informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/PHRACK/PHRACK16

1711 lines
66 KiB
Plaintext
Raw Normal View History

Initial commit
2021-04-15 11:31:59 -07:00
===== Phrack Magazine presents Phrack 16 =====
===== File 1 of 12 : Phrack 16 Intro =====
Greetings, and welcome to Phrack #16, we are a bit late, but bigger
then ever. I think you will find this issue very interesting.
Enjoy and have Phun
Elric of Imrryr - Editor
Contents this issue:
16.1 Phrack 16 Intro by Elric of Imrryr 2K
16.2 BELLCORE Information by The Mad Phone-Man 11K
16.3 A Hacker's Guide to Primos: Part 1 by Cosmos Kid 11K
16.4 Hacking GTN by The Kurgan 7K
16.5 Credit Card Laws Laws by Tom Brokow 7K
16.6 Tapping Telephone Lines by Agent Steal 9K
16.7 Reading Trans-Union Credit Reports by The Disk Jockey 6K
Phrack World News:
16.8 The Story Of the West German Hackers by Shooting Shark 3K
16.9 The Mad Phone-Man and the Gestapo by The Mad Phone-Man 2K
16.10 Flight of the Mad Phone-Man by The Mad Phone-Man 2K
16.11 Shadow Hawk Busted Again by Shooting Shark 2K
16.12 Coin Box Thief Wanted by The $muggler 2K
Submission to Phrack may be sent to the following BBSes:
Unlimited Reality 313-489-0747 Phrack
The Free World 301-668-7657 Phrack Inc. (*)
The Executive Inn 915-581-5145 Phrack
Lunatic Labs UnLtd. 415-278-7421 Phrack (*)
House of the Rising Sun 401-789-1809 Phrack
* You will get the quickest reply from these systems.
===== Phrack Magazine presents Phrack 16 =====
===== File 2 of 12 =====
--------------------------------------------------------------------
BELLCORE Information by The Mad Phone-man
--------------------------------------------------------------------
So, you've broken into the big phone box on the wall, and are looking at a
bunch of tags with numbers and letters on them. Which one is the modem line?
Which one is the 1-800 WATS line? Which one is the Alarm line? Bell has a
specific set of codes that enable you to identify what you're looking at.
These are the same codes the installer gets from the wire center to enable him
to set up the line, test it, and make sure it matches the customers order.
Here are some extracts from the Bellcore book.
First lets take a hypothetical line number I'm familiar with:
64FDDV 123456
-------------------------------------------------------------
The serial number format:
Prefix + service code + modifier + serial number +
digits: 1,2 3,4 5,6 7,8,9,10,11,12 continued
-------------------------------------------------------------------------
Suffix + CO assigning circuit number + segment
digits: 13,14,15 16,17,18,19 20,21,22
-------------------------------------------------------------------------
The important shit is in the 3rd thru 6th digit.
SERVICE CODES Intra or Inter LATA Block 1-26
-------------
AA- Packet analog access line
AB- Packet switch trunk
AD- Attendant
AF- Commercial audio fulltime
AI- Automatic identified outward dialing
AL- Alternate services
AM- Packet, off-network access line
AN- Announcement service
AO- International/Overseas audio (full time)
AP- Commercial audio (part time)
AT- International/Overseas audio (part time)
AU- Autoscript
BA- Protective alarm (CD)
BL- Bell & lights
BS- Siren control
CA- SSN Access
CB- OCC Audio facilities
CC- OCC Digital facility-medium speed
CE- SSN Station line
CF- OCC Special facility
CG- OCC Telegraph facility
CH- OCC Digital facility high-speed
CI- Concentrator Identifier trunk
CJ- OCC Control facility
CK- OCC Overseas connecting facility wide-band
CL- Centrex CO line
CM- OCC Video facility
CN- SSN Network trunk
CO- OCC Overseas connecting facility
CP- Concentrator identifier signaling link
CR- OCC Backup facility
CS- Channel service
CT- SSN Tie trunk
CV- OCC Voice grade facility
CW- OCC Wire pair facility
CZ- OCC Access facility
DA- Digital data off-net extension
DB- HSSDS 1.5 mb/s access line
DF- HSSDS 1.5 mb/s hub to hub
DG- HSSDS 1.5 mb/s hub to earth station
DH- Digital service
DI- Direct-in dial
DJ- Digit trunk
DK- Data link
DL- Dictation line
DO- Direct-out dial
DP- Digital data-2 4 kb/s
DQ- Digital data-4 8 kb/s
DR- Digital data-9.6 kb/s
DW- Digital data-56 kb/s
DY- Digital service (under 1 mb/s)
EA- Switched access
EB- ENFIA II end office trunk
EC- ENFIA II tandem trunk
EE- Combined access
EF- Entrance facility-voice grade
EG- Type #2 Telegraph
EL- Emergency reporting line
EM- Emergency reporting center trunk
EN- Exchange network access facility
EP- Entrance facility-program grade
EQ- Equipment only-(network only) assignment
ES- Extension service-voice grade
ET- Entrance facility-telegraph grade
EU- Extension service-telegraph grade
EV- Enhanced Emergency reporting trunk
EW- Off network MTS/WATS equivalent service
FD- Private line-data
FG- Group-supergroup spectrum
FR- Fire dispatch
FT- Foreign exchange trunk
FW- Wideband channel
FV- Voice grade facility
FX- Foreign exchange
HP- Non-DDS Digital data 2.4 kb/s
HQ- Non-DDS Digital data 4.8 kb/s
HR- Non-DDS Digital data 9.6 kb/s
HW- Non-DDS Digital data 56 kb/s
IT- Intertandem tie trunk
LA- Local area data channel
LL- Long distance terminal line
LS- Local service
LT- Long distance terminal trunk
MA- Cellular access trunk 2-way
MT- Wired music
NA- CSACC link (EPSCS)
NC- CNCC link (EPSCS)
ND- Network data line
OI- Off premises intercommunication station line
ON- Off network access line
OP- Off premises extension
OS- Off premises PBX station line
PA- Protective alarm (AC)
PC- Switched digital-access line
PG- Paging
PL- Private line-voice
PM- Protective monitoring
PR- Protective relaying-voice grade
PS- MSC constructed spare facility
PV- Protective relaying-telegraph grade
PW- Protective relaying-signal grade
PX- PBX station line
PZ- MSC constructed circuit
QU- Packet asynchronous access line
QS- Packet synchronous access line
RA- Remote attendant
RT- Radio landline
SA- Satellite trunk
SG- Control/Remote metering signal grade
SL- Secretarial line
SM- Sampling
SN- Special access termination
SQ- Equipment only-customer premises
SS- Dataphone select-a-station
TA- Tandem tie-trunk
TC- Control/Remote metering-telegraph grade
TF- Telephoto/Facsimile
TK- Local PBX trunk
TL- Non-tandem tie trunk
TR- Turret or automatic call distributor (ACD) trunk
TT- Teletypewriter channel
TU- Turret or automatic call distributor (ACD) line
TX- Dedicated facility
VF- Commercial television (full time)
VH- Commercial television (part time)
VM- Control/Remote metering-voice grade
VO- International overseas television
VR- Non-commercial television (7003,7004)
WC- Special 800 surface trunk
WD- Special WATS trunk (OUT)
WI- 800 surface trunk
WO- WATS line (OUT)
WS- WATS trunk (OUT)
WX- 800 service line
WY- WATS trunk (2-way)
WZ- WATS line (2-way)
ZA- Alarm circuits
ZC- Call and talk circuits
ZE- Emergency patching circuits
ZF- Order circuits, facility
ZM- Measurement and recording circuits
ZP- Test circuit, plant service center
ZQ- Quality and management circuits
ZS- Switching, control and transfer circuits
ZT- Test circuits, central office
ZV- Order circuits, service
SERVICE CODES FOR LATA ACCESS
---------------------------------------------------
HC- High capacity 1.544 mb/ps
HD- High capacity 3.152 mb/ps
HE- High capacity 6.312 mb/ps
HF- High capacity 6.312
HG- High capacity 274.176 mb/s
HS- High capacity subrate
LB- Voice-non switched line
LC- Voice-switched line
LD- Voice-switched trunk
LE- Voice and tone-radio landline
LF- Data low-speed
LG- Basic data
LH- Voice and data-PSN access trunk
LJ- Voice and data SSN access
LK- Voice and data-SSN-intermachine trunk
LN- Data extension, voice grade data facility
LP- Telephoto/Facsimile
LQ- Voice grade customized
LR- Protection relay-voice grade
LZ- Dedicated facility
MQ- Metallic customized
NQ- Telegraph customized
NT- Protection alarm-metallic
NU- Protection alarm
NV- Protective relaying/Telegraph grade
NW- Telegraph grade facility-75 baud
NY- Telegraph grade facility- 150 baud
PE- Program audio, 200-3500 hz
PF- Program audio, 100-5000 hz
PJ- Program audio, 50-8000 hz
PK- Program audio, 50-15000 hz
PQ- Program grade customized
SB- Switched access-standard
SD- Switched access-improved
SE- Special access WATS-access-std
SF- Special access WATS access line improved
SJ- Limited switched access line
TQ- Television grade customized
TV- TV Channel one way 15khz audio
TW- TV Channel one way 5khz audio
WB- Wideband digital, 19.2 kb/s
WE- Wideband digital, 50 kb/s
WF- Wideband digital, 230.4 kb/s
WH- Wideband digital, 56 kb/s
WJ- Wideband analog, 60-108 khz
WL- Wideband analog 312-552 khz
WN- Wideband analog 10hz-20 khz
WP- Wideband analog, 29-44 khz
WR- Wideband analog 564-3064 khz
XA- Dedicated digital, 2.4 kb/s
XB- Dedicated digital, 4.8 kb/s
XG- Dedicated digital, 9.6 kb/s
XH- Dedicated digital 56. kb/s
Now the last two positions of real importance, 5 & 6 translate thusly:
Modifier Character Position 5
------------------------------
INTRASTATE INTERSTATE
-------------------------------------
A B Alternate data & non data
-------------------------------------
C Customer controlled service
-------------------------------------
D E Data
-------------------------------------
N L Non-data operation
-------------------------------------
P Only offered under intra restructured
private line (RPL) tariff
-------------------------------------
S T Simultaneous data & non-data
-------------------------------------
F Interexchange carriers is less than 50%
-------------------------------------
G Interstate carrier is more than 50%
usage
==============================================================================
MODIFIER CHARACTER POSITION 6
--------------------------------------------------------------
TYPE OF SERVICE Intra LATA
--------------------------------------
ALL EXCEPT US GOVT US GOVERNMENT
--------------------------------------
T M Circuit is BOC customer to BOC customer
all facilities are TELCO provided
--------------------------------------
C P Circuit is BOC/BOC and part of
facilities or equipment is telco
provided
--------------------------------------
A J Circuit is BOC/BOC all electrically
connected equip is customer provided
--------------------------------------
L F Circuit terminates at interexchange
carrier customers location
--------------------------------------
Z Official company service
--------------------------------------
Interlata
S S Circuit terminates at interexchange
carriers point of term (POT)
--------------------------------------
V V Circuit terminates at an interface of a
radio common carrier (RCC)
--------------------------------------
Z Official company service
--------------------------------------
Corridor
Y X Corridor circuit
--------------------------------------
International
K H Circuit has at least 2 terminations in
different countries
--------------------------------------
Interexchange carrier
Y X Transport circuit between interexchange
carrier terminals.
----------------------------------------
So 64FDDV would be a private line data circuit terminating at a radiocommon
carrier. Other examples can be decoded likewise.
Enjoy this information as much as I've had finding it.
-= The Mad Phone-man =-
===== Phrack Magazine presents Phrack 16 =====
===== File 3 of 12 =====
==========================================
==== Cosmos Kid Presents... ====
==== A Hacker's Guide To: PRIMOS ====
==== Part I ====
==== (c) 1987 by Cosmos Kid ====
==========================================
Author's Note:
--------------
This file is the first of two files dealing with PRIMOS and its operations.
The next file will be in circulation soon so be sure to check it out at any
good BBS.
Preface:
--------
This file is written in a form to teach beginners as well as experienced
Primos users about the system. It is written primarily for beginners however.
PRIMOS, contrary to popular belief can be a very powerful system if used
correctly. I have outlined some VERY BASIC commands and their use in this
file along with some extra commands, not so BASIC.
Logging On To A PRIMOS:
-----------------------
A PRIMOS system is best recognized by its unusual prompts. These are: 'OK',
and 'ER!'. Once connected, these are not the prompts you get. The System
should identify itself with a login such as:
Primenet V2.3
-or-
Primecom Network
The system then expects some input from you,preferably: LOGIN. You will
then be asked to enter your user identification and password as a security
measure. The login onto a PRIMOS is as follows:
CONNECT
Primenet V 2.3 (system)
LOGIN<CR> (you)
User id? (system)
AA1234 (you)
Password? (system)
KILLME (you)
OK, (system)
Preceding the OK, will be the systems opening message. Note that if you fail
to type login once connected, most other commands are ignored and the system
responds with:
Please Login
ER!
Logging Off Of A PRIMOS:
------------------------
If at any time you get bored with Primos, just type 'LOGOFF' to leave the
system. Some systems have a TIMEOUT feature implemented meaning that if you
fail to type anything for the specified amount of time the system will
automatically log you out, telling you something like:
Maximum Inactive Time Limit Exceeded
System Prompts:
---------------
As stated previously, the prompts 'ER!' and 'OK,' are used on Primos. The
'OK,' denotes that last command was executed properly and it is now waiting
for your next command. The 'ER!' prompt denotes that you made an error in
typing your last command. This prompt is usually preceded by an error
message.
Special Characters:
-------------------
Some terminals have certain characteristics that are built in to the terminal.
key
CONTROL-H
Deletes the last character typed.
Other Special Characters:
-------------------------
RETURN: The return key signals PRIMOS that you have completed typing a
command and that you are ready for PRIMOS to process the command.
BREAK/CONTROL-P: Stops whatever is currently being processed in memory and
will return PRIMOS to your control. To restart a process,
type:
START (abbreviated with S).
CONTROL-S: Stops the scrolling of the output on your terminal for viewing.
CONTROL-Q: Resumes the output scrolling on your terminal for inspection.
SEMICOLON ';': The logical end of line character. The semicolon is used to
enter more than one command on one line.
Getting Help:
-------------
You can get on-line information about the available PRIMOS commands by using
the 'HELP' command. The HELP system is keyword driven. That is, all
information is stored under keywords that indicate the content of the help
files. This is similar to VAX. Entering the single command 'HELP' will enter
the HELP sub-system and will display an informative page of text. The next
page displayed will provide you with a list of topics and their keywords.
These topics include such items as PRIME, RAP, MAIL, and DOC. If you entered
the MAIL keyword, you would be given information concerning the mail sub-
system available to users on P simply enter PRIME to obtain information on all
PRIMOS commands. You could then enter COPY to obtain information on that
specific topic.
Files And Directories:
----------------------
The name of a file or sub-directory may have up to 32 characters. The
filename may contain any of the following characters, with the only
restriction being that the first character of the filename may not be a digit.
Please note that BLANK spaces are NOT allowed ANYWHERE:
A-Z .....alphabet
0-9 .....numeric digits
& .....ampersand
# .....pound sign
$ .....dollar sign
- .....dash/minus sign
* .....asterisk/star
. .....period/dot
/ .....slash/divide sign
Naming Conventions:
-------------------
There are very few restrictions on the name that you may give a file.
However, you should note that many of the compilers (language processors) and
commands on the PRIME will make certain assumptions if you follow certain
guidelines. File name suffixes help to identify the file contents with regard
to the language the source code was written in and the contents of the file.
For instance, if you wrote a PL/1 program and named the file containing the
source code 'PROG1.PL1' (SEGmented loader) would take the binary file, link
all the binary libraries that you specify and produce a file named
'PROG1.SEG', which would contain the binary code necessary to execute the
program. Some common filename suffixes are: F77, PAS, COBOL, PL1G, BASIC,
FTN, CC, SPIT (source files). These all denote separate languages and get
into more advanced programming on PRIMOS. (e.g. FTN=Fortran).
BIN=the binary code produced by the compiler
LIST=the program listing produced by the compiler
SEG=the linked binary code produced by SEG
Some files which do not use standard suffixes may instead use the filename
prefixes to identify the contents of the file. Some common filename prefixes
are:
B Binary code produced by the compiler
L source program Listing
C Command files
$ Temporary work files (e.g. T$0000)
# Seg files
Commands For File Handling:
----------------------------
PRIMOS has several commands to control and access files and file contents.
These commands can be used to list the contents of files and directories, and
to copy, add, delete, edit, and print the contents of files. The capitalized
letters of each are deleted. A LIST must be enclosed in parenthesis.
Close arg ....Closes the file specified by 'arg'. 'Arg' could also be
a list of PRIMOS file unit numbers, or the word 'ALL' which
closes all open files and units.
LIMITS ....Displays information about the login account, including
information about resources allocated and used, grantor, and
expiration date.
Edit Access ....Edits the Access rights for the named directories and
files.
CName arg1 arg2 ....Changes the Name of 'arg1' to 'arg2'. The arguments can
be files or directories.
LD ....The List Directory command has several arguments that
allow for controlled listing format and selection of entries.
Attach arg ....allows you to Attach to the directory 'arg' with the
access rights specified in the directory Access Control List.
DOWN <arg> ....allows you to go 'DOWN into' a sub-ufd (directory). You
can specify which one of several sub-ufds to descend into
with the optional 'arg'.
UP <arg> ....allows you to go 'UP into' a higher ufd (directory). You
can specify which one of several to climb into with the
optional 'arg'.
WHERE ....Displays what the current directory attach point is and
your access rights.
CREATE arg ....CREATES a new sub-directory as specified by 'arg'.
COPY arg1 arg2 ....COPIES the file or directory specified by 'arg1' into a
file by the same name specified by 'arg2'. Both 'arg1' and
'arg2' can be filename with the SPOOL command, whose format
is:
SPOOL filename -AT destination
where filename is the name of the file you want printed, and
destination is the name of the printer where you want the
file printed. For example if you want the file 'HACK.FTN'
printed at the destination 'LIB' type:
SPOOL HACK.FTN -AT LIB
PRIMOS then gives you some information telling you that the file named was
SPOOLed and the length of the file in PRIMOS records. To see the entries in
the SPOOL queue, type:
SPOOL -LIST
PRIMOS then lists out all the files waiting to be printed on the printers on
your login system. Also included in this information will be the filename of
the files waiting to print, the login account name of the user who SPOOLed the
file, the time that the file was SPOOLed, the size of the file in PRIMOS
records, and the printer name where the file is to print.
Changing The Password Of An Account:
------------------------------------
If you wish to change the password to your newly acquired account you must use
the 'CPW' command (Change PassWord). To do this enter the current password on
the command line followed by RETURN. PRIMOS will then prompt you for your
desired NEW password and then ask you to confirm your NEW password. To change
your password of 'JOE' to 'SCHMOE' then type:
OK, (system)
CPW JOE (you)
New Password? (system)
You can save a copy of your terminal session by using the COMO (COMmand
Output) command. When you type:
COMO filename
Everything which is typed or displayed on your terminal is saved (recorded)
into the filename on the command line (filename). If a file by the same name
exists, then that file will be REPLACED with NO WARNING GIVEN! When you have
finished doing whatever it was you wanted a hardcopy of, you type:
COMO -End
which will stop recording your session and will close the COMO file. You can
now print the COMO file using the SPOOL command as stated earlier.
Conclusion:
-----------
This concludes this first file on PRIMOS. Please remember this file is
written primarily for beginners, and some of the text may have seemed BORING!
However, this filewaswrittenin a verbose fashion to FULLYINTRODUCEPRIMOS
to beginners. Part II will deal with more the several languages on PRIMOS and
some other commands.
Author's Endnote:
-----------------
I would like to thank the following people for the help in writing this file:
AMADEUS (an oldie who is LONG GONE!)
The University Of Kentucky
State University Of New York (SUNY) Primenet
And countless others.....
Questions, threats, or suggestions to direct towards me, I can be found on any
of the following:
The Freeworld ][.........301-668-7657
Digital Logic............305-395-6906
The Executive Inn........915-581-5146
OSUNY BBS................914-725-4060
-=*< Cosmos Kid >*=-
========================================
===== Phrack Magazine presents Phrack 16 =====
===== File 4 of 12 =====
Hacking the Global Telecommunications Network
Researched and written by: The Kurgan
Compiled on 10/5/87
Network Procedure Differences
The Global Telecommunications Network (GTN) is Citibanks's international data
network, which allows Citicorp customers and personnel to access Citibank's
worldwide computerized services.
Two different sign on procedures exist: Type A and Type B. All users, except
some in the U.S., must use Type B. (U.S. users: the number you dial into
and the Welcome Banner you receive determine what sign-on procedure to
follow.) Welcome banners are as follows:
TYPE A:
WELCOME TO CITIBANK. PLEASE SIGN ON.
XXXXXXXX
@
PASSWORD =
@
TYPE B:
PLEASE ENTER YOUR ID:-1->
PLEASE ENTER YOUR PASSWORD:-2->
CITICORP (CITY NAME). KEY GHELP FOR HELP.
XXX.XXX
PLEASE SELECT SERVICE REQUIRED.-3->
Type A User Commands
User commands are either instructions or information you send to the network
for it to follow. The commands available are listed below.
User Action: Purpose:
@ (CR) To put you in command mode (mode in which you can put
your currently active service on hold and ask the network
for information, or log-off the service). (NOTE: This
symbol also serves as the network prompt; see Type A
messages.)
BYE (CR) To leave service from command mode.
Continue (CR) To return to application from command mode (off hold)
D (CR) To leave service from command mode.
ID To be recognized as a user by the network (beginning of
sign on procedure), type ID, then a space and your
assigned network ID. (Usually 5 or 6 characters long)
Status (CR) To see a listing of network address (only from @
prompt). You need this address when "reporting a
problem."
Type A messages
The network displays a variety of messages on your screen which either require
a user command or provide you with information.
Screen shows: Explanation:
@ Network prompt -- request for Network ID.
BAD PASSWORD Network does not except your password.
<address> BUSY The address is busy, try back later.
WELCOME TO CITIBANK. Network welcome banner. Second line provides address
PLEASE SIGN ON. # to be used when reporting "problems."
XXX.XXX
<address> ILLEGAL You typed in an address that doesn't exist.
<address> CONNECTED Your connection has been established.
DISCONNECTED Your connect has been disconnected.
NOT CONNECTED You're not connected to any service at the time.
NUI REQUIRED Enter your network user ID.
PASSWORD = Request for your assigned password.
STILL CONNECTED You are still connected to the service you were using.
? Network doesn't understand your entry.
Type B User Commands and Messages
Since the Type B procedure is used with GTN dial-ups, it requires fewer
commands to control the network. There is only 1 Type B command. Break plus
(CR) allows you to retain connection to one service, and connect with another.
Screen Shows: Explanation:
CITICORP (CITY NAME). Network Welcome banner. Type in service address.
PLEASE SELECT SERVICE
COM Connection made.
DER The port is closed out of order, or no open routes are
available.
DISCONNECTED You have disconnected from the service and the network.
ERR Error in service selected.
INV Error in system.
MOM Wait, the connection is being made.
NA Not authorized for this service.
NC Circuits busy, try again.
NP Check service address.
OCC Service busy, try again.
Sign-on Procedures:
There are two types of sign on procedures. Type A and Type B.
Type A:
To log onto a system with type A logon procedure, the easiest way is through
Telenet. Dial your local Telenet port. When you receive the "@" prompt, type
in the Type-A service address (found later in the article) then follow the
instructions from there on.
Type-B:
Dial the your GTN telephone #, then hit return twice. You will then see:
"PLEASE ENTER YOUR ID:-1->"
Type in a network ID number and hit return.
You will then see
"PLEASE ENTER YOUR PASSWORD:-2->"
Type in Network Password and hit return.
Finally you will see the "CITICORP (city name)" welcome banner, and it
will ask you to select the service you wish to log onto. Type the address and
hit return. (A list of addresses will be provided later)
Trouble Shooting:
If you should run into any problems, the Citicorp personnel will gladly
help their "employees" with any questions. Just pretend you work for Citibank
and they will give you a lot. This has been tried and tested. Many times,
when you attempt to log on to a system and you make a mistake with the
password, the system will give you a number to call for help. Call it and
tell them that you forgot your pass or something. It usually works, since
they don't expect people to be lying to them. If you have any questions about
the network itself, call 305-975-5223. It is the Technical Operations Center
(TOC) in Pompano, Florida.
Dial-Ups:
The following list of dial-ups is for North America. I have a list of
others, but I don't think that they would be required by anyone. Remember:
Dial-ups require Type-B log-on procedure. Type-A is available on systems
accessible through Telenet.
Canada Toronto 416-947-2992 (1200 Baud V.22 Modem Standard)
U.S.A. Los Angeles 213-629-4025 (300/1200 Baud U.S.A. Modem Standard)
Jersey City 201-798-8500
New York City 212-269-1274
212-809-1164
Service Addresses:
The following is a VERY short list of just some of the 100's of service
addresses. In a later issue I will publish a complete list.
Application Name: Type-A Type-B
CITIADVICE 2240001600 CADV
CITIBANKING ATHENS 2240004000 :30
CITIBANKING PARIS 2240003300 :33
CITIBANKING TOKYO 2240008100 :81
CITICASH MANAGER
INTERNATIONAL 1 (NAFG CORP) 2240001200 CCM1
INTERNATIONAL 7 (DFI/WELLS FARGO) 2240013700 CCM7
COMPMARK ON-LINE 2240002000 CS4
ECONOMIC WEEK ON-LINE 2240011100 FAME1
INFOPOOL/INFOTEXT 2240003800 IP
EXAMPLE OF LOGON PROCEDURE:
THE FOLLOWING IS THE BUFFERED TEXT OF A LOG-ON TO CITIBANKING PARIS THROUGH
TELENET.
CONNECT 1200
TELENET
216 13.41
TERMINAL=VT100
@2240003300
223 90331E CONNECTED
ENTER TYPE NUMBER OR RETURN
TYPE B IS BEEHIVE DM20
TYPE 1 IS DEC VT100
TYPE A IS DEC VT100 ADV VIDEO
TYPE 5 IS DEC VT52
TYPE C IS CIFER 2684
TYPE 3 IS LSI ADM 3A
TYPE L IS LSI ADM 31
TYPE I IS IBM 3101
TYPE H IS HP 2621
TYPE P IS PERKIN ELMER 1200
TYPE K IS PRINTER KEYBOARD
TYPE M IS MAI BASIC 4
TYPE T IS TELEVIDEO 9XX
TYPE V IS VOLKER CRAIG 4404
TYPE S IS SORD MICRO WITH CBMP
RELEASE BSC9.5 - 06JUN85
FOR 300 BAUD KEY ! AND CARRIAGE RETURN
CONFIG. K1.1-I11H-R-C-B128
ENTER TYPE NUMBER OR RETURN K
CONNECTED TO CITIBANK PARIS - CBP1 ,PORT 5
Have fun with this info, and remember, technology will rule in the end.
===== Phrack Magazine presents Phrack 16 =====
===== File 5 of 12 =====
----------------------------------------------------------------------------
| The Laws Governing Credit Card Fraud |
| |
| Written by Tom Brokaw |
| September 19, 1987 |
| |
| Written exclusively for: |
| Phrack Magazine |
| |
----------------------------------------------------------------------------
(A Tom Brokaw/Disk Jockey Law File Production)
Introduction:
------------
In this article, I will try to explain the laws concerning the illegal
use of credit cards. Explained will be the Michigan legislative view on the
misuse and definition of credit cards.
Definition:
----------
Well, Michigan Law section 157, defines a credit card as "Any instrument
or device which is sold, issued or otherwise distributed by a business
organization identified thereon for obtaining goods, property, services or
anything of value." A credit card holder is defined as: 1) "The person or
organization who requests a credit card and to whom or for whose benefit a
credit card is subsequently issued" or 2) "The person or organization to whom
a credit card was issued and who uses a credit card whether the issuance of
the credit card was requested or not." In other words, if the company or
individual is issued a card, once using it, they automatically agree to all
the laws and conditions that bind it.
Stealing, Removing, Retaining or Concealment:
--------------------------------------------
Michigan Law states, that it is illegal to "steal, knowingly take or
remove a credit card from a card holder." It also states that it is wrongful
to "conceal a credit card without the consent of the card holder." Notice
that it doesn't say anything about carbons or numbers acquired from BBSes,
but I think that it could be considered part of the laws governing the access
of a persons account without the knowledge of the cardholder, as described
above.
Possession with Intent to Circulate or Sell
-------------------------------------------
The law states that it is illegal to possess or have under one's control,
or receive a credit card if his intent is to circulate or sell the card. It
is also illegal to deliver, circulate or sell a credit card, knowing that such
a possession, control or receipt without the cardholders consent, shall be
guilty of a FELONY. Notice again, they say nothing about possession of
carbons or numbers directly. It also does not clearly state what circulation
or possession is, so we can only stipulate. All it says is that possession of
a card (material plastic) is illegal.
Fraud, forgery, material alteration, counterfeiting.
----------------------------------------------------
However, it might not be clearly illegal to possess a carbon or CC
number. It IS illegal to defraud a credit card holder. Michigan law states
that any person who, with intent to defraud, forge, materially alter or
counterfeit a credit card, shall be guilty of a felony.
Revoked or cancelled card, use with intent to defraud.
------------------------------------------------------
This states that "Any person who knowingly and with intent to defraud for
the purpose of obtaining goods, property or services or anything of value on a
credit card which has been revoked or cancelled or reported stolen by the
issuer or issuee, has been notified of the cancellation by registered or
certified mail or by another personal service shall be fined not more than
$1,000 and not imprisoned not more than a year, or both. However, it does not
clearly say if it is a felony or misdemeanor or civil infraction. My guess is
that it would be dependant on the amount and means that you used and received
when you defraud the company. Usually, if it is under $100, it is a
misdemeanor but if it is over $100, it is a felony. I guess they figure that
you should know these things.
The People of The State of Michigan vs. Anderson (possession)
------------------------------------------------
On April 4, 1980, H. Anderson attempted to purchase a pair of pants at
Danny's Fashion Shops, in the Detroit area. He went up to the cashier to pay
for the pants and the cashier asked him if he had permission to use the credit
card. He said "No, I won it last night in a card game". The guy said that I
could purchase $50 dollars worth of goods to pay back the debt. At the same
time, he presumed the card to be a valid one and not stolen. Well, as it
turned out it was stolen but he had no knowledge of this. Later, he went to
court and pleased guilty of attempted possession of a credit card of another
with intent or circulate or sell the same. At the guilty hearings, Mr.
Anderson stated that the credit card that he attempted to use had been
acquired by him in payment of a gambling debt and assumed that the person was
the owner. The trial court accepted his plea of guilty. At the sentencing,
Mr. Anderson, denied that he had any criminal intent. Anderson appealed the
decision stating that the court had erred by accepting his plea of guilty on
the basis of insufficient factual data. Therefore, the trial court should not
have convicted him of attempted possession and reversed the charges.
The People of the State of Michigan vs. Willie Dockery
------------------------------------------------------
On June 23, 1977, Willie Dockery attempted to purchase gas at a Sears gas
station by using a stolen credit card. The attendant noticed that his
driver's license picture was pasted on and notified the police. Dockery
stated that he had found the credit card and the license at an intersection,
in the city of Flint. He admitted that he knowingly used the credit card and
driver's license without the consent of the owner but he said that he only had
purchased gasoline on the card. It turns out that the credit card and
driver's license was stolen from a man, whose grocery store had been robbed.
Dockery said that he had no knowledge of the robbery and previous charges on
the cardwhich totalled$1,373.21. He admitted that he did paste his picture
on the driver's license. Butagain the court screws up, they receive evidence
that the defendant had a record of felonies dating back to when he was sixteen
and then assumed that he was guilty on the basis of his prior offenses. The
judge later said that the present sentence could not stand in this court so
the case was referred to another court.
Conclusion
----------
I hope that I have given you a better understanding about the law, that
considers the illegal aspects of using credit cards. All this information was
taken from The Michigan Compiled Laws Annotated Volume 754.157a-s and from The
Michigan Appeals Report.
In my next file I will talk about the laws concerning Check Fraud.
-Tom Brokaw
===== Phrack Magazine presents Phrack 16 =====
===== File 6 of 12 =====
******************************************************************************
* *
* Tapping Telephone Lines *
* *
* Voice or Data *
* *
* For Phun, Money, and Passwords *
* *
* Or How to Go to Jail for a Long Time. *
* *
******************************************************************************
Written by Agent Steal 08/87
Included in this file is...
* Equipment needed
* Where to buy it
* How to connect it
* How to read recorded data
But wait!! There's more!!
* How I found a Tymnet node
* How I got in
*************
THE EQUIPMENT
*************
First thing you need is an audio tape recorder. What you will be
recording, whether it be voice or data, will be in an analog audio format.
>From now on, most references will be towards data recording. Most standard
cassette recorders will work just fine. However, you are limited to 1 hour
recording time per side. This can present a problem in some situations. A
reel to reel can also be used. The limitations here are size and availability
of A.C. Also, some reel to reels lack a remote jack that will be used to
start and stop the recorder while the line is being used. This may not
present a problem. More later. The two types of recorders I would advise
staying away from (for data) are the micro cassette recorders and the standard
cassette recorders that have been modified for 8 to 10 hour record time. The
speed of these units is too unstable. The next item you need, oddly enough,
is sold by Radio Shack under the name "Telephone recording control" part
# 43-236 $24.95. See page 153 of the 1987 Radio Shack catalog.
*****************
HOW TO CONNECT IT
*****************
The Telephone recording control (TRC) has 3 wires coming out of it.
#1 Telco wire with modular jack. Cut this and replace with alligator clips.
#2 Audio wire with miniature phone jack (not telephone). This plugs
into the microphone level input jack of the tape recorder.
#3 Audio wire with sub miniature phone jack. This plugs into the "REM"
or remote control jack of the tape recorder.
Now all you need to do is find the telephone line, connect the alligator
clips, turn the recorder on, and come back later. Whenever the line goes off
hook, the recorder starts. It's that simple.
****************
READING THE DATA
****************
This is the tricky part. Different modems and different software respond
differently but there are basics. The modem should be connected as usual to
the telco line and computer. Now connect the speaker output of the tape
player directly to the telephone line. Pick up the phone and dial the high
side of a loop so your line doesn't make a lot of noise and garble up your
data. Now, command your modem into the answer mode and press play. The tape
should be lined up at the beginning of the recorded phone call, naturally, so
you can see the login. Only one side of the transmission between the host and
terminal can be monitored at a time. Going to the originate mode you will see
what the host transmitted. This will include the echoes of the terminal. Of
course the password will be echoed as ####### for example, but going to the
answer mode will display exactly what the terminal typed. You'll understand
when you see it. A couple of problems you might run into will be hum and
garbage characters on the screen. Try connecting the speaker output to the
microphone of the hand set in your phone. Use a 1 to 1 coupling transformer
between the tape player input and the TRC audio output. These problems are
usually caused when using A.C. powered equipment. The common ground of this
equipment interferes with the telco ground which is D.C. based.
I was a little reluctant to write this file because I have been
unsuccessful in reading any of the 1200 baud data I have recorded. I have
spoke with engineers and techs. Even one of the engineers who designs modems.
All of them agree that it IS possible, but can't tell me why I am unable to do
this. I believe that the problems is in my cheap ass modem. One tech told me
I needed a modem with phase equalization circuitry which is found in most
expensive 2400 baud modems. Well one of these days I'll find $500 lying on
the street and I'll have nothing better to spend it on! Ha! Actually, I have
a plan and that's another file.....
I should point out one way of reading 1200 baud data. This should work in
theory, however, I have not attempted it.
Any fully Hayes compatible modem has a command that shuts off the carrier
and allows you to monitor the phone line. The command is ATS10. You would
then type either answer or originate depending on who you wanted to monitor.
It would be possible to write a program that records the first 300 or so
characters then writes it to disk, thus allowing unattended operation.
**************
HOW CRAZY I AM
**************
PASSWORDS GALORE!!!!
After numerous calls to several Bell offices, I found the one that handled
Tymnet's account. Here's a rough transcript:
Op: Pacific Bell priority customer order dept. How may I help you?
Me: Good Morning, this is Mr. Miller with Tymnet Inc. We're interested in
adding some service to our x town location.
Op: I'll be happy to help you Mr. Miller.
Me: I need to know how many lines we have coming in on our rotary and if we
have extra pairs on our trunk. We are considering adding ten additional
lines on that rotary and maybe some FX service.
Op: Ok....What's the number this is referenced to?
Me: xxx-xxx-xxxx (local node #)
Op: Hold on a min....Ok bla, bla, bla.
Well you get the idea. Anyway, after asking her a few more unimportant
questions I asked her for the address. No problem, she didn't even hesitate.
Of course this could have been avoided if the CN/A in my area would give out
addresses, but they don't, just listings. Dressed in my best telco outfit,
Pac*Bell baseball cap, tool belt and test set, I was out the door. There it
was, just an office building, even had a computer store in it. After
exploring the building for awhile, I found it. A large steel door with a push
button lock. Back to the phone. After finding the number where the service
techs were I called it and talked to the tech manager.
Mgr: Hello this is Joe Moron.
Me: Hi this is Mr. Miller (I like that name) with Pacific Bell. I'm down
here at your x town node and we're having problems locating a gas leak
in one of our Trunks. I believe our trunk terminates pressurization in
your room.
Mgr: I'm not sure...
Me: Well could you have someone meet me down here or give me the entry code?
Mgr: Sure the code is 1234.
Me: Thanks, I'll let you know if there's any trouble.
So, I ran home, got my VCR (stereo), and picked up another TRC from Trash
Shack. I connected the VCR to the first two incoming lines on the rotary.
One went to each channel (left,right). Since the volume of calls is almost
consistent, it wasn't necessary to stop the recorder between calls. I just
let it run. I would come back the next day to change the tape. The VCR was
placed under the floor in case a tech happened to come by for maintenance.
These nodes are little computer rooms with air conditioners and raised floors.
The modems and packet switching equipment are all rack mounted behind glass.
Also, most of the nodes are unmanned. What did I get? Well a lot of the
logins were 1200, so I never found out what they were. Still have 'em on tape
though! Also a large portion of traffic on both Tymnet and Telenet is those
little credit card verification machines calling up Visa or Amex. The
transaction takes about 30 secs and there are 100's on my tapes. The rest is
as follows:
Easylink CompuServe Quantumlink 3Mmail
PeopleLink Homebanking USPS Chrysler parts order
Yamaha Ford Dow Jones
And a few other misc. systems of little interest. I'm sure if I was
persistent, I'd get something a little more interesting. I spent several
months trying to figure out my 1200 baud problem. When I went back down there
the code had been changed. Why? Well I didn't want to find out. I was out
of there! I had told a couple of people who I later found could not be
trusted. Oh well. Better safe than sorry.
**************************************
Well, if you need to reach me,try my VMS at 415-338-7000 box 8130. But no
telling how long that will last. And of course there's always P-80 systems at
304-744-2253. Probably be there forever. Thanks Scan Man, whoever you are.
Also read my file on telco local loop wiring. It will help you understand how
to find the line you are looking for. It should be called Telcowiring.Txt
<<< AGENT STEAL >>>
===== Phrack Magazine presents Phrack 16 =====
===== File 7 of 12 =====
------------------------------------------------------------------------
- The Disk Jockey -
- presents: -
- -
- Reading Trans-Union Reports: -
- A lesson in terms used -
- (A 2af presentation) -
------------------------------------------------------------------------
This file is dedicated to all the phreaks/hacks that were busted in the summer
of 1987, perhaps one of the most crippling summers ever for us.
Preface:
-------
Trans-Union is a credit service much like CBI, TRW or Chilton, but offers
more competitive rates, and is being used more and more by many credit
checking agencies.
Logging in:
----------
Call one of the Trans Union dial-ups at 300,E,7,1, Half Duplex. Such a
dial-up is 314-XXX-XXXX. After connecting, hit Ctrl-S. The system will echo
back a 'GO ' and then awaits you to begin the procedure of entering the
account and password, then mode, i.e.: S F1111,111,H,T. The system will
then tell you what database you are logged on to, which is mostly
insignificant for your use. To then pull a report, you would type the
following: P JONES,JIM* 2600,STREET,CHICAGO,IL,60604** <Ctrl-S>. The name
is Jim Jones, 2600 is his street address, street is the street name, Chicago
is the city, IL is the state, 60604 is the zip.
The Report:
----------
The report will come out, and will look rather odd, with all types of
notation. An example of a Visa card would be:
SUB NAME/ACCT# SUB# OPEND HICR DTRP/TERM BAL/MAX.DEL PAY.PAT MOP
CITIBANK B453411 3/87 $1000 9/87A $0 12111 R01
4128XXXXXXXXX $1500 5/87 $120
Ok, Citibank is the issuing bank. B453411 is their subscriber code. 3/87 is
when the account was opened. HICR is the most that has been spent on that
card. 9/87 is when the report was last updated (usually monthly if active).
$1000 is the credit line. $0 is the current balance. 12111 is the payment
pattern, where 1=pays in 30 days and 2=pays in 60 days. R01 means that it is a
"Revolving" account, meaning that he can make payments rather than pay the
entire bill at once. 4128-etc is his account number (card number). $1500 is
his credit line. 5/87 is when he was late on a payment last. $120 is the
amount that he was late with.
Here is a list of terms that will help you identify and understand the reports
better:
ECOA Inquiry and Account Designators
------------------------------------
I Individual account for sole use of applicant
C Joint spousal contractual liability
A Authorized user of shared account
P Participant in use of account that is neither C nor A
S Co-signer, not spouse
M Maker primarily liable for account, co-signer involved
T Relationship with account terminated
U Undesignated
N Non-Applicant spouse inquiry
Remarks and FCBA Dispute Codes
------------------------------
AJP Adjustment pending
BKL Bankruptcy loss
CCA Consumer counseling account
CLA Placed for collection
CLO Closed to further purchases
CTS Contact Subscriber
DIS Dispute following resolution
DRP Dispute resolution pending
FCL Foreclosure
MOV Moved, left no forwarding address
ND No dispute
PRL Profit and loss write-off
RFN Account refinanced
RLD Repossession, paid by dealer
RLP Repossession, proceeds applied towards debt
RPO Repossession
RRE Repossession, redeemed
RS Dispute resolved
RVD Returned voluntarily, paid by dealer
RVN Returned voluntarily
RVP Returned voluntarily, proceeds go towards debt
RVR Returned voluntarily, redeemed
SET Settled for less than full balance
STL Plate (card) stolen or lost
TRF Transferred to another office
Type of Account
---------------
O Open account (30 or 90 days)
R Revolving or option account (open-end)
I Installment (fixed number of payments)
M Mortgage
C Check credit (line of credit at a bank)
Usual Manner of Payment
-----------------------
00 Too new to rate; approved, but not used or not rated
01 Pays (or paid) within 30 days of billing, pays accounts as agreed
02 Pays in more than 30 days, but not more than 60 days
03 Pays in more than 60 days, but not more than 90 days
04 Pays in more than 90 days, but not more than 120 days
05 Pays in 120 days or more
07 Makes payments under wage earner plan or similar arrangement
08 Repossession
8A Voluntary repossession
8D Legal repossession
8R Redeemed repossession
09 Bad debt; placed for collection; suit; judgement; skip
9B Placed for collection
UR Unrated
UC Unclassified
Kinds of Business Classification
-------------------------------
A Automotive
B Banks
C Clothing
D Department and variety
F Finance
G Groceries
H Home furnishings
I Insurance
J Jewelry and cameras
K Contractors
L Lumber, building materials
M Medical and related health
N National credit card
O Oil and national credit card
P Personal services other than medical
Q Mail order houses
R Real estate and public accommodations
S Sporting goods
T Farm and garden supplies
U Utilities and fuel
V Government
W Wholesale
X Advertising
Y Collection services
Z Miscellaneous
Type of Installment Loan
------------------------
AF Appliance/Furniture
AP Airplane
AU Automobile
BT Boat
CA Camper
CL Credit line
CM Co-maker
CO Consolidation
EQ Equipment
FH FHA contract loan
FS Finance statement
HI Home improvement
IN Insurance
LE Leases
MB Mobile home
MC Miscellaneous
MT Motor home
PI Property improvement plan
PL Personal loan
RE Real estate
ST Student loan
SV Savings bond, stock, etc.
US Unsecured
VA Veteran loan
Date Codes
----------
A Automated, most current information available
C Closed date
F Repossessed/Written off
M Further updates stopped
P Paid
R Reported data
S Date of last sale
V Verified date
Employment Verification Indicator
---------------------------------
D Declined verification
I Indirect
N No record
R Reported, but not verified
S Slow answering
T Terminated
V Verified
X No reply
Hope this helps. Anyone that has used Trans-Union will surely appreciate
this, as the result codes are sometimes hard to decipher.
-The Disk Jockey
#### PHRACK PRESENTS ISSUE 16 ####
^*^*^*^Phrack World News, Part 1^*^*^*^
**** File 8 of 12 ****
>From the 9/16 San Francisco Chronicle, page A19:
GERMAN HACKERS BREAK INTO NASA NETWORK (excerpted)
Bonn
A group of West German computer hobbyists broke into an international
computer network of the National Aeronautics and Space Administration and
rummaged freely among the data for at least three months before they were
discovered, computer enthusiasts and network users said yesterday.
An organization in Hamburg called the Chaos Computer Club, which
claimed to be speaking for an anonymous group that broke into the network,
said the illicit users managed to install a "Trojan horse," and gain entry
into 135 computers on the European network.
A "Trojan Horse" is a term for a permanent program that enables
amateur computer enthusiasts [as opposed to professionals?], or "hackers,"
to use a password to bypass all the security procedures of a system and gain
access to all the data in a target computer.
[Actually, this type of program is a 'back door' or a 'trap door.' The group
may very well have *used* a Trojan horse to enable them to create the back
door, but it probably wasn't a Trojan horse per se. A Trojan horse is a
program that does something illicit and unknown to the user in addition to its
expected task. See Phrack xx-x, "Unix Trojan Horses," for info on how to
create a Trojan horse which in turn creates a trap door into someone's
account.]
The NASA network that was broken into is called the Space Physics
Analysis Network [ooh!] and is chiefly designed to provide authorized
scientists and organizations with access to NASA data. The security system in
the network was supplied by an American company, the Digital Equipment Corp.
[Probably DECNET. Serves them right.] Users said the network is widely used
by scientists in the United States, Britain, West Germany, Japan and five
other countries and does not carry classified information.
A Chaos club spokesman, Wau Holland, denied that any data had been
changed. This, he said, went against "hacker ethics."
West German television reports said that computer piracy carries a
penalty of three years in prison in West Germany. The government has not said
what it plans to do.
The Chaos club clearly views its break-in as a major coup. Holland,
reached by telephone in Hamburg, said it was "the most successful running of a
Trojan horse" to his knowledge, and the club sent a lengthy telex message to
news organizations.
It said the "Trojan horse" was spotted by a user in August, and the
infiltrating group then decided to go public because "they feared that they
had entered the dangerous field of industry espionage, economic crime, East-
West conflict...and the legitimate security interests of high-tech
institutions."
The weekly magazine Stern carried an interview with several anonymous
hobbyists who showed how they gained access to the network. One described his
excitement when for the first time he saw on his screen, "Welcome to the NASA
headquarters VAX installation."
According to Chaos, the hobbyists discovered a gap in the Digital VAX
systems 4.4 and 4.5 and used it to install their "Trojan Horse."
[Excerpted and Typed by Shooting Shark. Comments by same.]
#### PHRACK PRESENTS ISSUE 16 ####
^*^*^*^Phrack World News, Part 2^*^*^*^
**** File 9 of 12 ****
[Ed's Note: CertainThings in the article have been blanked (XXXXX) at the
request of the author]
The Story of the Feds on XXXXXXX BBS
By The Mad Phone Man
Returninghome one afternoon with a friend, I knew something wasn't
right when I walked into the computer room. I see a "Newuser" on the board...
and the language he's using is... well "Intimidating"...
"I want you all to know I'm with the OCC task force and we know who you are...
we are going to have a little get-together and 'talk' to you all."
Hmmm... a loser?... I go into chat mode... "Hey dude, what's up?" I ask.
"Your number asshole" he says.... Well, fine way to log on to a board if I do
say.... "Hey, you know I talked to you and I know who you are.." "Oh
yeah...Who am I?." he hesitates and says... "Well uh.. you used to work for
Sprint didn't you?"
I say, "No, you've got me confused with someone else I think, I'm a junior
in high school."
"Ohyeah?.. You got some pretty big words for a high school kid," he
says....
"Well, in case you didn't know, they teach English as a major these
days...."
He says... "Do you really want to know which LD company I'm with?"
I say "NO, but if it will make you happy, tell me."
He says MCI. (Whew! I don't use them)... "Well you're outta luck
asshole, I pay for my calls, and I don't use MCI." He's dumbfounded.
I wish him the worst as he asks me to leave his rather threatening
post up on my board and we hang up on him.
Now, I'm half paralyzed... hmmm.... Check his info-form... he left a
number in 303... Denver.... I grab the phone and call it.. It's the Stromberg
Telephone company... Bingo.. I've got him.
I search my user files and come up with a user called "Cocheese" from
there, and I voice validated him, and he said he worked for a small telco
called Stromberg... I'm onto him now.
Later in the week, I'm in a telco office in a nearby major city, I
happen to see a book, marked "Confidential Employee Numbers for AT&T." I
thumb thru and lo and behold, an R.F. Stromberg works at an office of AT&T in
Denver, and I can't cross reference him to an office. (A sure sign he's in
security). Well, not to be out-done by this loser... I dial up NCIC and check
for a group search for a driver's licence for him... Bingo. Licence number,
cars he owns, his SS number, and a cross reference of the licence files finds
his wife, two kids and a boat registered to him.
I've never called him back, but If I do have any trouble with him, I'm
gonna pay a little visit to Colorado....
#### PHRACK PRESENTS ISSUE 16 ####
^*^*^*^Phrack World News, Part 3^*^*^*^
**** File 10 of 12 ****
[Ed's Note: Certain names have been change in the article to protect the
author]
The Flight of The Mad Phone-Man's BBS to a Friendly Foreign Country
Using my knowledge that the pigs grab your computer when they bust
you,I got real worried about losing a BIG investment I've got in my IBM. I
decide there's a better way.... Move it! But where? Where's safe from the
PhBI? Well in the old days, to escape the draft, you went to Canada, why not
expatriate my board.... Well the costs of a line are very high, let's see
what's available elsewhere.
One afternoon, I'm working at a local hospital,(one I do telecom work
for) and I ask the comm mgr if they have any links to Canada? He says why
yes, we have an inter-medical link over a 23ghz microwave into the city just
across the border. I ask to see the equipment. WOW! My dreams come true,
it's a D4 bank (Rockwell) and it's only got 4 channel cards in it. Now, being
a "nice" guy, I offer to do maintenance on this equipment if he would let me
put up another channel...he agrees. The plot thickens.
I've got a satellite office for a business near the hospital on the
other side, I quickly call up good ole Bell Canada, and have them run a 2 wire
line from the equipment room to my office. Now the only thing to get is a
couple of cards to plug into the MUX to put me on the air.
A 2 wire E&M card goes for bout $319, and I'd need two. Ilook around
the state, and find one bad one in Rochester.... I'm on my way that afternoon
via motorcycle. The card is mine, and the only thing I can find wrong is a
bad voltage regulator. I stop by the Rockwell office in suburban Rochester
and exchange the card, while I'm there, I buy a second one (Yeah, on my card)
and drive home.... by 9pm that night the circuit is up, and we are on the air.
Results- Very good line, no noise, can be converted with another card
for a modest fee if I want the bandwidth. So that's the story of how the
board went to a "friendly foreign country."
The Mad Phone-Man
#### PHRACK PRESENTS ISSUE 16 ####
^*^*^*^Phrack World News, Part 4^*^*^*^
**** File 11 of 12 ****
Shadow Hawk Busted Again
========================
As many of you know, Shadow Hawk (a/k/a Shadow Hawk 1) had his home
searched by agents of the FBI, Secret Service, and the Defense Criminal
Investigative Services and had some of his property confiscated by them on
September 4th. We're not going to reprint the Washington Post article as it's
available through other sources. Instead, a summary:
In early July, SH bought an AT&T 3B1 ("Unix PC") with a 67MB drive for
a dirt-cheap $525. He got Sys V 3.5 for another $200 but was dissatisfied
with much of the software they gave him (e.g. they gave him uucp version 1.1).
When he was tagged by the feds, he had been downloading software (in
the form of C sources) from various AT&T systems. According to reports, these
included the Bell Labs installations at Naperville, Illinois and Murray Hill,
New Jersey. Prosecutors said he also gained entry to (and downloaded software
from) AT&T systems at a NATO installation in Burlington, North Carolina and
Robins AFB in Georgia. AT&T claims he stole $1 million worth of software.
Some of it was unreleased software taken from the Bell Labs systems that was
given hypothetical price tags by Bell Labs spokespersons. Agents took his
3B1, two Atari STs he had in his room, and several diskettes.
SH is 17 and apparently will be treated as a minor. At the time of
this writing, he will either be subject to federal prosecution for 'computer
theft' or will be subject to prosecution only by the State of Illinois.
SH's lawyer, Karen Plant, was quoted as saying that SH "categorically
denies doing anything that he should not have been doing" and that he "had
absolutely no sinister motives in terms of stealing property." As we said, he
was just collecting software for his new Unix PC. When I talked to Ms. Plant
on September 25th, she told me that she had no idea if or when the U.S.
Attorney would prosecute. Karen Plant can be reached at (312) 263-1355. Her
address is 134 North LaSalle, #306, Chicago, Illinois.
---------
On July 9th SH wrote:
So you see, I'm screwed. Oh yeah, even worse! In my infinite (wisdom
|| stupidity, take your pick 8-)) I set up a local AT&T owned 7300 to call me
up and send me their uucp files (my uucp works ok for receive) and guess what.
I don't think I've to elaborate further on THAT one... (holding my breath, so
to type)
(_>Sh<_
---
#### PHRACK PRESENTS ISSUE 16 ####
^*^*^*^Phrack World News, Part 5^*^*^*^
**** File 12 of 12 ****
"Phone Companies Across U.S. Want Coins Box Thief's Number"
From the Tribune - Thursday, Nov. 5, 1987
SAN FRANCISCO - Seven telephone companies across the country, including
Pacific Bell, are so frazzled by a coin box thief that they are offering a
reward of $25,000 to catch him.
He's very clever, telephone officials say, and is the only known suspect in
the country that is able to pick the locks on coin boxes in telephone
booths with relative ease.
He is believed responsible for stealing hundreds of thousands of dollars from
coin boxes in the Bay Area and Sacramento this year.
The suspect has been identified by authorities as James Clark, 47, of
Pennisula, Ohio, a machinist and tool-and-die maker, who is believed
responsible for coin box thefts in 24 other states.
Other companies sharing in the reward are Ohio Bell, Southern Bell, South
Carolina Bell, South Central Bell, Southwestern Bell, Bell Telephone of
Pennsylvania and U.S. West.
Clark allegedly hit pay phones that are near freeways and other major
thoroughfares. Clark, described as 5 feet 9 inches tall, with shoulder
length brown hair and gold-rimmed glasses, is reported to be driving a new
Chevrolet Astro van painted a dark metallic blue.
He was recently in Arizona but is believed to be back in California.
Written by a Tribune Staff Writer
Typed by the $muggler