Copy Link
Add to Bookmark
Report
Phrack Inc. Volume 02 Issue 21 File 03
==Phrack Inc.==
Volume Two, Issue 21, File 3 of 11
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Shadows Of A Future Past <>
<> ~~~~~~~~~~~~~~~~~~~~~~~~ <>
<> Part One Of The Vicious Circle Trilogy <>
<> <>
<> A New Indepth Look At A Re-Occurring Problem <>
<> by Knight Lightning <>
<> <>
<> August 6, 1988 <>
<> <>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
The Problem?
~~~~~~~~~~~~
The fate of the entire modem community for the most part is based on the
foundation of computer bulletin boards. These realms of information exchange
have become centers of learning and trading various information for thousands
of hackers across the United States and even the world.
However, today's security consultants and law enforcement agencies are smarter
than ever too and they know where to strike in order to do the most damage.
The concept of creating a bulletin board for the purpose of catching hackers
was unheard of until The Phoenix Phortress Incident of 1986. The creation of
this bulletin board system enabled Sergeant Dan Pasquale of the Fremont Police
Department the ability to penetrate the sacred barrier between the phreak/hack
community and the rest of the world.
This file will attempt to show the extent of this problem within the community
and hopefully will lead readers to discover ways of protecting themselves from
the many "venus fly traps" they are likely to encounter. Articles presented in
this file are specially edited reprints from past issues of Phrack World News.
The Evidence - The unseen truths reside in the shadows of our past and future.
~~~~~~~~~~~~
The following is an excerpt from Phrack World News Issue III;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Phoenix Phortress Stings 7
~~~~~~~~~~~~~~~~~~~~~~~~~~
On March 5, 1986, the following seven phreaks were arrested in what has come to
be known as the first computer crime "sting" operation.
Captain Hacker \ Doctor Bob \ Lasertech \ The Adventurer
The Highwayman \ The Punisher \ The Warden
Many of them or other members of Phoenix Phortress belonged to these groups:
High Mountain Hackers \ Kaos Inc. \ Shadow Brotherhood \ The Nihilist Order
Of the seven, three were 15 years old; two were 16; one was 17; and one, 19.
Their charges include:
Several misdemeanors
Trafficking in stolen long distance service codes
Trafficking in stolen credit card numbers
Possession of stolen property
Possession of dangerous weapons (a martial arts weapon)
Charging mail-order merchandise to stolen credit card numbers
Selling stolen property
Charging calls internationally to telephone service numbers
Other phreak boards mentioned include:
Bank Vault (Mainly for credit card numbers and tips on credit card scams)
Phreakers Phortress (Mainly of course for phreak codes and other information)
After serving search warrants early Wednesday morning on the seven Fremont
residences where the young men lived with their parents, police confiscated at
least $12,000 worth of equipment such as computers, modems, monitors, floppy
disks, and manuals, which contained information ranging from how to make a
bomb, to the access codes for the Merrill Lynch and Dean Witter Financial
Services Firm's corporate computers.
The sysop of Phoenix Phortress was The Revenger, who was supposedly Wally
Richards, a 25 year-old Hayward man who "phreaked back east a little" in New
Jersey. He took the phone number under the name of Al Davis. However he was
really Sgt. Daniel Pasquale of the Fremont Police Department.
When he introduced his board to other computer users, he called it the "newest,
coolest, phreak board in town."
Pasquale said he got the idea for the sting operation after a 16-year old
arrested last summer for possession of stolen property "rolled them over
(narced) He told us all about their operation."
Pasquale used a police department Apple //e computer and equipment, with access
codes and information provided by eight corporations, including Wells Fargo
Bank, Sprint, and MCI.
Pasquale said he received more than 2,500 calls from about 130 regular users
around the country. The police started to make their first case three days
after the board went up.
"We had taken the unlisted phone number under the name Al Davis," Pasquale
said. "In six days, these kids had the name on the bulletin board. I would
have needed a search warrant to get that information."
The arrests were made after five months of investigation by Dan Pasquale.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Phoenix Phortress incident only led to the arrest of seven hackers.
However, at the same time it enabled the law enforcement agencies to gather
information about over one hundred other hackers, systems being discussed,
anything transmitted in electronic mail on the bulletin board, and most likely
gave them information about hundreds of other hackers, bulletin boards, and so
forth.
The following is an excerpt from Phrack World News Issue VII;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Maxfield Strikes Again August 20, 1986
~~~~~~~~~~~~~~~~~~~~~~
Many of you probably remember a system known as "THE BOARD" in the Detroit 313
NPA. The number was 313-592-4143 and the newuser password was
"HEL-N555,ELITE,3" (then return). It was kind of unique because it was run off
of an HP2000 computer.
On August 20, 1986 the following messages began to appear on THE BOARD;
- - - - - - - - - - - - - - - - - - - -
Welcome to MIKE WENDLAND'S I-TEAM sting board!
(Computer Services Provided By BOARDSCAN)
66 Megabytes Strong
300/1200 baud - 24 hours.
Three (3) lines = no busy signals!
Rotary hunting on 313-534-0400.
Board: General Information & BBS's
Message: 41
Title: YOU'VE BEEN HAD!!!
To: ALL
From: HIGH TECH
Posted: 8/20/86 @ 12.08 hours
Greetings:
You are now on THE BOARD, a "sting" BBS operated by MIKE WENDLAND of the
WDIV-TV I-Team. The purpose? To demonstrate and document the extent of
criminal and potentially illegal hacking and telephone fraud activity by the
so-called "hacking community."
Thanks for your cooperation. In the past month and a half, we've received all
sorts of information from you implicating many of you to credit card fraud,
telephone billing fraud, vandalism, and possible break-ins to government or
public safety computers. And the beauty of this is we have your posts, your
E-Mail and--- most importantly ---your REAL names and addresses.
What are we going to do with it? Stay tuned to News 4. I plan a special
series of reports about our experiences with THE BOARD, which saw users check
in from coast-to-coast and Canada, users ranging in age from 12 to 48. For our
regular users, I have been known as High Tech, among other ID's. John Maxfield
of Boardscan served as our consultant and provided the HP2000 that this "sting"
ran on. Through call forwarding and other conveniences made possible by
telephone technology, the BBS operated remotely here in the Detroit area.
When will our reports be ready? In a few weeks. We now will be contacting
many of you directly, talking with law enforcement and security agents from
credit card companies and the telephone services.
It should be a hell of a series. Thanks for your help. And don't bother
trying any harassment. Remember, we've got YOUR real names.
Mike Wendland
The I-team
WDIV, Detroit, MI.
Board: General Information & BBS's
Message: 42
Title: BOARDSCAN
To: ALL
From: THE REAPER
This is John Maxfield of Boardscan. Welcome! Please address all letter bombs
to Mike Wendland at WDIV-TV Detroit. This board was his idea.
The Reaper (a.k.a. Cable Pair)
-------------------------------------------------------------------------------
John Maxfield was in general extremely proud of his efforts with THE BOARD and
he said that a lot of the people he voice verified should have known it was
him. According to John Maxfield, the only reason this sting board was put up
was to show "What is currently happening in the phreak/hack community." He
said no legal action will be taken at all, and besides, its fattened his
"dossiers" on a lot of people!
[The news stories for WDIV-TV 4 appeared in Phrack World News Issue IX.]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Now, this is a classic example of people not learning from other people's
mistakes. At some point in time prior to this incident, the number for THE
BOARD was posted, it was given a lot of hype and eventually it drew in hackers
to THE BOARD like flies to a spider web from which the unsuspecting users never
broke free.
That is the point I am trying to make -- today's phreak/hacker must learn to be
more security conscious. What makes anyone think that they can trust someone
just because they are running a bulletin board? This blind faith is what will
be the downfall of many a hacker until they wise up and start paying attention
to what they are doing. Safety first; the stakes in this game are a lot higher
than no television after school for a week because once a hacker's phone number
falls into the wrong hands, the law enforcement community or organizations like
the Communications Fraud Control Association (CFCA) can find out everything
about you. I know because I have seen their files and their hacker data base
is so incredibly large and accurate...its unbelievable.
The following is an excerpt from Phrack World News Issue XIV;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Metalland South: Phreak BBS or MetaliFEDS Inc.? June 2, 1987
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Metalland South BBS, at 404-327-2327, was once a fairly well known bulletin
board, where many respected members of the hack/phreak community resided. It
was originally operated by two guys from Metal Communications, Inc., but it
wasn't an MCI club board. The sysop was Iron Man and the co-sysop was Black
Lord. Recently, it has come to the writer's attention, that MLS has come under
new management, new policies, and possibly a new idea; Sting.
Somewhere around September-October 1986, Iron Man removed all of the hack/
phreak related subboards as well as all G-philes from the system. He was
apparently worried about getting busted. The last time this reporter spoke
with him, Iron Man said he intended to put the hack/phreak subs back up. Then,
not long after this conversation, the number was changed (The original number
was 404-576-5166).
A person using the alias of The Caretaker was made co-sysop and Iron Man would
not reply to feedback. Everything was handled by The Caretaker [TC from now
on]. TC did not allow any hack/phreak subs, but said he would put them up if
the users would follow STRICT validation procedures.
Strict validation on MLS includes:
^*^ Your Real Name
^*^ Your Address
^*^ Your Voice Phone Number
^*^ A Self-Addressed Envelope (in which he will send back with your account
number and password.)
It is obvious to see the ramifications here. A board or sysop gets busted and
then makes a deal to turn over the board to some company or agency. To make
sure that they get who they want, you have to give them all this info, and the
only you can get a password is to let them mail it to you, thus guaranteeing
that if something illegal is posted under that account, you are responsible, no
ifs, ands, or buts.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
There was more information that went on to prove that Metalland South was
indeed some kind of a trap or sting board and the whole aura of mystery
surrounding this system made it not worth calling.
Do not EVER give a sysop your address so he can send you your password. There
is no need for such information as it can only hurt you severely and would not
benefit the sysop in any way that would leave you unharmed.
One other item concerning bulletin boards comes from PWN Issue V where mention
of yet another hacker sting board named The Tunnel was discovered in Texas.
And lets not forget about TMC's P-80, sysoped by Scan Man, that was responsible
for the apprehension of Shawn of Phreakers Quest (also known as Capt. Caveman).
However, do not fool yourself into believing that bulletin boards are the only
places you are likely to run into trouble. Regular systems that you like to
work with may be just as dangerous if you are not careful. Druidic Death and
Celtic Phrost found this out the hard way on the Unix system at MIT as they
nearly succumbed to the power of progressive entrapment which would have doomed
them both.
The following is an excerpt from Phrack World News Issue XI;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
MIT Unix: Victim or Aggressor? January 23 - February 2, 1987
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Was the MIT system an innocent victim of hacker oppression or simply another
trap to capture unsuspecting hackers in the act?
It all started like this...
[Some posts have been slightly edited to be relevant to the topic]
------------------------------------------------------------------------------
MIT
Name: Druidic Death
Date: 12:49 am Mon Jan 20, 1986
Lately I've been messing around on MIT's VAX in there Physics Department.
Recently some one else got on there and did some damage to files. However MIT
told me that they'll still trust us to call them. The number is:
617-253-XXXX
We have to agree to the following or we will be kicked off, they will create a
"hacker" account for us.
<1> Use only GUEST, RODNEY, and GAMES. No other accounts until the hacker one
is made. There are no passwords on these accounts.
<2> Make sure we log off properly. Control-D. This is a UNIX system.
<3> Not to call between 9 AM and 5 PM Eastern Standard Time. This is to avoid
tying up the system.
<4> Leave mail to GEORGE only with UNIX questions (or C). And leave our
handles so he'll know who we are.
------------------------------------------------------------------------------
Unix
Name: Celtic Phrost
Date: 4:16 pm Mon Jan 20, 1986
Thanks Death for the MIT computer, I've been working on getting into them for
weeks. Here's another you can play around with:
617/258-XXXX login:GUEST
Or use a WHO command at the logon to see other accounts, it has been a long
time since I played with that system, so I am unsure if the GUEST account still
works, but if you use the WHO command you should see the GUEST account needed
for applying for your own account.
-Phrost
------------------------------------------------------------------------------
Unix
Name: Celtic Phrost
Date: 5:35 pm Mon Jan 20, 1986
Ok, sorry, but I just remembered the application account, its: OPEN
Gawd, I am glad I got that off my chest!
-(A relieved)Celtic Phrost.
Also on that MIT computer Death listed, some other default accounts are:
LONG MIKE GREG NEIL DAN
Get the rest yourself, and please people, LEAVE THEM UNPASSWORDED!
------------------------------------------------------------------------------
MIT
Name: Druidic Death 12
Date: 1:16 am Fri Jan 23, 1987
MIT is pretty cool. If you haven't called yet, try it out. Just PLEASE make
sure you follow the little rules they asked us about! If someone doesn't do
something right the sysop leaves the gripe mail to me. Check out my directory
under the guest account just type "cd Dru". Read the first file.
------------------------------------------------------------------------------
MIT
Name: Ctrl C
Date: 12:56 pm Sat Jan 24, 1987
MIT Un-Passworded Unix Accounts: 617-253-XXXX
ALEX BILL GAMES DAVE GUEST DAN GREG MIKE LONG NEIL TOM TED
BRIAN RODNEY VRET GENTILE ROCKY SPIKE KEVIN KRIS TIM
And PLEASE don't change the Passwords....
-=>Ctrl C<=-
------------------------------------------------------------------------------
MIT Again
Name: Druidic Death
Date: 1:00 pm Wed Jan 28, 1987
Ok people, MIT is pissed, someone hasn't been keeping the bargain and they
aren't too thrilled about it. There were only three things they asked us to
do, and they were reasonable too. All they wanted was for us to not compromise
the security much more than we had already, logoff properly, not leave any
processes going, and call only during non-business hours, and we would be able
to use the GUEST accounts as much as we like.
Someone got real nice and added themselves to the "daemon" group which is
superusers only, the name was "celtic". Gee, I wonder who that could have
been? I'm not pissed at anyone, but I'd like to keep on using MIT's computers,
and they'd love for us to be on, but they're getting paranoid. Whoever is
calling besides me, be cool ok? They even gave me a voice phone to chat with
their sysops with. How often do you see this happen?
A little perturbed but not pissed...
DRU'
------------------------------------------------------------------------------
Tsk, Celtic.
Name: Evil Jay
Date: 9:39 am Thu Jan 29, 1987
Well, personally I don't know why anyone would want to be a superuser on the
system in question. Once you've been on once, there is really nothing that
interesting to look at...but anyway.
-EJ
------------------------------------------------------------------------------
In trouble again...
Name: Celtic Phrost
Date: 2:35 pm Fri Jan 30, 1987
...I was framed!! I did not add myself to any "daemon" group on any MIT UNIX.
I did call once, and I must admit I did hang up without logging off, but this
was due to a faulty program that would NOT allow me to break out of it, no
matter what I tried. I am sure that I didn't cause any damage by that.
-Phrost
------------------------------------------------------------------------------
Major Problems
Name: Druidic Death
Date: 12:20 pm Sat Jan 31, 1987
OK, major stuff going down. Some unidentified individual logged into the
Physics Dept's PDP11/34 at 617-253-XXXX and was drastically violating the
"agreement" we had reached. I was the one that made the "deal" with them. And
they even gave me a voice line to talk to them with.
Well, one day I called the other Physics computer, the office AT and discovered
that someone created an account in the superuser DAEMON group called "celtic".
Well, I was contacted by Brian through a chat and he told me to call him. Then
he proceeded to nicely inform me that "due to unauthorized abuse of the system,
the deal is off".
He was cool about it and said he wished he didn't have to do that. Then I
called George, the guy that made the deal and he said that someone who said he
was "Celtic Phrost" went on to the system and deleted nearly a year's worth of
artificial intelligence data from the nuclear fission research base.
Needless to say I was shocked. I said that he can't believe that it was one of
us, that as far as I knew everyone was keeping the deal. Then he (quite pissed
off) said that he wanted all of our names so he can report us to the FBI. He
called us fags, and all sorts of stuff, he was VERY!! [underline twice] PISSED!
I don't blame him. Actually I'm not blaming Celtic Phrost, it very easily
could have been a frame up.
But another thing is George thinks that Celtic Phrost and Druidic Death are one
and the same, in other words, he thinks that *I* stabbed him in the back.
Basically he just doesn't understand the way the hacker community operates.
Well, the deal is off, they plan to prosecute whoever they can catch. Since
George is my best friend's brother I have not only lost a friend, but I'm
likely to see some legal problems soon. Also, I can forget about doing my
graduate work at MIT. Whoever did this damage to them, I hope you're happy.
You really messed things up real nice for a lot of people.
Celtic, I don't have any reason to believe you messed with them. I also have
no reason to think you didn't. I'm not making an accusation against you, but
WHOEVER did this, deserves to be shot as far as I'm concerned. Until this data
was lost, they were on the verge of harnessing a laser-lithium produced form of
nuclear fission that would have been more efficient than using the standard
hydrogen. Well, back to the drawing board now.
I realize that it's hard to believe that they would have data like this on this
system. But they were quite stupid in many other areas too. Leaving the
superuser account with no password?? Think about it.
It's also possible that they were exaggerating. But regardless, damage seems
to have been done.
------------------------------------------------------------------------------
MIT
Name: Phreakenstein
Date: 1:31 am Sun Feb 01, 1987
Heck! I dunno, but whoever it was, I think, should let himself (the s00per
K-rad elyte d00d he is) be known.
I wasn't on MIT, but it was pretty dumb of MIT to even let Hackers on. I
wouldn't really worry though, they did let you on, and all you have to prove is
that you had no reason to do it.
----Phreak
------------------------------------------------------------------------------
I wonder...
Name: Ax Murderer 15
Date: 6:43 pm Sun Feb 01, 1987
I highly doubt that is was someone on this system. Since this is an elite
board, I think all the users are pretty decent and know right and wrong things
to do. Could be that one of the users on this system called another system and
gave it out!??
Ax Murderer
------------------------------------------------------------------------------
It was stupid
Name: Druidic Death 12
Date: 9:21 pm Sun Feb 01, 1987
It seems to me, or, what I gathered, they felt that there were going to be
hackers on the system to begin with and that this way they could keep
themselves basically safe.
I doubt that it was Celtic Phrost, I don't think he'd be an asshole like that.
But I can't say. When I posted, I was pretty pissed about the whole deal. I've
calmed down now. Psychic Warlord said something to me voice the other day that
made me stop and think. What if this was a set up right from the start? I
mean, MIT won't give me specifics on just what supposedly happened, Celtic
Phrost denies everything, and the biggest part of it is what George said to me.
"We can forgive you for what you did to us if you'll promise to go straight and
never do this again and just tell us who all of your friends are that are on
the system".
I didn't pay much attention to that remark at first, now I'm beginning to
wonder...
I, of course, didn't narc on anyone. (Who do I know??? hehe)
DRU'
------------------------------------------------------------------------------
Comments...
Name: Delta-Master
Date: 7:15 am Mon Feb 02, 1987
It wouldn't surprise me if it was some kind of setup, it's been done before.
Delta-Master
[All posts in this article were taken from ShadowSpawn.]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Solution
~~~~~~~~~~~~
What more is there to say? It definitely looks like there was a setup involved
and it probably was not the first time and probably will not be the last time
either. So how can you protect yourself?
As far as the bulletin boards go. There is an unwritten rule somewhere that
basically says that to be a good sysop, you first have to be a good user. If
the sysop of some mystery board is not someone you have seen around for a long
time, then I would not call. However, even if it is someone who has been
around, references from someone you feel you can trust is a necessity. It all
boils down to the reliability of the information and the persons involved.
When dealing with systems like the MIT Unix, remember, if its too good to be
true then most likely there will be something that you are not being told.
Who in their right mind is going to give free accounts to an important system
with delicate information to a group of hackers? Its crazy.
This file will hopefully serve as an informative fresh look at an old game. To
me, even if the time I spent putting this article together helps out or saves
only one phreak/hacker, I feel my job has been done successfully.
:Knight Lightning
"The Future Is Forever"
The Phoenix Project
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=