172 lines
12 KiB
Plaintext
172 lines
12 KiB
Plaintext
Words from the author:
|
|
|
|
Over the last 12 years I have worn many hats. That of a
|
|
Phone Phreak/Hacker, Sysop of one of the oldest BBS's in the
|
|
world, and that of technical security consultant. To some there
|
|
might seem a conflict of interest in the hats I have worn. But,
|
|
my belief is that the material found in the underground computer
|
|
sub-culture of Hackers & Phone Phreaks should be considered a form
|
|
of educational service to systems designers/administrators, as
|
|
well as programmers, law enforcement and others involved in the
|
|
design, improvement, and policeing of the electronic frontier.
|
|
True, there will always be that certain percentage of people
|
|
who would use this (or any other information) maliciously. It
|
|
is also my belief that these people are in the minority. These
|
|
people while usually teenagers with more ego than intellect can
|
|
if desired find the majority of this information in any library,
|
|
magazine, or newsletter already in print. Most of this style of
|
|
material doesnt originate on underground BBS's, but rather ends
|
|
up there as a compilation of like materials. However to some,
|
|
such as law enforcement for example, a threat is perceived and
|
|
derived from seeing the compilation of this style material all
|
|
in one place and accessable via computer. Just the fact that it
|
|
comes from a computer some how makes it more ominous than if read
|
|
from some obscure techno underground newsletter. This is nothing
|
|
more than a perception problem.
|
|
A case in point is the Craig Neidorf case where he was raided
|
|
and had all of his personal computer equipment taken and charged
|
|
with tens of thousands of damage and losses, because of releaseing
|
|
what was at the time 'perceived' as critical 911 services
|
|
information. Only to have the case thrown out later and discovering
|
|
the self same 911 material was available publicly (if you knew where
|
|
to look) for $30 dollars. While I personally have no great love
|
|
for Craig and was badly and unjustly chastised by him once, he still
|
|
should not have been left with the loss of thousands in personal
|
|
property/equipment, not to mention a hundred thousand (I think that
|
|
was the figure I heard quoted) in attorney's fees. This doesnt
|
|
include the hundreds of thousands in lost tax payer dollars that
|
|
were needlessly squandered on that case.
|
|
My point is that the first thing that needs done is to clean up
|
|
the problem, not the person. For example, my first major systems
|
|
consulting contract was for a long distance telco who was lossing
|
|
$450,000 a month in New York City alone. When hired, the first words
|
|
out of my mouth were 'I'm not a head hunter', as this practice would
|
|
only cost them 3-5 more dollars in investigative and legal fees in
|
|
order to aquire and prosecute for every dollar they lost in fraud.
|
|
The solution I offered was to fix the problem at its source (their
|
|
system).
|
|
After reviewing their setup from top to bottom It didnt
|
|
take long to discover their billing code/PIN structure was at the
|
|
heart of the problem. They had given a secretary a pad and pencil
|
|
and said, we need some codes, here's how many digits they need to be
|
|
so write down some and turn them in for use. In addition they were
|
|
only using 4 digit codes at the time. To make matters worse the codes
|
|
were only spaced a few digits apart thanks to the secratary who had
|
|
no idea the significance of what she was doing. All this by a branch
|
|
of what was then the 4th largest long distance company in the
|
|
country. Gross negligence at best. But, who is the first to cry foul
|
|
when their ineptitude was taken advantage of.
|
|
From someone such as myself who bore the title of Phone Phreak
|
|
proudly, this entire situation was nothing short of hilarious.
|
|
However it was quite simple to fix. I needed only apply basic
|
|
and common knowledge I had aquired from my studies around the
|
|
computer/telecomm subculture. A task that should be promoted by the
|
|
security powers that be, inorder to educate themselves, instead
|
|
of going out and hiring ex-FBI and Ex-Police officers with an
|
|
investigative/rubber hose mentality who didnt even have a true
|
|
understanding of the problem they were hired to fix, to run their
|
|
security departments. Who often like the very people they were
|
|
chasing were operating on ego rather than intellect (not to mention
|
|
authority). As potentially dangerous a combination to individual rights
|
|
enjoyed in this country as the dangers provided by the malicious types
|
|
within the computer underground itself. The point here is that
|
|
there are problems within both the law enforcement and underground.
|
|
Let me now give a couple of examples of how I used underground
|
|
experience to fix this monumental snafu. First the obvious. Myself
|
|
and a programmer friend (The Researcher) sat down and designed and
|
|
wrote software to generate a new code network which was not 4 but
|
|
but 7 digits in length, and only permitted one 'possible'
|
|
(if assigned) good code in every 10,000 possible combinations.
|
|
Ironically this software was written and tested and run on the very
|
|
BBS machine that ran what was at the time (and still is) the oldest
|
|
underground BBS in the world (P-80 Systems).
|
|
Next, knowing that computers were used to do the majority of
|
|
the code hacking at this time, it made the task simple to fix the
|
|
switching equipment. Before I tell you how this was accomplished,
|
|
a little advance training is in order. When you are dialing a number
|
|
through any phone company local or national when you do something
|
|
wrong (or even right for that matter) you get whats called a
|
|
'treatment' such as a recording or a 'fast busy' signal. With
|
|
this in mind I first had to deal with the problem of the existing
|
|
older codes that had not been converted to my 7 digit system and
|
|
were still highly open to to fraud (it takes awhile to assign
|
|
thousands of customers new codes). This was done by adding 6 new
|
|
treatment ports to the switching equipment. On the first two ports
|
|
I put ring generators (the device that provides the sound of the
|
|
phone ringing in your earpiece) to create a ring with no possible
|
|
answer situation when a bad code was dialed. Since the fraudulent
|
|
codes were being reassigned on a daily basis with new 7 digit codes
|
|
it provided a lot confusion for people still in posession of the
|
|
older 4 digit codes. they couldnt tell if it was a dead code or
|
|
the person they were calling just wasnt home, while not hampering
|
|
the legitimate customer who simply misdialed his code. On the next
|
|
2 treatment ports I placed Hayes modems, which were like the other
|
|
two ports in so much as they were a two in 6 chance of being aquired
|
|
as a treatment for a bad code being dialed. This action gave the most
|
|
effective security of the time due to the fact that people hacking via
|
|
computer relied on a modem carrier to distinguish when they had gotten
|
|
a good code. SO I GAVE THEM ONE. This made it almost impossible to
|
|
distinguish a good code from a false carrier I was sending out.
|
|
Thus making it difficult and near (but not) impossible to hack
|
|
codes from that network. It also provided nothing more than a
|
|
'hey I wonder what I did wrong' thought to a legit customer who just
|
|
misdialed and simply dials again as they normally would. Also one
|
|
of there big problems was New York City was so big, that a call to
|
|
another part of town could be long distance. New York City alone had
|
|
five area codes. This meant that by simply blocking any calls who's
|
|
area code is 'local or local long distance' I.E. in the city but a
|
|
long distance call, which they should have been doing anyway in order
|
|
not to be trafficing local calls (a big nono in the long distance world)
|
|
they could stop this problem and significantly reduce the impact of the
|
|
of the old 4 digit codes already comprimised and being used
|
|
specifically for the purpose of local calls at the same time.
|
|
Within 6 months their losses went from $450,000 a month to zero.
|
|
The net cost in equipment for switch changes, and the new code network
|
|
was about $5,000. Pennies for an operation of this size. When compared
|
|
against the hundreds of thousands in investigative and legal fee's
|
|
as well as tax dollars and additional taxation of the court system,
|
|
which is already overburdoned. How many people are not in jail and
|
|
being supported by the american tax dollar. I guess the moral to
|
|
the story is work smart not hard. Someone took the time to
|
|
trust me and to take a look at themselves and make the decision to use
|
|
the underground as a tool for solving the 'real' problem rather than
|
|
using it to track and apprehend people (which in case no one caught on,
|
|
doesnt fix the problem in the example above). At the risk of stating
|
|
the obvious, many of these people could be of great benifit to society
|
|
if properly utilized (as opposed to stigmatized). If the time was
|
|
taken to invite them in the front door, your less likely to see them
|
|
around at the back door. As a matter of fact they might be quite an
|
|
appropriate individual to protect the back door. Most of these guys
|
|
would jump at the chance.....
|
|
|
|
In closing I would like to take time to repeat the warning voiced
|
|
elsewhere on this disk, Please DO NOT attempt to use any material
|
|
found on this disk unless you are certain it is both legal and safe.
|
|
|
|
Scan Man
|
|
|
|
|
|
|
|
Acknowledgements:
|
|
|
|
|
|
There are many thanks that should go out here as this material, both
|
|
good and bad have come from many sources. But would still like to take
|
|
a moment to thank the people most involved. I'll start with a big
|
|
thanx to S & S Publishing, Inc. who will be distributing this
|
|
product. Next, while most of the material from this disk comes from
|
|
P-80 International Information Systems BBS, a large piece of recent
|
|
material was donated by Invalid Media of the Unfamiliar Territory BBS.
|
|
Inumerable thanks are in order for THE RESEARCHER for the many years
|
|
of friendship and keyboard comradery. We have had many happy hours with
|
|
uncountable programs, devices, pyrotechnical formulea and technical
|
|
achievments many will only dream of. The Researcher is also the author
|
|
of not only the loader/viewer program you are reading this with, but
|
|
many of the articles within as well as most of the util's that run P-80.
|
|
So if anyone is in need of a brilliant C (and others) programmer, then
|
|
drop him a line here on P-80. Thanx to the hundreds of thousands of
|
|
both members and callers of P-80. And the proverbial last but not
|
|
least my wife and family for putting up with the countless hours at
|
|
the computer for the production of not only this disk but the BBS.
|
|
|