phrack/phrack41/13.txt
2022-06-06 12:59:29 +05:30

767 lines
41 KiB
Text

==Phrack Inc.==
Volume Four, Issue Forty-One, File 13 of 13
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN Phrack World News PWN
PWN PWN
PWN Issue 41 / Part 3 of 3 PWN
PWN PWN
PWN Compiled by Datastream Cowboy PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Boy, 15, Arrested After 911 Paralyzed By Computer Hacker October 7, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Caroline Mallan (The Toronto Star)(Page A22)
A 15-year-old boy has been arrested after a hacker pulling computer pranks
paralyzed Metro's emergency 911 service.
Police with Metro's major crime unit investigated the origin of countless calls
placed to the 911 service from mid-July through last month.
The calls were routed to emergency services in the Etobicoke area, said
Detective Willie Johnston, who led the investigation.
Phony medical emergency calls were reported and police, fire and ambulance
crews were dispatched on false alarms. On one occasion, the computer hacker
managed to tie up the entire 911 service in Metro -- making it unavailable for
true emergencies.
Police were not sure last night how long the system was shut down for but
Johnston said the period was considerable.
Staff Sergeant Mike Sale warned hackers that phony calls can be traced.
"A criminal abuse of the 911 emergency system will result in a criminal
investigation and will result in an arrest," Sale said, adding police had only
been investigating this hacker for a few weeks before they came up with a
suspect.
Bell Canada investigators helped police to trace the origin of the calls and
officers yesterday arrested a teen while he was in his Grade 11 class at a
North York high school.
Two computers were seized from the boy's home and will be sent to Ottawa to be
analyzed.
Johnston said police are concerned that other hackers may also be able to halt
the 911 service, since the computer technology used was fairly basic, although
the process of rerouting the calls from a home to the Etobicoke emergency lines
was very complex.
The calls went via computer modem through two separate phone systems in major
U.S. cities before being sent back to Canada, Johnston explained.
The suspect, who cannot be named under the Young Offenders Act, is charged with
theft of telecommunications, 24 counts of mischief and 10 counts of conveying
false messages.
He was released from custody and will appear in North York youth court November
6, police said.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Police Say They've Got Hackers' Number October 8, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by John Deverell (The Toronto Star)(Page A8)
Hackers, take note. Metro police and Ma Bell are going to get you.
A young North York computer freak accused of launching 10 false medical alerts
to 911 this summer may have learned -- the hard way -- that his telephone
tricks weren't beating the pros.
Police arrived with a search warrant at the home of the 15-year-old, arrested
him and carted away his computer.
He's charged with 10 counts of conveying false messages, 24 counts of mischief,
and theft of telecommunications.
Inspector Bill Holdridge, of 911 emergency services, said the false alarms in
July and August never posed any technical problem to his switchboard but
resulted in wild goose chases for the police, fire and ambulance services.
"Those resources weren't available for real alarms, which could have been a
serious problem," Holdridge said.
The 911 service, quartered at 590 Jarvis Street, gets about 7,000 calls a day,
of which 30% warrant some kind of emergency response.
Normally, a computerized tracing system takes only seconds to provide the
address and number of the telephone from which a call originates -- unless the
point of origin has been somehow disguised.
Apparently the 911 prankster got into the telephone system illegally and routed
his calls through several U.S. networks before bringing them back to Toronto.
Detective Willie Johnston said the boy's parents were stunned when police
arrived. "They really didn't have a clue what was going on," said Johnston.
The false emergencies reported were nowhere near the accused boy's home.
"Without condoning it, you could understand it if he were sitting around the
corner watching the flashing lights," said Johnston. "But they were miles
away. It defies logic."
Neither Johnston nor Holdridge would explain how they and Bell security finally
traced the false alarms. "That might just make other hackers try to figure out
another way," Holdridge said.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hackers Targeted 911 Systems, Police Say October 10, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Taken from United Press International
Authorities expect to make more arrests after penetrating a loose network of
computer hackers called the "Legion of Doom" they say tapped into corporate
phone lines to call 911 systems nationwide with the intent of disrupting
emergency services.
Prosecutors from Virginia, New Jersey and Maryland -- in conjunction with
investigators from two telephone companies -- traced some of the hackers and
closed in on three homes in two states.
A 23-year-old Newark, New Jersey man was arrested early on October 9th. He
faces several charges, including fraud. Other arrests are expected in two
Maryland locations.
The suspect, known by several aliases and identified by authorities only as
Maverick, told investigators the group's intent was "to attempt to penetrate
the 911 computer systems and infect them with viruses to cause havoc," said
Captain James Bourque of the Chesterfield County police in Virginia.
The probe is just beginning, according to Bourque. "Quite honestly, I think
it's only the tip of the iceberg," he said.
The hackers first penetrate the phone lines of large companies or pay phones,
then use those connections to call 911 lines, Bourque said. The hackers
usually make conference calls to other 911 services in other cities, tying up
communications in several locations simultaneously.
"One time we were linked up with Toronto and Los Angeles jurisdictions,"
Bourque said. "And none of us could disconnect."
Sometimes as many five hackers would be on the line and would make false calls
for help. Communications officers, unable to stop the calls, would have to
listen, then try to persuade the officers in other locales "that the call
wasn't real," Bourque said.
"Obviously, there's a real potential for disastrous consequences," he said.
One phone bill charged to a company in Minnesota indicated the scope of the
problem. The company discovered in a 30-day period that it had been charged
with more than $100,000 in phone calls generated by the hackers, according to
Bourque.
"I'm sure there are a multitude of other jurisdictions across the country
having the same problems," Bourque said.
People identifying themselves as members of the "Legion of Doom" -- which also
is the name of a pro wresting team -- have called a Richmond, Virginia
television station and ABC in New York in an attempt to get publicity, Bourque
said.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More On 911 "Legion Of Doom" Hacking Case October 20, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Barbara E. McMullen & John F. McMullen (Newsbytes)
NEW YORK CITY -- In a discussion with Newsbytes, Sgt. Kurt Leonard of the
Chesterfield County, Virginia Police Department has disclosed further
information concerning the on-going investigation of alleged 911 disruption
throughout the eastern seaboard of the United States by individuals purporting
to be members of the hacker group "The Legion of Doom" (LOD).
Leonard identified the individual arrested in Newark, New Jersey, previously
referred to only as "Maverick," as Scott Maverick, 23. Maverick has been
charged with terroristic threats, obstruction of a government function, and
illegal access to a computer. He is presently out on bail.
Leonard said that David Pluchino, 22, was charged to the same counts as
Maverick and an additional count of the possession of burglary tools. Leonard
said that Pluchino, the subject of a 1990 Secret Service "search and seizure"
action under the still on-going "Operation SunDevil" investigation," possessed
information linking him with members of the Legion of Doom.
The Legion of Doom connection has become the subject of controversy within the
online community. Although Maverick has been quoted as saying that he is a
member of the group and that the group's intent was "to attempt to penetrate
the 911 computer systems and inflect them with viruses to cause havoc," members
of the group have disavowed any connection with those arrested.
"Lex Luthor," one of the original members of the group, told Newsbytes when the
initial report of the arrests became public: "As far as I am concerned the LOD
has been dead for a couple of years, never to be revived. Maverick was never
in LOD. There have been 2 lists of members (one in Phrack and another in the
LOD tj) and those lists are the final word on membership."
He added, "We obviously cannot prevent copy-cats from saying they are in LOD.
When there was an LOD, our goals were to explore and leave systems as we found
them. The goals were to expose security flaws so they could be fixed before
REAL criminals and vandals such as this Maverick character could do damage. If
this Maverick character did indeed disrupt E911 service he should be not only
be charged with computer trespassing but also attempted murder. 911 is serious
business."
Lex Luthor's comments, made before the names of the arrested were released,
were echoed by Chris Goggans, aka "Erik Bloodaxe," and Mark Abene, aka "Phiber
Optik," both ex-LOD members, and by Craig Neidorf who chronicled the membership
of LOD in his electronic publication "Phrack."
When the names of the arrested became public, Newsbytes again contacted Lex
Luthor to see if the names were familiar. Luthor replied: "Can't add anything,
I never heard of them."
Phiber Optik, a New York resident, told Newsbytes that he remembered Pluchino
as a person that ran a computer "chat" system called "Interchat" based in New
Jersey. "They never were LOD members and Pluchino was not known as a computer
hacker. It sounds as though they were LOD wanabees who are now, by going to
jail, going to get the attention they desire," he said.
A law enforcement official, familiar with the SunDevil investigation of
Pluchino, agreed with Phiber, saying, "There was no indication of any
connection with the Legion of Doom." The official, speaking under the
condition of anonymity, also told Newsbytes that the SunDevil investigation of
Pluchino is still proceeding and, as such, no comment can be made.
Leonard also told Newsbytes that the investigation has been a joint effort of
New Jersey, Maryland, and Virginia police departments and said that, in
conjunction with the October 9th 2:00 AM arrests of Pluchino and Maverick, a
simultaneous "search and seizure" operation was carried out at the Hanover,
Maryland home of Zohar Shif, aka "Zeke," a 23 year-old who had also been the
subject of a SunDevil search and seizure.
Leonard also said that, in addition to computers taken from Pluchino, material
was found "establishing a link to the Legion of Doom." Told of the comments by
LOD members that the group did not exist anymore, Leonard said "While the
original members may have gone on to other things, these people say they are
the LOD and some of them have direct connection to LOD members and have LOD
materials."
Asked by Newsbytes to comment on Leonard's comments, Phiber Optik said "The
material he's referring to is probably text files that have been floating
around BBS's for years, Just because someone has downloaded the files certainly
doesn't mean that they are or ever were connected with LOD."
_______________________________________________________________________________
Complaints On Toll Fraud Aired at FCC En Banc Hearing October 13, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Art Brodsky (Communications Daily)(Page 1)
Customers of PBX manufacturers told the Federal Communications Commission (FCC)
they shouldn't be liable for toll fraud losses incurred because vendors never
told them of capabilities of their equipment that left companies open to
electronic theft. Their case was buttressed by one of country's leading toll-
fraud investigators, who told day-long en banc hearing that customers shouldn't
have to pay if they're victimized. Donald Delaney of the New York State Police
said toll fraud "is the only crime I know where the victims are held liable."
Toll fraud losses have been estimated to run into billions of dollars.
Commission's look at toll fraud came in context of what FCC can do to prevent
or lessen problem. Comr. Marshall said Commission's job would be to apportion
liability between vendors and customers. Comr. Duggan, who has been leader on
issue at Commission, said toll fraud was "hidden degenerative disease on the
body of business." He focused on insurance solution to problem, along with
sharing of liability. There are cases pending at FCC filed by AT&T customers
that deal with sharing of liability, and whether common carriers are protected
by tariffs from paying customers for losses. Witnesses told Commission it was
hard to find any law enforcement agency interested in problem, from local
police to FBI, in addition to difficulties with vendors. U.S. Secret Service
has statutory responsibility over toll fraud, said attorney William Cook, who
testified in afternoon session. There was general agreement that more customer
education was needed to prevent fraud, policy endorsed by Northern Telecom,
which has active customer education program.
AT&T came in for particular criticism in morning session as users said company
was insensitive to toll fraud problems. Thomas Mara, executive vice-president
Leucadia National Corp., whose company suffered $300,000 in toll fraud, said he
"had a hell of a time getting anybody at AT&T to pay attention" to problems his
company was encountering. Mara said his company saw level of 800 calls rise to
10,448 from 100. He said AT&T was supposed to notify users if there was any
"dramatic increase in volume, yet we were not notified of a thousandfold
increase in 800 number usage nor were we informed of an increase from a few
hours a month in international calls to thousands of hours by AT&T, only after
receiving our bills." Investigation found that 800 number connecting Rolm
switch to company's voice mail was hackers' entry method, Mara said.
Clearly angry with AT&T, Mara said he has "a feeling they use it as a profit
center." Lawrence Gessini, telecommunications director for Agway Corp. of
Syracuse, agreed, saying: "Toll fraud should not become a rationale for higher
profits for carriers." He told FCC that new programs introduced by long
distance carriers won't solve problem because of constraints, limitations and
expense.
Speaking for International Communications Association (ICA) user group, Gessini
said problems occur because new technologies allow more types of fraud and
because "old tariff concepts" that limit common carrier liability "distort
market incentives." Vendors, he said, are "generally lackadaisical and are
slow to correct even known problems in their hardware, firmware and software,"
and give low priority to complaints. ICA advocated 5 principles including FCC
inquiry into fraud, creation of advisory committee and willingness of
Commission to protect users.
Geoffrey Williams, industry consultant and telecommunications manager for
IOMEGA Corp., said AT&T has been "most notable" for asking for restitution,
while Sprint and MCI are more lenient. MCI doesn't charge users for first
hacking incident, he said, but after that users are on their own.
AT&T defended itself in afternoon session, when International Collections Dist.
Manager Peter Coulter rejected users' accusations, saying company had increased
customer education program "dramatically" since last year. He insisted that
AT&T is "very concerned" by toll fraud: "Contrary to what some people want to
believe, no long distance carrier is making a profit off toll fraud." He said
AT&T had 6,000 customers attend equipment security seminars in 1991, but that
number had been exceeded in first 6 months of 1992. He said results of
increased education program were "only preliminary" but his group was receiving
"a lot more accommodations" than complaints from customers.
Coulter, while never admitting that company should shoulder any financial
liability, admitted that "things are different now" as to how AT&T approaches
toll fraud problem. He said that within AT&T it used to be hardware division
vs. service division. "The hardware guys said it was a service problem, the
service guys said it was the hardware's fault," Coulter said. But now both
divisions are "working together on the problem . . . we're talking to each
other."
Delaney of N.Y. state police gave the FCC a picture of the toll fraud situation
dominated by as few as 15 practitioners, most of whom gain illegal entry to
telephone systems simply by dialing numbers for hours on end. Those so-called
"finger hackers," rather than computer hackers, are responsible for 90% of
fraud, he said, telling Commission that equipment vendors should be held
accountable for fraud. Most fraudulent calls go to Pakistan, Colombia and
Dominican Republic, he said.
Delaney pointed out practical objection to further vendor education problem,
telling commissioners that for vendor to engage in education would also be to
admit there could be problem with equipment security, something sales people
don't want to do. He said some customers had been sold systems and didn't know
they had capability for remote access -- means used by hackers to gain entry.
_______________________________________________________________________________
Hanging Up On Hackers October 12, 1992
~~~~~~~~~~~~~~~~~~~~~
by Miriam Leuchter (Crain's New York Business)(Page 21)
"Thieves tap phone systems, but business cuts the line."
Ron Hanley suspected a technical glitch when his company's telephone bill
listed an unusually large number of calls lasting four seconds to its 800-
number from New York City. But the executive at Dataproducts New England in
Wallingford, Connecticut didn't lose sleep over the problem -- until he got a
call two months later from the security department at American Telephone &
Telegraph Co.
Dataproducts had been hacked. Two days after that, Mr. Hanley got a bill
confirming the bad news: In one 24-hour period, street-corner phone users in
New York had made some 2,000 calls to the Caribbean on the company's line,
ringing up about $50,000 in tolls.
Dataproducts is not alone. Estimates of the cost of telecommunications fraud
in the United States each year run from $1 billion to as much as $9 billion.
According to John J. Haugh, editor of Toll Fraud and Telabuse and chairman of a
Portland, Oregon consulting firm, losses reached $4 billion in 1991 and are
expected to climb 30% in 1992.
Some 35,000 businesses and other users -- such as foundations and government
agencies -- will be hit this year. In the first six months, Mr. Haugh says,
more than 900 New York City companies were victims of telephone-related fraud.
"If you have a PBX system or calling cards or voice mail, you are vulnerable,
exceedingly vulnerable," says Peggy Snyder, executive director of the
Communications Fraud Control Association, a national information clearinghouse
based in Washington. "As technology gets more user-friendly, the opportunity
to commit a crime is much greater."
Armed with computers, modems and sometimes automatic dialers or random-number
generating software, high-technology thieves can use your telephone system as
if it is their own -- without having to pay the tolls. The series of very
short calls Mr. Hanley spotted on one phone bill should have tipped off his
800-number service provider -- which he had alerted when he spotted the pattern
-- that hackers were trying to break into his system.
Who are these hackers -- a term used to describe someone who uses a telephone
or computer to obtain unauthorized access to other computers? Many are
teenagers or young adults out to demonstrate their computer skills and make
some mischief. Five young New Yorkers are awaiting trial in federal court on
unauthorized access and interception of electronic communications charges in
one widely publicized telephone fraud case.
A much smaller proportion are more serious criminals: drug dealers, money
launderers and the like, who don't want their calls traced. In one case, Ms.
Snyder cites a prostitution ring that employed unused voice mail extensions at
one company to leave and receive messages from clients.
Many hackers have connections to call-sell operators who set up shop at phone
booths, primarily in poorer immigrant neighborhoods in cities from New York to
Los Angeles. For a flat fee -- the going rate is $10, according to one source
-- callers can phone anywhere in the world and talk as long as they want. The
hawker at the phone booth pockets the cash and someone else pays the bill.
Perhaps 15 to 20 so-called finger hackers (who crack authorization codes by
hand dialing) distribute information to call-sell operators at thousands of
locations in New York. According to Don Delaney, a senior investigator for the
New York State Police, the bulk of such calls from phone booths in the city go
to the Dominican Republic, Pakistan and Colombia.
Hackers may use more than technical skill to gain the access they want.
Sometimes they practice "social engineering" -- talking a company's employees
into divulging information about the telephone system. Or they manage a
credible imitation of an employee, pretending to be an employee.
In one of the latest schemes, a fraudulent caller gets into a company's system
and asks the switchboard operator to connect him with an outside operator. The
switchboard assumes the caller is an employee who wants to make a personal call
on his own calling card.
Instead, he uses a stolen or hacked calling card number. The fraud goes
undetected until the card's owner reports the unauthorized use to his long-
distance carrier. If the cardholder refuses to pay the charges, the phone
company traces the calls to the business from which they were placed. Because
it looks as if the call came from the company, it is often held liable for the
charge.
In another new twist, a hacker gains access to an unused voice mail extension
at a company, or takes over someone's line at night or while the regular user
is on vacation. He changes the recorded announcement to say, "Operator, this
number will accept all collect and third-party calls." Then the hacker -- or
anyone else -- can telephone anywhere in the world and bill the charges to that
extension.
Sometimes the fraud is much more organized and sophisticated, however. Robert
Rasor, special agent in charge of the financial crime division of the U.S.
Secret Service, gives an example of a three-way calling scheme in which hackers
tap into a phone system in the United States and set up a separate network that
allows people in other countries to call each other directly. "The
Palestinians are one of the more prominent groups" running these sorts of
fraud, he says.
But no matter who the end user is, businesses like Dataproducts end up footing
the bill. Personal users are generally not held liable for the unauthorized
use of their calling card numbers. Under current regulation, a business is
responsible for all calls that go through its equipment, whether or not those
calls originated at the company.
This hard fact rankles Mr. Hanley. "It's totally frustrating and almost
unbelievable that you're responsible for this bill. It's really frightening
for any company."
Dataproducts's liability was relatively small compared with the $168,000
average Mr. Haugh calculated in a study he made last year. It could have been
worse yet.
"The largest case I've ever seen in the metropolitan region was a company that
lost almost $1 million within 30 days," says Alan Brill, managing director of
the New York corporate security firm Kroll Associates Inc.
"It was a double whammy, because even though their long-distance carrier saw a
suspicious pattern of calls and blocked access to those area codes, the company
didn't know its PBX system would automatically switch to another carrier if
calls couldn't go through," Mr. Brill says. "So the company got a bill for
$300,000 from its primary carrier and a $600,000 bill from the secondary
carrier."
Both AT&T and Sprint Corp. offer service plans that limit liability to $25,000
per fraud episode for their business customers. Mr. Brill advises companies to
evaluate the cost-effectiveness of these plans in great detail, because in
order to be eligible for coverage companies must take certain steps to minimize
their risk. "If you reduce your risk significantly, you may not need the
coverage," he says.
The plans require customers to respond to a problem in as little as two hours
after notification of unauthorized calls. Doing so will stem your losses in
any event. "You also have to think about how you're staffed," adds Mr. Brill.
"Can you act that fast?"
_______________________________________________________________________________
PWN Quicknotes
~~~~~~~~~~~~~~
1. HACKER PARTY BUSTED (by Robert Burg, Gannett, 11/3/92) -- "PumpCon Popped!"
-- WHITE PLAINS, New York -- Police say a Halloween party they broke up
Sunday (11/1/92) was more than just a rowdy party - it also was a computer
hacker party.
Three men were charged with unauthorized use of a computer and attempting
computer trespass. A fourth man was arrested on an outstanding warrant
involving violating probation on a charge of computer fraud in Arizona,
Greenburgh Detective Lt. Cornelius Sullivan said.
Security officers at the Westchester Marriott contacted police after
noticing an unusual number of people entering and leaving one room. Police
said that when they arrived, there were 21 people inside and computers
hooked up to telephone lines. Police said they also found telephone credit
cards that did not belong to any of the people present.
The three charged with unauthorized use of a computer and attempted
computer trespass were Randy Sigman, 40, of Newington, Connecticut; Ronald
G. Pinz, 21, of Wallingford, Connecticut and Byron Woodard, 18, of
Woonsocket, Rhode Island.
They were being held at the Westchester County Jail in Valhalla pending
arraignment.
The man charged on the warrant, Jason Brittain, 22, of Tucson, Arizona, was
being held without bail pending arraignment.
The Westchester County District Attorney frauds division seized the
computer hardware, software, and other electrical equipment.
Sullivan said the party-goers heard about the party through computer
bulletin boards.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2. COMPUTER ACCESS ARRESTS IN NEW YORK (Barbara E. McMullen & John F.
McMullen, Newsbytes, 11/3/92) -- GREENBURGH, NEW YORK -- The Greenburgh,
New York Police Department has announced the arrest of three individuals,
Randy P. Sigman, 40; Ronald G. Pinz, Jr, 21; and Byron J. Woodard, 18 for
the alleged crimes of Unauthorized Use Of A Computer and Attempted Computer
Trespass, both misdemeanors. Also arrested was Jason A. Brittain, 22 in
satisfaction of a State of Arizona Fugitive From Justice warrant.
The arrests took place in the midst of an "OctoberCon" or "PumpCon" party
billed as a "hacker get-together" at the Marriott Courtyard Hotel in
Greenburgh. The arrests were made at approximately 4:00 AM on Sunday
morning, November 1st. The three defendants arrested for computer crimes
were granted $1,000 bail and will be arraigned on Friday, November 6th.
Newsbytes sources said that the get together, which had attracted up to
sixty people, had dwindled to approximately twenty-five when, at 10:00
Saturday night, the police, in response to noise complaints arrived and
allegedly found computers in use accessing systems over telephone lines.
The police held the twenty-five for questioning and called in Westchester
County Assistant District Attorney Kenneth Citarella, a prosecutor versed
in computer crime, for assistance. During the questioning period, the
information on Brittain as a fugitive from Arizona was obtained and at 4:00
the three alleged criminal trespassers and Brittain were charged.
Both Lt. DeCarlo of the Greenburgh police and Citarella told Newsbytes
that the investigation is continuing and that no further information is
available at this time.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3. U.S. PRISON SENTENCE FOR COMPUTER HACKER (New York Law Journal, 10/15/92,
Page 7) -- A Brooklyn man was sentenced yesterday to eight months in prison
for buying passwords from a computer hacker group known as the "masters of
deception" [MOD] for resale to others seeking access to confidential credit
reports.
Morton Rosenfeld, 21, received the sentence in federal court in Manhattan
after pleading guilty in June to obtaining the unauthorized access devices
to computer data bases operated by TRW Information Services and other
credit reporting companies.
The sentence, imposed by Southern District Judge Shirley Wohl Kram, is
believed to be among few prison terms levied for computer-related offenses.
Meanwhile, charges are pending against Mr. Rosenfeld's alleged source: the
five members of the masters of deception, young men in their teens and
20's. The five were accused in July of breaking into computer systems run
by credit reporting services, telephone companies and educational
institutions.
For more information about the indictment and case against MOD, see ALL the
articles in PWN 40-2.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4. 2ND ONLINE LEGAL GUIDE RELEASED (by Barbara E. McMullen & John F. McMullen,
Newsbytes, 10/13/92) -- NEW YORK CITY -- PC Information Group has announced
the release of SysLaw, Second Edition: The Legal Guide for Online Service
Providers by attorneys Lance Rose and Jonathan Wallace.
According to the company, "Syslaw provides BBS sysops, network moderators
and other online service providers with basic information on their rights
and responsibilities, in a form that non-lawyers can easily understand."
Subjects covered by the book include the First Amendment, copyrights and
trademarks, the user agreement, negligence, privacy, criminal law, searches
and seizures, viruses and adult materials. The company claims that SysLaw
not only explains the laws, but that it gives detailed advice enabling
system operators to create the desired balance of user services, freedom,
and protection from risk on their systems."
Co-author Lance Rose told Newsbytes: "In the four years since the
publication of the first edition, the electronic community has become
alerted to the first amendment dimensions of the on-line community."
"The first amendment has profound implications to the on-line community
both to liberate providers and users of on-line systems and to protect them
from undue legal harassment. There has, in the last few years, been a lot
of law enforcement activity effecting bulletin board systems, including the
Steve Jackson and Craig Neidorf/Phrack cases," he said.
Rose continued, "The new edition incorporates these new developments as
well as containing new information concerning on-line property rights, user
agreements, sysop liabilities, viruses and adult material contained on
online systems."
SysLaw is available from PC Information Group, 1126 East Broadway, Winona,
MN 55987 (800-321-8285 or 507-452-2824) at a price of $34.95 plus $3.00
shipping and (if applicable) sales tax.
Press Contact: Brian Blackledge, PC Information Group, 800-321-8285
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5. YET ANOTHER BOOK ABOUT THE COMPUTER UNDERGROUND (The Daily Telegraph,
12/14/92, Page 25) -- Approaching Zero: Data Crime and the Computer
Underworld by Bryan Clough and Paul Mungo (Faber & Faber, L14.99) -- A look
at the world of Fry Guy, Control C, Captain Zap and other hackers to blame
for the viruses, logic bombs and Trojan horses in the world's personal
computer networks.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6. HONOR STUDENT NABBED IN COMPUTER FRAUD (The Washington Times, 11/9/92, Page
A6) -- BROOKSVILLE, FLA.-- Three high school honor students have been
accused of stealing tens of thousands of dollars worth of long-distance
calls as computer hackers.
Brian McGrogan, 16, and Edmund Padgett, 17, who were charged as adults, and
a 15-year-old allegedly tapped private telephone systems and dialed into an
international hacking network. One company's loss was $36,000.
"These are very sharp, intelligent kids," Hernando County sheriff's Captain
Richard Nugent said after the arrests. "It's a game to them. It's a
sport."
Some calls were made to computer bulletin boards in the United Kingdom,
Germany and Canada, where a loose network of hackers allegedly shared
information about how to obtain computer data and access information.
Arrests in the case also were made in New York and Virginia, Captain Nugent
said.
The two older boys were booked on charges of organized fraud and violation
of intellectual property. The third boy was released to his parents.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7. A CORDLESS PHONE THAT CAN THWART EAVESDROPPERS (Business Week, 8/3/92) --
To industrial spies and other snoops, the millions of cordless phones in
use are goldmines of information. Conversations can be plucked out of the
air by means of a police type scanner, and with increasing ease. The
latest no-cord technologies offers clearer sound and longer ranges -- up to
half a mile. That's because the new phones broadcast signals at 900 MHz,
or 20 times the frequency of current models.
Cincinnati Microwave, Inc. (the radar detector people) figures executives
and consumers will pay a small premium for cordless privacy. The company
has developed a phone, to be marketed in October by its Escort division for
about $300, that thwarts eavesdroppers with "spread spectrum" technology,
which is similar to the encryption method that the military uses in secure
radios. The signals between the handset and base unit are digitized,
making them unintelligible to humans, and the transmission randomly hops
among various frequencies within the 900 MHz spectrum. To keep the cost
down to the range of other 900 MHz models, Cincinnati Microwave has
developed special microchips that keep the handset and base in sync.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
8. NEW AREA CODE -- As of November 1, 1992, a new 210 area code is serving 152
communities in the San Antonio and Rio Grande Valley areas.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9. FOR SALE: PHONE-PHREAKING TOOLS (Brigid McMenamin, Forbes, 8/3/92, Page 64)
-- From his remote outpost in Alamogordo, New Mexico, John Williams makes a
nice living telling hackers how to rip off phone and computer systems.
Williams says he brings in about $200,000 a year publishing books on
everything from credit card scams and cracking automated teller machines to
electronic shoplifting, cellular phone phreaking and voice mailbox hacking,
each costing $29 to $39, and each complete with precise instructions. He
even sells Robofones, which save hackers from doing a lot of dialing while
they steal access codes.
Isn't what he does illegal? Perhaps it should be, but it isn't. Wrapping
himself in the First Amendment, Williams is a member in good standing of
the Alamogordo Chamber of Commerce and the New Mexico Better Business
Bureau. He thumbs his nose at companies and authorities that would like to
make him stop selling such secrets. "We don't promote fraud," he insists.
"It's all sold for educational purposes only. If we didn't publish the
information, it would still be out there."
But last year Williams got a visit form the Secret Service, which was
following up on a telephone fraud case in which one of his publications
figured prominently.
In Gainsville, Florida, in November 1990, two young men were locked up by
police for hacking into voice-mail systems and then making calls to 900
numbers. One of the pair, known as the Shark, then 20, confessed to the
crime, but said he was on assignment for Williams' Consumertronics
publication. The culprits could have been given five years on the fraud
charge alone. But the victim didn't want any publicity, so the state let
them do 50 hours of community service instead.
The Secret Service went to talk to Williams. Williams assured agent James
Pollard that he'd never told the Shark to do anything illegal.
Nevertheless, says Williams, the agent implied that Williams and members of
his family who work for him might be prosecuted for publishing voice-mail
access codes.
In the end, no charges were filed against Williams, who admits he has a
thing against big business, especially the phone companies. "For decades,
they financed right-wing regimes in Latin America," he rants.
It's a crazy world, that of the telephone toll fraudsters.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
10. NEW YORK STATE POLICE DECRIMINALIZE THE WORD "HACKER" (Barbara E. McMullen
& John F. McMullen, Newsbytes, 10/21/92) -- ALBANY, NEW YORK -- Senior
investigator Ron Stevens of the New York State Police Computer Unit has
told Newsbytes that it will be the practice of his unit to avoid the use of
the term "hacker" in describing those alleged to have committed computer
crimes.
Stevens told Newsbytes, "We use the term computer criminal to describe
those who break the law using computers. While the lay person may have
come to understand the meaning of hacker as a computer criminal, the term
isn't accurate. The people in the early days of the computer industry
considered themselves hackers and they made the computer what it is today.
There are those today who consider themselves hackers and do not commit
illegal acts."
Stevens had made similar comments in a recent conversation with Albany BBS
operator Marty Winter. Winter told Newsbytes, "'Hacker' is, unfortunately
an example of the media taking what used to be an honorable term, and using
it to describe an activity because they (the media) are too lazy or stupid
to come up with something else. Who knows, maybe one day 'computer
delinquent' WILL be used, but I sure ain't gonna hold my breath."
Stevens, together with investigator Dick Lynch and senior investigator
Donald Delaney, attended the March 1992 Computers, Freedom and Privacy
Conference (CFP-2) in Washington, DC and met such industry figures as Glenn
Tenney, congressional candidate and chairman of the WELL's annual "Hacker
Conference"; Craig Neidorf, founding editor and publisher of Phrack; Steven
Levy, author of "Hackers" and the recently published "Artificial Life";
Bruce Sterling, author of the recently published "The Hacker Crackdown";
Emmanuel Goldstein, editor and publisher of 2600: The Hacker Quarterly" and
a number of well-known "hackers."
Stevens said, "When I came home, I read as much of the literature about the
subject that I could and came to the conclusion that a hacker is not
necessarily a computer criminal."
The use of the term "hacker" to describe those alleged to have committed
computer crimes has long been an irritant to many in the online community.
When the July 8th federal indictment of 5 New York City individuals
contained the definition of computer hacker as "someone who uses a computer
or a telephone to obtain unauthorized access to other computers," there was
an outcry on such electronic conferencing system as the WELL (Whole Earth
'Lectronic Link). Many of the same people reacted quite favorably to the
Stevens statement when it was posted on the WELL.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
11. STEVE JACKSON GAMES TRIAL DATE SET -- Mike Godwin, General Counsel for the
Electronic Frontier Foundation, announced on December 23rd that the case
of Steve Jackson Games, et.al. v. The United States Secret Service et. al.
will go to trial in Austin, Texas on Tuesday, January 19, 1993.
_______________________________________________________________________________