Copy Link
Add to Bookmark
Report
Tolmes News Service 33
#######################################
# #
# #
# ======== =\ = ====== #
# == = \ = = #
# == = \ = ====== #
# == = \ = = #
# == = \= ====== #
# #
# #
# <Tolmes News Service> #
# ''''''''''''''''''''' #
# #
# #
# > Written by Dr. Hugo P. Tolmes < #
# #
# #
#######################################
Issue Number: 33
Release Date: April 2, 1988
We'll start Issue #33 with an article on hacking. There are some quotes from
John "Cable Pair" Maxfield other computer crime experts.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
TITLE: Breaking and Entering- High Tech Style
FROM: The Chicago Tribune
DATE: March 20, 1988
By Lamont Wood
We've learned about computer security- or insecurity- from the movie
"WarGames," which shows that an American kid with a computer can bring the
Pentagon to its knees, and from Pentagon kid Col. Oliver North, who was brought
to his knees by his computer.
So the question arises: Are these things safe? Is "computer security"
an oxymoron, a phrase that combines mutually exclusive concepts.
Let's consider the terrifying side of the questions, as emboidied in
"WarGames," where a teenager uses his home computer to crack the access code
of a Pentagon computer and nearly triggers World War III.
Yes, there are kids (and adults) who make a hobby of intruding on large,
corporate computers through telephone access ports. (They're often called
"hackers," which in the computer field indicates anyone who approaches his job
as if it were an intricate puzzle.) Some maintain computer bulletin boards
to exchange information with other hackers.
"There are probably about 200 dangerous hackers in the country," said
John Maxfield, a computer security consultant in Southfield, Mich., who
follos the hacker community. "Most are thrill-seekers - the joy-rider
mentality, but with a computer.
"A boy will usually get started through software piracy [copying
software without buying it] and will access the hacker boards to exchanges
programs," using names such as Fatal Error, Glitch or Agent Steal, Maxfield
said. "The danger sign is that suddenly, he has hundreds of floppy disks.
"Often, the parents will complain to him about the large long-distance
bill he has rung up. The next month, the bill's back to normal and the parents
are happy, but what it means is that the boy is now engaging in long-distance
toll fraud as well. The next danger sign is the sudden appearance of new
computer equipment that he could not have afforded; he'll say he won it at a
drawing at the computer store."
He probably bought it with a stolen credit card number, acquired in
nighttime forays into corporate dumpsters, where hackers look for discarded
computer manuals and often find credit-card sales slips.
Lest we sound sexist, Maxfield said girls are heavily represented in
toll-fraud cases and in cor invasions by "hackers"
armed only with push-button telephones. (A voice mail system is sort of
multiuser computerized answering machine. About all you need to invade it is
a knowledge of the system and a push-button phone.)
"They're just not concerned about the consequences of their actions"
said Maxfield of hackers in general. "And when they're caught, they usually
fall all over each other turning in their friends. The courts are usually
too lenient, but then again, what are you going to do with a 14-year-old?"
On the other side, you could not say that hackers are a flood tide
threatening to swamp the nation's computers. For instance, BIX (Byte
Information Exchange), a national computer bulletin board run by Byte
Magazine out of Peterborough, N.H., advertises in magazines by giving
partial instructions for logging into the system. You'd think the ads would
be an invitation to hackers, who would simply have to guess a valid password
and a user name.
"But to my knowledge, no one has ever hacked their way into the system,"
said George Bond, executive editor of BIX. "The problem has been people
registering with stolen credit-card numbers. To me, it has been a real
object lesson about tearing up your carbons [of credit card sales slips]."
So if the hackers' fixation is on credit-card numbers, you'd think they
would crack into the computers of TRW Inc.'s Information Services Division in
Orange, Calif. TRW, the nation's leading supplier of credit reports, has files
on about 138 million Americans.
These files provide the credit status of a stolen card number and show
the numbers of the victim's other cards. Various credit bureaus and
merchants make about 400,000 inquiries a day into the files, largely over the
kind of dialup connections a hacker could exploit.
But TRW polices the traffic-using software that tracks the usage pattern
of each subscriber and looks for things that don't fit, said Bill Tener,
director of operational and regulatory compliance for the division.
"We've never had anyone hack their way into the system," Tener said. "Most of the intruders we have followed already knew an access code and were masquerading as a legitimate subscriber. Two such scases a month is the most we've had."
These have included private investigators, Tener said, certain "credit
clinics" trying to appear legitimate and employees in subscriber's offices
sneaking a peek after hours. In other words, people who have acquired inside
information.
The insider is always the main source of danger, said Donn B. Parker, senior management consultant at the research firm SRI International in Menlo Park, Calif. He has examined more than 2,000 computer crimes in the last 18 years.
"The biggest form of loss is insider embezzlement," Parker said.
"The increased complexity that computer add tends to limit the crimes to
insiders. And the most common method is the modification of data before it goes
into the computer."
In other words, cooking the books to cover what you've purloined.
The situroving as tomp management comes to understand
computers better, he said. "Computers can be made more secure than manual
systems, using passwords, encryption and data access controls. Most business
take most of the measures. But security is a relative thing- and with computers
the stakes can be higher."
"Viruses" also cause problems. These are programs written by vandals,
designed to destroy data and distributed on computer bulletin boards under
innocent disguises. This has been going on for years, Parker said, but a rash
last fall in San Franciscon Bay area caught media attention.
And the computer is never insecure when you need it to be, as Nort found
during the Iran-Contra hearings. He had tried to cover his tracks by deleting
memos from his office computer, but later found that some helpful person
had been making backup copies of everything, just in case.
And if North's case reverses the usualy complaint about computer
security, perhaps that just shows that computers have come of age.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
A Few Notes on This Article:
----------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"We've learned about computer security- or insecurity- from the movie
'WarGames,' which shows that an American kid with a computer can bring the
Pentagon to its knees"-
A lot of people, especially r0dentz, are basing hacking on this movie. I
think all real hackers are able to laugh at the movie.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"..using names such as Fatal Error, Glitch or Agent Steal, Maxfield said."-
Again, the hackers mentioned:
- Fatal Error
- Glitch ("The Glitch" actually)
- Agent Steal
All of these people were on Executive Inn, which is not down. This might
indicate that Maxfield was on Executive Inn.
This rather interesting because Maxfield was being discussed on Executive
Inn before it went down. Here are just a few messages from Executive Inn:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Message #52 of 68
Subject: Dan the man....
From : Marc Blitz [Level 70]
To: ALL
Time: 12/14/87 at 11:07 pm
Probibaly means your on his private database that he uses for "consulting" like
the Detroit Maxfield story.....
Hmmm...I believe a visit to motor city is in order.....
"Machineguns ready to go....."
-Queen
Message #57 of 68
Subject: Maxfield
From : Fatal Error [Level 60]
To: ALL
Time: 12/18/87 at 4:47 am
John maxfield (cable parer) lives about 5 minutes from me... we have on
occasion gone by his house and gave him little prei was just wondering does
anyone know of anyone else that keeps records like mansfield...
F.E.
Message #58 of 68
Subject: Well
From : Argos [Level 1002]
To: ALL
Time: 12/18/87 at 10:52 am
A lot of rumors were going around sayingaxfield Informants
included, Dan the Operator and Mad Hatter but that is yet to be confirmed.
Argos.
Message #64 of 68
Subject: R) Maxfield
From : Marc Blitz [Level 70]
To: Fatal Error
Time: 12/19/87 at 10:37 pm
r
Im doing a workup on his profile, i know a canadian relative of his.
Ill report occasionaly as i find out stupj on him.
Message #66 of 68
Subject: maxfield....
From : Fatal Error [Level 60]
To: ALL
Time: 12/20/87 at 3:56 am
Somewhere around here I have Maxfield's # and address. I used to
have his cable pairs but that was a while ago.....I might still have one of
his phone bills i stole from his mailbox....oh, and maxfield doesn't just
work for mci, he has his own security company and leases his 'services' to
anyone interested....... ive already published copies of his phone
bill...what should i do now? make it interesting...
F.E.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This isn't to say that Maxfield was definitely on the Executive Inn. It might
just be a coincidence that the three people he named (Fatal Error, Glitch,
and Agent Steal) were all on E.I.
There is also the possibility that all three of these hackers are all on
another bulletin board.
About Maxfield:
---------------
John Maxfield has been discussed in previous issues of TNS and you might
read them to find more information on him. He runs an operation called
BoardScan which keeps track of hackers across the country. He has been hired
out as a security analyst to many corporations. It is also believed that he
worked for MCI for a while.
BoardScan keeps track of hackers and what they are doing. For many people,
he has the hacker's real name/address/telephone number. For some hackers
he just has a list of what they have done.
Some people say that he has become obsessed with LOD/H. He's been in other
newspapers/magazines before this such as U.S. News & World Report. It's said
that he can be hired out as a mercenary to find people. One thing that he does
is infiltrate phreak/hack bulletin boards under various handles. He does
this to find out what is going on in the phreak/hack world and to find what
certain phreaks/hackers are doing. One project that he was involved with was
"THE BOARD" a sting operation in which he set up a phreak/hack board and
obtained the real names and phone numbers of many hackers.
He's dangerous and should be avoided.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Yes, there are kids (and adults) who make a hobby of intruding on large,
corporate computers through telephone access ports."-
I suppose it could be called a hobby. All this is very basic on the hacker
world.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"And when they're caught, they usually fall all over each other turning
in their friends."-
Unfortunately, this is true in many cases. Certain people will do anything to
get out of
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ON TRW:
"'We've never had anyone hack their way into the system,'"-
This might be true. The people who go on TRW do so by obtaining discarded
passwords and such. The most famous case of a hacker on TRW occurred when
a hacker found out Richard Sandza's credit-card numbers.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"... Donn B. Parker, senior management consultant at the research firm
SRI International in Menlo Park, Calif. He has examined more than 2,000
computer crimes in the last 18 years."-
It seems that whenever there is an article about hackers, Donn Parker makes a
statement about what hackers are doing. Please see previous issues of TNS for
more information on Mr. Parker.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"'Viruses' also cause problems. These are programs written by vandals,
designed to destroy data and distributed on computer bulletin boards under
innocent disguises."-
This was probably put in because viruses are currently a hot topic in the news.
See TNS Issues #26-29 for more information on computer viruses.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
