💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › COTNO › cotno06.phk captured on 2022-06-12 at 10:41:33.
-=-=-=-=-=-=-
______ ______ _____________ ____ ___ ______
/ ____|\ / \ /____ ____/\ / | \ / / | / \
/ / ____\| / __ |\ \_/ /\____\/ / | / / / / __ |\
/ / / / /__/ / | / / / / /| |/ / / / /__/ / |
/ /__/______ | / / / / / / / | / / | / /
|____________|\ |\_____ / / /__ / / /___/ / |___/ / |\_____ / /
|_____________\| \|____| / \__\ / |___ |/ |___|/ \|____| /
____
/ \ ---
/ \ \ __
/ /\ \ \ \
_/______|_/ / / / \
| | / / / /
| ---\( |/ / / /
| \|\(/ \(/\(/
| |
/ /
/ \ /
/ \ ___/
/
/
/
Communications of The New Order
Issue #6
Fall 1995
"There is nothing more difficult to take in and, more perilous
to conduct, or more uncertain in its success, than to take the
lead in a new order of things."
- Niccolo Machiavelli'
Cavalier........"I hacked codes to get warez for free drugs."
Dead Kat........"I have non-hacker friends but fuck if I keep in
contact with them, they don't have k0d3z."
Disorder........"US West knew we were getting their stuff, they
just didn't know we were on the deferred payment
plan."
Edison.........."I said fuck you cop.. well I wish I had said that."
Major..........."SUNOS... the swiss cheese of unix."
Voyager........."I don't think money is as powerful as fear, but
I have a day job."
Special Thanks: Gatsby, Mark Tabas, The Doktor, Presence,
Demonika, Rage (303), Invalid Media, Deathstar, KevinTX,
Intrepid Traveler, Plexor, yLe, Drunkfux, Damien Thorne,
Brownstone, Storm Bringer, Neophyte, Ole Buzzard, AntiChrist,
Redboxchilipepper, El Jefe, Jupiter, Captain Hemp.
Good Luck: Mark Tabas, Gatsby, Kevin Crow, Dispater, St. Elmo,
Zibby, Dr. Delam, Phantom Phreaker, Purple Condom, Manson,
BernieS, Kevin Mitnick, Alphabits.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
__/\iNTRo/\__
CoTNo is a 'zine of the computer underground of the 1990's. It is written
for H4Qu3r's and pHR3aCK3r's of intermediate to beginning experience. All
the information published herein is as accurate as possible and pertains to
techniques and devices that actually work. We do not publish any article
that is not of an H/P nature. If you wish to comment on or contribute to
CoTNo, email one of us, or catch one of us on the iRC or try to catch
us in your local Telco dumpster.
Ahem...
This issue is dedicated to all of our good friends who have recently been
busted. In fact, the last three issues are dedicated to them, since there
have been more people busted in the last twelve months then at any time since
Sundevil. In issue four I espoused my opinion that there was a federal
conspiracy at work with paid informants masquerading as our friends. Last
issue I gave detailed information on one of our own busted members, John
Falcon. In this issue there will be information you can use to help keep
yourself out of jail.
In this issue, Disorder has compiled detailed information on the busts of
lasts twelve months. Each bust that we heard of is detailed with names and
events. Hindsight is always clearer than foresight, so hopefully you can
learn from these busts how to avoid a similar fate. Also in this issue, I
am releasing confidential information on how cellular fraud is prevented.
The information is straight from a national cellular carrier and details
exactly how the telcos detect, trace, and bust cellular abuse. This
information should convince you to take the utmost precautions if you are
experimenting with cellular technology. Lastly, John Falcon sent me an
article on what to do if you do get busted. I think this is the first H/P
article ever written from jail!
The following information was an actual article from Cellular One that was
distributed to some of their employees. This article was not edited in
anyway, and contains the best information I have ever seen on how cellular
fraud is prevented. If you are participating in cellular phreaking, I
recommend that you read this article very closely and take it as a warning
from the Cellular Telephone industry. They are getting serious about halting
cellular fraud, and for good reason. In New York for instance, often
there are more fraudulent cellular calls than legitimate ones on any given
day! The Fedz are on their side too. As you may already know, the Fedz ran
an underground BBS for 8 months this year just to catch Cellular Fraudsters.
In fact, Kevin Mitnick was recently busted using the same methods described
in the following article.
The article, dated February 1995, follows:
A team of five Cellular One employees helped stop cellular fraud in Denver
last week. To protect both our employees and future investigations,
Cellular One team members names will not be released.
California officials tracked a suspect from the Los Angeles area using a
cloned cellular phone to Denver early last week and asked Cellular One for
assistance in locating this suspect. With the cloned cellular phone number
and a number the suspect repeatedly called in California, the five Cellular
One employees and both local and California law enforcement agents began
tracking the whereabouts of the suspect through the pattern of his cellular
phone calls.
Using AMA searches, RFCALL Trace, directional antennas, an IFR 1500, an
RSAT Plus, and hours of labor, the Cellular One team identified the suspect's
calling patterns. An AMA search is a record of an individual cellular
phone number's calls. The cellular number is input along with the
parameters for the search - start and finish date and time - and a log is
printed which shows each individual call made by that cellular number.
This tool is used generally within three days of the calls which you wish
to observe. AMA searches were compiled over several days to document the
calling patterns of the suspect.
While the AMA searches show the past calling pattern, when attempting to
capture a cellular fraud suspect, real time tools must also be used. The
Cellular One team used RFCALL Trace which tracks similar information as an
AMA record with the exception that the information can be collected with
only a 10 second delay from real time. RFCALL Trace also tracks the
individual radio in use, any handoffs, and the signal strength of
the cellular call. Law enforcement agents issued a subpoena to Cellular One
for all information regarding the fraudulent cellular phone number's
activity on our system.
Most of the fraudulent phone calls were being placed between 10am and
midnight. Tracking which cell sites, cell faces, and radios the suspect's
calls set up on identified a small geographical area as the suspect's base of
action. Once an area had been established, one team member drove this area
using an RSAT Plus, an IFR 1500, and a directional antenna (all basic
cellular test equipment used in system optimization) to pinpoint the suspect's
location to a specific apartment complex. This team me tracked the calls
made by the suspects's cellular number and, watching the faces serving the
calls and he handoffs made by the system during the suspect's calls, he was
able to narrow down the location from which the calls were made to a specific
side of one apartment building.
The law enforcement agents, equipped with their own brand of cellular fraud-
busting tools, asked if the Cellular One team could identify the actual
apartment within the building where the calls were being placed. A narrowband
directional antenna was set to the transmit frequency of the cloned phone.
One problem was that with each new phone call, the frequency being tracked
changed. The suspect made short calls, most around one minute, with the
longest between three to five minutes. Using the directional antenna
and resetting the frequency with each new call on the cloned phone, the
Cellular One employee identified a group of apartments within the building
from which the cellular calls were being placed.
Unfortunately, the suspect slipped out of the building before the specific
apartment was identified. Again using RFCALL Trace, the Cellular One team
logged the suspect's next phone call on a cell site near Stapleton
Airport. Law enforcement was notified and kept aware of the phone calls as
the suspect traveled throughout the system. It became evident that the
suspect was moving back toward the apartment complex. Surveillance
officers outside the apartment noticed three men enter just moments before
the Cellular One team notified them that a call had been placed from the
apartment. Within 20 minutes, the suspects again left the apartment.
Denver Police began pursuit of the suspect and made the arrest. Five
additional cellular phones were found in the suspect's apartment. It has
not been determined if these phones are cloned.
Although cellular fraud exists, it is possible to catch the criminals.
Congratulations to our fraud busters! Cellular One asks that you keep this
story confidential since the specifics of this and future investigations
depend on our ability to catch the criminals in action.
End of Cellular One Article.
Pretty scary, huh? Cellular phreaking used to be considered pretty safe, but
times have changed. The cellular phone companies are losing so much money on
cellular fraud, that they have made busting the cellular hackers a priority.
If you do commit cellular fraud, I suggest you use the following guidelines:
1. Never use the fraudulent ESN for over two weeks.
2. Change ESN's as often as possible.
3. Avoid creating a calling pattern with your fraudulent ESN.
4. Avoid using the fraudulent ESN from a stationary location.
These tips could keep you out of jail! Because you cannot divert with a
cellular phone (unless you are Kevin Mitnick) these precautions are necessary.
As my friend John Falcon told me, "Its not worth doing time for silly phone
shit." He's right. H/P is fun, but anyone who has gotten busted will tell
you the same.
But if despite these warnings, you still decide to cellular phreak, just make
this quote from Gatsby your mantra, "An ESN a day, keeps the federals away."
|>ead|<at
-=(TNo)=-
Table of Contents
~~~~~~~~~~~~~~~~~
Introduction......................................Dead Kat
Operation Phundevil...............................Disorder
What Happens When You Get Caught..................John Falcon
Legal and Technical Aspects of RF Monitoring......Major
The Tao of 1AESS..................................Dead Kat & Disorder
Frequently Visited AT&T Locations.................Major & Dead Kat
Remote Hacking in Unix............................Voyager
The Definity Audix VMS Inside Out.................Boba Fett
Bridging the Gap..................................Eddie Van Halen
Elite Music Part V................................Disk Jockey
Conclusion........................................Dead Kat
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
-= Operation Phundevil =-
by DisordeR[TNo]
With all the busts happening in the past year, and a lack of
information in the scene regarding who got busted when, and for what,
I decided to put this article together. After working on this for a
while, I realized that not only was it a little difficult in finding
bust info, but half of the little you found was bullshit.
The information in the following article is as accurate as I
can find. With all the different accounts of what happened, different
nicknames, different NPA's, and pure stupidity out there, don't bet your
life on the information contained within this article.
The following sections give you some details about some busts,
and RUMORS of others. I indicate which are rumors and which are legit.
I utilized everything from BBS posts, to newspaper articles, to word
of mouth. Thanks to those who helped me on this. And by no means is this
NEAR complete...
=-=
"OPERATION CYBERSNARE: FEDZ = 1, PHREAKZ = 0"
Main Thugs:
Peter A. Cavicchia II - Special Agent in Charge
Donna Krappa - Assistant U.S. Attorney in Newark
Stacey Bauerschmidt - "Carder One"
The Busted:
Richard Lacap - "Chillin" - Katy, Texas: Accused of conspiring to break
into the Portland, Oregon AT&T Wireless computers.
Kevin Watkins - "Led" - Houston, Texas: Accused of conspiring to break
into the Portland, Oregon AT&T Wireless computers.
Watkins used the computer system of Embry Riddle University in
Prescott, Ariz., to enter the McCaw computer, Secret Service
Special Agent Stacey Bauerschmidt said in a sworn statement.
Jeremy Cushing - "Alpha Bits" - Huntington Beach, California: Accused
of trafficking in cloned cellular phones/equipment and stolen
access devices (ESN/MIN Pairs).
Frank Natoli - "Mmind" - Brooklyn, New York: Accused of trafficking in
stolen access devices.
Al Bradford - "Cellfone" - Detroit, Michigan: Accused of trafficking in
unauthorized access devices.
Michael Clarkson - "Barcode" - Brooklyn, New York: Accused of possessing
and trafficking in hardware used to obtain unauthorized access to
telecommunications services.
Penalty:
If convicted, defendants face maximum possible sentences ranging
from 15 years for Cushing to 10 years for Bradford, Clarkson and
Natoli and five years for Lacap and Watkins.
Details:
Starting in January, Stacey Bauerschmidt and other Secret Service
agents in Newark, NJ, set up what is now called "an electronic chop shop"
by the press. Stacey (in cooperation with a 'nameless informer' who will
be mentioned later) set up a computer BBS called "Celco 51" with the
intent of busting hackers and phreakers specializing in cellular phone
fraud.
For the first sixth months, the board operated using MBBS with
four nodes. At any given time the board had an 800 re-route (not really)
so that the users could call without any problem (ANI). To the credit of
the agents in charge, the board did not allow just anyone access. The sysop
(PMF) appeared to discriminate and only allow the 'elite' members of the
H/P community on. With the illusion of security, the agents running the
board could successfully monitor the users, and begin to make deals with
the hackers.
Stacey [Who went by 'Carder One'] continually asked members of the
BBS if they were interested in selling ESN/MIN pairs [Used for cellular
phone fraud]. These 'pairs' are considered 'illegal access devices' and
are usually found in large enough amounts to consist of felonies. On top
of the illegal access devices, Stacey was looking for people that were
willing to sell illegal cloning equipment. This equipment consisted of
devices used to get pairs, clone phones, and reprogram phones.
The operation was very successful in many ways, notably the ability
of the agents to mask the true nature of the board. For over eight months,
Stacey and other agents monitored the board looking for any chance to
prosecute any of the members. The sysop (PMF) continuously advertised the
board to the members, as well as mailed and HARASSED members into calling
more than they wished to (Entrapment anyone?). PMF was responsible for
mailing members up to three times a day, message flooding people on IRC,
and using other methods of harassment to get hackers to call.
On top of the harassment, Carder One continuously asked for people
to post 'pairs' as well as sell them in private. In a few cases, individuals
would not have considered selling these pairs had the federal agents not
harassed them so much. Ahem.
"Cushing and five others were arrested in four states during a
sweep last week by federal agents. Another 14 raids spread over eight
states led to the confiscation of 31 computers, 65 illegally programmed
phones and 14 "readers," devices used to illegally pluck cellular phone
numbers and serial codes from cellular phone transmissions."
[Wonder who's computer will run the next sting board?]
"But because the alleged crooks posted phone numbers on the bulletin
board indicating where they could be reached, the Secret Service was able to
trace the calls, leading to the arrests."
[Need we emphasize the importance of Diverting any more?]
"But officials said this case represented the first time that the
Secret Service had created an entirely new computer bulletin board..."
[Couldn't bust any warez kiddies recently...]
[Watch out kiddies... They are using more than 'questionable' methods
of busting hackers and phreaks these days. If you haven't met someone,
be careful of what you post on their systems.. many people thought
PMF was cool until he NARKED on everyone that he could.]
=-=
"ANARCHIST BUSTED FOR WRITING MAGAZINE"
From: The Anarchives <tao@presence.lglobal.com>
In early march of 1995 I was arrested for "Unauthorized Use Of A Computer".
Three large, white, plain-clothes detectives from 52 division in downtown
toronto came to my house, promptly arrested me, took me to a holding
cell, and conducted a strip search (looking for codes I guess). I was
held in custody for four hours (7:30 pm to 11:30 pm), and released as a
result of substantial protest made by friends and family at the sergeants
desk.
I was being accused of breaking into the computer systems at the
University Of Toronto for the purpose of publishing "Anarchist
newsletters".
The sysadmin of ecf.utoronto.ca, one Professor Jack Gorrie
<gorrie@ecf.utoronto.ca>, saw someone on his system publishing Anarchist
materials, assumed I was a malicious "hacker", turned over all records of
my email, news posts, key strokes, you name it, to the police at 52
division. The police realizing how dangerous these "hacker anarchist"
types are, had to come to my house to cuff me, bring me down, and strip
search me.
I was to face trial for a possible six months in prison, just for
exercising my democratic rights and responsibilities.
Of course the end result was that the charges were dropped, although this
was not until several months later (sept 7, 95), after several
appearances in court, and after my agreeing to pay $400 to the skule.
=-=
"FEDS SAY HACKERS CRACKED INTO TOWER CREDIT CARD RECORDS"
by, Denny Walsh
From: The Sacramento Bee
Saturday Sept. 16, 1995
Two talented Berkeley hackers were charged Friday with computer-
age crimes against a Tower Video rental store in Sacramento, federal
authorities said, in large part because they went up against Tower's even
more talented electronic security corps.
When authorities raided their apartment last month, Terry Patrick Ewing,
21, and Michael Yu Kim, 20, had the credit card numbers of 2,000 Tower
customers, federal prosecutors said.
According to a federal grand jury indictment, Ewing and Kim used
their personal computer to break into a system know as TRON, owned and
operated by Tower's West Sacramento-based parent, MTS Inc.
Kim and Ewing are charged in a three-count indictment with
conspiracy, fraud and the unauthorized destruction of computer data.
The prosecutor said the pair are not in custody and will be
allowed to surrender next week. He said he does not see them as flight
risks.
=-=
"KEVIN MITNICK BUST - HIGHLIGHTS"
From Multiple Sources
If you want more details, read the hundreds of articles about this story.
Also, read the Phrack 47 editorial pertaining to this subject.
Kevin Mitnick (31)
-One of the first indicted under Computer Security Act of 1987
-Search began in November 1992
-Mark Seiden (expert in firewalls) discovered that someone had obtained
all of Netcom's credit card numbers for 20,000 online subscribers.
-Stole files from: Motorola, Apple, Netcom, and more.
-Mitnick used the Well as a repository for files he stole from computer
security expert Tsutoma Shimomura.
-After raping Tsutoma, he used Bruce Koball's account to transfer
proprietary software from Motorola, NEC, Nokia, Novatel, Oki, Qualcomm,
and other cell manufacturers.
-Shimomura concluded that it was Mitnick, and that he was operating
through cellular, from Raleigh, NC
-Mitnick was bouncing his calls through GTE Switches, local switches,
and a few types of cellular switches, and utilized Netcom's dialins.
-Lived in Player's Court, a 12-unit apartment building in suburb of
Duraliegh Hills, three miles from the airport. He lived in Apt 202.
-Until a week or two before he was arrested, FBI surveillance agents in
Los Angeles were certain that 'the intruder' was somewhere in Colorado.
-FBI arrested him at 24 hour stakeout
-Arrested in Raleigh, N.C. at 1:30 a.m.
=-=
"PHREAKS BUSTED IN NY... MORE TO COME"
"Ok all Listen up and listen good. resistance is down. Maybe permanently. Most
of you prolly haven't heard yet, but there have been major busts going around.
... Today alone i found out that Neon Samurai, Tokien Entry, and Hellfire
have been busted. ... that they even busted craig neidorf(knight lightnig)
again.
More bad news. If you are on UPT(unphamiliar territory) or Cellco 51, stop
calling. The SS who raided hellfire slipped a bit and bragged about being on
those boards.
Hellfire said the feds were mostly interested in credit cards,
VMB's, and Cell phones.
They are looking to bust for cellular, VMB's and credit cards...
Tokien entry i found out has been in jail for 2 days!
Neon Samurai was busted for credit cards and also for telco equipment that
the nynex people said was worth 50,000. "
PMFs (Narc) reply:
"dude, this is utter shit and i expect u to post this reply for me seeing
as i ain't on that bbs.. Hellfire gave up his accounts to UPT and my bbs
among others, he was the only person busted and nothing to do with his
busts was EVER mentioned on my board. He doesn't even get involved in
cellphones, he was busted coz he and every other person busted used
1 800 CALL ATT from his house.. what a bunch of lamers... I don't even
know who wrote that next but i would like to find out.. probably the guys
from NYHE..."
[Ironic isn't it!]
=-=
"ALPHABITS ORIGINAL BUST LAST YEAR"
Caught alphabits on irc lastnight and he said:
<alphabits> but I got sent to prison 7 months ago, and lost contact ***
According to different people, he was busted for check fraud and/or credit
fraud and/or cellular fraud. Unfortunately, I will not be able to talk
to him until after this article.
=-=
"SYNCOMM, MEMBER OF S.O.B (SERVANTS OF BABUSHKA) RAIDED"
From another group member:
Syncomm was talking on the phone.. the day before Master of Reality got
busted... so MOR, Greg and equinox were sitting there chatting away when
a load of federal agents <SS, FBI, 1 NSA guy and even a guy from customs>
and some local police busted down his door. He dropped the phone and all
they heard was a rustle of papers .. then a "Secure that paper!" then a
click.. They put a shotgun to his head and said "Hello Syncomm". They
said he was the leader of S.O.B. an international terrorist organization.
Then again they thought that Crypt Keeper and MOR were also the sole
leader of SOB ... So then they put a knee to his back and handcuffed him
<Greg, 16, apparently posed a serious threat>. They proceeded to
interrogate.. and at one point this one agent <female> tried to seduce him
into talking <I think he would of he she did more .. ;)> ..
He was finaly was lead outside when his neighbor walked up to them and
handed them all of Greg's notes, etc.. that greg had asked him to stash..
Greg then threatened his neighbors life.. <which he came back to do
unhandcuffed afterwards> and was led off to holding... were they produced
"A big fucking printout" that apparently detailed Greg's activities.. they
nailed him for hacking UC and then accused him of crashing their
systems.. Along with criminal tools <his computer> and some other
offenses.. <one of which I am sure of is Wire Fraud.. they love that>
=-=
"FBI REVEALS ARREST IN MAJOR CD-ROM PIRACY CASE"
SOFTWARE CRACKDOWN - Two Canadians were arrested in a blitz
that has software companies upset to see piracy extending
into the CD-ROM format.
From the Associated Press, Saturday Dec 24 1994
BUFFALO, New York - The FBI has arrested a Canadian father and son in what
is believed to be the first major case of CD-ROM piracy in the United States.
Agents said Thursday they seized 15,000 counterfeit copies of the popular
CD Rom games REBEL ASSAULT and MYST that were being sold at 25% of retail
value.
PETER MISKO, 63, of Mississauga, Ontario, and his son, BRUCE MISKO, 36, of
CHICAGO were arrested in Buffalo and charged with felony copyright infringe-
ment. The counterfeit goods were recovered in a Niagara Country warehouse
authorities said.
The FBI told the Los Angeles Times that additional warrants were served in
INDIANA and NEW HAMPSHIRE as part of a crackdown on retail stores selling
the illegal software. MORE ARRESTS ARE EXPECTED.
=-=
"MULTI-COUNTRY EFFORT CRACKS COMPUTER RING"
TORONTO - Canadian, US and European investigators
have cracked a ring of computer hackers who allegedly
stole about $5 million US$ by breaking into the
computers of phone companies and other firms.
The 12 hackers who met over the Internet, used coding
and call switching to conceal the transfer of funds,
codes and communications.
RUDY LOMBARDI, 22, of MISSISSAUGA Ontario PLEADED
GUILTY on Tuesday, June 27 1995. He got 90 days in
Jail and 100 hours of community services for HELPING
the RCMP with their investigation - instead of at least
a one year jail sentence.
=-=
"RUMORS FROM 914"
There has been a huge chain of busts in 914. Apparently, GANGSTER,
who ran a board in 914 called 'Bamboozie Dimension' was busted. Rumor
goes on to say that he was 'fucking around with CC's' which led to the
bust.
=-=
"WAREZ BUSTS IN 510"
The Sewer Line BBS in 510 met trouble on December 11th due to the
distribution of console warez (from various posts). Rumor also has it,
that a user on the board going by ROCK'N was in fact a sega representative,
and narked on the sysop for his activities.
=-=
"214 BUSTS"
During August of '94, several boards (mostly warez/ansi affiliated)
were raided by the FBI. The busts occurred in the Dallas/Ft. Worth
area, the list follows:
Agents of Fortune [409] (Sysop: Butcher [LEGEND])
Suburbia [214] (Sysop: The Chairman [RZR],
The Network [214] (Sysop: Masterblaster)
The Depths [214] (Sysop: Maelstrom ex-[RZR/iCE])
Elm Street [214] (Sysop: Freddy Krueger)
User to User [214] (Sysop: William Pendergast)
=-=
"PHILLY 2600 MEETING"
From recent posts and word of mouth, the Philadelphia 2600 meetings are
having a hard time making it past 5 minutes. Apparently, local police in
coordination with mall rent-a-cops [joining of forces there], are kicking
hackers and phreakers out of their meeting place based on charges of
loitering and conspiracy [to do what?! Assemble?]. Currently, police
are threatening to break up meetings, and/or jail participants for the
two reasons cited above.
=-=
"FEDZ BUST KID IN MINNESOTA"
November '94, a 15 year old in Minnesota had a pleasant visit by
federal agents. According to newspaper articles, the boy [unnamed
in the article] was basing his hacks out of the Detroit Free-Net.
"He used passwords to gain access to more than 10 computer networks
from Detroit to Moscow". During his time on the Detroit Free-Net,
he was said to have maliciously disabled enough of the system 'forcing'
it to shut down.
Currently, the boy is facing potential charges for using
telecommunications devices to cross state lines, and felony charges
for breaking into computer systems.
Other favorite quotes from the articles about this case:
"...hospitalized, possibly for psychological reasons, when police
confiscated his computer modem and software programs Monday."
"...said the boy appeared to fit the typical hacker profile: a
15- to 20-year-old male, many who have low self-esteem. 'He really
could use a girlfriend instead of a computer' Grewe said."
=-=
"THE TROUBLES OF BERNIE S."
Recently, a lot of press has been covering the story of 'Bernie S'.
You can find more info about his bust on alt.2600 as well as several
'hacker' mailing lists. Here are some of the interesting quotes from
one of those articles:
"Ed Cummings, also known to many in cyberspace as Bernie SS was arrested
on March 13th, 1995 for 2 misdemeanors of possession, manufacture and sale
of a device to commit Telecommunications fraud charges. He is being held in
Delaware County Prison in lieu of $100,000.00 Bail."
His arrest took place at a local 7-11 where *15* police cars pulled
into the parking lot. During the interaction with the officer, he told
them 'no, you can't search my car', yet minutes later, he noticed
an officer going through the contents of his car. Despite his protests,
the officer removed several timing crystals, tone dialers, and a 'broken
red box'.
The following day, Bernie was at a friend's house when '8 to 10' plain
clothed armed men burst into the house yelling 'freeze'. Minutes later
he was being taken to jail in cuffs. He was not formally charged until
his arraignment where his bail was set to 100,000 dollars because he
refused to talk with the police without counsel present.
"The Judge dropped the two unlawful use of a computer charges due to
the fact that the evidence was circumstantial and the county had no actual
evidence that Ed had ever used the computers in question. As of 3/27/1995
Ed Cummings is still in Delaware County Prison awaiting his trial."
=-=
"RUSSIANS ARREST 6 IN COMPUTER THEFTS"
This article was taken from the Associated Press, Saturday Dec 24 1994
St. Petersburg, Russia, Sept 26 (AP) -- Russian police
officers have arrested six more people in a $10 million
computer theft from Citibank here, but the masterminds are
said to remain at large.
Several people have been arrested abroad and face charges
in the United States, including Vladimir Levin, 28,
reportedly the group's computer hacker.
Citibank officials said they recovered all but $400,000 and
upgraded the cash-management systems's electronic security
after the theft.
FT, Sept 21, 1995.
Extradition in Citibank hacking case
A British court yesterday approved the extradition to the
US of Mr Vladimir Levin, the Russian science graduate
accused of an attempted $10m (6.5m pounds) computer hacking
fraud on Citibank. ...
=-=
"PURPLE CONDOM CAUSES TROUBLE"
Purpcon recently had pleasant meetings with his Dean where he attends
college after getting caught rewriting his magnetic student ID, so
that others would get charged for his meal. :)
=-=
"CoTNo RUMORS"
In past issues of CoTNo we have always said 'good luck to' people
that have been busted (or said to have been busted)..
Deathstar, AntiChrist (school admins?), Coaxial Mayhem,
Maestro (Blueboxing?), Lucifer (still in jail?), Grappler (hacking),
Jimbo (MCI Calling Card Fraud), Maelstrom, and Datastream Cowboy (hello
CIA spooks), Merc, Crypt Keeper (keep reading), 602 crowd, and the 513 crowd.
At the request of some of the above, I can't go into details on their busts.
=-=
"JOHN FALCON BUSTS"
Since rumors about his bust have been running rampant on the 'Net',
here are the facts about the bust... for more info, and JF's reply
to the rumors, read CoTNo 5.
Common myths of my arrest:
1 - The FBI/NSA cracked my hard drive and read all my encrypted mail.
2 - Mr. Falcon left his secring.pgp on his system.
3 - FBI/NSA read the RSA encrypted data.
4 - My conviction was because I was a hacker.
Let me go over my conviction:
Count 1: Theft of Government Property - How they caught me: Narc
Count 2: Fraudulent use of an Access Device - How they caught me: Narc
Count 3: Fraudulent use of a Computer - How they caught me: questionable
Count 4: Fraudulent use of an Access Device - How they caught me: Narc
If you would like to get in contact with JF, here is his info:
email: jfalcon@ice_bbs.alaska.net
snailmail: Don Fanning
#12617-006
3600 Guard Road
Lompoc, CA 93436
=-=
"EPSILON, DAMIEN, SHOCKWAVE (303)"
From CoTNo 3 (Read there for full story)
Three Colorado teen-agers are suspected of setting up an elaborate computer-
hacking system that tapped into a long-distance telephone company and stole
secret access codes (k0dez!).
Police arrested Kevin Wilson (Damian), 18, of the 7400 block of South Gallup
Street in Littleton, and two juveniles (Epsilon and Shockwave) from Jefferson
County in the alleged scheme.
=-=
"INTERVIEW WITH A CRYPTKEEPER"
ck: I only got busted last February (1994) for hacking
dis: I heard you got hit twice.. once last year, and once a lot more
+recently..
CK: nope, I moved, I didn't get busted. I only got busted last year,
once, that's it. And it wasn't real serious.. not like cellphone/money
laundering..just some inet hacking. I got busted for hacking the
University of Cincinnati and a few other things on the net.. they
traced me through a PBX.. they were serious. They thought I was
a spy. they were pissed to find out I was just a 16 year old.
dis: hmm... bad.. did they just search/seize or what?
ck: search/seized my computer.. I eventually got most of my stuff back
(the computer, monitor, and keyboard) and had to spend 10 days in
juvenile thats about it. oh.. and a big pain in the ass too of
course not bad at all..
dis: anything else?
ck: and tell them I was only busted ONCE, and it wasn't all that serious.
I don't have any plans to get back into the scene (it sux now), but
I do enjoy hearing about it sometimes.
=-=
"FEDZ CATCHING ON TO CALLING CARD SKAMS"
A $50 million telephone calling-card theft ring disclosed
earlier this week by federal investigators is representative of the advanced
types of scams that have emerged in the last two years as telephone companies
have become better at ferreting out fraud.
The Secret Service said Ivy James Lay, a switch engineer at MCI's network
center in Charlotte, N.C., stole over 60,000 calling card numbers from MCI
and other long distance companies, later selling them to 'band of computer
hackers.' The estimated value of the cards lies near $50 million. The
Secret Service (which investigates fraud like this) claims this to be the
largest case of calling card theft to date.
=-=-=
"SOME OF THE INTERESTING FACTS FROM A NEWSPAPER ARTICLE"
Two computer hackers have been sentenced to fed. prison and an accomplice in
Mn. awaits sentencing for his part in an international phone conspiracy.
Ivey James Lay of Haw River, N.C., and Frank Ronald Stanton of Cary, N.C.,
were part of a hacker ring that stole credit-card numbers from MCI's
Computer terminal in Greensboro. A third member of the ring, Leroy James
Anderson, of Minneapolis pleaded guilty Friday in Minnesota to federal
copyright violations.
US District Court Judge James Beaty on Fri. sentenced Lay to tree years
and two months in prison. Stanton, a 22-year-old student at Wingate College,
was sentenced to one year. Anderson's sentencing is expected this summer.
The conspiracy stretched into several European countries and cost long-
distance carriers more than $28 millon, authorities said.
Lay and Stanton pleaded guilty in Jan. to charges of fraud and trafficking
in unauthorized access devices. The group bought and sold at least 50,000
numbers from 1992 until the summer of 1994, according to court documents.
"What I did was very stupid," Stanton told Judge Beaty at his sentencing.
"I'd like to go back and finish college."
=-=-=
"SHOCKER[303] GETS NAILED FOR CC'S"
Damn, I got busted w/an illegal line tap! FUCK. No jail, just major phone
bills! They are gunna try to bust me w/Credit Card fraud too. I shoulda
listened to you. Fuck me. Got my mac taken away, I am writing this from a
friends, I am not supposed to be here either, but hell, I got everything taken
away, life sux shit, so do the gawd damn cops. Anyways, um, I'll see what
happens, I'll call you sometime if I can get to the phone w/out my parents
knowing. I can't have anything back until I pay for this shit, I think it is
between $400 and $500, not sure, I already paid $170, but then I hafta
fucking pay for MY PARENTS phone bill too, I rung the fuck outta that too. I
got like, a felony and a second degree misdemeanor for that shit, they
will drop the felony to a misdemeanor tho, I got charged with 'Theft' (felony)
and criminal tampering (2nd degree misd.) SHIT TO HELL! Damnit. Anys, um, I'll
see ya ok? Bye..
=-=-=
"NYHE RUMORS"
The New York Hack Exchange got busted for scams and cellfonez...
(Someone mail me with more than a rumor please)
=-=-=
"WAREZ BOARD BUSTS AROUND THE COUNTRY"
Bad Sector [BUSTED!]
Beyond Corruption [BUSTED!]
Jurrasic Park [BUSTED!]
Lineup [BUSTED!]
Main Frame [BUSTED!]
Necronomicon [BUSTED!]
No BBS [BUSTED!]
The Notice [BUSTED!]
On The World [BUSTED!]
Perfect Crime [BUSTED!]
Red Alert [BUSTED!]
Restricted Area [BUSTED!]
Rubbish Heap [BUSTED!]
Skull Island [BUSTED!]
Twins [BUSTED!]
The Underworld [BUSTED!]
Wolf Pack [BUSTED!]
15 Arrests
75 RCMP Officers Involved
Removed at least 11 BBSs in one day
Seized more than $200,000 in computer hardware
Operation/Investigation lasted 6 months to 1 year
April 12, 1995
Busts are localized in Montreal
514 NPA
=-=-=
"DUTCH HACKER ARRESTED"
(from CUD 7.21):
--------------Original message----------------
UTRECHT, THE NETHERLANDS, 1995 MAR 6 (NB) -- A Dutch student has
become the first person to be convicted of computer hacking in the
Netherlands. Ronald Oosteveen, a 22 year old Utrecht computer science
student, was handed down a six month suspended sentence by
magistrates last week, and was fined around $3,200
Oosteveen was accused of breaking into university, corporate and
government computers, following his arrested in March, 1993, just
three weeks after new Dutch anti-hacking legislation came into force.
Oosteveen was caught in the act of trying to hack into the computer
lines of a technical university in Delft near The Hague. He is also
thought to have been responsible for previous hacking attacks which
occurred before the new legislation came into force.
=-=-=
"THE EAST COAST"
Tabas and Others Bust:
According to Gatsby, the following were busted: Himself, Mark Tabas
KC, Dispater, St. Elmos, Zibby, Rudy, Dr Delam, and Phantom Phreaker.
(When I talked to him, he wasn't able to say much since it was the day
after the bust)
From empire Times:
February 22, 1995
One thing all the people have in common: Southwestern Bell - or at the very
least, the desire and ability to hack all the switches on the west coast.
According to those involved, it goes way beyond switches...
=-=-=
"THE LAMACCHIA CASE"
April 94:
BOSTON, MA ...A federal grand jury returned a felony indictment today
charging an MIT student in a computer fraud scheme resulting in the piracy of
an estimated million dollars in business and entertainment computer software.
United States Attorney Donald K. Stern and FBI Special Agent In
Charge Richard Swenson announced today that DAVID LAMACCHIA, age 20,
currently a junior at the Massachusetts Institute of Technology, was charged
in a one count felony indictment with conspiring to commit wire fraud. The
indictment charges that between November 21, 1993 and January 5, 1994
LAMACCHIA operated a computer bulletin board service that permitted users
to copy copyrighted business and entertainment software without paying to
purchase the software. The bulletin board was operated without authorization
on MIT computer work stations and was accessible to users worldwide over the
Internet... [Losses] are estimated to exceed a million dollars. [bahaha]
=-=-=
"BRITISH CALLING CARD BUST"
British students have taken part in an alleged ?65m computer fraud,
involving the electronic theft of cards that allow users to make free
telephone calls around the world.
The hackers, one of whom was only 17 years old, were said to be earning
thousands of pounds a month selling cards... Police found one teenager
driving a new ?20,000 car and with computer equipment worth ?29,000 in his
bedroom.
AT&T officials also found a computer noticeboard called "Living Chaos"
that was being used to sell the cards for up to ?30 each. It mentioned
Andy Gaspard, an employee of the Cleartel telephone company in
Washington, whose home was raided. "We found 61,500 stolen cards ready
to be sent to Britain," said Eric Watley, a secret service agent in the city.
(The Sunday Times, 12 February 1995)
=-=
"TNO BUST OF 1994 - NEW NEWS"
(my comments in [ ])
ROCKY MOUNTAIN NEWS
(Front Page Headline) COMPUTER-CRIME RING CRACKED (Monday June 19, 1995)
Quartet accused of hacking into Arapahoe college's system,
inciting illegal acts.
---------------------------------------------------------------------------
(Fourth Page Article) 4 ACCUSED IN COMPUTER HACKING CASE (By Marlys Duran)
Suspects used equipment at college to incite criminal acts, officials say.
Arapahoe County - Hackers calling themselves "The New Order" [Look Ma!]
allegedly gained access to the Arapahoe Community College computer and
used it to distribute tips on how to commit crimes.
One man operated a computer bulletin board on which contributors
from throughout the world exchanged how-to information on crimes ranging
from credit-card fraud to high-tech burglary, authorities said. [Of course
they fail to make that distinguishing gap that this board was NOT run off
the Arapahoe system, and that it was a private BBS run out of his house]
Computers were seized from the homes of four hackers, ranging in
age from 15 to 21. Secret Service experts were called in to help crack
the computer files. ['type filename.txt' is hard to crack eh?]
Investigators found software for breaking passwords, lists of
private passwords for several computer systems, instructions for cellular
telephone fraud, private credit reports [Plural? Nope], lists of credit-card
numbers and electronic manuals on how to make bombs and illegal drugs.
[Yes, WE did the oklahoma bombing!@$!]
In a 97-page affidavit detailing the 18-month investigation,
investigator John Davis of the Arapahoe district attorney's office said
that the hackers "operate with an attitude of indifference to the rights
and privacy of others and have made efforts to teach and involve others in
their criminal enterprise." [What the fuck does the government do everyday?]
At the home of a Denver juvenile, authorities found hazardous
chemicals and a book on how to make bombs.
Nicholas Papadenis, 21, of Broomfield, and John Patrick Jackson, 19,
of Thornton, were charged last month with committing computer crimes and
conspiracy. Both are scheduled to appear in Arapahoe County Court on July
5.
A decision is pending on whether to charge a 15-year-old Highlands
Ranch youth and a 17-year-old Denver resident, chief deputy district
attorney John Jordan said Friday.
The affidavit says Papadenis, Jackson, and the youths hacked into
the Arapahoe County Community College computer system, then used it to
illegally distribute copyrighted computer games [Sorry, TNo doesn't have
a warez division yet] and electronic magazines promoting fraud, theft,
burglary and money-laundering.
One of the magazines stated, "This publication contains information
pertaining to illegal acts. The use of this information is intended solely
for evil purposes." [Source: CoTNo 1!@#!@]
Court documents do not indicate the hackers had political motives,
and authorities declined to comment on the case. [Hackers with political
motives would be way above their head.]
A Denver University expert said computer criminals usually are not
motivated by ideology. They usually are young people who are "doing it for
the sheer challenge of it - just to demonstrate that they're able to do it,"
said Don McCubbery, director for the center on electronic commerce at DU.
McCubbery estimates that authorities learn of only 5% of computer
crimes. He said computer security experts generally have difficulty
keeping up with the hackers. [No shit]
-----------------------------------------------
(Side note box) THE NEW ORDER (Bullet listing)
Some accusations listed in court documents concerning The New Order group
of computer hackers:
- A hacker from the United Kingdom offered suspect John Jackson
a VISA card number with a $300,000 credit limit. [Tacos anyone?]
- A computer seized from a Highlands Ranch home contained password
files for computer systems at the University of Colorado
at Boulder.
- A note found in Jackson's home indicated his plans to hack into
the Thornton Police Department computer. [Yes, they believe
everything they read]
- Jackson also had a computer file containing access information
for Taco Bell and McDonald's computers. [There goes national
security!]
=-=
That is all for now. Not a good year by any means as you can tell,
especially considering who else may have been busted, that we didn't hear
about. Don't stop what you are doing though, just be more careful of
your activities. YOU are right, THEY are wrong.
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
What Happens When You Get Caught
--------------------------------
[A.K.A The Hackers Guide to the Law and Prisons]
by
D. Fanning - A.K.A. John Falcon/Renegade - TNO
Well if you are reading this, that means you are either curious or shit
happened and the law reared it's ugly head and they nabbed you. Now what
you are about to read is absolutely fucking true. Why is this? Because I
am spending the next year or so in prison for hacking. Now needless to
say, I have already announced my retirement from the scene, but I still
wanted to write and rant and rave about all the things that happen in this
world and to clue you in on a quite a few things.
Let's start with the ground rules:
1. You cannot make a deal with a cop. So when they start reading Miranda
rights, keep silent or just ask inconspicuous questions like "Where are we
going?", or the common ne, "What's going on here? Why am I being charged?"
Only a D.A. or someone in the lawyer capacity can make a deal. If a
cop offers a deal, you are still going to get charged. Cops cannot
make any exceptions on anyone. So drop all ideas of such.
2. Do not narc on anyone when the questioning starts. Your best bet would
be to just stay silent till the lawyer shows up or something. Why?
Questioning wouldn't be done unless there were gaps in their
investigation. What you want is as many of those as possible. The
more you have, the better it will be when plea bargaining starts up.
At the very least though, lets say the they do convict you, the feds
and the court find you guilty or you plea that way and you are thrown
into the clink. Guess who does your admissions paperwork? You guessed
it, the inmates. Word has a way of coming around to dealing or giving
a very wide berth to those who do the narc thing Key idea: "If you
fall, don't bring others down too. It just adds to the load on you."
3. During questioning, they will put on a lot of plays to make you talk,
they will offer you something to drink or something to make you feel
more comfortable. Well why not? Spend 60 cents and get your work done
for you by a confession. Makes things nice and neat. Don't fall for
it. If you are thirsty, accept the drink and don't tell them shit.
4. They will also do some kind of powerplay on you. They try to make you
think that they are doing you a favor, but in reality, you are digging
a deeper hole for yourself.
5. The idea of you being innocent until proven guilty has gone the way of
the do-do bird. When a jury sees you, the first thought that comes to
mind is not if you are guilty or not, the question is HOW guilty you
are. The way they see it, if you are not guilty, what are you doing
in front of them in the first place? The O.J. Simpson trial is a
perfect example. Also, look how many cop shows are around the box.
That right there is a disgrace in my book. First they have you on
film, second they pat each other on the back while you are in
misery. Sick.
Well on with the show. If they have already done an investigation on you
and you don't hear from them in a while, the first natural reaction would
be to relax and let your guard down. WRONG ANSWER! That means that some
shit is really going to go down. You should be extra careful and not
talk about it to anyone. Most likely they are looking for more evidence
to make it harder on you in the long run, like a wiretap. In the federal
system, all you need is one person's permission to record a phone call.
If you have to talk about it, use face to face contact and pat each other
down to make sure there is no bug. For instance, when I was arrested I made
a fatal mistake and talked about it to one of the co-defendants and he
had cut a deal with the D.A. already. My bacon was cooked when I heard
my voice on a tape recording.
Well no matter what happens, sooner or later you will get nabbed so I won't
get into the details of this. All I can suggest is that you really do
what ever you can to get a real attorney. P.D.'s are good for some
things but they get their paycheck from the same place that nabbed you in
the first place so don't let that fool you too much. I will admit that
it is better than nothing though.
Most likely for the computer hackers out there, they will charge you
under 18-USC-1029 which is Fraudulent or Counterfeit use of an Access
Device. This charge was mainly intended for credit cards but the D.A.'s
have taken it to just about everything that involves computers or
communications in general.
Now there are some landmark cases that have beat this into the ground.
One of them being U.S. vs Brady which was a guy making satellite decoders
with the stops pulled out of them. He beat this due to the ruling that
the signal was out there everywhere and that he merely just decoded the
signal. Therefore there was no actual loss, just potential loss which
doesn't count. Another one is U.S. vs McNutt in the 10th Circuit of
Utah. This guy made chips for cellular phones that would send different
ESN/MIN pairs to the cell site that made it always seem like a new roamer
every time he calls. The cell site just goes ahead and gives him the call
because it doesn't have time to verify if it is a valid MIN/ESN pair. He
won the case due to the same fact that there were no accountable loss
because it never used or really billed any legit customer.
The flip side of that is being two weeks ago from when this was written,
a guy was tried in LA for the exact same thing and was found guilty,
appealed the case, won the appeal, then the government re-appealed it and
he lost again. This caused a split in the court circuits which means
that this will got the Supreme Court.
Remember that the government or any government agency will not press any
issue unless there is some kind of financial deal behind it because they
are wasting time and resources on you when they can be getting Joe Blow
Cartel Drug Dealer.
So they find you guilty or you plea. The next step is the Pre-Sentence
Investigation. They basically take a fine tooth comb and find any dirt
about you that they can. You will be amazed about all the things they
can do to make you seem like a threat to society, the American way of
life, apple pie and all... All you can do is make sure or try your
hardest to make it clean as possible. Now I got ripped hard on mine due
to very strained relations with one of my parents and they managed to
throw everything that anyone had ever said about me together to make it
look like I was truly evil. That is where the cops will come back and
haunt you because everything you say will be in that report. Every
little action and all will be written with a slant of a cop. (Needless to
say who writes the report kids... The U.S. Probation Office, a branch of
the Secret Service and the F.B.I.)
Well you are convicted and here you are. Depending on where you live,
you will either be bussed/vanned to the prison where they choose for
you or they will fly you there. After you are sentenced you now belong
to the Bureau of Prisons (A D.O.J. branch). Basically you will be taken
to a county jail for holding while they classify you and then you get
transported out. When I was transported out, I was in shackles and all
taking a ride on Fed Air. The USM's have a fleet of 737's they confiscated
from drug busts and converted them into their own use. You are basically
bussed out to a unused or empty part of the airport and with a large ring of
USM's with shotguns in their hand, you get put onto an airplane and given a
box lunch and off you go. I went from Portland to Sacramento to Phoenix
in one day. Spent the night at the FCI in Phoenix then the next morning
from there to Lompoc where I am now.
Remember these words though... You are now property of the B.O.P. Basically
you are luggage, they can transport you at any time whenever they want to.
But, depending on where you go, it isn't all that bad. Most likely you will
meet friends or acquaintances that will help you along. Just ask a few
questions and usually they will know. One thing to never do is be secretive
about why you are there. You are there, most likely someone else is there
for the same thing and you can get a strong fellowship going with people
in the same predicament.
One thing to always keep in mind from now to eternity, no matter where you go.
The feds are nailing everyone for 'Conspiracy'. It's a damn shame when
you go to a place where 90 percent of the inmate population is here on some
kind of drug related charge and of that 90%, 35% are here on conspiracy
related charges. Truly something to think about.
Now for the hackers and phreakers that are facing jail. If your PSI report
even breaths any mention of some kind of use with the computer, you will be
banned from that. 3 days ago I was given a list of direct orders to avoid
all contact of that. Likewise, they put a restriction on the levels of
computer related material that I can read. Usually you can get any
periodical you want except for things that deal with gay man on man stuff.
Just like the gay people feel, that smells of discrimination but that's
just the way it is.
Phones are something else that you will wish that changes real quick. The
phones are run by a B.O.P. thing called ITS-Inmate Telephone Services.
Basically it's a Unix run PBX that limits the people you can call and it
throws the bill on you. No more collect calls or anything of that nature.
Just doesn't happen. But the inmates have won a Class action suit against
the B.O.P. about this and the government right now is appealing it.
Technically with a suit or even an appeal, you have to implement it
as soon as you can after the judgement is made. But it's been a year
since they won it and nothing changes. Basically it's the government stalling.
Well that's all for me to say this time around. Remember to keep the dream
alive and judge for yourself with that piece of gray matter between your
ears.
You can write any comments to me at:
Fanning
Reg No. 12617-006
3600 Guard Road
Lompoc, CA 93436
or e-mail at ice@alaska.net or jfalcon@ice-bbs.alaska.net
(I prefer the first method to save my friends postage costs.)
Keep it strong - TNO (The New Order)
John Falcon - Ex-TNo
1981-1994
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>
--- Legal and Technical Aspects of RF Monitoring ---
--- Major [TNo] ---
SYNOPSIS
--------
The "Cordless Fun" (Noam Chomski, 2600 Magazine Summer 1994) article
doubtlessly sparked an interest in cordless phone monitoring. Wireless
telephones are a prime target for monitoring. Both cordless and cellular
telephones are nothing more than radio transceivers that, at some point,
interface with the telephone system. This article will seek to expand on
and clarify some points made in "Cordless Fun", and also to point to some
other areas of interest.
=============================================================================
CORDLESS
--------
Legal Stuff:
Monitoring cordless phones is now a federal crime! Recent legislation
prohibits listening in on cordless phones, much the same as cellular phones.
Also, the Communications Act of 1934 makes it a crime to divulge
anything you monitor to another person. It is also illegal to use anything
that you hear for personal gain. Note that this applies to anything that you
monitor, not just cordless phones. Alternatively, there are presently no
restrictions on scanners that are capable of receiving cordless phone
frequencies. However, I suspect that in the near future the feds will deny
certification to such scanners, as they did with scanners that could receive
cellular frequencies.
Technical Stuff:
Cordless telephones transmit and receive with very low power. This is
primarily to minimize interference with other nearby cordless telephones.
This makes scanning for cordless telephones a short-range endeavor. Most
cordless phones of recent manufacture operate in the 46-49MHz range.
However, the FCC has recently opened up a part of the 900MHz spectrum for
cordless telephone usage. The new 900MHz phones often offer greater range
and increased clarity. There are also models sporting "spread-spectrum"
technology, which makes monitoring with conventional scanning-receivers a
virtual impossibility. Another security measure on some cordless phones
involves encoding the DTMF tones sent from the handset to the base. This
prevents the base from accepting tones from other, unauthorized, handsets.
It does not hinder monitoring the calls, but the DTMF tones will not be
recognizable. In the 46-49MHz phones, there are ten frequency pairs
available. Many older phones only utilize one pair. Newer, more expensive,
phones can utilize all ten pairs. Some automatically search for an open
channel, while others can be manually manipulated to find a channel with less
noise. Likewise, the new 900MHz phones will scan to find a clear channel.
CELLULAR
--------
Legal Stuff:
Intercepting cellular mobile telephone (CMT) traffic is illegal. The
Electronic Communications Privacy Act of 1986 made it so. Scanners that
receive the CMT portion of the 800MHz range may no longer be manufactured,
sold, or imported into the U.S. Many scanners were designed to scan this
area, though. When the Cellular Telephone Industry Association began
complaining about this fact, most scanner manufacturers/resalers voluntarily
"blocked" the cellular freqs from their scanners. This pacified the CTIA for
a while, but the "blocks" were easily hackable. Typically, restoring a
"blocked" scanner involved removing a single diode, a ten minute job for even
the most devout technophobe. This fact led to the passage of the Telephone
Disclosure and Dispute Resolution Act (TDDRA), which denies F.C.C.
certification of scanners that receive cellular freqs, or those which may be
easily modified to do so. New scanners will be "blocked" at the CPU, and
hacking them is unlikely. Frequency converters offered another means of
monitoring cellular and other 800MHz traffic. Essentially, a converter
receives an 800MHz signal, and converts it to a 400MHz signal that the scanner
is capable of receiving. Converters are useful for scanners that have no
800MHz reception capabilities, as well as those that have portions of the
800MHz band blocked. Unfortunately, converters were also outlawed by the
TDDRA. They are still legal in kit-form, however. Another option would be
to build one from scratch, which isn't an especially difficult project.
Technical Stuff:
The word "cellular" defines the cellular phone system. A service area is
broken up into many small cells. As a user travels through an area, his call
will be handed off from one cell to the next. This handoff is transparent to
the user, but a monitor will lose the conversation. Cellular phones use low
power (a maximum of five watts) so that a cell phone will not attempt to seize
more than one site at a time. When a call is initiated by a cell phone, the
nearest site will respond, and assign an available frequency to the phone.
When the user moves comes into range of the next site, the process repeats
itself, and the new site will assign a new frequency. Therefore, it can be
difficult to track a particular conversation as it moves from site to site
with a single scanner. Every area served by cellular phones will have two
service providers. One will be the local RBOC, while the other will be a
cellular-only provider. The two systems are designated as "A" and "B"
systems, or "Wireline" and "Non-Wireline". There is no difference between
the two for monitoring purposes, but since "A" and "B" carriers use different
frequencies, it should be possible to identify local cell-towers as being "A"
or "B" sites.
PHONE PATCH
-----------
Legal Stuff:
The Communications Act of 1934 applies here as well, but there are no other
prohibitions on monitoring business-band phone patches.
Technical Stuff:
Many business radio systems have the ability to tie into the phone
system. Most of these systems will be found in 800MHz trunked
radio systems. In a conventional radio system, one frequency will
equal one channel. In a trunked system, however, frequencies and
channels are independent of each other. The trunking computer will
assign a different frequency to a radio each time it transmits,
and it will send a signal to other radios on the same channel,
telling them the current frequency in use. Phone patches are easy
to monitor, though. Since the radio on a phone patch is
transmitting constantly, the frequency used will remain the same
for the duration of the conversation. Many people mistakenly
believe these calls to be cellular, but they are not. Most phone
patches found in 800MHz trunked systems will be full-duplex, just
like cellular and home phones. Some systems, especially in UHF
(around 450MHz) and 800MHz conventional radio systems will only be
half-duplex, though. In those systems, only one person call talk
at a time, just like normal two-way radios. Radio systems are
typically designed to offer service to an entire metropolitan area,
so range is quite good. The mobile radio will transmit its signal
to a strategically located "repeater", which then re-broadcasts the
signal with much more power. So long as a scanner is within
reception range of the repeater output, monitoring will be possible
regardless of the location of the party transmitting.
EQUIPMENT
----------
Legal Stuff:
Some states prohibit mobile use of scanners. Also, it is illegal
to use a scanner in the commission of a crime.
Technical Stuff:
There is a scanner for every appetite. What sort of monitoring
one wants to do will dictate which scanner one buys. For someone
interested only in cordless phones, a ten-channel scanner with no
800MHz coverage will be quite adequate, and much cheaper than a
more capable scanner. For someone interested in cellular, a full-
coverage 800MHz scanner with a much greater frequency storage
capacity will be necessary. Base, mobile or handheld? Depends
entirely on how it will be used. Modern scanners are programmable,
while older units require crystals. For someone wanting to monitor
only a few channels (such as cordless phones, or the local police),
a crystal-controlled scanner would be adequate, and much cheaper.
But for more serious and varied scanning, programmable units are
a necessity. Models are available that store between 10 and 1000
channels. Uniden/Bearcat and Realistic are the two most commonly
available brands in the U.S. (although Realistic isn't actually a
brand, just a label...Radio Shack scanners are all manufactured by
Uniden or GRE, depending on the model). Because of the TDDRA, many
of the best scanners from the past several years are no longer
available, but watch for Hamfests (great electronic flea-
markets...inquire at your local ham radio/electronics store),
garage sales, etc. There is nothing in the TDDRA or other current
legislation that prevents private parties from owning or selling
pre-TDDRA equipment. Aside from the scanner itself, the next-most
important piece of equipment is the antenna. Handheld scanners
will generally utilize an "all-band" rubber-duck antenna (a
flexible, rubberized antenna, between 8-14" in length), while base
units will have a telescoping metal whip antenna. These antennas
are adequate for receiving strong, local signals, but more
discriminating monitors will demand more. For base units, an all
band discone type antenna, mounted outside as high as practical,
will offer good, omnidirectional performance. For those who only
want to monitor a particular band, it would be best to use an
antenna cut specifically for that band. Likewise, for those
monitoring signals coming from one general direction, a directional
antenna will offer better performance than an omnidirectional unit.
For mobile use, using an antenna mounted on the vehicle will
greatly improve reception.
MISCELLANEOUS COMMUNICATIONS
----------------------------
Voice-pagers can offer interesting monitoring. While the data-
transmissions that send the signal to the proper pager are
proprietary digital signals (and as such, illegal to monitor or
decipher), the actual "voice messages" are transmitted "in the
clear".
Packet-radio is used by ham radio operators. They have a vast
network of computer bbs's that operate independently of the phone
system. Modulated data is sent over the airwaves with a ham
transceiver, where it is received and de-modulated with a Terminal
Node Controller (TNC). Expect the use of wireless data
transmissions to increase over the next few years, and not just
among ham operators.
While not having anything to do with telephones, the "baby
monitors" people use are transmitters just like cordless phones.
They are also low-power devices, so range is limited. Most people
who use these devices would be shocked to learn that they are
"bugging" their own home.
PRESENT AND FUTURE CHALLENGES
-----------------------------
Spread spectrum, digital transmissions, encryption...these are all
factors that are affecting monitoring today. While most cellular
systems are presently analog systems, there are operational digital
systems in some areas. Scanners that are currently available won't
be able to decipher the digital communications, and it is unlikely
that digital-capable scanners will be produced. That means it will
be up to the hackers to provide the technology to intercept these
communications. Spread spectrum is quite hackable, as it was never
intended as an encryption system, per se, yet the phone
manufacturers are certainly marketing it as such. And one oft
overlooked advantage of the Clipper chip is the fact that the
backdoor can be exploited by hackers as well as the government.
In the meanwhile, there are plenty of intercepts to be had, and
there will continue to be.
=================================================================
For More Information:
=================================================================
Scanner Modification Handbook (Vols. I & II), by Bill Cheek
The scanner modification handbooks offer a plethora of information
on hacking scanners. Hacks include: increased channel capacity
(example: RS PRO-2006 from 400 channels to 6,400!), adding signal-
strength meters, cellular-freq. restoration, scanning-speed
increases, and much more.
World Scanner Report, by Bill Cheek
A monthly newsletter on the latest scanner hacks.
Available from:
COMMtronics Engineering
Box 262478
San Diego, CA 82196-2478
BBS: (619) 578-9247 (5:30PM to 1:30PM P.S.T. ONLY!)
COMMtronics Engineering also offers a scanner-computer interface
for RS PRO-43/2004/2005/2006 model scanners.
===================================================================
CRB Research Books
Box 56
Commack, MY 11725
CRB has books on scanner modifications, frequency guides, and other
interesting subjects.
=================================================================
POPULAR COMMUNICATIONS
CQ Publications
76 N. Broadway
Hicksville, NY 11801
(516) 681-2926
Pop Comm is a monthly magazine on all sorts of radio monitoring,
including scanning, shortwave, and broadcast.
==================================================================
MONITORING TIMES
Grove Enterprises, Inc.
P.O. Box 98,
300 S. Highway 64 West
Brasstown, North Carolina 28902-0098
M.T. is a monthly magazine covering all varieties of radio
communications.
==================================================================
NUTS & VOLTS
Nuts & Volts is a monthly magazine that covers a wide variety of
electronic-related subjects.
T&L Publications, Inc.
430 Princeland Court
Corona, CA 91719
(909) 371-8497
(909) 371-3052 fax
CI$ 74262,3664
1-800-783-4624 SUBSCRIPTION ORDERS ONLY
===================================================================
USENET:
alt.radio.scanner
rec.radio.scanner
===================================================================
Charts & Tables:
1. Cordless Telephone Frequencies (VHF)
2. Cordless Telephone Frequencies (900MHz)
3. Cellular Telephone Frequencies
4. Business Band Frequencies (VHF, UHF, 800MHz)
5. IMTS Frequencies
6. PAGER Frequencies
7. PACKET Frequencies
8. ROOM MONITOR Frequencies
9. homebrew cordless dipole antenna
10. homebrew 1/4 wave groundplane antenna
=================================================================
TABLE 1 - CORDLESS TELEPHONE FREQS. (CONVENTIONAL)
CH BASE HANDSET
-- ---- -------
1 46.100 49.670
2 46.630 49.845
3 46.670 49.860
4 46.710 49.770
5 46.730 49.875
6 46.770 49.830
7 46.830 49.890
8 46.870 49.930
9 46.930 49.990
10 46.970 46.970
=================================================================
TABLE 2 - 900MHz CORDLESS FREQS.
Cordless phones have been allocated the frequencies
between 902-228MHz, with channel spacing between
30-100KHz.
Following are some examples of the frequencies used by phones
currently on the market.
----------------------------------------------------------------
Panasonic KX-T9000 (60 Channels)
base 902.100 - 903.870 Base frequencies (30Khz spacing)
handset 926.100 - 927.870 Handset frequencies
CH BASE HANDSET CH BASE HANDSET CH BASE HANDSET
-- ------- ------- -- ------- ------- -- ------- -------
01 902.100 926.100 11 902.400 926.400 21 902.700 926.700
02 902.130 926.130 12 902.430 926.430 22 902.730 926.730
03 902.160 926.160 13 902.460 926.460 23 902.760 926.760
04 902.190 926.190 14 902.490 926.490 24 902.790 926.790
05 902.220 926.220 15 902.520 926.520 25 902.820 926.820
06 902.250 926.250 16 902.550 926.550 26 902.850 926.850
07 902.280 926.280 17 902.580 926.580 27 902.880 926.880
08 902.310 926.310 18 902.610 926.610 28 902.910 926.910
09 902.340 926.340 19 902.640 926.640 29 902.940 926.940
10 902.370 926.370 20 902.670 926.670 30 902.970 926.970
31 903.000 927.000 41 903.300 927.300 51 903.600 927.600
32 903.030 927.030 42 903.330 927.330 52 903.630 927.630
33 903.060 927.060 43 903.360 927.360 53 903.660 927.660
34 903.090 927.090 44 903.390 927.390 54 903.690 927.690
35 903.120 927.120 45 903.420 927.420 55 903.720 927.720
36 903.150 927.150 46 903.450 927.450 56 903.750 927.750
37 903.180 927.180 47 903.480 927.480 57 903.780 927.780
38 903.210 927.210 48 903.510 927.510 58 903.810 927.810
39 903.240 927.240 49 903.540 927.540 59 903.840 927.840
40 903.270 927.270 50 903.570 927.570 60 903.870 927.870
------------------------------------------------------------
V-TECH TROPEZ DX900 (20 CHANNELS)
905.6 - 907.5 TRANSPONDER (BASE) FREQUENCIES (100 KHZ SPACING)
925.5 - 927.4 HANDSET FREQUENCIES
CH BASE HANDSET CH BASE HANDSET CH BASE HANDSET
-- ------- ------- -- ------- ------- -- ------- -------
01 905.600 925.500 08 906.300 926.200 15 907.000 926.900
02 905.700 925.600 09 906.400 926.300 16 907.100 927.000
03 905.800 925.700 10 906.500 926.400 17 907.200 927.100
04 905.900 925.800 11 906.600 926.500 18 907.300 927.200
05 906.000 925.900 12 906.700 926.600 19 907.400 927.300
06 906.100 926.000 13 906.800 926.700 20 907.500 927.400
07 906.200 926.100 14 906.900 926.800
------------------------------------------------------------
OTHER 900 MHZ CORDLESS PHONES
AT&T #9120 - - - - - 902.0 - 905.0 & 925.0 - 928.0 MHZ
OTRON CORP. #CP-1000 902.1 - 903.9 & 926.1 - 927.9 MHZ
SAMSUNG #SP-R912- - - 903.0 & 927.0 MHZ
------------------------------------------------------------
==================================================================
TABLE 3 - CELLULAR TELEPHONE FREQUENCIES
wireline ("b" side carrier)
824.1000-834.9000
869.0100-879.9900
non-wireline ("a" side carrier)
835.0200-849.0000
880.0200-894.0000
==================================================================
TABLE 4 - BUSINESS BAND RADIO FREQS.
151.5050-151.9550MHz
154.4900-154.5400
460.6500-462.1750
462.7500-465.0000
471.8125-471.3375
474.8125-475.3375
896.0125-900.9875
935.0125-939.9875
806.0125-810.9875
811.0125-815.9875
816.0125-820.9875
851.0125-855.9875
856.0125-860.9875
861.0125-865.9875
=================================================================
TABLE 5 - MOBILE TELEPHONE FREQS. (see note1 below)
SIMPLEX OUTPUT INPUT OUTPUT INPUT
-------- -------- -------- -------- --------
035.2600 152.0300 158.4900 454.3750 459.3750
035.3000 152.0600 158.5200 454.4000 459.4000
035.3400 152.0900 158.5500 454.4250 459.4250
035.3800 152.1200 158.5800 454.4500 459.4500
035.5000 152.1500 158.6100 454.4750 459.4750
035.5400 152.1800 158.6400 454.5000 459.5000
035.6200 152.2100 158.6700 454.5250 459.5250
035.6600* 454.0250 459.0250 454.5500 459.5500
043.2200* 454.0500 459.0500 454.5750 459.5750
043.2600 454.0750 459.0750 454.6000 459.6000
043.3400 454.1000 459.1000 454.6250 459.6250
043.3800 454.1250 459.1250 454.6500 459.6500
043.4200 454.1500 459.1500
043.3000 454.1750 459.1750
043.5000 454.2000 459.2000
043.5400 454.2250 459.2250
043.5800* 454.2500 459.2500
043.6400* 454.2750 459.2750
152.2400* 454.3000 459.3000
152.8400* 454.3250 459.3250
158.1000* 454.3500 459.3500
158.7000*