present and past, with addresses for them. Next, you'll see
the following:
*SUM-08/85-07/90,PR/OI-NO,FB-NO, ACCTS:3,HC$0-25000, 2-ONES, 1-FOUR.
*INQS-OCEAN NATL 444bb952 11/23/90
Okay, this is a little more complex. The SUM indicates the
period during which this person has had credit of any kind. I do not know
what PR/OI and FB indicateACCTS: is the number of entries on the list about
to follow, ie, the amount of credit extensions this person has ever had.
HC$ is the span on the values of these credit extensions. That is, he
has been extended as much as $25,000 at onetime. The 'ONES, FOURS, FIVES,
NINES, ZEROS' etc indicate the TYPE of credit accounts the person has. I
am still in the process of deciphering what each one means. INQS is self
explanatory. Listed are all the firms which have recently pulled this
person's file, and the date they did so. Next comes the good part:
*FIRM/ID CODE RPTD OPND H/C TRM BAL P/D CS MR ECOA ACCOUNT NUMBER
SEARS*906DC29 08/90 07/85 0 523 R4 0 J8764-5648374612846
CITIBK-MC*906BB40 08/90 11/88 5000 1234 R1 34 S 542412345678
GMAC *906FA34 07/90 10/87 25K 10Y 10K I1 17 A 192-123456789
END OF REPORT CBI AND AFFILIATES - 11/26/90
Okay, broken down, this shit means:
FIRM/ID CODE: The creditor and its CBI account code. RPTD: Last time that
entry was updated, either due to purchase or change in credit extension.
OPND: Date the account was first opened. H/C: Ammount of credit. In the
case of actual credit cards, this is the card limit. TRM: Length of
time the credit is extendedfor, in weeks. If followed by a 'M', it is in
months, and if followed by a 'Y' it is in years. BAL: Ammount still owed
on the card as of the last update. P/D, CS, MR, ECOA: beats the shit outta
me!!! ACCOUNT NUMBER: Self-explanatory. VISAS begin with a 4, MASTERCARDS
begin with a 5, DISCOVER with a 6, etc. If youare uncertain as to whether
an account is a card or not, run it thru your friendly credit checker
to check. Many entries will have helpful explanatory footnotes like:
CLOSED ACCOUNT, CARD STOLEN OR LOST, REDEEMED REPOSESSION
REAL ESTATE MORTGAGE, AUTO LOAN, ACCOUNT CLOSED BY CONSUMER
PART 7: Safe use/abuse of CBI
Okay, so you have an account and you know how to use it, right? So,
what next?Well, firstly, you'd better cover your ass. As I said earlier, be
sure to call CBI through some sort of number-diverting system. To preserve
the life of your account and protect your ass, you should also take the
following precautions. First, try to call CBI dialups only during normal
business hours LOCAL TO THE DIALUP (based on whatever time zone it's in).
That is, Monday-Friday from 9:00amto 6:00pm if at all possible. Try NOT to
call AT ALL after 12:00 midnight, as this is extremely suspicious.
Secondly, never pull files sequentially from your phone book (more on this
later). Skip around as far as last names go. Thirdly, don't be
greedy...don't pull 100 files per call...stick to 10-20, no more that 30.
Lastly, don't bother pulling the file of the President. We already tried
pulling ole' George's file, but all we got was his social security # and a
message stating that that file was 'not available'.
PART 8: Who do I pull?
It's essential that you never waste time on CBI, as accounts are
valuable and not to be trifled away. So, don't spend all your time pulling
your friends filesor your neighbor's. Go for the BIG BUCKS. Get out your
local phone book and run through it looking for names with 'attorney',
'MD', 'DDS' and such after them. Then pull THOSE files. Also, its not a
good idea to only pull files from your local area...so...run down to your
local library. All libraries have phone directories for major cities
nationwide. (Don't bother with the Manhattan guide,as none of those
addresses are residential ones, all offices and such). Again, try to pull
the files of affluent folks. When you take an address from a phone book,
always try to make sure it isn't an office address. Many directories will
list both office and 'res' ie residential numbers and addresses. You must
have the person's BILLING address to pull his/her file. There are various
other ways to get peoples names and addresses, so be creative and have fun.
PART 9: Getting an account
This is the REAL hard part. Most people simply trade away their
hard-earned info for a CBI account. Frankly, the fact that few people
know how to get new ones is the reason why there are so few in
circulation. SO, its time for all youhacks to start getting them YOURSELF.
How, you may ask? There are two ways. The most commonly used way is to
social-engineer them. Flip thru your local phone book and find a small
car dealership. Call them up. Pretend you are a CBI or Equifax employee.
Again, be creative. If you sound like a 14yr old, or if you can't lie to
save your ass, don't try this. You'll only phuck things up for the rest of
us. Design your own scams. Be convincing. Leave them a number to call you
back at...a loop, or a BBS #, or better yet, find a number thats always
busyOr, if you have one, set up a VMB to issue a greeting as the office of
the person who you are impersonating. In short, be devious. After all,
you're a hacker! Method two is a bit more tough. All CBI accounts that
I've ever run into so far take on a simple format, presented above. Now,
you'll notice that the beginning of an account (613bb2114) looks
remarkably like the IDNUMBER presentedin the files you pull (ie 906dc29).
The reason for this is that they are ONE IN THE SAME. Yes, thats right, CBI
is nice enough to give you an extensive listing of partial accounts for all
of its subscribers. All accounts take on this format:
[3 DIGITS][2 LETTERS][2-5 DIGITS][a dash][2 CHARACTERS, EITHER NUMBER OR LETTER]
Quaint, yes? Now, since the company codes provide parts one thru three, all
you need to figure out is the 2-character code after the dash. In all cases
I've seen so far, this has been a letter followed by a number, but I am
not certain that this is ALWAYS the case. So, in short: HACK AWAY.
***************************************************************************
PART 10: Company Codes
COMPANY CODE COMPANY CODE COMPANY CODE
A & S 426dc33 ALLSTATE 465ig14 AMERIFEDRL 444bb7072
AMEX 906on259 AMEX 906on267 AMEXOPTIMA 906bb5130
AMEXPRESS 458on2792 BANCAMER-V 906bb206 BENF BNCHG 444fp289
BEN SMITH 882an137 BERKLY MTG 444fs1399 BK OF MDSN 843bb342
BK OF NY 404bb539 BLOMNGDALE 404dc21 BNY DE LD 496on747
BNY DE STD 496bb82 BONWIT TEL 404cg94 BRADLEE'S 426dc1577
C & S 401bb4880 C & S COMM 872bb213 CARTSVBKFA 444fs1381
CHASE EDUC 728bb10420 CHASE(USA) 905bb587 CHASE VISA 496on598
CHASE VISA 426bb756 CHEM BK,DE 426bb3859 CHEM BK,NJ 444bb3469
CHEM BK,NJ 444bb3626 CHEM BK,NJ 444bb5605 CHRYS 1ST 444fp2137 CHRYSLER 906fa26 CITIBANK 906bb115 CITIBK-MC 906bb40 CITICORP 906fm6418 CITICORPSA 447fs844 CITI PRVS 906bb289
CNB USA 496on291 COMMERCE 901bb5101 COMMONWELT 906fm6335
CORESTATES 496on218 CORESTATES 458on3022 CRESENT 402re30375
CRSI-CHARM 426cg544 CS NATNL 872bb31 CS OTC 872bb205
CTL JER MC 444bb143 CTL JER SI 444bb6173 CTYFD MTG 444fm11838DE
TR 458on3014 DISCOVER 155on44 DISCOVR CD 905on1497 EFX-SML042 444zb361 EQUIBANK 496on648 FFB NEWJER 444bb5654 FIDELITY NA 496bb587 FIELD BROS 906cg2913 FJNB/SO MC 444bb5704
FLEET FUND 416fm2092 FNB TRVIL 444bb465 FNB TRV MC 444bb5282
FNB TRV OD 444bb5308 FNBTRV VS 444bb5290 GE CAPITAL 404ff262
GE CAPITAL 906ff278 GE CAPITAL 906ff260 GECAP-TOPS 404ff1039 GECAP-CALD 404ff825 GECC 906ff252 GIMBELS 426dc561 GLENDALE 181fs320 GMAC 444fa483 GMAC 906fa34
GOTTSHALKS 163dc2280 GRDN ST OC 444bb2719 HBNA VISA 163bb17526 HMDEPOT 404hz141 HUGHES CHV 444an1082 IAREQUITA 444zb00577
JC PENNEY 906dc185 JC PENNEY 444dc10639 JC PENNEY 906dc193 LITTMANS 444ja591 LORD & TAY 906dc151 MACYS 444dc49 MARINE MID 405bb280 MBNA AMER 801on119 MBNA AMER 801bb2942 MELLON BK 496bb74 MERIDNMTG 496fm271 MH/MC 426bb2380 MHT/MC 426bb541 MH/VISA 426bb1895 MH/VISA 426bb2406 MIDLTIC IL 444bb804 MIDLTIC OD 444bb3253 MNB/N IL 444bb9466
MOBIL OIL 906oc99 MONGRM-USA 404bb3483 NATL STATE 444bb1315 NATWST MTG 444fm12285 NCNB 805bb2492 NEIMAN-M 906dc656
NISSAN MTR 444fa848 NJNB 444bb6173 NJNB 444bb1869
NWB 444yc1311 NWB 444bb6363 NWB 444bb6496
NWB 444bb564 NWB 444bb3436 OCEAN NATL 444bb952
PNB IL 891bb186 PRIMERICA 496on44 RICE&HLMAN 444an2452
ROOTS 444cs315 SEARS 906dc29 SEARS 444dc510
SEARS 905dc3081 SEC PAC BK 180bb19097 SHOP CHARG 444cg377
SLMA-LSCP 496fz45 SNAPPER 404tz19 SNSONE TOY 444an4177 SPIEGELS 906dm10 STEINBACH 403dc1426 STERNS 496dc319 STRAWBRIDG 496dc20 STRD ROOF 444ki54 SUN RF MKT 606oc10587 SVGSBK SOC 414bb917 TOYOTA MTR 906fa67 TYOTA MOTR 444fa814
UCT RIKEL 444bb5035 UJB MC GLD 444bb9466 UJB-MID ST 444bb978
UJB/SO IL 444bb2248 UJB VISA 444bb1182 UNIVRSL BK 444on358 UNIVRSL BK 444on341 WCI-HUFKOO 404hf375 YEGEN ASSO 444an449
1 VALLY BK 496fs380 1ST CARD 404bb182 1ST CARD 155on85 1STDEPOSIT 163bb19418 1ST JER CR 444zb668 1ST OMNI 801on1182
1ST STATE 444bb2958 ?????????? 444bb1331 ?????????? 465zb134
PART 11: THE END
Well, thats all for now.
With this info, you neophytes should be quite capableof using those CBI
accounts you've been gleefully trading for so long. And, with luck, a
few more of you will start hacking out accounts. If any one has other
CBI dialups, or just other company codes for a possible 'UPDATE
PHILE'...'CBI=The Revenge', please send them to me. I can be contacted via
feedback at: CYBERNETIK LIMBO (908)269-7042
Or at: SOCIAL DISTORTION (908)303-0927, user #4. Also, you
can mail me on QSD chat at TymNet NUA 208057040540. My box is 'ghost [pm]'.
Feel free to contact me if you have any questions about the info presented
in this phile, or if you're interested in becoming a Panther Modern.
Finally, a few brief greets and thanks to: Neuromancer, Midnite Raider,
CyberSage, RatFink, Digital-Demon, and particularly to Sir Hairy Legg, who
got me on to CBI in the first place. Oh, one other thing. The information
presented in this phile is for informational purposes only, to shed a
glimmer of light on the inner workings of the arcane electronic world. In
no way does this file condone or encourage credit fraud, illegal system
access, or any other crimes. Equally, the author disclaims ALL
RESPONSIBILITY for any misuse of the information presented above, or any
crimes committed thereby. But that never stopped ya before, now did it?
Muahahahahah!
***************************************************************************
** This Phile Brought To You By **
** the Panther Modernz **
** the GHOST ** ** (C)Nov. 26, 1990 **
***************************************************************************