💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › hackunlm.hu1 captured on 2023-01-29 at 07:46:47.

View Raw

More Information

⬅️ Previous capture (2021-12-04)

-=-=-=-=-=-=-


                      The Mickey Mouse Club Presents...

          __  __    ____      __    __  __  ______  _____    ______
          __  __   __  __   __  __  __ __   __      __  __   __
          ______  ________  __      ___     ____    _____    ______
          __  __  __    __  __  __  __ __   __      __  __       __
          __  __  __    __    __    __  __  ______  __   __  ______

                                    Hackers
                                   Unlimited
  __  __  __    __  __      ______  __    __  ______  ______  ______  ____
  __  __  ___   __  __        __    ___  ___    __      __    __      __  __
  __  __  __ __ __  __        __    __ __ __    __      __    ____    __  __
  __  __  __   ___  __        __    __    __    __      __    __      __  __
   ____   __    __  ______  ______  __    __  ______    __    ______  ____

                                    Magazine

                                    Volume  1
                                     Issue  1

                                  Released  10/02/89

                                   Editors  The Dark Lord
                                            Cardiac Arrest



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                               Hackers Unlimited
                               Volume 1, Issue 1

                               Table Of Contents

#     Title                                     Author
------==========================================-------------------------------
1     Information about The Mickey Mouse Club   Editors
2     Artical Submission Policies               Editors
3     Introduction                              Editors
4     How Ma Bell Crushed The Blue Box          Cardiac Arrest
5     Beige Boxing                              Cardiac Arrest
6     Basic Information About Credit Cards      Midnight Caller
7     MMC Guide To Hacking, Phreaking, Carding  The Dark Lord
8     A Novice's Guide To Hacking - 1989 Ed.    The Mentor
9     Cable Piracy                              Psycho Bear
10    Pyro File 1                               Fallen Angel
11    Pyro File 2                               Fallen Angel
12    Pyro File 3                               Fallen Angel
13    Social Engineering                        Fallen Angel
14    Listings                                  Compilations
15    Closing Notes                             Editors
------==========================================-------------------------------



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
What is The Mickey Mouse Club?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     The Mickey Mouse Club was founded by Cardiac Arrest and The Dark Lord.
The name MMC came about because we couldn't think of a better one.  We are
basically a cracking club.  Aside from cracking, we write instructional text
files, and an electronic magazine called Hackers Unlimited Magazine, designed
to help beginning hackers and phreakers.  We are also the authors of programs
such as Data Protect, a file that, as the name implies, provides features such
as data ecnryption/decryption, file hiding, file clearing, and several other
functions.

MMC Membership
~~~~~~~~~~~~~~
     Since we are still a comparitively new group, we are looking for members
of the underground BBS community who can do one or more of the following :

     * Crack games (or other programs)

     * Draw crack screens

     * Write instructional text files about phreaking, hacking, carding, etc

     * Contribute to Hackers Unlimited Magazine in other ways than files

     * Write programs beneficial to the hacking community (ie code hackers,
        etc)


     If you are interested in applying for the MMC, contact either Cardiac
Arrest or The Dark Lord.  If you fit into the above specifications, we will
give you permission to fill out our application.  After completion, upload
your application to the BBS you downloaded it from.  Your membership will be
considered ONLY if you received the application with permission.  It will be
based entirely on the application (ie, your truthfullness and knowledge).

Hackers Unlimited Magazine
~~~~~~~~~~~~~~~~~~~~~~~~~~
     The Mickey Mouse Club puts out an electronic newsletter/magazine called
Hackers Unlimited Magazine.  This magazine is devoted to informing the hacking
community about hacking, phreaking, carding, or anything else or interest.  It
is geared towards beginners, but we hope some experienced hackers will benefit
from it also.  The editors of the magazine are the founders of the MMC, Cardiac
Arrest and The Dark Lord.  ANYONE may write for HU magazine, and we would like
to encourage readers to submit any articles they have written to a HU Support
Board.  We would also like to encourage comments, complaints or suggestions.

Where You Can Contact Us
~~~~~~~~~~~~~~~~~~~~~~~~
     Cardiac Arrest and The Dark Lord can be contacted on most pirate boards in
Denver (303/CODEN), as well as various BBSes around the country.  At the time
of this writing, we also have a Voice Mail Box:

X-XXX-XXX-XXXX Box XXXX



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                        ___________________________
                        ___________________________
                        ___                     ___
                        ___  Submission Policy  ___
                        ___________________________
                        ___________________________

     Hackers Unlimited Magazine is an ongoing newsletter, and we will release
issues as regularly as possible.  To do this we will need readers to contribute
articles for the magazine as often as possible.  We ask that if you feel you
have something good to write about that will fall within the guidelines for
Hackers Unlimited, please submit it.  However, we do take pride in the magazine,
and we will only accept articles up to our standards.  Do not be discouraged if
your article is turned down.  Although this is not a thing that is expected to
happen, if we feel the article is not good, then we do reserve the right to
turn down your article.  Please don't let that stop you from writing your
article.  Ninty percent of the articles will NOT be turned down, and by having
this policy, we are not wanting to scare off the good writers.  We ask that you
keep the topic within the guidelines, and make it to the best of your ability.
If your article IS turned down, the editors may make suggestions, or, if the
changes are minor, permission to edit the file.
      One thing to keep in mind, we do not base our decisions on the
type of computer you own, reputation that you have, age or anything else
unrelated to the magazine.  The decision whether the article stays or goes is
based STRICKLY on the quality of the article itself.  To submit an article just
     find some way of getting in touch with one of the writers of Hackers
Unlimited, or even better, one of the editors, The Dark Lord, or Cardiac
Arrest.  If you do get in touch with one of the writers, you must make sure it
is relayed to one or both of the editors, because it will do little or no good
if we don't know you're out there.  There will be ways listed through out this
magazine on how you can get in touch with us, either through support boards,
Colorado boards, Vmb's etc.  Hope to see an article from you soon and
enjoy.........Hackers Unlimited!!!



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Introduction :   Welcome to the premier issue of Hackers Unlimited Magazine, a
magazine designed for the sole purpose of helping hackers, beginning and
advanced alike.  The editors of this magazine are Cardiac Arrest and The Dark
Lord (both from 303).  You will undoubtedly notice that several of the
articles were written by us.  In future issues, we hope to have more articles
written by readers, and less written by the editors.
     Anyways, on with the magazine....

Cardiac Arrest & The Dark Lord
Editors, Hackers Unlimited Magazine

VMB X-XXX-XXX-XXXX
    Box XXXX

NOTE :  This VMB is valid as of the release of this magazine, but may change
without notice.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                          "The Blue Box And Ma Bell"
                     Herb Friedman, Communications Editor
                           Radio Electroncs Magazine
                                 November 1987


                                  Typed By :
                                Cardiac Arrest
                                    06/89

Before the breakup of AT&T, Ma Bell was everyone's favorite enemy.  So it was
not surprising that so many people worked so hard and so successfully at
perfecting various means of making free and untracable telephone calls.
Whether it was a "Red Box" used by Joe and Jane College to call home, or a
"Blue Box" used by organized crime to lay off untracable bets, the technology
that provided the finest telephone system in the world contained the seeds of
it's own destruction.
        The fact of the matter is that the Blue Box was so effective at making
untracable calls that there is no estimate as to how many calls were made or
who made them.  No one knows for certain whether Ma Bell lost revenues of $100,
$100-million, or $1-billion on the Blue Box.  Blue Boxes were so effective at
making free, untracable calls that Ma Bell didn't want anyone to know about
them, and for many years denied their existence.  They even went as far as
strong-arming a major consumer science magazine into killing an article that
had already been prepared on the Blue and Red boxes.  Further, the police
records of a major city contain a report concerning a break-in at the residence
of the author of that article.  The only item missing following the break-in
was the folder containing copies of the earliest Blue-Box designs and a
Bell-System booklet that described how subscriber billing was done by the AMA
machine--a booklet that Ma Bell denied ever existed [article includes picture
proving otherwise - Cardiac].  Since the AMA (Automatic Message Accounting)
machine was the means whereby Ma Bell eventually tracked down both the Blue
and Red Boxes, we'll take time out to explain it.  Besides, knowing how the AMA
machine works will help you to better understand "phone phreaking."

WHO MADE THE CALL
        Back in the early days of the telephone, a customer's billing was
originated in a mechanical counting device, which was usually called a
"register" or a "meter."  Each subscriber's line was connected to a meter that
was part of a wall of meters.  The meter clicked off the message units, and
once a month someone simply wrote down the meter's reading, which was later
interpolated into message-unit billing for those subscriber's who were charged
by the message unit.  (Flat rate subscriber's could make unlimited calls only
within a designated geographic area.  The meter clicked off message units for
calls outside that area.)  Because eventually there were too many meters to
read individually, and because more subscribers started questioning their
monthly bills, the local telephone companies turned to photography.  A
photograph of a large number of meters served as an incontestable record of
their reading at a given date and time, and was much easier to convert to
customer billing by the accounting department.
        As you might imagine, even with photographs billing was cumbersome and
did not reflect the latest technical developments.  A meter didn't provide any
indication of what the subscriber was doing with the telephone, nor did it
indicate how the average subscriber made calls or the efficiency of the
information service (how fast the operators could handle requests).  So the
meters were replaced by the AMA machine.  One machine handled up to 20,000
subscribers.  It produced a punched tape for a 24-hour period that showed,
among other things, the time a phone was picked up (went off-hook), the number
dialed, the time the called party answered, and the time the originating phone
was hung up (placed on-hook).
        One other point, which will answer some questions that you're certain
to think of as we discuss the Red and Blue boxes: Ma Bell did not want persons
outside their system to know about the AMA machine.  The reason?  Almost
everyone had complaints--usually unjustified--about their billing.  Had the
public been aware of the AMA machine they would have asked for a monthly list
of their telephone calls.  It wasn't that Ma Bell feared errors in billing;
rather, they were fearful of being buried under an avalanche of paperwork and
customer complaints.  Also, the public beleived their telephone calls were
personal and untraceable, and Ma Bell didn't want to admit that they knew about
the who, when, and where of every call.  And so Ma Bellalways insisted that
billing was based on a meter unit that simply "clicked" for each message unit;
thatthere was no record, other than for long-distance calls, as to who called
whom.  Long distance was handled by, and the billing information was done by
and operator, so there was a written record Ma Bell could not deny.
        The secrecy surrounding the AMA machine was so pervasive that local,
state, and even federal police were told that local calls made by criminals
were untraceable, and that people who made obscene telephone calls could not be
tracked down unless the person receiving the cals could keep the caller on the
line for some 30 to 50 minutes so the connections could be physically traced by
technicians.  Imagine asking a woman or child to put up with almost an hours
worth of the most horrendous obscenities in the hope someone could trace the
line.  Yet in areas where the AMA machine had replaced meters, it would have
been a simple, though perhaps time-consuming task, to track down the numbers
called by any telephone during a 24-hour period.  But Ma Bell wanted the AMA
machince kept as secret as possible, and so many a criminal was not caught, and
many a woman was harried by the obscene calls of a potential rapist, because
existence of the AMA machine was denied.
        As a sidelight as to the secrecy surrounding the AMA machine, someone
at Ma Bell or the local operating company decided to put the squeeze on the
author of the article on Blue Boxes, and reported to the treasury Department
that he was, in fact, manufacturing them for organized crime--the going rate in
the mid 1960's was supposedly $20,000 a box.  (Perhaps Ma Bell figured the
author would get the obvious message: Forget about the Blue Box and the AMA
machine or you'll spend lots of time, and much money on lawyer's fees to get
out of the hassles it will cause.)  The author was suddenly visited ay his
place of employment by a Treasury agent.  Fortunately, it took just a few
        minutes to convince the agent that the author was really just that, and
the a technical wizard working for the mob.  But one conversation led to
another, and the Treasury agent was astounded to learn about the AMA machine.
(Wow!  Can an author whose story is squelched spill his guts.)  According to
the treasury agent, his department had been told that it was impossible to get
a record of local calls made by gangsters: The Treasury department had never
been informed of the existence of automatic message accounting.  Needless to
say, the agent left with his own copy of the Bell System publication about the
AMA machine, and the author had an appointment with the local Treasury-Bureau
director to fill him in on the AMA Machine.  That information eventually ended
up with Senator Dodd, who was conducting a congressional investigation into,
among other things, telephone company surveillance of subscriber lines--which
was a common practice for which there was detailed instructions, Ma Bell's own
switching equipment ("crossbar") manual.

THE BLUE BOX
        The Blue Box permitted free telephone calls because it used Ma Bell's
own internal frequency-sensitive circuits.  When direct long-distance dialing
was introduced, the crossbar equipment knew a long-distance call was being
dialed by the three-digit area code.  The crossbar then converted the dial
pulses the the CCITT tone groups, shown in Table 1 [I'll put the table in at
the end of the file - Cardiac], that are used for international and truckline
signalling.  (Not that those do not correspond to Touch-Tone frequencies.)  As
you can see in that table, the tone groups represent more than just numbers;
among other things there are tone groups indentified as KP (prime) and ST
(start)--keep them in mind.  When a subscriber dialed an area code and a
        telephone number on a rotary-dial telephone, the crossbar automatically
conneceted the subscriber's telephone to a long-distance truck, converted the
dial pulses to CCITT tones sent out on the long-distance trunk that set up or
selected the routing and caused electro-mechanical equipment in the target city
to dial the called telephone.
        Operator-assisted long-distance calls worked the same way.  The
operator simply logged into a long-distance trunk and pushed the appropriate
buttons, which generated the same tones as direct-dial equipment.  The button
sequence was KP (which activated the long-distance equipment), then the
complete area code and telephone number.  At the target city, the connection
was made to the called number but ringing did not occur until the operator
there pressed the ST button.  The sequence of events of early Blue Boxes went
        like this: The caller dialed information in a distant city, which
caused his AMA machine to record a free call to information.  When the
information operator answered, he pressed the KP key on the Blue Box, which
disconnected the operator and gave him access to a long-distance trunk.  He
then dialed the desired number and ended with an ST, which caused the target
phone to ring.  For as long as the conversation took place, the AMA machine
indicated a free call to an information operator.  The technique required a
long-distance information operator because the local operator, not being on a
long-distance trunk, was accessed through local wire switching, not the CCITT
tones.

CALL ANYWHERE
        Now imagine the possibilities.  Assume the Blue Box user was in
Philadelphia.  He would call Chicago information, disconnect from the operator
with a KP tone, and then dial anywhere that was on direct-dialing service: Los
Angeles, Dallas, or anywhere in the world in the Blue Boxer could get the
internatioal codes.
        The legend often told of one Blue Boxer who, in the 1960's, lived in
New York and had a girlfriend at a college near Boston.  Now back in the
1960's, making a telephone call to a college town on the weekend was even more
difficult than it is today to make a call from New York to Florida on a
reduced-rate holiday using one of the cut-rate long-distance carriers.  So our
Blue Boxer got on an international operator's circuit to Rome, Blue Boxed
through to a Hamburg operator, and asked Hamburg to patch through to Boston.
The Hamburg operator thought the call originated in Rome and inquired as to the
"operator's" good English, to which the Blue Boxer replied that he was an
expatriate hired to handle calls by American tourists back to their homeland.
Every weekend, while the Northeast was strangled by reduced-rate long-distance
calls, our Blue Boxer had no trouble sending his voice almost 7,000 miles for
free.

VACUUM TUBES
        Assembly plans for Blue Boxes were sold through classified
advertisements in the electronic-hobbyist magazines.  One of the earliest
designs was a two-tube poertable model that used a 1.5-volt "A" battery for the
filaments and a 125-volt "B" battery for the high-voltage (B+) power supply.
The portable Blue Box's functional circuit in shown in Fig. 2 [It's nothing you
can't find in any good Blue Box g-file, so I won't try to draw it - Cardiac].
it consisted of two phase-shift oscillators sharing a common speaker that mixed
the tones from both oscillators.  Switches S1 and S2 each represent 12
switching circuits used to generate the tones. (No, we will not supply a
working circuit, so please don't write in and ask--Editor)[That's the real
editor, not me - Cardiac]  The user placed the speaker over the telephone
handset's transmitter and simply pressed the buttons that corresponded to the
disired CCITT tones.  It was just that simple.
        Actually, it was even easier then it reads because Blue Boxers
dicovered they did not need the operator.  If they dialed an active telephone
located in certain nearby, but different, area codes, they could Blue Box just
as if they had Blue Boxed through an information operator's circuit.  The
subscriber whose line was blue Box conversatio was short, the "dead" phone
suddenly came to life the next time it was picked up.  Using a list of
"distant" numbers, a Blue Boxer would never hassle plain to the telephone
        company.  The difference between Blue Boxing off a subscriber rather
than an informatio operator was that the Blue Boxer's AMA tape indicated a real
long-distance telephone call--perhaps costing 15 or 25 cents--instead of a
freebie.  Of course, that is the reason why when Ma Bell finally decided to go
public with "assisted" newspaper articles about the Blue Box users they had
apprehended, it was usually about some college kid or "phone phreak."  One
never read of a mobster being caught.  Greed and stupidity were the reasons why
the kid's were caught.  It was the transistor that led to Ma Bell going public
with the Blue Box.  By using transistors and RC phase-shift networks for the
oscillators, a portable Blue Box could be made inexpensively, and small enough
to be used unobstrusively from a public telephone.  The college crowdin the
many technical schools went crazy with the partable Blue Box; they could call
the folks back home, their friends, or get a free network (the Alberta and
Carolina connections--which could be a topic for a whole separate article) and
never pay a dime to Ma Bell.  Unlike the mobsters who were willing to pay a
small long-distance charge when Blue Boxing, the kids wanted it, wanted it all
free, and so they used the information operator routing, and would often talk
"free-of-charge" for hours on end.
        Ma Bell finally realized that Blue Boxing was costing them big bucks,
and decided a few articles on the criminal penalties might scare the Blue
Boxers enough to cease and desist.  But who did Ma Bell catch?  The college
kids and the greedies.  When Ma Bell decided to catch the Blue Boxers she
simply examined the AMA tapes for calls to an information operator that were
excessively long.  No one talked to an operator for 5, 10, 30 minutes, or
several hours.  Once a long call to an operator appeared several times on an
AMA tape, Ma Bell simply monitored the line and the Blue Boxer was caught.
(Now do you understand why we opened with an explanation of the AMA machince?)
If the Blue Boxer worked from a telephone boothk, Ma Bell simply monitored the
booth.  Ma Bell might not have known who originated the call, but she did know
who got the call, and getting that party to spill their guts was no problem.
The mob and a few Blue Box hobbyists (maybe even thousands) knew of the AMA
machine, and so they used a real telephone number for the KP skip.  Their AMA
tapes looked perfectly legitimate.  Even if Ma Bell had told the authorities
they could provide a list of direct-dialed calls made by local mobsters, the
AMA tapes would never show who was called through a Blue Box.  For example, if
a bookmaker in New York wanted to lay off some action in Chicago, he could make
a legitimate call to a phone in New Jersey and then Blue Box to Chicago.  Of
course, automatic tone monitoring, computerized billing, and ESS (Electronic
Switchin Systems) now make that all virtually impossible. but that's the way it
was.
        You might wonder how Ma Bell discovered the tricks of the Blue Boxers.
Simple, they hired the perpetrators as consultants.  While the initial
newspaper articles detailed the potential jail penalties for apprehended Blue
Boxers, except for Ma Bell employees who assisted a Blue Boxer, it is almost
impossible to find an article on the resolution of the cases because most
hobbyist Blue Boxers got suspended sentences and/or probation if they assisted
Ma Bell in developing anti-Blue Box techniques.  It is asserted, although it
can't be easily proven, that cooperating ex-Blue Boxers were paid as
consultants.  (If you can't beat them, hire them to work for you.)
        Should you get any ideas about Blue Boxing, keep in mind that modern
switching equipment has the capacity to recognize unauthorized tones.  It's the
reason why a local office can leave their subscriber Touch-Tone circuits
actives, almost inviting you to use the Touch-Tone service.  A few days after
you use an unauthorized Touch-Tone service, the business office will call and
inquire whether you'd like to pay for the service or have it disconnected.  The
very same central-office equipment that knows you're using Touch-Tone
frequencies knows if your line is originating CCITT signals.

THE RED BOX
        The Red Box was primarily used by the college crowd to avoid charges
when fequent calls were made between two particular locations, say the college
and a student's home.  Unlike the somewhat complex circuitry of the Blue Box, a
Red Box was nothing more than a modified telephone; in some instances nothing
more than a capacitor, a momentary switch, and a battery.  As you recall from
        our discussion of the Blue Box, a telephone circuit is really
established before the target phone ever rings, and the circuit is capable of
carrying an AC signal in either direction.  When the caller hears the ringing
in his or her handset, nothing is happening at the receiving end because the
ringing signal he hears is really a tone generator at his local telephone
office.  The target (called) telephone actually gets it 20 pulses-per-second
ringing voltage when the person who dialed hears nothing--in the "dead" spaces
between hearing the ringing tone.  When the called phone is answered and taken
off hook, the telephone completes a local-office DC loop that is the signal to
stop the ringing voltage.  About three seconds later the DC loop results in a
signal being sent all the way back to the caller's AMA machine that the called
telephone was answered.  Keep that three-second AMA delay in mind.  (By now you
should have a pretty good idea of what's coming!) [I'm skipping a paragraph
        talking about how a telephone circuit works.  It is referring to a
simple phone schematic that isn't worth drawing, so I ommited the whole
paragraph - Cardiac] Now as we said earlier, the circuit can actually carry AC
        before the DC loop is closed.  The Red Box is simply a device that
provides a telephone with a local battery so that the phone can generate an AC
signal without having a DC connection to the telephone line.  The earliest of
the Red Boxes was the surplus military field telephone, of which there were
thousands upon thousands in the marketplace during the 1950's and 1960's.  The
field telephone was a portable telephone unit having a manual ringer worked by
a crank--just like the telephone Grandpa used on the farm--and two D-cells.  A
selector switch set up the unit so that it could be connected to a combat
switchboard, with the DC power supplied by the switchboard.  But if a combat
unit wasn't connected to a switchboard, and the Lieutenant yelled "Take a
wire," the signalman threw a switch on his field telephone that switched in the
        local batteries.  To prevent the possibility of having both ends of the
circuit feeding battery current into the line in opposite polarity--thereby
resulting in silence--the output from the field telephone when running from its
internal batteries was only the AC representing the voice input, not modulated
DC.  [I ommited the next two paragraphs, which talk about how to make one.  It
too has a complicated schematic, so I wont draw it.  It's the same stuff you
get from any Red Box g-file - Cardiac]

PRESS ONCE TO TALK
        The Red Box was used at the receiving end; let's assume it's the old
homestead.  The call was originated by Junior (or Sis) at their college 1000
miles away from home.  Joe gave the family one ring and then hung up, which
told them that he's calling.  Pop set up the Red Box.  Then Junior redialed the
old homestead.  Pop lifted the handset when the phone rang.  Then Pop closed a
momentary-switch for about a half-second, which caused the local telephone
office to silence the ringing signal.  When Pop released the switch, the folks
cantalk to Junior without Junior getting charged because his AMA tape did not
show his call was answered--the DC loop must be closed for at least
three-seconds for the AMA tape to show Junior's call was answered.  All the AMA
tape showed is that Junior let the phone ring at the old homestead for almost
30 minutes; a length of time that no Bell Operating Company is likely to
believe twice!
        A modern Red Box is simpy a conventional telephone that's been modified to
emulate the vintage 1940 military field telephone.  Aside from the fact that
the operating companies can now nail every Red Box user because all modern
billing equipment shows the AMA information concerning the length of time a
caller let the target phone ring, it's use has often put severe psychological
strain on the users.
        [I ommited another paragraph here.  It was just some closing stuff.
Nothing special - Cardiac]
        There are no hard facts concerning how many Red Boxes were in use, or
how much money Ma Bell lost, but one thing is known: she had little difficulty
in closing down Red Boxes in virtually all instances where the old folks were
involved because Mom and Pop usually would not tolerate what to them was
stealing.  If you as a reader have any ideas about using a Red Box, bear in
mind that the AMA machine (or it's equivilent) will get you every time, even if
you use a phone booth, because the record will show the number being called,
and as with the Blue Box, the people on the receiving end will spill their guts
to the cops.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                         The Mickey Mouse Club's Guide To
                                -+ Beige Boxing +-

                                   Written By :
                                  Cardiac Arrest
                                    [09/26/89]

Introduction :  Well, I KNOW that nearly everybody and their brother knows how
~~~~~~~~~~~~   to beige box, but what magazine is complete without a file as
basic as that.  Anyways, if you know how to beige box, and consider yourself
master beiger, skip this and go on to the next file.  Otherwise, I'll try to
help beginners and maybe give some experienced boxers food for thought.

What IS Beige Boxing :  If you've ever payed any attention to the phone
~~~~~~~~~~~~~~~~~~~~   company, you've definately seen a guy in funny Ma Bell
overalls running around with a funny-looking telephone with gator clips coming
out the bottom.  That's the Ma Bell version of the "beige box", called a
Lineman's Handset.  There are literally TONS of uses for a beige boxes, and
they are simple to make, so it's usually a good introduction to the phreaking
world.

The Purpose Of This File :  If even one person reads this file and learns
~~~~~~~~~~~~~~~~~~~~~~~~   something, I've accomplished what I set out to do
(how cliche, right?).  But seriously, I'm going to attempt to provide several
easy methods of beige boxing.  Some experienced beigers will definately see
some familiar designs, but they might also see a new twist or two.  I'll also
include (hopefully) easy but complete directions of some of the possibilities
for use.

Back To Reality :  Ok, on with the file.  There are about as many beige box
~~~~~~~~~~~~~~~   designs as there are uses, and with both, new ideas are
always popping up.  The designs in this file are by no means the best designs.
I HOPE that they're some of the easiest, but who am I to say.


Method #1 (Generic, Phone Destroying, Design)

     Required Materials
          1  Telephone that you wont miss (it'll be a permanent beige box)
          2  Gator clips
          1  Telephone cord
          1  Screwdriver
          1  Pair of wire cutters
          1  Soldering iron
             Solder

     Construction
          1.  Open up the telephone with the screwdriver.  I can't give exact
              directions, because different models vary, but if you can't find
              the screws, try checking under the plastic plate that holds the
              phone number of the location.

          2.  Look at the modular jack (the thingy the phone cord plugs into).
              Find the red and green wires.  These are the ones you want.
              Trace these wires with your finger to the screw that holds them
              down.  Connect your phone cord to these screws, either by
              soldering them, or by wrapping them around the screw and
              tightening it down.

          3.  Run the telephone cord out the modular jack's hole.  If you can't
              squeeze it through the jack, take the wire cutters the cut the
              wires leading to  it, and yank it out.  That should leave planty
              of room.

          4.  Re-assemble your phone.

          5.  At the end of the telephone cord hanging out of the phone,
              connect the gator clips to the same wires hooked up to the screws
              inside the housing of the phone.  You can connect them either by
              soldering, or by splicing the wire to them (twisting them around
              the hole and praying that it holds).


Method #2 (A spin-off of #1, but less permanent)

     Required Materials
          1  Telephone (Don't worry, you wont wreck this one)
          1  Telephone cord (You can use one of the springy ones that you
                             always tangle up when you're on the phone)
          2  Gator clips
          1  Pair of wire cutters
          1  Soldering iron
             Solder

     Construction
          1.  Cut the modular plug (the thing that plugs into the wall or
              telephone set) off ONE end of the telephone cord.

          2.  Find the red and green wires and connect the gator clips to
              these by soldering or splicing them.

          3.  Connect the other end (the that still has a plug) to a telephone.


Method #3 (Similar to #2, but using a wall jack instead of a cord)

     Required Materials
          1  Telephone (This wont get wrecked, either)
          1  Modular telephone wall jack (This WILL get wrecked)
          2  Gator clips
          1  Pair of wire cutters
          1  Soldering iron
             Solder

     Construction
          1.  Look on the back of the wall jack.  You should see the typical
              red and green wires going into the back of the jack.  Leave the
              end going into the jack alone, but trace them to where the go
              into the plate holding the jack.  Cut them here (being sure, as I
              said, to leave the jack end alone).

          2.  Hook the gator clips up to the red/green wires.

          3.  Plug the phone into the wall jack.


Testing Your Box :  Ok, now that you've got one of the boxes described above
~~~~~~~~~~~~~~~~   (or a different one...I really don't care), you ready to
go.  Go outside, and on the side of your house, you should be able to find a
small, approximately 3" X 3", puke-green box, with a bolt in the middle of it.
Take a wrench (I'm not sure what the size is, but a 10mm wrench works for me,
and that's all I really care about.  But be careful, since it's not exact, you
might strip it) and take off the bolt.  You'll probably have to clear out some
cobwebs, since it hasn't been used in a while.  Inside the box, you should see
four screws (one on each corner) with the typical red/green wires connected to
them.  (If you have two phone lines, the bottom screws will have black/yellow
wires, if you have one phone line, the bottom wont have any).  You can probably
guess what happens from here--Hook the gator clips up to the screws.  You
should get a dial tone.  If you didn't, make sure the connection is clean, that
you're hooked up to the right terminals(screws), etc.  If you still don't get
one, you're screwed.  That means there's something wrong with your box.  If you
do get a dial tone, you're probably guessing what you can do from here.


Where Can You Use The Beige Box :  You can use the beige box on several pieces
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   of equipment.  You can go to you're best
friend's house and use it like I described.  You can open up one of those ugly
green boxes about 3' high in the back yard of every couple houses.  Inside
you'll see pretty much the same thing as at individual houses, only there's
several houses running through the box, not just yours.  I have heard that you
can use a beige inside a Ma Bell manhole, but I crawled down one (not fun) and
there was a huge plastic tube.  You can see the telephone wires inside, but I
have no idea how to get to them.  There are definately more uses, but these are
the ones I've been exposed to.

The Box Of Many Uses :  As I've mentioned, there are TONS of uses for beige
~~~~~~~~~~~~~~~~~~~~   boxes, and the ones I explain are merely the ones I've
had some fun with.  It's all basically the same, but there are some interesting
twists.


Conferences :  Definately one of the funnest.  It's easier to do than explain,
~~~~~~~~~~~   but I'll give it a shot.  First, call up a conference service
(I'll list them in a second).  From here, you'll pretty much get instructions
(at least on the ones I've used).  Basically, you call up your buddies, tell
them what's going on, and hit a key (usually *) and they get put into the
conference.  From there, you and all your friends can all talk to each other,
trade codes, etc.  Get the idea?  (You can even call foreign numbers.  On our
conference, we voiced a user from Italy and called a hotel in Madrid for
someone to practice Spanish....)

     Conference Services :

          0-700-456-1000
          0-700-456-1001
          0-700-456-1002
          0-700-456-1003
          0-700-456-1004
          0-700-456-2000
          0-700-456-2001
          0-700-456-2002
          0-700-456-2003
          0-700-456-2004


Tapping :  If you hook up your beige box, and hear voices, the rightful owner
~~~~~~~   of the line is obviously using it.  Well, that's about all there is
to phone tapping.  Just shut up and listen.

L/D Calling :  Hey, it's not YOUR bill, so go ahead and call your pal in
~~~~~~~~~~~   France.  Maybe voice verify some users on your BBS....

Dial-A-Porn :  Hey, wait!!  How'd that get in here?
~~~~~~~~~~~

Conclusion :  That's about it.  I wont pretend to be an expert on beige boxes,
~~~~~~~~~~   so I wont say that these are the limits, or that these are the
best methods.  I'm just trying to provide a non-technical introduction to
phreaking.  Well, if anyone has any comments, questions, or come up with any
new ideas, let me know.

MMC [09/26/89]



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
===============================================================================
                   Basic Information About Credit Cards
===============================================================================

     There are at least three types of security devices on credit cards that
you aren't supposed to know about.  They are the account number, the signature
panel, and the magnetic strip.


  The Account Number
  ------------------
     A Social Security card has nine digits.  So do two-part Zip codes.
A domestic phone number, including area code, has ten digits.  Yet a
complete MasterCard number has twenty digits.  Why so many?
     It is not mathematically necessary for any credit-card account number
to have more than eight digits.  Each cardholder must, of course, have a
unique number.  Visa and MasterCard are estimated to have about sixty-five
million cardholders each.  Thus their numbering systems must have at least
sixty-five million available numbers.
     There are one hundred million possible conbinations of eight digits--
00000000, 00000001, 00000002, 00000003, all the way up to 99999999. So
eight digits would be enough.  To allow for future growth, an issuer the
size of Visa of MaserCard could opt for nine digits---enough for a billion
differnt numbers.
      In fact, a Visa card has thirteen digits and sometimes more.  An
American Express card has fifteen digits.  Diners Club cards have fourteen.
Carte Blanche has ten.  Obviously, the card issuers are not projecting
that they will have billions and billions of cardholders and need those
digits to ensure a different number for each.  The extra digits are actually
a security device.
     Say your Visa number is 4211 503 417 268.  Each purchase must be
entered into a computer from a sales slip.  The account number tags the
purchase to your account.  The persons who enter account numbers into
computers get bored and sometimes make mistakes.  They might enter
4211 503 471 268 or 4211 703 417 268 instead.
     The advantage of the thirteen-digit numbering system is that it is
unlikely any Visa cardholder has 4211 503 471 268 or 4211 703 417 268
for an account number.  There are 10 trillion possible thirteen-digit
Visa numbers (0000 000 000 000;0000 000 000 0001;... 9999 999 999 999).
Only about sixty-five million of those numbers are numbers of actual
active accounts.  The odds that an incorrectly entered number would
correspond to a real number are something like sixty-five million in
ten trillion, or about one in one hundred and fifty thousand.
     Those are slim odds.  You could fill up a book the size of this one
{note, book is 228 pgs long} with random thirteen-digit numbers such as
these:

                     3901 160 943 791
                     1090 734 231 410
                     1783 205 995 561
                     9542 425 195 969
                     2358 862 307 845
                     9940 880 814 778
                     8421 456 150 662
                     9910 441 036 483
                     3167 186 869 267
                     6081 132 670 781
                     1228 190 300 350
                     4563 351 105 207

Still you would not duplicate a Visa account number.  Whenever an account
number is entered incorrectly, iw will almose certainly fail to match up
with any of the other account nubmers in the computer's memory.  The
computer can then request that the number be entered again.
     Other card-numbering systems are even more secure.  Of the quadrillion
possible fifteen-digit American Express card numbers, only about 11 million
are assigned.  The chance of a random number happening to correspond to an
existing account number is about one in ninety million.  Taking into account
all twenty digits on a MasterCard, there are one hundred quintillion
(100,000,000,000,000,000,000) possible numvers for sixy-five million card-
holders.  The chance of a random string of digits matching a real MasterCard
number is about one in one and a half trillion.
     Among other things, this makes possible those television ads inviting
holders of credit cards to phone in to order merchandise.  The operators
who take the calls never see the callers' cards nor their signatures.
How can they be sure the callers even have credit cards?
    They base their confidence on the security of the credit-card numbering
systems.  If someone calls in and makes up a creditcard number--even being
careful to get the right number of digits--the number surely will not be
an existing real credit-card number.  The deception can be spotted instantly
by plugging into the credit-card company's computers.  For all practical
purposes, the only way to come up with a genuine credit-card number is to
read it off a credit card.  The number, not the piece of plastic, is
enough.


  Neiman-Marcus' Garbage Can
  --------------------------
The converse of this is the fact that anyone who knows someone else's card
number can charge to that person's account.  Police sources say this is a
major problem, but card issuers, by and large, do their best to keep these
crimes a secret.  The fear is that publicizing the crimes may tempt more
people to commit them.  Worse yet, there is alomost nothing the average
person can do to prevent being victimized {muhaha} -- short of giving up
credit cards entirely.
     Lots of strangers know your credit-card numbers.  Everyone you hand
a card to--waiters, sales clerks, ticket agents, hairdressers, gas station
attendants, hotel cashiers--sees the account number.  Every time a card is
put in an imprinter, three copies are made, and two are left with the clerk.
If you charge anything by phone or mail order, someone somewhere sees the
number.
     Crooks don't have to be in a job with normal access to creditcard numbers.
Occasional operations have discovered that the garbage cans outside prestige
department or specialty stores are sources of high-credit-limit account
numbers.  The crooks look for the discarded carbon paper from sales slips.
The account number is usually legible--as are the expiration date, name,
and signature.  (A 1981 operation used carbons from Koontz Hardware, a
West Hollywood, California, store frequented by many celebrities.)
     Converting a number into cash is less risky than using a stolen
credit card.  The crook need only call an airline, posing as the cardholder,
and make a reservation on a heavily traveled flight.  He usually requests
that tickets be issued in someone else's name for pickup at the airport
(airlines don't always ask for ID on ticket pickups, but the crook has it
if needed) and is set.  The tickets can be sold at a discount on the hot-
ticket market operating in every major airport.
     There are other methods as well.  Anyone with a Visa or MasterCard
merchant account can fill out invoices for nonexistent sales and submit
them to the bank.  As long as the account numbers and names are genuine,
the bank will pay the merchant immediately.
     For an investment of about a thousand dollars, an organized criminal
operation can get the pressing machines needed to make counterfeit credit
cards.  Counterfeiting credit cards in relatively simple.  There are no
fancy scrolls and filigree work, just blocky logos in primary colors.
From the criminal's standpoint, the main advantage of a counterfeit card
is that it allows him to get cash advances.  For maximum plundering of a
line of credit, the crook must know the credit limit as well as the account
number.  To learn both, he often calls an intended victim, posing as the
victim's bank:

      CROOK:  This is Bank of America.  We're calling to tell you that the
              credit limit on your Visa card has been raised to twelve
              hundred dollars.
      VICTIM: But my limit has always been ten thousand dollars.
      CROOK:  There must be some problem with the computers. Do you have
              your card handy?  Could you read off the embossed number?


     On a smaller scale, many struggling rock groups have discovered the
knack of using someone else's telephone company credit card.  When a
cardholder wants to make a long-distance call from a hotel or pay phone,
he or she reads the card number to the operator.  The call is then billed
to the cardholder's home phone.  Musicians on tour sometimes wait by the
special credit-card-and-collect-calls-only booths at airports and jot
down a few credit card numbers.  In this way, unsuspecting businesspeople
finance a touring act's calls to friends at home.  If the musicians call
from public phones, use a given card number only once, and don't stay
in one city long, the phone company seems helpless to stop them.
     What makes all of these scams so hard to combat is the lead
time afforded the criminal.  Theft of a credit card--a crime that
card issuers will talk about--is generally reported immediately.
Within twenty-four hours, a stolen card's number is on the issuer's
"hot list" and can no longer be used.  But when only a card number is
being used illicitly, the crime is not discovered until the
cardholder recieves his first inflated bill.  That's at least two
weeks later; it could be as much as six weeks later.  As long as the
illicit user isn't too greedy, he has at least two weeks to tap into
a credit line with little risk.


  The Signature Panel
  -------------------
     You're now supposed to erase the signature panel, of course.  Card
issuers fear that crooks might erase the signature on a stolen credit
card and replace it with their own.  To make alteration more difficult,
many card signature panels have a background design that rubs off if
anyone tries to erase.  There's the "fingerprint" design on the American
Express panel, repeated Visa or MasterCard logos on some bank cards, and the
"Safesig" desgn on others.  The principle is the same as with the security
paper used for checks.  If you try to earse a check on security paper, the
wavy-line pattern erases, leaving a white area-- and it is obvious that the
check has been altered.
     Rumors hint of a more elaborate gimmick in credit-card panels.
It is said that if you erase the panel, a secret word--VOID--appears
to prevent use of the card.  To test this rumor, fifteen common credit
cards were sacrificed.
     An ordinary pen eraser will erase credit-card signature panels, if
slowly.  The panels are more easily removed with a cloth and a dry-cleaning
fluid such as Energine.  This method dissolves the panels cleanly.  Of the
fifteen cards tested, six had nothing under the panel(other than a
continuation of the card back design, where there was one).  Nine cards
tested had the word "VOID" under the panel.  In all cases, the VOIDs
were printeed small and repeated many times under the panel. The breakdown:

                 Void Device           Nothing
             --------------------------------------
               Bloomingdale's         American Express Gold Card
               Bonwit Teller          Broadway
               Bullock's              MasterCard(Citibank)
               Chase Convenience B.C. Neiman-Marcus
               I. Magnin              Robinson's
               Joseph Magnin          Saks Fifth Avenue
               First Interstate B.C.
               Montgomery Ward
               Visa (Chase Manhattan)


When held to a strond light, the VOIDs were visible through the Blooming-
dales's card even without removing the panel.
     The VOID device isn't foolproof.  Any crimianl who learns the secret
will simply refrain from trying to earse the signature.  Most salesclerks
don't bother to check signatures anyway.
    Moreover, it is possible to paint the signature panel back in, over
the VOIDs--at least on those cards that do not have a design on the
panel. (Saks' panel is a greenish-tan khaki coler that would be difficult
to match with paint.)  The panel is first removed with dry-cleaning fluid.
The back of the card is covered with masking tape, leaving a window where
the replacement panel is to go.  A thin coat of flat white spray paint
simulates the original panel.


  The Magnetic Strip
  ------------------

     The other security device on the back of the card, the brown magnetic
strip, is more difficult to analyze.  Some people think there are sundry
personal details about the cardholder stored in the strip.  But the
strip has no more information capacitythan a similar snippet of recording tape.
For the most part banks are reticent about the strip.

     The strip need not contain any information other than the account
number or similar indentification.  Any futher information needed to
complete an automatic-teller transaction-- such as current account
balances--can be called up from bank computers and need not be encoded
in the strip.
     Evidently, the card expiration date is in the strip.  Expired cards
are "eaten" by automatic-teller machines even when the expired card has
the same account number and name as its valid replacement card.  Credit
limit, address, phone number, employer, etc, must not be indicated in
this strip, for banks do not issue new cards just because this info changes.
     It is not clear if the personal identification number is in the strip
or called up from the bank computer.  Many automatic-teller machines have
a secret limit of three attempts for provideing the correct personal
identification nubmer.  After three wround attempts, the "customer" is
assumed to be a crook with a stolen card, going through all possible
permutations--and the card is eaten.
     It is possible to scramble the information in the strip by rubbing
a pocket magnet over it.  Workers in hspitals or research facilites with
large electromagnets sometimes find that their cards no longer work in
automatic-teller machines. (If you try to use a magnetically doctored
card, you usually get a message to the effect, "Your card may be inserted
incorrectly. Please remove and insert according to the diagram.")


  The Bloomingdale's Color Code
  -----------------------------
     Only in a few cases does the color of a credit card mean anything.
There are, of course, the American Express, Visa, and MasterCard gold
cards for preferred customers.  The Air Travel Card comes in red and green, of
which green is better. (With red, you can charge tickets for travel within
North America only.)  The most elaborate color scheme, and a source of some
confusion to status-conscious queues, is that of Bloomingdale's credit
department, here is how it works: Low color in the pecking order is blue,
issued to Bloomingdale employees as a perk in their compensation packages.  The
basic Bloomingdale card is yellow.  Like most department store cards, it can be
used to spread payments over several months with the payment of a finance
charge.  The red card gives holders three months' free interest and is issued
to customers who regularly make large purchases.  The silver card is good for
unlimited spending, but as with a travel and entertainment card, all charges
must be paid in thirty days.  The gold card offers the same payment options as
the yellow card but is reserved for the store's biggest spenders.


                           The   End
 ---------------------------------------------------------------------------
Comments and Acknowledgements-

  The above has been copied from "Big Secrets" WITHOUT permission.
   Big Secrets is written by Willian Poundstone. This is a great
   book that tells you hundreds of things you weren't suppose to
   find out about.  The above artical, was only 5 pages out of
   a book 288 pages long!  He also has a new book out called
   "Bigger Secrets", which is also good. You can find both at
   almost anybook store, they should be able to special order it.

      Well it's now midnight, and i'm getting tried... so I hope
   you have enjoyed this artical, if you wanna talk to me I'm
   on many boards all over the country. Well later, i'm gonna go
   watch Star Trek the Next Generation...

          The above was written by
             The
                /\/\idnight
                     Caller

       a.k.a.
      Pizzia Man

08/19/89



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                              The Mickey Mouse Club

                                  Presents.......

                  The M.M.C. Guide to Hacking, Phreaking, Carding

                                By: The Dark Lord


  Introduction:
  ~~~~~~~~~~~~~~
      This is a text file is made by The Mickey Mouse Club and we ask
 that it would be distibuted to others for their use.  This file is going to
 go into depth on how to hack, phreak, and card.  There will be information
 that should help everyone, hopefully!!




  Hacking:
 ~~~~~~~~~~
      Hacking is a long hard process, unless you get lucky.  There are many
 programs and aids out to make the job a lot easier, but the concept is
 the same no matter how you use it.  First, at least on most things that you
 hack, you need to get some type of account or vacancy, etc...  This is done
 by randomly entering numbers and or letters until you come up with the
 proper combination to find the account.  Knowing the size of the account
 number makes this job one-hundred times easier.  Thats why I suggest you
 find out from someone who allready has one or card one.  By carding the
 account, it will die quickly but at least it will give you the length
 of the account numbers (More on that topic will be expained in the carding
 section).  The accound numbers, do not always just contain numbers or have
 numbers at all in it.  If it has a mix, it makes it a hell of a lot harder
 to get.  You will just have to experiment to find out what charactors are
 contained in the account.  Some Examples of ones that do have mixes of
 numbers and letters would be Pc Persuit accounts.  The forms of them are
 usuall as such:

            Account: Pgp014764g
            Password: 23632k

     It looks from these that you are pretty much screw because of the way
 letters are mixed with numbers, thats what makes having a program so much
 easier.  In a lot of circumstances, getting the account is the hardest part
 that is why having a good background of the system is a major plus in your
 favor.
     Once you have got the account, it is time to get the password for this
 account.  Once again having the length and such makes this process not only
 easier, but faster.  just keep entering random passwords of the length or
 the thought length in until you get a stoke of luck and get it.  You MUST
 remember that 99.5 out of 100 times, this is a long process, and you have
 to have patience.  If you don't you might as well forget ever getting on
 to the system or have someone else do it for you.  Once you have gotten
 the password, look it over long and hard.  Write it down and keep it,
 examine it.  99% of the time there is a pattern to all the account
 passwords.  Things to look at is the password in reference to the account
 number.  check to see if things have been added to the end or beginning
 like 00 or 01 or 99 of 0010 thing like that.  If you see no relations,
 the only other way to really find out the pattern in to get another one.
 Look at both of them together, see if there the same or it account 400's
 password is 3456 and 402's password is 3458 (they go in order) then just
 those as a reference to other passwords, take away so much from accounts
 with a lower number and add the required amounts to accounts with a higher
 number, etc....  But bassicly, LOOK FOR A PATTERN!  Once you have got the
 password and the account, you have got yourself a passage way in.
     Although this is what you do to succeed, you have to take
 many precautions.  They do NOT like us messing with the system and they
 obviously want you to pay just like the others, so they will take necessary
 means to nail you.  They trace like you wouldn't belive.  They will trace
 right as you get on, if you happen to be unlucky, you will never know when
 they are doing it either, you must ALWAYS be aware of the dangers and take
 precautions!!!  Even on things that you wouldn't think that they would trace
 you but, be carfull.  Whether they trace depends on a couple of things, here
 are a few major ones:

     1. There bank balance
     2. There desire to catch you
     3. The amount of infestation in there system

    There are things that you can do to protect yourself, these are not all
    of them and none of them are sure fire ways, but hey, cutting down your
    chances of getting caught makes a world of difference, because remember,
    All the fun is taken away if you caught.  Some things to do to protect
    yourself is:

     1. Use a diverter
     2. Use false information about you
     3. Never stay On-line too long
     4. Call during late or early hours, were there is most likely no one
     monitoring the system
     5. Don't call frequently or during the same hours, regulate it

    Once again these are not all of them but these are some of the "More"
 helpfull things.  If you follow all the step, you can reduce the change of
 getting caught by about 40%.
    If you do get caught there is not a whole lot that you can do, but some
 tips are, first, don't reveal any information on what you have done. Deny
 all charges.  Sencond, plea bargin with knowladge of things, like hacked
 sytems etc..  But never admit that you did it.  Three, and most important,
 get a GOOD LAWYER!!!!!!!


 DIFFERENT TYPES OF SYSTEMS:

    Pc Persuit     Cp\m
    Trw
    Unix
    Vmb
    Vms

     These are just a few systems, if I made a complete list There would
 be pratically no end to it, there are millions.









 Phreaking:
~~~~~~~~~~~~

     Phreaking, Ahhhwwww, the wonderfull world of phreaking.  Well to start
 with Phreaking is "The use of Telecommunications to others besides people
 of the Phone Company".  Well thats my version of the definition at least.
     Using codes is wuit easy, there are different parts to it, the Dial-up,
 the code, and the number.  First you will have to dial in the dial-up and
 on most dial ups you will get a tone or a buzz or click or something to
 that effect.  Once you hear this, and you will know when you hear it you
 dial in the code.  Sometime you will get another tone or beep etc. and when
 you do that is when you dial in the number.  If you do not get another tone
 or whatever you just dial in the number right after you enter the code.
 You might have to have a test dial up to see how the tones go.
     In dialing the number once agian the nubers differ.  You must enter the
 area code and then the nuber.  Some require that you have a one before the
 area code but most that I have used do not.  You can tell if the code worked
 right after the number has been put in not just by the error recording that
 you get but if right off the bat the phone begins to ring, it doesn't work.
     A code can also be busy.  If it is busy it could mean that the code is
 dead or that too many people are using it at once.  You might experiance
 this often.
     There are numbers that make phreaking much safer, they are called
 diverters.  What the do is when the number that you have dial is being
 traced it diverts it to that number.  Unless this is virgin or nobody else
 uses it, you will find that with in a couple of days after it is out, it
 will be busy, that is the annoyance about diverters, and they are also hard
 to get.
     Hacking is also put into play in phreaking by using programs to get
 dial ups and the codes.  Getting these are done in the same way you hack
 anything else.   Just get a program like code thief or code hacker, or make
 one yourself, it is quite easy.
     There is a danger with useing the codes.  If you hack a code yourself,
 not just the code but the dial up amd no one else has it you can pretty well
 bet that it is safe.  A newly hacked dial-up/code is considered "Virgin".
 those Ma bell is not having the problem with people phreaking off of it
 so they don't bother doing anything with it.  But after a while, it will
 either Die (No Longer work) or they will start tracing off of it.  The
 whole pain about it is, is you will never positively no when they started
 doing traces or things like that.  The codes might be being traced but you
 are getting the luck of the draw.  On most codes they don't trace on every
 call, they just file it away and watch for like the 50th or 100th caller
 and then that person gets nailed.  You might think if they do trace every
 100 calls, that means you have a 1 in 100 chance of getting caught and those
 are really good odds.  Well the odd is 100 to 1 but the is a lot of people
 that live in areas that they can call with that code.  If you figure about
 10 million people could use it then about 100,000 of them are.  100,000,
 hummmmmmm, how odes your odds look now.  In a couple minute time spand
 99 peoplecould have used it, and lucky you might be the 100th caller.  A
 lot of times the take like every hundered calls and then when they get the
 100th caller, that don't just trace one, they trace 100, 101, 102, 103, 104
 200, 201, 202 etc.  So you chances of getting caught when the heat is on
 the code is pretty good.  There are a couple different types of codes and
 the two major ones are 1-800's and 950's.  800's can pretty much be dialed
 from anywhere in the states, but 950's stay in certain areas.  Some 950
 dial ups are:

    9501001
    9500266
    9500355
    9501388

     And there are others, but like take me for example, where I live you
 cannot use 9500266.  It will tell you that you cannot use that number from
 your dialing range or it just won't work.  You might get to the point where
 the dial-up works but not the code.  If this is the case it will say:
             "Invalid authorization Code"

     Some examples of 1-800's are as follows:

     1-800-255-2255
     1-800-759-2345
     1-800-959-8255

     There are many others but those are just a few, very few.  There are
 also 1-800's and others that will send you directly to the operator, you
 must tell her the code and the number you are dialing.  These are NEVER
 safe to use.  but in one case they are alot better.  I am out of town a lot
 so I have to use pay phones right?  Well, you are safe with anything with
 pay phones, so that is a good way to call people.  The real good thing
 them though, is since you must go throught th operator, the codes stay valid
 for up to 10 times as long as the others.  But thenm again another draw back
 is it is not a line that you want to give real names or numbers over.
 Because these are often tapped, since the operator know that you used the
 code, they will listen in quite often, and you will never even notice.
 Another problem experianced with them is if you are what MMC calls
                          "Petite Flowers",
 our home made word for, someone that sounds like a little kid, then they
 really give you a hastle about using the code.
     I have had a lot of people ask me if the person you are calling with the
 codes can get busted.  The answer is "No".  They cannot do anything to the
 person, just ask him who is calling him with the codes, and they rarely do
 that.  Just let the person you are talking to, if they don't already know,
 not to tell anyone that you are calling with the codes.  The phone
 companies do have to option of setting up a trace on that persons line and
 bust you when you do call him with a code.  I have never seen this done but
 do be aware that the phone companies are made up of intellegent adults and
 they are very smart and can and will nail you in many ways.
     I am a firm beliver that you should share a the information that you
 other phreakers and hackers as they should do the same with you.  I also
 see an execption, inexperianced people.  They can run it for everyone be not
 have the knowladge and screwing up.  I realize that they need someway to
 build themselves up to a good phreaker but be cautions in what you give to
 them.
     Codes die really often and you really have to keep up with the phone
 company.  Its kinda of a pain to keep up with it on your own as quickly as
 they work but thats why there is phreaking communities and groups such
 as Fhp and MMC, the gives the edge to the phreakers in the way that, you
 have help in keeping up with the phone companies, and in most cases if
 the groups or communities are working well together, you can eve stay
 one step ahead of good 'ole Ma bell and others.  You really need to find
 ways of getting codes either from getting acess to the phreaking sections
 on the pirate boards you call or throught friends, Vmb's Loops, Confrences,
 etc., just try to find a good connection to people that are into phreaking
 too.









 Carding:
~~~~~~~~~~



     Although everything talked about in the text file to this point is
 illegal, and you will get busted if you get caught, this is one one the
 one that you can get in some major shit over.  About the only thing I have
 talked about that this falls short of is hacking a government compter, and
 thats one of the Grand daddies of them all.  Well, although it is a major
 crime, it is really cool!!!!  This is the process in which you find the card
 number of someone and use it to purchase things.  In order to card, there
 are a few things that you must have or it will not work.  You will need to
 have........

     1. The Card Number
     2. The Experation date
     3. Card type (Master Card, Visa, etc...)

 Those are the main things tha you will need.  Having the name of the owner
 is very helpfull but it is not a must.  You can get by without it.
     You have to order everything you want by mail.  A couple of "Beginner"
 carder that I talked to didn't understand how you would do it, but thats
 when they had the misconception that you actually go to the store and
 purchase things.  That is a complete No, no.  You do everything from a
 phone ordering service.
       When you call make sure that you are a t a pay phone.  Don't do it
 your house or anywhere where it can come back to you.  When you order
 the merchandice, once again do send it to anywhere that it can come back to
 you like your home, work, etc.  Find a vacant house or building or anywhere
 else that you can send it to.  Also, don't send it to a P.O. box that you
 have, just as dangerous.  When you do order it and you think its around the
 time that you will be reciving it, check the mailbox frequently.  But do it
 during odd hours.  I mean, hows it going to look you taking a package from a
 vacant house?
       Most bills are sent at the end of the month or at the biginning, so
 try to time it to where the bill won't come to the person untill a couple of
 days after you have recived the package.  Ok heres how to figure it.  I
 have found out that the bills are sent out up around the 26-30th of the
 month, so they will actually recive the bill around the 31-4th.  Have it
 sent right after you think the bill has been sent.  Find what you want, but
 try to order it from the place that guarentees the fastest delivery.  When
 you order the item, make sure they have it in stock and don't have to get
 the item in first.  Order the highest class of delivery but not COD or
 next day service.  Thats cutting it too close.  It should take around 2-4
 weeks before you get it and if you timed it right, then it sound get there
 right before the person gets the bill.  You need to have it in your
 possesion before the bill gets to the person because if they complain, they
 can keep it from being sent, or watch who actually gets it even while its
 going throught the mail process.  Don't order more than a couple of things
 or overcharge the card, if the people at the Credit card office, see
 irregular charging on the card, they will follow up on it.
         To actually order the item you will call up the place that you will
 be ordering from, and when the operator answers let her know what you need
 to as far as what you are purchasing, etc.  When she ask how you will be
 paying just tell her "Charge" and the the type of card like Master Card,
 Visa, ect.  Then Tell them your name, if you don't know the name of the
 actuall owner of the card, Make up a false name that has NO relation to
 your name, not the same first, last middle what ever, nothing relating to
 your real name.  Then continue answering all the operators questions,
 address (Not your own remember!) state, area code etc.  They will also ask
 for your phone number.  Make one up, not your own.  If something happens
 to go wrong as far as delivery or if they are checking if you are who you
 say, then your screwed, unless of course, hehehe, the number is ALWAYS
 busy.  Find the busiest number there is and leave them that.  When they
 ask for the card number and experation, just tell them and do what all
 else you need.  Wish them a good day, and hope you get it.
         Ok heres how you check if the card is good, and how much money
 can be charged on the card.......

     1. Dail 1-800-554-2265

     2. it will ask for the type of the card.  you must put in 10 for Master
 Card and 20 for Visa, I am not sure about the others.

     3. Next it will ask for the Identification.  You will need to enter
 1067

     4. After all that you will have to enter the Mecrchant number, which
 you will either need to put in 24 or 52.  One of them should work.

     5. You will then have to enter (When Prompted) the card number itself.

     6. Next, the experation date of the card.

     7. Last but not least the amount you want to try to get on the card.
 The procedure for this is enter dollars, astricks, then cents.
     (Example:)
         100*30 = One hundred dollars and thirty cents.

 One thing I do need to mention, after you type in everything you must press
 pound (#).  Like when it asks you for the type of card, if you had a Master
 Card you would put:  10#.  when it asked for identification you would enter
 1067#.  If it says invalid, that either means that the card is no good or
 you can't charge that amount on the card.  Try it again, but try a lower
 amount.  If you get down to $1 and it still doesn't work, hehehe, you can
 probably guess that the card is no good.
     You might not be ordering just merchandice you might be ordering
 accounts and things like that and if you are, fine, but you have to
 remember, the accounts do not stay good for very long, the owner of the
 card gets the bill, complains and its no longer any good.  And when you
 card and account, Nine out of ten times, they won't kill the account, they
 will trace in and that is when you butts really in a sling.  So carding
 accounts and things, isn't the safest way to go, of course. nothing we
 have talked about it, right?





 Conclusion:
~~~~~~~~~~~~~~

     Well thats about it for now, there should be a BIG newsletter by
 The Mickey Mouse Club comming out soon that you have to be sure NOT to miss.
 I sincerely hope that you have gotten alot out of this file and I would like
 to ask for suggestions and ideas to make MMC a better orginazation.  At this
 time myself and Cardiac Arresst have a VMB at:

                1-800-444-7207 [Ext] 4001.

     All ideas and suggestions, please bring there.  Also, since your making
 the trip anyways, bring along some phreaking codes and all and any types
 of accounts.  I would be greatly appreciated by:

    The Mickey Mouse Club.
    09/89


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
               +++++++++++++++++++++++++++++++++++++++++++++++++
               |              The LOD/H Presents               |
++++++++++++++++                                               ++++++++++++++++
 \                 A Novice's Guide to Hacking- 1989 edition                 /
  \                =========================================                /
   \                                  by                                   /
    \                             The Mentor                              /
     \                  Legion of Doom/Legion of Hackers                 /
      \                                                                 /
       \                        December, 1988                         /
        \                  Merry Christmas Everyone!                  /
         \+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/

    **********************************************************************
    |  The author hereby grants permission to reproduce, redistribute,   |
    |  or include this file in your g-file section, electronic or print  |
    |  newletter, or any other form of transmission that you choose, as  |
    |  long as it is kept intact and whole, with no ommissions, delet-   |
    |  ions, or changes.  (C) The Mentor- Phoenix Project Productions    |
    |                                     1988,1989  XXX/XXX-XXXX        |
    **********************************************************************

Introduction: The State of the Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   After surveying a rather large g-file collection, my attention was drawn to
the fact that there hasn't been a good introductory file written for absolute
beginners since back when Mark Tabas was cranking them out (and almost

radically since that time, and as the 90's approach, the hack/phreak community
has recovered from the Summer '87 busts (just like it recovered from the Fall
'85 busts, and like it will always recover from attempts to shut it down), and
the progressive media (from Reality Hackers magazine to William Gibson and
Bruce Sterling's cyberpunk fables of hackerdom) is starting to take notice
of us for the first time in recent years in a positive light.
   Unfortunately, it has also gotten more dangerous since the early 80's.
Phone cops have more resources, more awareness, and more intelligence that they
exhibited in the past.  It is becoming more and more difficult to survive as
a hacker long enough to become skilled in the art.  To this end this file
is dedicated .  If it can help someone get started, and help them survive
to discover new systems and new information, it will have served it's purpose,
and served as a partial repayment to all the people who helped me out when I
was a beginner.

Contents
~~~~~~~~
   This file will be divided into four parts:
       Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
       Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
               Outdials, Network Servers, Private PADs
       Part 3: Identifying a Computer, How to Hack In, Operating System
               Defaults
       Part 4: Conclusion- Final Thoughts, Books to Read, Boards to Call,
               Acknowledgements

Part One: The Basics
~~~~~~~~~~~~~~~~~~~~
    As long as there have been computers, there have been hackers.  In the 50's
at the Massachusets Institute of Technology (MIT), students devoted much time
and energy to ingenious exploration of the computers.  Rules and the law were
disregarded in their pursuit for the 'hack'.  Just as they were enthralled with
their pursuit of information, so are we.  The thrill of the hack is not in
breaking the law, it's in the pursuit and capture of knowledge.
    To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.

I.    Do not intentionally damage *any* system.
II.   Do not alter any system files other than ones needed to ensure your
      escape from detection and your future access (Trojan Horses, Altering
      Logs, and the like are all necessary to your survival for as long as
      possible.)
III.  Do not leave your (or anyone else's) real name, real handle, or real
      phone number on any system that you access illegally.  They *can* and
      will track you down from your handle!
IV.   Be careful who you share information with.  Feds are getting trickier.
      Generally, if you don't know their voice phone number, name, and
      occupation or haven't spoken with them voice on non-info trading
      conversations, be wary.

V.    Do not leave your real phone number to anyone you don't know.  This
      includes logging on boards, no matter how k-rad they seem.  If you
      don't know the sysop, leave a note telling some trustworthy people
      that will validate you.
VI.   Do not hack government computers.  Yes, there are government systems
      that are safe to hack, but they are few and far between.  And the
      government has inifitely more time and resources to track you down than
      a company who has to make a profit and justify expenses.
VII.  Don't use codes unless there is *NO* way around it (you don't have a
      local telenet or tymnet outdial and can't connect to anything 800...)
      You use codes long enough, you will get caught.  Period.
VIII. Don't be afraid to be paranoid.  Remember, you *are* breaking the law.
      It doesn't hurt to store everything encrypted on your hard disk, or
      keep your notes buried in the backyard or in the trunk of your car.
      You may feel a little funny, but you'll feel a lot funnier when you
      when you meet Bruno, your transvestite cellmate who axed his family to
      death.
IX.   Watch what you post on boards.  Most of the really great hackers in the
      country post *nothing* about the system they're currently working
      except in the broadest sense (I'm working on a UNIX, or a COSMOS, or
      something generic.  Not "I'm hacking into General Electric's Voice Mail
      System" or something inane and revealing like that.)
X.    Don't be afraid to ask questions.  That's what more experienced hackers
      are for.  Don't expect *everything* you ask to be answered, though.
      There are some things (LMOS, for instance) that a begining hacker
      shouldn't mess with.  You'll either get caught, or screw it up for
      others, or both.
XI.   Finally, you have to actually hack.  You can hang out on boards all you
      want, and you can read all the text files in the world, but until you
      actually start doing it, you'll never know what it's all about.  There's
      no thrill quite the same as getting into your first system (well, ok,
      I can think of a couple of bigger thrills, but you get the picture.)

   One of the safest places to start your hacking career is on a computer
system belonging to a college.  University computers have notoriously lax
security, and are more used to hackers, as every college computer depart-
ment has one or two, so are less likely to press charges if you should
be detected.  But the odds of them detecting you and having the personel to
committ to tracking you down are slim as long as you aren't destructive.
   If you are already a college student, this is ideal, as you can legally
explore your computer system to your heart's desire, then go out and look
for similar systems that you can penetrate with confidence, as you're already
familar with them.
   So if you just want to get your feet wet, call your local college.  Many of
them will provide accounts for local residents at a nominal (under $20) charge.
   Finally, if you get caught, stay quiet until you get a lawyer.  Don't vol-
unteer any information, no matter what kind of 'deals' they offer you.
Nothing is binding unless you make the deal through your lawyer, so you might
as well shut up and wait.

Part Two: Networks
~~~~~~~~~~~~~~~~~~
   The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet.  Why?  First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays.  Second, the
networks are fairly well documented.  It's easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine.  Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from.  It is also very easy to disguise your location using
the network, which makes your hobby much more secure.
   Telenet has more computers hooked to it than any other system in the world
once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.
   The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting.  It will
spout some garbage at you and then you'll get a prompt saying 'TERMINAL='.
This is your terminal type.  If you have vt100 emulation, type it in now.  Or
just hit return and it will default to dumb terminal mode.
   You'll now get a prompt that looks like a @.  From here, type @c mail <cr>
and then it will ask for a Username.  Enter 'phones' for the username. When it
asks for a password, enter 'phones' again.  From this point, it is menu
driven.  Use this to locate your local dialup, and call it back locally.  If
you don't have a local dialup, then use whatever means you wish to connect to
one long distance (more on this later.)
   When you call your local dialup, you will once again go through the
TERMINAL= stuff, and once again you'll be presented with a @.  This prompt lets
you know you are connected to a Telenet PAD.  PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet's marketing people.)  The first description is more
correct.
   Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally... this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it's
connected to.  Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance.  Sometimes you'll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you're sending data
through several different links.
   What do you do with this PAD?  You use it to connect to remote computer
systems by typing 'C' for connect and then the Network User Address (NUA) of
the system you want to go to.
   An NUA takes the form of   031103130002520
                              \___/\___/\___/
                                |    |    |
                                |    |    |____ network address
                                |    |_________ area prefix
                                |______________ DNIC


     This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)
     according to their country and network name.


DNIC   Network Name    Country          DNIC   Network Name    Country
_______________________________________________________________________________
                                     |
02041   Datanet 1       Netherlands  |  03110   Telenet         USA
02062   DCS             Belgium      |  03340   Telepac         Mexico
02080   Transpac        France       |  03400   UDTS-Curacau    Curacau
02284   Telepac         Switzerland  |  04251   Isranet         Israel
02322   Datex-P         Austria      |  04401   DDX-P           Japan
02329   Radaus          Austria      |  04408   Venus-P         Japan
02342   PSS             UK           |  04501   Dacom-Net       South Korea
02382   Datapak         Denmark      |  04542   Intelpak        Singapore
02402   Datapak         Sweden       |  05052   Austpac         Australia
02405   Telepak         Sweden       |  05053   Midas           Australia
02442   Finpak          Finland      |  05252   Telepac         Hong Kong
02624   Datex-P         West Germany |  05301   Pacnet          New Zealand
02704   Luxpac          Luxembourg   |  06550   Saponet         South Africa
02724   Eirpak          Ireland      |  07240   Interdata       Brazil
03020   Datapac         Canada       |  07241   Renpac          Brazil
03028   Infogram        Canada       |  09000   Dialnet         USA
03103   ITT/UDTS        USA          |  07421   Dompac          French Guiana
03106   Tymnet          USA          |

   There are two ways to find interesting addresses to connect to.  The first
and easiest way is to obtain a copy of the LOD/H Telenet Directory from the
LOD/H Technical Journal #4 or 2600 Magazine.  Jester Sluggo also put out a good
list of non-US addresses in Phrack Inc. Newsletter Issue 21.  These files will
tell you the NUA, whether it will accept collect calls or not, what type of
computer system it is (if known) and who it belongs to (also if known.)
   The second method of locating interesting addresses is to scan for them
manually.  On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host.  So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0's can be ignored most of the time.)
   If this node allows collect billed connections, it will say 412 614
CONNECTED and then you'll possibly get an identifying header or just a
Username: prompt.  If it doesn't allow collect connections, it will give you a
message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to
the right, and return you to the @ prompt.
   There are two primary ways to get around the REFUSED COLLECT message.  The
first is to use a Network User Id (NUI) to connect.  An NUI is a username/pw
combination that acts like a charge account on Telenet.  To collect to node
412 614 with NUI junk4248, password 525332, I'd type the following:
@c 412 614,junk4248,525332  <---- the 525332 will *not* be echoed to the
screen.  The problem with NUI's is that they're hard to come by unless you're
a good social engineer with a thorough knowledge of Telenet (in which case
you probably aren't reading this section), or you have someone who can
provide you with them.
   The second way to connect is to use a private PAD, either through an X.25
PAD or through something like Netlink off of a Prime computer (more on these
two below.)
   The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas.)  If there's a particular area you're interested in, (say,
New York City 914), you could begin by typing @c 914 001 <cr>.  If it connects,
you make a note of it and go on to 914 002.  You do this until you've found
some interesting systems to play with.
   Not all systems are on a simple xxx yyy address.  Some go out to four or
five digits (914 2354), and some have decimal or numeric extensions
(422 121A = 422 121.01).  You have to play with them, and you never know what
you're going to find.  To fully scan out a prefix would take ten million
attempts per prefix.  For example, if I want to scan 512 completely, I'd have
to start with 512 00000.00 and go through 512 00000.99, then increment the
address by 1 and try 512 00001.00 through 512 00001.99.  A lot of scanning.
There are plenty of neat computers to play with in a 3-digit scan, however,
so don't go berserk with the extensions.
   Sometimes you'll attempt to connect and it will just be sitting there after
one or two minutes.  In this case, you want to abort the connect attempt by
sending a hard break (this varies with different term programs, on Procomm,
it's ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.
   If you connect to a computer and wish to disconnect, you can type <cr> @
<cr> and you it should say TELENET and then give you the @ prompt.  From there,
type D to disconnect or CONT to re-connect and continue your session
uninterrupted.

Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   In addition to computers, an NUA may connect you to several other things.
One of the most useful is the outdial.  An outdial is nothing more than a modem
you can get to over telenet- similar to the PC Pursuit concept, except that
these don't have passwords on them most of the time.
   When you connect, you will get a message like 'Hayes 1200 baud outdial,
Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established
on Modem 5588'.  The best way to figure out the commands on these is to
type ? or H or HELP- this will get you all the information that you need to
use one.
   Safety tip here- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you.  More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace inexp-
ensively.
   Another nice trick you can do with an outdial is use the redial or macro
function that many of them have.  First thing you do when you connect is to
invoke the 'Redial Last Number' facility.  This will dial the last number used,
which will be the one the person using it before you typed.  Write down the
number, as no one would be calling a number without a computer on it.  This
is a good way to find new systems to hack.  Also, on a VENTEL modem, type 'D'
for Display and it will display the five numbers stored as macros in the
modem's memory.
   There are also different types of servers for remote Local Area Networks
(LAN) that have many machine all over the office or the nation connected to
them.  I'll discuss identifying these later in the computer ID section.
   And finally, you may connect to something that says 'X.25 Communication
PAD' and then some more stuff, followed by a new @ prompt.  This is a PAD
just like the one you are on, except that all attempted connections are billed
to the PAD, allowing you to connect to those nodes who earlier refused collect
connections.
   This also has the added bonus of confusing where you are connecting from.
When a packet is transmitted from PAD to PAD, it contains a header that has
the location you're calling from.  For instance, when you first connected
to Telenet, it might have said 212 44A CONNECTED if you called from the 212
area code.  This means you were calling PAD number 44A in the 212 area.
That 21244A will be sent out in the header of all packets leaving the PAD.
   Once you connect to a private PAD, however, all the packets going out
from *it* will have it's address on them, not yours.  This can be a valuable
buffer between yourself and detection.

Phone Scanning
~~~~~~~~~~~~~~
   Finally, there's the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames.  You pick a three digit phone prefix in your area and dial every
number from 0000 --> 9999 in that prefix, making a note of all the carriers
you find.  There is software available to do this for nearly every computer
in the world, so you don't have to do it by hand.

Part Three: I've Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   This next section is applicable universally.  It doesn't matter how you
found this computer, it could be through a network, or it could be from
carrier scanning your High School's phone prefix, you've got this prompt
this prompt, what the hell is it?
   I'm *NOT* going to attempt to tell you what to do once you're inside of
any of these operating systems.  Each one is worth several G-files in its
own right.  I'm going to tell you how to identify and recognize certain
OpSystems, how to approach hacking into them, and how to deal with something
that you've never seen before and have know idea what it is.


VMS-       The VAX computer is made by Digital Equipment Corporation (DEC),
           and runs the VMS (Virtual Memory System) operating system.
           VMS is characterized by the 'Username:' prompt.  It will not tell
           you if you've entered a valid username or not, and will disconnect
           you after three bad login attempts.  It also keeps track of all
           failed login attempts and informs the owner of the account next time
           s/he logs in how many bad login attempts were made on the account.
           It is one of the most secure operating systems around from the
           outside, but once you're in there are many things that you can do
           to circumvent system security.  The VAX also has the best set of
           help files in the world.  Just type HELP and read to your heart's
           content.
           Common Accounts/Defaults:  [username: password [[,password]] ]
           SYSTEM:     OPERATOR or MANAGER or SYSTEM or SYSLIB
           OPERATOR:   OPERATOR
           SYSTEST:    UETP
           SYSMAINT:   SYSMAINT or SERVICE or DIGITAL
           FIELD:      FIELD or SERVICE
           GUEST:      GUEST or unpassworded
           DEMO:       DEMO  or unpassworded
           DECNET:     DECNET


DEC-10-    An earlier line of DEC computer equipment, running the TOPS-10
           operating system.  These machines are recognized by their
           '.' prompt.  The DEC-10/20 series are remarkably hacker-friendly,
           allowing you to enter several important commands without ever
           logging into the system.  Accounts are in the format [xxx,yyy] where
           xxx and yyy are integers.  You can get a listing of the accounts and
           the process names of everyone on the system before logging in with
           the command .systat (for SYstem STATus).  If you seen an account
           that reads [234,1001]   BOB JONES, it might be wise to try BOB or
           JONES or both for a password on this account.  To login, you type
           .login xxx,yyy  and then type the password when prompted for it.
           The system will allow you unlimited tries at an account, and does
           not keep records of bad login attempts.  It will also inform you
           if the UIC you're trying (UIC = User Identification Code, 1,2 for
           example) is bad.
           Common Accounts/Defaults:
           1,2:        SYSLIB or OPERATOR or MANAGER
           2,7:        MAINTAIN
           5,30:       GAMES

UNIX-      There are dozens of different machines out there that run UNIX.
           While some might argue it isn't the best operating system in the
           world, it is certainly the most widely used.  A UNIX system will
           usually have a prompt like 'login:' in lower case.  UNIX also
           will give you unlimited shots at logging in (in most cases), and
           there is usually no log kept of bad attempts.
           Common Accounts/Defaults: (note that some systems are case
           sensitive, so use lower case as a general rule.  Also, many times
           the accounts will be unpassworded, you'll just drop right in!)
           root:       root
           admin:      admin
           sysadmin:   sysadmin or admin
           unix:       unix
           uucp:       uucp
           rje:        rje
           guest:      guest
           demo:       demo
           daemon:     daemon
           sysbin:     sysbin

Prime-     Prime computer company's mainframe running the Primos operating
           system.  The are easy to spot, as the greet you with
           'Primecon 18.23.05' or the like, depending on the version of the
           operating system you run into.  There will usually be no prompt
           offered, it will just look like it's sitting there.  At this point,
           type 'login <username>'.  If it is a pre-18.00.00 version of Primos,
           you can hit a bunch of ^C's for the password and you'll drop in.
           Unfortunately, most people are running versions 19+.  Primos also
           comes with a good set of help files.  One of the most useful
           features of a Prime on Telenet is a facility called NETLINK.  Once
           you're inside, type NETLINK and follow the help files.  This allows
           you to connect to NUA's all over the world using the 'nc' command.
           For example, to connect to NUA 026245890040004, you would type
           @nc :26245890040004 at the netlink prompt.
           Common Accounts/Defaults:
           PRIME       PRIME or PRIMOS
           PRIMOS_CS   PRIME or PRIMOS
           PRIMENET    PRIMENET
           SYSTEM      SYSTEM or PRIME
           NETLINK     NETLINK
           TEST        TEST
           GUEST       GUEST
           GUEST1      GUEST

HP-x000-   This system is made by Hewlett-Packard.  It is characterized by the
           ':' prompt.  The HP has one of the more complicated login sequences
           around- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.
           Fortunately, some of these fields can be left blank in many cases.
           Since any and all of these fields can be passworded, this is not
           the easiest system to get into, except for the fact that there are
           usually some unpassworded accounts around.  In general, if the
           defaults don't work, you'll have to brute force it using the
           common password list (see below.)  The HP-x000 runs the MPE operat-
           ing system, the prompt for it will be a ':', just like the logon
           prompt.
           Common Accounts/Defaults:
           MGR.TELESUP,PUB                      User: MGR Acct: HPONLY Grp: PUB
           MGR.HPOFFICE,PUB                     unpassworded
           MANAGER.ITF3000,PUB                  unpassworded
           FIELD.SUPPORT,PUB                    user: FLD,  others unpassworded
           MAIL.TELESUP,PUB                     user: MAIL, others
unpassworded
           MGR.RJE                              unpassworded
           FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96   unpassworded
           MGR.TELESUP,PUB,HPONLY,HP3           unpassworded


IRIS-      IRIS stands for Interactive Real Time Information System.  It orig-
           inally ran on PDP-11's, but now runs on many other minis.  You can
           spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner,
           and the ACCOUNT ID? prompt.  IRIS allows unlimited tries at hacking
           in, and keeps no logs of bad attempts.  I don't know any default
           passwords, so just try the common ones from the password database
           below.
           Common Accounts:
           MANAGER
           BOSS
           SOFTWARE
           DEMO
           PDP8
           PDP11
           ACCOUNTING

VM/CMS-    The VM/CMS operating system runs in International Business Machines
           (IBM) mainframes.  When you connect to one of these, you will get
           message similar to 'VM/370 ONLINE', and then give you a '.' prompt,
           just like TOPS-10 does.  To login, you type 'LOGON <username>'.
           Common Accounts/Defaults are:
           AUTOLOG1:            AUTOLOG or AUTOLOG1
           CMS:                 CMS
           CMSBATCH:            CMS or CMSBATCH
           EREP:                EREP
           MAINT:               MAINT or MAINTAIN
           OPERATNS:            OPERATNS or OPERATOR
           OPERATOR:            OPERATOR
           RSCS:                RSCS
           SMART:               SMART
           SNA:                 SNA
           VMTEST:              VMTEST
           VMUTIL:              VMUTIL
           VTAM:                VTAM

NOS-       NOS stands for Networking Operating System, and runs on the Cyber
           computer made by Control Data Corporation.  NOS identifies itself
           quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE
           SYSTEM.  COPYRIGHT CONTROL DATA 1978,1987'.  The first prompt you
           will get will be FAMILY:.  Just hit return here.  Then you'll get
           a USER NAME: prompt.  Usernames are typically 7 alpha-numerics
           characters long, and are *extremely* site dependent. Operator
           accounts begin with a digit, such as 7ETPDOC.
           Common Accounts/Defaults:
           $SYSTEM              unknown
           SYSTEMV              unknown

Decserver- This is not truly a computer system, but is a network server that
           has many different machines available from it.  A Decserver will
           say 'Enter Username>' when you first connect.  This can be anything,
           it doesn't matter, it's just an identifier.  Type 'c', as this is
           the least conspicuous thing to enter.  It will then present you
           with a 'Local>' prompt.  From here, you type 'c <systemname>' to
           connect to a system.  To get a list of system names, type
           'sh services' or 'sh nodes'.  If you have any problems, online
           help is available with the 'help' command.  Be sure and look for
           services named 'MODEM' or 'DIAL' or something similar, these are
           often outdial modems and can be useful!

GS/1-      Another type of network server.  Unlike a Decserver, you can't
           predict what prompt a GS/1 gateway is going to give you.  The
           default prompt it 'GS/1>', but this is redifinable by the
           system administrator.  To test for a GS/1, do a 'sh d'.  If that
           prints out a large list of defaults (terminal speed, prompt,
           parity, etc...), you are on a GS/1.  You connect in the same manner
           as a Decserver, typing 'c <systemname>'.  To find out what systems
           are available, do a 'sh n' or a 'sh c'.  Another trick is to do a
           'sh m', which will sometimes show you a list of macros for logging
           onto a system.  If there is a macro named VAX, for instance, type
           'do VAX'.

           The above are the main system types in use today.  There are
           hundreds of minor variants on the above, but this should be
           enough to get you started.

Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
   Occasionally you will connect to a system that will do nothing but sit
there.  This is a frustrating feeling, but a methodical approach to the system
will yield a response if you take your time.  The following list will usually
make *something* happen.
1)  Change your parity, data length, and stop bits.  A system that won't re-
    spond at 8N1 may react at 7E1 or 8E2 or 7S2.  If you don't have a term
    program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
    with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
    While having a good term program isn't absolutely necessary, it sure is
    helpful.
2)  Change baud rates.  Again, if your term program will let you choose odd
    baud rates such as 600 or 1100, you will occasionally be able to penetrate
    some very interesting systems, as most systems that depend on a strange
    baud rate seem to think that this is all the security they need...
3)  Send a series of <cr>'s.
4)  Send a hard break followed by a <cr>.
5)  Type a series of .'s (periods).  The Canadian network Datapac responds
    to this.
6)  If you're getting garbage, hit an 'i'.  Tymnet responds to this, as does
    a MultiLink II.
7)  Begin sending control characters, starting with ^A --> ^Z.
8)  Change terminal emulations.  What your vt100 emulation thinks is garbage
    may all of a sudden become crystal clear using ADM-5 emulation.  This also
    relates to how good your term program is.
9)  Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
    JOIN, HELP, and anything else you can think of.
10) If it's a dialin, call the numbers around it and see if a company
    answers.  If they do, try some social engineering.

Brute Force Hacking
~~~~~~~~~~~~~~~~~~~
   There will also be many occasions when the default passwords will not work
on an account.  At this point, you can either go onto the next system on your
list, or you can try to 'brute-force' your way in by trying a large database
of passwords on that one account.  Be careful, though!  This works fine on
systems that don't keep track of invalid logins, but on a system like a VMS,
someone is going to have a heart attack if they come back and see '600 Bad
Login Attempts Since Last Session' on their account.  There are also some
operating systems that disconnect after 'x' number of invalid login attempts
and refuse to allow any more attempts for one hour, or ten minutes, or some-
times until the next day.
   The following list is taken from my own password database plus the data-
base of passwords that was used in the Internet UNIX Worm that was running
around in November of 1988.  For a shorter group, try first names, computer
terms, and obvious things like 'secret', 'password', 'open', and the name
of the account.  Also try the name of the company that owns the computer
system (if known), the company initials, and things relating to the products
the company makes or deals with.

                              Password List
                              =============

      aaa                daniel             jester             rascal
      academia           danny              johnny             really
      ada                dave               joseph             rebecca
      adrian             deb                joshua             remote
      aerobics           debbie             judith             rick
      airplane           deborah            juggle             reagan
      albany             december           julia              robot
      albatross          desperate          kathleen           robotics
      albert             develop            kermit             rolex
      alex               diet               kernel             ronald
      alexander          digital            knight             rosebud
      algebra            discovery          lambda             rosemary
      alias              disney             larry              roses
      alpha              dog                lazarus            ruben
      alphabet           drought            lee                rules
      ama                duncan             leroy              ruth
      amy                easy               lewis              sal
      analog             eatme              light              saxon
      anchor             edges              lisa               scheme
      andy               edwin              louis              scott
      andrea             egghead            lynne              scotty
      animal             eileen             mac                secret
      answer             einstein           macintosh          sensor
      anything           elephant           mack               serenity
      arrow              elizabeth          maggot             sex
      arthur             ellen              magic              shark
      asshole            emerald            malcolm            sharon
      athena             engine             mark               shit
      atmosphere         engineer           markus             shiva
      bacchus            enterprise         marty              shuttle
      badass             enzyme             marvin             simon
      bailey             euclid             master             simple
      banana             evelyn             maurice            singer
      bandit             extension          merlin             single
      banks              fairway            mets               smile
      bass               felicia            michael            smiles
      batman             fender             michelle           smooch
      beauty             fermat             mike               smother
      beaver             finite             minimum            snatch
      beethoven          flower             minsky             snoopy
      beloved            foolproof          mogul              soap
      benz               football           moose              socrates
      beowulf            format             mozart             spit
      berkeley           forsythe           nancy              spring
      berlin             fourier            napoleon           subway
      beta               fred               network            success
      beverly            friend             newton             summer
      bob                frighten           next               super
      brenda             fun                olivia             support
      brian              gabriel            oracle             surfer
      bridget            garfield           orca               suzanne
      broadway           gauss              orwell             tangerine
      bumbling           george             osiris             tape
      cardinal           gertrude           outlaw             target
      carmen             gibson             oxford             taylor
      carolina           ginger             pacific            telephone
      caroline           gnu                painless           temptation
      castle             golf               pam                tiger
      cat                golfer             paper              toggle
      celtics            gorgeous           password           tomato
      change             graham             pat                toyota
      charles            gryphon            patricia           trivial
      charming           guest              penguin            unhappy
      charon             guitar             pete               unicorn
      chester            hacker             peter              unknown
      cigar              harmony            philip             urchin
      classic            harold             phoenix            utility
      coffee             harvey             pierre             vicky
      coke               heinlein           pizza              virginia
      collins            hello              plover             warren
      comrade            help               polynomial         water
      computer           herbert            praise             weenie
      condo              honey              prelude            whatnot
      condom             horse              prince             whitney
      cookie             imperial           protect            will
      cooper             include            pumpkin            william
      create             ingres             puppet             willie
      creation           innocuous          rabbit             winston
      creator            irishman           rachmaninoff       wizard
      cretin             isis               rainbow            wombat
      daemon             japan              raindrop           yosemite
      dancer             jessica            random             zap


Part Four: Wrapping it up!
~~~~~~~~~~~~~~~~~~~~~~~~~~
   I hope this file has been of some help in getting started.  If you're
asking yourself the question 'Why hack?', then you've probably wasted a lot
of time reading this, as you'll never understand.  For those of you who
have read this and found it useful, please send a tax-deductible donation
of $5.00 (or more!) in the name of the Legion of Doom to:
                                       The American Cancer Society
                                       90 Park Avenue
                                       New York, NY  10016




References:
1) Introduction to ItaPAC by Blade Runner
   Telecom Security Bulletin #1
2) The IBM VM/CMS Operating System by Lex Luthor
   The LOD/H Technical Journal #2
3) Hacking the IRIS Operating System by The Leftist
   The LOD/H Technical Journal #3
4) Hacking CDC's Cyber by Phrozen Ghost
   Phrack Inc. Newsletter #18
5) USENET comp.risks digest (various authors, various issues)
6) USENET unix.wizards forum (various authors)
7) USENET info-vax forum (various authors)

Recommended Reading:
1) Hackers by Steven Levy
2) Out of the Inner Circle by Bill Landreth
3) Turing's Man by J. David Bolter
4) Soul of a New Machine by Tracy Kidder
5) Neuromancer, Count Zero, Mona Lisa Overdrive, and Burning Chrome, all
   by William Gibson
6) Reality Hackers Magazine c/o High Frontiers, P.O. Box 40271, Berkeley,
   California, 94704, 415-995-2606
7) Any of the Phrack Inc. Newsletters & LOD/H Technical Journals you can find.

Acknowledgements:
   Thanks to my wife for putting up with me.
   Thanks to Lone Wolf for the RSTS & TOPS assistance.
   Thanks to Android Pope for proofreading, suggestions, and beer.
   Thanks to The Urvile/Necron 99 for proofreading & Cyber info.
   Thanks to Eric Bloodaxe for wading through all the trash.
   Thanks to the users of Phoenix Project for their contributions.
   Thanks to Altos Computer Systems, Munich, for the chat system.
   Thanks to the various security personel who were willing to talk to
             me about how they operate.




-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                         |==========================|
                         ||      Cable Piracy      ||
                         ||           by           ||
                         ||       Psycho Bear      ||
                         || Thanks: Mad Poo Bandit ||
                         |==========================|

     After reading another G-file on cable theft that was almost completely
inaccurate and totally wrong, I felt that I was obligated to write a G-file
about cable piracy that really does work.

BACKGROUND:
-----------
     There are two ways to scramble pay-channels (HBO, Showtime, Cinemax, The
Movie Channel, Disney, Playboy, Bravo, etc.).  I call them the "old" way and
the "new" way.  (Yeah I know it's dumb)
     The "old" way of scrambling channels works this way:  The cable company
sends a clean, unscrambled signal of ALL the pay-channels, and only at the
"junction box", "cable box", "green dome" or "beige dome" are they scrambled
(this is not really true...a few channels like Disney, in my area, are
scrambled...so you'll just have to go without Goofy).
     The cable company sends a clean signal out to a neighborhood in large 2
inch diameter underground cable.  At every 4 houses; 4 houses square, that is
to say you, your next door neighbor, the house behind you, and the house
behind your next door neighbor (or every 2 if your house backs up to a street
or a park etc.) this underground cable comes out of the ground and into a
"green dome" ("beige dome" if it's every 2 houses) is split into 4 separate
coaxial cables (the same size as the cable in the back of your TV), and the
signal boosted.  Then, depending on what each of the 4 houses subscribes to,
certain channels are scrambled.
     The cable company scrambles channels by screwing the cable into a 3"
metal cylinder.  These cylinders can range in size from 2" to 4" but it is
usually 3".  The cylinder will have a sticker on it with one or more letters
telling what channel(s) is scrambles.  For instance if it scrambles channel
20, it will say "NF-G", the last F being the important letter.  If it
scrambles channels 20,21,22 it will say "NF-GHI".  Cable companies are weird,
so they might put two of these cylinders on, say one "NF-G" and one "NF-HI",
but it will do the same job the as the aforementioned.

GETTING CABLE IF YOU DON'T SUBSCRIBE:
-------------------------------------
     This is for the "old" way you've just read about.  First, you'll have to
find where the "green dome" is.  The "green dome" will be either a green dome
(of course) or a beige dome, with a yellow "Cable theft is naughty" sticker on
it.  Like I said above, you have a one in 4 (or 1 in 2) chance of having it in
your own backyard.  If it's not in your backyard, then find out whose backyard
it is in, and go over there some day when they're at work or something.
     Now that you've located it, you must get the master lock off.  There are
three proven methods of doing this.  You can either kick the living shit out
of it, or take some pliers and grab the loop that the lock goes into, and bend
it off by twisting it back and forth, or take heavy duty wire cutters and cut
the loop off.  And don't worry about the damage you've done; cable men do the
exact same thing, and if you're lucky they might have done it already!  So it
won't appear to be anything out of the ordinary.
     Once you've got the lock off, you can take the big green dome off.  You
will see a box with 4 terminals (places to screw in cable):
                     _______
                    /       \
                   |  o   o  |
                   |         | <-- the "box", each "o" is a
                   |  o   o  |     terminal to screw in a
                    \_______/      cable
                       |  |
                       |  | <-- metal pole/big cable
                       |  |

they may or may not be any cable currently screwed into these depending on if
you and your neighbors subscribe to cable.  If someone does not subscribe to
cable, there will simply be a terminal where the cable is not screwed in.  The
terminal where the cable is not screwed in might have a little dull grey 1"
cylinder to prevent you from getting cable free.  See, the cylinder is hollow
and will carry no signal, so if you reconnect the cable to it, you will get
nothing.  DO NOT RIP IT OUT!!!  I have, and it will rip the terminal right out
with it and then the cable company WILL come out to fix it.  These things use
the same idea as child-proof bottles; you have to push "in"/towards the "box"
and then unscrew.  It will take awhile to do this, so don't get perturbed.
     So, if you are not currently subscribing to cable at all, there will be
an unused terminal, and one end of a cable lying somewhere in the dome.  All
you have to do is reconnect the unused cable to the unused terminal, and there
you go!  Instant Cable with all pay-channels included!
     If you are paranoid, you can connect it at 6 pm (when the cable company
closes for the day), and then disconnect it before 9 or 10 am.  This way, even
if they come out and look at it, it will be disconnected--nothing unusual.
     Of course you can leave it hooked up ALL the time.  It sounds crazy, but
Mad Poo has had the cable company come to his house four times and work on his
box, and they didn't say a word!  I guess the cable linemen don't have records
of what everyone subscribes to.

GETTING PAY-CHANNELS IF YOU ARE ALREADY A BASIC SUBSCRIBER:
-----------------------------------------------------------
     If you are currently subscribing to the basic cable service, and you want
all the pay-channels that you aren't already subscribing for, read this.
First you'll want to find out which cable/terminal you are.  Go turn on your
TV and then go out to the green dome and unscrew one of the cables from a
terminal.  Go back inside and see if you've disconnected the cable for
yourself.  Once you find which cable disconnects yours, your done.  And DON'T
leave your neighbors unconnected or the cable company WILL come out.
     Remember how I said that cable companies scramble the pay-channels?
(above, in the BACKGROUND section)  Well, those 3" metal cylinders are kept in
black plastic cases about 9" long.  There are a few ways of getting the
cylinders off.  The first is to get some pliers and grab the cable tight,
close to the black cylinder.  Then grabbing the black cylinder as tight as you
can (so that it grips the cylinder inside), unscrew the cable.  Once you've
got one side unscrewed, do the other side.
     The second way is to get wire cutters and cut up the edge of the black
plastic cylinder.  This is a lot easier, and this way you actually get to see
the 3" metal cylinders inside.  I recommend this one.
     When you're done with that, either attach the cable coming out of the
ground to the terminal (leaving you with one short length of cable; go use it
inside your house or something), or get a male-to-male coaxial cable converter
and attach the two (this will not look suspicious, as the cable company uses
them too).

THE "NEW" WAY OF SCRAMBLING SIGNALS:
------------------------------------
     Just like phreaking has it's ESS, so cable piracy has it's Addressable
Converter Box.  The "new" way works like this.  You have an Addressable
Converter Box at your house, which means that the cable company can talk to
your converter box and tell it which channels you are currently subscribing
to.  ALL pay-channels are pre-scrambled (there is never a "clean" signal to
tap into, so the "old" way of cable piracy won't work).  If you are currently
subscribing to HBO/channel 33, then the cable company will send a signal to
your converter box saying "un-scramble channel 33".  So your converter box
will unscramble that channel.
     The Addressable Converter Box is weird.  Every hour or so, the cable
company will send out a signal to EVERY Addressable Converter Box and
depending on it's Address, it will tell it which services it gets.
     Say my Converter Box's Address is 12345679 and I get HBO.  So I take my
Converter Box to Mad Poo Bandit's house (who doesn't get HBO), and hook it up.
Then we can watch HBO over at his house now.  See, the Converter Box can be
ANYWHERE.  The only thing the cable company looks for is the Address of the
Box.
     There are a couple of reasons you can't pirate cable with the "new" way.
One G-file talked about subscribing to ALL the pay-channels, waiting for the
cable company to send the signal to your Addressable Converter Box telling it
to un-scramble ALL the pay-channels.  Then disconnecting the cable from the
Addressable Convert Box, calling them up and unsubscribing to all the
channels.  Then when the cable company sends the signal to NOT un-scramble any
pay-channels, it will not reach the Addressable Converter Box because you have
disconnected it.
     There are two problems with this idea.  First, the cable company (in my
area anyway) sends out the signal telling Addressable Converter Boxes what to
un-scramble, and what not to, every hour or so.  So once you re-connect cable
after the little scheme, you'd lose the channels in about an hour or two.
     The second problem is that if you leave it unconnected for too long (a
few weeks-a few months) the RAM of the Addressable Converter Box will go bad
and forget even how to work at all!  This is no bullshit!  When it happens,
you have to call up the cable company and ask for them to re-initialize your
Addressable Converter Box.

AFTERWORD:
----------
     In some areas, they have not made the transition from the "old" way to
the "new" way completely.  This is obvious: not everyone is going to go out of
THEIR way to get a stupid Addressable Converter Box.  So the cable company
must use BOTH ways.  So you'll have a the "old" scrambled HBO on say channel
20, and the "new" scrambled HBO on channel 33.  If you are in the transition,
you can still use the "old" way of cable piracy.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--------------------------------------------------------------------------
-                                                                        -
-                                                                        -
-         How to get some quick flames going from a remote spot          -
-                     File Created by Fallen Angel                       -
-                             9 / 15 / 1989                              -
-                                                                        -
--------------------------------------------------------------------------

There is a nifty chemical called potassium permanganate.  It's used for
getting chickens the dietary potassium they need, and I've heard it is
used in snake bite kits.  Today's lesson will cover making this stuff burn.
All you need is some potassium permanganate and common glyceryn alcohol.

Materials
---------

Something to experiment on.
        I played with this on the underside of a large coffee can, then
        I store my things in the can too.

A jar of potassium permanganate.
        I will refer to it here as potassium pmgt.  Get as much as you think
        you will need for your purposes.  $20.00 worth should last a while.

Glyceryn alchahol.
        I got mine at the Safeway near me.  This is very common stuff so you
        will not look suspicious in the least when you are buying it.

Empty medicine bottle with a dropper.
        This is optional.  I used it for activating just a small amount of
        potassium pmgt.

Procedure
---------

Put some of the potassium pmgt. on a flat surface to experiment with.  Fill
your dropper with glyceryn and put a drop or two in the middle of a spoonful
of the potassium pmgt.  If it doesn't spark immediately give it a few seconds.
Notice that it burns only where you put the glyceryn.  That is because the
chemical reaction between glyceryn and potassium pmgt. is what causes the
flame; potassium pmgt. is not inherently flammable, but a little glyceryn
changes that.

Miscelaneous
------------

You can now figure out numerous ways of incorporating this into letter bombs,
car pranks or touch explosives.  Be careful though, the mixture throws beads
of hot lava-like stuff out about a foot.  Watch for more files coming soon
from Fallen Angel!



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



--------------------------------------------------------------------------
-                                                                        -
-                                                                        -
-        How to make a great hot flame with two common ingredients.      -
-                    File Created by Fallen Angel                        -
-                           9 / 15 / 1989                                -
-                                                                        -
--------------------------------------------------------------------------

Two common things that you will find at any grocery store are saltpeter and
powdered sugar.  Alone, they are harmless.  Putting them together makes a
powder that is easy to ignite and will burn like crazy.  I first tested this
with one of those old plastic Jaws toys.  I mexed up the powder and put some
in his head.  It just melted through the top and the plastic jaw dropped
letting the burning powder fall on the ground.

Materials
---------

Saltpeter (potassium nitrate).
        Get this at a grocery store.  Make sure it is the first thing you buy
        since they will get suspicious sometimes but there is nothing they can
        do except joke with you about it!  It costs around $2.50 a bottle.

Powdered sugar or powdered carbon.
        The finer the sugar the better.  10x confectioners sugar should work.

1 lighter with a high flame setting or "strike anywhere" matches.

Procedure
---------

Mix exactly equal amounts of saltpeter and powdered sugar in a container.
This stuff isn't caustic, so you can store it in plastic.  Scoop out the
desired amount and place it where ever you want it to burn.  Light it and
move so the wind doesn't blow smoke in your face.

Miscelaneous
------------

This mixture is very smoky and burns with a high temperature.  Remember: you
don't need to use the whole bottle just to fry a small helpless stuffed toy.
Save some for a rainy day fooling around in the garage.  Watch for more files coming soon
from Fallen Angel!



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

--------------------------------------------------------------------------
-                                                                        -
-                                                                        -
-              How to extract the hydrogen from plain water              -
-                       File Created by Fallen Angel                     -
-                             9 / 15 / 1989                              -
-                                                                        -
--------------------------------------------------------------------------

To separate the hydrogen and oxygen contained in water is a simple process.  I
made this file so that anyone with minimal equipment could have himself a
glass jar full of flamable hydrogen.  When the process fills your jar, the
hydrogen won't be compressed, hot or radioactive.  It will be room temperature
and room pressure.  The same goes for the oxygen.

Materials
---------

1 large bowl.
        Preferably clear glass so you can see through it.

2 carbon rods.
        These can be take from carbon batteries such as Radio Shack's battery
        club batteries.  The bigger the better.

1 DC power source.
        I use a Sears 36-watt car battery charger.

4 feet of insulated copper wire

2 small jars.
        Small enough to fit two in the bowl.  I used some narrow, tall olive
        jars.

1 roll of duct tape.

1 packet of sodium carbonate.
        This is NOT baking soda which is sodium bicarbonate.  Sodium carbonate
        usually comes in a plastic package with tie-dye kits.  It is a grainy
        white powder.

Procedure
---------

Fill the large bowl with water and dissolve half the packet of sodium
carbonate in it.  Attach one carbon rod to a stripped end of each of the
copper wires with duct tape after you have cut it evenly into two pieces.  Be
sure that no metal is showing on the end where you connected the carbon rods.
Somehow, make an electrical connection between the remaining ends of the wires
and the power source.  If everything is working properly, you can now turn on
the power source and stick the carbon rods in the bowl.  Watch them closely to
see which one is emitting bubbles twice as fast as the other once, as that
will be hydrogen and the slower one will be oxygen.  If you want to burn this
hydrogen or inhale the oxygen, you can fill one of the small jars with water
from the bowl and turn it over on top of the rod with your favorite gas.  Have
fun with this and be sure to keep your hands out of the way when you put a
match under the upside-down jar full of hydrogen when you light it!

Miscellaneous
------------

I have tested this method for getting hydrogen gas and it works.  I captured
it into a mayonaisse jar, then put a match underneath it and it blew leaves up
that were four feet away from me.  It is powerful stuff.  Watch for more files
coming soon from Fallen Angel!



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
??????????????????????????????????????????????????????????????????????????????
?                                                                            ?
?                    S o c i a l  E n g i n e e r i n g                      ?
?                          How to get Information                            ?
?                              By Fallen Angel                               ?
?                                9 / 26 / 89                                 ?
??????????????????????????????????????????????????????????????????????????????

Have you ever wished you had the finesse of calling some high-level
operator up and getting all the information you need just by asking?  Great!
I'll outline some simple steps to the art of social engineering, or getting
that you want, in this article.  Social engineering really is an art and
should be treated as no less.  Make sure you abide by these guidlines and
don't screw up because screwing up only alerts the security people that there
is an imposter just begging information off of the lame-brained operators.

VOICE
-----
First, you need to be old enough to sound like you could actually be the
person you are trying to impersonate.  The operators will be able to figure
out that you are not thier boss if they can tell you are only 13 years old and
your voice opens trunk lines (eg. 2600 Hz.)  Get someone else to do it for you
or wait until *after* puberty to do this.

OVERKILL
--------
Don't act like you are a legitamit customer trying to get information because
that can clue the operators in as to what is actually going on.  You should
consider calling as an fellow employee from another store from the chain, or
maybe as that persons supervisor.  They may be stupid and subservient to thier
officials, but hired phone operators will know that the owner of the company
is not going to be calling Atlanta to find out technical information or C/NA on
someone that lives in Anchorage, Alaska.  That would be overkill.  The best
bet in getting information from a TSPS (dial 0 for one of these) operator is
to call as a lineman.  A lineman is the guy that comes to your house to
install the phones.  They usually hire contractors to run extensions under
your house as they don't want to deal with it themselves--don't call saying
you are having problems with your wire cutters and you need to know what the
local ANAC number is.

PBX's
-----
PBX's are a nice utility to the social engineer because they almost insure
that you will get a different operator each time you call.  With this
knowledge, and no ANI available to them, you can continue to query operators
on PBX's as many times as there are operators.  Obviously, if you keep asking
the same person for information they will figure out that you don't know a
damn thing and are trying to leech them.

CONFIDENCE
----------
If you stutter a lot and trip over your words they will eventually notice that
you are not who you say you are.  It doesn't hurt one bit to plan out exactly
what you are going to say and verbally run over a few times before you call.
You could screw up an insecure company by alerting them of the real world.

JARGON
------
It really helps to know the proper jargon and acronyms for the company you are
trying to get something out of.  For instance "Hello there, this is Phred
Smith and I would shore like it if you could give me the adress and name of
512-555-555" wouldn't work as well as "This is Smith from line service.  I
need caller name and adress for 512-555-5555"  In this case being polite
doesn't do you much good.  Good sources on jargon would be g-files on BBS's
or hacking/phreaking dictionaries.

EXTENDERS
---------
Always do your engineering from an extender because there are plenty of secure
places that will have ANI readouts on an LCD when you call in.  They will call
you back and ask you why you were calling if they think you were engineering
them.  They will get the dialout number for your extender if you call from an
extender.  For all practical purposes, this is impossible to trace.

BACKGROUND NOISE
----------------
As a for instance, you are a telephone lineman and are boxing a call to C/NA.
Instead of hearing birds in the background, the C/NA operators hear
keyboard clicks and other phones ringing.  They will not give you anything in
situations like this.  Call when nobody else is home or if they are asleep.

TIMING
------
This is a small but important matter.  The operators will know that you aren't
really installing a phone line if it's 2:30 a.m. and you are whispering so you
don't wake up the parents!  You have to remember things like this.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


     The information in this magazine is subject to change.  We, the writers
 have no control over the change of these thing, nor do we know when and what
 they will be changed to.  Things such as VMB's, dial-ups, etc. may die or
 be changed and the information in this will no longer be valid.  We will be
 releasing other editions of this magazine in hope that the information will
 all be up to date and of use to all that read the magazine.  As you may know
 we cannot keep up with some of the changes and things that happen to the
 things we have mentioned.  Due to that, we ask your support in letting us
 know of these changes and such through or Mickey Mouse Club VMB, if of
 course, it is still valid, or through distribution sites or any other ways
 the you know of to get in touch with one or more members of MMC.  Not only
 will we accept information on changes, we welcome any new and/or better
 information, tips etc.  Let us know if you would like to write a section of
 this magazine, and what you would like to write.  We are rather picky about
 what is put into our magazine, but that is because we want the utmost quality.
 Please don't be intimidated by the standards we have set, we still would
 appreciate the chance to see the things that you have written, as there is a
 lot of valuable information that could help the effort in improving this
 magazine.


     Well, that is it for "Hackers Unlimited".  We hope you enjoyed, and have
 gotten a lot of information from, it.  There was a lot of time, and a lot
 of effort put into this from a lot of fine writers.  The editors of Hackers
 Unlimited would like to thank these people for contibuting to this fine piece
 of writing, both in the writing of articles and the support of this project :


    Psycho Bear                   Fallen Angel
    Midnight Caller               The Mentor

      Plus the Editors:
             The Dark Lord
             Cardiac Arrest


    And all the people that didn't laugh at the name The Mickey Mouse Club


     We hope this magazine has provided you with more knowledge than when you
 started reading it.  If you have, we ask that you use this knowledge for not
 only the benefit of you,  but for the benefit of others.  There are a lot of
 beginners in the areas that we have talked about throughout this magazine,
 and all they need is the know-how and a little experience to make them
 into good phreakers, hackers, carders, you name it.  Well, once again, thanks
 to all who contributed to Hackers Unlimited and thank you for reading, (and
 hopefully) enjoying and distributing Hackers Unlimited Magazine, a Mickey
 Mouse Club production!