Copy Link
Add to Bookmark
Report
Tolmes News Service 03
#######################################
# #
# #
# ======== =\ = ====== #
# == = \ = = #
# == = \ = ====== #
# == = \ = = #
# == = \= ====== #
# #
# #
# <Tolmes News Service> #
# ''''''''''''''''''''' #
# #
# #
# > Written by Dr. Hugo P. Tolmes < #
# #
# #
#######################################
Issue Number: 03
Release Date: November 19, 1987
TITLE: "Making Computers Snoop-Proof"
FROM: Fortune
DATE: March 17, 1987
If a strange delivery truck appears to have been stuck across the
street from your office for hours and the "workmen" seem to be spending a lot
of time in the back fiddling with with fancy electronic equipment, it might be
time to get nervous. That personal computer on the secretary's desk and
the mainframeadown the hall leak information by the diskful. Each time a
keyboard is tapped or a letter appears on a screen or a printer, computers
emit radio frequency transmissions that can be picked up as much as half a mile
away.
While companies that are not in the defense business need not worry yet-
there's evidence that garden-variety industrial espionage types engage in this
kind of snooping- the Pentagon has become so concerned that it is spending
$200 million a year to eliminate or muffle signals from machines used by the
military, security agencies, and defense contractors. The name given to the
government program: Tempest, as in the type that it can be contained in a
teapot.
Manufacturers use two methods to bring computers or peripheral equipment
up to Tempest standards. The first, called suppression, consists of building
a machine with special chips, wiring, and other components that do not give off
as many emissions as standard components. For example, a Tempest machine
might be built using optical fiber, which sends out no radio waves, rather
than copper wire, which does. The second method, called containment,
entails enclosing the machine in a leakproof case, perhaps made of special
plastic that traps radio frequencies. A Tempest computer can cost twice as much
as the civilian equivalent, although prices have begun to drop now that the
military is ordering thousands at a time. Manufacturers say the high prices
are justified by the cost of special materials, separate assembly lines, and
elaborate testing.
Industry predictions that sales of snoop-proof computers might reach $1
billion a year by 1990 have lured more than 50 manufacturers into making
products that meet Tempest standards. "The market has exploded," says James
D'Arezzo, a vice president of Compaq Computer, which sells Tempest versions
of its portables. "The market is estimated to grow from 30% to 35% a year
and it's not letting up. It is lucrative."
For newcomers to the business, getting started isn't easy, especially
since the technical standards are classified. "You have to be qualified
by the government to learn the specifications," Corp. "But it's hard to get qua
lified if you don't
understand the specs." Zenith solved the problem last year by buying Inteq,
a small company that was already turning Zenith's personal computers
into Tempest machines. Zenith now has orders from the Pentagon for 12,000
personal computers built to Tempest standards.
Many Tempest orders are secret, but industry watchers say Wang
Laboratories is the biggest supplier. It sold an estimated $75 million of
button-lipped computers, word processors, and other devices to the
armed forces and military contractors in 1984. One reason for Wang's success
is the variety of its offereings: more than 50 products meet Tempest standards
, according to International Data Corp., a Massachussetts market research
firm. IDC notes that by making the Tempest products operate just like its
regular equipment, Wang has won Pentagon orders for standard machines
as well.
Another company prospering from Tempest wizardry is Iverson Technology
Corp. For ten years Iverson has manufactured secure devices to
electronically read special type; it built on that expertise to come up with
a Tempest version of the IBM personal computer. Sales of the McLean, Virginia
company tripled in 1985 to $17 million. Its return on shareholders' equity was
also impressive: 25%. The company- the biggest pure play in the Tempest field
-went public las year at $8 a share last July; its stock recently traded
over the counter at around $14.
The biggest payoff to Tempest manufacturers will come when, and if,
corporations get worried about what computers are leaking and start buying
secure machines. This probably won't happen soon. Executives at the
companies that make secure computers report some civilian interest in the
product but virtually no sales. "I've studied computer security for 16 years
and never heard of anybody doing that kind of industrial espionage," says
Donn Parker, a consultant at the SRI International consulting firm in Menlo
Park, California. "The best way to get information is the old-fashioned way.
Go to the local bar and buy the employees a few drinks." - Brian O'Reilly
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
NOTA:
The fear of this type of espionage has been expressed in many articles. The
military has feared that something like this could jeopardize national security
or something like that. The specifics for the standards on the protections
are noted as being secret. This could mean that the radio emissions only have
to be down to a certain level (and you might still be able to receive them.)
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
TITLE: War Against Phone Hacking Heats Up
FROM: ANTIC Magazine
DATE: September 1987
BY GREGG PEARLMAN, ANTIC ASSISTANT
EDITOR
Computer break-ins are no longer viewed as harmless pranks. For example,
unauthorized computer access is a misdemeanor under 502PC of the
California Penal Code if you just trespass and browse around -- and if
it's your first offense.
Butmaliciously accesses, alters, deletes, damages,
destroys or disrupts the operation of any computer system, computer network,
computer program or data is guilty of public offense" -- a felony under
Section C of that code. Even changing a password to "Gotcha" is a felony if
it can be proven that it was a "malicious access."
In California, the maximum punishment is state imprisonment, a $10,000 fine
and having your equipment confiscated. The penalty depends on who you are,
your prior record and the seriousness of the crime.
And you don't have to, for instance, breach national security to be guilty
of a felony. Accessing even a simple system for a small company could damage
vital data for more than a year's worth of business, especially if that company
didn't properly back up its data. There are all kinds of computer crime.
Stealing an automated teller machine card and withdrawing money from an
account is a computer crime because you're using a computer to get money
out of a system. But simply trespassing in a system and not doing
any damage is normally a misdemeanor, according to Sgt. John McMullen of the
Stanford University Police Services. This kind of crime has become very
common. "Every kid with a computer is tempted," he said.
Unfortunately, it can take months to complete an investigation. For
instance, the so-called "LEGION OF DOOM" case, beginning in September,
1986, took 10 months to solve and involved people in Maryland, New York,
Pennsylvania, Oregon and California. If someone breaks into the computers
of, for example, California's Pacific
Bell, and the break-in is severe,
Pacific Bell Security gets warrants issued, and then, with the police,
confiscates computers, manuals,
telephone lists and directories -- all related equipment. It's common for the
computer to be tied up for a few months as evidence. (And by the time Pacific
Bell Security does get involved, the evidence is usually overwhelming -- the
conviction rate is extremely high.) "Whenever I'm involved in a case," said
McMullen, "I ask the judge for permission to confiscate the equipment.
That's one big incentive for hackers not to do this kind of stuff. I haven't
had any repeaters, but I know of one case where the guy probably WILL do it
again when he gets out. "Usually the shock of what happens to a
juvenile's parents -- who bought the equipment and watched it get
confiscated -- is enough to make them stop. But we don't really have enough
cases to know what the parents do." ACCESS
"It's easy for hackers to find company phone numbers," said Daniel Suthers,
Atari user and operations manager at Pacific Bell in Concord, California.
"Most large companies have a block of 500 to 1,000 phone numbers set aside
for their own use. At least one line will have a modem.
"People post messages on hacker/phreaker bases on some BBS's and
say 'I don't know who this phone number belongs to, but it's a business,
judging by the prefix, and has a 1200-baud tone.' Then it's open season
for the hackers ers aren't much different than
hackers -- they're just specifically telephone-oriented. In "CompuTalk:
Texas-Sized BBS" (Antic, August 1987), sysop Kris Meier discussed phreakers
who appear to have called from phone numbers other than the ones they were
actually using. A computer isn't needed to do this -- it's usually done
with a "blue box." "The blue boxes were used mostly in the
late 1960s and early '70s," said McMullen. "They fool the network and
let people make free long distance calls
-- a tone generator simulates the signalling codes used by long distance
operators. The boxes were phased out a couple of years ago, though: they no
longer let hackers access AT&T, but Sprint and MCI can be accessed by
something similar. However, computer programs are normally used now."
To get long-distance phone service, hackers now use one of several programs
passed among other hackers (on bulletin boards, for example). They find the
local access number for Sprint or MCI and then run the program -- perhaps for
a few days. It generates and dials new phone numbers, and the hackers can
check to see how many new or free codes they've turned up.
They can post the codes on a BBS, and their friends will use them until they g
et stopped by the long-distance
company -- depending on how long it takes the company to realize that these
numbers hadn't been issued yet -- or until the customers discover that their
numbers have been accessed by someone who isn't "authorized."
Bulletin boards can be especially easy prey. "If a hacker knew your BBS
program intimately, he could probably figure it out, but that's messy," said
Suthers. "If he can find a back door, it's easier. Sysops are notorious for
putting in their own back doors because, though they have all the
security under the sun on the FRONT doors, they still want to get in
without problems. It's just like what happened in the films Tron and Wargames
-- which probably taught a whole generation a lot of things."
Meier had said in the August, 1987 issue of Antic that someone once called
his board COLLECT. Simply put, the caller fooled the operator. McMullen
says that's been around for a long time. "It's common in prisons and
situations where the phones are restricted."
McMullen also said that if the timing is just right, as soon as the modem
answers, the phreaker can wait for an operator to say "Will
you accept the charges," then say "Yes." The operator can't tell which
end said yes, and if the modem has a long delay before the connect tone, the
phreaker can get away with it. It couldn't be done entirely
electronically -- the voice contact is needed.
"I've never run across people accessing online services such as CompuServe in
this way, but I'm sure it happens," said McMullen. "People suddenly get
strange charges on their phone bills. "The hackers I've dealt with are very
brilliant and good at what they do. Of course, when you do something all day
that you're really interested in, you're GOING to be good at itmost recent hack
er case at Stanford University dealt with the
Legion of Doom, an elite group of hackers who broke into computers --
some containing national defense-related items.
"As I understand it, they're supposed to be the top hackers in the nation,"
McMullen said. "I started investigating the case when it began
crossing state lines, getting a bit too big. I contacted the FBI, who said
that because of the Secret Service's jurisdiction over credit card and
telephone access fraud, they'd taken over computer crime investigations that
are across state lines -- actually, anything involving a
telephone access code. This case, of course, involved access codes, because
the Sprint and AT&T systems were used, and it was the Secret Service, not the
FBI, that made the arrests. "I think that the publicity from this
case will scare people, and there'll be a lot less hacking for a while. Some
hackers are afraid to do anything: they're afraid that the Secret Service
is watching them, too."
TRACING
AT&T, Sprint and MCI now have ANI -- Automatic Number Identification -- as
does Pacific Bell. It aids a great deal in detecting hackers. Pacific
Bell usually just assists in this type of investigation and identifies the
hackers. "It's easy to trace a call if the caller logs in more than once,"
said Suthers. "The moment they dial in, a message is printed out -- before the
phone even answers -- pinpointing where it came from, where it went to, the
whole shmeer.
"A blue box made it much harder to detect, but if a hacker used it
consistently, we could eventually trace it back. So if someone is in
California and makes it look as if he'd called from New York, we can trace it
across the country one way, and then back across. Generally, though if the
call IS billed to a New York number, the caller is actually somewhere like
Florida. But we can back-trace the call itself, especially if it's
extremely long."
But recently someone broke into Pacific Bell "through a fluke of
circumstances." Suthers said, "We closed down that whole area, so they
can't get back in that way, but if they dial the number again, they're in
trouble."
If Pacific Bell Security detects a break-in, the area is secured
immediately. Sometimes hackers are steered toward a kind of
"pseudo-system" that makes them THINK they've broken in -- but in fact
they're being monitored and traced. As to how many hackers there are, who
knows? There's a lot of misuse and inside work that's never detected or
reported.
SECURITY
Security systems are expensive, but someone with a lot of data and an
important system should seriously look into one. Very few hackers are caught,
simply because few corporations have good security systems.
"Passwords should never be names, places or anything that can be found in
a dictionary," said Suthers. "People shouldn't be able to just write a
program to send words from their AtariWriter Plus dictionary disk.
Normally there should be a letter here, a few numbers there -- garbage. tes a pr
ogram to generate random symbols and keeps calling back
until he breaks in, he'll probably be traced.
"Some corporations aren't very computer literate and don't worry about things
like passwords until they've been hit, which is a shame. But it's all out
there in the books. TRICKS OF THE UNIX MASTER (by Russell Sage, published by
SAMS Publications, $22.95) is a beautiful book that tells you exactly
what to do to avoid break-ins." McMullen said that Stanford is trying
to tighten up security by emphasizing the importance of better passwords.
"When researchers want to do their work, however, they don't want to mess
with passwords and codes," he said. "Universities seem to want to make
their systems easier for researchers to use. The more accessible it is,
obviously, the less security there is in terms of passwords. It's easier to
use your name as a password than some complicated character string.
"So any hacker worth his salt can go onto any computer system and pull out
an account. Especially with UNIX, it's very easy to access it, entering as the
password the first name of the person who has the account. These Legion of
Doom hackers used a program that actually found out what the passwords
were: it began by just checking the names. They were very successful -- it
was just unbelievable."
But McMullen feels that security fell way behind the advances made in
computers, and several avenues were left open for people to explore.
"Often these hackers don't mean to be malicious or destructive," he said,
"but I think they really feel triumphant at getting on. Sometimes
they do damage without realizing it, just by tramping through the system:
shutting down phone lines, programs and accounting systems."
However, the strides made in security since then have accounted for arrests,
confiscations and convictions all over the country -- but there are still many
more who haven't been caught.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
NOTA:
Most real hackers are familiar with LOD/H (Legion of Doom/Legion of Hackers).
Currently there is a technical journal being put out by LOD/H. It can
be found on most of the finer boards.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
TITLE: Toll Fraud Trial Sets New Tone
FROM: Network World
DATE: May 25, 1987
DALLAS-
The recent jury conviction of a Texas man for the theft and sale of
long-distance access codes may make it easier for long-haul carriers to stem
the tide of toll fraud, which costs the industry and estimated $500 million a
year. On May 11, a U.S. District Court jury here found Dallas resident Jack
Brewer guilty on two counts each of trafficking and possession of telephone
access codes stolen from Texas National Telecommunications, Inc. (TNT), a Texas
long-distance carrier. Brewer was charged under a section of the federal
Comprehensive Crime Control Act of 1984. Sources close to the the case
said Brewer may be the first person to be convil fraud
in the U.S. The case is also seen as important because it indicates growing
recognition of toll fraud as a serious crime. Brewer was selling the stolen
codes, which telephone callers use to access long-distance circuits of
carriers other than AT&T and which those carriers use for billing,
according to Terry K. Ray, the assistant U.S. attorney who prosecuted
Brewer. TNT officials said use of the stolen codes cost the company $30,000.
Ray said he met with representatives of MCI Communications Corp. last week to
discuss the investigative techniques used to apphrehend Brewer and legal
methods used to win the conviction. Brewer will be sentenced by a judge on
June 4 and faces a maximum sentence of 50 years imprisonment and a $1 million
fine. Toll fraud places a heavy financial burden on MCI and other
carriers Neither MCI nor AT&T would divulge what toll fraud costs them, but
US Sprint Communications Co. said fraudulent use of access codes lowered
its first-quarter 1987 revenue by $19 million.
Brewer was apprehended through a sting operation conducted with the
help of TNT, Southwestern Bell Corp. and the U.S. Secret Service.
Southwestern Bell monitored Brewer's private telephone as he dialed numbers
sequentially in a trial-and-error attempt to ascertain active access
numbers. The regional Bell holding company kept a list of the working
access codes obtained by Brewer. Secret Service agents then contacted
Brewer, posing as buyers of access numbers. For $3,000, Brewer sold them
a list of 15 numbers, which matched the list made by the RBHC. MCI has joined
with AT&T, US Sprint and some smaller carriers to form the Communications
Fraud Control Association. Rami Abuhamdeh, executive director of the
Tysons Corner, Va.-based group, said there have been several convictions for
toll fraud to date, but those cases were decided by judges, not juries. A
number of federal and state statutes apply in stolen code cases, depending
on how and where the offender defrauds a carrier, Abuhamdeh said. Gaston
Sigue, a lawyer for the antifraud association, said the TNT case is
significant because jury convictions are more difficult to get than
convictions from a judge, and it indicates that Americans have come to
recognize telephone fraud as a serious crime. Abuhamdeh said that as carriers
gain equal access to local exchanges, they will phase out code numbers as a
way of accessing long-distance circuits and the level of toll fraud will
decline.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
NOTA:
This type of code-selling has gone on a lot. Many times, the sellers are
homeless who just go up to a telephone and randomly hack codes out. The people
