==Phrack Inc.== Volume Two, Issue 21, File 3 of 11 <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> <> <> <> Shadows Of A Future Past <> <> ~~~~~~~~~~~~~~~~~~~~~~~~ <> <> Part One Of The Vicious Circle Trilogy <> <> <> <> A New Indepth Look At A Re-Occurring Problem <> <> by Knight Lightning <> <> <> <> August 6, 1988 <> <> <> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> The Problem? ~~~~~~~~~~~~ The fate of the entire modem community for the most part is based on the foundation of computer bulletin boards. These realms of information exchange have become centers of learning and trading various information for thousands of hackers across the United States and even the world. However, today's security consultants and law enforcement agencies are smarter than ever too and they know where to strike in order to do the most damage. The concept of creating a bulletin board for the purpose of catching hackers was unheard of until The Phoenix Phortress Incident of 1986. The creation of this bulletin board system enabled Sergeant Dan Pasquale of the Fremont Police Department the ability to penetrate the sacred barrier between the phreak/hack community and the rest of the world. This file will attempt to show the extent of this problem within the community and hopefully will lead readers to discover ways of protecting themselves from the many "venus fly traps" they are likely to encounter. Articles presented in this file are specially edited reprints from past issues of Phrack World News. The Evidence - The unseen truths reside in the shadows of our past and future. ~~~~~~~~~~~~ The following is an excerpt from Phrack World News Issue III; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Phoenix Phortress Stings 7 ~~~~~~~~~~~~~~~~~~~~~~~~~~ On March 5, 1986, the following seven phreaks were arrested in what has come to be known as the first computer crime "sting" operation. Captain Hacker \ Doctor Bob \ Lasertech \ The Adventurer The Highwayman \ The Punisher \ The Warden Many of them or other members of Phoenix Phortress belonged to these groups: High Mountain Hackers \ Kaos Inc. \ Shadow Brotherhood \ The Nihilist Order Of the seven, three were 15 years old; two were 16; one was 17; and one, 19. Their charges include: Several misdemeanors Trafficking in stolen long distance service codes Trafficking in stolen credit card numbers Possession of stolen property Possession of dangerous weapons (a martial arts weapon) Charging mail-order merchandise to stolen credit card numbers Selling stolen property Charging calls internationally to telephone service numbers Other phreak boards mentioned include: Bank Vault (Mainly for credit card numbers and tips on credit card scams) Phreakers Phortress (Mainly of course for phreak codes and other information) After serving search warrants early Wednesday morning on the seven Fremont residences where the young men lived with their parents, police confiscated at least $12,000 worth of equipment such as computers, modems, monitors, floppy disks, and manuals, which contained information ranging from how to make a bomb, to the access codes for the Merrill Lynch and Dean Witter Financial Services Firm's corporate computers. The sysop of Phoenix Phortress was The Revenger, who was supposedly Wally Richards, a 25 year-old Hayward man who "phreaked back east a little" in New Jersey. He took the phone number under the name of Al Davis. However he was really Sgt. Daniel Pasquale of the Fremont Police Department. When he introduced his board to other computer users, he called it the "newest, coolest, phreak board in town." Pasquale said he got the idea for the sting operation after a 16-year old arrested last summer for possession of stolen property "rolled them over (narced) He told us all about their operation." Pasquale used a police department Apple //e computer and equipment, with access codes and information provided by eight corporations, including Wells Fargo Bank, Sprint, and MCI. Pasquale said he received more than 2,500 calls from about 130 regular users around the country. The police started to make their first case three days after the board went up. "We had taken the unlisted phone number under the name Al Davis," Pasquale said. "In six days, these kids had the name on the bulletin board. I would have needed a search warrant to get that information." The arrests were made after five months of investigation by Dan Pasquale. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Phoenix Phortress incident only led to the arrest of seven hackers. However, at the same time it enabled the law enforcement agencies to gather information about over one hundred other hackers, systems being discussed, anything transmitted in electronic mail on the bulletin board, and most likely gave them information about hundreds of other hackers, bulletin boards, and so forth. The following is an excerpt from Phrack World News Issue VII; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Maxfield Strikes Again August 20, 1986 ~~~~~~~~~~~~~~~~~~~~~~ Many of you probably remember a system known as "THE BOARD" in the Detroit 313 NPA. The number was 313-592-4143 and the newuser password was "HEL-N555,ELITE,3" (then return). It was kind of unique because it was run off of an HP2000 computer. On August 20, 1986 the following messages began to appear on THE BOARD; - - - - - - - - - - - - - - - - - - - - Welcome to MIKE WENDLAND'S I-TEAM sting board! (Computer Services Provided By BOARDSCAN) 66 Megabytes Strong 300/1200 baud - 24 hours. Three (3) lines = no busy signals! Rotary hunting on 313-534-0400. Board: General Information & BBS's Message: 41 Title: YOU'VE BEEN HAD!!! To: ALL From: HIGH TECH Posted: 8/20/86 @ 12.08 hours Greetings: You are now on THE BOARD, a "sting" BBS operated by MIKE WENDLAND of the WDIV-TV I-Team. The purpose? To demonstrate and document the extent of criminal and potentially illegal hacking and telephone fraud activity by the so-called "hacking community." Thanks for your cooperation. In the past month and a half, we've received all sorts of information from you implicating many of you to credit card fraud, telephone billing fraud, vandalism, and possible break-ins to government or public safety computers. And the beauty of this is we have your posts, your E-Mail and--- most importantly ---your REAL names and addresses. What are we going to do with it? Stay tuned to News 4. I plan a special series of reports about our experiences with THE BOARD, which saw users check in from coast-to-coast and Canada, users ranging in age from 12 to 48. For our regular users, I have been known as High Tech, among other ID's. John Maxfield of Boardscan served as our consultant and provided the HP2000 that this "sting" ran on. Through call forwarding and other conveniences made possible by telephone technology, the BBS operated remotely here in the Detroit area. When will our reports be ready? In a few weeks. We now will be contacting many of you directly, talking with law enforcement and security agents from credit card companies and the telephone services. It should be a hell of a series. Thanks for your help. And don't bother trying any harassment. Remember, we've got YOUR real names. Mike Wendland The I-team WDIV, Detroit, MI. Board: General Information & BBS's Message: 42 Title: BOARDSCAN To: ALL From: THE REAPER This is John Maxfield of Boardscan. Welcome! Please address all letter bombs to Mike Wendland at WDIV-TV Detroit. This board was his idea. The Reaper (a.k.a. Cable Pair) ------------------------------------------------------------------------------- John Maxfield was in general extremely proud of his efforts with THE BOARD and he said that a lot of the people he voice verified should have known it was him. According to John Maxfield, the only reason this sting board was put up was to show "What is currently happening in the phreak/hack community." He said no legal action will be taken at all, and besides, its fattened his "dossiers" on a lot of people! [The news stories for WDIV-TV 4 appeared in Phrack World News Issue IX.] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Now, this is a classic example of people not learning from other people's mistakes. At some point in time prior to this incident, the number for THE BOARD was posted, it was given a lot of hype and eventually it drew in hackers to THE BOARD like flies to a spider web from which the unsuspecting users never broke free. That is the point I am trying to make -- today's phreak/hacker must learn to be more security conscious. What makes anyone think that they can trust someone just because they are running a bulletin board? This blind faith is what will be the downfall of many a hacker until they wise up and start paying attention to what they are doing. Safety first; the stakes in this game are a lot higher than no television after school for a week because once a hacker's phone number falls into the wrong hands, the law enforcement community or organizations like the Communications Fraud Control Association (CFCA) can find out everything about you. I know because I have seen their files and their hacker data base is so incredibly large and accurate...its unbelievable. The following is an excerpt from Phrack World News Issue XIV; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Metalland South: Phreak BBS or MetaliFEDS Inc.? June 2, 1987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Metalland South BBS, at 404-327-2327, was once a fairly well known bulletin board, where many respected members of the hack/phreak community resided. It was originally operated by two guys from Metal Communications, Inc., but it wasn't an MCI club board. The sysop was Iron Man and the co-sysop was Black Lord. Recently, it has come to the writer's attention, that MLS has come under new management, new policies, and possibly a new idea; Sting. Somewhere around September-October 1986, Iron Man removed all of the hack/ phreak related subboards as well as all G-philes from the system. He was apparently worried about getting busted. The last time this reporter spoke with him, Iron Man said he intended to put the hack/phreak subs back up. Then, not long after this conversation, the number was changed (The original number was 404-576-5166). A person using the alias of The Caretaker was made co-sysop and Iron Man would not reply to feedback. Everything was handled by The Caretaker [TC from now on]. TC did not allow any hack/phreak subs, but said he would put them up if the users would follow STRICT validation procedures. Strict validation on MLS includes: ^*^ Your Real Name ^*^ Your Address ^*^ Your Voice Phone Number ^*^ A Self-Addressed Envelope (in which he will send back with your account number and password.) It is obvious to see the ramifications here. A board or sysop gets busted and then makes a deal to turn over the board to some company or agency. To make sure that they get who they want, you have to give them all this info, and the only you can get a password is to let them mail it to you, thus guaranteeing that if something illegal is posted under that account, you are responsible, no ifs, ands, or buts. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - There was more information that went on to prove that Metalland South was indeed some kind of a trap or sting board and the whole aura of mystery surrounding this system made it not worth calling. Do not EVER give a sysop your address so he can send you your password. There is no need for such information as it can only hurt you severely and would not benefit the sysop in any way that would leave you unharmed. One other item concerning bulletin boards comes from PWN Issue V where mention of yet another hacker sting board named The Tunnel was discovered in Texas. And lets not forget about TMC's P-80, sysoped by Scan Man, that was responsible for the apprehension of Shawn of Phreakers Quest (also known as Capt. Caveman). However, do not fool yourself into believing that bulletin boards are the only places you are likely to run into trouble. Regular systems that you like to work with may be just as dangerous if you are not careful. Druidic Death and Celtic Phrost found this out the hard way on the Unix system at MIT as they nearly succumbed to the power of progressive entrapment which would have doomed them both. The following is an excerpt from Phrack World News Issue XI; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MIT Unix: Victim or Aggressor? January 23 - February 2, 1987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Was the MIT system an innocent victim of hacker oppression or simply another trap to capture unsuspecting hackers in the act? It all started like this... [Some posts have been slightly edited to be relevant to the topic] ------------------------------------------------------------------------------ MIT Name: Druidic Death Date: 12:49 am Mon Jan 20, 1986 Lately I've been messing around on MIT's VAX in there Physics Department. Recently some one else got on there and did some damage to files. However MIT told me that they'll still trust us to call them. The number is: 617-253-XXXX We have to agree to the following or we will be kicked off, they will create a "hacker" account for us. <1> Use only GUEST, RODNEY, and GAMES. No other accounts until the hacker one is made. There are no passwords on these accounts. <2> Make sure we log off properly. Control-D. This is a UNIX system. <3> Not to call between 9 AM and 5 PM Eastern Standard Time. This is to avoid tying up the system. <4> Leave mail to GEORGE only with UNIX questions (or C). And leave our handles so he'll know who we are. ------------------------------------------------------------------------------ Unix Name: Celtic Phrost Date: 4:16 pm Mon Jan 20, 1986 Thanks Death for the MIT computer, I've been working on getting into them for weeks. Here's another you can play around with: 617/258-XXXX login:GUEST Or use a WHO command at the logon to see other accounts, it has been a long time since I played with that system, so I am unsure if the GUEST account still works, but if you use the WHO command you should see the GUEST account needed for applying for your own account. -Phrost ------------------------------------------------------------------------------ Unix Name: Celtic Phrost Date: 5:35 pm Mon Jan 20, 1986 Ok, sorry, but I just remembered the application account, its: OPEN Gawd, I am glad I got that off my chest! -(A relieved)Celtic Phrost. Also on that MIT computer Death listed, some other default accounts are: LONG MIKE GREG NEIL DAN Get the rest yourself, and please people, LEAVE THEM UNPASSWORDED! ------------------------------------------------------------------------------ MIT Name: Druidic Death 12 Date: 1:16 am Fri Jan 23, 1987 MIT is pretty cool. If you haven't called yet, try it out. Just PLEASE make sure you follow the little rules they asked us about! If someone doesn't do something right the sysop leaves the gripe mail to me. Check out my directory under the guest account just type "cd Dru". Read the first file. ------------------------------------------------------------------------------ MIT Name: Ctrl C Date: 12:56 pm Sat Jan 24, 1987 MIT Un-Passworded Unix Accounts: 617-253-XXXX ALEX BILL GAMES DAVE GUEST DAN GREG MIKE LONG NEIL TOM TED BRIAN RODNEY VRET GENTILE ROCKY SPIKE KEVIN KRIS TIM And PLEASE don't change the Passwords.... -=>Ctrl C<=- ------------------------------------------------------------------------------ MIT Again Name: Druidic Death Date: 1:00 pm Wed Jan 28, 1987 Ok people, MIT is pissed, someone hasn't been keeping the bargain and they aren't too thrilled about it. There were only three things they asked us to do, and they were reasonable too. All they wanted was for us to not compromise the security much more than we had already, logoff properly, not leave any processes going, and call only during non-business hours, and we would be able to use the GUEST accounts as much as we like. Someone got real nice and added themselves to the "daemon" group which is superusers only, the name was "celtic". Gee, I wonder who that could have been? I'm not pissed at anyone, but I'd like to keep on using MIT's computers, and they'd love for us to be on, but they're getting paranoid. Whoever is calling besides me, be cool ok? They even gave me a voice phone to chat with their sysops with. How often do you see this happen? A little perturbed but not pissed... DRU' ------------------------------------------------------------------------------ Tsk, Celtic. Name: Evil Jay Date: 9:39 am Thu Jan 29, 1987 Well, personally I don't know why anyone would want to be a superuser on the system in question. Once you've been on once, there is really nothing that interesting to look at...but anyway. -EJ ------------------------------------------------------------------------------ In trouble again... Name: Celtic Phrost Date: 2:35 pm Fri Jan 30, 1987 ...I was framed!! I did not add myself to any "daemon" group on any MIT UNIX. I did call once, and I must admit I did hang up without logging off, but this was due to a faulty program that would NOT allow me to break out of it, no matter what I tried. I am sure that I didn't cause any damage by that. -Phrost ------------------------------------------------------------------------------ Major Problems Name: Druidic Death Date: 12:20 pm Sat Jan 31, 1987 OK, major stuff going down. Some unidentified individual logged into the Physics Dept's PDP11/34 at 617-253-XXXX and was drastically violating the "agreement" we had reached. I was the one that made the "deal" with them. And they even gave me a voice line to talk to them with. Well, one day I called the other Physics computer, the office AT and discovered that someone created an account in the superuser DAEMON group called "celtic". Well, I was contacted by Brian through a chat and he told me to call him. Then he proceeded to nicely inform me that "due to unauthorized abuse of the system, the deal is off". He was cool about it and said he wished he didn't have to do that. Then I called George, the guy that made the deal and he said that someone who said he was "Celtic Phrost" went on to the system and deleted nearly a year's worth of artificial intelligence data from the nuclear fission research base. Needless to say I was shocked. I said that he can't believe that it was one of us, that as far as I knew everyone was keeping the deal. Then he (quite pissed off) said that he wanted all of our names so he can report us to the FBI. He called us fags, and all sorts of stuff, he was VERY!! [underline twice] PISSED! I don't blame him. Actually I'm not blaming Celtic Phrost, it very easily could have been a frame up. But another thing is George thinks that Celtic Phrost and Druidic Death are one and the same, in other words, he thinks that *I* stabbed him in the back. Basically he just doesn't understand the way the hacker community operates. Well, the deal is off, they plan to prosecute whoever they can catch. Since George is my best friend's brother I have not only lost a friend, but I'm likely to see some legal problems soon. Also, I can forget about doing my graduate work at MIT. Whoever did this damage to them, I hope you're happy. You really messed things up real nice for a lot of people. Celtic, I don't have any reason to believe you messed with them. I also have no reason to think you didn't. I'm not making an accusation against you, but WHOEVER did this, deserves to be shot as far as I'm concerned. Until this data was lost, they were on the verge of harnessing a laser-lithium produced form of nuclear fission that would have been more efficient than using the standard hydrogen. Well, back to the drawing board now. I realize that it's hard to believe that they would have data like this on this system. But they were quite stupid in many other areas too. Leaving the superuser account with no password?? Think about it. It's also possible that they were exaggerating. But regardless, damage seems to have been done. ------------------------------------------------------------------------------ MIT Name: Phreakenstein Date: 1:31 am Sun Feb 01, 1987 Heck! I dunno, but whoever it was, I think, should let himself (the s00per K-rad elyte d00d he is) be known. I wasn't on MIT, but it was pretty dumb of MIT to even let Hackers on. I wouldn't really worry though, they did let you on, and all you have to prove is that you had no reason to do it. ----Phreak ------------------------------------------------------------------------------ I wonder... Name: Ax Murderer 15 Date: 6:43 pm Sun Feb 01, 1987 I highly doubt that is was someone on this system. Since this is an elite board, I think all the users are pretty decent and know right and wrong things to do. Could be that one of the users on this system called another system and gave it out!?? Ax Murderer ------------------------------------------------------------------------------ It was stupid Name: Druidic Death 12 Date: 9:21 pm Sun Feb 01, 1987 It seems to me, or, what I gathered, they felt that there were going to be hackers on the system to begin with and that this way they could keep themselves basically safe. I doubt that it was Celtic Phrost, I don't think he'd be an asshole like that. But I can't say. When I posted, I was pretty pissed about the whole deal. I've calmed down now. Psychic Warlord said something to me voice the other day that made me stop and think. What if this was a set up right from the start? I mean, MIT won't give me specifics on just what supposedly happened, Celtic Phrost denies everything, and the biggest part of it is what George said to me. "We can forgive you for what you did to us if you'll promise to go straight and never do this again and just tell us who all of your friends are that are on the system". I didn't pay much attention to that remark at first, now I'm beginning to wonder... I, of course, didn't narc on anyone. (Who do I know??? hehe) DRU' ------------------------------------------------------------------------------ Comments... Name: Delta-Master Date: 7:15 am Mon Feb 02, 1987 It wouldn't surprise me if it was some kind of setup, it's been done before. Delta-Master [All posts in this article were taken from ShadowSpawn.] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Solution ~~~~~~~~~~~~ What more is there to say? It definitely looks like there was a setup involved and it probably was not the first time and probably will not be the last time either. So how can you protect yourself? As far as the bulletin boards go. There is an unwritten rule somewhere that basically says that to be a good sysop, you first have to be a good user. If the sysop of some mystery board is not someone you have seen around for a long time, then I would not call. However, even if it is someone who has been around, references from someone you feel you can trust is a necessity. It all boils down to the reliability of the information and the persons involved. When dealing with systems like the MIT Unix, remember, if its too good to be true then most likely there will be something that you are not being told. Who in their right mind is going to give free accounts to an important system with delicate information to a group of hackers? Its crazy. This file will hopefully serve as an informative fresh look at an old game. To me, even if the time I spent putting this article together helps out or saves only one phreak/hacker, I feel my job has been done successfully. :Knight Lightning "The Future Is Forever" The Phoenix Project =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=