It's Baaaaa-ack! *------------------------* | The Phreaking Articles | | Vol. 2 | | by | | * Black Death * | *------------------------* An Official ZoNE Product Well, Here it is. The Not-so-Long awaited sequel to The Phreaking Artciles Vol 1. What I'm trying to do here is keep the pirate/phreak/hack world informed on what's going on to it's members, and what good ol' Mrs. Bell is up to to try and stop us. Just keeping you informed on the War.. So I get a bunch of articles on the subject, type them up and send 'em to you. So Hopefully you'll get something out of this and learn. Have phun! `TELEPHONE HACKING: WIDESPREAD, GROWING' By Alex Barnum - Mercury News Staff Writer The alleged case against Kevin L. Poulsen is an extreme example of a widespread and growing telephone crime problem that usualy gets scant attention except from it's major victims: the phone companies. Law enforcement efforts against telephone and computer crime have few tangible results, experts say. Although some cases have been widely public- ized, less than 10 percent of known security breaches have been prosecuted. The longest prison term for a computer hack has been 1 year. At the same time, state legislatures, including California's, have passed computer crime laws that give law enforcement officials broader authority that federal statutes to pursue computer hackers and so-called phone phreaks. In the most recent case, Poulsen, 24, was chaged Wednsday with illeagaly obtaining and using Pacific Bell Co. equipment and access codes, obtaining sensitive military documents and stealing a computer printout relating to an FBI investigation of former Philippene President Ferdinand Marcos. The indictment charges Poulsen with telephone crimes, such as evesdropping and recording conversations, that are far more sophisticated and rare than the activities of the typical phreak who makes free long-distance phone calls using illeagaly obtained telephone credit card numbers. Phreaks, who began 20 years ago with blue boxes that could trick the phone network into allowing free access to long-distance calling, now typically obtain these credit card numbers on computer bulliten board systems (BBSs). The numbers usually belong to large buisnesses, which monitor the use of their numbers less frequently than individuals. As a whole, phone phreaking is a widespread problem and the fastest growing segment of computer crime. the National Center for Computer Crime Data in Santa Cruz estimates that it has grown from about 10% of all computer crime in 1986 to 34%. Moreover, as with all computer crime, the vast majority of it goes undetected or unreported. In a 1988 survey, the center found that only 6% of the serious break-ins known to computer security professionals were ever prosecuted. The abuse of phone access codes is "obviously epidemic" said Ken Rosenblatt, assitant district attorney in Santa Clara County. `The phone companies are losing lots of money.' Public prosecutors say law enforcement efforts to stop telephone crime are lagging even in Santa Clara County, which has two full-time district attorneys assignd to its High Technology Crime Unit, the largest such group in the country. `We just don't have the bodies (we need) if we want to stop phone hacking,' Rosenblatt said, adding that his unit is focussing mostly on computer chip theft and industrial espionage, which are financially more significant. Several weeks ago, the California legislature passed a new "for-feiture" law, in which convicted hackers would forfeit their telephone or computer equipment as part of the punishment. Unless stolen, the equipment would go to the vitims or the prosecutors. Although that may seem like a minor inconvinience to a convicted hacker, Jerry Coleman, assistant district attorney in San Fransisco, said it's a punishment with psychological effects that better fit the crime than does a period of probation. PSYCHOLOGICAL PUNISHMENT `Hackers suddenly feel that loss they've been perpetrating on their vic- tims,' Coleman said. `It's a psychological punishment for a psychological crime.' Despite new legal weapons for prosecutors, the leaders in the war against phreaks are also their biggest victims: the phone companies. And law enforcement officials say the phone companies are winning. ( BAHAHAHAAHA!!! yeah right! -BD) `They are trying to stay one step ahead' of the phone phreaks, Coleman said. `And I think they are successfull.' ENHANCING AWARENESS John Hancock, vice president for systems technology at Pacific Bell, noted that many security breeches occur when hackers trick employees into giving them access codes. As a result, Hancock said, the company recently began a `Security awareness program' for it's employees and cutomers. Pacific Bell has developed a sophisticated identification system for it's technicians in the field. Hancock notes that repairmen used to have to call a central switchboard and identify themselves over the line to get access to one of the company's switching lines. Now, technicians are given `smart cards'. The card flashes an eight- digit number that changes randomly every 30 seconds. Technicians must punch in that number on a phone keyboard, in addition to giving their individual password. A central <*COMPUTER*> verifies the number, giving the technician access. Among other measures, Hancock said Pacific Bell recently installed a more secure version of the Unix operating system, sophisticated computer software that runs the phone network. And through their joint research facility, the Bell operating companies have drafted a plan that immidiately alerts other phone companies to a case of infiltration into any one. San Jose Mercury News - Morning Edition - 1/20/90 PHONE CRACKING High Tech Thugs Prey on Voice Mail By Alex Barnum (Mercury News Staff Writer) A new generation of computerized telephone answering machines has spawned a new breed of technological terrorists: the voice-mail hacker Like their counterparts among computer hackers, voice-mail hackers are typically nerdy teen-agers whose interests in computers and phones borders on obsession, law enforcement officials say. They range from high-school students who crack voice-mail codes for the sheer thrill to gangs of high tech ruffians who prowl the nation's phone lines for profit. Altogether, their nefarious trade (I just love this guys vocab) is contributing to a telecommunications fraud problem that officials estimate is costing corporations and phone companies nationwide more than $500 million a year. Consider the case of Certified Grocers of California, one of the voice- mail hackers better known exploits. Several years ago, the Los Angeles-based grocery wholesaler installed a new voice-mail system, hooked up to its toll- free 800 lines. the system greeted cutomers in a friendly feminine voice ("Welcme to Cer-Gro"), routed their calls ("Please enter the four digit extension you wish to reach"), even told of delivery schedules ("For inbound scheduling and outbound load information, press 2"). The system was considered a convinience to both the company and its cutomers until Cer-Gro managers noticed that the company's toll-free phone bills began to soar. After a little digging, they found a gang of teen-agers had cracked the passcodes on the voice-mail system and transferred control of some 200 of it's 300 "voice-mail boxes" to a drug and prostitution ring. Instead of delivery schedules, the voice-mail system was being used to dispense up-to-the-minute New York cocaine prices and information about prostitution services. This new generation of office answering machine may be transforming corporate America, replacing the office secretary, receptionist, and even the inter-office memo. but it has also provided the teen-age bandits who pirate the computer and phone networks with a new target. "We've had a lot of cases," says Gail Thackeray, Arizona assistant attorney general and a specialist in voice-mail hacking. "Everybody from local mom-and-pop buisnesses to giant corporations have been affected." Although voice-mail hacking reached a plateau last year, the problem is likely to get worse as voice-mail gains a greater following, voice-mail specialists say. Once used primarily by large corporations, voice mail is growing in popularity among smaller buisnesses. What's more, with regional phone companies experimenting with residentia service, voice-mail may soon be widely availiable to homes across the country. Many specialists fear that residential use will bring a new wave of hacking. Developed a decade ago, voice-mail systems are specialized computers that can answer a company's phones, direct callers through a maze of options and record their messages. A system typically gives every employee a personal voice-mail box to leave an retrieve messages, which they gain access to using secret passcodes that range from two to 14 digits. With a versatility far greater than normal answering machines, the system also allows employees to send voice messages to co-workers and even whole departments or groups of employees. The passcode is the key to voice-mail security. But armed with a Touch- Tone phone, a little knowledge of voice-mail, and a lot of patience, a hacker can easily infiltrate the mailbox of someone who has been lax about security. Here's how a hacker might do it: Dialing in over toll-free lines, the hacker is greeted by the company's "automated attendant," which attempts to direct the call. At that point, the hacker simply starts trying passcodes. The easiest codes to break are short, obvious combinations of numbers, such as 1-2-3, or codes that are identical to an employees phone extension. Once inside a mailbox a user is directed by a recorded voice through a series of options. Using these options, a hacker can request a new passcode and take control of the mailbox. (Hackers are no dummies, and frequently request 14 digit passcodes.) The hacker can read an employees messages and send messages to others. If the hacker breaks in to an active but unassigned mailbox, as happened at Certified Grocers, or if he breaks into the mailbox of an employee on vacation, the hacker could remain undetected long enough to use it for his own purposes. In some cases, hackers have cracked the mailbox code of the system operator, the employee in charge of administering the voice-mail system. That allows the hacker to roam freely through the voice-mail system. Several years ago, a disgruntled ex-employee of a San Jose office supply store gained "system operator" status on the company's voice mail system and changed it's greeting to outsiders. Customers who dialed the store were told that it had gone out of buisness. Voice-mail hacking even has triggered concern among corporate executives about industrial espionage, says Donn Parker, a computer security specialist at SRI Inernational in Menlo Park. Voice-mail equipment manufacturers agree that sensitive information, such as the detail of an impending merger, is best not left on voice mail messages. But that didn't deter an executive at one company who left sensitive end-of-the-quarter financial information on a message, only to have it recorded and broadcast to competetors around the country. Voice-mail hacking has also attracted more serious criminals, says Thackeray. She and other law-enforcement officials worry particularly about the national gangs that trade stolen long-distance access codes and credit card numbers over "code lines", voice-mail boxes that hackers use as audio bulliten boards. Code lines work like this: A hacker obtains stolen access codes and credit card numbers through computer bulliten boards, from voided retail store receipts, by overhearing them at public pay phones and other nefarious means. he posts the ill-gotten codes to 10 voice-mail boxes around the country. In turn, each of his cohorts checks the code lines several times a day, records the numbers and posts them to 10 more code lines. Wihin hours, the number of hacker with access to the code mushrooms. "The loses go right through the roof," Thackeray says. "The loses are so high because hundreds of people have access to the numbers immidiately." The costs to buisnesses can be staggering. Thackeray says hackers can easily rack up a $10,000 phone bill on one number within days. And buisnesses don't find out about the abuse unitl they get the monthly bill. In a case pending in Tuscon, the cost of stolen long distance codes to US Sprint was conser- vatively estimated at $500,000, she says. The Communications Fraud Control Association in McLean, Va.,says it's all part of a telecommunications fraud problem that is costing the phone companies more than $500 million a year. In a case uncovered last year, a nationwide teen-age hacking ring allegdly infiltrated the voice-mail systems of 20 buisnesses and organizations, set up code lines and racked more than $200,000 in unauthorized calls, the Secret Service charges. The alleged mastermind of the ring, Leslie Lynn Doucette, a Chicago woman who had been convicted of telecommunications fraud in Canada, reportedly supported herself and her two children through her hacking activities. The 35-year-old Doucette allegedly ran the ring of electronic pickpockets like something out of a computer age "Oliver Twist," Using the code name, "Kyrie." Doucette held telephone confrences with her hackers across the country, teaching them to get access codes from AT&T credit card holders. In one scheme, the hackers allegedly used stolen credit card numbers to wire Doucette more than $1,000 worth of Western Union money orders. Voice-mail hackers are particularly hard to catch, law enforcement officials say. Hackers, who prowl through the phone lines using code names, direct their calls along cuitous routes and across state lines, making them difficult to track. "They're like schools of fish," Thackeray says. "They move quickly from one system to another." Officials say phone companies, which are often their only hope of tracking hackers, are of little help because they fear invasion-of-privacy lawsuits. Long distance carriers have beefed up security, implementing 14-digit access codes and features that enable buisnesses to monitor the source of toll-free calls. By closing the door on corporate 800 lines, the carriers have cut out some of the hacking. But hackers have lighted on other vulnerable branches of public phone network and are busy trying to crack the shorter acces codes of smaller carriers and the regional Bell operating companies, officials say. More important, voice-mail equipment manufacturers have launched an assault on voice-mail hacking. Many systems now have features that lock a voice-mail box after several attempts at entry and provide "audit trails" that monitor use. Voice-mail makers have given users tools to ensure security, says David Ladd, executive vice president at VMX Inc., a San Jose voice-mail company. As a result, he says, voice-mail security now depends on company efforts ti train cutomers and the vigilance of the user. "A voice-mail system is only as secure as the people who take care of it," adds Elizabeth Johnson, an industry consultant. "The only thing that keeps a hacker out of your voice mail is your password." San Jose Mercury News - Morning Edition - 2/19/90 The Phreaking Articles are written by Black Death for ZoNE, at The Unholy Temple BBS. All Real names have been used, and no editing has been done to protect the innocent/guilty. Call these GREAT ZoNE boards. [305] 386-6219 - FerrarI BBS - ZoNE HQ. 38.4 HST - [408] 249-5405 - The Unholy Temple - ZoNE Site #1 - 12/24oo - P/hack filez [514] 358-1987 - The Order of the Kamikaze - ZoNE site #2 - 12/24oo - Elite Greetings to Lord Sharp, The Zenabyte, The Prisoner, Sam Brown, Shadow Lord, The Mentor, Barimoor, and Mr. FerrarI. |------------------- |-------------| |--\ |--| |--|-------- |_____________ / | | | \ | | | | / / | | | \ | | | |-------| / / | |---| | | | \ | | | ] / / | | | | | |\ \ | | | |-------| / / | |---| | | | \ \ | | | |-------| / /___________ | | | | \ \| | | ] | | | | | | \ | | --------| |------------------| |-------------| |__| \___| |__--------| Another file downloaded from: ! -$- & the Temple of the Screaming Electron ! * Walnut Creek, CA + /^ | ! | |//^ _^_ 2400/1200/300 baud (415) 935-5845 /^ / @ | /_-_ Jeff Hunter, Sysop |@ _| @ @|- - -| | | | /^ | _ | - - - - - - - - - * |___/____|_|_|_(_)_| Aaaaaeeeeeeeeeeeeeeeeee! / Specializing in conversations, E-Mail, obscure information, entertainment, the arts, politics, futurism, thoughtful discussion, insane speculation, and wild rumours. An ALL-TEXT BBS. "Raw data for raw minds."