💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › MODERNZ › modern05.phk captured on 2022-06-12 at 13:28:14.
View Raw
More Information
-=-=-=-=-=-=-
- ****************************************************************
// USING AND ABUSING C.B.I. //
92' UPDATE!
by
the GHOST
of the
Panther Modernz
(C)Nov. 26, 1990
Mar. 09, 1992
- ****************************************************************
PART 1: Introduction
The purpose of this file is to make the CBI credit referral
service accessible to the novice user, and to facilitate account
hacking for the more experienced hacker. I will attempt to
explain the basics of CBI, simple commands, and the two methods
for achieving new accounts. Sysops and fellow hackers are most
welcome to copy and distribute this file, so long as ALL CREDITS
REMAIN INTACT AND UNALTERED. And I mean that, peons.
PART 2: What the hell IS CBI?
CBI is a credit referral service, similar to TRW (though
somewhat inferior). Basically, with the advent of large-scale
credit use for high-end purchases, a need arose for a service
from which various businesses, banks, lending agents etc. could
quickly and easily get a complete credit history on a potential
customer. Thus, these establishments can have at their beck and
call your entire credit history: all your credit cards, their
limits, any mortgages you have and their current status, as well
as various other tidbits such as loans, car repossession, defaulted
extensions of credit, and the like. Big Brother is watching. Some
peoples credit files are quite extensive, while others are
surprisingly incomplete. This, I suppose, reflects the ammount of
credit usage the individual in question has employed. To make
these credit referral services quickly and easily accessible,
these companies have been kind enough to place all their records
in an online database which can be called and referenced by a
legitimate account-holder via modem. Fortunately for us, the
hacker community, this wonderful database can also be called and
accessed illegally. THAT is where the fun begins.
PART 3: Okay, how do I get on?
To make the lives of the various legal users of their system
easier, CBI has established numerous access points to their
database. At the time of the writing of this file, I have the
following dialups for CBI. They are:
1-713-591-8100 Houston, Texas
1-804-466-1619 Norfolk, Virginia
1-305-467-3601 Orlando, Florida
1-612-341-0023 Minneapolis, Minnesota
1-916-635-3935 Sacramento, California
1-800-777-5474 800-INWATS
Also, the voiceline for CBI's 'Equifax Credit Information
Services' is 1-201-842-7500. Call it and social engineer yourself
a dialup or six. Once you're ready to call, TAKE PRECAUTIONS.
NEVER call a CBI dialup directly, or just through a code.
ESPECIALLY if you're trying to hack out an account. Rather, use
an outdial, or better yet, use several outdials. Make it HARD for
them to track you down. AT THE VERY LEAST, use a diverter. I
usually use a single outdial, which seems to be safe enough for
simply accessing the system while still maintaining a decent
communication speed. As I said, for hacking, a more 'layered'
approach is advisable. Okay, so now you've dialed the number from
your cheesy outdial. The system connects. But, nothing appears on
your screen. CBI does not recognize the standard 'carriage
return' generated by your 'return' key. Rather, CBI accepts
[cntrl-s] (^s) as a return. So, to awaken the system, hit cntrl-s
(you may need to follow this with a return sometimes). Wait a few
seconds and you'll see:
(LA)PLEASE SIGN-ON:
The system has no echo, so you may want to call with half
duplex for some visual re-assurance. You now enter your account.
Accounts appear in two formats:
613bb2114-c2 OR 613bb2114-c2,az,p.
The system will accept either one (ie, the 'az,p.' is not
necessary). After you finish typing in the account, hit [cntrl-s]
again. There will be a few seconds brief wait, and if the account
you entered is valid, the system will say:
W5B3 - PROCEED
Blammo. You're in.
PART 4: How to pull files
Once you're in, there are 2 commands that you need to know to
pull peoples files. The files in the CBI database are referenced
by either name and address or social security number. If you know
either of these for your prospective target, you're in business.
First, the easy one. To pull a persons credit file with their SS
number, enter this command:
id-sss-###-##-####.[cntrl-s]
Where #'s are the digits of the SS #. Do not forget the
period at the end of the command, it IS necessary. Also, remember
to enter the command with control-s, NOT return.
Next, the more useful method of pulling a file. Enter the
following:
nm-first,last.ca-house#,streetname,streettype,town,state,zipcode.
[cntrl-s]
As for the name, you MUST have the full last name, but you
only need to enter the first initial or a partial name. For the
address, spelling the streetname and town correctly are
important. Also, the zipcode is NOT NECESSARY. You can just put
the period after the state and hit ^s. Streettype refers to blvd,
st, rd, ln, ct...etc, you get the idea...you can either spell it
out or use the common abbreviation. For towns or streets with 2
words, ie 'Seaside Heights' enter it exactly as is, for example:
nm-lamer,joe.ca-666,python,ln,seaside heights,nj.^s
PART 5: What's this weird number shit?
When you successfully pull a file, you'll see something like
this:
- WAD,DICK SINCE 08/24/85 FAD 07/09/90 FN-300
72B,WOMBAT,BV,SHROOM,SD,01010,TAPE RPTD 07/85
223,DERF,DR,TRIPSVILLE,TX,43524,TAPE RPTD 09/87
BDS-09/14/58,SSS-121-32-1234
01 ES-,DERFLINK INC,HOSEHEAD,CA
02 EF-,SELF EMPLOYED,SHROOM,SD
03 E2-,ADMIN,BEVCO ELECTR.,NJ
So what the hell does this shit mean? Well, obviously, it
begins with the person's name. 'SINCE' refers to the first time
Equifax generated a file on this person, while FAD is the last
time the file was updated. Next is listed the person's places of
residence, both present and past. (RPTD is the last date that
they were still listed as being at that address). The 'BDS-' line
contains the person's birthdate and social security number, and
sometimes their age as well. The following '01 ES' type lines
concern the person's employers, again both present and past, with
addresses for them.
Next, you'll see the following:
- SUM-08/85-07/90,PR/OI-NO,FB-NO,ACCTS:3,HC$0-25000,2-ONES,1-FOUR.
- INQS-OCEAN NATL 444bb952 11/23/90
Okay, this is a little more complex. The SUM indicates the
period during which this person has had credit of any kind. I do
not know what PR/OI and FB indicate. ACCTS: is the number of
entries on the list about to follow, ie, the amount of credit
extensions this person has ever had. HC$ is the span on the
values of these credit extensions. That is, he has been extended
as much as $25,000 at one time. The 'ONES, FOURS, FIVES, NINES,
ZEROS' etc indicate the TYPE of credit accounts the person has. I
am still in the process of deciphering what each one means, but I
have concluded that a 'ONE' is an account in good standing. INQS
is self explanatory. Listed are all the firms which have recently
pulled this person's file, and the date they did so.
Next comes the good part:
- FIRM/ID CODE RPTD OPND H/C TRM BAL P/D CS MR ECOA ACC
SEARS *906DC20 08/90 07/85 0 523 R4 01 J XXXXX
CITIBK-MC *906BB40 08/90 11/88 5000 1234 R1 34 S XXXXX
GMAC *906FA34 07/90 10/87 25K 10Y 10K I1 17 A XXXXX
END OF REPORT CBI AND AFFILIATES - 11/26/90
Okay, broken down, this shit means:
FIRM/ID CODE: The creditor and its CBI account code. RPTD: Last
time that entry was updated, either due to purchase or change in
credit extension. OPND: Date the account was first opened. H/C:
Ammount of credit. In the case of actual credit cards, this is
the card limit. TRM: Length of time the credit is extended for,
in weeks. If followed by a 'M', it is in months, and if followed
by a 'Y' it is in years. BAL: Ammount still owed on the card as
of the last update. P/D, CS, MR, ECOA: beats the shit outta me!!!
ACCOUNT NUMBER: Self-explanatory. VISAS begin with a 4,
MASTERCARDS begin with a 5, DISCOVER with a 6, etc. If you are
uncertain as to whether an account is a card or not, run it thru
your friendly credit checker to check. Note that sometimes, the
credit card account number is cropped...that is, some of the
digits are missing. These are useless (unless, of course, you're
adept at social engineering). Remember that a valid
credit card MUST have 16 digits. Many entries will have helpful
explanatory footnotes like: CLOSED ACCOUNT, CARD STOLEN OR LOST,
REDEEMED REPOSESSION, REAL ESTATE MORTGAGE, AUTO LOAN, ACCOUNT
CLOSED BY CONSUMER. Also, sometimes the report will contain a
small section on legal proceedings for the person in
question...like medical suits, bankrupcy proceedings, etc.
PART 7: Safe use/abuse of CBI
Okay, so you have an account and you know how to use it,
right? So, what next? Well, firstly, you'd better cover your ass.
As I said earlier, be sure to call CBI through some sort of
number-diverting system. To preserve the life of your account and
protect your ass, you should also take the following precautions.
First, try to call CBI dialups only during normal business hours
LOCAL TO THE DIALUP (based on whatever time zone it's in). That
is, Monday-Friday from 9:00am to 6:00pm, if at all possible. Try
NOT to call AT ALL after 12:00 midnight, as this is extremely
suspicious. Second, never pull files sequentially from your
phone book (more on this later). Skip around as far as last names
go. Thirdly, don't be greedy...don't pull 100 files per call.
Stick to 10-20, no more that 30. Try not to keep any printouts of
files you pull...the feds will grin with glee when they find these
lying around. Also, NEVER make hardcopies of files and hand them
out to friends. I know a poor sap that got busted hard for that
one. Lastly, don't bother pulling the file of the President. We
already tried pulling ole' George's file, but all we got was his
social security # and a message stating that that file was 'not
available'.
PART 8: Who do I pull?
It's essential that you never waste time on CBI, as accounts
are valuable and not to be trifled away. So, don't spend all your
time pulling your friends files or your neighbor's. Go for the
BIG BUCKS. Get out your local phone book and run through it
looking for names with 'attorney', 'MD', 'DDS' and such after
them. Then pull THOSE files. Also, its not a good idea to only
pull files from your local area...so...run down to your local
library. All libraries have phone directories for major cities
nationwide. (Don't bother with the Manhattan guide, as few of
those addresses are residential ones, all offices and such).
Again, try to pull the files of affluent folks (assuming you
intend to use the results for such juvenile pursuits as credit
fraud). When you take an address from a phone book, always try to
make sure it isn't an office address. Many directories will list
both office and 'res' ie residential numbers and addresses. You
must have the person's BILLING address to pull his/her file.
There are various other ways to get peoples names and addresses,
so be creative and have fun.
PART 9: Getting an account
This is the REAL hard part. Most people simply trade away
their hard-earned info for a CBI account. Frankly, the fact that
few people know how to get new ones is the reason why there are
so few in circulation. SO, its time for all you hacks to start
getting them YOURSELVES. How, you may ask? There are two ways. The
most commonly used way is to social-engineer them. Flip thru your
local phone book and find a small car dealership. Call them up.
Pretend you are a CBI or Equifax employee. Again, be creative. If
you sound like a 14yr old, or if you can't lie to save your ass,
don't try this. You'll only fuck things up for the rest of us.
Design your own scams. Be convincing. Leave them a number to call
you back at...a loop, or a BBS #, or better yet, find a number
thats always busy. Or, if you have one, set up a VMB to issue a
greeting as the office of the person who you are impersonating.
Better still, if you have an account on a CBX and know how to use
it, go crazy. I spoke to a colleague who used TRW's ROLM for this
purpose with superb results. In short, be devious. After all,
you're a hacker! Method two is a bit more tough. All CBI accounts
that I've ever run into so far take on a simple format, presented
above. Now, you'll notice that the beginning of an account
(613bb2114) looks remarkably like the IDNUMBER presented in the
files you pull (ie 906dc29). The reason for this is that they are
ONE IN THE SAME. Yes, thats right, CBI is nice enough to give you
an extensive listing of partial accounts for all of its
subscribers. All accounts take on this format:
[3 DIGITS][2 LETTERS][2-5 DIGITS][a dash][2CHARACTERS, EITHER
NUMBER OR LETTER]
Quaint, yes? Now, since the company codes provide parts one
thru three, all you need to figure out is the 2-character code
after the dash. In all cases I've seen so far, this has been a
letter followed by a number, but I am not certain that this is
ALWAYS the case. I have also noticed some other useful tidbits
about the account format. The two letters in the middle of the
account often indicate the TYPE of credit it is. For example,
dc(department store chargecard), fm(finance, mortgage),
fa(finance, auto), and bb(bank-backed credit, usually a Visa or
Mastercard). Lastly, a grey area which I intend to explore
further...operator codes. Remember the ',az,p.' at the end of
some accounts? These are the operator codes. They do not NEED to
be entered with the account to pull files, but they CAN be used
to gain different (ie better) access to the Equifax database. I
do know that by altering the last letter (z is the default if no
operator code is entered) you will be fed different kinds of
credit reports, though I have not had the chance to explore this
in detail. Presumably, you could insert any letter in this spot
to get different information. I have been told that ',v.'
generates the best results but have not yet ascertained this.
Note though that to access this function, you must have the first
part of the operator code (ie, the 'pt' in ',pt,z.'). I would assume
each account requires it's specific operator code to access these
extended reports, but I have not been able to prove this, as
accounts with valid operator codes are few and far between.
Needless to say, if the first half of the operator code is
incorrect, you will not be able to login. If anyone has further
information, or even speculation on this matter, please contact
me at the systems listed below.
And, in short: HACK AWAY.
PART 10: Company Codes
COMPANY CODE COMPANY CODE COMPANY CODE
A & S 426dc33 ALLSTATE 465ig14 AMERIFEDRL 444bb7072
AMEX 906on259 AMEX 906on267 AMEXOPTIMA 906bb5130
AM EXPRESS 458on2792 BANCAMER-V 906bb206 BENF BNCHG 444fp289
BEN SMITH 882an137 BERKLY MTG 444fs1399 BK OF MDSN 843bb342
BK OF NY 404bb539 BLOMNGDALE 404dc21 BNY DE GLD 496on747
BNY DE STD 496bb82 BONWIT TEL 404cg94 BRADLEE'S 426dc1577
C & S 401bb4880 C & S COMM 872bb213 CARTSVBKFA 444fs1381
CHASE EDUC 728bb1042 CHASE(USA) 905bb587 CHASE VISA 496on598
CHASE VISA 426bb756 CHEM BK,DE 426bb3859 CHEM BK,NJ 444bb3469
CHEM BK,NJ 444bb3626 CHEM BK,NJ 444bb5605 CHRYS 1ST 444fp2137
CHRYSLER 906fa26 CITIBANK 906bb115 CITIBK-MC 906bb40
CITICORP 906fm6418 CITICORPSA 447fs844 CITI PRVS 906bb289
CNB USA 496on291 COMMERCE 901bb5101 COMMONWELT 906fm6335
CORESTATES 496on218 CORESTATES 458on3022 CRESENT 402re30375
CRSI-CHARM 426cg544 CS NATNL 872bb31 CS OTC 872bb205
CTL JER MC 444bb143 CTL JER SI 444bb6173 CTY FD MTG 444fm11838
DE TR 458on3014 DISCOVER 155on44 DISCOVR CD 905on1497
EFX-SML042 444zb361 EQUIBANK 496on648 FFB NEWJER 444bb5654
FIDELITY NA 496bb587 FIELD BROS 906cg2913 FJNB/SO MC 444bb5704
FLEET FUND 416fm2092 FNB TRV IL 444bb465 FNB TRV MC 444bb5282
FNB TRV OD 444bb5308 FNB TRV VS 444bb5290 GE CAPITAL 404ff262
GE CAPITAL 906ff278 GE CAPITAL 906ff260 GECAP-TOPS 404ff1039
GECAP-CALD 404ff825 GECC 906ff252 GIMBELS 426dc561
GLENDALE 181fs320 GMAC 444fa483 GMAC 906fa34
GOTTSHALKS 163dc2280 GRDN ST OC 444bb2719 HBNA VISA 163bb17526
HMDEPOT 404hz141 HUGHES CHV 444an1082 IAR EQUITA 444zb00577
JC PENNEY 906dc185 JC PENNEY 906dc193 JC PENNEY 444dc10639
LITTMANS 444ja591 LORD & TAY 906dc151 MACYS 444dc49
MARINE MID 405bb280 MBNA AMER 801on119 MBNA AMER 801bb2942
MELLON BK 496bb74 MERIDN MTG 496fm271 MH/MC 426bb2380
MHT/MC 426bb541 MH/VISA 426bb1895 MH/VISA 426bb2406
MIDLTIC IL 444bb804 MIDLTIC OD 444bb3253 MNB/N IL 444bb9466
MOBIL OIL 906oc99 MONGRM-USA 404bb3483 NATL STATE 444bb1315
NATWST MTG 444fm12285 NCNB 805bb2492 NEIMAN-M 906dc656
NISSAN MTR 444fa848 NJNB 444bb6173 NJNB 444bb1869
NWB 444yc1311 NWB 444bb6363 NWB 444bb6496
NWB 444bb564 NWB 444bb3436 OCEAN NATL 444bb952
PNB IL 891bb186 PRIMERICA 496on44 RICE&HLMAN 444an2452
ROOTS 444cs315 SEARS 906dc29 SEARS 444dc510
SEARS 905dc3081 SEC PAC BK 180bb19097 SHOP CHARG 444cg377
SLMA-LSCP 496fz45 SNAPPER 404tz19 SNSONE TOY 444an4177
SPIEGELS 906dm10 STEINBACH 403dc1426 STERNS 496dc319
STRAWBRIDG 496dc20 STRD ROOF 444ki54 SUN RF MKT 606oc10587
SVGSBK SOC 414bb917 TOYOTA MTR 906fa67 TYOTA MOTR 444fa814
UCT RIKEL 444bb5035 UJB MC GLD 444bb9466 UJB-MID ST 444bb978
UJB/SO IL 444bb2248 UJB VISA 444bb1182 UJB 444on200
UNIVRSL BK 444on358 UNIVRSL BK 444on341 WCI-HUFKOO 404hf375
YEGEN ASSO 444an449 1 VALLY BK 496fs380 1ST CARD 404bb182
1ST CARD 155on85 1STDEPOSIT 163bb19418 1ST JER CR 444zb668
1ST OMNI 801on1182 1ST STATE 444bb2958 ?????????? 444bb1331
?????????? 465zb134
PART 11: THE END
Well, thats all for now. With this info, you neophytes should
be quite capable of using those CBI accounts you've been
gleefully trading for so long. And, with luck, a few more of you
will start hacking out accounts. If any one has other CBI
dialups, or just other company codes for a possible 'UPDATE
PHILE'...'CBI=The Revenge', please send them to me. I can be
contacted via feedback at:
TANSTAAFL (908)830-8265 Sysop:Tal Meta
THE MATRIX (908)905-6691 Sysop:Digital-Demon
And anywhere else on the nets that I might happen to be haunting
at any given time...IRC, Lutzifer, etc.
Feel free to contact me if you have any questions about the
info presented in this file. Finally, a few brief greets and
thanks to: Midnite, So76, The Gatsby, Scooter, Ground Zero,
Parmaster, Tal Meta, Digital-Demon, and particularly to Sir Hairy
Leech, who got me on to CBI in the first place.
Also, to Renegade Legion (if you saps still exist)...I don't
appreciate having my work on this file re-hashed by your inept
crew. You could have at least done something original, eh? And,
to my other detractors from the first version of this work: Piss
off, eh? Most of you didn't know what the hell you were talking
about to begin with. Incedentally, NONE of the information in
this file was gathered from ones written by other hacks, as so
many of you suggested...my reason for writing it in the first
place was that I'd never even seen a file on the subject. All
info herein is gleaned from first-hand experience and
speculation. The errors in the first version have been corrected,
and the horrendous formatting fixed.
Oh, one other thing. The information presented in this phile
is for informational purposes only, to shed a glimmer of light on
the inner workings of the arcane electronic world, and the
beautifully Orwellian world of the credit pigs. In no way does
this file condone or encourage credit fraud, illegal system
access, or any other crimes. Equally, the author disclaims ALL
RESPONSIBILITY for any misuse of the information presented above,
or any crimes committed thereby.
But that never stopped ya before, now did it? Muahahahahah!
HACKERS OF THE WORLD, UNITE!
YOU HAVE NOTHING TO LOSE BUT YOUR CIVIL LIBERTIES.
"That which does not kill us, makes us stronger."
---Neitzsche
�