💾 Archived View for aphrack.org › issues › phrack7 › 4.gmi captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-03)

-=-=-=-=-=-=-

                                ==Phrack Inc.==

                      Volume One, Issue 7, Phile 4 of 10

  -=:><:=--=:><:=--=:><:=--=:><:=--=:>\|/<:=--=:><:=--=:><:=--=:><:=--=:><:=-

                             -=:> Hacking The <:=-
                   -=:> Chilton Corporation Credimatic <:=-
                              -=:] By: Ryche [:=-

                      -=:} Written on June 24, 1986 {:=-

  -=:><:=--=:><:=--=:><:=--=:><:=--=:>\|/<:=--=:><:=--=:><:=--=:><:=--=:><:=-

This is the complete version of Hacking Chilton. There is another one that is
floating around that's not as complete.  If you see it anywhere please ask the
sysop to kill it and put this one in its place.

The Chilton Corp. is a major credit firm located on Greenville Ave. in Dallas,
Texas.  This is where a lot of the companies that you apply for credit, check
you and your neighbors credit records. Unlike other credit systems such as TRW
and CBI, this one contains the records for people with good credit and doesn't
wipe out some of the numbers of the cards themselves.  All information is
complete and includes full numbers as well as the bank that issued it, limit,
payments due, payments late, their SSN, current & former address, and also
their current and former employer. All you need to know to access this info is
the full name, and address of your "victim".

Now, how to hack the Chilton.  Well, the Chilton system is located in Dallas
and the direct dialup (300/1200) is 214-783-6868.  Be in half duplex and hit
return about 10 times until it starts to echo your returns. There is a command
to connect with E-mail that you can put in before echoing return. By echoing
the return key your signifying that you want the credit system. I wont go into
E-mail since there is nothing of special interest there in the first place. If
you are interested in it, try variations of /x** (x=A,B,C,etc.).  All input is
in upper case mind you. Back to the credit part, once you echo return, you can
type: DTS Ctrl-s if you really need to see the date and time or you can simply
start hacking. By this, I mean:
SIP/4char. Ctrl-s

This is the Sign In Password command followed by a 4 character alpha numeric
password, all caps as I said before. You can safely attempt this twice without
anyone knowing your there. After the third failed attempt the company printer
activates itself by printing "Login Attempt Failed". This is not a wise thing
to have printed out while your trying to hack into it since there is always
someone there. If you try twice and fail, hit Ctrl-d, call back, echo, and try
again. You can keep doing this as long as you wish since there is no other
monitoring device than that printer I mentioned before. Since this only
activates when you fail to login correct you can safely say there is little if
no danger of your discovery. I would suggest going through an extender though
since Chilton does have access to tracing equipment.  About the passwords, as
far as I know, there are 3 different classes of them with varying privileges,
these are:

1-User/Employee
2-Permanent/Secretary
3-Input Output

The first one is just to look and pull credit reports. These passwords go dead
every Sunday night at 11:00pm or so. The new ones are good from Monday to
Sunday night. Even though your pass is good for one week, there are limited
times you can use this. The credit system is only accessible at these times:
Mon-Fri: 8:00am to 11:00pm, Sat: 8:00am to 9:00pm, and Sun: 8:00am to 6:00pm
The second class is the same as the first except that these only change
whenever someone leaves the company. These were originally supposed to be set
up for the secretaries so that if they ever need quick access they could w/o
having to go down to the Credit Dept. every week for a new password.  The
third is one I have never gotten..yet. It has the ability to alter a persons
credit reports for one month. At the first of the month the system updates all
reports and changes your alterations to the credit reports. Doing this though
would warrant going through a diverter since your fucking with someone's life
now. Once you have hacked a pass and it accepts the entry it will display the
warning:

    ****WARNING! UNAUTHORIZED ACCESS OF THIS SYSTEM IS A FEDERAL CRIME!****

Or something along the same lines. After this you should be left to input
something. This is where you enter either In House Mode, System Mode, or
Reporting Mode. In House Mode will give you the reports for the people living
in Dallas/Fort Worth and surrounding counties. System Mode is good for
surrounding states that include:

Massachusets, Illinois, Louisiana, Missouri, Arkansas, New Mexico, Colorado,
Arizona, some of New Jersey, and a few others I cant remember. There are 11
states it covers.

Reporting is a mode used for getting transcripts of a persons reports and would
require you to input a companies authorization number. So for this file lets
stick to In House and System. Get your victims stats ready and enter a mode:

In House:  I/NH Ctrl-s   (Dallas/Ft. Worth 214)
System:  I/S Ctrl-s   (All other NPA's)

After that its time to pull records. Type in:

I/N-Last Name/F-First Name/L-Street Name/Z-Zip Code/** Ctrl-s

If you don't know his street name, use 'A' and it will go into a global search
routine until it finds name that match or are at least 80% similar to the one
you used. Although the Zip Code is not needed and can be left out, it does
narrow the search field down considerably. Once it finds the name, it will
show you his Name, SSN, Current Address, Employer, and former ones if there
are any. Right after his name you will see a ID number. Sorta like: 100-xxxxx
Write this down as it is your key to getting his reports. After it finishes
listing what it has on him its time to see the full story. Type:

N/100-xxxxx/M/D Ctrl-s

What it will display now is his whole credit history. When you first pulled
his ID number you might have seen he had two names but with a variance like
middle name or a misspelled address. Pull both of them as they are just an
error in whoever put the reports in. I would suggest capturing this so that
you can refer back to it w/o having to access the system every time.

There is another way to get into Chilton through Tymnet but I have no idea of
the address for this and its a waste of time. If you happen to get the name
and address of an employee of the company forget the idea of pulling his
stats, Chilton doesnt allow employee records to be in there. One very good
point made not too long ago is the prospect of going through the phone book
and picking names at random.

Although Credit Card numbers are displayed credit card fraud is thwarted by
the small fact that it does not show expiration dates. No company making an
actual inquisition on a person would need that information and to prevent the
fraudulent or misuse of the information they were left out. There is an
interesting note that at one time in the companies history they did have a
small  that signified a drug record. This was taken out as it wasn't
pertinent to the computers purpose and was only there because Borg Warner, the
company that owns Chilton wanted to pry into peoples lives. The computer has a
10 line rotary, so unless there are 11 people using it at the same time your
chances of getting a busy signal are almost if not next to nil.

Disclaimer:

The information provided in this file is a tutorial and is provided for the
purpose of teaching others about this system and how it operates. It is not
provided to promote the fraudulent use of credit cards or any other such
action(s) that could be considered illegal or immoral. Myself, and the
editors/publishers/distributors of this newsletter are in no way responsible
for the actions or intentions of the reader(s) of this file.

                               <>>>> Ryche <<<<>
_______________________________________________________________________________