==Phrack Inc.== Volume Three, Issue 25, File 10 of 11 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXV/Part 2 PWN PWN PWN PWN March 29, 1989 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN German Hackers Break Into Los Alamos and NASA March 2, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Three hours ago, a famous German TV-magazine revealed maybe one of the greatest scandals of espionage in computer networks: They talk about some (three to five) West German hackers breaking into several secret data networks (Los Alamos, Nasa, some military databases, (Japanese) war industry, and many others) in the interests of the KGB, USSR. They received sums of $50,000 to $100,000 and even drugs, all from the KGB, the head of the political television-magazine said. The following news articles (and there are a lot) all deal with (directly and indirectly) the recent Spy scandal situation that occurred in West Germany. The majority of the articles shown here are taken from RISKS Digest, but they have been edited for this presentation. This presentation contains some information not previously seen (at least not in this format). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Espionage: Three "Wily Hackers" Arrested March 2, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Three hackers have been arrested in Berlin, Hamburg and Hannover, and they are accused of computer espionage for the Soviet KGB. According to the television magazine "Panorama" (whose journalists have first published the NASA and SPAN hacks), they intruded scientific, military and industry computers and gave passwords, access mechanisms, programs and data to 2 KGB officers; among others, intrusion is reported of the NASA headquarters, the Los Alamos and Fermilab computers, the United States Chief of Staff's data bank OPTIMIS, and several more army computers. In Europe, computers of the French-Italian arms manufacturer Thomson, the European Space Agency ESA, the Max Planck Institute for Nuclear Physics in Heidelberg, CERN/GENEVA and the German Electron Accelerator DESY/Hamburg are mentioned. The report says that they earned several 100,000 DM plus drugs (one hacker evidently was drug addict) over about 3 years. For the German Intelligence authorities, this is "a new quality of espionage." The top manager said that they had awaited something similar but are nevertheless surprised that it happened so soon and with such broad effects. Summarizing the different events which have been reported earlier -- NASA and SPAN hacks, Clifford Stoll's report of the "Wily Hacker" -- I regard this as essentially the final outcome of the Wily Hackers story (with probably more than the 3 which have now been imprisoned). It is surprising that the Intelligence authorities needed so long time (after Cliff's Communications Of The ACM report, in May 1988) to finally arrest and accuse these crackers. Moreover, the rumors according to which design and production plans of a Megabit chip had been stolen from Philips/France computers seems to become justified; this was the background that CCC hacker Steffen Wernery had been arrested, for several months, in Paris without being accused. CAD/CAM programs have also been sold to KBG. Information Provided By Klaus Brunnstein - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Spy Ring Sold Top Secrets To Russia March 3, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ West German counter-intelligence has uncovered a spy ring centered on computer hackers suspected of having supplied the Soviet Union with top secret military and economic information. They are said to have penetrated computer networks in the United States, Western Europe and Japan, according to a television report last night. In a special program, the North German Broadcasting Network said that thousands of computer codes, passwords and programs which allowed the Soviet Union access to major computer centers in the Western world have been passed on by the hackers. They had been recruited by the KGB in 1985 and are alleged to have supplied the information in return for money and drugs. In Karlsruhe, the West German Chief Public Prosecutor's Office, which is in charge of spy cases, would only confirm last night that three arrests have been made March 2nd during house searches in Hannover and West Berlin. Those detained were suspected of "having obtained illegally, through hacking and in exchange for money, information which was passed on to an Eastern secret service." But the spokesman did not share West German television's evaluation, which said the case was the most serious since the unmasking in 1974 of an East German agent in the office of ex-Chancellor Willy Brandt. The Interior Ministry in Bonn last night also confirmed several arrests and said the suspects had supplied information to the KGB. The arrests followed months of investigations into the activities of young computer freaks based in Hamburg, Hannover and West Berlin, the ministry said. According to the television report, the hackers gained access to the data banks of the Pentagon, NASA Space Center, and the nuclear laboratory in Los Alamos. They also penetrated leading West European computer centers and armament companies, including the French Thomson group, the European Nuclear Research Center, CERN, in Geneva; the European Space Authority, ESA, and German companies involved in nuclear research. The Russians are alleged to have put pressure on the hackers because of their involvement with drugs, and to have paid several hundred thousands marks for information, the program said. West German security experts on the evening of March 2nd described the new spy case as "extremely grave." The KGB has been provided with a "completely new possibility of attack" on Western high technology and NATO military secrets. The sources said it was "sensational" that the hackers should have succeeded in penetrating the US defense data systems from Western Europe. The North German Broadcasting Network program said its research was based on information given by two members of the suspected espionage ring. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - KGB Computer Break-Ins Alleged In West Germany March 3, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken From the International Herald Tribune Bonn - Three West German computer hackers have been arrested on suspicion of infiltrating computer networks worldwide to obtain secret data for an East block intelligence service, prosecutors said on March 2nd. A spokesman for the federal prosecutor, Alexander Prechtel, confirmed that three men were arrested, but did not identify the East Block country involved or the networks infiltrated. The ARD television networks "Panorama" program, the thrust of which the spokesman confirmed, said the hackers had passed secrets from a range of highly sensitive U.S., French, and West German computer networks to the KGB, the Soviet secret police. The television report said it was the worst such espionage case to be uncovered in West Germany since the 1974 exposure of Guenter Guillaume, an East German spy who was a top aide to Willy Brandt, then the West German chancellor. Among the systems believed to have been infiltrated were the U.S.: Defense Department's staff data bank, the U.S. nuclear arms laboratory in Los Alamos, New Mexico, the National Aeronautics and Space Administration, and U.S. military supply depots. The report said other systems entered were at the French arms and electronics company Thomson SA, a European nuclear-research center in Geneva, the European Space Agency and the Max-Planck Institute for Nuclear Physics in West Germany. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - News From The KGB/Wily Hackers March 7, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Now, five days after the "sensational" disclosure of the German (NDR) Panorama Television team, the dust of speculations begins to rise and the facts become slowly visible; moreover, some questions which could not be answered in Clifford Stoll's Communications of the ACM paper may now be answered. Though not all facts are known publicly, the following facts seem rather clear. - In 1986, some hackers from West Berlin and Hannover discussed, in "hacker parties" with alcohol and drugs, how to solve some personal financial problems; at that time, first intrusions of scientific computers (probably CERN/Geneva as hacker training camp) and Chaos Computer Club's spectacular BTX-intrusion gave many hackers (assisted by newsmedia) the *puerile impression* that they could intrude *into every computer system*; I remember contemporary discussions on 1986/87 Chaos Computer Conferences about possibilities, when one leading CCC member warned that such hacks might also attract espionage (Steffen Wernery recently mentioned that German counter-espionage had tried several times to hire him and other CCC members as advisors -- unsuccessfully). - A "kernel group" of 5 hackers who worked together, in some way, in the "KGB case" are (according to Der SPIEGEL, who published the following names in its Monday, March 6, 1989 edition): -> Markus Hess, 27, from Hannover, Clifford Stoll's "Wily Hacker" who was often referred to as the Hannover Hacker and uses the alias of Mathias Speer; after having ended (unfinished) his studies in mathematics, he works as programmer, and tries to get an Informatics diploma at the University of Hagen (FRG); he is said to have good knowledge of VMS and UNIX. -> Karl Koch, 23, from Hannover, who works as programmer; due to his luxurious lifestyle and his drug addiction, his permanent financial problems have probably added to his desire to sell "hacker knowledge" to interested institutions. -> Hans Huebner, alias "Pengo," from Berlin, who after having received his Informatics diploma from Technical University of West Berlin, founded a small computer house; the SPIEGEL writes that he needed money for investment in his small enterprise; though he does not belong to the Chaos Computer Club, he holds close contacts to the national hacker scenes (Hamburg: Chaos Computer Club; Munich: Bavarian Hacker Post; Cologne: Computer Artists Cologne, and other smaller groups), and he was the person to speak about UUCP as a future communications medium at the Chaos Communication Congress. -> Dirk Brezinski, from West Berlin, programmer and sometimes "troubleshooter" for Siemens BS-2000 systems (the operating system of Siemens mainframe computers), who earned, when working for Siemens or a customer (BfA, a national insurance for employees) 20,000 DM (about $10,800) a month; he is regarded (by an intelligence officer) as "some kind of a genius." -> Peter Carl, from West Berlin, a former croupier, who "always had enough cocaine." No information about his computer knowledge or experience is available. After successfully stimulating KGB's interest, the group (mainly Hess and Koch) committed their well-documented hacks [See Clifford Stoll's "Stalking the Wily Hacker," Communications of the ACM, May 1988]. SPIEGEL writes that the group *sold 5 diskettes full of passwords*, from May to December 1986, to KGB officers which they met in East Berlin; when Bremen University computer center, their favorite host for transatlantic hacks, asked the police to uncover the reasons for their high telephone bills, they stopped the action. This statement of Der SPIEGEL is probably wrong because, as Cliff describes, the "Wily Hacker" successfully worked until early 1988, when the path from his PC/telephone was disclosed by TYMNET/German Post authorities. The German public prosecutors did not find enough evidence for a trial, when examining Hess' apartment; moreover, they had acquired the material in illegal actions, so the existing evidence could not be used and finally had to be scratched! In Hess' apartment, public prosecutors found (on March 3, 1989) password lists from other hacks. On Monday, March 6, 1989, the Panorama team (who had disclosed the NASA hack and basically the KGB connection) asked Klaus Brunnstein to examine some of the password lists; the material which he saw (for 30 minutes) consisted of about 100 photocopied protocols of a hack during the night of July 27 to 28, 1987; it was the famous "NASA hack." From a VAX 750 (with VMS 4.3), which they entered via DATEX-P (the German packed-switched data-exchange network, an X.25 version), where they evidently previously had installed a Trojan horse (UETFORT00.EXE), they tried, via SET HOST... to log-into other VAXes in remote institutes. They always used SYSTEM account and the "proper" password (invisible). Remark: Unfortunately, DEC's installation procedure works only if a SYSTEM account is available; evidently, most system managers do not change the preset default password MANAGER; since Version 4.7, MANAGER is excluded, but on previous VMS versions, this hole probably exists in many systems! Since the hackers, in more than 40% of the cases, succeeded to login, their first activities were to SET PRIV=ALL; SET PRIO=9, and then to install (via trans-net copy) the Trojan horse. With the Trojan horse (not displayed under SHow Users), they copied the password lists to their PCs. When looking through the password list, Klaus observed the well-known facts: More than 25% female or male first names, historical persons, countries, cities, or local dishes (in the Universities of Pisa, Pavia, and Bologna, INSALATA was/is a favorite password of several people). Only in CASTOR and POLLUX, the password lists contained less than 5% passwords of such nature easy to guess! Apart from many (about 39) unsuccessful logins, many different CERN/GENEVA, NASA systems (CASTOR, POLLUX, Goddard and Ames Space Flight Centers), several USA, GB, French, Italian and some German institutes connected in SPAN were "visited." The documented session was from July 27, 10 p.m. to July 28, 1 a.m. The media report that other hacks (probably not all committed by Hess and Koch themselves) were sold to KGB. Among them, Electronic and Computer Industry seem to be of dominant interest for the USSR. If special CAD/CAM programs and Megabit designs (especially from Thomson/France, from VAX systems) have been stolen, the advantage and value for the USSR cannot be (over)estimated. In FRG, the current discussion is whether the hackers succeeded to get into "kernel areas" or only "peripheral areas." This discussion is ridiculous since most "peripheral systems" contain developments (methods, products) for future systems, while the "kernel systems" mainly contain existing applications (of past architectures). The well-known hackers (especially CCC) have been seriously attacked by some media. My best guess is that CCC was itself *a victim* because the group succeeded to informally get much of the information which they needed for some of the hacks, and which they finally sold to KGB. Apart from "Pengo," there doesn't seem to be a close relation between CCC and the KGB/Wily Hackers. Nevertheless, CCC and others, like Cheshire Catalyst in the USA, have prepared a climate where espionage inevitably sprang-off. Information Provided By Klaus Brunnstein _______________________________________________________________________________ Pengo Speaks Out About The KGB Hackers And More March 10, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following are statements made by Pengo to Phrack Inc. during an interview with Knight Lightning; KL: What is your response to the accusations of being a KGB spy? P: I have been involved into this espionage circle throughout some months in 1986. I did not actually work for the KGB, nor did I hand out hacker information to the East. All my hacking activities since then have been for the pure purpose of personal enlightenment. I never hid my name before, and I won't go undercover now that the real story comes to the surface. In the middle of 1988, I informed the West German authorities (secret service) about my involvement with the KGB. This is one of the main reasons for the big busts last week. I have to live with the fact that some hackers now think I am working for the authorities now. I don't, and I will try anything to avoid getting into all these secret service/espionage problems again. KL: What about the statements made in DER SPIEGEL? P: They published my name and claimed that I was "very active" for the east, but also that I am the :most hopeful head in West Berlin's hacking scene." I now try to make the best out of this publicity. KL: Klaus Brunnstein made some strong statements about you in RISKS Digest, what did you think of that? P: It really upsets me a lot. Klaus Brunnstein doesn't know anything detailed about this case, but he seems to love seeing himself as the insider in the German scene. At the last congress I got in kind of a dispute with him. He could not understand why I, as a computer scientist, still support hackers. Perhaps this is one of the reasons for his publication. KL: Any other comments? P: What I would be interested in hearing about the reaction to this situation from the United States hackers' point of view. I have already heard that most people seem to believe that the whole Chaos Computer Club is an association of spies. This is of course untrue. KL: What do you intend to do about the bad press you have received? P: I have posted a reply to Brunnstein's posting in RISKS (shown in next article). Apart from Hagbard, those guys never were hackers, and it seems to turn out that they have really been mere spies. KL: Were there any other repercussions to this case besides bad publicity? P: Currently, I'm puzzling out a new way of earning money, since my company decided to fire me. That's what you get if you play with fire :-) Luckily, I'm optimist! -Pengo - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Pengo Speaks In RISKS Digest March 10, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In RISKS Digest, Klaus Brunnstein mentioned my name in the context of the hacker/espionage case recently discovered by the German authorities. Since Mr. Brunnstein is not competent to speak about the background of the case, I'd like to add some clarification to prevent misunderstandings, especially concerning my role. I think it is a very bad practice to just publish names of people without giving background information. I have been an active member of the net community for about two years now, and I want to explicitly express that my network activities have in no way been connected to any contacts to secret services, be it Western or Eastern ones. On the other hand, it is a fact that when I was younger (I'm 20 years old now), there had been a circle of people which tried to make deals with an eastern secret service. I have been involved in this, but I hope that I did the right thing by giving the German authorities detailed information about my involvement in the case in the summer of 1988. As long as the lawsuit on this case is still in progress, I am not allowed to give out any details about it to the public. As soon as I have the freedom to speak freely about all of this, I'll be trying to give a detailed picture about the happenings to anyone who's interested. I define myself as a hacker. I acquired most of my knowledge by playing around with computers and operating systems, and yes, many of these systems were private property of organizations that did not even have the slightest idea that I was using their machines. I think that hackers (people who creatively handle technology and not just see computing as their job) do a service for the computing community in general. It has been pointed out by other people that most of the "interesting" modern computer concepts have been developed or outlined by people who define themselves as "hackers." When I started hacking foreign systems, I was 16 years old. I was just interested in computers, not in the data which has been kept on their disks. As I was going to school at that time, I didn't even have the money to buy my own computer. Since CP/M (which was the most sophisticated OS I could use on machines which I had legal access to) didn't turn me on anymore, I enjoyed the lax security of the systems I had access to by using X.25 networks. You might point out that I should have been patient and wait until I could go to the university and use their machines. Some of you might understand that waiting was just not the thing I was keen on in those days. Computing had become an addiction for me, and thus I kept hacking. I hope this clears the question "why." It was definitely NOT to give the Russians any advantage over the USA, nor to become rich and get a flight to the Bahamas as soon as possible. The results of the court trial will reveal this again, but until then I want to keep rumors out that the German hackers were just the long (?) arm of the KGB to harm Western computer security or defense power. It should also be pointed out that the Chaos Computer Club has in no way been connected to this recent case, and again, that the CCC as an organization has never been a "hacker group." The CCC merely handles the press for hackers, and tries to point out implications of computers and communications for society in general. I have already lost my current job, because of my name being published in DER SPIEGEL and in RISKS. My business partners became anxious about my involvement in the case. Several projects I was about to complete in the near future have been cancelled, which forces me to start again at the beginning in some way. -Hans Huebner - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Klaus Brunnstein Reacts To Pengo In RISKS Digest March 14, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Pengo" Hans Huebner stated that he had no share in the KBG case as I mentioned in my report. Since I myself had no share in the KGB case (and in this sense, I am not as good a source as Pengo!), I tried to transmit only information where I had at least *two independent sources* of *some credibility*. In Pengo's case (where I was rather careful because I could not believe what I read), my two sources were: - The SPIEGEL report (I personally agree that names should be avoided as long as current investigations are underway; yet in this cases, the names have been widely published in FRG and abroad); - A telephone conversation with a leading Chaos Computer Club person after he had informed me about a public debate at Hannover fair (where the German daily business newspaper, Wirtschafts, which had organized a discussion with data protection people and CCC). I asked him whether he knew of Pengo's contribution; he told me that he directly asked Pengo, "Did you, without pressure and at your own will, work for the Russians?" Pengo answered, "Yes." He told me that he immediately cut-off any contact to Pengo. Evidently, there was a controversial discussion in Chaos Computer Club whether on should react in such a strict manner. I understand the strong reaction because the KGB hackers severely damaged the CCC's attempt to seriously contribute to the public discussion of some of the social consequences of computers. They now face, more seriously than before, the problem of being regarded as members of a criminal gang. -Klaus Brunnstein _______________________________________________________________________________