💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › REVIVAL › rvlcissd.002 captured on 2022-06-12 at 14:10:31.
-=-=-=-=-=-=-
----=[ CiSSD ]=---- is happy happy joy joy over Issue #2 of
__ /\
|__| \ \ :
_____ _____ _____ _____> \____ __|__ _
| . | __| | > | | > | |
---===[ | /_ __| /| | / _ | |__ ]===---
__|__|__|_____| _/ |__|___/__|__|_____|
| | / | | :
. \/ . : .
.
- WAR! -
=========================================================================
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY MAR (C) 1993/94
-------------------------------------------------------------------------
"Backstabbers. All of you are traitors..."
Well, that hurt. For two weeks, we all ate & slept fear, of Short
Mans anticipated arrest. We schemed around the clock to stop it, and
shamefully, we even schemed around the clock to make sure he wouldn't
rat. We protected our informants, and we didn't allow ANYBODY to get in
the way of our minute moral fiber that told us this arrest was wrong. I
personally found it hard to believe that the local blink who gets off on
telling 976 operators about his "Steel Penis" (The replacement because of
his mining accident), had enough time, or reason in the world, to run up
a $35000 phone bill for some PBX that isn't even in Canada.
We'd spoken about dissasociating with him before. He was the cause
of 911 pranks galore on our teleconferences.. he was the reason for some
international tension in our hacking circles.. he could even have been
the reason for an FBI investigation that brushed the livelyhood out of
our original 800 meridian, but he didn't understand.. and we never
considered his foolish mistakes an act of war. We liked Short Man..
despite our amazing problems with him, some might even say we loved him.
But it only took one sentence to break it all down.. one person to
say "don't trust them.".. one anti CiSSD comment, to scare Short Man into
submission. Now he's busted, and we all fear prosecution. You can't trust
someone who can't trust you.
- Terminator X(Ed)
WARNING: THE FOLLOWING TEXT CONTAINS MATERIAL WHICH MAY BE
CONSIDERED OFFENSIVE BY SOME. CISSD AND ITS MEMBERS BEAR NO
LIABILITY ON THE PART OF THE READER. READ AT YOUR OWN RISK.
DISCLAIMER: THE INFORMATION PRESENTED IN THE FOLLOWING TEXT IS
NOT INTENDED TO BE USED FOR PURPOSES CONTRARY TO LAWS IN THE
COUNTRY WHERE THE READER RESIDES. DUE TO AN INTERNATIONAL
DISTRIBUTION, OUR CHOSEN TOPICS WILL PROVIDE INFORMATION THAT
COULD POTENTIALLY BE USED FOR PURPOSES ILLEGITIMATE IN NATURE.
CISSD, AND ITS MEMBERS THEREFORE, BEAR NO RESPONSIBILITY FOR
THE ACTIONS OF THE READER, BE THEY A DIRECT, OR INDIRECT RESULT
OF READING THE FOLLOWING TEXT.
NOTE: BY READING BEYOND THIS POINT, YOU ARE AGREEING TO THE
CONDITIONS IN THE ABOVE WARNING, AND DISCLAIMER.
BTW, it should be noted that this file was, for the most part,
written in Canada; a country where freedom of expressions
existance is limited not only by public outcry, but also by
conflicting government legislation. CiSSD will not hesitate to
challenge the conflicting laws should any legal action occour
as a result of our controversial publication.
---
"We seem to be totally defenseless against these people. We have
repeatedly rebuilt system after system and finally management
has told the system support group to ignore the problem. As a
good network citizen, I want to make sure someone at network
security knows that we are being raped in broad daylight. These
people freely walk into our systems and are taking restricted,
confidential and proprietary information." - Digital Employee
---
TABLE OF CONTENTS
ITEM CONTRIBUTOR(S) LINE
==== ============== ====
Editorial Terminator X 16
Warning, Disclaimer -- 45
Table of Contents -- 82
[CiSSD] News and Natterings The Dope Man 142
[CiSSD] Meetings & Materials Terminator X 225
Bell Canada's Intent Towards Hackers The Dictator 278
Save The Scene! The Dope Man 338
Revival Discussion, From The Readers [Echo Of The Damned] 421
Abuse in the Home and School Terminator X 447
Free Calls, Third Billing Terminator X 526
Feature - 'All Systems Secure' 567
: DDN Security Management Lister 580
: Procedures for Host
: Administrators
: Canadian Telecom Safety The Dope Man 2832
: Checklist
News Bytes (and usually bites too) 2931
: Phone fraud bill $100 million Lister 2941
: Bell anxious to compete in Terminator X 3032
: cable, other markets
: $200M plea in TV battle Terminator X 3108
Erratum - Corrections from last issue Terminator X 3188
CiSSD Membership Information Terminator X 3219
Last Words From the Editor Terminator X 3254
119895 ]-[bytes]-------------------------------------------[lines]-[ 3307
---
"A sudden hot sweat had broken out all over Winston's body. His
face remained completely inscrutable. Never show dismay! Never
show resentment! A single flicker of the eyes could give you
away." - George Orwell, Nineteen Eighty Four
---
[CiSSD] NEWS AND NATTERINGS
The Dope Man
NEW MEMBERS
Well, its been a long 3 months since the last issue of REVIVAL, and
a lot has gone on in this time. Apart from the misunderstanding with
Zencor, DNR on a few lines and other such news (which is common to all
area codes), CiSSD has acquired a few new members.
As director of the group, it is my privilege to welcome our two
newest members, The Dictator and Hypnotech. We at CiSSD are confident we
have make good decisions... Both will make submissions to REVIVAL
and we are confident that good choices have been made in both cases.
If YOU feel you might have what it takes to be a CiSSD member, then
let us know! Our phone number appears at the bottom of this text, so
give us a call. Remember , you don 't have to be a Phreak or Hacker to
become a member. CiSSD has many legitimate interests, and talented
applicants may apply.
LAMERS OF THE MONTH
Short Man You've been singing too much Snow to have
turned Informer.
Viral Infector Didn't your mom tell you to think before you
open your mouth? We're waiting for your apology.
Napoleon You used Hypnotech to keep your wannabe Kode
KiDDie virus group alive. Then you had the nerve
to tell him you didn't need his service any
longer. Where are you and your group now?
Silver Foxx You are a moron.. never change the password on
an admin box! You got our 800 taken down cause
of your stupid ass power trip. Look at all the
power you've been left with now!
KLM Computers For being wit' Evan Towle, so to speak. Just
as a little reminder, Evan Towle put our
legitimate business practice under, by
propogating slanderous misinformation about our
product sources.. watch out for Evans under the
counter deals.. <smirk>
Its people like this that kill the scene. Why are they allowed
to exist until shit jumps off? Its inevitable, yet we wait for it to
happen.... We seek to discipline rather than prevent.
It isn't working.
Bruce Sterling said something at the end of "The Hacker Crackdown"
that fits rather well,
"It is the end of the amateurs"
Its both true and necessary. The lame jeopardize our existence.
I don't suggest not letting people learn, everyone must have a
"lame" period of knowing little, but more that those with lame attitudes
must be dealt with in some way. They jeopardize everything, yet can we
censor just as the government does? What do we sacrifice?
Do we go down with our morals intact? Or make a trade-off?
Its a decision that must be made for each individual, yet an issue
that must be dealt with immediately.
---
[CiSSD] MEETINGS & MATERIALS
Terminator X
CiSSD will hold monthly formal meetings for members, and informal
meetings for members and non-members alike. At current, CiSSD public
meetings only take place in Toronto. At current, we are planning a CiSSD
public meeting at the Rennesaince Hotel in Downtown Toronto Ontario,
on Sunday April 18 1993. Dress will be casual, and topics discussed open
to suggestion, as well as a fixed political agenda.
Plans are currently tentative. For confirmation of this meeting,
dial +1 416 417 0214. If you plan to attend, please leave a message, so
we have an idea of how many to expect. Public meetings are new for us,
and positive response can make them happen on an ongoing basis.
Date: Sunday April 18, 1993
Time: x:00 XX EST
Place: Rennesaince Hotel Lobby Downtown
City: Toronto, Ontario -- CANADA
Agenda: Group Membership Recruits and New Members Introductions
: Hacking ethic.. Who's gain, who's loss?
: General discussion, news discussion..
: Hacking info
: Pizza or McDonalds
Info: +1 (416) 417 0214
CiSSD promotional material will be avaliable soon. T-Shirts, Sweat-
Shirts, bearing the CiSSD logo will find a home in your home, if you
let them. As info becomes avaliable it will be released on our hotline;
+1 (416) 417 0214.
---
"Some of the devices used to best the computer are engagingly
simple -- as in the case of a young man who, obviously knowing
something about the ways of computers, applied for and received
a twelve-month installment loan from a New York bank. On
receiving from the bank, together with the loan, the book of
computer coded coupons he was supposed to send in with his
monthly payments, he tore out the last payment coupon in the
book instead of the first and sent it into the bank along with
one month's payment. He then received a computer-generated
letter from the bank thanking him effusively for paying off his
loan so promptly and assuring him of his excellent credit
standing. The young man didn't exactly steal from the bank --
he just left it up to the computer to make the next move."
- Thomas Whiteside, Computer Capers
---
BELL CANADA'S INTENT TOWARDS HACKERS
The Dictator
In a conversation I had recently with two internal members of Bell
Canada, I was priveledged to learn that bell "Frankly doesn't even
recognise a problem of system hackers and Long-Distance Phreakers, apart
from calling-card fraud."
It seems as though Bell Canada (who incedentally profited in excess
of $950 Million last year) doesn't find everyday phreaks a problem, even
going so far as to call 416 686-5890 a 'Fluke'. "The [Bell] Hiearchy is
too short-sighted to realize that there is definately the potential for
repeated hacking of PBX's, seeing how there population has grown to over
1000 in the metro area alone" said one Bell official. This attitude seems
to hold for other segments of H/P/V as well. "We don't even want to catch
the hacker," said a Bell investigations officer, "We just want to find
out how, and more importantly, why they hack." Bell believes Hackers to
be nothing more than bacteria on the phone trunks.
Bell Canada does not intend to alter service any further to deal
with hackers , and believes overseas billing via payphones will be
reinstated before 1994. Also, they have no intentions to stop third-
billing overseas from Non-Millenium (Digital) Payphones. "We can see no
purpose in affecting our customers' service any further."
When it comes to Cam-Net, Unitel, UTI and others' hacking problems,
a bell official simply stated that "They should get used to it. This is
the real world. If you can't forsee hacking of your services, you
shouldn't be offering them." It should also be noted that Bell wished no
part of Short-Man's trial. "Why should we get involved? He's just the
scum hackers scrape off of their shoes in the morning. Nothing would be
gained by prosecuting him. Besides, amassing the evidence would be more
exspensive than what we could possibly hope to charge him with," was the
response of a bell investigations officer.
With all this, Bell still intends to go ahead with their 800-Dialup
service which will allow you to third-bill to any number, regardless of
wether the number accepts the charges or not, by simply offering your
Visa or MC number in case the charges are reversed. "We have no
intention of offering a credit-card dialing service," stated one bell
official, "But we believe that this service will be benificial to our
customers, as well as sucessfully detering hackers.
All in all, Bell stills seems uptight in believing that they can't
be hacked into for any signifigant sum of money. That would seem to
leave most of us in 416 safe for the time being.
---
"Why should we get involved? He's just the scum hackers scrape
off their shoes in the morning. Nothing would be gained by
prosecuting him. Besides, amassing the evidence would be more
expensive than what we could possibly hope to charge him
with," - Bell Investigations Officer <See Above Article>
---
SAVE THE SCENE!
The Dope Man
The computer underground is in a time of crisis. Ten years ago,
being a hacker was an ideal, something that every kid who ever watched
War Games wanted to do, but couldn't. Back then, the scene was tiny and
efficient and busts were scarce. However, in 1993 things have changed.
In fact, one can hardly recognize the underground. Busts are commonplace
and even the average person with a modem can access deviency text files.
However, these developments pale in comparison with the one true issue,
the one thing that will be the end of it all. Hackers are no longer the
good guys.
Over the last few years tens of millions of dollars have been lost
worldwide due to the underground. Much of this figure is theoretical
loss, money that was never taken, but is rather the loss of projected
profit. The unfortunate thing is that the public does not differentiate
between these two types of loss. The media says "Teenage hacker steals
$100 000 in phone service" and it is accepted by the masses without
question. And why should they question?
The corporations and the police give the media the information for
their articles. Their motives for this are plain. These institutions do
not benefit from public sympathy for hackers, and they have both realized
the problem, and how to solve it. The media can only print what they are
told. Thus, we have the articles that condemn even 13 year old phreaks
as organized criminals. There is no mention of the morality of
phreaking, or Bell's over-pricing. Just a simple article reporting on a
criminal. Or, even better, as is the the current trend, feature articles
on the underground (which describe all of the anarchy files, but none of
the ethics). The media, the government, the police, the corporations -
All have it in for the scene, and they seem to be winning.
All is not lost, however. The Underground in its inflated size
spans the world, and encompasses many thousands of people. It may
generally be said that members of the hack and phreak communities tend to
be of an intelligent stock. Thus, we find our solution. They give us
bad media, we give ourselves good media. Its easy to do, and it works.
- Letters to the editor of papers explaining the morals behind the
boy they call a crook.
- Calling in to "answering machines" for radio shows.
- Phone-ins on the radio
- Call your local paper and tell them you will give them the inside
scoop on the computer underground, and guide them through, showing
the positive sides.
All of these activities are relatively easy, none are major
projects. However, on a massive scale, they will make a difference. The
difference between the life and death of the computer underground scene -
something none of us want to see in our life times. Police busts become
less frequent when the public disagrees (and you don't want to be busted
now do you?), and certainly hackers are treated better by police officers
who feel they are arresting a "nice kid who just fools around on his
computer too much".
Cops want to arrest crooks; not kids.
Society wants cops to bust crooks; not kids.
Crook is relative to the morals of the masses. You and I can change
these morals, reverse the damage, save our place in Cyberspace. But I
need your help, and you need mine. If we all work together, the
momentum of the movement will be unstoppable.
We will win - but we must care enough to try.
---
She's always miserable.. rather incomprehensable, and makes no
effort whatsoever to be sociable, but at least no one will ever
rob her of her happiness.
---
REVIVAL DISCUSSION, FROM THE READERS
[Echo Of The Damned] Postings
In the future, this column will be used for reader responses to past
issues of REVIVAL. To become involved in this column, apply to any BBS
system worldwide, supporting the Echo of The Damned network, and post in
the 'REVIVAL! Discussion' base.
All CiSSD HQ boards carry Echo of The Damned, and Echo of The Damned
hubs will also be granted to the most deserving applicant in any given
service area, and hubs will be responsible for activity within their own
area code. To apply as an Echo of The Damned hub, call CiSSD WHQ, The
Downtown Militarized Zone. To apply as a node, post to 'The Dope Man' or
your area hub Sysop, from any Echo of The Damned system.
- Termiantor X(Ed)
---
_
CRIME, krim, n. an act punishable by law; such acts
collectively: an offence, sin.
---
ABUSE IN THE HOME AND SCHOOL
Terminator X
It's a crying shame, believe it or not that 20 - 30% of children
are abused in their own homes, and a far larger number are abused in
their schools. I speak not of cuts and bruises, nor broken teeth and
broken bones, but rather, of a much more lasting pain; that of mental
abuse.
The offenders; Parents, teachers, and administrators. The victims;
our future -- the youth of today.
The figure is staggering. It is also very approximate, but before
you dismiss it, consider the following: What outlet does a child who
feels neglected, or maltreated, have in order to relieve the pain and
suffering.. or the feeling of aloneness? Who is it that sets guidelines,
and shows children where to go when they are hurting. When you were
growing up, or if you still are, who did you go to when you had a problem
you couldn't deal with? Your parents, the abusers? Your best freind..
what if you couldn't see your freind, or talk to him/her? How would you
feel? Surpressed?
Sadly enough, childen who are abused usually have a distinct inner
feeling that the abuser is right, and they are wrong. In an interview
with a young abused girl, she said she thought that maybe her
parents would be less abusive if she followed the rules. When asked what
rules she broke, she responded, "Sometimes, I don't clean up my room,"
She said, "I've never been grounded for more than 2 months, although,
even when I'm not officially [grounded], I can't go out, because I'll get
yelled at when I get home.
"My mom hasn't beat me since I was eight." She is sixteen now. Her
father spends most of his time fighting with her mother, which used to
tear her apart. "I'm used to it. Sometimes I just yell randomly in the
middle of an argument, and then laught riotously! It's the best
entertainment I get." She added, "TV has lost its edge. I'm sick of it.
I could do without it."
"Sex is the best. It's the only escape from the constant
screaming.", she said when asked what she does to relax. She has been on
birth control pills since the age of fourteen, and often has intercourse
without the use of latex protection. "I hope I get AIDS and die.", she
chuckled.
Abuse in the school is also from neglect. Since the advent of the
school designed for mass indoctrination (a.k.a. 'public school system'),
administration has become so impersonal that matters of phsycological
difficulty caused by neglect at home, are treated as disceplinary
problems. The victims are treated as 'delinquents'. They are demited, and
eventually become unemployable. Favorite phrases of administrators
include "I don't want to know" and "only you caused this situation."
We should work to have the school problem solved. The board of
education for your area should be encouraged to hire guidance officials
with phsycology experience. Problems of attendance and deteriorating work
habits should always be approached with the idea that mental problems due
to excessive stress in everyday life, or abuse, could be the underlying
reason for substandard acheivement.
Parental expectations need to be lowered to attainable levels. Not
every child has the capability to perform straight 'A's in all of their
subjects. Not every child has the will, and not every child has the
desire.
In Canada, there are laws against mental abuse, but there is no
sufficient platform for enforcement of these laws by the children who are
most hurt by the cruelty of their 'superiors'.
When asked why disceplinary action for attendance and smoking was so
severe at Thornhill Secondary School, a Vice Principal responded "These
kids simply need to follow the rules. If they can't do it, then they
deal with the consequences. It's not my job to oversee how they live at
home.
Who's job is it?
---
FREE CALLS, THIRD BILLING
Terminator X
In the (416) area code, it has become common practise for many
phreaks to third bill telephone calls to illegaly obtained Voice Mail Box
systems. Recently, however, phreaks are noticing it to be increasingly
difficult to third bill to these boxes.. and they can also no longer have
their boxes accept collect calls. The reason for this is DMS number
blocking.
The switch can be programmed to automatically reject third bill and
collect calls placed to a block of numbers. The system administrator for
the company owning the VMB exchange calls up, and has the phone company,
Bell Canada in our case, install a number screen on the VMB exchange.
DMS number blocking has one significant flaw. It is only capable of
placing a screen on number blocks of 1000 or more. If you are aware of
any VMB exchanges containing 900 or less VMB's, not only does the company
not have blocking, but cannot obtain blocking to prevent you from third
billing.
Another interesting footnote regarding third billing in the (416)
area is that Bell Mobility Cellular has opted for the time being not to
block their exchanges.. if you can hack Bell's, then that's the way to
go.. not that I support any of this at all. Seriously! Other than
emergency situations, third billing illegitimately provides nothing but a
shure-fire way to get caught.
Finally, it might be noted that Bell Mobility has experienced
approximately $20000 of similar fraud every month since this flaw was
uncovered.. That only includes that which DOES get caught. Those who
don't get caught are stealthier.. they spread it around.. and any
customer without detailed billing pays the bill without question.. they
really don't know if they used $500 of phone time this month.. how could
they?
- Terminator X
---
FEATURE: ALL SYSTEMS SECURE
Lister - The Dope Man
This month, CiSSD's independant researchers went off to look for
articles and we came up with a concensus on a single topic.. systems
security.
In addition to the other topics this month, we decided to publish a
few of the documents they found in our feature this issue, 'All Systems
Secure'.
Sourced by: Lister
Topic: DDN Security Management Procedures for Host Administrators
: Volume I of II
Length: 74.7KB
Begin ---*
VOLUME I
1. Purpose. This Circular is the first of two volumes
describing security management procedures for the Defense Data
Network (DDN). Volume I provides operational security
guidance for the DDN and describes the Host Administrator's
management responsibilities. It is based on review of
Government and industry documents on the DDN, local area
networks, and computer security. Volume I establishes methods
and procedures for detecting and reporting unauthorized
activity. It describes the resources and tools available to
the Host Administrator for investigating local incidents.
Additionally, it discusses the procedures and tools needed for
reporting network related incidents to the DDN Network
Security Officer (NSO). Volume II prescribes the policy for
enforcing network operational security and describes the
management responsibilities of the DDN Network Security
Officer (NSO). Volume II will receive limited distribution.
2. Applicability. This Circular applies to DCA Headquarters,
DCA field activities, and Government and commercial activities
using or managing the operation of the DDN.
3. Policy. DCA continually strives to improve its resources
for providing a reasonable level of security for the DDN.
These resources include the network access control system and
its audit trial analysis capabilities for detecting
unauthorized and illegal network activities. These detection
and audit capabilities will be used to identify and prosecute
unauthorized individuals who access or attempt to access
databases or system software of host computers connected to
the DDN. In addition, DCA has created the DDN Security
Coordination Center (SCC) to gather information regarding DDN
security problems and to disseminate problem definition,
status, and resolution information under the direction of the
NSO. These resources and tools alone are not sufficient.
Site personnel such as the Host Administrators need to assume
an active role and assure their constituents and the DDN that
they are providing for a reasonable level of protection of the
___________
OPR: DODM
Distribution: B,J,Special
ii DCAC 310-P115-1
network and computing resources under their jurisdiction.
Host Administrators are required to report suspicious
activities to their network manager. Formal investigations of
unauthorized or illegal activities occurring on the DDN must
be coordinated with the DDN Network Security Officer.
Individuals suspected of unauthorized access or use of host
computers over the DDN will be subject to prosecution under
Title 18 of the Federal Criminal Code.
4. Procedures. Chapters 4 and 5 describe the procedures for
performing the security functions of the Host Administrator.
5. Responsibilities. Chapter 1 describes the
responsibilities of the Host Administrator in performing the
security functions.
6. Related_Documents. The following documents are
recommended reference materials to supplement this document.
a. DoD Directive 5200.28, Security_Requirements_for
Automated_Information_Systems_(AISs), dated 21 March 1988.
b. DCAI 630-230-19, Security_Requirements_for_Automated
Information_Systems (draft), dated 18 October 1990.
c. Defense_Data_Network_Subscriber_Guide_to_Security
Services_1986-1992 (includes the DDN Security Classification
Guide at Appendix I).
d. Internet_Site_Security_Policy_Handbook (Internet
Draft). This document can be obtained by contacting the
Network Information Center (NIC), SRI International, 333
Ravenswood Ave., Menlo Park, CA 94025.
e. Computer Security Center (CSC-STD-002-85), Department
of_Defense_Password_Management_Guideline, aka "The Green
Book", dated 12 April 1985.
FOR THE DIRECTOR:
EDWARD J. HENDERSON, JR.
Colonel, USAF
Chief of Staff
DCAC 310-P115-1 iii
CONTENTS
BASIC CIRCULAR Paragraph__Page
Purpose................................. 1 i
Applicability........................... 2 i
Policy.................................. 3 i
Procedures.............................. 4 ii
Responsibilities........................ 5 ii
Related Documents....................... 6 ii
Illustrations........................... v
Glossary of Terms and Definitions....... vii
VOLUME I. DDN SECURITY MANAGEMENT PROCEDURES
FOR HOST ADMINISTRATORS
Chapter Paragraph__Page
1. INTRODUCTION
The DDN Security Resources............ 1 1-1
Responsibilities of the Host
Administrator....................... 2 1-2
Responsibilities of Other Site
Representatives..................... 3 1-2
2. THE DDN SECURITY PROBLEM
General............................... 1 2-1
Attack Points......................... 2 2-1
Categories of Network Abusers......... 3 2-1
Common Penetration Techniques......... 4 2-2
Necessary Precautions................. 5 2-4
3. NETWORK ACCESS SECURITY
General............................... 1 3-1
TAC Access Control System (TACACS).... 2 3-1
4. OPERATIONAL SECURITY MANAGEMENT OF
UNCLASSIFIED NETS
General............................... 1 4-1
Access Vulnerability.................. 2 4-1
Risk Assessment....................... 3 4-2
Security Policies and Procedures...... 4 4-2
Education Program..................... 5 4-5
5. OPERATIONAL SECURITY MANAGEMENT OF
CLASSIFIED NETS
General............................... 1 5-1
Limited Terminal Access Controls...... 2 5-1
Closed Community Characteristics...... 3 5-1
iv DCAC 310-P115-1
Chapter Paragraph__Page
Security Awareness.................... 4 5-1
6. DETECTION OF UNAUTHORIZED HOST ACCESS
General............................... 1 6-1
Detection Training.................... 2 6-1
Logging Events........................ 3 6-1
Peculiar Behavior..................... 4 6-1
Legal Recourse........................ 5 6-2
Prosecution as a Deterrent............ 6 6-2
Incident Reporting by Subscriber...... 7 6-2
Contacts.............................. 8 6-2
What Information To Report............ 9 6-3
Follow-up Information................. 10 6-3
7. TOOLS FOR INVESTIGATING INCIDENTS AT THE
HOST LEVEL
General............................... 1 7-1
Host System Logs...................... 2 7-1
Other Tools........................... 3 7-1
TACACS Reports........................ 4 7-1
8. SUMMARY
Penetration Techniques................ 1 8-1
Other Topics.......................... 2 8-1
DCAC 310-P115-1 v
ILLUSTRATIONS
Table Page
1 Vulnerability Analysis/
Operations Management and
Processing...................... 9-1
2 Vulnerability Analysis/
Communications.................... 9-3
3 Vulnerability Analysis/
Disasters......................... 9-4
4 Vulnerability Analysis/
Personnel......................... 9-5
5 Vulnerability Analysis/
Training.......................... 9-7
6 Vulnerability Analysis/
People Errors and Omissions....... 9-8
7 Tabulation of Vulnerability
Analysis/Self-Assessment
Results.......................... 9-9
vi DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 vii
GLOSSARY OF TERMS AND DEFINITIONS
ADP Automatic Data Processing.
CERT Computer Emergency Response Team.
DCA Defense Communications Agency.
DCS Defense Communications System.
FBI Federal Bureau of Investigation.
HOTLIST A list of all TAC user identifications which have
been stolen, have expired or which otherwise have
been compromised.
IPTO Information Processing Techniques Office.
LAN Local Area Network.
MILNET Military Network.
NAURS Network Auditing and Usage Reporting System.
NIC Network Information Center.
NSO Network Security Officer. Focal point for network
related operational security matters.
OSI Office of Special Investigations.
SCC DDN Security Coordination Center.
TAC Terminal Access Controller. C/30 computer that
connects end user terminals to the network and
provides an interface to the DDN. In this document
it also refers to a miniTAC which serves the same
function as a TAC.
TACACS TAC Access Control System. A system that controls
terminal access to the MILNET.
TACACS
GUEST
CARDS A temporary TACACS card given to a user who does not
have TACACS privileges but temporarily needs them.
A guest TACACS card may also be given to an
authorized new user who has not yet received a UID
or password.
TAC CARD A card authorizing the user TAC Access to the
MILNET.
viii DCAC 310-P115-1
TAC PORT Point where an end user terminal or modem is
connected to the TAC.
TASO Terminal Area Security Officer. Responsible for
enforcing all security requirements implemented by
the NSO for remote terminal areas. Also responsible
for ensuring that all countermeasures required to
protect the remote areas are in place.
UID User Identification.
WIN WWMCCS Intercomputer Network.
WWMCCS Worldwide Military Command and Control System.
DCAC 310-P115-1 1-1
CHAPTER 1. INTRODUCTION
1. The_DDN_Security_Resources. This Circular is intended to
provide Host Administrators a set of security guidelines to
operate on the Defense Data Network (DDN). This Circular will
assist you in maintaining the security of your local host
computer site, as well as the overall DDN. It does not in any
way supersede any current Service Regulations or Procedures
governing the security of ADP facilities not related to the
DDN. This Chapter provides you with a definition of your
security responsibilities as a Host Administrator. You must
have contact with certain offices to fulfill these
responsibilities. The duties of these offices are discussed
here to assist you in understanding their missions.
a. DDN_NSO_(Network_Security_Officer). The DDN NSO is
the single point of contact for dealing with network-related
operational security issues. The DDN NSO also implements
applicable policies included in DCAI 630-230-19, Security
Requirements for Automated Information Systems. The NSO
recommends security policy affecting the DDN and is
responsible for its general enforcement. The NSO also works
closely with Host Administrators to resolve network and
related computer security problems and incidents affecting
their sites.
b. Host_Administrator. A Host Administrator is the
person who has administrative responsibility for the policies,
practices, and concerns of a host, or hosts, connected to the
DDN, including responsibility for that host's DDN users.
Specifically, the Host Administrator is responsible for the
following activities:
(1) Assisting with network management by ensuring
that network policies and procedures are observed by the
users. Locally administering the TAC access control system
(TACACS), ensuring that all of their host users have been
authorized for DDN and TAC access and are registered in the
NIC user registration database (WHOIS/NICNAME).
(2) Locally managing the network access control
procedures and password system. Reporting network-related
host break-ins and assisting with investigations as needed.
c. NSC_(Node_Site_Coordinator). The NSC has physical
control over hardware and software, and coordination
responsibility for the DDN circuits and equipment located at
the DDN node site.
d. NIC_(Network_Information_Center). The NIC registers
all users in the WHOIS/NICNAME database and operates the
Network Auditing and Usage Reporting System (NAURS) computer
system that produces the MILNET TACACS audit and incident
reports. Call (800) 235-3155 for more information.
1-2 DCAC 310-P115-1
e. DDN_SCC_(Security_Coordination_Center). The SCC
gathers information about DDN computer and network security
incidents and works closely with the NSO to disseminate the
information necessary to contain, control, and resolve these
problems mainly through the DDN Security Bulletins. The
hotline number is (800) 235-3155.
f. CERT_(Computer_Emergency_Response_Team). The CERT
gathers and distributes information about Internet security
incidents. They work closely with the NSO and SCC on DDN-
related security problems. The hotline number is (412) 268-
7090.
2. Responsibilities_of_the_Host_Administrator. Host
administrators have the overall responsibility to provide a
reasonable level of protection to host sites from the
possibility of network compromises. They must act as liaisons
with the NSO, SCC, vendors, law enforcement bodies, and other
appropriate agencies to resolve any outstanding security
problems and prevent their future recurrence. They are
responsible for the enforcement of DDN policy at their site.
Because information acquisition and distribution is such a
vital part of the responsibility of the Host Administrator,
the use of electronic mail is a basic tool to support this
function and should be used whenever possible. Not all Host
Administrators have access to this valuable tool, but given
its value, these sites are strongly encouraged to implement
this capability.
3. Responsibilities_of_Other_Site_Representatives. There are
several other levels of responsibilities for the provision of
security for the DDN. At the most basic level, the individual
users should take the necessary precautions to minimize the
chances that their accounts could be compromised. They bear
the primary responsibility for the protection of their
information. If users took this responsibility seriously and
acted accordingly, the majority of computer incidents could
not occur. System managers have the responsibility to
maintain the resources and procedures to establish an
environment for "safe" computing (e.g., implementing
procedures for proper installation and testing of system
software, adequate backups, and reasonable system monitoring).
Vendors have the responsibility to notify their customers of
problems with their software (especially problems which could
compromise system security) and to distribute timely fixes.
DCAC 310-P115-1 2-1
CHAPTER 2. THE DDN SECURITY PROBLEM
1. General.
a. A computer network is a telecommunications system
primarily designed to allow a number of independent devices
(i.e., host computers, workstations, terminals, or
peripherals) to communicate with each other. Essentially, the
DDN is a worldwide collection of computer networks. As the
DDN expands its capabilities and resources, and as more
consitituents gain DDN access, the risk increases to the
overall security of the information and data flowing in the
network. Therefore, a major concern is that security problems
will rise in response to this expansion. Additionally, the
possibility of espionage activity also increases as the
network gets larger.
b. On November 2, 1988, Robert Tappan Morris, Jr.,
drastically changed the attitude of network users and
administrators regarding security network and computer
security problems. He unleashed his infamous Internet Worm
which afflicted over 6,000 MILNET and other Internet hosts.
The incident caused a fair amount of panic because most of the
sites were ill-prepared for such a massive scale of
intrusions. It was fortunate that, due to a miscalculation,
the attack was unrestrained. In its original manifestation,
Morris' Worm might have gone undetected at many sites. The
main lesson to be learned from that incident is that everyone
connected with the use of network and computing facilities
must always take into account the vulnerabilities of network
resources to compromise or attack.
2. Attack_Points. The DDN security problem is defined as the
accidental or intentional disclosure, destruction, or
modification of information flowing or accessed through the
DDN. Potential points of attack include terminal-to-network
interface connections, terminal-to-terminal interface
connections, terminal-to-host interface connections, and
interfaces or circuits themselves.
3. Categories_of_Network_Abusers. Identifying the security
problem or threat is a key element in determining security
risks. Consider the fundamental characteristics of the
threats to your assets before you worry about specific
techniques (to be discussed in the following section). For
example:
a. Unauthorized access by persons or programs which
amounts to the use of any network or computer resource without
prior permission. Such unauthorized access may open the door
to other security threats including the use of your facility
to access other sites on a network.
2-2 DCAC 310-P115-1
b. Disclosure or corruption of information. Depending on
the sensitivity of the information, disclosure without
modification may have more damaging consequences if the event
goes unnoticed.
c. Denial of service which prevents users from performing
their work. In fact, an entire network may be made unusable
by a rogue packet, jamming, or by a disabled network
component. (The Morris Worm contained all of these
characteristics. If you have considered options to address
these general characteristics, you may be well-equipped to
handle variations of historic penetration strategies that may
evolve in the future.)
4. Common_Penetration_Techniques. In evaluating the security
relationships between the security of your host computer and
the DDN, you may wish to consider the following penetration
techniques. These are methods that may be used to penetrate
your computers. Therefore, you must take precaution to
prevent the possible success of these types of attacks.
Several techniques exist to aid in the unauthorized access to
computer system components. These techniques are closely
associated with a system's vulnerabilities. Therefore, their
successful application first requires identifying a system's
vulnerabilities. Through analyzing a systems protection
mechanisms (or lack thereof), how they function, and their
deficiencies, consideration can be given to how such
mechanisms can be circumvented, nullified, or deceived. Many
of these techniques can be categorized by the types of
activity they involve and the system vulnerabilities they
exploit. A particular type of technique may be used to
exploit more than one vulnerability, and a vulnerability may
be exploited by more than one technique. Some techniques
leave signatures (i.e., traces of their utilization), others
do not. Such signatures, their detection, and analysis are
fundamental to threat monitoring and security auditing.
a. Browsing. An individual gains unauthorized access to
a user's files by exploiting the vulnerability of a file
access authorization mechanism in the operating system.
"Browsing" requires knowledge of file names and use of a
program, and it characteristically includes the following
operations:
(1) User's program A references a file not authorized
for such use.
(2) The operating system does not check the activity
and permits access.
(3) Program A gains access to the file, reads it, and
formats it for printout, or deposits it into a local file
under the penetrator's control. Unauthorized system users (if
they know all the file names in a system) can use this
DCAC 310-P115-1 2-3
technique numerous times to browse through all the files
looking for classified or sensitive information. This is not
generally possible, however, when files are protected by
passwords.
b. Masquerading. Gaining unauthorized access to a system
component by assuming the identity of another authorized user
is called "masquerading". Success of this technique stems
from a computer system having no means of establishing a
user's identity other than through symbolic identifiers. The
easiest method of masquerading is to obtain the password and
other identifiers of an authorized user from some report or
document that was carelessly left exposed. This situation is
most likely to occur in installations that support remote
terminals where no option exists to have such identifiers
suppressed by the terminal during the SIGN-ON procedure. Even
when a suppression capability is provided by the terminal that
overtypes any such identifiers before or after their printing,
they can still possibly be discerned. A more sophisticated
technique for gaining access to an authorized user's
identifiers is to wiretap the terminal and intercept the
identifiers when they are transmitted in the clear over
communication lines.
c. Scavenging. This penetration technique exploits the
vulnerability of unerased residual data. Both primary and
secondary storage media used for processing sensitive
information may continue to retain that information after
they have been released for reallocation to another use. The
latter may then "scavenge" the information by reading the
storage media before making any other use of it.
d. Unknown_System-State_Exploitation. This method takes
advantage of certain conditions that occur after a partial or
total system crash. For example, some user files may remain
open without an "end-of-file" indication. The user can then
obtain unauthorized access to other files by reading beyond
that indicator when the system resumes operation.
e. Asynchronous_Interrupt. This technique exploits
system vulnerabilities arising from deficiencies in the
interrupt management facilities of an operating system. If a
processor suspends execution of a protection mechanism to
process an interrupt and is then erroneously returned to a
user program without completing the security check then the
protection has been circumvented.
f. Spoofing. Spoofing exploits the inability of a
system's remote terminal users to verify that at any given
time they are actually communicating with the intended system
rather than some masquerading system. This deception, also
known as a "Mockingbird Attack," can be perpetrated by
intercepting the terminal's communication lines and providing
system-like responses to the user. A variation of spoofing is
2-4 DCAC 310-P115-1
the use of an application program to provide responses similar
to the operating system, so the operator will unknowingly
provide the passwords to an applications program and not to
the operating system.
g. Trojan_Horse. In this technique computer processing
is covertly altered by either modifying existing program
instructions or inserting new instructions. Once this has
been accomplished, whenever the altered processes are used the
perpetrator will automatically benefit from unauthorized
functions performed in addition to the routine output. This
modification is usually done by hiding secret instructions in
either the original source-code or the machine-code version of
a lengthy program. An even harder to detect method would be
to alter the operating and utility system programs so that
they make only temporary changes in the target program as it
is executing. The hardware version of the Trojan Horse
technique is relatively rare. However, the replacement of
valid micro-chips with slightly altered counterfeit chips is
entirely possible and would be very hard to detect. In either
the software or hardware Trojan Horse method, only someone
with access to a program or the computer system could become a
perpetrator.
h. Clandestine_Machine_Code_Change. This technique is
closely related to the Trojan Horse technique. This method
allows system programmers to insert code into the system that
creates trapdoors. At specific times based on certain
combinations, these trapdoors can be activated by a user from
the user's program. Individuals who initially design the
system, contract maintenance personnel who fix the system, or
people who are able to gain access to the supervisory state
also have this opportunity. The technique could be as simple
as users stealing job card information on work that has
already gone through the system. They then resubmit this
information to the system on their own job card along with
another program. This particular job may have dealt with
sensitive data and therefore a security violation would have
occurred.
5. Necessary_Precautions. The aforementioned techniques are
only a few ways that unauthorized access or usage of your host
computer system may be obtained. You must enforce proper
access control on remote terminals to prevent unauthorized
personnel from abusing unattended terminals used for input or
data modification. You must also emphasize the physical
protection of the terminal and the administration and control
of password access and use. Terminal users must be instructed
on the importance of protecting their user identification
(UID)/password.
DCAC 310-P115-1 3-1
CHAPTER 3. NETWORK ACCESS SECURITY
1. General. Access control is the primary method of
providing protection from unauthorized access into the DDN.
There are two basic kinds of access control systems -- those
that detect intrusion and those that stop an intruder from
gaining access to the network. Both intrusion detection and
network access control are functions of the TAC Access Control
System (TACACS) which monitors terminal network access. The
security of both the network and connected hosts is greatly
enhanced if the Host Administrator can provide local security
systems which can complement the TACACS. Possibilities
include installing security systems which limit physical
access to terminals connected to their hosts. Another weak
link in the security chain is dial-up access and host-to-host
connections (not under TACACS control). There is a great need
to establish some manner of access control with auditing
capabilities to cover these situations.
2. TAC_Access_Control_System_(TACACS). This section on
TACACS is provided to inform you of the tracking capability
that exists if your computer terminal is connected to a
Terminal Access Controller (TAC). The information obtained by
the TACACS will be quite useful in enforcing proper access
control for those users entering the MILNET through TACs.
TACACS uses a login procedure to control access to MILNET.
When a MILNET user attempts to open a connection to a host,
the TAC prompts for the user's TAC user ID and access code.
TACACS is automatically monitored; a variety of reports are
available for use by the NSO.
a. User_Registration. DCA's Data Network Operations
Division establishes policy for the MILNET and administers the
MILNET TAC access and control system through the Network
Information Center (NIC). TACs are used on MILNET to provide
controlled network access to most locations. The Host
Administrator is responsible for registering all users of
their hosts who have network access and who have been
authorized for MILNET TAC access through MILNET TACS. All of
those users must be registered and given TAC access cards by
the NIC. The access cards are valid for one year at which
time the TAC User must request a renewal from the Host
Administrator. If a password is compromised, the UID/password
can be invalidated (hotlisted).
b. Guest_Accounts. A limited number of temporary guest
cards are available for distribution by each Host
Administrator on MILNET. These cards have a limited lifetime
and are not for permanent use. They are for users without
TACACS privileges who temporarily need network access, or for
new users at startup time before they receive their own UID
and password.
3-2 DCAC 310-P115-1
c. WHOIS/NICNAME_Database. Every request to authorize a
new TAC user or renew an existing TAC user must come from a
MILNET Host Administrator. Information about authorized users
is kept in the WHOIS/NICNAME database on a host at the NIC.
Host Administrators can request information on authorized TAC
users that are changed or deleted from the database. The
WHOIS/NICNAME database can be accessed by anyone on the MILNET
but can be changed only by operators at the NIC.
DCAC 310-P115-1 4-1
CHAPTER 4. OPERATIONAL SECURITY MANAGEMENT OF
UNCLASSIFIED NETS
1. General.
a. This Chapter provides operational guidance on security
management of an unclassified network. Chapter 5 provides
guidance for operating on a classified net. The potential
exists for authorized and unauthorized users to conduct
illegal activities on shared communications networks such as
the DDN. Network abusers fall into three categories:
(1) A person sponsored and authorized on the DDN who
engages in an unauthorized activity.
(2) A person accessing the network illegally.
(3) A person with access to a host system who need
not log-in through a TAC and engages in unauthorized activity.
b. While your individual databases may be unclassified,
compiling large amounts of unclassified data may result in the
creation of sensitive information. [SENSITIVE UNCLASSIFIED
INFORMATION is defined as any information the loss, misuse, or
unauthorized access to, or modification of which adversely
might affect U.S. national interest, the conduct of DoD
programs, or the privacy of DoD personnel (e.g., FOIA exempt
information and information whose distribution is limited by
DoD Directive 5230.24.)] Network security can only be as
effective as what the local Host Administrator/ADP system
security officer does to enforce strict access control
procedures. Network security is a principle responsibility of
Host Administrators.
c. You may wish to investigate additional authentication
systems to protect local computing assets (i.e., systems such
as smart cards or Kerberos, developed at MIT. This is a
collection of software used in a network to establish a user's
claimed identity and to control access to a large number of
interconnected workstations).
2. Access_Vulnerability. Connection to the DDN will require
a reevaluation of the risk assessment concerning threat and
vulnerability of your host locations. Users accessing these
hosts should be told what level of data security will be
provided. For example, do maintenance contracts exist with
the system software vendors to fix defects that might
otherwise compromise the resources? You should consider what
is the level of sensitivity of data that users should store on
your systems. It would be unwise for users to store very
sensitive information on a vulnerable system whether the
information was classified or not. It is also very important
that your site does not seem to encourage penetration attempts
through the use of a welcome banner as part of the login
4-2 DCAC 310-P115-1
request response of the host. The courts have given great
leeway to intruder defendants who claimed that they were
encouraged to browse by the banner. Additionally, your login
challenge should not include information about the operating
system. It helps a would-be abuser determine which
penetration techniques would probably be most effective.
3. Risk_Assessment. Risk assessment is a requirement of DCAI
630-230-19. A checklist providing guidelines for reevaluating
the threat and vulnerability that results from connecting to
the DDN has been included (see Tables 1-6, Vulnerability
Analysis).
4. Security_Policies_and_Procedures. This section covers
many diverse aspects such as physical security and data
security, authorizations, education, and training.
a. Physical_Security. Physical security includes the
facilities that house computers as well as remote computer
terminals. Within security parameters established by the Host
Administrator, work areas must be restricted with physical
barriers, appropriate placement and storage of equipment and
supplies, and universal wearing of identification badges, as
applicable.
b. Authorization. Another crucial factor that must be
considered in devising a security program is user
authorization. Only people with a "need to know" and with a
realization of proper precautions can be given access to
sensitive or proprietary information or to ADP facilities.
The use of passwords and terminal access restrictions can
provide extra security for highly sensitive information.
Passwords can be used to reduce accidental or non-accidental
modification by authorized personnel by restricting access to
their respective database files.
c. Data_Security. Although it is not foolproof, the best
known identification/authentication scheme is the use of
passwords. The Host Administrator must assure that passwords
are kept secret by their users. The Host Administrator must
also assure that passwords are long enough to thwart
exhaustive attack by changing them often and by adequately
protecting password files. (In the case of MILNET TAC Users,
the TACACS generates passwords with the proper attributes.
The users are not given the option to create their own TAC
passwords.) When creating passwords, the following
restrictions should be observed. Failure to do so will result
in passwords that could be found in a database dictionary, or
otherwise easily discovered.
(1) Don't use words that can be found in a
dictionary.
DCAC 310-P115-1 4-3
(2) Don't use traceable personal data.
(3) Don't allow users to create their own passwords.
(4) Change passwords frequently.
(5) Keep passwords private.
d. One-Time_Passwords. [The following is excerpted from
CSC-STD-002-85.] One-time passwords (i.e., those that are
changed after each use) are useful when the password is not
adequately protected from compromise during login (e.g., the
communication line is suspected of being tapped). The
difficult part of using one-time passwords is in the
distribution of new passwords. If a one-time password is
changed often because of frequent use, the distribution of new
one-time passwords becomes a significant point of
vulnerability. There are products on the market that generate
such passwords through a cryptographic protocol between the
destination host and a hand-held device the user can carry.
e. Failed_Login_Attempt_Limits. [The following is
excerpted from CSC-STD-002-85.] In some instances, it may be
desirable to count the number of unsuccessful login attempts
for each user ID, and base password expiration and user
locking on the actual number of failed attempts. (Changing a
password would reset the count for that user ID to zero.)
f. Monitoring_Terminal_Use. The Host Administrator
should also have some method of monitoring terminal use. A
log-in sheet is convenient to provide an audit trail if the
host has no automated access control and audit capability.
This record should contain such information as login and
logout times, purpose, project being worked on, project
classification, and anything else deemed necessary by you as
the Host Administrator. Additionally, the classification
level at which the terminal may be used should be prominently
displayed at the terminal location. You will need to work
closely with the system manager to assure that host activities
are monitored as well. This information will be extremely
valuable in conjunction with TAC connections and will be the
primary information for incidents where access originated from
an external host and no network audit data is available.
g. Terminal_Usage. You must also ensure that proper
procedures are enforced when using computer terminals. The 4-
following points should be considered:
(1) Automated login procedures that include the use
of stored passwords should not be allowed.
(2) Terminals logged onto the DDN network or to the
host computer should not be left unattended.
4-4 DCAC 310-P115-1
(3) Some form of access control for dial-up telephone
connections, such as dial-back procedures, should be used.
[Note: Dial-back is not acceptable on lines that may be
subject to Call Forwarding.]
(4) Unclassified sensitive information in printed
form or in terminal display should be revealed on a "need to
know" basis only.
(5) Proper disposal of printed information (i.e.,
tearing, shredding, or otherwise obliterating such material)
is mandatory.
(6) Securing of terminals and access lines during
non-business hours.
(7) Securing of software programs and stored data
during non-business hours.
(8) Recording of equipment, custodians, serial
numbers, and equipment locations to aid in identifying lost or
stolen equipment.
h. Electronic_Mail. Any electronic mail host
administrator should have written procedures for users to
follow in the event that any mail in the host is determined to
be classified. The Host Administrator must be notified
immediately to purge any backup files containing the
classified mail, retrieve it from addresses and mail boxes,
and remove it from the active data base. Such an event is an
administrative security violation that must be reported to the
offender's organization security officer immediately.
i. Internal_Controls. Even the most sophisticated access
control system is ineffective if an organization has weak
internal controls. Case studies of commercial firms often
describe abuses made by employees who have resigned from a
company, but still have active user IDs and passwords. It is
just as important for Military or DoD organizations to remove
network access, as well as local host computer access, from
anyone being transferred, retired, or otherwise leaving the
organization. Changing (all of) the password(s) associated
with a user's account(s) should be part of the local exit
procedures. Every Host Administrator should have written
procedures for retiring e-mail accounts. Consideration should
also be given to establishing a procedure to reevaluate an
individual's requirement to access the network when the person
is transferred within the organization. It is the Host
Administrator's responsibility to enact the following:
(1) Procedures to remove individuals' access to the
DDN upon that individual's departure.
DCAC 310-P115-1 4-5
(2) If sponsoring a non-DOD organization's access to
the DDN, procedures must be established to require a written
agreement that the non-DOD organization will have an
individual's access to the DDN removed upon that individual's
departure.
j. Encryption. Another method of securing data is
encryption, a powerful method of protecting information
transmitted between the host computer and remote terminals.
It limits access to information stored in the computer's data
base. An individual user not possessing the proper encryption
key has little chance of gaining usable information from a
computer protected in this manner.
5. Education_Program. Security training is a key element of
a security program. Evaluating the risks within a DDN
environment and implementing an active DDN security program
requires properly trained personnel. An effective training
program will provide both formal and informal instruction.
Depending on the size and complexity of the ADP environment
and the level of data being processed, the instruction will
range from security awareness education for top-level
management, to highly technical security training for DDN
operations personnel. (See DCAI 630-230-19).
a. General_Information. Users of the host system should
be provided with information regarding their computing and
network environment and their responsibilities within that
setting. Users should be made aware of the security problems
associated with access to the systems via local and wide-area
networks. They should be told how to properly manage their
account and workstation. This includes explaining how to
protect files stored on the system, and how to log out or lock
the terminal/workstation. Policy on passwords must be
emphasized. An especially important point that must be
emphasized is that passwords are not to be shared.
b. Specific_Topics. The below listed training areas must
be taught at the appropriate administrative, management, and
staff levels. You must also implement testing plans to assure
that personnel will know their responsibilities in emergency
situations. Drills should be scheduled periodically to
determine that the emergency procedures are adequate for the
threat to be countered. The Host Administrator's security
training program should include specifics in the following
areas as applicable:
(1) General security awareness.
(2) User security.
(3) Security administration.
(4) Transition control and computer abuse.
4-6 DCAC 310-P115-1
(5) Software security.
(6) Telecommunications security.
(7) Terminal/device security.
(8) System design security.
(9) Hardware security.
(10) Physical security.
(11) Personnel security.
(12) Audit.
(13) Data security.
(14) Risk assessment.
(15) Contingency/backup planning.
(16) Disaster recovery.
(17) Security accreditation.
(18) Security test and evaluation (ST&E).
(19) DDN security and contractor interface.
(20) Common penetration techniques.
DCAC 310-P115-1 5-1
CHAPTER 5. OPERATIONAL SECURITY MANAGEMENT OF
CLASSIFIED NETS
1. General. Unauthorized user activities obviously pose a
greater threat to the classified nets. Since the classified
communications nets are closed communities, classified hosts
must maintain their own access control and audit system to
detect and analyze problems. For specific details concerning
security in the WIN Communications System (DSNET 1), refer to
JCS Pub 6-03.7, Security_Policy_for_the_WWMCCS_Intercomputer
Network (Unclas), dated April 88. For specific details
concerning security in the Sensitive Compartmented Information
Network (DSNET 3), refer to the following documents: DIAM 50-
3, Physical_Security_Standards_for_SCI_Facilities (FOUO); DIAM
50-4, Security_of_Compartmented_Computer_Operations (C), dated
June 80; and DCID 1/16, Security_Policy_for_Uniform_Protection
of_Intelligence_Processed_in_Automated_Information_Systems_and
Networks (S), dated July 88.
2. Limited_Terminal_Access_Controls. Terminal access
controllers, when used on the classified subnetworks, are
currently limited to controlling access into the network. The
TACs do not collect and forward audit information of network
activity to a central location for analysis, usage data
collection, and processing as is done on the unclassified
networks. The TAC Access Control System (TACACS), necessary
for dial-in access, has not been implemented on the classified
networks because there is no dial-in access. In the WIN
Communications System, for example, TACs are not used; network
access is controlled by the interconnected hosts. The WWMCCS
Intercomputer Network (WIN) hosts also collect audit data of
user activity at each host location.
3. Closed_Community_Characteristics. Most, if not all, of
the guidance given in Chapter 4 is incorporated in creating a
"closed" community. A major difference in access control of
classified networks is that no dial-up access is allowed.
Also, personnel having access to a facility will have, as a
minimum, a system high clearance level for their site. There
are multiple classification levels at some locations. The
Host Administrator must take special precautions to ensure
that the classification of passwords and the access authority
of operating personnel are at or above the classification
level of the operation being performed.
4. Security_Awareness. Because of the nature of classified
systems and the greater threat that security infractions can
cause, it is incumbent that the host administrator assure that
there exists sufficient exposure to security awareness and
training. The listed training areas must be taught at the
appropriate administrative, management, and staff levels. You
must also implement testing plans to assure that personnel
will know their responsibilities in emergency situations.
The Host Administrator's security training program must
5-2 DCAC 310-P115-1
include specifics in the following areas:
(1) General security awareness.
(2) User security.
(3) Security administration.
(4) Transition control and computer abuse.
(5) Software security.
(6) Telecommunication security.
(7) Terminal/device security.
(8) System design security.
(9) Hardware security.
(10) Physical security.
(11) Personnel security.
(12) Audit.
(13) Data security.
(14) Risk assessment.
(15) Contingency/backup planning.
(16) Disaster recovery.
(17) Security accreditation.
(18) Security test and evaluation (ST&E).
(19) DDN security and contractor interface.
(20) Most common penetration techniques.
DCAC 310-P115-1 6-1
CHAPTER 6. DETECTION OF UNAUTHORIZED HOST ACCESS
1. General. Because you, as the Host Administrator, are
responsible for the security of the host computer, early
detection of potential abuse will serve to prohibit losses.
Effective monitoring will also deter potential perpetrators
from attempting to experiment with illegal schemes if the
probability of detection is high. The following points
provide guidance for the types of events you should look for
to detect unauthorized activity:
a. Unexplained use of disk space.
b. Unknown files listed in the directory.
c. Repeated failed attempts to access the host.
d. Unusual log-in times.
e. A file being accessed by someone who has no
authorization to be in that file.
f. Excessive time (hours) on line or a pattern of
unusually short access times (less than one minute).
2. Detection_Training. Detection of unauthorized activities
at host locations is a responsibility shared by all personnel
within the work place. The Host Administrator, however, may
find it necessary to educate personnel on this point and
delegate responsibilities. Apart from the measures taken to
manage the security environment, Host Administrators must act
with diligence regarding technical or quasi-technical areas
affecting security. For example, their responsibilities might
include enforced cycling of password changes,
compartmentalizing proprietary information away from the
generally accessible system and limiting its accessibility to
those with a bona fide "need-to-know," monitoring access logs
and maintaining audit trails to facilitate detection of
unusual activity, and using security systems and services
offered by their network systems and service providers.
3. Logging_Events. Illegal attempts to gain access into
sensitive areas (i.e., trespassing or guessing at passwords in
order to sign on or access files from remote terminals) should
be logged and reviewed regularly. One effective detection of
unauthorized activities is to display the last log-on time and
date on the screen after the user has successfully logged onto
the system. Statistics of access violations should be
collected with regard to details of the particular terminals
being abused and the files being accessed. The results should
be reviewed by the NSO.
4. Peculiar_Behavior. If not typical of or appropriate for
your organization, beware of unsupervised work especially if a
6-2 DCAC 310-P115-1
person regularly volunteers for overtime work and is allowed
to stay on the premises unsupervised. Have two-man control
procedures for sensitive information work. In addition, be
advised that many computer crimes occur during holiday
periods, or during times when host computers are experiencing
low traffic. Pay particular attention to peculiar activities
during these periods.
5. Legal_Recourse. Public Law 98-473, known as the
"Counterfeit Access Device and Computer Fraud and Abuse Act of
1984" added Section 1030 to Title 18 United States Code on
October 12, 1984. It was the first federal computer crime law
that criminalized unauthorized access to classified national
security information or information in certain financial
records. Additionally, it criminalized certain unauthorized
accesses to computers operated on behalf of the Government.
6. Prosecution_as_a_Deterrent. When there is adequate
evidence collected for conviction, the perpetrator should
always be prosecuted. This action would serve as a serious
warning to others contemplating making similar attempts and
can be extremely effective as a deterrent. However, as recent
world events have revealed, this really doesn't deter abuse
adequately. Therefore, you must assure proper protection of
your computer systems.
7. Incident_Reporting_by_Subscriber. The flow of security
incident reporting should be from the end user to the Host
Administrator, or other appropriate individual who determines
if the problem is local or network related. If the problem is
network related, the problem should be referred to the
appropriate Network Manager/Security Officer. The Network
Manager/Security Officer would contact the DDN NSO, if
appropriate, for assistance in obtaining audit trail data from
the NIC for MILNET. Depending on the seriousness of the
incident, the DDN NSO would assure that the appropriate
investigating agency was involved, and support requests for
information for formal investigations.
8. Contacts. To correspond with the DDN NSO, use any one of
the following methods of contact:
a. Via network mail to: SCC@NIC.DDN.MIL or
DCA-MMC@DCA-EMS.DCA.MIL
b. Via U.S. mail to: HQ Defense Communications Agency,
Code: DODM, Attn: DDN-NSO, Washington, DC 20305-2000
c. Via commercial phone to: (800) 451-7413, or
(800) 235-3155 for the SCC
d. Via DSN/AUTOVON to: 312-222-2714/5726
e. Via AUTODIN to: DCA WASHINGTON DC//DODM//
DCAC 310-P115-1 6-3
f. Classified correspondence must be forwarded via
AUTODIN or U.S. mail using procedures appropriate for its
classification level.
9. What_Information_To_Report. Your incident reports must
include certain minimal information to enable the DDN NSO to
take action. The DDN NSO requires a brief, unclassified
description of the incident and the name, telephone number,
and organization of the person reporting the incident. If the
incident's occurrence is classified, the report and any
classified discussions between the DDN NSO and officials at
the affected organization must take place using secure modes
of communication. The following is the minimum information
necessary for an incident report:
a. Date of report (Day-Month-Year, e.g., 01 Jan 87)
b. Date and time period of incident(s) (Zulu time)
c. Personal data of person reporting the incident:
(1) Name
(2) Telephone number
(3) Organization
d. Network involved (e.g., MILNET, DSNET 1, 2, or 3)
e. Did unauthorized access come from the DDN, if known?
(If not, refer reporting person to his/her Host
Administrator).
f. Presumed classification of incident (i.e.,
Unclassified, Confidential, Secret, Top Secret, Top
Secret/Sensitive Compartmented Information. [Note: Contact
the DDN NSO should you have any questions concerning the level
of classification of a particular incident.]
g. Brief description of incident (Unclassified).
10. Follow-up_Information. Follow-up contact with Host
Administrators might be required to obtain more detailed
information that may not have been initially available. The
DDN NSO would try to determine the following factors:
a. Where the activity was initiated (i.e., at another
host or specific TAC)
b. What routines the intruder ran on the host system
c. What files the intruder accessed on the host system
6-4 DCAC 310-P115-1
d. What user identification log-in was used. For
example, was there a password? Was the password the same as
the log-in? Was the account password protected? Did the user
change the password initially provided? Security incidents
that are discovered to be a local problem will be investigated
at the Host Administrator level.
DCAC 310-P115-1 7-1
CHAPTER 7. TOOLS FOR INVESTIGATING INCIDENTS
AT THE HOST LEVEL
1. General. This Chapter will help you, the Host
Administrator, with investigations of security incidents that
are determined to be a local problem. The tools available for
investigating network incidents are products of audit trail
data collected in the TAC Access and Control System for the
unclassified networks and in the audit data collection systems
of the individual hosts (if they exist) in both the classified
and unclassified networks. The network traffic data collected
by the network utilities at the community of interest
monitoring centers is useful for network control and design
purposes, but its use for network security investigative
purposes is limited.
2. Host_System_Logs. The host system can provide a wealth of
information that can complement the network data. Most
operating systems automatically store numerous bits of
information in log files. Examination of these log files on a
regular basis is often the first line of defense in detecting
unauthorized use of the system. Lists of currently logged in
users and past login histories can be compared. Most users
typically log in and out at roughly the same time each day.
An account logged in outside the "normal" time for the account
may be in use by an intruder. System logging facilities, such
as the UNIX "syslog" utility, should be checked for unusual
error messages from system software. For example, a large
number of failed login attempts in a short period of time may
indicate someone trying to guess passwords. Operating system
commands which list currently executing processes can be used
to detect users running programs they are not authorized to
use, as well as to detect unauthorized programs which have
been started by a cracker.
3. Other_Tools. The tools available for conducting an
incident investigation on unclassified nets consist of the
TACACS reports, provided to the DDN NSO, and the Host audit
and log book, if used. Additionally, personnel may be
interviewed to provide necessary insight. The tools available
for conducting an investigation on classified nets include the
Host audit, system logs, physical log book, and personnel as
well. Additionally, the UID/password and the specific
terminal will provide further useful information. No TACACS
reports are available for the classified nets.
4. TACACS_Reports. TACACS incident reports are reviewed by
the DDN NSO for unauthorized network activity. Other TACACS
reports are available to the DDN NSO to help investigate
illegal or unauthorized network activity. You as the Host
administrator can request investigative assistance from the
DDN NSO to obtain TACACS audit data for MILNET. Assistance
may also be requested by the Host Administrator to involve an
investigating agency (e.g., FBI, OSI, NIS, MI, etc.).
7-2 DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 8-1
CHAPTER 8. SUMMARY
1. Penetration_Techniques. This document has provided you,
as Host Administrators, guidelines for securing your host
computer locations. Security problems arise and espionage
activity may increase as access to computers increases.
Therefore, you must apply these instructions because you are
ultimately responsible for the security of the DDN. This
instruction has covered common penetration techniques you must
guard against.
2. Other_Topics. The major items this document emphasizes
are the following:
a. Proper access control procedures
b. Reevaluation of the risk assessment of your host site
c. Security education training
d. Detection of unauthorized or suspected unauthorized
access
e. Incident reporting
f. Tools for local incident investigation
g. Assistance from the DDN NSO for network incident
investigations
8-2 DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 9-1
TABLE 1: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Operations Management and Processing**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Has a systems security officer | |
been appointed? | |
-------------------------------------------------------------
Have procedures been developed | |
defining who can access the | |
computer facility, and how and | |
when that access can occur? | |
-------------------------------------------------------------
Have procedures been established | |
to provide physical protection of | |
local and remote terminal access | |
equipment? | |
-------------------------------------------------------------
Have procedures been established | |
to provide physical protection of | |
host computers?
-------------------------------------------------------------
Is someone designated as a terminal | |
area security officer? | |
-------------------------------------------------------------
Have procedures been established to | |
positively identify transactions | |
occurring to and from remote | |
locations? | |
-------------------------------------------------------------
Have security procedures been | |
established for the microcomputers | |
which will communicate with the DDN? | |
-------------------------------------------------------------
Have procedures been established | |
for providing physical security over | |
these microcomputers and the data | |
processed by them? | |
-------------------------------------------------------------
Have procedures been established | |
to protect data within the custody | |
of the microcomputer user? | |
-------------------------------------------------------------
Have alternate means of processing | |
been established in the event either | |
the individual or the personal | |
computer is lost? | |
-------------------------------------------------------------
9-2 DCAC 310-P115-1
TABLE 1: VULNERABILITY ANALYSIS (con't)
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Is the security over the micro- | |
computer environment regularly | |
reviewed? | |
-------------------------------------------------------------
Have the vendor installed pass- | |
words been changed? | |
-------------------------------------------------------------
Does someone verify that all current | |
passwords are different from a list | |
of commonly used or vendor installed | |
passwords? | |
-------------------------------------------------------------
DCAC 310-P115-1 9-3
TABLE 2: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Communications**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Is sensitive information transmitted | |
over common carrier lines protected | |
(e.g., through cryptography)? | |
-------------------------------------------------------------
Can data being transmitted or | |
processed be reconstructed in | |
the event either main processing | |
or remote processing loses integrity?| |
-------------------------------------------------------------
Are processing actions restricted | |
based on the point of origin or the | |
individual making the request? | |
-------------------------------------------------------------
Have procedures been established | |
for providing host connection | |
access control over remote terminals | |
and on-site terminals? | |
-------------------------------------------------------------
Is a log maintained of accesses | |
to computer resources? | |
-------------------------------------------------------------
Do non-employees have access to | |
communications facilities (except | |
where the system specifically is | |
designed for those non-employees)? | |
-------------------------------------------------------------
9-4 DCAC 310-P115-1
TABLE 3: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Disasters**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Have the types of potential | |
disasters been identified? | |
-------------------------------------------------------------
Has equipment been provided to | |
deal with minor disasters, such | |
as fire and water damage? | |
-------------------------------------------------------------
Have alternate processing | |
arrangements been made in the | |
event of a disaster? | |
-------------------------------------------------------------
Have procedures been established | |
to provide back-up equipment or | |
automatic data processing (ADP) | |
processing capabilities in event of | |
loss of primary ADP resources? | |
-------------------------------------------------------------
Have simulated disasters been | |
conducted to ensure that disaster | |
procedures work? | |
-------------------------------------------------------------
Are critical programs and data | |
retained in off-site storage | |
locations? | |
-------------------------------------------------------------
Have users been heavily involved | |
in developing disaster plans for | |
applications that affect their areas?| |
-------------------------------------------------------------
DCAC 310-P115-1 9-5
TABLE 4: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Personnel**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are formal reports required for | |
each reported instance of computer | |
penetration? | |
-------------------------------------------------------------
Are records maintained on the most | |
common methods of computer | |
penetration? | |
-------------------------------------------------------------
Are records maintained on damage | |
caused to computer equipment and | |
facilities? | |
-------------------------------------------------------------
Is one individual held accountable | |
for each data processing resource? | |
-------------------------------------------------------------
Does management understand threats | |
posed by host connection to DDN? | |
-------------------------------------------------------------
Is management evaluated on its | |
ability to maintain a secure computer| |
facility? | |
-------------------------------------------------------------
Are the activities of any non- | |
employees in the computer center | |
monitored? Is an escort policy | |
enforced? | |
-------------------------------------------------------------
Are contractor personnel subject to | |
the same security procedures as other| |
non-employees? | |
-------------------------------------------------------------
Are procedures installed to restrict | |
personnel without a "need to know"? | |
-------------------------------------------------------------
Have procedures been established | |
to limit the damage, corruption, or | |
destruction of data base information?| |
-------------------------------------------------------------
Has a security incident report form | |
been created? | |
-------------------------------------------------------------
9-6 DCAC 310-P115-1
TABLE 5: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Training**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are employees instructed on how to | |
deal with inquiries and requests | |
originating from individuals without | |
a "need to know"? | |
-------------------------------------------------------------
Has an adequate training program | |
been devised to ensure that employees| |
are aware of the requirements to pro-| |
tect their equipment from unauthor- | |
ized use or unauthorized purposes? | |
-------------------------------------------------------------
Have personnel been advised on | |
penalties of the Federal Computer | |
Crime Law for unauthorized access to | |
Government ADP systems? | |
-------------------------------------------------------------
DCAC 310-P115-1 9-7
TABLE 6: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**People Errors and Omissions**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are errors made by the computer | |
department categorized by type | |
and frequency, such as programming | |
errors? | |
-------------------------------------------------------------
Are records maintained on the | |
frequency and type of errors | |
incurred by users of data | |
processing systems? | |
-------------------------------------------------------------
Are users provided a summary of | |
the frequency and types of user- | |
caused errors identified by the | |
application system? | |
-------------------------------------------------------------
Are the losses associated with | |
data processing errors quantified? | |
-------------------------------------------------------------
Are records maintained on the | |
frequency and type of problems | |
occurring in operating systems? | |
-------------------------------------------------------------
Are abnormal program terminations | |
on computer software summarized | |
by type and frequency so that | |
appropriate action can be taken? | |
-------------------------------------------------------------
Are personnel trained to recognize | |
attempts to access their system by | |
common penetration techniques? | |
-------------------------------------------------------------
9-8 DCAC 310-P115-1
TABLE 7: TABULATION OF VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Self-Assessment Results**
---------------------------
HOW TO IDENTIFY VULNERABILITIES
-------------------------------------------------------------
| # of | Rank for |
Component | "No's" | Action | Comments
-------------------------------------------------------------
Operations Management | | |
and Processing | | |
-------------------------------------------------------------
| | |
Communications | | |
-------------------------------------------------------------
| | |
Disasters | | |
-------------------------------------------------------------
| | |
Personnel | | |
-------------------------------------------------------------
| | |
Training | | |
-------------------------------------------------------------
People Errors and | | |
Omissions | | |
-------------------------------------------------------------
*--- End
Sourced by: The Dope Man
Topic: Canadian Telecom Safety Checklist
Length: 2.1KB
Begin ---*
SAFETY CHECKLIST (CANADIAN TELECOM Feb 93)
Ultimately, human factors are the weakest link in any protection plan.
Some of these protection steps will cost money and cause inconvenience to
your users, but the only way to eliminate CPE-based toll fraud is to
manage equipment you control.
Your telecommunications equipment can be protected against virtually all
toll fraud if you follow this checklist. You should consult your vendor
to obtain detailed (in writing, if there are liability concerns) about
your equipment.
1. Deny unauthorized access to long-distance trunking
facilities through your voice-mail systems.
- block activation/assign passwords.
2. Secure Direct Inward System Access (DISA) numbers.
- do not publish DISA numbers.
- use long authorization codes.
3. Foil "Dumpster divers".
- shred CDR records.
- switch printouts and other documentation.
4. Change codes frequently.
- delete former employee codes.
5. Secure authorization codes.
- use many digits.
- do not share among employees.
- treat like credit card numbers.
6. Block DISA in all equipment.
- at least restrict nights, weekends,
holidays (prime times for fraud).
7. Monitor call records.
- look for suspicious calling patterns.
- automate exception reporting.
8. Restrict international calls.
- block or selectively allow for certain
country and area codes.
9. Restrict call forward.
- do not permit forwarding to long-distance
or trunking facilities.
10. Secure access codes and passwords.
- discourage employees from having them
in plain view.
- warn of "shoulder surfing".
11. Secure your equipment rooms.
- know who has access to them.
- do not use for janitorial storage.
12. Deactivate ports access.
- block access to remote maintenance ports.
13. Keep telephone numbers private.
- do not discuss number plan outside of company.
- destroy old internal phone books.
*--- End
---
"I saw no man use you at his pleasure. If I had, my weapon
should quickly have been out, I warrant you. I dare draw as
soon as another man, if I see occasion in a good quarrel, and
the law on my side" - William Shakespeare, Romeo & Juliet
---
NEWS BYTES (and usually bites too)
The Dope Man - Lister - Terminator X - Ibex
Special thanks this month go out to Ibex, whose only forms of
communcation with us have been limited to US Post, and messages back and
fourth on a voice mail system. We unfortunately won't be able to publish
your submission this issue, due to time constraints. Sorry.
Sourced by: Lister
Topic: Phone fraud bill $100 million
Length: 3.3KB
Begin ---*
Bell bans overseas card calls from pay booths
By Dana Flavelle/Toronto Star - Toronto, Ontario
Long-distance telephone fraud is an estimated $100 million headache
for Canadian telephone companies and some of their biggest customers --
and it's growing, says a telecommunications industry expert.
"It's become a huge issue in the last year or so in Canada," said
Ian Angus, a consultant who's writing a book on the subject.
At least some long-distance fraud is committed by computer hackers
who gain access to major corporate telephone networks and start ringing
up big bills, he said.
But most of it is "low-tech" credit card and telephone calling card
fraud, Angus said in a telephone interview following yesterday's
announcement by Bell Canada that it will no longer accept overseas card
calls from pay phones.
"We didn't want to do this," Bell spokesperson Una MacNeil said in
an interview. "We know it's an inconvenience. But it's a significant
enough problem that we have to put a plug in it until we work out a
longer-term solution."
In the past two months, one in five overseas calls made from pay
telephones has been fraudulent, she said. Bell is not revealing the cost
of the fraud for "security" reasons, she said.
Effective yesterday, a customer who tries to use a credit card or
telephone calling card to make an overseas call from a pay phone will be
given the following options by an operator:
[] Go to a non-pay phone to place a card call;
[] Have the call billed to a third party, provided there's someone
avaliable to accept the charges;
[] Make a collect call, except in cases where no collect call
agreement exists between Canada and the coutry being called; or
[] Pay cash.
In addition, Bell has stopped accepting cash calls from certain
kinds of pay phone to five overseas contries: China, Pakistan,
Bangladesh, Macao and Hong Kong.
Situated mainly in airports and major hotels, these are the kind of
pay phones that simply "read" the magnetic strip on the back of the
credit or calling card, and will also accept cash calls.
For reasons Bell officials wouldn't explain, phony cash calls can be
placed from these kinds of telephones to these specific countries.
"We don't like to talk a lot about this issue because we don't want
to give people ideas," MacNeil said.
Credit cards and calling cards can still be used to make pay phone
calls within North America, where fraud hasn't been a big problem, Bell
said.
Most of the fraud is being committed by organized theives, who get
hold of calling card numbers by watching people use their cards in busy
public places like airports, said Angus.
Then, they set up shop around public pay phones using those numbers
to make calls for customers who are charged about $5, he said.
Police in Montreal busted one racket operating in a subway station
earlier this year, he said.
A task force of Bell and Northern Telecom engineers is trying to
devise electronic ways of thwarting such frauds and, better still,
detecting people in the act.
MacNeil was confident full overseas service will eventually be
restored, but couldn't predict when.
"It is a large problem and we have a lot of people working on it."
she said.
*--- End
Sourced by: Terminator X
Topic: Bell anxious to compete in cable, other markets
Length: 2.9KB
Begin ---*
By Kevin Dougherty/Financial Post - Montreal, Quebec
Bell Canada wants to be able to deliver cable television or any
other value-added telecommunications sercice to the homes or offices of
its telephone customers, the utility's president said yesterday.
"The telephone companies must be allowed to fully compete in all
communications markets for the benefit of all Canadians," Robert Kearney
said at a Canadian Club luncheon. "Bell Canada should be able to carry
anything, independant of technology, for any customer anywhere."
While Bell Canada wants the Canadian Radio - television and
Telecommunications Commision to consider it a common carrier, it also
wants "other access carriers, like cable companies" to be designated
common carriers as well.
Kearney said Bell Canada agrees that basic telephone service should
continue to be regulated, paying tribute to the Canadian "social agenda"
that has allowed a 98% penetration rate for telephone service in Canada.
But he said all other services should be deregulated.
The regulatory commission will have to untangle what is competitive
and what is not competitive, he added. The commission began hearings on
broadcasting last week and plans further consultations later this year on
telecommunications.
Kearney said Bell Canada is not prepared to offer its definitions
yet.
But he said that five years from now -- if the issue has not been
resolved -- the cable companies and telecommunications carriers won't be
fighting over technologically irrelevant barriers.
They will be fighting for their survival.
"Everybody should be a common carrier," he told reporters.
More immediately, Bell Canada is pressing the CRTC to grant a rate
increase, hiking charges for local calls for the first time since 1983.
Bell Canada is allowed a rate of return in the 12.5%-to-13.5% band,
he noted, but this year, the return will fall to 10.75% and in 1994 it
will be below 10%.
Resellers, who buy space on Bell Canada wholesale and sell services
at a discount, accounted for 7% of the telecommunications market last
year, not the 2% the CRTC had predicted, he said.
This year, resellers and Unitel Communications Inc., which offers a
competing long-distance service to Bell Canada's will together hold a 15%
market share.
Reflecting Bell Canada's declining revenue, New York bond rating
service Standard & Poor's has lowered the rating on its debt. Kearney
speculated it could take another downgrading before Bell Canada is
allowed an improved rate of return.
He said U.S. telephone companies cross-subsidize local telephone
service 2cents-3cents a minute, while 17cents a minute of Bell Canada's
long-distance revenue, or about $2 billion a year goes to subsidize local
service.
"The subsidy keeps our local rates low, but is an incredible drain
on our competitiveness."
*--- End
Sourced by: Termiantor X
Topic: $200M plea in TV battle
Length: 1.0KB
Begin ---*
Broadcasteres demand cable firms pay for carrying programs
By Richard Siklos/Financial Post - Hull, Quebec
Canada's private broadcasters yesterday appealed to federal
regulators for permission to start charging cable operators up to $200
million a year to carry their signals.
The fee-for-carriage plan put forth by the Canadian Association of
Broadcasters is perhaps the most radical proposal before the four-week
Canadian Radio-television and Telecommunications Commission hearing into
the structure of Canadian television.
From the broadcasters' perspective, it is no longer equitable for
cable to distribute local over-the-air television signals without paying
for permission to do so.
"It's an issue of fairness," CAB chairman Douglas Holtby told the
hearing. "The taking of our signals by cable is fundamentally contrary to
basic Canadian values."
CAB is seeking between 35cents and 80cents a month per local signal
from cable. Its case is supported by an angus reid group Inc. study
showing that most subscribers either believe a portion of the $1.6
billion consumers spend on cable already goes to private TV, or don't
know where the money goes.
Despite the advent of cable only specialty services such as CNN and
The Sports Network, local private broadcasters, such as those owned by
WIC Western International Communications Ltd., CanWest Global
Communications Corp. and Baton Broadcasting Inc., accounted for 52% of
cable viewing in 1992. And it is not fair, the broadcasters argue, that
they shoulder the burden of producing the bulk of Canadian programming
required by regulators.
The broadcasters' plan has met with stiff opposition from cable
operators, who maintain TV owes its success to cable. Maclean Hunter
Cable TV last week said private TV's aregument that it cannot live on
advertising revenues alone is a result of takeovers and the industry's
profligate spending on U.S. programming, which increased from $142
million in 1985 to $248 million in 1991.
The CAB has similarly rejected cable's counter-offer to create a
fund of up to $100 million a year over five years for independant
producers. CAB president Michael McCabe said the cable fund would be an
administrative nightmare that doesn't address the issue of broadcasters'
signals.
McCabe said the broadcast system would be better served by cable
fees, from which at least 33% and as much as 100% would go to
programming. "I'm not impressed by your fears," CRTC charman Keith Spicer
told McCabe, noting independent producers have expressed reservations
about the plan.
The CAB is hoping fee-for-carriage regulations recently instituted
by the U.S. Federal Communications Commission will buoy its case.
However, their cable opponents privately predict the plan is doomed on a
range of fronts.
*--- End
---
Imagine, if it were 1984:
doubleplusungoodthink revivals refs unconcepts.rewrite fullwise
upsub antefiling. make unoldthink and uncrimethink. unrisk
joycamp. revival absolutewise ungood. - Miniluv
---
ERRATUM
I'm not much of an editor, and I don't care.. but there were a few
offensive errors in the last issue.. here are the corresponding
apologies..
IBEX might have been offended that i reffered to him as IDIX
throughout the North America realease of the last issue.. I never did
like global edit(I jest of course). Sorry.
CHAIN was not given proper credit for his dictating of articles last
issue. Thanks for your ongoing contributions which are ongoing(!!)hint,
hint!
As well, there were numerous typos and other stupid errors... too
numerous to mention here.. I will leave those up to you, the reader, to
discover.
- Terminator X
---
If you can't find the solution, maybe you're answering the
wrong question!
---
CiSSD MEMBERSHIP INFORMATION
With a large resurganse in CiSSD activities, we have decided to
begin accepting some members through an application process. Our commune
is not yet large enough to accept the masses without rebellion, but is
open enough to accept those with ideas similar to our own, and open
minded enough to publish comment from those who are opposed to us. Please
write to richfair@eastern.com , and I will publish your comments, and
respond to 'letters to the editor.'
If you are seriously interested in becoming a CiSSD member, you can
download the CiSSD application from any CiSSD Headquarters BBS, and
upload the completed form, or send the completed form E-Mail to
richfair@eastern.com .
In addition to members, CiSSD will honour those who have special
achievements, members, or non members alike. If you know someone you
believe to deserve CiSSD recognition, please write to the same
address(richfair@eastern.com), or leave a message on our voice mail.
---
The Downtown Militarized Zone BBS
(416) 450 7087 Sysop - The Dope Man
[CiSSD] WHQ
The Revolutionary Front BBS
(416) 936 6663 Sysop - Lister
[CiSSD]/HELL/cDc
CiSSD Voice Mail Canada
(416) 417 0214 Users - Terminator X - The Dope Man - Lister
CiSSD Fax Line - Projected for April 18 1993
CiSSD Voice Mail BBS - Projected for July 1 1993 (Canada Day)
---
LAST WORDS FROM THE EDITOR
Terminator X
It's 2:12AM. I should be heading over to Dope's place tommorow.
Sometimes I think his house is a big black hole.. except it's not that
big, and it's rather colourful, but that' s besides the point. It's a
black hole in the sense that while physical objects, and the thought
process remain intact, the ability to be productive is sucked away into
no-where!
The only thing we can consistently produce is a couple of large
pizza's, and a day of joy and happiness.. but then, isn't that what I go
over there for? Certainly, I don't go for the Brampton 'chicks'.. and
there's no way in hell I go for the big beatiful Brampton Downtown.. I
think I go to have fun and pal around with a real freind. If you don't
have one, I suggest you pick one up.
They make great birthday gifts..
CREDITS
The Dope Man Repeat contributor, and CiSSD President. May no-one
CiSSD ever provoke him to think twice, because having him
think once was painful enough for the rest of us!
This is a man with many a creative idea.
Lister Interpersonal relations, Repeat contributor, not to
CiSSD mention system hacker extrordinaire. One might(and
would) attribute his hacking ability to his
independance and persistance.
Dictator Dedicated to provoking a political turnaround, this
CiSSD one has a style and approach all to his own. When
reminded that he wasn't being paid for his efforts,
he informed me that he was. What was I thinking!
Ibex With somewhat of a different thinking approach than
CiSSD the rest of us, he manages to provoke us into
questioning our own views. It's an inspiration, and a
southern accent all in one.
Hypnotech Back on the scene, after a little break from the
CiSSD hustle and bustle of a group lifestyle, he's jumped
right into the mag to add his bricks to our
group foundation. You will see contributions from
him next issue. Good luck in the future.
Terminator X Editor. And a lousy one at that. Enjoys music, and
CiSSD releasing magazines months after their projected
release date. Out for now, Ed.
-------------------------------------------------------------------------
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY (C) 1993/94
-------------------------------------------------------------------------