Copy Link
Add to Bookmark
Report
Phrack Inc. Volume 01 Issue 06 File 11
==Phrack Inc.==
Volume One, Issue Six, Phile 11 of 13
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*-=+^ Phrack World News ^+=-*
Issue Five/Part 3
Compiled and Written By
Knight Lightning
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Cracking Down On Abuse
----------------------
This article is from the January issue of MCI World, a monthly newsletter
published by MCI for it's employees.
-------------------------------------------------------------------------------
The nationwide attack on telephone fraud got a boost recently when the U.S.
Secret Service joined the effort to curb the crime that costs the industry
millions in lost revenue annually.
The Secret Service used new jurisdiction over the telephone fraud for the first
time to arrest five individuals in raids on four illegal "Call-Sell" operations
in New York City last November.
The five suspects are awaiting trial in federal court on charges based on a
Secret Service investigation conducted in cooperation with MCI and other
members of the long distance telephone industry.
The defendants were charged with violation of a law on Fraud In Connection With
Access Devices which carries maximum penalties of 15 years imprisonment and a
fine of $50,000, or twice the value of the fraudulent activity.
Several other investigations are under way and future arrests are expected,
according to a Secret Service spokesman.
MCI cooperated in the investigation as a company and through membership in the
Communications Fraud Control Association (CFCA), made up of some 35 telephone
industry firms.
"Because it's an industry-wide problem, we have organized to crack down on all
kinds of fraud, from the isolated 'hacker' to more organized schemes to use
long distance lines illegally," said Everick Bowens, senior manager of MCI
security investigations and president of CFCA.
The Secret Service said that in the New York cases, the defendants operated
Call-Sell businesses out of their homes and charged "customers" a flat fee for
making long distance calls. They used "Blue Boxes" and stolen or compromised
authorization codes or credit card numbers to use the long-distance networks
of several companies.
Blue Boxes are electronic tone-generating devices used to bypass billing
systems and gain access to company networks. They can be assembled from
generally available electronic parts or they can be purchased ready-made
through illegal sources.
In the New York raids, agents seized unauthorized cods and credit card numbers,
four Blue Boxes and more than 20 telephones.
It is estimated that in 1984, fraud in the telecommunications industry totaled
$500 million nationwide, and approximately $70 million in the New York City
area.
CFCA members are primarily inter-exchange carriers, such as MCI, but resale
carriers and some Bell Operating Companies (BOCs) are also members, along with
representatives of computer services and credit card companies.
Bowens says CFCA is intensifying efforts to stop the spread of fraud. Among
other things, CFCA is developing educational packages for carriers and the
public to promote widespread understanding of telephone fraud and ways to
counter the crime.
"Our aim is jointly to prevent, detect, investigate and prosecute any
fraudulent use of our long-distance networks," Bowens said.
Authorization codes are obtained by theft from individuals and by "hackers" who
randomly try combinations of numbers by telephone or through computer scanning
of number combinations until a working code is "hit." Illegally obtained codes
are fraudulently used by "boiler room" telemarketing operations, for example,
or are passed along for use by individuals.
MCI had developed software to detect illegal entry into its network and it is
expected that the spread of dial 1 service, in which authorization codes are
not used, will help reduce the incidence of telephone fraud.
-------------------------------------------------------------------------------
Comments from the Bootleg:
You reckon they mean us???????????????
What's wrong with them, can't they take a joke???????????
_______________________________________________________________________________
The Many Faces Of Fraud
-----------------------
The following is an article from the January issue of MCI World, a monthly
newsletter published by MCI for it's employees.
-------------------------------------------------------------------------------
This new year will see a stepped up MCI attack on telephone fraud--illegal use
of the long distance network through access by stolen authorization codes or
electronic devices. The offensive is led by Everick Bowens, senior manager of
MCI's security investigations department and president of the industry-wide
Communications Fraud Control Association (CFCA). Success in curbing this theft
of service has earned MCI security investigators a reputation as super sleuths
at headquarters and in the divisions.
New teeth were added to the attack on telephone fraud when the U.S. Secret
Service was assigned to augment continuing investigative efforts by the FBI and
other law enforcement agencies.
Because telephone fraud is outright theft from the company, MCI is determined
to prevent, detect, investigate and prosecute any illicit use of its network.
To learn more about how MCI conducts its anti-fraud campaign, MCI World talked
with Bowens.
MCI World: Is it true that MCI has systems that can detect fraudulent activity
while it is occurring?
Bowens: Yes, our fraud systems detect abnormal usage and hacking. The systems
also help us to track down offenders even when we have only the
authorization code he or she is abusing. Because we can profile
abusers and trace phone calls, it is easier for us to prepare cases
for prosecution.
MCI World: Abuses involving computer "hacking" to get authorization codes seem
to attract public attention. But there are other types of fraud
equally damaging to the telecommunications industry. Would you
identify some of these?
Bowens: The primary form of abuse is by "hackers," who use computer programs to
derive customers' authorization codes. These codes can be widely
disseminated via electronic bulletin boards. Because many of these
boards are public, the codes fall into the hands of anyone with access
to the boards. We also encounter electronic toll fraud, which involves
tone-generating devices that allow offenders to place fraudulent calls.
MCI World: Is one type of fraudulent activity more prevalent than another?
Bowens: Nationwide, fraud most frequently originates from military posts,
college campuses, and prisons--places where there are numbers of people
far from home, or who have little else to do but manipulate the
telephone. This type of abuse prompts the bulk of our investigations.
MCI World: Who is most likely to commit fraud? Is there a general profile of
the common offender?
Bowens: Computer crime typically occurs in affluent, metropolitan suburbs
and involves juveniles. Electronic fraud also occurs in major
metropolitan areas. Other abusers, such as high-pressure
tele-marketeers, usually follow the coast lines. California and
Florida, for "boiler room" operations in which phone service is used
illegally to sell merchandise. However, fraud can't be totally
attributed to any specific group at any particular time.
MCI World: How can you keep up with code abuse and fraud? Don't offenders
change frequently?
Bowens: Interestingly enough, the patterns don't change much. Those who commit
fraud form a finite community that doesn't expand a great a great deal
over time. Casual offenders, individuals who may take advantage of a
"hot" toll free number, will use the number only when it's hot. Once
the number no longer works, they're not likely to repeat the offense.
On the other hand, repeat offenders are dedicated to getting something
for nothing. They're somewhat easier to identify because they commit
the same offense over and over.
MCI World: How does MCI know when it is the target of fraudulent activity?
Bowens: Our systems generally alert us, or an employee or a customer informs
us. People know the MCI name. When they recognize something happening
illegally with an authorization code, they'll get in touch with us.
People generally feel that a cheat is a cheat, a crook is a crook, and
if they have to pay full value for a phone call they see no reason why
someone else shouldn't. There also are professional tipsters who go
from one company to another offering information for a price. However,
we rarely deal with them.
MCI World: Which MCI people, by the nature of their jobs, are most likely to
detect or at least suspect, fraudulent activity?
Bowens: Our switch technicians have been very instrumental in detecting abuse.
They're in a position to identify extensive busy signals on circuits,
abnormal calling patterns, and code use. They've identified many
hackers just by reviewing their daily call statistics. Employees in our
billing department are also good at spotting unusually large bills and
abnormal patterns. Though most fraud is detected by the systems we
have in place, the human eye continues to be extremely helpful.
MCI World: In addition to working with internal people to help detect
fraudulent activity, you also rely on the expertise of external
agencies. Which outside agencies assist you with investigations.
Bowens: When fraudulent activity involves the theft or illicit use of
authorization codes or credit calling cards, MCI and the Secret Service
work together to investigate the case. If other activity is involved,
such as the use of our service in furtherance of other crime, MCI works
with the FBI. When the U.S. Postal Service is manipulated in a fraud
case, MCI and postal inspectors investigate together. Additionally,
Bell Operating Companies (BOCs) often provide hard evidence in cases
that MCI prosecutes.
MCI World: When you are alerted to suspected fraudulent activity, what steps do
you take to open and pursue the case?
Bowens: Security investigators contact the customer whose code is being abused,
advise them of MCI's suspicions, and attempt to confirm them. If the
response confirms their suspicion of fraud, they open the case.
Normally, an investigation entails much research into toll records to
identify abusers, unusual call patterns and the parties who might be
involved in illicit activity. We also interview parties receiving the
calls and document their statements. Once we collect sufficient
evidence, we decide whether a case should be pursued as a criminal or
civil action.
MCI World: How long does it normally take MCI's investigators to "crack" a
case?
Bowens: Typically, investigators can crack a case within hours. Identifying
fraud suspects is the easy part. Amassing the evidence--dotting all
of the legal i's and crossing the t's--is tougher. Gathering evidence
may take weeks and large cases involving many parties can take months
to solve.
MCI World: With fraudulent activity knowing no geographical restrictions, how
do you segment the problem divisionally?
Bowens: The security investigations department acts primarily in an advisory
capacity, helping investigators in the divisions with procedural
matters. The divisions generally take responsibility for investigating
fraudulent activity within their jurisdictions and corporate
investigators pursue cases that are large in scope or require specific
expertise. Corporate also takes on cases involving offenders operating
in more than one division.
MCI World: Can you elaborate on MCI's goals for reducing the level of
fraudulent activity?
Bowens: We want to reduce fraud to the lowest possible level. One of MCI's
goals is to cut fraud by more than half in 1986. We want to be the
industry leader in curbing this illegal activity.
_______________________________________________________________________________
Broadway Hacker Turned Fed Informant? June 2, 1986
-------------------------------------
Broadway Hacker recently called Phreakers Quest and left feedback to the
sysop of that system (Shawn) saying, "I do believe that some of this
information here is illegal." Shawn called Dark Creeper and reported this to
him who then later told it to me.
Sometime later, Broadway Hacker called Knight Bandit to voice validate him for
The Radio Station. He claimed he was some sort of fed and that KB would be
hearing from someone in Bell Security.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Radio Station is down because Broadway Hacker has sold his computer, his
disks, and everything else and is moving to his new job at an unknown
destination. When I spoke with him, he went on that he sold his user log, but
would not comment on that any further. He wanted me to print that he was a fed
and that all of his former users would soon be receiving visits from the FBI.
This is exactly what he told Phantom Phreaker and several others which started
a mass riot in the phreak world. One result was the takedown of Alliance for
fear of its safety. It since has been put back up.
Broadway justified his actions by saying that by telling rodents he was a fed,
it would keep them off his board. Later he said that since he is leaving the
phreak world and no one knows where he is going, "To hell with the phreak
world, let it fall apart and die for all I care." So this fed scare is an
attempt to do just that. Was it a joke? Did he mean that really? I don't
know. Maybe he did mean it then but now has changed his mind...
No one should be worried about this, everything is ok, and Broadway is not
working with the FBI. He now claims that he needed his line free for business
calls and all of the above were attempts to get people not to be calling him as
he didn't have the time or patience. Use your own judgement.
Broadway Hacker still has his Vic 20 and an old modem and is attempting to get
back on boards. He has also stated that the Radio Station BBS will be put back
up at the end of the summer. Where it will be run from is unknown although,
Broadway speculated that when it returns it would be run off of an Amiga.
Information Provided by
Broadway Hacker/Dark Creeper/Knight Bandit/Phantom Phreaker
_______________________________________________________________________________