💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › shaprot3.txt captured on 2023-01-29 at 07:56:53.
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> SWEDISH HACKERS ASSOCIATION PRESENTS 1990 THE 3rd PROTOCOL 1990 EDITORS : LIXOM BAH : MR BIG : PHEARLESS : THE CHIEF ALL TEXTS IN THIS REPORT IS CONTRIBUTIONS BY ORIGINAL MEMBERS! THANX TO EVERYONE'S CO-OPERATION AND SUPPORT THIS PUBLIC DOCUMENT IS NOW IN YOUR HAND. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< INTERNATIONAL HACKERS ASSOCIATION'S HEADQUARTERS ##-###-##### TOUCHDOWN BBS (SW) ##- #-###### INTERPOL II (SW) ##- #-###### PROJECT ATHENA (SW) (ED'S NOTE: No telephone numbers are included in the PUBLIC VOLUMES) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -INDEX- EDITORS INTRODUCTIONS......... 01 Editor's Page #1........ 02 Editor's Page #2........ 03 Editor's Page #3........ 04 Editor's Page #4........ 05 Hacking Rules & Advice........ 06 Cray & IBM In Sweden.......... 07 S.H.A. Member Busted.......... 08 Unix Security................. 09 Are you a Homocidal Maniac?... 10 Brittish Hackers Blackmail.... 11 The New HQ.................... 12 University Hit By Hackers..... 13 New Hackergroup Busted........ 14 New NETwork Soon Here......... 15 Telco Traces Calls............ 16 Terrorists Handbook found..... 17 New Wave Of Computer Coups.... 18 Datema-Company Sold........... 19 S.H.A. Visited ESA Computer +. 20 How To Keep On Hacking........ 21 Storytime! 'The BIG system'... 22 Editor's Final Notes.......... 23 How to contact S.H.A.......... 24 Credits and THE END........... 25 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -1- ()()()()()()()()()()()()() ()() INTRODUCTION 1991 ()() ()()()()()()()()()()()()() Welcome to another interesting and stunning protocol from S.H.A. - The leaders of True Hacking in Sweden today! The Only True Organization that keeps the old and genuine way of hacking. We have collected the finest and best writers for this issue, and have some nice and special views, tips, reports, stories and jokes for you, the reader. This is the Only Series that is released to the general public, which means that nothing is signed under real names or handles and that no direct phonenumbers are published, though for those who consider themselves hackers, we have a modem 'mailbox' where you can contact us (see the end of the file). By keeping a steady contact with our friends in the United States in the 'scene' we have learned and experienced a lot, been there when the busts of the FBI Operation SunDevil raged trough the underground world, watched BBSs go down, and come up again (if lucky). We have seen a new and very special bulletin board system where Feds and Hackers can discuss and change views, as well as share their own thoughts about their hobby, classified 'illegal' by the counterpart. We have seen the 'carding' scene vanish through tough and sometimes cruel work by the feds, and as an effect of this, the hacker scene suffer as well. If you called underground boards in The States a couple of years ago, and went back today, you would be in a state of shock. You won't find a genuine HACKER ONLY underground board anywhere! They have Sports, Tv reviews, Music, Classifieds, Religion, Politics, Ads, Technique and this goes on and on and on until at last, if you're lucky one or two small and unused hacker subs. You start to scan through the sub, only to find that the last message was written about two to five months ago, regarding anything but hacking. This is truly a sad development 'over there' because when we here in Europe are breaking new barriers and stretching out to the 'big country in the west', we can't find people with similar interests who are active, or seem to be active anymore. I guess this is how it really is today, but we all know that Hackers are reluctant to make 'new' friends, or admitting that they really Are hackers, which is the correct way for a hacker, but in my last two years in the underground scene in America, I thought I would finally see some people 'lighten up' and talk to me about hacking and it's effects, but I am now ready to give up, because I haven't seen nothing yet! Well, that's my point of view from the American Underground today, let's go on now with this issue of THE 3rd PROTOCOL. As I said, we have all kinds of stories, tips and treats for you, so just relax, get a nice cold coke, switch on MTV with Yo! MTV Raps & Fab Five Freddie and read this cooooold chillin' issue. PEACE! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -2- PAST AND PRESENT The year that have passed have been very critical in many ways. We have tried to get more serious members by tough advertisments and by keeping a low profile without any results. We are open to new members, but they have to be serious, and have to follow some kind of rules, what you can, and what you can't do I mean. Such persons are hard to find in Sweden today, let me tell you. It seems like those who already are members are the only ones left in this country. It is a sad statement, but until we find new members, that is the truth. I would personally like to see a more qualified bunch of people who enjoy and respect the world of hacking, who see the excitement and the pleasure of bending that 'door' and look into the world of computers and systems whithout having to break and trash them and going to a genuine state of illegalities. I don't find Hacking a criminal act as long as I don't trash, crash, take or alter files and programs on the systems I hack. It is a sport in a way, and a search for knowledge in another and the only competition I have is the people who have made the security on those systems. I don't respect people who don't know what they're doing when hacking and the same goes for people who crash systems and still call themselves 'hackers'. I don't respect newspapers or journalists, who add the word 'hacker' to every goddamn headline when talking about something else as long as it is about computers and crooks, just to make the whole article more interesting. Another sad statement here is that they jyst don't know what they're talking about. They have no education in computers or areas close to computers. The only education they have is a journalistic one, and that's not enough it seems. The other critical area, is the more illegal branch of the underground computer world. You probably have heard the word 'carding' before, but not in the way someone within the underground have or have experienced. One of our members got caught this year because of carding. That person just broke the limits and overdid it. If someone tries to make you 'card' something or tries to teach you how to do it; Don't! I don't recommend carding to my worst enemy even. It is too risky and too illegal to get involved into. Although Sweden is far behind the Big Hacker Country in the west, both in ordinary Hacking and Carding, we have the same laws when it comes to Carding. The law is very strict here, and will never look the other way in these matters. If you followed another case about a year ago, you read that they got a very generous sentence; just small fines, and all of them didn't make it that far even! One of them went out of there without any charges at all. Just don't think that You will get away that easy these days. The Police and the swedish FBI (SAPO) are tougher and the creditcard companies are changing their security, allowing the companies who recieve orders to check almost everything. The Customs are close to the Police and will not accept a 2 by 2 meter large package go through with a 'worth 500 SEK' stamp on it without checking the sender, the reciever and the package closely. And the swedish VAT (MOMS) is now at 25% which makes the price You pay on arrival very high (if you make it that far). Now those who are into this kind of thing says 'That's easy! Just order it by FEDERAL EXPRESS and everything goes on the creditcard!', that is true, I don't say that it doesn't, but the companies that use FEDERAL EXPRESS seem to be larger, have more money to check all creditcard orders, and have the power and money to contact the Federal Bureau of Investigations who contact their collegues in the country the order was placed, and follow the whole thing trough. They have money, time and enough background to prosecute. The final word here is just; Whatever you do, Don't! It's not worth it! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -3- DIFFICULTIES It IS difficult to find experienced hackers! This is the truth. We have tried to find these persons by 1) Letting them come to us, and 2) Go out advertising on public boards (This could be discussed being a smart move or not). None of them have resulted in more members in the SHA, only that more Novices (With a capital 'N') have contacted us. This may not sound as serious as it is! Hackers Must go together with their experiences and knowledge to hack the most heavily guarded and secure systems. This will be the only way to even have a chance to beat future systems. Also, a big group of hackers who 'Know What They Are Talking About' manages to come up with more ideas, and of course, more contributors to informative textfiles like this one. Another thing is also that more hackers can collect more new happenings, because it's (still) happening very much on the computer/modem scene, and it takes a lot of people to keep up with the computer systems fast developments. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -4- NEW AND CLASSIC NEWS WATCH OUT! ========== 5 years in prison, that's what could happen to hackers in Great Britain nowadays. A new law have been introduced that will make it much more dangerous to hack computersystems, but since almost every other european country already have this law, I think it will make no difference in ac- tivity from our great friends. The law says that if you enter a system in an illegal way, you could get 6 months in jail, or fines up to $4000 but if you enter the same system, but only with DESTRUCTION in your mind, you could be punished with up to 5 years in jail. UNIVERSITY HACKERS CHARGED ========================== 1990 February Two youngsters have been arrested for illegal use of a computer at a Swedish university. Last winter they made a successful hack and searched for information about grades and tentamen-results. Both hackers risk fines, and they have to pay the university $1500 in damage costs. - I didn't think the school had so much to learn me, said one of the students. Instead he hacked his way into the administrative computer system. But due to a mistake from his side, the school-staff was warned and they un- derstood that a unauthorised user had been in their system. The same ev- ening, one of the system operators started his hunt for the hacker. After a while the hacker was traced to one of the computer rooms at the university. The operator was quite sure he had found the right person, but he had no evidence. When one of the hacker's friend called the univ- ersity from the outside, the call was traced, and the game was over. American Hackers are developing a chinese VIRUS! ================================================ Some months ago I read an a newspaper, and suddenly I saw an article about communism, and above the text, there was a picture of some youngsters sitting by their computers. Interested as I was, I started reading. I read that some American hackers had plans to construct a virus, that should be spread on the nets in China. The virus was supposed to be a destructive one, it was going to erase all data it came in contact with, and write LI PENG SUCKS! (That's the prime-minister in China) SIX PERSONS SUSPECTED FOR FELONY COMPUTER CRIME =============================================== Six hackers between 18 and 20 years old, are suspected for extensive computer swindle at the Swedish University in Linkoping. They had hacked the password to the universitys databank, and caused damage for at least $13000. The persons at the university got suspicious when they got a phonebill on $15000 HIGHER then the normal, and called the police. Trial is waiting. GERMAN HACKERS CONVICTED FOR ESPIONAGE The first hackertrial in German history started in February-90. Three hackers got conditional sentences, because they had had entered some military systems and then sold the information to the KGB. The court in Celle outside Hannover, found all three guilty to the crime. The both hackers Markus Hess and Dirk Brzenzinski had hacked their way in into both military and commercial nets in USA, Europe and the Orient. The affair gave them $60000. The third man, Peter Carl, who worked as a croupier at a casino, where supposed to act as the contactman. He went to Berlin, where he passed the disks with information to the KGB. Earlier there was also a 4th prsecuted, but he took his life in 1989. An American programmer reacted when a bill came to an account that didn't exist. The programmer suspected hackers, and spent one year on an investigation. And after that, he got them on the hook. (The bill was on 80 cents.....) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -5- HACKERS... One word that the media have made an ugly word. The media view of hackers is that they only want to steal information and destroy information if they can. More or less, they work for the KGB. What could be more wrong? Hackers are people who are only interested in penetrating secure systems. Of course there are always people that might destroy information, but they are often people who are novices when it comes to real hacking and don't know much about it. Why should anyone want to destroy information just to be discovered and kicked out, if they want to use the CPU? Unless the media start to write about how it really is, I think that they more or less will influense young novice hackers that they should behave like that, and then we will have a dissaster when these people learn how to get access to systems. And because of this bad publicity the police are spending more money on trying to trace down hackers who only want to learn more. I think we few real hackers have a hard time before us. Our golden days were a couple a years ago. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -6- HACKER RULES AND ADVICES a fast guide to make LESS mistakes when IT happens. * If you get to a system you don't recognize at all, store as much text you can, WITHOUT LOGGING ON and ask someone who you think knows more about it. Note: Ofcourse, you don't give anyone who knows less than you the number. * A Hacker is always trying to get as much access as possible on the systems s/he have hacked into. * Remember, a number to a system that you've found on a public BBS could be a trap just to bust someone like YOU. * To create new accounts: - Never do this when there's top 30 users. - Let the new user's name be in the middle or maybe in the end of the user list. (Mostly alphabetical) - Avoid creating a new user by refreshing an old, dis-used username, (like: Last login 21-JAN-1987) * If you note a new command or a new instruction, store all text available from help menues and similar, and ask someone who you think knows more. * If a system you use to call has been modified or maybe updated, store text and ask somebody. * If you are planning to do something on a system you NEVER have done before, and you're not sure about Everything about it... Don't do it. ASK someone more experienced to get further advices. * Remember: The bigger company, the bigger the chance is that they - trace calls with 'odd' behaviour - have unique security-systems and routines - have a lot of active users * MOST systems stores ALL faults and errors you cause (typing fault, access violations). So if you don't know what you're doing by 100%, don't do it. * Never even START hack a system you don't know how to handle in some way. The only exception is systems who doesn't introduce themselves. * When you've hacked into a system, do the following IMMEDIATELY 1) Open your capture/buffert for incomming text 2) List the logged in users ALWAYS LOG OFF IF... a) ... any kind of System Operator is logged on. Note: On some systems, the System Operator's console is always logged on to the system. b) ... there's any kind of Project Manager logged on. c) ... another user with 'your' name is logged on. GO ON IF... a) ... you seem to be alone, or only normal users are logged on. 3) If you have system privilegies, try to shut off (Not DELETE!) the (if any) system logs. 4) Capture EVERYTHING in the help menues or similar. IMPORTANT! 5) Try to list all available directories (or all directory names, if nothing else is possible), no matter how many they seem to be. 6) Get as many other usernames as possible. REMEMBER: a) Never send letters or phone any other users through the system, before you have EVERYTHING under control. One exception though, when you are trying to 'fool' some users to give them more usernames or/and passwords for projects etc. * If you get in on a user and you of some reasons know that you WONT get back in again ('forgot' the password, got 'thrown in'), follow the whole "When you've hacked into a system..." EXCEPT the ALWAYS LOG OFF IF... at 2). <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -7- [SUPERCOMPUTERS] [CRAY X-MP/48] [IBM 3090-600J/VF] [ETA10] Sweden have these computers (which I guess you might recognise). Two of them are in use, and the third (ETA10) is now taken out of service to be shipped back to the United States, and as a hacker, you realise the power and the pleasure of hacking one of them. Therefor I've written a little bit of information for you to drool on. -=* COSTS & PRICES *=- Well, this is a matter of HUGE amounts of money we talk about here. SE-Banken (a bank here in Sweden) and Wallenbergsstiftelsen financed the Cray X-MP/48 with an amount of 59 Million Swedish Crowns (about US$ 10.000.000 (US$ at 5.80 SEK) and the IBM 3090-600J/VF was paid with donated money (no information from whom). The price? A small sum of 150 Million Swedish Crowns (about US$ 26.000.000). Handelsbanken (another bank) finaces the scientists 10.000 CPU-hours / year with 15 Million Swedish Crowns (US$ 2.600.000). If you want to use the IBM, you'll have to pay between 15.000 and 20.000 Swedish Crowns per CPU-hour. The Cray is a bit cheaper to lend at 7.000 Swedish Crowns per CPU-hour. -=* OWNERS *=- Who have got the money to run these machines? The IBM is owned by Kommunen (the local government) and a company called NorrData and the Cray is owned by SAAB, who gets 25% of the capacity in exchange for paying running costs. -=* USERS & USED TIME *=- Users of these two sofisticated systems are mostly scientists, but also two big universities, namely UMEA and LINKOPING. The local government in Skelleftea use the IBM for salary payments on the side of all science projects, and like stated above, SAAB have 25% of the capacity on the Cray. These computers are not used to their full capacity today. If you make a scale, you would find that the IBM is have 60% administration, 30% resurch and the final 10% is sold to the industry. The Cray on the other side have 75% universities, and 25% SAAB. But these figures just show how much time that is disposed, not how much is used. All scientists who wants to use these computers are granted access today, perhaps not the amout of time they want, but still access. There is a need for more users and companies to make these computers worth the money, time and effort to have them running. -=* SECURITY *=- The American export-control authorities have restricted Sweden for export of these machines to the East (which is understandable). In Sweden, the rules is decided by Forsvarets Materielverk (Military), and include several restrictions about foreign users (certain nationalities) who are not accepted and therefor can not use the computers. Accepted users are supplied with a special authorization-card and an equipment that generate passwords. -=* THE FUTURE *=- Today, the most reason companies and users give when asking why they don't use these computers more or at all, is that they are not running under UNIX or some kind of operating system that is portable from other systems. Therefor, these computers will have unix-similar operating systems very soon, to allow new and more use and portability of code and programs from smaller computers and systems. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -8- ================= SHA MEMBER BUSTED ================= In October-90 a S.H.A. member was brutaly busted, and charged for creditcard fraud and illegal attemps to enter some computer-systems here in Sweden. The member spent 46 hrs in an isolated cell at the central Police Headquarter in Stockholm. While he was questioned, the police searched his house twice. - When I finally got home, I nearly got a heartstroke, some of my computer equipment was taken, and the worst thing of all, they had taken ALL my dumps, printouts and notes as evidence, says the busted hacker. <<More about this bust can be read in another S.H.A. release>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -9- UNIX SECURITY Unix is a very open OS and have many flaws in the security because of this. The first security hole is the /etc/passwd file that any user can read and that contains the encrypted passwords. It is very easy to write a small program that use crypt(3), the internal unix cryption routine, to scan all accounts for common passwords or to match against a dictionary. The one that unix have, can be used. Newer unix versions like AIX, the IBM version, don't have the passwords in the /etc/passwd, since they are stored in a non-readable file since the US Defence C2 doesn't allow users access to encrypted passwords. It is even possible to re-create a password through the encrypted version, or atleast get a limited number of passwords to try. Impossible, you might say. The passwords are one-way encrypted! Yes! They are... but you also have more then one password that gives the same encrypted result since you lose information when you are encryting the password. You can go the other way and get about 4096 possible passwords and then only match these against /etc/passwd. This is a great advantage over scanning all possible combinations of root passwords in the standard way might take a year or so before you hit. The hard part is to get your hands on crypt(3)-source and be able to rever- se the encryption... And that isn't a easy way since crypt(3) isn't written to be understood by common people. But it is possible... <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -10- -=*> ARE YOU A HOMOCIDAL MANIAC? <*=- If you are one, you truly are a danger to your surrounding and should be visiting your local shrink, very often... Answer these questions honest to yourself, and then count together your points. Written by a [normal] SHA contributor. ------------------------------------------------------------------------------- 1) You are watching this movie (Texas Chainsaw Massacre I), and when the hero (Leatherface) cuts deeeeep into some 'poor' human with his roaring little motorised tool, what do you feel? [a] Ohhhh, brother. Disgusting, Puke! [b] Booo! Miserable special effects!! [c] You start drivelling... 2) You're at a party with all your friends gathered. After a while you (ofcourse) are fighting as hell with some stupid motherfucker that doesn't see that you're ALWAYS right. Ok, you win and the beaten shit runs to the door screaming "Hey, fuckface! You're lucky that I didn't kill you!" and slams the door shut behind him. What is your reaction? [a] Say "The fight is over, go home now!" [b] Scream back "Say that again and I'll kill YOU!" [c] You take something sharp from the nearest table (knife, siccors, vase) and run screaming after him. 3) You've just bought some bread and beer for the weekend and suddenly you see a rifle with several boxes of ammo in an unlocked car. What do you do? [a] Goes home without thinking more about it. [b] Steal it, to sell it off later. [c] Drops everything you hold, open the car door, takes out ALL boxes of ammo and load the rifle. And then you go around shooting moving targets all the day (Cars, people, playing children, cats, dogs). 4) You are driving down your street, and you see a woman and her two daughters waiting to go across the street. How do you react? [a] Stop your car to let them go across the street. [b] Stop your car to let them go across the street, and roars the engine just to frighten them as they pass your car's front. [c] Stop your car to let them go across the street, but when they are exactly infront of your car, you smash the pedal and run over them. 5) You pass a window on the 15th floor and see somebody standing outside the building, just at the wide open window. Your plans? [a] Quietly sneaks away to dial 911. [b] Says "Boo!". [c] Says "Hello" with a friendly voice and when he turns around, you hit him real good in the stomach. 6) What do you think about the TV documentaries about war? [a] Nah... I don't like to see people getting killed. [b] Good to know that it isn't faked, anyway. [c] What I think? I RECORD them, and then watch them until the tape fucks up. 7) You are looking out the window on the 5th floor and see 8-10 people waiting for the bus, just below your window. Your actions? [a] Go back into the room and watch the games. [b] Get a 5 gallon bucket of water and throws over them. [c] Fill the same 5 gallon bucket with a gasoline/soapflake mixture and lighten it just as you throw it out the window. 8) A friend owes you 5 bucks, and he haven't payed them back YET! [a] Phone him and ask if I can get my money back. [b] Phone him and DEMAND him to give the money back! [c] Phone him and tell him to say his last prays. 9) You accidently hit a deer when you are driving to your work. What do you do now? [a] Go out and try to save the poor animal. [b] Go out and hit it over the head with the jack. [c] Go out and kick the bloody creature to death. 10) Your next door neighbour have a big (BIG) swimmingpool, and EVERY weekend he have BIG parties with at least 100 people invited, and it's a hell to get some sleep the whole Friday and Saturday. What shall you do about it? [a] Mail him a letter which says "If you don't stop having those loud parties every weekend, I'm calling the police." [b] Call the cops and tell them that you've seen somebody get raped at your neighbours party. [c] Go out to your car and drive it like a madman through your neighbours hedges and hit everybody within reach. [d] Join the party. ------------------------------------------------------------------------------- Additional questions: 1 point for No and 2 for Yes. Do you shout HOORAY! everytime somebody gets killed in a movie? Do you watch every splatter-rated movies more that 20 times? Do you admire the German Leader during World War II? Are you a collector of real, automatic weapons? Are you dreaming of 'Shooting your way out'? ------------------------------------------------------------------------------- [a] is 1 points, [b] 3 points, [c] 5 points and [d] 0 points. ------------------------------------------------------------------------------- Points Rating ------------------ 10- Relax, you're quite normal. Perhaps a little bit too normal. -20 Relax you too... You still have the chance to live a normal life. -30 Hmm... You should consider wheteher to be out on the street or not. -40 Never, NEVER go out without 5-10 pills of valium in your pocket! -50 You ARE a Homocidal maniac, there are no doubts. -60 To make the world a safer place to be, commit suicide, please! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -11- --------------------------------------------------- & BRITTISH HACKERS BLACKMAIL FIVE BANKS IN LONDON & --------------------------------------------------- Atleast five banks in the London Financial world, City, have according to the magazine Independent On Sunday been the target of blackmail attempts since break-ins into their computersystems by so called 'hackers'. The manipulations started in May this year. To penetrate these systems have, from the look of it, not been any problems for the pirates. They have reached so far into the systems that they are able to creat chaos. None of the five banks have paid, at this date, says Indipendent On Sunday, and states that the latest discovered manipulations could be The most sofisticated ever in Great Britain. The pirates seem to have certain connections between them, but operate individually and probably have no connections with organized crime. Within the banks, they are worried that the customers confidence may be undermined. These crimes are investigated by the police and Hambros Banks Network Security Managements specialist in computer crimes. The chief, David Price, said he was confident the pirates would soon be arrested. The risk of computer crimes increase as the computer-technique develops faster and faster. The security-routines become more complicated and takes longer time to implement. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -12- ====================== NEW S.H.A. HEADQUARTER ====================== In February-91 a S.H.A. member is going out of the country, and because of that, the currently S.H.A. HQ is going down. BUT, a new board will be opened called Project Athena, and it will contain Swedens largest Tfile-area when it's about Hacking/Carding/Phreaking/Terrorism/Thrashing and Anarchism. Watch out for the new phonenumber.. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -13- SWEDISH UNIVERSITY HIT BY HACKERS A major Univeristy in Sweden have had their unix machines used buy non- students for a long time. They didn't know anything about it until the novice hacker got his hands on a password to the computers from a secure bulletin board system. A few weeks later the system managers at the university detected that one user hacked their computers. The novice hacker had used rlogin at many other targets. Used FTP at prime time and downloaded many megs of files and stored it on the computer. He also had big jobs running on the machine that tried to scan passwd files that he had downloaded from other machines. That was what got the system managers attention since they lacked disk- space. They always checked that users didn't store many files that al- ready was on the computer in public libraries. They checked the files and discovered that he had stored many passwd files so they started to watch the users account. The system managers had programs running 24 hours a day trying to guess passwords themselves to check out their own security and at the same time control what the users were using on the machines when no operators were present. Later the University decided to throw out the student that originally had the account that was used, since they thought that he had done the hacking. They main reason they would kick the student out wasn't because he tried to hack, which is pretty common at Universities, but for the small damages the novcie hacker had done. The only way to prevent the University from kicking out an innocent stu- dent was to expose, to the system managers, that the computers were used by other people. So the one who had originaly cracked the passwords from the passwd file and posted them on a board, made contact with the system managers and explained the situation, that some passwords had been drif- ting around and that some people had used accounts on their computers. This stopped the University from kicking out the student, but resulted in that the University now have their security level raised. Now your password must include one non alpha character and be at least 5 characters long. All passwords will be changed frequently and not as before when a student could have his password for his whole studies at the University. Alas.. if the novice hacker hadn't have the password all this could have been avoided. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -14- NEWS NEWS NEWS NEWS NEWS NEWS NEWS ----------- NEWS NEWS HACKER NEWS NEWS NEWS ----------- NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEW HACKERGROUP BUSTED. -Used false creditcards. Yet another hackergroup have been caught. The group is suspected to have bought computer equipment with others creditcards. Not all hackers keep themselves within the law's border. Now and then, articles about teenagers who have gone over the border, are published. This time it's two teenagers in Stockholm who have been caught and interrogated. "But our suspicions points above all at one of them", said prosecutor Wulf Zippis at the distr- ict attourneys office in Stockholm. This new case, have big similarities with a case we had about a year ago said Zippis. Then, a big hackergroup, spread all over the country, was dis- covered. With the help of selfmade computer-programs, they could produce creditcard codes for the creditcards MasterCard and Visa. With the help of these codes, they then could order merchandise from foreign countries for hundred thousands of crowns. The merchandise was ordered in fake names to P.O boxes and adresses. But though it involved large amounts of money, the hackergroup managed to get away with fines and conditional sentences - that time. How it will go this time, prosecutor Wulf Zippis wouldn't guess. "The investigations are still in full progress. We will have to see what the police discovers". The hacker comes from a suburb of Stockholm, is in his teens but not legally competent. Usually, young people like this, gets conditional sentences and not a jail sentence, atleast if they haven't got any previous records. The prosecutor wouldn't comment on how much the hacker have spent, but he confirms that it is of a substantial sum. A guess would be round 300.000 crowns. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -15- ============================= ======== SMALL NOTES ======== ============================= The Swedish Telecom and the State-Owned datacompany Dafa are going to build a nation-wide teleNet called DafaNet. It will be possible for, trough a central computer, companies to communicate directly with different authorities. The thought is to offer the customers a wide information-process with access to databases and electronic message- systems. The Net is built with so called X 25-standard which makes it possible to connect computers of a wide range of different fabricats to it. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -16- ================== TELCO TRACES CALLS ================== Some months ago I decided to find out how fast the Telco could trace the calls and the answer is terrifying. It takes approx. 2-3 seconds (local trace). And this is how I did the test: I went to a cafe' and borrowed the telephone. The phonenumber was clearly printed at the bottom.. (let's say 123456) I dialed an operator and told her that I wanted a collect call to Hong Kong.After that I gave her the phonenumber I wanted to call, she said: - Ok I'll have to call you back in 5 minutes. What phonenumber are you calling from? - Uhh... I don't know, I'm call from a borrowed phone, I said. - Ok..hold on. After that she pushed some buttons, and said: - Are you calling from phonenumber 123456 ? That little test shows how fast they trace calls.... A good advice when hacking computers is to ALWAYS dial through outdials ... <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -17- NEWS NEWS NEWS NEWS NEWS NEWS NEWS ----------- NEWS NEWS TERROR NEWS NEWS NEWS ----------- NEWS NEWS NEWS NEWS NEWS NEWS NEWS THIS IS HOW YOU MAKE A LIGHTBULB BOMB. -They found book for terrorists. Qualified advice to terrorists exists in ordinary Swedish Bulletin Board Systems. How to make weapons and timebombs home in your kitchen are explained and very easy to understand. In just a couple to minutes, the two school-KIDS Petter Aasheim and Jorg Akerlund from Gothenburg, theoretically learned how to make nitroglycerin. Very alarming, those who want are able to get their hands on a dangerous knowledge, said Torsten Bjorkhede, chief of SAPO (Swedish FBI) in Gothenburg. The superintendent at the violence division, Hasse Carlsson is also worried. I have never heard of anything like this, he said. It was of a pure accident that they came across this information. On a Bulletin Board System in Kungalv, "Halla Hogia", they saw the headline - The Terrorists Handbook. We were curious and brought home the text, the kids said. About 100 sides loaded with real blowstuff came from the printer. THE CHEMISTRY TEACHER WENT PALE. First I thought that the "handbook" was cool, said Petter Aasheim. But when he read through the material more thouroughly he changed his mind. With this material, everyone can be a terrorist, said his friend Jorg Akerlund. The two kids took the text to their chemistry teacher and let him read it. Pale he said - Go immediately to the police with this. We have seen some terrorist handbooks earlier. But nothing as detailed like this one, said Trosten Bjorkhede. The author, an unknown American, shows the terrorists ABC and very detailed too. THE CHEMIST'S HAVE MOST OF IT. All necessary substances for making explosives are listed. Most of them are available at the Chemist's and the rest can easily be found in listed insecticides, fotoliquids and in usual stores. If the terrorist still can't get his hands on the necessary ingrediences, the next step is to break into a chemical lab/school room. To be sure that the burglar doesn't miss any vital substance, the author have included a check-list. It says "if a lock to the lab has to be forced, the best picklock is dynamite followed by the sledgehammer. Unfortunately, these methods make too much noise. The third best way is therefor a set of picklocks." Thereafter follows a very thouro- ughly described way on how to make your own picklock set. When it comes to the explosives, everything is very detailed, almost pedantic. EVERYTHING is explained. SIMPLE TO MAKE A LIGHTBULB BOMB. The author recommends the highly explosive explosive R.D.X. According to the "handbook", it can easily be made home in the kitchen. With drawings, the author explains how to triggers and timesettings should be done. Then it continues on how to make package-, book-, telephone- and lightbulbbombs. It says "An authomatic reaction when you enter a dark room, is to light the lamp. Though that can be very dangerous, if a lightbulb-bomb have been scr- ewed into the socket. Such a thing is very easy to make. Start with heating the bulb's socket with a gasflame..." One section tells about weapons. There it is described how to re-build a shot-gun into a grenade-gun, how ordinary new-year rockets becomes bomb-carriers. This must be investigated right now. It can be a case of insugency, said the district attorney Sven- Olof Hakansson in Gothenburg. 15-YEAR OLD RESPONSIBLE FOR THE BULLETIN BOARD SYSTEM. Responsible for the System "Halla Hogia" is a 15-year old from Kungalv. He doesn't know what information lies available on his own system: New things arrive daily, he said. Do you know that you have "The Terrorists handbook" on your system? "No." Is it possible to check who sent it to you? "No. All such information is erased after one week." Everything in the Sys- tem is free. To access it, all you need to know is the telephone-number. NEWSPAPER: EXPRESSEN DATE : 91/01/11 REPORTER : RIKARD BJORK FOTO : TOMMY NAZELL (photo: The two kids (looking stupid) infront of a computer with the text: - We were curious. That is how Petter Aasheim and Jorg Akerlund explains the discovery of "The Terrorists handbook". The dangerous information was found at an open Swedish Bulletin Board System.) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -18- NEWS NEWS NEWS NEWS NEWS NEWS NEWS ----------- NEWS NEWS HACKER NEWS NEWS NEWS ----------- NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEW WAVE OF COMPUTER COUPS IN SWEDEN. HACKERS IN KARLSTAD AND LINKOPING ARRESTED. A wave of computer coups oozes over Sweden. Those worst affected are Swedish universities that are used by young hackers. Their illegal entries have cost hundreds of thousands crowns. At a large Swedish company, a couple of employees are suspected for illegal entries at a secret West-German database. For the Swedish computer-police, the several coups wasn't unexpected. During the last months of 1989, the chief of the Swedish computer-police warned the public about what was about to come. Rolf Nilsson also said that the next five years will be dangerous, and that they expected some kind of big bang. The real devestating bang in Data-Sweden haven't happened yet, but these illegal entries are enough to make the police very nervous. Several young hackers have, with the help of university-computers, made electronic journeys round the world. On other locations, students have made their way into university-computers and tried to change salary- payments and grades. All togheter, there are about ten young hackers that's been charged, and they have fines or max 2 years in jail ahead of them. The other investigation is conducted by SAPO (Swedish FBI) and riks- kriminalen, and concerns five employees at a large Swedish company, who have illegaly entered a super-secret, big database in West-Germany. At this moment, the case is too sensitive, so the police can't give out any information. Though a Swedish computer-magazine tells of an institute for advanced mathematical processing and that the West-German secret police (BND) have asked for help to trace the intruders. As usual they think the KGB is involved, like in the Hess/NATO case, which resulted in conditional jail-sentences. Also when it comes to these Swedish hackers, the sentences will not be of freedom-taking nature. They could face a two-year jail-sentence but it will be very hard for the police to find evidence showing that they had criminal intentions. "If you look at the bright side of this, they really should get high grades in this area", said Stig Hakangard, who is perfekt at the institution for ADB at the school in Karlstad. These two hackers, aged 22 and 26, have illegally entered the schools computer-terminal and among other things, destroyed a salary-register. They are two students, who have one term of programming behind them. "When I look at it, it seem to be a classic hacker-motive; they wanted to get as far into the system as possible without getting caught." Their fall came after they accidentaly deleted a salary-register, and the system started to "ring the alarmbell". "We are very weak because of our connections to SUNET, and there are over 200 node-computers in Sweden, so if you crack the password to the Net, the road is open and limitless. The police looks more strongly at the coups in Linkoping, where six hackers have used the university-computer to call BBSs and databases in, among other countries, USA and Australia. Four of them are charged and could face fines or jail and pay for claimed damages. (ie. phonebills). They have succeded in connecting with commercial databases through the central computer and their own home-computers, and they used the univer- sity identity which means they never had to use any passwords. The phonebills came as a shock to the university. The first were at 60.000 US dollars, and the second at 20.000 US dollars. The hackers were lucky that time, because the Swedish Telecoms counters didn't work at that time. Parallel investigations are made to trace the foreign hackers, who have managed to enter Swedish computers through university-computers in among other countries, Canada and Finland. The final word here, is that the Swedish police is So nervous when it comes to illegal entries, that they always notify the Swedish Millitary forces and SAPO when they discover new hacker activities and entries. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -19- ============================= ======== SMALL NOTES ======== ============================= Datema sold their daughter-company Datema Konsult AB to the Swedish Computer-central. The company have 28 employees and is specialized in servicebureau activities and economy-administrative consult activities. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -20- ================================================= S.H.A. VISITED AN EUROPEAN SPACE AGENCY COMPUTER. ================================================= In August-90 a SHA member hacked his way into an ESA computer, and got access to a lot of interesting stuff. - It took me 3 minutes to hack that computer, so I can't call that security, says the hacker. NEWS NEWS NEWS NEWS NEWS NEWS NEWS ----------- NEWS NEWS HACKER NEWS NEWS NEWS ----------- NEWS NEWS NEWS NEWS NEWS NEWS NEWS HACKERS BOUGHT COMPUTERS - ON OTHERS CREDITCARDS Two teenagers have been exposed as hackers. They have bought computer- equipment for 100.000's of crowns and paid with others creditcards. We think that they got the numbers from computers, said the district attorney Wulf Zippis. The Police' computer-experts suspect that they are connected to a group of hackers, who have made the numbers with own computer-programs. That group was revealed eight months ago and consists of computer-knowledged teenagers between 16 and 20 years. Most of them are students on the Nature-scientific or Technic course, and they live from Umea in the north to Lund in the south and have a common int- erest; the possibility of the computer. USED FAKE NAMES The two, who are arrested, live in one of the suburbs of Stockholm. After long hearings we are now working on how they made this possible, said Zippis. We know that they ordered the merchandise in fake names with false adresses, and paid with false creditcard numbers. How they got their hands on the secret numbers will be investigated. I can't tell you how large sums that are involved, but sure, it is large amounts of money, said Zippis. One of the two teenagers is described as very talanted, but lack of interest in school-work got him lousy grades. He cons- entrated his talent in the technical world of computers. Looked for success in hacker-circles and bought advanced computer-technique on others credit- cards. The numbers were made by a computer-program which had been made by a group of hackers. Rikskriminalens computer-experts have had long hearings with the teenagers, and their story have had a similar pattern: They have gotten a home computer and joined a club. In computer games, they have found new ideas and improved the technique with help from modems. VISA AND MASTERCARD With help from modems, they have connected with databases and found inter national lines. One of the members of the group, stole a list with blocked creditcards. With the computer, they discovered how the 16 numbers were made. That's the way they made numbers for VISA and Mastercard creditcards. After that, it wasn't very hard to buy equipment from American mailorder companies. To leave a number of a creditcard that is not blocked is enough. The mercha- ndise were delivered to P.O. Box adresses in fake names. The bills were del- ivered to the owners of the cards. -/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/- -21- HOW TO KEEP ON HACKING I. Password and number swapping II. Single or Parallel hacking? III. What a hacker can do and still be a hacker IV. Hiding your stuff and safety precautions I. Password and number swapping This is a subject where almost everybody have their own opinion, whether to swap hacked systems with total strangers or only within some kind of limited circle. The smartest thing to do is of course Not to swap with people you don't know, like putting them up on Public Bulletin Boards and so on, this is VERY stupid; Why? Well, imagine that you give out the userid's necessary to access the system you've hacked and alot of people start to call it and do what they can. Then... you notice the outidal that's been hidden in some strange direc- tory. What do you do know? The system will maybe change their number because of the XX calls they get per day all of a sudden, and when the same userid is logged in 10 at a time, you'll have to wardial their new number...Clever? No. And even worse, the computer will might not have it's number changed, it maybe 'only' increase their system security, tracing suspicious calls etc. It's the same thing about Numbers to systems you Haven't hacked (yet). I think you agree with me that the smartest thing to do is to keep your numbers and passwords to yourself, if you want to keep on having the system 'at your service'. The way to keep numbers and passwords within some kind of circle or group is also a way of Not letting numbers and passwords slip away. Decide and make Your own rules on how these things should be handled, do it for a start, so you have it written if something occurs (your favorite system crashes...). In Sweden, I know this is a SERIOUS problem for hackers that have gone thr- ough lots of trouble getting into a system, and after giving it to a friend that couldn't SHUT UP about it, the result is that the system changes number or increases the level of security. I know that MANY boards are letting their amateur hackers go berserk on systems they just found! This is not good for anyone, not the hackers and not the systems. The (now) best way to solve this should be to validate the members that want to join a certain (hacker) meeting, where they can tell eachothers what they know / what they've found. So hackers and other people, Share Experiences, Not Passwords. II. Single or Parallel hacking? Which way is the best? In some situations it's difficult to say. In systems, where your hack cannot be hidden (Printer log etc) you might have to take all the data possible from the system (under time stress...), and this is when parallel hacking is best, two persons can Capture more than one. But ofcourse, you choose how many you are in at the time (downloading). Two is though preferable, because it's easier (and Faster!) to speak to eachother through the system and tell one another what to do, and that you're not storing the same data. In all other situations, the single hack is the best hack. You get more out of it for yourself. III. What a hacker can do and still be a hacker First of all, my definition of a Hacker; --------------------------------------- -Describe short what a hacker is. A hacker is someone who want to learn more about current systems and in some cases, their security systems. -What is a hacker's purpose when he's entered the system? A Hacker NEVER destroy anything vital for the system, this is one of the basic rules. Then he should take care of all interesting data he can access and take it home, and after that, explore how This very sys- tem works. Are there perhaps any changes compared to similar operating systems? -What happens to hackers that destroy systems then? First, a 'hacker' that destroys systems frequently should NOT be called a hacker at all. Crasher ([System-] Cracker) is the word for that kind of people. IV. Hiding your stuff and safety precautions