Copy Link
Add to Bookmark
Report
SHA: Annual Year Protocol #4
___________ __ __ ___________
/\ ________\ /\ \ /\ \ /\ _______ \
\ \ \_______/ \ \ \ \ \ \ \ \ \_____/\ \
\ \ \_________ \ \ \____\_\ \ \ \ \____\_\ \
\ \_________ \ \ \ _______ \ \ \ _______ \
\/________/\ \ \ \ \_____/\ \ \ \ \_____/\ \
_______\_\ \ \ \ \ \ \ \ \ \ \ \ \ \
/\___________\ \ \_\ \ \_\ \ \_\ \ \_\
\/___________/ \/_/ \/_/ \/_/ \/_/
S W E D I S H H A C K E R S A S S O C I A T I O N
presents
<---------------------------------------------------------------------------->
Released Editor: Mr Big
Annual Year Protocol #4
28-Feb-92 (c) 1992
<---------------------------------------------------------------------------->
---------
- Index -
---------
Introduction.............................................
Voice of the Editor......................................
Voice of the Members in S.H.A............................
Inside story at court - S.H.A. member stands trial.......
New S.H.A. board.........................................
Royal Institute Of Technology............................
S.H.A. Member busted.....................................
Operation Sundevil, by Knight Lightning (guest writer)...
Cray II Attacked by S.H.A................................
Milnet and Goverment computers attacked by S.H.A.........
Guidelines for System Operators..........................
FSF/MIT Closing down the shop............................
Short World Wide news....................................
Blue Boxing..............................................
Carding today............................................
S.H.A's rules and advices for other hackers..............
Demoralized Youth, by Tormentor (guest writer)...........
S.H.A. Official Summer Party 1991........................
Prof of S.H.A. Hacking Activities........................
S.H.A. Body Guards.......................................
Investigation of S.H.A...................................
Back Chat................................................
Messages to System Operators.............................
The Future...............................................
Releases 1992............................................
How to contact S.H.A.....................................
Editors final note.......................................
Disclaimer...............................................
----------------
- Introduction -
----------------
Welcome to another annual year report from the only true hacking group
in Sweden today, The Swedish Hackers Association.
In this public release we have not included any detailed information about
any attacks made by members of S.H.A. since the Police and other goverment
agencies will receive this file in one way or another. Sorry if this cause
any trouble, but we have our reasons and we are not interested in busting
invidual members in S.H.A. Thank YOU for your cooperation.
All companys and goverment agencies are welcome to contact us for
assistance and help with their computer security.
The following persons have been involved in the creation of this 4th
protocol, and to whom we are gratefull to. Thank you and keep up the
good work.
Mr Big - S.H.A.
Lixom Bah - S.H.A.
Phearless - S.H.A.
The Chief - S.H.A.
D.O.C. - S.H.A.
Tormentor - Guest Writer, Demoralized Youth
Knight Lightning - Guest Writer
Note: No handles of members in S.H.A. are public and only those who are
writers and editors have their handles published in this file,
since they are already known to the public and the Swedish Police.
-----------------------
- Voice of the Editor -
-----------------------
Yet another year of interesting events has passed away. I can still remember
how it was one year ago; chaos and disorder, could the 3rd protocol be
released in time? and so on. Imagine, we have already released 4 annual year
protocols. 4 years of full documented hacking activity in Sweden by the very
best hackers ever existed in our country. Let it stay that way.
Our protocols used to be released in January/February each year, but this
time we have waited to release the material due to a trial against one of
our members. (we don't want to support the prosecutor with more information,
do we?). One of the main issues in this protocol will be the trial which was
held the 8th of January 1992. That should be included in the 5th protocol,
but we just couldn't wait ONE YEAR to publish it.
Another thing that has happend during the year is the bust of a couple of
SHA members. The "main" bust was at the 3rd of May 1991, when a small part
of our group were visiting the Royal Institute of Technology.
This resulted in some police searches at our houses one month later, and we
were brought for interrogation.
From a hacking point of view, 1991 has been a successful year of penetrated
computers, long nights and a lot of new knowledge.
The Swedish Police is currently investigating the organization S.H.A.
(we have indications that points in that direction. More about this
later) Because of that, we have to be very careful about what we write in
this stupid file. We have even thought of cancel this release but has
finally reached the decicion to continue, and take the consequences.
We have written it so nothing can be held against anyone in SHA in court,
(that's why you might find it a little bit odd.)
This whole protocol wasn't written overnight at the end of 1991.
We have been writing and re-writing it time after time during this year
until we decided that THIS is what we want to release to the public.
We will try to cover everything from real system hacking news to intervjues
with some of the virus creators in Sweden.
A major drawback for SHA was in the summer 1991 when the Swedish police
raided one of our members place and confiscated his computer system which
where hosting one of our bulletin boards we where running.
Tragic but not a disaster.
Atlast, I would like to say:
- All events and people in this file are all fiction and creation of our
fantasies and any matching with real people and events are only
coinsident as any other story or fiction.
But I'm sorry that I can't. All stuff are true and all events have taken
place. Anyway, nothing in this file can be tied to any invidual members
of S.H.A. and S.H.A. as an organization can not be blamed for actions taken
by invidual members of S.H.A.
This protocol are also distributed as a paper magazine in about 5000 copies.
So if the goverment are trying to seize our equipment used for the
production of this protocol, they are violating federal laws about press
freedom and freedom of speech.
So basically:
- Goverment agencies, you are shit out of luck.
We hope you will enjoy this protocol, and find it interesting.
If you haven't read any of our previous protocols. (1989, 1990 and 1991)
I suggest you try to get hold of some copies. The same goes for our other
releases about Hacking, Phreaking and Carding.
----------------------------------
- Voice of the members in S.H.A. -
----------------------------------
Here have the members in S.H.A. their "freedom of speech". They can write
anonymously or by their handles, it is up to them. But I guess they will
write anonymously. Who can blame them? <grin>
/Ed
--> Written by a anonymous member who do not want to be busted
Another year has passed with great hacking events. Many new computer systems
and operating systems have been penetrated. One slight drawback has been the
interest the police is giving S.H.A., but lucky as some people are,
(read me), they are not near of knowing all the people in S.H.A. and has
only those that are already known. Mouhaha, what suckers, they can't even
put two and two together. Anyway, maybe the luck will change, but until then
I will continue to make progress in the hacking field of experience.
I have even discovered that VMS is a great OS and not as secured as Digital
Equipment are trying to tell every one. And one neat feature with VMS is
that many goverment and military computers are running under VMS since it
is secured!! Mouhaha... they should know better. Anyway, I hope that you
hackers out there also have had a very good year. See ya on IRC.
--> Written by a anonymous member who do not want to be busted
I would just like to say this to the persons who are currently involved
in monitoring us and documenting our lives.
- Fuck with us and we will fuck with all the computers we can find, and
we will create total chaos and disorder.
This is not a threat, would I make threats? no, I just make promisses.
Anyway, I hope that you hackers out there reading this protocol will have
a great year without interference from goverment agencies. FUCK THEM!
--> Written by a anonymous member who do not want to be busted
I can still remember those warm days in May when I spent most of my time
on IRC, day and nights. I can remember the days in August as if it was
yesterday. Breaking into system after system, and roaming around on the
internet.
NASA was an easy target and some of their computers were successfully
penetrated and NASA Security began to scream.
Security? What a joke! It almost seems that no one out there have learned
enough to secure their system. I adore SunOS since new holes are found
every day, mouhahaha. Many system operators are stupid and don't know how
to handle a system to secure it. They do almost every mistake a system
operator can do, from having accounts without password to standard accounts.
Are only hackers reading DDN bulletins and CERT bug reports?
Sometimes I wonder. Gee, I've even found systems that have security holes
that was exploited back in 1986. Jesus! What are they thinking? Well, if
they are that stupied, they have to face the consequences. BTW, try they
following for testing the security: "rm /* -rf" If they have configured
the system incorrectly a catastophy would be the result. <grin>
--> Written by a anonymous member who do not want to be busted
1991 - The year that passed without notice
A Personal View
If you were to place 1991 in the scale of Hacking events, it must come last.
Last year was one of the most dull years for me. I compare it with the year
1990, and find that the first months of 1991 were pretty good, and then
everything went down the drain. No news, no new hackers, nothing interesting
happened. Then we had the internal divergent opinions that led to one thing
or another which you might already know. But still nothing new in the
hacking field.
I'm not sure what I'm supposed to write in this, the 4th S.H.A. Protocol,
but I'll try to make it somewhat filled with different opinions, views or
whatever I can come up with. Because it hasn't been a very productive year
for me in the hacking scene, I don't have very much to write about.
I feel there's enough textfiles about hacking and phreaking today, and too
many "new" groups who copy old material and release it as new. The old and
known groups, like Phrack and NIA are good enough for me. Also, these "new"
groups seem to be semi-eLiTe groups (recognized by the 'z's and the "k00l"
and "warez" words mixed with the old "new" material.)
No, let's support the old and known groups, and tell these "new" ones to
stick to their warezz trading unless they're NOT eLiTe d00dzz, if so,
support them! Well, that's about if from me. Not very interesting, I know,
but it's what I could come up with today. I know this 4th protocol will be
great, and I greet everyone working with/for it.
--> Written by a anonymous member who do not want to be busted
As said in the introduction and by the editor, this year has been a
successful one with new experience and new knowledge. Some tragic events
took place in the summer of 1991 when some SHA members were busted in
Stockholm, Sweden. The police is still investigating the organization
S.H.A., and therefore we have decided to exclude details which might be
held against us in court. After an eventually trial, all information will
be released. We promise. We have kept detailed log-books, date by date, so
there will be a hell of a release after an eventually trial. We have also
thought of writing a book, but that's just one of our 1000 projects...
New computer security systems has been a real challenge, and every system
has its weaknesses. The only way of getting a secure system is to chop the
Ethernet cable, but who wants to do that? They have to live with unsecure
systems as long as the S.H.A. is alive on the nets..
The newspapers have gone mad, and write everything except the truth about
hacking (read SHA). What they need is a lesson of professional journalism.
Just lucky they haven't recieved the police report yet. (where they state
that we, SHA, have broken into NASA). If the newspapers starts to write
about that, I bet they will missunderstand it and say that we were about to
start the World War III with help of weather satellites and so on...
(which isn't THAT far from the truth :-))
I feel that I have to throw some dirt at the Swedish Police Department.
Three of the most incompetent investigators when it's about computer fraud
are currently investigating and interrogating innocent citizens (read SHA).
A big fuck should go to S.K. who writes police reports from his fantasy.
If you listen to the tape and write what we say at the interrogations, and
stop writing fantasy stories in the reports, you wouldn't have a chance to
convince the prosecutor that you 'needed' search warrants to raid our
places. FUCK YOU.
The last report from you that I read was a big nasty bestseller.
When I crosschecked it with the interrogated person, it showed up to be
50% fiction and creations from your mind. But I guess you are not alone
to be so rotten in the Swedish Police Department.
(I guess I will regret this at the next interrogation, but it's worth it.)
Enough with bullshit from me, I'll leave the rest of this protocol to you.
--> Written by a anonymous member who do not want to be busted
Hello again folks. Another year has passed, and there's been happening a
shit load of things I tell you. What we see now, officially, is computer
systems are getting harder and harder to penetrate... that's true, but is
it impossible now?? Hahaha... I wouldn't think so if I were you.
I would like to compare the new security routines like this; a burglar is
loose in a town, but he only breaks in to yellow houses. And what does the
police do to stop him? The smartest way? (i.e. try to catch the criminal)?
no... they paint all the houses in the town in some other color than
yellow... with known results, the burglar chooses houses with another color,
and this goes on and on...
I find it Quite funny to watch system managers "improve" their systems...
and you're still on it... After the so-called improvements. Some system
managers try so hard, that you almost feel pity for them when it really
hasn't improved their security, after several attempts.
Ok, let's stop it here and see what types of system managers there are out
there on those nets...
* "The Toughie"
Hehe, this is a real baddie. He'll do anything to kick you off the system.
It's been cases when he has kicked out the wrong users.. (how we laughed!)
And other times when he kicks you off and off, but you always manage to
come back. You can't "trust" this guy, he'll feed you to the lions as soon
as he gets your ass booked. You'll probably face 3 extra years in jail if
this person is the attorney in your trial.
* "The Blind Man"
This is the, without doubts, the most common system manager. You can use
all the computers on his whole net without him noticing... and matching
passwords in 20 background jobs? No problem, just execute them and logout!
Login again, and have your 20 result files served to you on a silver
plate. And the poor bastard will never know they even existed.
* "The Smartass"
He can easily be mistaken for "The Blind Man", but you can try to find it
out by uploading some real scary-ass files about you're going to ruin
their whole fucking network, and keep it in you own directory, only
readable for your user. If you're kicked off the system short after that,
it wasn't "The Blind Man", it was this guy. But don't fool yourself...
even if you have a detailed file on how you're going to d-d-destroy their
system, and you still don't get kicked out... He might take the chance of
risking to restore the system, just to have your ass where he wants it.
(In court...)
* "Mr Panic"
Hey, this guy is quite familiar too. He's the one who tells the media,
the military, the local computer squad, the cops.. everything he can think
of, just as soon as he detects you. He don't risk ANYTHING... He's
possessed with the manic thought that HE let a 11 year old HACKER into HIS
system!! (his safe, safe, hypersafe system!)
Nooo.. it will never happen!! HAHA... Poor man...
The "Mr Panic" reaction is also usual when the system authorities is a
quite big group of people... they usually come to the conclusion that
WE WANT A CLEAN SYSTEM! haha... well they can give it a try atleast.
This "Mr Panic" person seem to be quite rare in the other countries than
Sweden, but There he/they are very common.
Ok, now you should have a quite bright picture of what kind of system
managers you might find out there... A very rare, almost diseased kind of
system manager is though "Mr Nice Guy"... The only sysmgr you can trust
really. What happens when he discovers you on his system is that he watches
you for a while, and when he notice you're a "nice" kind hacker (well you
are nice, aren't you?!! :) ). He'll either try to talk to you or just email
you if that doesn't succeed. He will not try to get your ass in jail, just
know what you were up to on his system. If you get him to "like" you (if
now a sysmgr can like a hacker) you might even be given an account, to use
for "friendly" activity (i.e. no matching jobs, only programming/storage for
example...). But the chance that you will find a sysmgr like this is about
1 to 2000 I'd guess...
No goddamn it... read this fourth protocol from us in S.H.A. Special
greetings to S. K.; you're a nice guy deep inside, we know it, just try to
show it Once atleast.
Signing off in early 1992,
Anonymous user
--> Written by a anonymous member who do not want to be busted
Yeah! Another year! Another hacking season! What can I say? It has been
a great year for all of us (almost anyway). So, what have happend under
1991? Well, alot of things that will be covered in this file, but for me
personally, I just have had some problems with the Telecom who thinks that
I ought to pay them $10.000 for phonecalls. Well, I think they can forgett
that. Which (normal?) person would call for that amount under a period of
three months? Well, I hope it get to court and then they will loose since
they judge will see how impossible it is, I mean, I would have to be
connected many hours every day to the States to reach that amount. Well, I
don't complain since I havn't been busted yet, but who knows. Ohh.. just
one more thing.. Greetings to all hackers and specially those in S.H.A.
Have fun and take it easy. It is a dangerous world we are living in.
---------------------------
- Inside story from Court -
---------------------------
One of our members have stand trial in a carding case. This guy was BRUTALY
busted in October 1990 when he was about to lay his hands on computer
equipment worth over $50000. The police raided the place, cuffed him and
threw him into a car and drove straight into the Police HQ in Stockholm,
where he spent 46 hours in an isolated cell. He wasn't even allowed to make
any phonecalls. That's brutal. (and probably against the law).
While he was doing nothing in his cell, the police searched his house twice.
Imagine his room before and after a search by the Federal Police. Right.
Not a single thing was left. Everything was taken as 'evidence' in one way
or another. After several interrogations with both the Federal Police and
the Swedish Special Branch (Sweden's Secret Service) he was released.
He was busted the 23rd of October 1990, and was released from federal
custody the 25th of October 1990. Over a year has gone, without really
knowing IF, or WHEN the trial would be held. Jail or not?
It's trial of your mental health.
It took the swedish police 1 year and 2 months to clear the mess up, and
our member was fully cooperating with them. The magic date was set to the
8th of January 1992. The trial. He was prosecuted for:
Felony creditcard fraud, $100.000
Forgery.
Illegal possesion of guns.
Sitting inside that courtroom with 2 attorneys, an idiot as prosecutor,
and a couple of lawyers wasn't as fun as he thought it would be.
What's worse then a non understanding prosecutor that just want to nail
you as hard as he can, and can't realize the facts. But he was a straight
businessman. The attorneys and he made a deal, and the SHA member got away
with a 2 year conditional sentence, and a $600 fine.
We in S.H.A. has released a detailed textfile about the bust. Get a copy
if you want to read more about it. It's VERY detailed. It even includes what
he had for breakfast in his cell..
--------------------
- New S.H.A. board -
--------------------
A new S.H.A. board has opened in Sweden with the name Project Athena at
number +46-8-LEGEND (Sorry: No phonenumbers listed in public version.)
Inquires about the new board can be addressed to us through our mail
address listed later in this file under "How to contact S.H.A.". Be sure to
include a return address and board number where we can reach you or your
voice number.
Government agencies are also welcome to request access to our boards
worldwide, and will receive access after complete checking from our side.
Our current Headsites and distribution sites are as follow:
Project Athena S.H.A. World Headsite (+46) ########
Interpol II S.H.A. World Headsite (+46) NEW-NUMBER
(No phonenumbers are published in the public edition)
Note: Interpol II has changed phonenumber due to much publicity
from the police and the Special Branch.
---------------------------------
- Royal Institute Of Technology -
---------------------------------
One quiet evening in early May 1991, some persons were sitting peacefully in
a terminal-room at the Royal Institute of Technology. Suddenly the door was
kicked in and 8 cops and 2 system operators rushed in. Charges for
trespassing and illegal attempts/access to a computer system was pressed
against them.
The police is still investigating this case, and therefor we can't give
you any nasty details about what happend and why they were charged.
But a story that have circulated in some major newspapers in sweden is:
"A night in May, 5 hackers were busted when they physically visited a
terminal room at the Royal Institute of Technology (Numerical Analysis
Department). The youngsters were not students of the University, but they
used the terminals to enter other computer systems/networks all around
the globe."
That is the OFFICIAL story that circulates in the press, and does not
neccecary mean that it is really what happend. All of the arrested persons
denies that they did any illegal that evening in the room.
A more detailed report about what happend will be released after an
eventually trial.
-------------------------
- S.H.A. Member busted -
-------------------------
I suddenly woke up one morning by the noise of my doorbell. Riing, Riing.
Who the fuck can it be 09:00 AM? I didn't expect anyone. I tripped on my
toes towards the door. Riiing, Riing. I looked out through the "door eye".
Outside my door were three men standing. NO friends of mine. I don't think
they wanted to sell a vacuum cleaner to me. Almost panic. What were THEY
doing here? Where they cops? Had they traced my phonecall last night or
WHAT? I didn't have the time to think about that now. Act fast, or they
will probably kick my door in.
I got dressed very quickly. Then I threw some clothes in a bag and grabbed
my laptop computer on the way to the balcony. I closed the balcony door and
tied it hard with a piece of rope to keep it closed, while I was away. Then
I looked down. Jesus, would I still be alive if I jumped? Well, just one
way to find out. I quickly threw the bag out and then I took the laptop on
my back and jumped. I landed on my knees over my laptop. Any broken bones?
No. Great! Got up and ran away.
Later that evening I decided to go back home. First I had to hide the laptop
if the police still would be there, so I had a friend to look after it. When
I got home, I had prepaired myself to find my apartment upside down. Raided
by some idiots from the police. I opened the door, and what did I see?
None had been inside it since I left it. Strange. (well, not really, we are
dealing with the SWEDISH police..). Well, so far, so good. I fell asleep.
It had been a hard and exciting day.
08.00 AM, next morning:
Riing. Riing. The doorbell. SHIT! Rushed up from the bed and looked out
through the "door eye" just to find my three friends from yesterday standing
there again. Well, I quickly got dressed. Should I escape, or should I let
them examine the apartment? They would do it sooner or later anyway. I can't
hide forever. This time I was prepared. After a couple of second I decided
to open the door.
The three men outside showed me their Police ID's and one of them asked me;
"Do you mind if we come in and speak with you". What could I say?
"Ok, let's sit down and talk in my living room. Can I take a shower first?".
Sure they said. So I went into my bedroom and switched my computer off.
Then I went into the bathroom to take a shower and clean myself up.
When I got back, they where in my bedroom and had turned my computer on.
Just to be greeted with;
SECURITY SYSTEM
Please login:
HA! If they managed to hack THAT, I would recommend them for the Nobel Prize
of password guessing. Ofcourse they asked me to login. "Sure, can you look
away while I enter the password?", I said. "No", they said, so I stepped
back and told them "Well, login yourself then...". They looked puzzled.
"Why not tell us the password? You can easily change it later.". Did they
think I was born yesterday? If I told them the password, what would keep
them from taking my computer and have full access to it? So, I just
repeated myself and told them to login. They got angry and switched off the
system, and started to tear the equipment apart. SUCKERS! They didn't know
how to handle this kind of stuff. "Carefully!!" I said (delicate equipment).
They didn't listen. I even offered me to carry the stuff to the car. They
just told me to stay away. They brought me for interrogation that morning.
After I had spent some hours at the swedish police HQ, a guy come and asked;
"Have you changed your mind? Would you like to login to the computer now?"
"Nope. I won't. I think you were very rude some hours ago".
Apparently they hadn't managed to force the security system. This was good
news. I called an attorney which showed up and the whole thing was over
after some minutes.
I was 'released' at lunchtime. Time to make some important calls to avoid a
dissaster. (Well, it was a kind of a disaster already, but the damage could
be limited)
Ed's note:
Later on, we have found out that the University is a real chicken. One
month after the five hackers were busted at the Royal Institute of
Technology, they installed Kerberos (security package) on their Unix
machines. The day after that, they let the police bust this person. I
guess the university think they have secure machines at the moment, and
we'll let 'em think so for a while, until we have decided what to do with
their network. Wipe it or not. (S.H.A. opinium and not nessecary mine)
/ Ed
Conclusion:
At this moment, we reccomend everyone to install atleast some kind of
security system. S.H.A. is currently developing new software that will
guaranteed keep the cops out of your computer system.
--------------------------------------------
- Operation Sun-Devil, by Knight Lightning -
--------------------------------------------
On May 7-8, 1990, the United States Secret Service executed its response to
an investigation that had been two years in the making. It was Operation
Sun-Devil and it was designed to take out computer hackers and
telecommunications hobbyists across the United States, whether by raided
them directly or scaring them by raiding others. The Secret Service claimed
that they were going after criminals, and perhaps they were. Now almost two
years later, there have been very few criminal indictments brought, despite
the raids of 27 homes in 13 cities:
Chicago, IL
Cincinnati, OH
Detroit, MI
Los Angeles, CA
Miami, FL
Newark, NJ
New York City, NY
Phoenix, AZ
Pittsburgh,.PA
Plano, TX
Richmond, VA
San Diego, CA
San Jose, CA
There were a few prosecutions of Sun-Devil defendants made in the State of
Arizona by state officials and there was a prosecution in Pittsburgh, also
by state officials. The first United States government conviction took
place this past week in San Diego, CA. The offense -- possession of 15 or
more calling card numbers, a violation of United States Code, Title 18,
Section 1029.
A few months ago, a civil liberties group here in the United States called
Computer Professionals for Social Responsibility (CPSR) filed a request with
the government for information about Operation Sun-Devil under the Freedom
of Information Act (FOIA). The government's response has raised new
questions about the scope and conduct of the Sun Devil investigation.
The documents disclosed to CPSR reveal that the Secret Service monitored
communications sent across the Internet. The materials released through the
FOIA include copies of many electronic newsletters, digests, and Usenet
groups including:
comp.org.eff.talk
comp.sys.att
Computer Underground Digest (alt.society.cu-digest)
Effector Online
Legion of Doom Technical Journals
Phrack Newsletter
Telecom Digest (comp.dcom.telecom)
Currently, there is no clear policy for the monitoring of network
communications by law enforcement agents. A 1982 memorandum prepared for
the FBI by the Department of Justice indicated that the FBI would consider
monitoring on a case by case basis. That document was released as a result
of a separate CPSR lawsuit against the FBI.
Additionally, CPSR has found papers that show Bell Labs in New Jersey passed
copies of Telecom Digest to the Secret Service.
The material (approximately 2500 pages) also suggests that the Secret
Service's seizure of computer bulletin boards and other systems during
Operation Sun Devil may have violated the Electronic Communications Privacy
Act of 1986 and the Privacy Protection Act of 1980.
Two sets of logs from a computer bulletin board in Virginia show that the
Secret Service obtained messages in the Spring of 1989 by use of the system
administrator's account. It is unclear how the Secret Service obtained
system administrator access. It is possible that the Secret Service
accessed this system without authorization. The more likely explanation is
that the agency obtained the cooperation of the system administrator.
Another possibility is that this may have been a bulletin board set up by
the Secret Service for a sting operation. Such a bulletin board was
established for an undercover investigation involving pedophiles.
The documents we received also include references to the video taping of
SummerCon, a computer hackers conference that took place in St. Louis in
1988. The Secret Service employed an informant who posed as a hacker to
attend the conference and placed hidden cameras to tape the participants.
The documents also show that the Secret Service established a computer
database to keep track of suspected computer hackers. This database
contains records of names, aliases, addresses, phone numbers, known
associates, a list of activities, and various articles associated with each
individual.
CPSR is continuing its efforts to obtain government documentation concerning
computer crime investigations conducted by the Secret Service.
These efforts include the litigation of several FOIA lawsuits and attempts
to locate individuals targeted by federal agencies in the course of such
investigations.
------------------------------
- Cray II Attacked by S.H.A. -
------------------------------
In February 1991 the S.H.A. gained access to a Cray II connected to a
NASA network through a major security flaw.
- Since we hacked a rather closed network, there were no problems to gain
access to the supercomputers. We found some interesting info on the Crays,
(well, rather it's front-ends) but we had most benefits of its processor
speed. Some weeks later they discovered the hack, and closed down the
shop. The supercomputer was re-hacked in Novermber/December 1991, and at
this time we have installed backdoors for future use.
Unfortunately as with all of this information, we can't give you any
details. If we did that, it would be used against us in court. But if
you thinks it's interesting, take contact with us at Project Athena, or
at any other board. You can even find us at IRC. (which is monitored to
the limit..)
------------------------------------------------------
- Milnet and Government computers attacked by S.H.A. -
------------------------------------------------------
Many computers on the DDN (milnet) have been visited by members from S.H.A.
No details about the attacks made by members of S.H.A. are discussed in
the public version of this 4th Annual Protocol.
- Among the computers that where successfully penetrated, we can mention
one computer belonging to US Navy in Italy. Since the lack of security
we could easily gain root access to a Laboratory computer with
research material and other US Military stuff. The computer where also
trusted to other computers, so we could easily go further from there.
Even since the system lacked some real security it where no "fire wall"
as we first thought when we struck the computer.
S.H.A. also gained access to an Aerospace research network with a dozen
of trusted computers connected. Also connected to the research network was
three supercomputers in the CRAY series.
- We got almost 90% of all accounts on this network. It almost seemed to
be public stuff, even if they did some research for US Air Force. It where
no classified research, as far as we could tell.
One of the worst security vulnerabilities I have ever seen in my whole
hacker career was found at a US Navy Network. We could easily, without any
trouble, gain access to several dozens of US Navy military computers
stationed at places such as Norfolk, San Diego, Jacksonville, Washington,
Pensacola, Cherry Point, Alameda, Pearl Harbor, Italy, Japan, Spain,
Phillipines, Guam. Rather interesting information was found on these
computers.
A VAX/VMS network at the Argonne National Laboratory isn't more secure then
my refridgerator. SYSTEM access could be hacked within seconds.
The same goes for the Defence Logistic Agency in the US. Shame on you.
Totaly eightyfour US Goverment computers on eleven networks where
successfully penetrated by members of S.H.A. and root access where gained
to a dozen of them in the year of 1991.
-----------------------------------
- Guidelines for System Operators -
-----------------------------------
It was after I came in contact with a system operator at Uppsala University,
that I got totaly hysteric. How stupid could one get?
Let's take it from the beginning..
We, a couple of hackers, used the university's machines. The operators
didn't even notice us when we were active. One night we contacted the
operator that was currently logged in, and told him what we were up to.
He didn't like our existens, and tried to threw us out. Ofcourse he didn't
manage that. (Even due to the fact that they deactivated nearly every damn
account at the Computer Science Department). A week later, one of the places
we routed our Internet traffic through was disconnected from the network.
Tragic but not a disaster.
Why do we tell you this bullshit? Well. First of all. WE DON'T like this
system operator's attitude. Instead of asking us how we got into their net,
(and will always do), he threw us out, as if we where some kind of morons
that would destroy everything we touched.
THIS is the problem out there. System Operators trying to throw out the
hackers and starts sceaming after the FBI as soon they see any mysterious
activity in the log files. He MUST have realised that we would be back after
some minutes.. but why did he do that?
You better ask him yourself: bjorn@oslo.docs.uu.se
Some guidelines for system operators:
- Do not scream after the police when you have discovered a hacker in
your system. (unless you see him destroy information)
Most hackers are friendly creatures which will move to another system
when you have noticed them that YOU know what they are up to.
If the hackers won't move from the system, threats don't lead anywhere.
(most hackers are able to wipe your whole network if he whished to, and
will do if you starts to threathen him with the FBI and so on.)
Insted we suggest you make a deal with them. Offer them a legal account
on the system. In return you want them to fix all security bugs etc.
and leave a report to you.
The FSF project at MIT is an excellent example. They had guest accounts
on their machines, and was overloaded with hackers from all over the
world. A lot of hackers, including S.H.A. had root access on their
machines. Did they go down? Nope. why?
If you can get root access on a machine, you often has experience, and
realises that damaging the system won't do any good. It's just a waste
of time. Almost everything will be re-installed with backups etc.
MIT was aware of the high percent hackers on their machines, but didn't
want to argue. Maybe they realise what the whole thing is about.
- Don't play the role as god. You will ALWAYS be an easy target.
---------------------------------
- FSF/MIT Closing down the shop -
---------------------------------
One day in April 1991 the Massachusetts Institute of Technology got visited
by some guys from the FBI. The guest accounts at the FSF machines had been
used for over a year to break into computers worldwide, and especially
systems linked to the MILNet (DDN). Another day in the same month, same
year, the guest accounts at the FSF machines had been removed. The official
explanation was that the drives were the guest accounts were stored had
crashed.
The year before, in 1990, a letter was sent between the system operators:
-----------------------------------------------------------------------------
From: tower@ai.mit.edu (Leonard H. Tower Jr.)
Date: Thu, 30 Aug 90 18:06:26 EDT
To: rms, gjs, hal, bob
Subject: MIT is getting concerned about crackers on the FSF machines
(I'll leave it to one of you to decide what to tell our programmers
and employees about all this. I see no reason to start a lot of
not very productive discussion on fsf-hq.)
Jeff Schiller (bob: Jeff works for MIT's Network group and is well
connected) just called me to discuss the crackers on the FSF machines
using the password-less guest account and the rms/rms account.
He and Jim Bruce (bob: he's ~VP for computing at MIT) are having a
meeting with the FBI at 6pm today. The FBI is involved because the
crackers are `attacking' MILnet hosts.
I told jis that that's really MILNET's problem, and they might
consider finally turning the mailbridges on for real.
I told jis that most of the guest users were using the FSF machines
for useful activities and not cracking.
I advised jis that FSF was monitoring the activity and reasoning with
crackers as FSF found them. (Not having talked with rms or cutter
lately, I don't know how successful that's been. But it appears there
are still more crackers needing conversion.)
He was sympathetic to rms' feeling about guest accounts and letting
FSF use it machines as it wishes, but was also concerned about MIT
position and response on this.
He mentioned that disconnecting FSF from the Internet was not yet
being considered. (Translation of jis-speak: `MIT' might have to
disconnect FSF to solve this problem).
He mentioned that the FBI wanted to monitor the incoming calls to
terminus, but that wasn't feasible with the way that MIT connected
with NE Telephone. He also mentioned that this interface could be
changed to make such monitoring possible.
I suggested he talk further with rms and gjs about it.
I'm available for consultation or a board meeting. Call home ###-####
and work ###-####, my schedule is weird.
Providing access to randoms is peripheral to FSF's goals. I'm not
sure how much time and effort we should expend on this. Perhaps we
should provide a guest machine that doesn't allow outgoing network
service with the exception of mail and ftp (not trivial to do).
-len
-----------------------------------------------------------------------------
The FBI was already involved in this affair in August 1990, and the result
was that MIT had to throw out all guests from the FSF machines and blamed
the action on "the drives has crashed".
Crashed? Hardly.. Some months later, in the fall 1991 we could read about
some dutch hackers that had hacked several military installations including
some Pentagon systems. I know there were alot of dutch hackers at the FSF-
machines. Take a look at this article:
"(IDG NEWS) Dutch hackers broke into Pentagons computer system at atleast
34 occations during April and May this year (1991). At some occations the
dutch hackers changed and copied data, related to military operations in
the Gulf War. This was confirmed by Jack Brock at the General Accounting
Office (GAO) during a hering in the senate last week. (sometime in the fall
1991). The dutch hackers managed to get access to some sensitive information
concerning troop movements, technical data about certain weaponsystems,
according to what the GAO chief stated under the hering. The hackers broke
into Pentagons computer system via the international INTERNET network."
Was it because FSFs machines had been used to hack Pentagon that FBI closed
them down? MIT & FBI had alot of hackers under control on those machines.
Closing down the guest machines resulted in that hackers routed their
traffic thru other systems. And FBI lost control of them.
-------------------------
- Short World Wide news -
-------------------------
Worldwide news. Where to start? We could mention the little bastard
in Israel who claims he has hacked the Pentagon. True or not?
Pentagon hasn't confirmed it, but we believe he has done it.
The Israelian newspaper Yedhiot Ahronot told the world that this guy
had hacked pentagon and some US Army hosts in the US. He had been able
to read top secret information about the Patriot missile during the war,
It's not sure if the 18 year old student will be prosecuted.
Two israelian professors has released a Cryptanalysis of the Full 16-round
DES. Very interesting reading. Now NSA can flush themselves down the toilet.
The document is referred as Technical Report #708 at Technion in Israel.
Two dutch hackers has been busted. (THAT's something. The law in the
Netherlands does not forbid hacking. You can only be prosecuted if you have
destroyed anything in the system you have hacked.). These guys were
prosecuted because they tried to cover their tracks by modify the
systemlogs. If they hadn't messed up with the logs, they hadn't been busted.
(That's from what I've heard)
Some hackers in the United Kingdom (UK) has been busted. The english police
had recorded all DATA and VOICE traffic from/to the hacker's residence. All
material will be used as evidence in a trial. Tough luck..
More info on this comming up during the year in releases from the S.H.A.
---------------
- Blue Boxing -
---------------
Blue Boxing has finaly reached Sweden this summer. It all started with
a Blue Boxing program for the Amiga where released, that gave every computer
geek the oppertunity to Blue Box. There are even losers who dosen't have
a modem, that are Blue Boxing to other countries through toll-free numbers
and back to Sweden for free long distance calls. They don't even know how
Blue Boxing works, or why?
Hopefully, the Swedish Telecom will start to investigate these frauds,
and it will result in a new dimension in computer busts... and the geeks
will regret their stupidity when they get billed for all their calls and
when the SWAT team kicks down their door.
That is what we wish, but we thinks that the Swedish Telecom dosen't bother
since they are not loosing money on this, since their customers have to
pay for the calls. But if to many customers complain, maybe, the Swedish
Telecom might get intrerested in busting these clowns. And all this might
result in that the police dosen't have the time to investigate our little
$100.000 credit card fraud and our so called illegal entering into computer
systems world wide.
Just a little note:
Since Blue Boxing have been around in the States for about two decades,
I suggest that you don't think that the Swedish Telco are geeks...
Since they are in cooperation with AT&T and other phonecompanies
worldwide, they should know to put two and two together about this shit.
And we all know what the Swedish Telco feels about losing THEIR money,
don't we?
-----------------
- Carding today -
-----------------
Where is carding today? Is it still easy to card in Sweden? Well, let me
say this; When the first real carding case in Sweden, May 1990, where
discovered and a group of young computer geeks where busted, the press
started to write about the case and told every one how they could do it.
The press even told every one how you could get creditcards, and a S.H.A.
board was pointed out to be one of the main sources for illegal information.
The computer geeks also said that they got their information from a S.H.A.
board in the interrogation with the police. The press stated how bad
security the creditcard companys had and how easy it was to order on
someones elses creditcard. Both VISA and Mastercard went public to the press
and hold a communication and said that they would have changed their
routines within two years so it would be impossible to order on peoples
creditcards. They would change their routines for how new creditcards where
calculated and no carbon copies would be included in the billing notes.
A year ago they hadn't changed their routines and one of our members got
busted for carding for about $100.000. Today, nothing have changed and
computer clowns are still carding from USA and Europe. VISA and MasterCard
are loosing big money on this. We have many possitive indications of how
big the business for carding is here in Sweden and someone have mentioned
that computer geeks are carding for about $100.000 to $1.000.000.
And that the telecom companys are loosing something between $1.000.000 to
$10.000.000 every year on computer geeks who are using calling cards or
on phreaking. And this for Sweden only!
------------------------------------------------
- S.H.A's rules and advices for other hackers -
------------------------------------------------
This is what we think you out there should follow when breaking every
computer related law your country may or may not have...
- Never confirm or deny anything. It is up to others to prove that
you've done something.
- Never destroy or change information on systems that you have access
to. It gives you a bad reputation.
- Do not confirm names of members in your group nor the number of them,
since you shouldn't help the police in any way at all.
- Do not spread accounts to people outside your own group, and keep
such things within your group only.
- Do not install backdoors on systems you have secured, and don't abuse
systems, like using them for illegal access to other computers.
Now... back to reality. The S.H.A. does not have a policy really, concerning
how we should be doing things, nor forbid our members to do anything they
feel like. The group S.H.A. is really formed to keep up the information flow
in a higher tempo than usual in our business, and of course, you feel safer
when you got some people you can trust, ask, or supply with information.
So, there are no rules for S.H.A., we do as we like. I.e. :
- Never crash systems
[Exception: Unless the operator running it threw the cops on you, if so,
fuck it up as much as possible]
- Never trade accounts
[Exception: Unless you're getting more for your account than the other
part is.
[Exception2: There are always exceptions]]
- Never go to the press
[Exception: Unless you'll make loads of $$$ on the deal]
- Don't sell your "stolen" information
[Exception: Unless you're payed well, and will stay alive after the
next money/information exchange.
[Exception2: No risk no fun]]
- Obey given rules
[Exception: If they suck, make your own rules]
Call it computer anarchy, we call it computer freedom. The rules follow a
single red line; If you get treated nice, be nice back. If they fuck you,
put a bullet in their head.
-----------------------------------
- Demoralized Youth, by Tormentor -
-----------------------------------
Tormentor, an young anarchist causing chaos and disorder with short program
routines. One of his first viruses, called Tormentor -d, was one of the most
debated ones in the fall 1991. I've got no idea how many computers his
viruses has infected and crashed. I have no guess of how much the value of
the crashed programs is. I just know one thing - he's a pain in the ass for
most of the people, so therefor we have asked him to write for this 4th
protocol. We have asked him to write about the current virus scenario in
Sweden and about the future and about his projects.
/Ed
Demoralized Youth, by Tormentor
This the story about the virus-spreading in Sweden.
The virus spreading in Sweden have been very rare, not to say the virus
writing! There where only ONE virus written in Sweden untill the end of 1991
and that was a Boot-sector-virus which isn't too hard to make. But this has
not kept some moral-chake-spreading people to call themselves
'Virus-Researches' and building up a echo-net and start a company called
Virus-Help-Center. This was rather strange to me since I've never heard
about someone who had been 'attacked' by a virus. (NOW I have heard of a
couple..) Before the end of 1991, no Swedish BBS had to be afraid of beeing
infected by virus. Then in November, something happend..
Now to the story...
I can just tell the story from my point of view, and if someone out there in
Sweden may think:'Well wasn't I a part in this?', contact me for appologize.
Well it started in late August 1991. I was looking for virus on almost all
boards (I even asked for it on Vir_NET). Then - WOAH!
I had received mail from another guy on a Elite-board! And he had virus..
It was the guy that would change his handle a number of times in the future,
but now he calls himself HiTMAN, and here is what the letter was saying:
'Hey, Yez, I have a couple of virus... maybe wanna exchange?'
My hands was sweating, I had meet a sympathizer! We made contact and
exchanged virus (before that I just had the 1701-virus) and it was then all
started. In the same week, I made contact with WiPER, also a Great
sympathizer. And after some week of debugging and testing, he contact me
again. Now he had found some 13-years old kid that was leeching virus from
Bulgaria, And this kid was a real virus-collector! We got about a hundred
virus from him and Puh!
This was too much. After that, WiPER started a virus-area on his board, and
the ball was rolling...
Then, a couple of weeks later, I started to write virus. But since I was
quite new on this, I didn't start from scratch. No, I modified an old virus
called 'Murphy'. When I got the first version ready, I was starting to
spread it like a maniac all over Gothenburgs PD-BBSes.
Now afterwards, I regret some misstakes I did:
* It was just Scan that didn't found it.
* It was some bugs in it ( the dates where garbled )
* AND IT DIDN'T CONTAIN ANY DESTRUCTIVE MECHANISM!!!!
I fixed it and started to spread it again. Some weeks later, HiTMAN called
me up and gave me some clips from fido_net. And the geeks where talking
about my virus!! This was not expected, and when I read it, I thougt:
'Gee, fun!' And we started to spread it like hell. And the following weeks
was a fight: They posted a scan-strain, I changed the virus to avoid that
strain and so on.
But after they released their 5th killer for The Tormentor-virus (as they
called it) I got tired (or in fact: There was to much scanstrains
circulating!) So I let the virus retire with, according to Virus Help
Center, 400 reported infections. (and X number of HD-Nukes?) Now I study
other viruses, and tries to write own from scratch. But it's hard, specially
when there are so much good techniques already used (Dark Avenger is one of
the lead-inventors!)
The virusboards.
Yes, what's the scene in Sweden for the moment? Well, WiPERS virusboard is
down, but a couple of other is started. WiPER was the first, but I have
heard about a S.H.A site that had a virusarea before him. (but not public!)
Then I think iNNER CiRCLE was next to start a board, and after that
'The Smell of Fear' and 'The Home of The Pirates' started virus-conferances.
But even if there is a couple of virusboards in Sweden, the activity is not
so huge, or, we are just too few that working on it. So I hope that will
change, it's a scary thought that we are so few destructive minds in Sweden.
We also have contacts with several other VirBoards abroad in Bulgaria,
Finland, England and USA to name a few. We also have contact with virus
writers abroad (Like Charlie in Norway). And if you wanna join us, contact
any virboard in Sweden.
The Future.
Well for the moment I have many projects on. I've working on an own virus
that puts the virus-code in the middle of files (thanx DAv for the tip!) and
I'm working very hard to make Self-mutating virus. And WiPER and HiTMAN is
also working on own viruses (and who knows if there are other maniacs
working on virus in Sweden?). Now we (at least I) thinks about starting a
Virus-Network that connects all virus-writers and distributers.
Think about it: Every time one releases a virus, the whole world will be
attacked with it the same night. (That is the dream I'm dreaming every
night!) Well, I also think we will have some problems in the future, like
new laws against virus (probably only for spreading, and that will be hard
to prove!), better security on public-bbs (like phone tracing etc.) and
Hardwareprotection.
I also thinks that the virus writing will increase and maybe be as big as
the demo writing... (but that is just a wish from my sick mind!)
Then I think the viruses will be a lot more destructive, for example:
* Making small changes in data (like switching numbers)
* Calling expensive numbers while no-activity.
* Monitoring the system and saving the changes and keyboard-strokes.
* Maybe even Call up the author and transfer Data from the victim!
Also, in the future I think we are going to see the death of SCAN-programs,
not just for the increasing Scan-time, but since the Self-mutating viruses
has come to stay and they need algorithms to find them. The CRC-programs is
always a good solution, but since you have to power the system down to use
it, I don't think all will accept it.. But it's the only solution!
Well I feel quite proud when I think that we are responsible for the all the
time-wasting and uncomfortable procedures all lamers have to do, to avoid
virus (and sometimes it's not enough!).
So contact us, and join the Demoralized Youth!
Remember: It's not illegal to make virus, and who the hell can prove that
you knew that THAT file had virus?!?!?!?
Epilogue.
---------
Well, just after I finnished this text, we tried to reach Mikael Larsson on
Swedish Virus Help Center for a comment, but unfortunatly he wasn't home,
so I had to talk with his 'not-so-smart-in-fact-very-stupid' brother.
Since he also works at the AntiVirus company I thought he had something to
say about the future.. I was wrong!
But he seemed quite interrested in buying unknown viruses, the only problem
was that he rather bought them from Bulgaria since the people in Bulgaria
were so poor... (damn humanist!)
I feel really sorry for those AV-guys, they working full-time to stop the
virus writing and spreading, but if they would succeed (just a thought!),
they would lose their jobs! But we have two Anti-virus companys in Sweden,
maybe the other company is more patriotic and will buy viruses from me...?
Anyhow, now I must go on with my viruses. It has been requested a new
mutation of Pogue that Scanv86 doesn't recognize. And maybe I work on the
Trojan called Scanv87, just to be released in 2 weeks...
So that's all from me for the moment, and remember:
SCAN /D = DISASTER!
/TORMENTOR
Demoralized Youth, Sweden
-------------------------------------
- S.H.A. Official Summer Party 1991 -
-------------------------------------
A summer day in July we had a S.H.A. Barbecue party for two days.
Almost 80% of all members in S.H.A. where present. The party where held at a
secret address. The place where choosen with care, since we didn't want any
"non S.H.A." people to show up and cause any trouble.
A point of view from a S.H.A. member:
It was sunny and hot as hell, about 35 degrees Celsius. Not a bloody cloud
in the sky. And as a precaution to not pass out during my trip I decided
to put on my shorts, Levis' was out of the question.
Great... first I had stand in line for fucking half an hour to get a
train ticket, just because the ticket bitch was talking on the phone...
I guess, I don't have to mention that the place was NOT air conditioned,
nor doors or windows were open... Biggest sauna I've ever seen I tell you.
Finally arriving to the Central Station some hours later, I got picked
up in a private limousine. (Ehrm.. let's pretend it was a limousine)
The truth is that some members came to pick me up...
We drove to the secret place where the party where held, and a lot of other
persons were waiting...
Lots of Coke (Not the one you sniff), chips and food have been bought
earlier and we started to fix some drinks with big icecubes. We had to
wait for the sun to settle down, so we could step outside and fix the food.
Meanwhile we eat chips so that we didn't starve.
Later we sat down and hacked for some hour or two. Mostly we went through
all our hacks we had done so far that year.
In the middle of the night we wanted some heavy action, so we went out and
lit a big bomb in the neighbourhood. We almost got blown into pieces...
(Lixom' wanted to throw the bomb into a neighbour's livingroom. But we
didn't want to ruin the great party, or wanted to spent the rest of the
night in federal custody).
Later in the night we watched some movies (yeah even porno) until 5 am in
the morning then we started to hack again and document some of the party.
THE S.H.A. BQ TIPS (or: Survive your own cooking)
You'll need:
* A BQ device
* One piece of animal flesh per person
* Lotsa BQ spices, and BQ oil
First you must put some nice pieces of wooden coal into the BQ device,
pour lightning-fluid all over it, wait some seconds, and then set
fire to it (taking cover is optional). Soon you'll have the best glowing
coal you've ever seen in your grill.
Now, just take the steak, and flatten it with something. Perhaps with
the back of a knife or just your fist.
Then put on all spices, and the oil (lots of oil...) and you,
remember; spice and oil _both_ sides of the steak.
When the meat now is on the edge from brown, turning black, take a
knife and cut through it, if it's bloody or too red, let it stay in
the grill for some more minutes.
Now, if the steak seems good enough to eat, eat it. Serve with
cremated fries, "potatoe sallad" and not to forget, a Tomatoe.
Now drink Coke with ice cubes swimming around in your glass.
AND! most important; Eat outdoors!! Why? There's no mosquitos in the
house.
-------------------------------------
- Prof of S.H.A. Hacking Activities -
-------------------------------------
Maybe you think we are just making the whole thing up?
We will give you some examples of our activities:
This /etc/motd was found on a NASA computer we hacked in August 1991.
Unfortunately they discovered our little breakin' and tightend security, but
we re-hacked the computer and could read the following;
COMPUTER SECURITY WARNING NOTICE
WARNING WARNING WARNING
*****************************************************************************
THIS COMPUTER IS OPERATED BY/FOR THE U.S. GOVERNMENT. UNAUTHORIZED ACCESS TO
AND/OR USE OF THIS COMPUTER SYSTEM IS A VIOLATION OF LAW AND PUNISHABLE UNDER
THE PROVISIONS OF 18 USC 1029, 18 USC 1030, AND OTHER APPLICABLE STATUTES.
*****************************************************************************
WARNING WARNING WARNING
=============================================================================
Security Reminder: DO NOT LEAVE A TERMINAL LOGGED INTO A COMPUTER UNATTENDED!
=============================================================================
=============================================================================
Hacker Attack: NASA Security reported that a Swedish Hacker
gained access to XXXXX on 8/2. We assume all TAB passwd files
have been compromised and are taking appropriate steps.
=============================================================================
A number of hackers are still attempting to penetrate
various LaRC computers. We are taking appropriate steps.
Report any suspicious activity to sysop.
=============================================================================
So if you don't believe us. Call NASA Security and ask what happend at
NASA Langley Research Center at the 2nd of August 1991.
(By the way. Ask them what happend in March at the AMES/NAS supercomputer
network.. one of their CRAYs had some mysterious jobs running, hehe)
The Pentagon has also been successfully penetrated, but we have decided
NOT to release any information about what we have done there yet. We are
not finished with the system. Hopefully you can read more about it, in
a release in June 1992. (If not Pentagon confirms it before, or the
newspapers starts to write about it..)
----------------------
- S.H.A. Body Guards -
----------------------
It was an ordinary summerday in July 1991. I was driving home from work as
I always do. I parked my car just outside the stairway leading to my
apartment at the 1st floor. I carried up some computer equipment to my flat,
left it there, and went back to my car to park it propertly.
When I reached the car, I suddenly saw two men comming out from MY stairway.
THEY behaved strange. Well, I jumped into the car, and drove 30 metres along
the street to my parking-lot. I turned right, parked it, and went out from
the car. Now, the two men who was sitting in their car by this time, turned
their heads and stared at me as if I was some kind of alien. huh. I didn't
like this situation.
They seemed to be surprised that I had parked my car and was walking towards
my apartment again. I grabbed a pen and a piece of paper and took a note of
their licence plate. Might become useful sometime. (which turned out to be
right). I was totaly puzzled. 2 men comming out from MY stairway. I hadn't
seen these guys before (age 35-40). I hadn't even heard them comming from
the stairs above. No door slammed - NOTHING. Where they waiting for me
there? Got even more puzzled.
Some days later I had dinner with some other members of the S.H.A. at our
usual restaurant in Stockholm. We discussed what had happend and we came to
the conclusion that 'they' maybe wanted to catch up a tail when leaving the
flat. But why? Why did they want to follow me? Or had they been inside by
apartment when I arrived?
The evening went on as usual, lots of beer and laughs. But at the end
of that night, we decided to check the licence number with the public car
register where all cars are registered. Said and done. We called;
Ring. Ring.
- Welcome to the car register, our business hours are.. bla .. bla..
Damn. An answering machine. The police. Doesn't the police have some
terminals connected to the car register 24h/day? Ofcourse. We called a local
police station.
Ring. Ring.
- Solna Police Station, answered a male voice
- Hello. I wonder if you could check a car licence number for me...
- Sure. What's the number?
- NWW 007
- Hold on. He started to tap on his keyboard, and after a while he said:
"A Ford Scorpio?"
- Yeah. A red one. (I guess he was just checking some details..)
- Why do you want to check this car?, he said.
Uhh. Why does he ask that? They never ask such questions. Better make up a
lie, fast!.
- Uhm.. I can't move my car since the owner of that car has parked it
infront of me. Did it sound believable? Hardly..
- Ok, he laughed. It's a civil car registrered to the Swedish Police Dept.
OUCH! A police car outside my apartment. 2 police men in my stairway.
Does not sound good at all. Jesus. We almost paniced that night.
Standing inside that phoneboot that evening getting this information was
horrible. They could bust us any second now.
We rushed into the car and drove away. In a bag we had several printouts
from some hacks, large passwordlist to NASA computers, a NOT-TO-BE-RELEASED
version of this 4th protocol etc. None of us could bring this stuff back
to our flats. Just one way to solve the problem;
We drove up on the interstate, pulled down the windows and began to tear
the papers into pieces and threw them out of the window. If the cops managed
to get this puzzle together, then I would turn my self in and confess.
I guess we were extremly paranoid that evening..
At the 4th of January 1992 we had one of our regular SHA dinners at "our"
restaurant in Stockholm. We discussed our latest hacks and so on.
I guess we were under surveillance that evening..
...some strange things happend.
After we had finished our little neat dinner we moved to the car, and
drove into Stockholm City were we did nothing. What we didn't knew at
that time was that a car was following us. We discovered it by pure luck.
We took a note of the licence plate, and stopped at the nearest phonebooth.
One of us jumped out, rushed to the phone and dialed a local police station.
Ring, Ring.
- Vallingby Police Station, a female voice answered.
- Hello. I want to check a car licence number.
- Ok. What's the number?
- It's MSR 769
She starts to tap on the keyboard, and suddenly she says:
- A 87'?
- Uhh. I don't really know. It's a blue Ford Sierra.
- Ahh. Could you hold on for a second.
- Sure.
She put me on hold.. I waited 30 seconds. I waited one minute. I waited
1 and 1/2 minute. I waited 2 minutes. Then I threw the phone and started
running like hell towards the car.
- SHIT! I shouted. Get out of this place. NOW!!
It was like an action movie :-). Shit. Why did she put me on hold?
She had all the information on her terminal when she asked me if it was
a 87' model. Huh. Scary.
We drove some blocks away and stopped at another phonebooth. I jumped out
and dialed another police station..
Ring. Ring.
- Solna Police Station, a male voice answered
- I want to check a car licence number, NOW! I shouted. I was excited.
- Ok. Take it easy. What's number?
- It's MSR 769.
He tapped for some seconds on his keyboard.. and finally he asks:
- A Ford Sierra?
- Yepp. A blue one.
- It's registered to the Swedish Police Department
- Thanks..
Hung up and rushed to the car. Hysteria among the other members..
Huh. The first station I called didn't want to tell me it was a policecar.
Why did she put me on hold? I guess they were tracing the call, and wanted
to catch me standing in the phonebooth. But it isn't illegal to check a car
licence plate... unless they have something to hide or fear.
What's the conclusion of all this?
a) We have a fanclub
b) We have a couple of body guards protecting us 24h / day.
c) The Swedish Police are really idiots following after us.
---------------------------
- Investigation of S.H.A. -
---------------------------
The Police are currently investigating S.H.A. and our activities.
We have very strong indications that some of us are under surveillance
24 hours/day. They are also monitoring our calls, both voice and data.
As a anonymous source said (well connected in the law enforcment);
- The Swedish police computer crime division are currently fully engaged
in tracking down a hacker group in Stockholm, Sweden.
And we have notice strange behaviour around our houses, with suspicious
cars and od behaviour of certain people.
We have also strong indications that our houses have been searched when
we have been away from home. And also some of our accounts on hacker boards
have been used by other people without our knowledge.
We might be paranoid, but all events taken together proves that we are not!
-------------
- Back Chat -
-------------
Rumours. What's life without them? A LOT BETTER!
Anyway, here are some rumours we have picked up.
Some months ago a rumor was floating around in the 'elite' world that some
Swedish 'elite-d00dz' had been busted for BlueBoxing here in Sweden.
As always with these kind of roumors, you should take 'em with a spoon of
salt. Sad but true - nothing serious has happend. (These damn 'elite-d00dz'
thinks they are phreakers. *sigh*) (Oct 1991)
Some youngsters in Lulea, Sweden got busted for carding for about $10.000.
These guys quited carding when the S.H.A. member got busted. 6 months later
the police knocked at their doors and searched their houses. This resulted
in a few prosecutions.
A couple of students from Linkoping, Sweden got charged for using a X25
NUI belonged to the Linkoping University Library. The university started an
investigation when they received their phonebill, which where $10.000 higher
than normaly. And the next one where even worse, $20.000 higher than normaly.
After they had found that some students where using their X25 accounts they
filed a complaint to the police.
A swedish sucker at the Virus Help Center has started to scream for the
police as soon he sees a new virus in Sweden. For example, he is trying to
nail Tormentor, one of our guest writers which is the author of the
Tormentor -d virus. Rumors says he has tracked down a swedish virus
programmer/spreader and called the police. (Nov/Dec 1991)
Rumors says a smaller disaster will occur when some members of S.H.A. goes
to trial for charges concerning illegal accessing a computer system.
Rumors says the FBI snatched the drives at FSF/MIT, and that they did NOT
crash as the official explanation was. (April 1991)
Rumors says Timewasters (hackergroup from Holland) penetrated a couple of
pentagon computers and installed several backdoors. (Jack Brock at the GAO
has confirmed that dutch hackers have broken into Pentagon computers.)
--------------------------------
- Messages to System Operators -
--------------------------------
To mention some swedish hacking acitivity, here goes some messages to
system operators of each system, which they will understand:
"Now is the question, Who is Marc Lundgren?" Gottcha SICS
"I'll be back - be sure of that" Gottcha Bjorn Knutson, UU
"What happend with ASEAs VAX machines? :-)" Gottcha ASEA Brown Boweri
"Please send us 'last | grep peace'" Gottcha Dimension AB
"Found our trojans?" Gottcha S-E-Bank
"We don't know how far they have come" Gottcha SMHI
"Nice phonebill, eh?" Gottcha OPIAB
"Afraid of calling the police?" Gottcha DATEMA
"Got any complaints from the DDN (milnet)?" Gottcha KTH/NADA
"Don't say we didn't warn you." Gottcha FOA
--------------
- The Future -
--------------
We hope that the Swedish police will realize that no one will gain in
the investigation of S.H.A. and only a catastrophy will occur.
They should use their resources for better cases, i.e. finding people
who commits murder or are raping young girls.
So to those guys involved in tracking us down, we would like to say:
- Up yours! Prove that we done anything illegal or stay off our back!
Anyway, we are not looking to far ahead in the future since we have too
many variables that can change. We just plan for the next week, but we
hope that 1992 will be a great year for all of you hackers out there in
the whole wide world.
-----------------
- Releases 1992 -
-----------------
We plan to release the following under 1992 and hopefully many more stuff,
even if we can not guarantee that we do release all the stuff.
- S.H.A. Annual Year Report '92.
- A complete Internet hacker/scanner program.
- A neat Unix program that will totaly hide you from system managers.
- Sourcecode for several unix backdoors.
- Security System for your personal computer.
- Textfile "VMS to Internet Encyclopedia"
(Follow up to the Unix to Internet Encyclopedia).
- Textfile "How to card and get caught" by Lixom Bah
Everything from how to card, to what happend me when I got busted, and
the consequences for you, and your whole life.
-------------------------
- How to contact S.H.A. -
-------------------------
This was all for this time. Hopefully the S.H.A. will still be alive in
February 1993 so we can release our 5th protocol. But don't count on that,
the Swedish Police is giving us a very hard time here..
We are interested in join venture with other good H/P groups so that more
proffessional articles and files can be released to a wider public.
If you feel that you want to contribute to our protocols in one way or
another, you can contact us at the following addresses and phonenumbers.
If you feel that you want to give us critic, don't hesitate to contact us..
If you want to be included in our mailing list, please state so and you will
automaticly receive all our releases.
Internet : sha@darkside.com
FidoNet : 2:201/610 username sha
V.M.B. : +46-8-730 24 02 Box #9999
Note: Federal goverments are also welcome to contact us for assistance.
We have nothing to hide from goverment agencies.
The above addresses are untraceable, so don't even bother...
----------------------
- Editors final note -
----------------------
Another year have passed and a new one is on it's way. I hope the new
year will be another good year for all of the hackers out there.
I will end this 4th protocol with some wellknown words;
BE PARANOID - YOU ARE DOING SOMETHING ILLEGAL!
I would like to thank all those people who have helped us creating this
fourth protocol which I hope you have enjoyed, and special thanks goes to:
Tormentor for "Demoralized Youth"
Knight Lightning for "Operation Sundevil"
I would also like to thank all those other guys in S.H.A. that has not
been mentioned but have contributed to this file. Thanks!
And to all you hackers out there... thank you for reading this file!
I would also like to thank the Swedish Police for their
interests in S.H.A. and for reading most of our files,
We need more dedicated fans like them. Thank YOU!
--------------
- Disclaimer -
--------------
The material in this document is NOT ment to encourage hacking, cracking
or illegal entering to computer systems. The Swedish Hackers
Association can NOT be blamed for any abuse caused by it.
The Swedish Hackers Association is formed only
to inform the public what hackers and hacking
really mean, and to report all hacking
news and events to the readers.
<---------------------------------------------------------------------------->
ALL MATERIAL IN THIS DOCUMENT ARE COPYRIGHTED (c) 1992 BY S.H.A.
USE OF THIS DOCUMENT WITHOUT S.H.A. PERMISSION IS STRICTLY PROHIBITED
UNDERGROUND BOARDS ACCEPTED BY S.H.A. ARE ALLOWED TO USE ALL S.H.A. FILES
<---------------------------------------------------------------------------->