Title : PWN/Part 4
Author : Spirit Walker
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN Phrack World News PWN
PWN PWN
PWN Issue XXXVII / Part Four of Four PWN
PWN PWN
PWN Compiled by Dispater & Spirit Walker PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Computer Espionage: Can We Be Compromised By The Internet? December 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Extracted from Security Awareness Bulletin
The advent of computer networks linking scientists and their research
institutions vastly complicates any effort to identify Soviet scientific
espionage. For example, foreign travel may become less important, as computers
become more directly interconnected, allowing scientists anywhere in the world
to talk to each other -- and, in some cases to access information in data bases
at Western academic and defense-related institutions.
This capability has been available for some time, but in 1989 the USSR took an
important step toward increasing the breadth and availability of access, by
applying (with Poland, Czechoslovakia, Hungary, and Bulgaria) to be connected
to the European Academic Research Network (EARN). Approval of the application
in April 1990 provided Soviet and East European users access far beyond simply
a link to computers throughout Western Europe. Through EARN, the Soviets would
be connected to Internet, a US network serving defense, research, and academic
organizations worldwide.
A number of threats are inherent in the trend toward computer linkage. The
most obvious is the increased ease with which a Soviet can discuss professional
matters with Westerners working on similar projects. A user also can put out a
blanket request for information on any subject, and it may not always be
obvious that the requestor is working for the USSR. In addition, the Soviet
Academy of Sciences can use a computer network to issue general invitations to
conferences -- in hopes that the responses will identify untapped research
institutions or individual scientists that later can be targeted for specific
information.
Access to data in the computers connected to a network normally is controlled,
so that specific files can be read only by authorized users. However, the
Soviets have demonstrated that an innovative "hacker" connected to computers
containing sensitive information can evade the access controls in order to read
that information. In the "Hannover Hacker" case, for example, the Soviet
intelligence services used West German computer experts to access US restricted
data bases, obtaining both software and defense-related information.
_______________________________________________________________________________
Waging War Against War Dialing November 27, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Edmund L. Andrews (New York Times)
Special Thanks: Dark Overlord
WASHINGTON -- Riding a wave of popular annoyance over telephone sales calls,
Congress approved and sent to President Bush a bill that would ban the use of
automated dialing devices that deliver pre-recorded messages to the home. The
measure would also allow consumers to block calls from human sales-people by
placing their names on a "do not call" list.
The bill, which passed on voice votes in both the House and Senate, was
supported by both Democrats and Republicans, some of whom have recounted their
own aggravations with unsolicited sales calls.
Although the White House has expressed concerns about what it views as
unnecessary regulation, the President has not threatened to veto the bill.
The measure, which combines provisions from several separate measures passed
previously by both chambers of Congress, bans the use of autodialers for
calling most individual homes. The few exceptions would be when a person has
explicitly agreed to receive such a call or when the autodialer is being used
to notify people of an emergency.
When autodialers are used to call businesses, they would be prohibited from
reaching more than two numbers at a single business.
Many states have already passed laws that restrict autodialers, including about
a dozen states that ban them altogether and about two dozen others that
restrict their use in various ways.
The state laws, however, do not stop a company from using an autodialer in an
unregulated state to call homes in state with regulations.
In an attempt to curb telemarketing by human sales representatives, the measure
would instruct the Federal Communications Commission to either oversee the
creation of a nationwide "do not call" list or issue rules ordering companies
to maintain their own lists.
The bill would allow people who placed their names on such a list to file suits
is small claims courts against companies that persisted in calling. The suits
could seek up to $500 for each unwanted call, up to a maximum of three calls
>from a single company.
Finally, the bill would ban unsolicited "junk fax" messages, which are
advertisements transmitted to facsimile machines.
"This is a victory for beleaguered consumers, who in this piece of legislation
have their declaration of independence from junk faxes and junk calls," said
Rep. Edward J. Markey, D-Mass., the measure's principal sponsor in the House.
Companies that make or use autodialers glumly predicted that the measure would
put them out of business and would hurt small advertisers the most.
"I think it will put us out of business," said Mark Anderson, owner of the
Leshoppe Corp., a New Orleans concern that uses about 160 machines for clients
who sell everything from tanning products to health insurance. "What people
don't understand is that a lot of mom-and-pop operations use electronic
marketing, and use it successfully."
Ray Kolker, president of Kolker Systems, the largest maker of autodialers,
echoed those views. "Passage of this bill demonstrates that Congress just
isn't as concerned about the economy as they think they are," he said. "This
will destroy a multibillion-dollar business."
Telemarketing has surged in recent years, as the cost of long-distance
telephone service has plunged and as consumers have become deluged by floods of
catalogues they do not read and envelopes they do not open.
According to congressional estimates, the volume of goods and services sold
through all forms of telephone marketing has increased from about $72 billion
in 1982 to $435 billion in 1990. Over all, an estimated 300,000 people are
employed in some facet of telephone marketing.
Autodialers, which can each make about 1,500 calls a day, have become one of
the most efficient but disliked forms of telemarketing. By one estimate,
20,000 autodialers are in operation at one time, with the capacity of making
more than 20 million calls in a single day.
During hearings on the issue earlier this year, Sen. Daniel K. Inouye,
D-Hawaii, noted irritably that he had been summoned to the telephone only to
hear a recorded sales message about winning a trip to Hawaii.
The legislation was not opposed by all companies involved in telephone sales.
Many marketing experts have long deplored the use of autodialers as a sales
tool, arguing that they are counter-productive because they generate more
irritation than sales interest.
The Direct Marketing Association, a trade group, has expressed cautious support
for the legislation and already maintains its own, voluntary "do not call"
list.
Beyond simply annoying people at home, the autodialers have been known to tie
up telephone paging networks and the switchboards of hospitals and
universities, and to call people on their cellular telephones.
But it remains unclear how effective the "do not call" lists would be in
practice, because the two options available to the FCC differ greatly.
A national list maintained by the government would effectively protect
consumers from all unwanted sales calls. But a requirement that each company
maintain its own list would be much more limited, because people might have to
call each company to be placed on its individual list.
Congressional aides noted that the measure passed Wednesday strongly implied
that the FCC should set up its own list, because it provides two pages of
detail on just how such a list should be created.
_______________________________________________________________________________
Foreign Guests Learn America Is Land Of The Free December 2, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Excerpted from the Orlando Sentinel
"Merry Christmas From BellSouth!"
A telephone computer glitch gave dozens of foreign travelers at downtown
Orlando hotel early Christmas presents Saturday and Sunday.
The giving began when a guest at the Plantation Manor, an international youth
hotel across from Lake Eola, discovered that pay phones were allowing free
long-distance calls to virtually anywhere in the world.
As the news spread, the four public phones, which are normally deserted at the
hotel, were busy non-stop until Sunday afternoon,when Southern Bell discovered
the problem and dispatched technicians to shut off long-distance service.
Roger Swain, a clerk at Plantation Manor, said the discovery was made by
accident.
"One of our guests said he tried to call Houston, Texas, from the second
floor," Swain said. The operator told him he didn't need to use coins because
the phone was not listed as a public phone. He was on the phone for 40
minutes, and they didn't charge him.'
A spokesman for AT&T, which handles long distance for some of Southern Bell's
phones, said the problem seemed to be with a Southern Bell computer.
"Our equipment is working fine," said Randy Berridge, AT&T spokesman. "If it's
a Southern Bell problem, they would bear the costs.'
It's possible Southern Bell recouped some money: It still cost 25 cents for a
local call.
"This is a drop in the ocean to them," one English traveler said of the phone
company, which had just covered the cost of his call home at the Sunday rate of
$21.74 for each half hour."
_______________________________________________________________________________
8th Chaos Computer Congress December 27-29, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Klaus Brunnstein
Special Thanks: Terra of CCC
On occasion of the 10th anniversary of its foundation, Chaos Computer Club
(CCC) organized its 8th Congress in Hamburg. To more than 400 participants
(largest participation ever, with growing number of students rather than
teen-age scholars), a rich diversity of PC and network related themes was
offered, with significantly less sessions than before devoted to critical
themes, such as phreaking, hacking or malware construction. Changes in the
European hacker scene became evident as only few people from Netherlands
(e.g. Hack-Tic) and Italy had come to this former hackers' Mecca.
Consequently, Congress news are only documented in German. As CCC's founding
members develop in age and experience, reflection of CCC's role and growing
diversity of opinions indicates that teen-age CCC may produce less spectacular
events than ever before.
This year's dominating theme covered presentations of communication techniques
for PCs, Ataris, Amigas and Unix, the development of a local net as well as
description of regional and international networks, including a survey. In
comparison, CCC '90 documents are more detailed on architectures while sessions
and demonstrations in CCC '91 (in "Hacker Center" and other rooms) were more
concerned with practical navigation in such nets.
Phreaking was covered by the Dutch group HACK-TIC which updated its CCC '90
presentation of how to "minimize expenditures for telephone conversations" by
using blue boxes and red boxes, and describing available software and recent
events. Detailed information on phreaking methods in specific countries and
bugs in some telecom systems were discussed. More information (in Dutch) was
available, including charts of electronic circuits, in several volumes of Dutch
"HACKTIC: Tidschrift voor Techno-Anarchisten" (news for techno-anarchists).
Remark #1: Recent events (e.g. "Gulf hacks") and material presented on Chaos
Congress '91 indicate that the Netherlands emerges as a new
European center of malicious attacks on systems and networks.
Among other potentially harmful information, HACKTIC #14/15
publishes code of computer viruses (a BAT-virus which does not work
properly.
Remark #2: While few Netherland universities devote research and teaching to
security, Delft university at least offers introductory courses
into data protection.
Different from recent years, a seminar on Computer viruses (presented by Morton
Swimmer of Virus Test Center, University of Hamburg) as deliberately devoted to
disseminate non-destructive information (avoiding any presentation of virus
programming). A survey of legal aspects of inadequate software quality
(including viruses and program errors) was presented by lawyer Freiherr von
Gravenreuth.
Some public attention was drawn to the fact that the "city-call" telephone
system radio-transmits information essentially as ASCII. A demonstration
proved that such transmitted texts may easily be intercepted, analyzed and
even manipulated on a PC. CCC publicly warned that "profiles" of such texts
(and those addressed) may easily be collected, and asked Telecom to inform
users about this insecurity; German Telecom did not follow this advice.
Besides discussions of emerging voice mailboxes, an interesting session
presented a C64-based chipcard analysis systems. Two students have built a
simple mechanism to analyze (from systematic IO analysis) the protocol of a
German telephone card communicating with the public telephone box; they
described, in some detail (including an electronmicroscopic photo) the
architecture and the system behavior, including 100 bytes of communication
data stored in a central German Telecom computer. Asked for legal implications
of their work, they argued that they just wanted to understand this technology,
and they were not aware of any legal constraint. They have not analyzed
possibilities to reload the telephone account (which is generally possible,
due to the architecture), and they did not analyze architectures or procedures
of other chipcards (bank cards etc).
Following CCC's (10-year old charter), essential discussions were devoted to
social themes. The "Feminine computer handling" workshop deliberately
excluded men (about 25 women participating), to avoid last year's experience
of male dominance in related discussions. A session (mainly attended by
informatics students) was devoted to "Informatics and Ethics", introducing the
international state-of-discussion, and discussing the value of professional
standards in the German case.
A discussion about "techno-terrorism" became somewhat symptomatic for CCC's
actual state. While external participants (von Gravenreuth, Brunnstein)
were invited to this theme, CCC-internal controversies presented the panel
discussion under the technical title "definition questions". While one
fraction wanted to discuss possibilities, examples and dangers of techno-
terrorism openly, others (CCC "ol'man" Wau Holland) wanted to generally define
"terrorism" somehow academically, and some undertook to describe "government
repression" as some sort of terrorism. In the controversial debate, a few
examples of technoterrorism (WANK worm, development of virus techniques for
economic competition and warfare) were given.
_______________________________________________________________________________
Another AT&T 800-Number Outage December 16, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Dana Blankenhorn (Newsbytes)
BASKING RIDGE, NEW JERSEY -- AT&T suffered another embarrassing outage on its
toll-free "800" number lines over the weekend, right in the middle of the
Christmas catalog shopping season.
Andrew Myers, an AT&T spokesman, said the problem hit at 7:20 PM on December 13
as technicians loaded new software into computers in Alabama, Georgia, and New
York. The software identifies and transfers 800 calls, he said. A total of
1.8 million calls originating in parts of the eastern U.S. were impacted, the
company said.
Service was restored after about one hour when technicians "backed off" the
patch and went back to using the old software. Programmers are now working on
the software, trying to stamp out the bugs before it's reloaded. "Obviously we
don't like it when a single call doesn't get through, but I wouldn't consider
this a serious problem," Myers said. The problem was reported to the Federal
Communications Commission over the weekend, and to the press the next day.
The latest problem continues a disturbing trend of AT&T service outages in the
Northeast. Worse, all the problems have had different causes -- power
problems, switch software problems, and cable cuts caused previous outages.
_______________________________________________________________________________
US Congress Sets Up BBS For Whistle Blowers December 16, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Dana Blankenhorn (Newsbytes)
WASHINGTON, D.C. -- U.S. Congressman Bob Wise and his House Government
Operations subcommittee on government information, justice and agriculture have
opened a bulletin board service for government whistle-blowers.
Wise himself is the system operator, or sysop, of the new board. Newsbytes
contacted the board and found it accepts parameters of 8 bit words, no parity,
and 1 stop bit, known as 8-N-1 in the trade, and will take calls from a
standard 2400 bit/second Hayes- compatible modem.
Whistle-blowers are employees who tell investigators about wrong- doing at
their companies or agencies, or "blow the whistle" on wrong-doing. Wise said
that pseudonyms will be accepted on the BBS -- most private systems demand
real names so as to avoid infiltration by computer crackers or other abusive
users. Passwords will keep other users from reading return messages from the
subcommittee, Wise added. The committee will check the board daily and get
back to callers about their charges. The board is using RBBS software, a
"freeware" package available without license fee.
The executive branch of the U.S. government uses a system of inspectors
general to police its offices, most of whom have telephone hotlines for
whistle-blowers and accept mail as well. But the inspectors expect whistle-
blowers to collect evidence at work, which could get them in trouble. And
efforts to contact the whistle-blower by an inspector general representative
can identify them to wrongdoers. Theoretically, calls from Congressional
staffers will be seen by the bad guys as typical annoying oversight calls.
Press Contact: Rep. Bob Wise
202-224-3121
202-225-5527 BBS
_______________________________________________________________________________
NIST Extends Review Deadline for Digital Signature December 16, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By John McCormick (Newsbytes)
WASHINGTON, DC -- NIST, the National Institute of Standards and Technology
(formerly the Bureau of Standards) has taken the unusual step of extending the
review period for the controversial digital signature standard which the agency
proposed at the end of August.
The normal 90-day comment period would already have ended, but the NIST has
extended that deadline until the end of February - some say because the agency
wishes to tighten the standard.
NIST spokespersons deny that there was any need to modify the proposed standard
to increase its level of security, but James Bidzos, whose RSA Data Security
markets a rival standard, says that the NIST's ElGamal algorithm is too weak
and is being promoted by the government because the National Security Agency
feels that it can easily break the code when necessary.
The new standard is not a way of encrypting messages themselves; that is
covered by the existing DES or Data Encryption Standard. Rather, the DSS or
Digital Signature Standard is the method used to verify the "signature" of the
person sending the message, i.e., to make certain that the message, which
might be an order to transfer money or some other important item, is really
>from the person who is authorized to send such instructions.
As Newsbytes reported back in July, the NSA and NIS had been charged with
developing a security system nearly four years ago. The recently announced
ElGamal algorithm was previously due to be released last fall, and in the
meantime the RSA encryption scheme has become quite popular.
At that time, NIST's deputy director, Raymond G. Kammer, told the Technology
and Competitiveness Subcommittee of the House (U.S. House of Representatives)
Science, Space and Technology Committee that the ElGamal encryption scheme,
patented by the federal government, was chosen because it would save federal
agencies money over the private RSA encryption and signature verification
scheme.
Interestingly enough, the only company that currently markets an ElGamal DS
system is Information Security Corp., 1141 Lake Cook Rd., Ste. D, Deerfield,
IL 60015, a company that fought and won a bitter court battle with RSA over
the right to market RSA-based encryption software to the federal government.
That was possible because RSA was developed at MIT by mathematicians working
under federal grants.
ISC's $249.95 Secret Agent, which uses the ElGamal algorithm, was released at
last year's Federal Office Systems Expo in Washington. ElGamal is a public key
system that can be used just like the RSA system but differs from it in
significant theoretical ways.
ISC's CEO and president, Thomas J. Venn, has told Newsbytes that the ElGamal
system is highly secure, but the ElGamal algorithm is quite different from
that of the RSA system, deriving its security from the difficulty of computing
discrete logarithms, in finite field, instead of using RSA's very different
method of factoring the products of two prime numbers.
RSA has fought back by posting a prize for anyone who can crack the RSA scheme.
To take a stab at it, send a self-addressed stamped envelope to RSA Data
Security, Inc., 10 Twin Dolphin Dr., Redwood City, CA 94065, for the RSA list
and the rules. Those with access to Internet e-mail can send a request to
[email protected].
_______________________________________________________________________________
PWN Quicknotes
~~~~~~~~~~~~~~
1. Computer bulletin boards aren't just for dweeby cyberpunks anymore -- at
least not in San Francisco. Entrepreneur Wayne Gregori has created SF Net,
a decidedly socialble computer network that links up patrons of the city's
dangerously hip cafe's. From the Lower Haight to south of Market Street,
high-tech trendies are interfacing over cappuccino. All you have to do is
buy a ticket from the cafe>, enter a number into an on-site computer and
begin your techno-chat at $1 per 15 minutes. The next Gregori test site is
Seattle, Washington. (Newsweek, December 2, 1991)
_______________________________________________________________________________
2. The (November 29, 1991 issue of) San Jose Mercury News reported that the
San Mateo, California 911 system was brought to it's knees because of a
prank <but not by any computer hacker or phone phreak>.
It seems that a disc jockey at KSOL decided to play a recent MC Hammer
record over and over and over... as a prank. Listeners were concerned that
something had happened to the personnel at the station, so they called 911
(and the police department business line). It seems that a few hundred
calls in forty five minutes or an hour was enough to jam up the system.
There was no report in the newspaper of any deaths or injuries to the
overloaded system.
The DJ didn't want to stop playing the record (claiming First Amendment
rights), but did insert an announcement to not call the police.
_____________________________________________________________________________
3. Jean Paul Barrett, a convict serving 33 years for forgery and fraud in the
Pima County jail in Tuscon, Arizona, was released on December 13, 1991
after receipt of a forged fax ordering his release. It appears that a copy
of a legitimate release order was altered to bear HIS name. Apparently no
one noticed that the faxed document lacked an originating phone number or
that there was no "formal" cover sheet. The "error" was discovered when
Barrett failed to show up for a court hearing.
The jail releases about 60 people each day, and faxes have become standard
procedure. Sheriff's Sergeant Rick Kastigar said "procedures are being
changed so the error will not occur again." (San Francisco Chronicle,
December 18, 1991, Page A3)
_______________________________________________________________________________
4. AT&T will boosted it's rates on direct-dial, out-of-state calls on January
2, 1992. The increase, to affect weekday and evening calls, would add
about 8 cents to the average monthly long-distance bill of $17 and about
$60 million to AT&T'd annual revenue. (USA Today, December 23, 1991, Page
B1)
_______________________________________________________________________________
5. The following was in the AT&T shareholders quarterly, and is submitted not
as a commercial solicitation but because somebody might be interested.
A colorful 22-by-28-inch poster that traces the development of the
telephone from Bell's first model to the latest high-technology feature
phone can be purchased for $12. To order, send a check to Poster, AT&T
Archives, WV A102, 5 Reinman Road, Warren, NJ 07059-0647.
(Telephone 908-756-1590.)"
(Special Thanks: The Tone Surfer)
_______________________________________________________________________________
6. Word has it that the normal toll-free number blue-box is now DEAD in
Norway. According to some information received by Phrack, the toll-free
numbers got switched onto the regular phone network in the United States,
which you can't phreak the same way. (Special Thanks: Nosferatu)
_______________________________________________________________________________
7. In case you've been trying to call Blitzkreig BBS and been unable to
connect with it, Predat0r is moving his board into the basement. He
said the board would be back up as of February 1st. He also said that
master copy of TAP #106 is finished, but he is a year behind on updating
his mailing list. Predat0r said that making the copies was no problem but
that with the influx of subscribers he was going to have to enlist local
help to get the database updated. He also said that if someone paid for
ten issues they will get ten issues. (Special Thanks: Roy the Tarantula)
_______________________________________________________________________________
8. There is a new science fiction book about called "Fallen Angels" by Larry
Niven. The basis for the book is this: The United States government has
been taken over by religious fanatics and militant environmentalists.
Soon the United States is an Anti-Technological police state. Two
astronauts are shot down over the United States and are on the run. They
are on the run from various government agencies such as the (Secret
Service like) Environmental Protection Agency. Nivin's wild imagination
provides for a great deal of humor as well as some things that are not
funny at all, due to the fact that they hit just a little to close to home.
The story also mentions the Legion of Doom and The Steve Jackson Games
raids. In the "acknowledgments" section at the rear of the book the author
has this to say, "As to the society portrayed here, of course much of it is
satirical. Alas, many of the incidents --- such as the Steve Jackson case
in which a business was searched by Secret Service Agents displaying an
unsigned search warrant --- are quite real. So are many of the anti-
technological arguments given in the book. There really is an anti-
intellectual on-campus movement to denounce 'materialistic science' in
favor of something considerably more 'cold and unforgiving.' So watch it."
(Special Thanks: The Mad Alchemist)
_______________________________________________________________________________
9. Bell Atlantic Shoots Themselves in the Foot (February 5, 1992) -- Newsbytes
reports that Bell Atlantic admits having funded an advocacy group "Small
Businesses for Advertising Choice" to oppose HR 3515, a bill regulating
the RBOCs' entry into info services. Tennessee Democrat Jim Cooper, the
sponsor, called it a "clumsy Astroturf campaign," meaning fake grass roots.
Republican co-sponsor Dan Schaeffer was a target of a similar campaign by US
West, in which telephone company employees were encouraged to call their
representatives on company time to oppose the measure.
The bill is HR 3515. To get a copy, call the House Documents Room at
(202)225 3456 and ask for a copy. It's free (more accurately, you have
already paid for it).
_______________________________________________________________________________
10. Computer Hackers Get Into Private Credit Records (Columbus Dispatch,
February 24, 1992) -- DAYTON - Computer hackers obtained confidential
credit reports of Midwest consumers from a credit reporting firm in
Atlanta. Atlanta-based Equifax said a ring of 30 hackers in Dayton [Ohio]
stole credit card numbers and bill-paying histories of the consumers by
using an Equifax customer's password.
Ronald J. Horst, security consultant for the company said the break-in
apparently began in January. Police don't know if the password was stolen
or if an employee of the client company cooperated with the hackers. Horst
said the hackers were apparently doing it just for fun. No charges have
been filed. Equifax will notify customers whose credit reports were taken.
_______________________________________________________________________________
11. Fingerprints And Connected Databases (Summary of an article by Stephen
Schwartz, San Francisco Chronicle, February 22, 1992, Page A16) -- A
fingerprint found in an unsolved 1984 murder of an 84-year-old woman was
kept in the San Francisco police database all these years. Recently the
San Francisco fingerprint database was linked with the Alameda County
fingerprint database. The old print matched a new one taken in connection
with a petty theft case, and so eight years later the police were able to
solve the old case (burglary, arson, homicide). The two girls implicated
were 12 and 15 at the time. (Special Thanks: Peter G. Neumann of RISKS)