Example of Hackers Sharing
HACKERS SHARE, AN EXAMPLE
Collectors of competitive intelligence use BBS and hackers to their advantage. Were I to say, as an authoritative comment on certain selected BBS, that no one knows the telephone number or frequenct through FLEETSATCOM and guest log-on for the Aircraft carrier aratoga stores (logistics) VAX, at least a dozen hackers / phreakers would call me a liar and provide the information I need in varying degrees of accuracy. What follows are a real question and its answer available from the Shortwave Echo of Tom's BBS in Boston.
My question posed to all who chat at Tom's:
YOU SEEM TO BE THE RESIDENT EXPERT ON MILITARY SATELLITES SO HERE'S
A QUESTION FOR YOU. AM MONITORING 261.550 MHZ WITH WHAT SOUNDS LIKE
US MILITARY TRAFFIC RE: TRANSPORT SUPPORT, ETC. I SUSPECT THAT IT'S A
CHANNEL ON THE FLEETSATCOM SATELLITE FOR THE PACIFIC/ ASIA REGION.
DO YOU HAVE ANY DETAILS WHICH MIGHT FIT THE PUZZLE ?
My first reply came moments later.
"Subj: Independence Group: Listen to Fleetsatcom for the logistics requests. Use your
map to place the task group. Such self assurance." (The hacker ego requires the last word.)
The reader should understand that not every number or frequency provided is correct. Although the number in the sample is verifiable, Navy security might call this a lucky guess.
I have created an expose of supposedly secure projects simply by parlaying questions with
more questions in an ascending pattern of bravado.
The text reproduced here is a sample of how hacker ego takes control and dominates
transmissions.
"The LOD/H Technical Journal, Issue #3: File 10 of 11
----> Clearing up the Mythical LOD/H Busts <----
Following is an article taken from Pirate-80 that Scan Man typed. It talks about the summer busts of 87. They called it the "LOD" case but as usual, law enforcement officers were disillusioned. Our guess is that Oryan Quest was one of the first to be investigated, and due to his calling of other hackers when a DNR was on his line, he led the authorities to the others who were eventually visited.
Oryan claimed he was in LOD and this is where they obtained the idea that everyone he
spoke to was in LOD. In this respect the article is rather humorous in that they caught people who were not in LOD/H. Normally I would not reprint magazine articles from the LOD/H Technical Journal, but the article is relevant in clearing up any misconceptions.
-----------------------------------------------------------------
Remember, Oryan Quest is *NOT* now, *NEVER* has, and *NEVER* will be in LOD/H!
-----------------------------------------------------------------
From: SCAN MAN
To: ALL
Subj: LEGION OF DOOM BUST
WAR AGAINST PHONE HACKING HEATS UP
BY GREGG PEARLMAN, ANTIC ASSISTANT EDITOR
Computer break-ins are no longer viewed as harmless pranks. For example, unauthorized
computer access is a misdemeanor under 502PC of the California Penal Code if you just
trespass and browse around -- and if it's your first offense. But: "Any person who maliciously accesses, alters, deletes, damages, destroys or disrupts the operation of any computer system, computer network, computer program or data is guilty of public offense" -- a felony under Section C of that code. Even changing a password to "Gotcha" is a felony if it can be proven that it was a "malicious access." In California, the maximum punishment is state imprisonment, a $10,000 fine and having your equipment confiscated. The penalty depends on who you are, your prior record and the seriousness of the crime. You don't have to breach national security to be guilty of a felony. Accessing even a simple system
of a small company could damage vital data for more than a year's worth of business,
especially if that company didn't properly back up its data.
There are all kinds of computer crime. Stealing an automated teller machine card and
withdrawing money from an account is a computer crime because you're using a computer
to get money out of a system. But simply trespassing in a system and not doing any
damage is normally a misdemeanor, according to Sgt. John McMullen of the Stanford
University Police Services. This kind of crime has become very common. "Every kid with
a computer is tempted," he said. Unfortunately, it can take months to complete an
investigation. For instance, the so-called "LEGION OF DOOM" case, beginning in
September, 1986, took 10 months to solve and involved people in Maryland, New York,
Pennsylvania, Oregon and California.
If someone breaks into the computers of, for example, California's Pacific Bell, and the
break-in is severe, Pacific Bell Security gets warrants issued, and then, with the police,
confiscates computers, manuals, telephone lists and directories -- all related equipment.
It's common for the computer to be tied up for a few months as evidence. (And by the time
Pacific Bell Security does get involved, the evidence is usually overwhelming -- the
conviction rate is extremely high.)
"Whenever I'm involved in a case," said McMullen, "I ask the judge for permission to
confiscate the equipment. That's one big incentive for hackers not to do this kind of stuff.
I haven't had any repeaters, but I know of one case where the guy probably WILL do it
again when he gets out. "Usually the shock of what happens to a juvenile's parents -- who
bought the equipment and watched it get confiscated -- is enough to make them stop. But
we don't really have enough cases to know what the parents do."
ACCESS
"It's easy for hackers to find company phone numbers," said Daniel Suthers, Atari user and
operations manager at Pacific Bell in Concord, California. "Most large companies have a
block of 500 to 1,000 phone numbers set aside for their own use. At least one line will
have a modem. "People post messages on hacker / phreaker bases on some BBS's and
say 'I don't know who this phone number belongs to, but it's a business, judging by the
prefix, and has a 1200-baud tone.' Then it's open season for the hackers and phreakers."
Phreakers aren't much different than hackers -- they're just specifically telephone-oriented.
In "CompuTalk: Texas-Sized BBS" (Antic, August 1987), sysop Kris Meier discussed
phreakers who appear to have called from phone numbers other than the ones they were
actually using. A computer isn't needed to do this -- it's usually done with a "blue box."
"The blue boxes were used mostly in the late 1960s and early '70s," said McMullen. "They
fool the network and let people make free long distance calls -- a tone generator simulates
the signalling codes used by long distance operators. The boxes were phased out a
couple of years ago, though: they no longer let hackers access AT&T, but Sprint and MCI
can be accessed by something similar. However, computer programs are normally used
now."
To get long-distance phone service, hackers now use one of several programs passed
among other hackers (on bulletin boards, for example). They find the local access number
for Sprint or MCI and then run the program -- perhaps for a few days. It generates and
dials new phone numbers, and the hackers can check to see how many new or free codes
they've turned up.
They can post the codes on a BBS, and their friends will use them until they get stopped
by the long-distance company -- depending on how long it takes the company to realize
that these numbers hadn't been issued yet -- or until the customers discover that their
numbers have been accessed by someone who isn't "authorized."
Bulletin boards can be especially easy prey. "If a hacker knew your BBS program
intimately, he could probably figure it out, but that's messy," said Suthers. "If he can find
a back door, it's easier. Sysops are notorious for putting in their own back doors because,
though they have all the security under the sun on the FRONT doors, they still want to get
in without problems. It's just like what happened in the films Tron and Wargames -- which
probably taught a whole generation a lot of things."
Meier had said in the August, 1987 issue of Antic that someone once called his board
COLLECT. Simply put, the caller fooled the operator. McMullen says that's been around
for a long time. "It's common in prisons and situations where the phones are restricted."
McMullen also said that if the timing is just right, as soon as the modem answers, the
phreaker can wait for an operator to say "Will you accept the charges," then say "Yes."
The operator can't tell which end said yes, and if the modem has a long delay before the
connect tone, the phreaker can get away with it. It couldn't be done entirely electronically
-- the voice contact is needed.
"I've never run across people accessing online services such as CompuServe in this way,
but I'm sure it happens," said McMullen. "People suddenly get strange charges on their
phone bills. "The hackers I've dealt with are very brilliant and good at what they do. Of
course, when you do something all day that you're really interested in, you're GOING to be
good at it."
DOOM
McMullen's most recent hacker case at Stanford University dealt with the Legion of Doom,
an elite group of hackers who broke into computers -- some containing national
defense-related items. "As I understand it, they're supposed to be the top hackers in the
nation," McMullen said. "I started investigating the case when it began crossing state lines,
getting a bit too big. I contacted the FBI, who said that because of the Secret Service's
jurisdiction over credit card and telephone access fraud, they'd taken over computer crime
investigations that go across state lines -- actually, anything involving a telephone access
code. This case, of course, involved access codes, because the Sprint and AT&T systems
were used, and it was the Secret Service, not the FBI, that made the arrests. "I think that
the publicity from this case will scare people, and there'll be a lot less hacking for a while.
Some hackers are afraid to do anything: they're afraid that the Secret Service is watching
them, too."
TRACING
AT&T, Sprint and MCI now have ANI -- Automatic Number Identification -- as does Pacific
Bell (this means they have Electronic Switching System version 5 functioning). It aids a
great deal in detecting hackers (only when the hackers are behaving in a manner which
triggers an alert). Pacific Bell usually just assists in this type of investigation and identifies
the hackers. "It's easy to trace a call if the caller logs in more than once," said Suthers.
"The moment they dial in, a message is printed out -- before the phone even answers --
pinpointing where it came from, where it went to, the whole shmeer."
"A blue box made it much harder to detect, but if a hacker used it consistently, we could
eventually trace it back. So if someone is in California and makes it look as if he'd called
from New York, we can trace it across the country one way, and then back across.
Generally, though if the call is billed to a New York number, the caller is actually
somewhere like Florida, we can back-trace the call itself, especially if it's extremely
long."
But recently someone broke into Pacific Bell "through a fluke of circumstances." Suthers
said, "We closed down that whole area, so they can't get back in that way, but if they dial
the number again, they're in trouble." If Pacific Bell Security detects a break-in, the area
is secured immediately. Sometimes hackers are steered toward a kind of "pseudo-system"
that makes them THINK they've broken in -- but in fact they're being monitored and traced.
As to how many hackers there are, who knows? There's a lot of misuse and inside work
that's never detected or reported.
SECURITY
Security systems are expensive, but someone with a lot of data and an important system
should seriously look into one. Very few hackers are caught, simply because few
corporations have good security systems. Hackers are caught because corporations use
the security system. "Passwords should never be names, places or anything that can be
found in a dictionary," said Suthers.
"People shouldn't be able to just write a program to send words from their AtariWriter Plus
dictionary disk. Normally there should be a letter here, a few numbers there -- garbage.
Thus, if someone writes a program to generate random symbols and keeps calling back
until he breaks in, he'll probably be traced. "Some corporations aren't very computer literate
and don't worry about things like passwords until they've been hit, which is a shame. But
it's all out there in the books. TRICKS OF THE UNIX MASTER (by Russell Sage,
published by SAMS Publications, $22.95) is a beautiful book that tells you exactly what to
do to avoid break-ins." (Conversely, it helps you to break in.)
McMullen said that Stanford is trying to tighten up security by emphasizing the importance
of better passwords. "When researchers want to do their work, however, they don't want
to mess with passwords and codes," he said. "Universities seem to want to make their
systems easier for researchers to use. The more accessible it is, obviously, the less
security there is in terms of passwords. It's easier to use your name as a password than
some complicated character string. "So any hacker worth his salt can go onto any
computer system and pull out an account. Especially with UNIX, (see our UNIX chapter)
it's very easy to access it, entering as the password the first name of the person who has
the account. These Legion of Doom hackers used a program that actually found out what
the passwords were: it began by just checking the names. They were very successful --
it was just unbelievable."
But McMullen feels that security fell way behind the advances made in computers, and
several avenues were left open for people to explore. "Often these hackers don't mean
to be malicious or destructive," he said, "but I think they really feel triumphant at getting on.
Sometimes they do damage without realizing it, just by tramping through the system:
shutting down phone lines, programs and accounting systems." However, the strides made
in security since then have accounted for arrests, confiscations and convictions all over the
country -- but there are still many more to come."