Copy Link
Add to Bookmark
Report
Chaos Digest Volume 01 Numero 12
Chaos Digest Lundi 1 Mars 1993 Volume 1 : Numero 12
Editeur: Jean-Bernard Condat (jbcondat@attmail.com)
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere
TABLE DES MATIERES, #1.12 (1 Mars 1993)
File 1--Re: Des adolescents anglais transformes en hackers
File 2--Piratage sur le reseau Janet
File 3--Hackers en Coree du Sud
File 4--Guide d'Utilisation d'un Outil de Securite PC (manuel)
Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from jbcondat@attmail.com. The editors may be
contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at:
Jean-Bernard Condat, Chaos Computer Club France [CCCF], 47 rue des Rosiers,
93400 St-Ouen, France
Issues of Chaos-D can also be found on some French BBS. Back issues of
ChaosD can be found on the Internet as part of the Computer underground
Digest archives. They're accessible using anonymous FTP from:
* ftp.eff.org (192.88.144.4) in /pub/cud
* red.css.itd.umich.edu (141.211.182.91) in /cud
* halcyon.com (192.135.191.2) in /pub/mirror/cud
* ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD
* nic.funet.fi (128.214.6.100) in /pub/doc/cud
CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited.
Some authors do copyright their material, and they should be contacted for
reprint permission. Readers are encouraged to submit reasoned articles in
French, English or German languages relating to computer culture and
telecommunications. Articles are preferred to short responses. Please
avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.
----------------------------------------------------------------------
Date: Tue Feb 23 20:06:14 CST 1993
From: jp-sorlat@altern.com (jp-sorlat )
Subject: File 1--Re: Des adolescents anglais transformes en hackers
NEWS RELEASE
Press Officer: Martin Herrema: 071 911 5101
February 24, 1993
Statement on Hacking at PCL
The Polytechnic of Central London (now the University of Westminster) was
affected by a 'hacker' on April 23, 1990. The 'hacker' gained access to
the polytechnic's computer teaching systems via the academic joint computer
network JANET, which serves all British universities.
The 'hacker' made some changes to the system, mainly to the on-screen
start-up messages. These were spotted very quickly on the morning of April
23 by staff, who then changeg the public access messages back to the
correct wording. The University of London Computer Centre, which provides
network support for JANET, was informed of the situation.
The teaching systems contained a variety of information concerned with
course administration and delivery, but there was no evidence thet the
hacker achieved anything other than a change of message. The systems were
turned completely to normal within a few days, and the incident caused
minimal disruption to the work of the polytechnic. Since the incident
further security measures have been built into the University's computer
systems.
------------------------------
Date: Wed Feb 24 13:19:23 1993
From: S15810@PRIME-A.PLYMOUTH.AC.UK (Stuart Wyatt )
Subject: File 2--Piratage sur le reseau Janet
ENGLISH HACKER PROSECUTED
+++++++++++++++++++++++++
Unlike America and most other countries, England does not have too much to
show for arresting hackers and bringing them to justice. This means that
each time a hacker is caught, it makes headline news and creates the same
foreboding atmosphere that hacking reports created in the early 1980's.
The latest story is of a young hacker, Paul Bedworth.
Bedworth started hacking at the age of 17, and through the many computers
he accessed, he teamed up with 2 other hackers 10 years his senior. From
his bedroom, using his #200 computer he dialed into pad-ports at
Universities and from there, penetrated Internet. By spending hours at a
time hacking, he amassed huge telephone bills (one was 34 pages long). Due
to the BT bills, his parents banned him from using their telephone. This
however did not stop his antics - He soldered a link from the BT socket
and ran the wire under the carpet into his bedroom.
By using Janet (The Joint Academic Network) he hacked into many University
computers with the main intent to delete sensitive files and crash the
system. His idea of hacking was to disrupt as many computer systems as
possible. Other computers he attacked were the Financial Times network,
Lloyds bank, and a whole host of computers spanning France, Germany and
Luxenbourg.
He got around the problem of running up huge telephone bills by accessing
the billing computer, and transfering large segments of the bill to
innocent users at Manchester University.
Bedworth was arrested after another University put a trace on his calls.
He was charged with three dishonesty charges, which he pleaded not guilty
in court. The case is continuing at the moment (24 Feb 1993) and I will
forward any news as and when I get it.
In the U.K., there is a law which prohibits hacking, and hackers can be
charged with gaining unlawful access to a machine and if any data is
altered or destroyed, then that is also a criminal offence. It seems
strange that Bedworth was not charged with gaining unlawful access and
the destruction of data - But then, unlike the rumours that circulate the
world, the British judicial system is not all its cracked up to be.
________
-Stuart Wyatt ( )____
( Alas, life )
P.S. I am currently collating information on hacking and( is but an )
hackers for a forthcoming book. If anyone wishes ( Aardvaark.. )
to contact me IN THE STRICTEST OF CONFIDENCE then ( __ )
feel free to email me. . (_____) (____)
* * * * * * * * * * * * * * * * . ? . ()
* CHEERS_ THEN - _ _ * __ ()
* ___/_/______|_|___| |__ * / \ ()
* |________ _______| |__| * |_ _|
* / / | | | | | | * |(0)||(0)|
* / /___ | | | | | | * /|_ \/ _|\
* /___ / | | | | | | * || | == | ||
* / / | | \ \__/ / * || \____/ ||
* / / |_| \____/ * ///\ !! /\\\
*-*-/_/-*-*-*-*-*-*-*-*-*-*-*-*-=-=-=-=-=-=-=-=-!!!-!-=-=-!-!!!-=-=-=-=-=-=
>From : Stuart Wyatt (Student, HNDCS1)
Faculty of Technology, *> Be excellent to everyone - dude <*
University of Plymouth,
Drake Circus, Email: S15810@uk.ac.plym.pa (PRIME)
Plymouth, England. stuartw@uk.ac.plym.cd.zeus (SUN)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
Date: 20 Feb 93 06:17:14 GMT
From: kafka@desert.hacktic.nl (Kafka )
Subject: File 3--Hackers en Coree du Sud
Repost from: alt.security
+++++
COMPUTER HACKER HELD FOR FORING PAPERS
Seoul, Feb. 18 (AFP) - South Korean prosecuters
have arrested a computer hacker on charges of
falsifying presidential Blue House documents to
demand classified data from a dozen financial
institutions, authorities said today. Prosecuters
arrested Kim Jae-yol, 23 late yesterday in the
first such hacker case here on multiple charges of
forgery of official documents and attempted fraud.
Kim, an unemployed, self-taught computer wizzard,
allegedly falsified the Blue House's secret
computer password and presidential facsimiles to
demand classified computer information from 12
financial institutions, includang several
commercial banks.
+++++
Mmmm, I wonder how you 'falsify (....) a password'.
(P)
==== Kafka ======= kafka@desert.hacktic.nl ===== 1st class l00zur =========
"The Techno Rebels are, whether we recognize it or not, agents of the Third
Wave. They will not vanish but multiply in the years ahead."
- The Third Wave, Alvan Toffler
------------------------------
Date: Mon Feb 8 08:51:00 CST 1993
From: Cerasela Tanasescu
Subject: File 4--Guide d'Utilisation d'un Outil de Securite PC (manuel)
Copyright: DCSIS SA, 1993
KHEOPS
The confidentiality of your PC
USER GUIDE--Version 2.1
S.A. DCSIS, Avenue de Cambridge, Technopole CITIS
14200 HEROUVILLE SAINT CLAIR, FRANCE
Phone: (33) 31.06.00.06, Fax :(33) 31.43.79.95
WARNING
The DCSIS Company may not be held responsible for the damage that may be
caused directly or indirectly by this software.
PRECAUTION
Any manual installation or uninstallation together with any illegal copy of
KHEOPS may damage the data on your hard disk.
We strongly recommend performing a backup of your data before installing
KHEOPS. This backup should be renewed frequently as a prevention against
fraudulent intrusion attempts which might affect the right functionning of
KHEOPS.
If this was the case, DCSIS could not be held responsible for any damage.
1. PRESENTATION OF KHEOPS
Nowadays, all micro-computers contain sensitive data: client files,
production figures, programs, payrolls etc... Besides, all this data and
knowhow are stored on computers that more and more people know how to use,
whether they are entitled or not. The risk of information leak and file
copy is growing. Companies must therefore protect themselves.
DCSIS has developped KHEOPS with this in mind. This is an access control
software for all PC/AT micro-computers running MS/DOS(Versions 3.2x and
5.0). This program ensures the safety of the PC whether mono or multi
users, connected to a network or not, so that maximum confidentiality is
guaranteed.
Main Functions
- computer access control;
- computer locking up when the user gets away from his PC;
- boot control with a diskette.
Besides, with the diskette administrator program:
- users management (up to 31 + administrator)
- logbook consultation
- computer unlocking
- program customization
2. MAIN FUNCTIONS
The security ensured by KHEOPS is strictly software, i.e. there is no need
of any hardware device.
2.1. Access control
Computer security conventions specify two terms: user identifier and
password. Every user is given: (1) a user identifier, hereafter user id,
which may be structured around the notion of user group, (2) a password.
This pair user id/password must be unique and known only to the user. The
password must obviously never be written or communicated to anyone.
Procedure
Access control is carried out by the only program that can run when the hard
disk is locked up. This program prompts the user to type his user id. and
password. Once this is done, the pair user id/password is looked up by
KHEOPS in a user list stored on the disk. This list is coded and is unknown
to the operating system.
If this control is successful and the password is recognized as valid
(validity date), then the hard disk is made available and the user can make
full use of his PC.
On the other hand, if the authentification fails, the user is invited to
start again. After 'n' unsuccessful attempts, keyboard and hard disk are
locked up: hard disk reboot is impossible. Diskette boot will not give
access to hard disk. Only the administrator can put things in order again
thanks to his KHEOPS diskette.
Hard disk locking will also occur if a user tries to log in with an outdated
password.
The user list can hold up to 32 entries, that is an administrator plus 31
users. This makes it possible to share a PC between several users, every
one of them being answerable for his session.
2.2. Hard disk locking
When the disk is locked up, it is apparently empty. The only response to
the DIR command is: "NO FILE FOUND". The disk and all its partitions
(virtual disks D:\, U:\, V:\...) are also locked up. It is impossible to
copy or delete files, to create directories of to execute programs. Last
but not least, neither NORTON nor PCTOOLS are able to retrieve the files.
2.3. Resident program
When the PC remains unused for a certain period of time, a small resident
program is activated after a given period of time. This program locks up
screen and keyboard, and displays the standard login window. The only
action that remains possible is to enter user id. and password. The
resident program is activated due to a temporization or upon user request,
e.g. by pressing right SHIFT/left SHIFT.
3. SECURITY MANAGEMENT
3.1. User Identifier and Password
Both user id. and password must be 7 characters long. But contrary to the
user id. which is permanent, the password must be renewed regularly.
Let us explain the procedure: when anyone runs the access control for the
first time, he is invited to enter his password twice (to make sure the
spelling is correct).
This password has a three months validity. During the last 15 days of
validity the user will be prompted to change his password. A message will
display the deadline and explain that this change is compulsory. The user
is free to take no notice of this warning but once the deadline is reached
the computer disk will be locked up and only the security administrator
will have power to straighten things up.
If the user decides to change his password, again KHEOPS will invite him
to type it twice. The new password will only be accepted if it is found to
be different from the user's last 6 passwords.
The procedure explained above is only valid for "standard users". There
are two exceptions:
- the administrator for whom there is no password time restriction;
- temporary users. The validity deadline is decided upon by the
administrator. These password are not renewable. This option allows
people to work on the PC on a temporary basis.
3.2. Logbook
Like in the case of the user id/password list, the logbook is coded. Only
the administrator is entitled to consult it. This book is updated at the
time of access control.
The following information is available:
- successful connexions (and number of attempts);
- disconnexions and duration of session;
- PC lock up following 'n' unsuccessful password presentations;
- PC lock up due to outdated password presentation.
Every entry in the logbook also includes date, time and user id. In the
case of a system locked up due to 'n' unsuccessful attempts, only the last
user id. is kept.
The logbook contains up to 127 entries. Once the file is full, new entries
replace the oldest records.
4. KHEOPS IMPLEMENTATION (Administrator)
4.1. Installation
KHEOPS installation imperatively requires a floppy disk drive. Use a KHEOPS
diskette with the adequat format (3.5' or 5.25').
- Insert the KHEOPS diskette into drive a;
- Boot the PC again (on a:).
The following pull-down menu will then be displayed on the screen:
| MAIN MENU |
| - Install KHEOPS |
| - Modify present system |
| - Uninstall KHEOPS |
On every screen the following warning is displayed for information:
| On all menu |
| ESC: quit |
| : preceding item |
| : next |
| : item(un)select |
- Validate every option by pressing the ENTER key;
- Choose option "INSTALL KHEOPS". The program will display the following
message:
"Installation under way. Please wait".
- Another window will pop up:
| Administrator characteristics |
| User identifier : |
| Password : |
- Enter administrator user id. and password (7 characters). Both must be
validated by pressing ENTER key. They will be required on every use of
the KHEOPS diskette;
- Confirm the password.
Installation will then proceed. Wait for the message:
"KHEOPS is installed"
Program customization is now necessary.
| SYSTEM CUSTOMIZATION |
| Resident program activation delay (mn) : 5 |
| Background tasks authorized : 0 |
| Debugging authorized : 0 |
| New hot-key : N |
| Screen backup drive : C |
| Number of attempts before lock up : 3 |
| Windows utilization : N |
The administrator can now "add a user".
- Press "ENTER" to type a user id, or
- Press "ESC" if the user list is complete.
The first user that is created in the list is the administrator.
In order to put an end to KHEOPS installation :
- Press "ESC" key on Main Menu;
- Remove the KHEOPS diskette (KHEOPS will prompt you to do so);
PC will reboot automatically. On PC reboot, the screen will display the
standard login screen. Two situations may now occur:
Case #1: The administrator attempts to log in. He can type his id. and
password,
Case #2: A new user logs in. The program then displays the following
message:
"Enter new password"
The password must be 7-characters long. This password must be checked as
typing errors are easily made. This is why the user is prompted to type
his password once again.
If the two secret codes are identical, access to the PC is authorized.
"KHEOPS installation is complete"
4.2. System Modification
- Insert KHEOPS diskette into drive a:.
- Type the following, then press "ENTER":
"A:KHEOPS"
A window invites the administrator to type his id. and password.
| Administrator characteristics |
| User identifier : |
| Password : |
Following which the main pull-down menu is displayed on the screen:
| MAIN MENU |
| - Install KHEOPS |
| - Modify current system |
| - Uninstall KHEOPS |
Upon selection of "Modify current system" another pull-down menu is
displayed:
| SYSTEM MODIFICATION |
| Work on the list |
| Unlock hard disk |
| Logbook consultation |
| System customization |
Work on the list
++++++++++++++++
| WORK ON THE LIST |
| Cancel a user |
| Add a user |
| Add a temporary user |
| Unlock a user |
| User list consultation |
"Add a user"
This option is used to allow a new user to use the micro-computer. The
administrator is invited to type the user's name:
| User characteristics |
| Name : Doherty |
This name is the user id. and must imperatively be 7-characters long.
"Cancel a user"
This option is used to disable a user. The administrator is invited to
type the user's name:
| User Removal |
| Name : |
Once the administrator has pressed ENTER, the user no longer stands in the
list.
"Add a temporary user"
This option makes it possible to add a user to those who have access to the
PC on a temporary basis.
| Temporary user |
| Name : |
- Type his user id. and press "ENTER".
The program will then invite the administrator to type the user's time limit
of access to the PC.
| TEMPORARY ACCESS |
| Validity deadline : |
| Year : 91 |
| Month : 07 |
| Day : 15 |
| |
| Confirmation (Y/N) : o |
- Type two digits for year, month and day, then validate your data by
pressing "Y"es of "N"o.
"Unlock a user"
When a password is outdated (3 months validity period), the PC is
temporarily locked up. Only the administrator can unlock it thanks to
this option.
"Display user list"
This option is used to display the list of all users entitled to use the PC.
Unlock Hard Disk
++++++++++++++++
After 'n' unsuccessful login attempts the hard disk is locked up. Only the
administrator has the possibility to unlock it thanks to this function.
Logbook Consultation
++++++++++++++++++++
A cyclic logbook containing the last 127 entries is displayed with the
following data:
- user id.;
- date and time;
- action: login, logout, PC locking;
- description: number of login attempts, duration of connexion, number
of unsuccessful attempts.
This option makes it possible for the administrator to check who uses the
micro-computer and for how long.
System Customization
++++++++++++++++++++
Thanks to this option the administrator can adapt KHEOPS to users need.
| SYSTEM CUSTOMIZATION |
| Resident program activation delay (mn): 5 |
| Background tasks authorized : o |
| Debugging authorized : o |
| New hot-key : o |
| Screen backup drive : c |
| Number of attempts before lock up : 3 |
| Windows utilization : n |
* "Resident program activation delay"
The administrator should type the temporization that is desirable before
the login screen is displayed when the PC remains unused.
* "Background task authorization"
We strongly recommend using this option in case of intensive use of the
hard disk (e.g. compilation, printing). Keyboard will be locked up, but
background tasks will carry on their job. In case your reply is No,
keyboard, screen and hard disk will be subject to access control.
Remark: "Background tasks" must be authorized in the case of a network
server.
* "Debugging authorized"
The administrator indicates whether or not the use of a debugging tool is
authorized.
Remark: Debugging should be authorized in case the PC shows uncontrollable
reboot problems.
* "New hot-key"
The hot-key activates the resident program at any time. The default hot-
key value is "left shift/right shift". Nevertheless the administrator is
free to change the hot-key value.
* "Screen storage disk"
This option enables screen backup on a hard or virtual disk (200 KB are
necessary). The default disk drive is c:.
* "Number of attempts before system lock-up"
This function makes it possible to customize the number of user id/
password presentation attempts before hard disk lock-up.
REMARK: Any modification of one of these options will only be taken into
account once reboot has been performed.
4.3. Uninstalling
- Insert KHEOPS diskette into drive a:;
- Type: "A:KHEOPS";
The following window pops up:
| Administrator characteristics |
| User identifier : |
| Password : |
Once the administrator id. and password have been validated and checked
KHEOPS displays the main menu.
| MAIN MENU |
| - Install KHEOPS |
| - Modify present system |
| - Uninstall KHEOPS |
- Choose "Uninstall";
After a few seconds the following message is displayed on the screen:
"The system must be reset"
- Take the KHEOPS diskette out of the drive as the PC will reboot
automatically.
"KHEOPS has been totally uninstalled"
4.4. Hard Disk Unlocking
After 'n' unsuccessful user id/password presentations, the following
message is displayed on the screen:
| Hard disk and keyboard are locked up. |
| Please phone the administrator. |
The PC will be unable to boot on hard disk. Any attempt to do so will
result in the screen to display the following message:
"Non system disk".
- Insert KHEOPS diskette into drive a:;
- Reset the PC so that it boots on the diskette;
- Type adminitrator id. and password.
The following message is then displayed:
"The system must be reset"
- Leave the diskette in drive a: and reboot. Then, when prompted to, type
administrator id. and password.
The PC is unlocked.
5. KHEOPS IMPLEMENTATION (Users)
Now that KHEOPS has been installed, your data on the PC's hard disk is
protected.
5.1. PC Reset
At boot time, the user is invited to type his id. and password. Having
done that, he has free access to the resources of the PC.
5.2. Resident Program Activation
The function of the resident program is to lock up screen, if background
tasks are not authorized, and keyboard either due to temporization or upon
user request:
- Temporization: in case the PC has remained unused for 'n' minutes (as
set up by the administrator in the customization session, screen (if
background tasks are not authorized) and keyboard action is automatically
suspended.
KHEOPS displays the standard login window and invites the user to type his
id. and password. If the same user logs in again, his application is
restaured. In case another user attempts to connect himself then the PC
reboots.
- User request: the resident program can be deliberately activated by the
user by pressing the hot-key.
KHEOPS then displays the following message:
"End of session (Y/N) ?"
* By pressing the letter "Y" the user will ensure that the PC is
automatically rebooted if another user logs in;
* The user answers "N". This means that he wants to suspend his job
temporarily. KHEOPS displays the following message:
"Computer in use"
The only id/password acceptable are those of the user who pressed the hot-
key. Any other user will be rejected.
6. KHEOPS COMPATIBILITY
6.1. Hardware
KHEOPS can be installed on IBM PC/AT, PS/2 or compatible micro-computers
running MS/DOS version 3.2 to 5.0. DCSIS has tested this program on the
following computers: IBM PC/AT & PS/2, COMPAQ DeskPro (286S and 386S) and
LTE 286, SLT 286 and 386, EPSON EL2 and EL3S, GOUPIL G5 286, HP VECTRA 486,
OLIVETTI PC 310
6.2. Software
6.2.1. Standard software
KHEOPS has been tested and validated by DCSIS with the following programs:
MICROSOFT C, TURBO C, TURBO PASCAL, PCTOOLS, NORTON, DBASE, LOTUS 1.2.3...
6.2.2. Graphic software
KHEOPS can handle mouse and keyboard, which ensures compatibility with the
following programs: WORD 4 and 5, WINDOWS 2 and 3, PAINTBRUSH, PAGE MAKER
6.2.3. Antivirus software
KHEOPS is compatible with VIRUSAFE+, trademark registered by Eliashim
Microcomputers, which has been recognized as one of the best antivirus
programs on the market (VIRUSAFE+ can handle 1400 virus and is wellknown
for its preventive and curative vocation). The joint use of KHEOPS and
VIRUSAFE+ ensures maximum micro-computer safety. Install Virusafe+ first
then KHEOPS (this is imperative).
6.2.4. Network
It is possible to install KHEOPS on every workstation of a local area
network (e.g. NOVELL network) so that every station is protected locally.
------------------------------
End of Chaos Digest #1.12
************************************