💾 Archived View for aphrack.org › issues › phrack27 › 10.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

                                ==Phrack Inc.==

                     Volume Three, Issue 27, File 10 of 12

            PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
            PWN                                                 PWN
            PWN        P h r a c k   W o r l d   N e w s        PWN
            PWN        ~~~~~~~~~~~   ~~~~~~~~~   ~~~~~~~        PWN
            PWN               Issue XXVII/Part 1                PWN
            PWN                                                 PWN
            PWN                  June 20, 1989                  PWN
            PWN                                                 PWN
            PWN          Created, Written, and Edited           PWN
            PWN               by Knight Lightning               PWN
            PWN                                                 PWN
            PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN


                 Welcome to Issue XXVII of Phrack World News!

This issue features articles on SouthernNet's hacker scam, the Florida
probation sex incident, bulletin boards in Argentina, fax attacks, computer
security, other hacking occurrences, as well as more articles and new
information about Kevin David Mitnick (aka Condor), Robert Tappan Morris, Karl
Koch (Hagbard Celine, one of Clifford Stoll's "Wily Hackers"), TRW and Social
Security Administration, the National Crime Information (NCIC) "Super
Database," and many other fun stories.

Because of our temporary exile from Bitnet, this will be the last regular issue
of Phrack World News until next Fall.  Next issue expect to see the full
write-up on the details and fun events of SummerCon '89.  It is only two days
away as of this writing (it kinda begins on Thursday evening for some of us)
and it looks to be the best SummerCon ever!

A very special thanks goes to Delta Master, Hatchet Molly, and The Mad Hacker
who all assisted with this issue's PWN by submitting articles.  Hatchet Molly
will be serving as a collection agent for Phrack Inc. during the summer.  Be
sure to forward any news articles to him that seem relevant to PWN and he will
get them to me (eventually).  He can be reached on the wide area networks at;

                                (Hatchet Molly)

                              TK0GRM2@NIU.BITNET
                      TK0GRM2%NIU.BITNET@CUNYVM.CUNY.EDU

One other thing to mention here is a special hello to one of our government
readers... Peter Edmond Yee of NASA's Ames Research Center.  He had recently
remarked that he "had access to Phrack!"  I wonder if he thought that Phrack
Inc. was top secret or hard to get?  Still if he wanted it that badly, Taran
King and I thought, "Why not make it easier on him and just send it to his
network address?"  We did :-)))

:Knight Lightning


        "The Real Future Is Behind You... And It's Only The Beginning!"
_______________________________________________________________________________

Mitnick Plea Bargain Rejected By Judge As Too Lenient            April 25, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Excerpts from Kim Murphy (Los Angeles Times)

             "Mr. Mitnick, you have been engaging in this conduct
             for too long, and no one has actually punished you.
             This is the last time you are going to do this."

Reportedly U.S. District Judge Mariana Pfaelzer unexpectedly rejected the plea
bargain of Kevin Mitnick, the hacker once called "as dangerous with a keyboard
as a bank robber with a gun."  Pfaelzer declared that Mitnick deserves more
time behind bars.

As reported in recent issues of Phrack World News, "Mitnick pleaded guilty to
one count of computer fraud and one count of possessing unauthorized
long-distance telephone codes... Mitnick faces one year in prison.  Under a
plea agreement with the government, he must also submit to three years'
supervision by probation officers after his release from prison."

On April 24, 1989 Judge Pfaelzer said, "Mr. Mitnick, you have been engaging in
this conduct for too long, and no one has actually punished you.  This is the
last time you are going to do this."  She said a confidential pre-sentence
report recommended that she exceed even the 18-month maximum prison term called
for under mandatory new federal sentencing guidelines.  The judge's action
voids Mitnick's guilty plea.

Both prosecuting and defense attorneys were surprised.  Mitnick's attorney said
he did not know whether his client would agree to a guilty plea carrying a
longer prison term.  This could make it harder to bring charges against
Mitnick's alleged associates.  If Mitnick is brought to trial, testimony from
at least one of his associates would be required to convict him, and they would
not appear as witnesses without receiving immunity from prosecution.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Computer Hacker Working On Another Plea Bargain                     May 6, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Excerpts from the Los Angeles Herald Examiner

Attorneys said yesterday they are negotiating a second plea bargain for
computer hacker Kevin Mitnick, whose first offer to plead guilty was scuttled
by a judge because it called for too little time in prison.

Mitnick, 25, of Panorama City, California offered in March to serve one year in
prison and to plead guilty to computer fraud and possessing unauthorized
long-distance telephone codes.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Mitnick Update                                                     May 10, 1989
~~~~~~~~~~~~~~
Excerpts taken from the Los Angeles Times

When last we heard about Kevin Mitnick, the hacker once called "as dangerous
with a keyboard as a bank robber with a gun," the judge, Judge Mariana
Pfaelzer, had rejected a plea bargain as too lenient, saying Mitnick deserved
more than the agreed one year of jail time [see above articles].

According to more recent information, Mitnick has now reached a new agreement,
with no agreed-upon prison sentence.  He pleaded guilty to stealing a DEC
security program and illegal possession of 16 long-distance telephone codes
belonging to MCI Telecommunications Corp.  The two charges carry a maximum of
15 years and a $500,000 fine.  The government agreed to lift telephone
restrictions placed on Mitnick since he was jailed in December, 1988.

At DEC's request, Mitnick will help the firm identify and fix holes in its
security software to protect itself from other hackers.  He will also cooperate
in the government's probe of Leonard DiCicco, a fellow hacker.  (DiCicco is the
"friend" who turned Mitnick in.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Kenneth Siani Speaks Out About Kevin Mitnick                       May 23, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kevin Mitnick, the hacker "so dangerous that he can't even be allowed to use a
phone."  "He could ruin your life with his keyboard."  "Armed with a keyboard
and considered dangerous."

These are some of the things that have been said about this person.  All of
this media hype would be fine if it just sold newspapers.  But it has done much
more then just sell a few papers. It has influenced those that will ultimately
decide his fate.  I myself do not know the man, but I have talked to others
that do.  Including one of the persons that investigated Mitnick.  From all I
have heard about him, I think he is a slime ball!  But even a slime ball should
not be railroaded into a prison sentence that others of equal or greater guilt
have avoided.

I personally feel the man is just a criminal, like the guy that robs a 7/11, no
better but certainly not any worse.  Unfortunately he is thought of as some
kind of a "SUPER HACKER."  The head of Los Angeles Police Dept's Computer Crime
Unit is quoted as saying, "Mitnick is several levels above what you would
characterize as a computer hacker."

No disrespect intended, but a statement like this from the head of a computer
crime unit indicates his ignorance on the ability of hackers and phone phreaks.
Sure he did things like access and perhaps even altered Police Department
criminal records, credit records at TRW Corp, and Pacific Telephone,
disconnecting phones of people he didn't like etc.  But what is not understood
by most people outside of the hack/phreak world is that these things are VERY
EASY TO DO AND ARE DONE ALL THE TIME.  In the hack/phreak community such
manipulation of computer and phone systems is all to easy.  I see nothing
special about his ability to do this.  The only thing special about Kevin
Mitnick is that he is not a "novice" hacker like most of the thirteen year old
kids that get busted for hacking/phreaking.  It has been a number of years
since an "advanced" hacker has been arrested.  Not since the days of the Inner
Circle gang have law enforcement authorities had to deal with a hacker working
at this level of ability.  As a general rule, advanced hackers do not get
caught because of there activity but rather it is almost always others that
turn them in.  It is therefore easy to understand why his abilities are
perceived as being extraordinary when in fact they are not.

Because of all the media hype this case has received I'm afraid that:

1.) He will not be treated fairly. He will be judged as a much greater threat
    to society then others that have committed similar crimes.

2.) He will become some kind of folk hero.  A Jesse James with a keyboard.
    This will only cause other to follow in his footsteps.

I'm not defending him or the things he has done in any sense.  All I'm saying
is let's be fair.  Judge the man by the facts, not the headlines.

Disclaimer:  The views expressed here are my own.

  Kenneth Siani, Sr. Security Specialist, Information Systems Div., NYMA Inc.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you are looking for other articles about Kevin David Mitnick aka Condor
please refer to;

"Pacific Bell Means Business"                   (10/06/88) PWN XXI. . .Part 1
"Dangerous Hacker Is Captured"                  (No Date ) PWN XXII . .Part 1
"Ex-Computer Whiz Kid Held On New Fraud Counts" (12/16/88) PWN XXII . .Part 1
"Dangerous Keyboard Artist"                     (12/20/88) PWN XXII . .Part 1
"Armed With A Keyboard And Considered Dangerous"(12/28/88) PWN XXIII. .Part 1
"Dark Side Hacker Seen As Electronic Terrorist" (01/08/89) PWN XXIII. .Part 1
"Mitnick Plea Bargains"                         (03/16/89) PWN XXV. . .Part 1
_______________________________________________________________________________

Computer Intrusion Network in Detroit                              May 25, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Taken from the San Jose Mercury News (Knight-Ridder News Service)

DETROIT -- Secret Service agents smashed what they described as a costly,
sophisticated computer intrusion network on Wednesday, May 24, and were
surprised to discover it made up largely of teen-agers.

The computer systems of more than 20 companies including the Michigan
Department of Treasury, Home Box Office cable television services, [and RCA]
were infiltrated, according to agents serving search warrants across the
country.

Federal officials said the infiltrations by the network represented fraud of
$200,000 to $1.5 million in appropriated goods, telephone and computer time.

Agents expected to arrest some adults when they swept down on eight people who
allegedly ran the network in several states.  Instead, they found only one
adult, in Chicago.  The rest were teen-agers as young as 14:  Two in Columbus,
Ohio; two in Boston, Massachusetts; two in Sterling Heights, Michigan [The
Outsider and The Untouchable]; and one in Atlanta, Georgia.  Agents expected to
make another arrest in Los Angeles.

Officials said at least 55 other people nationwide made use of the network's
information.

In Sterling Heights, Secret Service agents pulled two eighth-grader boys, both
14, out of school and questioned them in the presence of their parents, who
apparently were unaware of their activities.  James Huse, special agent in
charge of the U.S. Secret Service office in Detroit, said the youths admitted
involvement in the scheme.

He said the eight-graders, because they are juveniles, cannot be charged under
federal law and will be dealt with by local juvenile authorities.

Authorities believe the mastermind is Lynn Doucett, 35, of Chicago.  She was
arrested Wednesday, May 24, and is cooperating with authorities, Huse said.

Doucett, who was convicted in Canada of telecommunications fraud, supports
herself and two children through her computer intrusion activities, which
include using stolen or counterfeit credit cards for cash advances or money
orders, according to an affidavit filed in U.S. District Court.

If convicted, she faces up to 10 years in prison and a $250,000 fine.

               Special Thanks to Jedi For Additional Information
_______________________________________________________________________________

HR 1504 -- Beeper Abuse Prevention Act                             May 22, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 "Pagers Don't Commit Crimes, Congressmen Do."

The fools in congress assembled are at it again.  Three years in jail for
selling a pager to a minor?  If you didn't believe when Abbie Hoffman said that
the drug hysteria was just an excuse for more control of the citizens, think
again.

In USA Today was a "face-off" on the issues.  According to this article,
Representative Kweisi Mfume (D-Md) says the following:

     "The drug business is using the  latest technology to promote its
     deadly trade.  One such advance, the paging device, or beeper, is
     now appearing in classrooms and schoolyards.  I have introduced the
     Beeper Abuse Prevention Act to curtail the use of beepers by young
     people who deal drugs.  It would require the Federal Communications
     Commission to prescribe regulations that would restrict the
     possession and use of paging devices by persons under age 21.

     Law officers say dealers and suppliers send coded messages via
     beeper to youths in school.  The codes translate into messages like
     "meet me at our regular place after class to pick up the drugs."
     Drug traffickers are even using 800 numbers now available with
     regional paging services.  A supplier could actually conduct a
     transaction in Baltimore from Miami, for example.

     My bill, H.R. 1504, would require any person selling or renting
     paging devices to verify the identification and age of every
     customer; encourage parents and businesses to take more
     responsibility in their children's or employees' activities; make
     it unlawful for a person to knowingly and willfully rent, sell or
     use paging devices in violation of rules prescrived by the FCC
     (there are provisions for stiff fines and up to three-year prison
     terms for adults who illegally provide beepers to youths); and
     require parents or businesses who allow the use of beepers to state
     that intention with and affidavit at the time of purchase."

He goes on to say that he recognizes that there are legitimate uses of beepers,
but we can no longer stand by and watch drugs flow into our neighborhoods.  The
opposite side is taken by Lynn Scarlett, from Santa Monica, CA.  She asks what
beepers have to do with the drug trade, and regulating their use will not put a
dent it it.  She also says that there is little evidence that gun control keeps
guns out of the hands of gangsters, and it will take a good dose of wizardry to
keep beepers away from bad guys.  She finishes with:

     "The logic of the Beeper Abuse Prevention Act opens the door for
     laws to make us sign promises that we won't, we swear, use these
     things for illicit acts when we buy them.  De Tocqueville, that
     eminent observer of our nation, warned that our loss of freedom
     would sneak in through passage of quiet, seemingly innocuous and
     well-intended laws -- laws like H.R. 1504.
_______________________________________________________________________________

Computer Threat Research Association (UK)                        March 31, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For those of you interested an umbrella organization has been established in
the United Kingdom to coordinate information on, and research into, all aspects
of computer security.  In the first instance one of the organization's primary
concerns will be combatting the threat posed by computer viruses by acting as a
clearing house for virus information and control software.

Below is a copy of an initial letter mailed to prospective members:

                   The Computer Threat Research Association

The computer threat research association, CoTra is a non-profit making
organization that exists to research, analyze, publicize and find solutions
for threats to the integrity and reliability of computer systems.

The issue that caused the formation of CoTra was the rise of the computer
virus.  This problem has since become surrounded by fear, uncertainty and
doubt.  To the average user, the computer virus and its implications are a
worry of an unknown scale.  To a few unfortunates whose systems have become
victims, it is a critical issue.

The key advantage of CoTra membership will be access to advice and information.
Advice will be provided through publications, an electronic conference (a
closed conference for CoTra's members has been created on the Compulink CIX
system) as well as other channels such as general postings direct to members
when a new virus is discovered.

CoTra membership will be available on a student, full or corporate member
basis.  All software that is held by CoTra that enhances system reliability,
such as virus detection and removal software, will be available to all members.
It is intended to establish discounts with suppliers of reliability tools and
services.  A library of virus sources and executables and other dangerous
research material will be made available to members who have a demonstrable
need.

A register of consultants who have specific skills in the systems reliability
field will be published by CoTra and reviews of reliability enhancing software
will be produced.

Your support of CoTra will ensure that you have the earliest and most accurate
information about potential threats to your computer systems.

CoTra, The Computer Threat Research Association,
c/o 144 Sheerstock, Haddenham, Bucks.  HP17 8EX
_______________________________________________________________________________

Strange Customs Service Clock Department                            May 1, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Written by Vanessa Jo Grimm (Goverment Computer News)(Page 6)

The U.S. attorney for Washington is reviewing an allegation that a Customs
Service official violated the Computer Security Act [PL 100-235 presumably] by
altering a computer's internal clock.

Treasury Department Inspector General Michael R. Hill referred the allegation
to the prosecutor after an investigation into year-end spending by Custom
officials at the close of Fiscal Year 1988.  The allegation involves an
official who may have authorized altering the date maintained by the computers
that the agency uses for procurement documents, according to Maurice S. Moody,
the Inspector General's audit director for Financial Management Service.

Moody recently told the House Ways and Means Subcommittee on Oversight the
computers are part of the agency's Automated Commercial System.  He declined to
provide Government Computer News with more details.

Allegedly the computer clock was rolled back during the first three days of
October of 1988 so that $41.8 million in procurement obligations would be dated
in September against fiscal year 1988 appropriations, Moody said.

An inspector general report issued in late February concluded Customs had not
violated any procurement laws.  The inspector general's investigation is
continuing, however.

"Doesn't $41.8 million worth of procurement on the last day of the fiscal year
bother anybody?" asked Rep. Richard T. Shulze (R-Pa).  The purchases did bother
the inspector general, Moody said, and this concern led to getting the United
State attorney attorney.  "This problem is endemic in the federal government,"
he said.  "Year-end spending is very common."

William F. Riley, Customs controller, said he knew about the rollback, but he
and Deputy Commissioner Michael H. Lane refused to say who authorized the
action...  Subcommittee members continued to press Riley and Lane.  "Is the
person still at Customs?" asked subcommittee chairman J. J. Pickle (D-Texas).
He is working full time and in the position he was at the time," Lane answered.

Rep. Beryl F. Anthony, Jr. (D-Ark) asked how Riley became aware of the
rollback.  "He (the official who authorized the rollback) told me that it was
going to be done," Riley said.

Rep. Pickle suggested that a high ranking official would have to authorize such
an action, but Counsel advised Lane not to reply.  He did say neither he nor
Commissioner von Raab had made the decision.

The balance of the article deals with the actions of Linda Gibbs, who became
aware of the incident and reported it to the inspector general after being
unable to stop the action.  Gibbs also alleged that the action was intended to
use available year-end money to cover cost overrun on a contract with Northrop
Corp.  She also alleged that she had been reassigned and given no new duties.
_______________________________________________________________________________