proxy70

r103



I had not planned to post this as a special issue, and had
put itdirect in the TELECOM Archives. However, the demand
for copies (basedon the mail I received Saturday alone)
indicates it would be betterhandled in a couple of
newsgroups.I had not anticipated the large demand for
copies. Here it is:    Date: Tue, 15 May 90 02:40:28 pdt
From: Emmanuel Goldstein <emmanuel-well.uucp>    Subject:
2600 Articles: The Phrack E911 Affair

******************************************************

THE FOLLOWING TWO ARTICLES ARE FROM THE JUST-RELEASED SPRING
EDITION OF2600 MAGAZINE, THE HACKER QUARTERLY. WE FEEL THAT
THE CURRENT HAPPENINGSIN THE COMPUTER WORLD ARE EXTREMELY
SIGNIFICANT FOR ANYONE WHO HAS ANYINTEREST IN COMMUNICATIONS
AND/OR TECHNOLOGY. WE'D BE MOST INTERESTED INANY FEEDBACK ON
THIS TOPIC.

**************ARTICLE ONE: AN OVERVIEW*****************

A year ago, we told the stories of Kevin Mitnick and Herbert
Zinn,two hackers who had been sent to prison. It was then,
and still is today,a very disturbing chain of events:
mischief makers and explorers imprisonedfor playing with the
wrong toys and for asking too many questions. We saidat the
time that it was important for all hackers to stand up to
such grossinjustices. After all, they couldn't lock us all
up.It now appears that such an endeavor may indeed be on the
agendas of some verypowerful U.S. governmental agencies. And
even more frightening is therealization that these agencies
don't particularly care who or what gets sweptup along with
the hackers, as long as all of the hackers get swept
up.Apparently, we're considered even more of a threat than
we had previouslysupposed.In retrospect, this doesn't come
as a great deal of a surprise. In fact, it nowseems to make
all too much sense. You no longer have to be paranoid or of
abeen witnesses to. Censorship, clampdowns, "voluntary"
urine tests, liedetectors, handwriting analysis,
surveillance cameras, exaggerated crises thatinvariably lead
to curtailed freedoms.... All of this together with
theoverall view that if you're innocent, you've got nothing
to hide. And all madeso much more effective through the
magic of high tech. Who would you target asthe biggest
potential roadblock if not the people who understand
thetechnology at work? It appears the biggest threats to the
system are thosecapable of manipulating it.What we're about
to tell you is frightening, plain and simple. You don't
haveto be a hacker to understand this. The words and ideas
are easily translatableto any time and any
culture.Crackdown"We can now expect a crackdown...I just
hope that I can pull through this oneand that my friends can
also. This is the time to watch yourself. No matterwhat you
are into.... Apparently the government has seen the last
straw intheir point of view.... I think they are going after
all the 'teachers'...andso that is where their energies will
be put: to stop all hackers, and stoppeople before they can
become threats."This was one of the reactions on a computer
bulletin board to a series of raidson hackers, raids that
had started in 1989 and spread rapidly into early
1990.Atlanta, St. Louis, and New York were major targets in
what was then anundetermined investigation.This in itself
wouldn't have been especially alarming, since raids on
hackerscan almost be defined as commonplace. But this one
was different. For the veryfirst time, a hacker newsletter
had also been shut down.Phrack was an electronic newsletter
published out of St. Louis and distributedworldwide. It
dealt with hacker and phone phreak matters and could be
found onnearly all hacker bulletin boards. While dealing
with sensitive material, theeditors were very careful not to
publish anything illegal (credit cardnumbers, passwords,
Sprint codes, etc.). We described "Phrack World News"
(aregular column of Phrack) in our Summer 1989 edition as "a
must-read for manyhackers". In many ways Phrack resembled
2600, with the exception of being sentvia electronic mail
instead of U.S. Mail. That distinction would prove to
bePhrack's undoing.It now turns out that all incoming and
outgoing electronic mail used by Phrackwas being monitored
by the authorities. Every piece of mail going in and
everypiece of mail coming out. These were not pirated
mailboxes that were beingused by a couple of hackers. These
had been obtained legally through theschool the two Phrack
editors were attending. Privacy on such mailboxes,though not
guaranteed, could always be assumed. Never again.It's fairly
obvious that none of this would have happened, none of this
couldhave happened had Phrack been a non-electronic
magazine. A printed magazinewould not be intimidated into
giving up its mailing list as Phrack was. Had aprinted
magazine been shut down in this fashion after having all of
their mailopened and read, even the most thick-headed
sensationalist media types wouldhave caught on: hey, isn't
that a violation of the First Amendment?Those media people
who understood what was happening and saw the
implicationswere very quickly drowned out in the hysteria
that followed. Indictments werebeing handed out.
Publisher/editor Craig Neidorf, known in the hacker world
asKnight Lightning, was hit with a seven count indictment
accusing him ofparticipating in a scheme to steal
information about the enhanced 911 systemrun by Bell South.
Quickly, headlines screamed that hackers had broken intothe
911 system and were interfering with emergency telephone
calls to thepolice. One newspaper report said there were no
indications that anyone haddied or been injured as a result
of the intrusions. What a relief. Too bad itwasn't true.In
actuality there have been very grievous injuries suffered as
a result ofthese intrusions. The intrusions we're referring
to are those of thegovernment and the media. The injuries
have been suffered by the defendantswho will have great
difficulty resuming normal lives even if all of this
isforgotten tomorrow.And if it's not forgotten, Craig
Neidorf could go to jail for more than 30years and be fined
$122,000. And for what? Let's look at the indictment:"It
was... part of the scheme that defendant Neidorf, utilizing
a computer atthe University of Missouri in Columbia,
Missouri would and did receive a copyof the stolen E911 text
file from defendant Robert J.| Riggs located inAtlanta and
known in the hacker world as Prophet| through the
LockportIllinois| computer bulletin board system through
the use of an interstatecomputer data network."It was
further part of the scheme that defendant Neidorf would and
did editand retype the E911 Practice text file at the
request of the defendant Riggsin order to conceal the source
of the E911 Practice text file and to prepareit for
publication in a computer hacker newsletter."It was further
part of the scheme that defendant Neidorf would and
didtransfer the stolen E911 Practice text file through the
use of an interstatecomputer bulletin board system used by
defendant Riggs in Lockport, Illinois."It was further part
of the scheme that the defendants Riggs and Neidorf
wouldpublish information to other computer hackers which
could be used to gainunauthorized access to emergency 911
computer systems in the United States andthereby disrupt or
halt 911 service in portions of the United
States."Basically, Neidorf is being charged with receiving a
stolen document. There isnothing anywhere in the indictment
that even suggests he entered any computerillegally. So his
crimes are receiving, editing, and transmitting.Now what is
contained in this document? Information about how to
gainunauthorized access to, disrupt, or halt 911 service?
Hardly. The document(erroneously referred to as "911
software" by the media which caused all kindsof
misunderstandings) is quoted in Phrack Volume 2, Number 24
and makes forone of the dullest articles ever to appear in
the newsletter. According to theindictment, the value of
this 20k document is $79,449. See story that follows this
one|Shortly after the indictments were handed down, a member
of the Legion of Doomknown as Erik Bloodaxe issued a public
statement. "A group of three hackers|ended up pulling files
off a Southern Bell system| for them to look at. Thisis
usually standard procedure: you get on a system, look around
forinteresting text, buffer it, and maybe print it out for
posterity. No memberof LOD has ever (to my knowledge) broken
into another system and used anyinformation gained from it
for personal gain of any kind...with the exceptionof maybe a
big boost in his reputation around the underground. A
hacker| tookthe documentation to the system and wrote a file
about it. There are actuallytwo files, one is an overview,
the other is a glossary. The information ishardly something
anyone could possibly gain anything from except
knowledgeabout how a certain aspect of the telephone company
works."He went on to say that Neidorf would have had no way
of knowing whether or notthe file contained proprietary
information.Prosecutors refused to say how hackers could
benefit from the information, norwould they cite a motive or
reveal any actual damage. In addition, it's widelyspeculated
that much of this information is readily available as
referencematerial.In all of the indictments, the Legion of
Doom is defined as "a closely knitgroup of computer hackers
involved in: a) disrupting telecommunications byentering
computerized telephone switches and changing the routing on
thecircuits of the computerized switches; b) stealing
proprietary computer sourcecode and information from
companies and individuals that owned the code
andinformation; c) stealing and modifying credit information
on individualsmaintained in credit bureau computers; d)
fraudulently obtaining money andproperty from companies by
altering the computerized information used by thecompanies;
e) disseminating information with respect to their methods
ofattacking computers to other computer hackers in an effort
to avoid the focusof law enforcement agencies and
telecommunication security experts."Ironically, since the
Legion of Doom isn't a closely knit group, it's unlikelythat
anyone will be able to defend the group's name against these
charges --any defendants will naturally be preoccupied with
their own defenses.(Incidentally, Neidorf was not a part of
the Legion of Doom, nor was Phracka publication of LOD, as
has been reported.)The Hunt IntensifiesAfter learning of the
Phrack electronic mail surveillance, one of the
systemoperators of The Phoenix Project, a computer bulletin
board in Austin, Texas,decided to take action to protect the
privacy of his users. "I will be addinga secure encryption
routine into the e-mail in the next 2 weeks - I
haven'tdecided exactly how to implement it, but it'll let
two people exchange mailencrypted by a password only known
to the two of them.... Anyway, I do notthink I am due to be
busted...I don't do anything but run a board. Still,there is
that possibility. I assume that my lines are all tapped
until provenotherwise. There is some question to the wisdom
of leaving the board up atall, but I have personally phoned
several government investigators and invitedthem to join us
here on the board. If I begin to feel that the board
isputting me in any kind of danger, I'll pull it down with
no notice - I hopeeveryone understands. It looks like it's
sweeps-time again for the feds. Let'shope all of us are
still around in 6 months to talk about it."The new security
was never implemented. The Phoenix Project was seized
withindays.And the clampdown intensified still further. On
March 1, the offices of SteveJackson Games, a publishing
company in Austin, were raided by the SecretService.
According to the Associated Press, the home of the managing
editorwas also searched. The police and Secret Service
seized books, manuals,computers, technical equipment, and
other documents. Agents also seized thefinal draft of a
science fiction game written by the company. According to
theAustin American-Statesman, the authorities were trying to
determine whetherthe game was being used as a handbook for
computer crime.Callers to the Illuminati bulletin board (run
by Steve Jackson Games), receivedthe following
message:"Before the start of work on March 1, Steve Jackson
Games was visited by agentsof the United States Secret
Service. They searched the building thoroughly,tore open
several boxes in the warehouse, broke a few locks, and
damaged acouple of filing cabinets (which we would gladly
have let them examine, hadthey let us into the building),
answered the phone discourteously at best, andconfiscated
some computer equipment, including the computer that the BBS
wasrunning on at the time."So far we have not received a
clear explanation of what the Secret Service waslooking for,
what they expected to find, or much of anything else. We
arefairly certain that Steve Jackson Games is not the target
of whateverinvestigation is being conducted; in any case, we
have done nothing illegaland have nothing whatsoever to
hide. However, the equipment that was seized isapparently
considered to be evidence in whatever they're investigating,
so wearen't likely to get it back any time soon. It could be
a month, it could benever."To minimize the possibility that
this system will be confiscated as well, wehave set it up to
display this bulletin, and that's all. There is no
messagebase at present. We apologize for the inconvenience,
and we wish we dared domore than this."Apparently, one of
the system operators of The Phoenix Project was
alsoaffiliated with Steve Jackson Games. And that was all
the authorities needed.Raids continued throughout the
country with reports of more than a dozenbulletin boards
being shut down. In Atlanta, the papers reported that
threelocal LOD hackers faced 40 years in prison and a $2
million fine.Another statement from a Legion of Doom member
(The Mentor, also a systemoperator of The Phoenix Project)
attempted to explain the situation:"LOD was formed to bring
together the best minds from the computer underground- not
to do any damage or for personal profit, but to share
experiences anddiscuss computing. The group has always
maintained the highest ethicalstandards.... On many
occasions, we have acted to prevent abuse of systems....I
have known the people involved in this 911 case for many
years, and therewas absolutely no intent to interfere with
or molest the 911 system in anymanner. While we have
occasionally entered a computer that we weren't supposedto
be in, it is grounds for expulsion from the group and social
ostracism todo any damage to a system or to attempt to
commit fraud for personal profit."The biggest crime that has
been committed is that of curiosity.... We havebeen
instrumental in closing many security holes in the past, and
had hoped tocontinue to do so in the future. The list of
computer security people whocount us as allies is long, but
must remain anonymous. If any of them chooseto identify
themselves, we would appreciate the support."And The Plot
ThickensMeanwhile, in Lockport, Illinois, a strange tale was
unfolding. The public UNIXsystem known as Jolnet that had
been used to transmit the 911 files had alsobeen seized.
What's particularly odd here is that, according to the
electronicnewsletter Telecom Digest, the system operator,
Rich Andrews, had beencooperating with federal authorities
for over a year. Andrews found the fileson his system nearly
two years ago, forwarded them to AT&T, and wassubsequently
contacted by the authorities. He cooperated fully. Why,
then, washis system seized as well? Andrews claimed it was
all part of theinvestigation, but added, "One way to get
hackers| is by shutting down thesites they use to
distribute stuff."The Jolnet raid caused outrage in the
bulletin board world, particularly amongadministrators and
users of public UNIX systems.Cliff Figallo, system
administrator for The Well, a public UNIX system
inCalifornia, voiced his concern. "The assumption that
federal agents can seizea system owner's equipment as
evidence in spite of the owner's lack of proveninvolvement
in the alleged illegal activities (and regardless of
thepossibility that the system is part of the owner's
livelihood) is scary to meand should be to anyone
responsible for running a system such as this."Here is a
sampling of some of the comments seen around the country
after theJolnet seizure:"As administrator for Zygot, should
I start reading my users' mail to makesure they aren't
saying anything naughty? Should I snoop through all the
filesto make sure everyone is being good? This whole affair
is rather chilling.""From what I have noted with respect to
Jolnet, there was a serious crimecommitted there -- by the
federal authorities|. If they busted a system withemail on
it, the Electronic Communication Privacy Act comes into
play.Everyone who had email dated less than 180 days old on
the system is entitledto sue each of the people involved in
the seizure for at least $1,000 pluslegal fees and court
costs. Unless, of course, the authorities| did it by
thebook, and got warrants to interfere with the email of all
who had accounts onthe systems. If they did, there are
strict limits on how long they have toinform the
users.""Intimidation, threats, disruption of work and
school, 'hit lists', andserious legal charges are all part
of the tactics being used in this'witch-hunt'. That ought to
indicate that perhaps the use of pseudonyms wasn'tsuch a bad
idea after all.""There are civil rights and civil liberties
issues here that have yet to beaddressed. And they probably
won't even be raised so long as everyone acts onthe
assumption that all hackers are criminals and vandals and
need to besquashed, at whatever cost....""I am disturbed, on
principle, at the conduct of at least some of the
federalinvestigations now going on. I know several people
who've taken their systemsout of public access just because
they can't risk the seizure of theirequipment (as evidence
or for any other reason). If you're a Usenet site, youmay
receive megabytes of new data every day, but you have no
common carrierprotection in the event that someone puts
illegal information onto the Net andthence into your
system."Increased RestrictionsBut despite the outpourings of
concern for what had happened, many systemadministrators and
bulletin board operators felt compelled to tighten
thecontrol of their systems and to make free speech a little
more difficult, fortheir own protection.Bill Kuykendall,
system administrator for The Point, a public UNIX system
inChicago, made the following announcement to the users of
his system:"Today, there is no law or precedent which
affords me... the same legal rightsthat other common
carriers have against prosecution should some other
party(you) use my property (The Point) for illegal
activities. That worries me...."I fully intend to explore
the legal questions raised here. In my opinion, therights to
free assembly and free speech would be threatened if the
owners ofpublic meeting places were charged with the
responsibility of policing allconversations held in the
hallways and lavatories of their facilities forreferences to
illegal activities."Under such laws, all privately owned
meeting places would be forced out ofexistence, and the
right to meet and speak freely would vanish with them.
Thecommon sense of this reasoning has not yet been applied
to electronic meetingplaces by the legislature. This issue
must be forced, or electronic bulletinboards will cease to
exist."In the meantime, I intend to continue to operate The
Point with as little riskto myself as possible. Therefore, I
am implementing a few new policies:"No user will be allowed
to post any message, public or private, until his nameand
address has been adequately verified. Most users in the
metropolitanChicago area have already been validated through
the telephone numberdirectory service provided by Illinois
Bell. Those of you who receivedvalidation notices stating
that your information had not been checked due to alack of
time on my part will now have to wait until I get time
before beingallowed to post."Out of state addresses cannot
be validated in the manner above.... The shortterm solution
for users outside the Chicago area is to find a system
closer tohome than The Point."Some of the planned
enhancements to The Point are simply not going to
happenuntil the legal issues are resolved. There will be no
shell access and no fileupload/download facility for now."My
apologies to all who feel inconvenienced by these policies,
but under thecircumstances, I think your complaints would be
most effective if made to yourstate and federal legislators.
Please do so!"These restrictions were echoed on other large
systems, while a number ofsmaller hacker bulletin boards
disappeared altogether. We've been told by somein the hacker
world that this is only a phase, that the hacker boards will
bewords and identities "registered". But there's also a
nagging suspicion, thefeeling that something is very
different now. A publication has been shutdown. Hundreds, if
not thousands, of names have been seized from mailing
listsand will, no doubt, be investigated. The facts in the
911 story have beentwisted and misrepresented beyond
recognition, thanks to ignorance andsensationalism. People
and organizations that have had contact with any of
thesuspects are open to investigation themselves. And,
around the country,computer operators and users are becoming
more paranoid and less willing toallow free speech. In the
face of all of this, the belief that democracy willtriumph
in the end seems hopelessly naive. Yet, it's something we
dare notstop believing in. Mere faith in the system,
however, is not enough.We hope that someday we'll be able to
laugh at the absurdities of today. But,for now, let's
concentrate on the facts and make sure they stay in
theforefront.==> Were there break-ins involving the E911
system? If so, the entire storymust be revealed. How did the
hackers get in? What did they have access to?What could they
have done? What did they actually do? Any security holes
thatwere revealed should already have been closed. If there
are more, why do theystill exist? Could the original holes
have been closed earlier and, if so, whyweren't they? Any
hacker who caused damage to the system should be
heldaccountable. Period. Almost every hacker around seems to
agree with this. Sowhat is the problem? The glaring fact
that there doesn't appear to have beenany actual damage.
Just the usual assortment of gaping security holes thatnever
seem to get fixed. Shoddiness in design is something that
shouldn't beoverlooked in a system as important as E911. Yet
that aspect of the case isbeing side-stepped. Putting the
blame on the hackers for finding the flaws isanother way of
saying the flaws should remain undetected.==> Under no
circumstance should the Phrack newsletter or any of its
editors beheld as criminals for printing material leaked to
them. Every publication ofany value has had documents given
to them that were not originally intendedfor public
consumption. That's how news stories are made. Shutting down
Phracksends a very ominous message to publishers and editors
across the nation.==> Finally, the privacy of computer users
must be respected by the government.It's ironic that hackers
are portrayed as the ones who break into systems,read
private mail, and screw up innocent people. Yet it's the
federalauthorities who seem to have carte blanche in that
department. Just what didthe Secret Service do on these
computer systems? What did they gain access to?Whose mail
did they read? And what allowed them to do this?Take
ExceptionIt's very easy to throw up your hands and say it's
all too much. But the factsindicate to us that we've come
face to face with a very critical moment inhistory. What
comes out of this could be a trend-setting precedent, not
onlyfor computer users, but for the free press and every
citizen of the UnitedStates. Complacency at this stage will
be most detrimental.We also realize that one of the quickest
ways of losing credibility is to beshrill and
conspiracy-minded. We hope we're not coming across in this
waybecause we truly believe there is a significant threat
here. If Phrack issuccessfully shut down and its editors
sent to prison for writing an article,2600 could easily be
next. And so could scores of other publications
whoseexistence ruffles some feathers. We cannot allow this
to happen.In the past, we've called for people to spread the
word on various issues. Moretimes than not, the results have
been felt. Never has it been more importantthan now. To be
silent at this stage is to accept a very grim and dark
future.

ARTICLE TWO: A REVIEW OF THE E911 DOCUMENT ITSELF

Documentation on the E911 SystemMarch 1988 $79,449, 6
pagesBell South Standard Practice660-225-104SVReview by
Emmanuel GoldsteinIt otherwise would have been a quickly
forgotten text published in a hackernewsletter. But due to
all of the commotion, the Bell South E911 document isnow
very much in the public eye. Copies are extremely easy to
come by, despiteBell South's assertion that the whole thing
is worth $79,449.While we can't publish the actual document,
we can report on its contents sinceit's become a news story
in itself. But don't get excited. There really isn'tall that
much here.Certain acronyms are introduced, among them Public
Safety Answering Point(PSAP), also known as Emergency
Service Bureau (ESB). This is what you get (intelco lingo)
when you dial 911. The importance of close coordination
betweenthese agencies is stressed. Selective routing allows
the 911 call to be routedto the proper PSAP. The 1A ESS is
used as the tandem office for this routing.Certain services
made available with E911 include Forced
Disconnect,Alternative Routing, Selective Routing, Selective
Transfer, Default Routing,Night Service, Automatic Number
Identification, and Automatic LocationIdentification.We
learn of the existence of the E911 Implementation Team, the
brave men andwomen from Network Marketing who help with
configuration in the difficultcutover period. This team is
in charge of forming an ongoing maintenanceWe learn that the
Switching Control Center (SCC) "is responsible for
E911/1AESStranslations in tandem central offices". We're not
exactly shocked by thisrevelation.We also find out what is
considered a "priority one" trouble report. Any linkdown to
the PSAP fits this definition. We also learn that when ANI
fails, thescreens will display all zeroes.We could go on but
we really don't want to bore you. None of this
informationwould allow a hacker to gain access to such a
system. All it affords is achance to understand the
administrative functions a little better. We'd like toassume
that any outside interference to a 911 system is impossible.
Does BellSouth know otherwise? In light of their touchiness
on the matter, we have towonder.We'd be most interested in
hearing from people with more technical knowledge onthe
subject. What does this whole escapade tell us? Please write
or call so thefacts can be brought forward.

****************************************************

2600 MAGAZINE WANTS TO HEAR YOUR THOUGHTS AS WELL AS ANY
ADDITIONAL FACTS YOUMAY BE ABLE TO SHARE WITH US. POST
PUBLIC COMMENTS HERE. YOU CAN SEND PRIVATEMAIL TO
2600-well.sf.ca.us OR 2600 EDITORIAL DEPARTMENT, P.O. BOX
99, MIDDLEISLAND, NY 11953. IF YOU WANT TO CALL US, OUR
PHONE NUMBERS ARE:(516) 751-2600 (VOICE/MACHINE) OR (516)
751-2608 (FAX).

******************************************************



9: Text Philez P-Z
[UD:Punter][Unltd.Time][UnltdBlk]: