textfiles/news/nighthak.txt

       The Night of the Hackers


As you are surveying the dark and
misty swamp you come across what
appears to be a small cave.  You light
a torch and enter.  You have walked
several hundred feet when you stumble
into a bright blue portal.  .  .  With
a sudden burst of light and a loud
explosion you are swept into .  .  .
DRAGONFIRE .  .  .  Press Any Key if
You Dare."

You have programmed your personal
computer to dial into Dragonfire, a
computer bulletin board in
Gainesville, Texas.  But before you
get any information, Dragonfire
demands your name, home city and phone
number.  So, for tonight's tour of the
electronic wilderness you become
Montana Wildhack of San Francisco.

Dragonfire, Sherwood Forest (sic),
Forbidden Zone, Blottoland, Plovernet,
The Vault, Shadowland, PHBI and scores
of other computer bulletin boards are
hangouts of a new generation of
vandals.  These precocious teenagers
use their electronic skills to play
hide-and-seek with computer and
telephone security forces.  Many
computer bulletin boards are perfectly
legitimate:  they resemble electronic
versions of the familiar cork boards
in supermarkets and school corridors,
listing services and providing
information someone out there is bound
to find useful.  But this is a walk on
the wild side, a trip into the world
of underground bulletin boards
dedicated to encouraging -- and making
-- mischief.

The phone number for these boards are
as closely guarded as a psychiatrist's
home telephone number.  Some numbers
are posted on underground boards;
others are exchanged over the
telephone.  A friendly hacker provided
Dragonfire's number.  Hook up and you
see a broad choice of topics offered.
For Phone Phreaks -- who delight in
stealing service from AT&T and other
phone networks .  Phreakenstein's Lair
is a potpourri of phone numbers,
access codes and technical
information.  For computer hackers --
who dial into other people's computers
-- Ranger's Lodge is chock-full of
phone numbers and passwords for
government, university and corporate
computers.  Moving through
Dragonfire's offerings, you can only
marvel at how conversant these
teen-agers are with the technical
esoterica of today's electronic age.
Obviously they have spent a great deal
of time studying computers, though
their grammar and spelling indicate
they haven't been diligent in other
subjects.  You are constantly reminded
of how young they are.

"Well it's that time of year again.
School is back in session so let's get
those high school computer phone
numbers rolling in.  Time to get
straight A's, have perfect attendance
(except when you've been up all night
hacking school passwords), and messing
up you worst teacher's paycheck."

Forbidden Zone, in Detroit, is
offering ammunition for hacker civil
war -- tips on crashing the most
popular bulletin-board software.
There also are plans for building
black, red and blue boxes to mimic
operator tones and get free phone
service.  And here are the details for
"the safest and best way to make and
use nitroglycerine," compliments of
Doctor Hex, who says he got it "from
my chemistry teacher."

Flip through the "pages." You have to
wonder if this information is
accurate.  Can this really be the
phone number and password for Taco
Bell's computer?  Do these kids really
have the dial-up numbers for dozens of
university computers?  The temptation
is too much.  You sign off and have
your computer dial the number for the
Yale computer.  Bingo -- the words
Yale University appear on your screen.
You enter the password.  A menu
appears.  You hang up in a sweat.  You
are now a hacker.

Punch in another number and your modem
zips off the touch tones.  Here comes
the tedious side of all of this.
Bulletin boards are popular.  No
vacancy in Bates Motel (named for
Anthony Perkin's creepy motel in the
movie "Psycho"); the line is busy.  So
are 221 B.  Baker Street, PHBI,
Shadowland and The Vault, Caesar's
Palace rings and connects.  This is
different breed of board.  Caesar's
Palace is a combination Phreak board
and computer store in Miami.  This is
the place to learn ways to mess up a
department store's anti-shoplifting
system, or make free calls on
telephones with locks on the dial.
Pure capitalism accompanies such
anarchy, Caesar's Palace is offering
good deals on disc drives, software,
computers and all sorts of hardware.
Orders are placed through electronic
mail messages.

'Tele-Trial':  Bored by Caesar's
Palace, you enter the number for
Blottoland, the board operated by one
of the nation's most notorious
computer phreaks -- King Blotto.  This
one has been busy all night, but it's
now pretty late in Cleveland.  The
phone rings and you connect.  To get
past the blank screen, type the
secondary password "S-L-I-M-E." King
Blotto obliges, listing his rules:  he
must have your real name, phone
number, address, occupation and
interests.  He will call and disclose
the primary password, "if you belong
on this board." If admitted, do not
reveal the phone number or the
secondary password, lest you face
"tele-trial," the King warns as he
dismisses you by hanging up.  You
expected heavy security, but this
teenager's security is, as they say,
awesome.  Computers at the Defense
Department and hundreds of businesses
let you know when you've reached them.
Here you need a password just to find
out what system answered the phone.
Then King Blotto asks questions -- and
hangs up. Professional
computer-security experts could learn
something from this kid. He knows that
ever since the 414 computer hackers
were arrested in August 1982,
law-enforcement officers have been
searching for leads on computer
bulletin boards.

"Do you have any ties to or
connections with any law enforcement
agency or any agency which would
inform such a law enforcement agency
of this bulletin board?"

Such is the welcoming message from
Plovernet, a Florida board known for
its great hacker/phreak files.  There
amid a string of valid VISA and
MasterCard numbers are dozens of
computer phone numbers and passwords.
Here you also learn what Blotto means
by tele-trial.  "As some of you may or
may not know, a session of the
conference court was held and the
Wizard was found guilty of some
miscellaneous charges, and sentenced
to four months without bulletin
boards." If Wizard calls, system
operators like King Blotto disconnect
him.  Paging through bulletin boards
is a test of your patience.  Each
board has different commands.  Few are
easy to follow, leaving you to hunt
and peck your way around.  So far you
haven't had the nerve to type "C,"
which summons the system operator for
a live, computer-to-computer
conversation.  The time, however has
come for you to ask a few questions of
the "sysop." You dial a computer in
Boston. It answers and you begin
working your way throughout the menus.
You scan a handful of dial- up
numbers, including one for Arpanet,
the Defense Department's research
computer.  Bravely tap C and in
seconds the screen blanks and your
cursor dances across the screen.

Hello .  .  .  What kind of computer
do you have?

Contact.  The sysop is here.  You
exchange amenities and get "talking."
How much hacking does he do?  Not
much, too busy.  Is he afraid of being
busted, having his computer
confiscated like the Los Angeles man
facing criminal changes because his
computer bulletin board contained a
stolen telephone-credit-card number?
"Hmmmm .  .  .  No," he replies.
Finally, he asks the dreaded question:
"How old are you?" "How old are YOU,"
you reply, stalling.  "15," he types.
Once you confess and he knows you're
old enough to be his father, the
conversation gets very serious.  You
fear each new question; he probably
thinks you're a cop.  But all he wants
to know is your choice for president.
The chat continues, until he asks,
"What time is it there?" Just past
midnight, you reply.  Expletive.
"it's 3:08 here," Sysop types.  "I
must be going to sleep.  I've got
school tomorrow." The cursor dances
"*********** Thank you for Calling."
The screen goes blank.


Epilog:

A few weeks after this reporter
submitted this article to Newsweek, he
found that his credit had been
altered, his drivers' licence revoked,
and EVEN HIS Social Security records
changed!  Just in case you all might
like to construe this as a
'Victimless' crime.  The next time a
computer fouls up your billing on some
matter, and COSTS YOU, think about it!


-----------------------------------

This the follow-up to the previous
article concerning the Newsweek
reporter.  It spells out SOME of the
REAL dangers to ALL of us, due to this
type of activity!



      The REVENGE of the Hackers


In the mischievous fraternity of
computer hackers, few things are
prized more than the veil of secrecy.
As NEWSWEEK San Francisco
correspondent Richard Sandza found out
after writing a story on the
electronic underground's (DISPATCHES,
Nov.  12, 198 ability to exact
revenge can be unnerving.  Also
severe....  Sandza's report:

"Conference!" someone yelled as I put
the phone to my ear.  Then came a
mind-piercing "beep," and suddenly my
kitchen seemed full of hyperactive
15-year-olds.  "You the guy who wrote
the article in NEWSWEEK?" someone
shouted from the depths of static, and
giggles.  "We're going disconnect your
phone," one shrieked.  "We're going to
blow up your house," called another.
I hung up.

Some irate readers write letters to
the editor.  A few call their lawyers.
Hackers, however, use the computer and
the telephone, and for more than
simple comment.  Within days, computer
"bulletin boards" around the country
were lit up with attacks on NEWSWEEK's
"Montana Wildhack" (a name I took from
a Kurt Vonnegut character),
questioning everything from my manhood
to my prose style.  "Until we get real
good revenge," said one message from
Unknown Warrior, "I would like to
suggest that everyone with an
auto-dial modem call Montana Butthack
then hang up when he answers." Since
then the hackers of America have
called my home at least 2000 times.
My harshest critics communicate on
Dragonfire, a Gainesville, Texas,
bulletin board where I am on
teletrial, a video-lynching in which a
computer user with grievance dials the
board and presses charges against the
offending party. Other hackers --
including the defendant --post
concurrences or rebuttals. Despite the
mealtime interruptions, all this was
at most a minor nuisance; some was
amusing, even fun.

FRAUD:  The fun stopped with a call
from a man who identified himself only
as Joe.  "I'm calling to warn you," he
said.  When I barked back, he said,
"Wait, I'm on your side.  Someone has
broken into TRW and obtained a list of
all your credit-card numbers, your
home address, social-security number
and wife's name and is posting it on
bulletin boards around the country."
He named the charge cards in my
wallet.

Credit-card numbers are a very hot
commodity among some hackers.  To get
one from a computer system and post it
is the hacker equivalent of making the
team.  After hearing from Joe I
visited the local office of the TRW
credit bureau and got a copy of my
credit record.  Sure enough, it showed
a Nov.  13 inquiry by the Lenox
(Mass.) Savings Bank, an institution
with no reason whatever to ask about
me.  Clearly some hacker had used
Lenox's password to the TRW computers
to get to my files (the bank has since
changed the password).

It wasn't long before I found out what
was being done with my credit-card
numbers, thanks to another friendly
hacker who tipped me to Pirate 80, a
bulletin board in Charleston, W.Va.,
where I found this:  "I'm sure you
guys have heard about Richard Stza or
Montana Wildhack.  He's the guy who
wrote the obscene story about
phreaking in NewsWeek.  Well, my
friend did a credit card check on TRW
.  .  .  try this number, it' a VISA .
.  . Please nail this guy bad .  .  .
Captain Quieg.

Captain Quieg may himself be nailed.
He has violated the Credit Card Fraud
Act of 1984 signed by President Reagan
on Oct.  12.  The law provides a
$10,000 fine and up to a 15-year
prison term for "trafficking" in
illegally obtained credit-card account
numbers.  His "friend" has committed a
felony violation of the California
computer-crime law.  TRW spokeswoman
Delia Fernandex said that TRW would
"be more than happy to prosecute" both
of them.

TRW has good reason for concern.  Its
computers contain the credit histories
of 120 million people.  Last year TRW
sold 50 million credit reports on
their customers.  But these highly
confidential personal records are so
poorly guarded that computerized
teenagers can ransack the files and
depart undetected.  TRW passwords --
unlike many others -- often print out
when entered by TRW's customers.
Hackers then look for discarded
printouts.  A good source:  the trash
of banks and automobile dealerships,
which routinely do credit checks.
"Everybody hacks TRW," says Cleveland
hacker King Blotto, whose bulletin
board has security system the Pentagon
would envy.  "It's the easiest." For
her part, Fernandez insists that TRW
"does everything it can to keep the
system secure

In my case, however, that was not
enough.  My credit limits would hardly
support big-time fraud, but
victimization takes many forms.
Another hacker said it was likely that
merchandise would be ordered in my
name and shipped to me -- just to
harass me.  I used to use credit-card
numbers against someone I didn't
like," the hacker said.  "I'd call
Sears and have a dozen toilets shipped
to his house."

Meanwhile, back on Dragonfire, my
teletrial was going strong.  The
charges, as pressed my Unknown
Warrior, include "endangering all
phreaks and hacks." The judge in this
case is a hacker with the apt name of
Ax Murderer. Possible sentences range
from exile from the entire planet" to
"kill the dude." King Blotto has taken
up my defense, using hacker power to
make his first pleading:  he dialed up
Dragonfire, broke into its operating
system and "crashed" the bulletin
board, destroying all of its messages
naming me. The board is back up now,
with a retrial in full swing.  But
then, exile from the electronic
underground looks better all the time.


+-------------------------------------
+ END of COLOSSUS NEWSLETTER Issue 3,
Volume 1. Please upload to MANY
boards!
+-------------------------------------
+

(Chuck: Whew!) (Ed: My fingers cramped
again!)