💾 Archived View for spam.works › mirrors › textfiles › hacking › hack_cis.txt captured on 2023-06-14 at 16:50:18.

View Raw

More Information

-=-=-=-=-=-=-



			  The 15-Minute CompuServe Hack
		       (or, Leeching Made Incredibly Easy)

				   by MacGyver
				     6-22-91

 -----------------------------------------------------------------------------

				  OUR GUARANTEE:

		If, after fifteen minutes, you don't have a fresh
		 CI$ password for use, you are obviously stupid!

 -----------------------------------------------------------------------------

			   Courtesy of: The Shire BBS
			    (516) Private  19.2k HST
			  Tripple H World Headquarters



Introduction: Why EFT?

	Everyone knows the safest way to hack out a CI$ account is to get one
of those IntroPak thingies, get a credit card, and go have a ball, right?
Wrong. Ever since the phone company switched to digital networking and the
long-revered 2600 Hz tone all but disappeared, phreaking has gone the way of
the dinosaur as well as good old carding. Ever go to a department store, buy
something with your credit cards, and see those little computers? All they are
is little modems that call up Mr. Big Kredit Kard Kompany and make sure you're
not over you limit. When you call up CI$ and log on with a not-so-fresh credit
card number, all it takes is one little phone call and BANG the account's dead.
Especially if the number is on the "Hot" list. If the card is virgin, it will
last a little while, but since the verification is so fast, it will die too.
Credit cards are a bit dangerous to use nowadays, and not easy to come by. Not
to mention the fairly stiff penalty for credit card fraud. I mean, who wants
to spend a Friday night trashing behind Caldor when you could be out doing
something constructive like drinking beer?
	The solution: use the Electronic Funds Transfer. This is CI


s way of
getting people who don't even have credit cards. You give them your check
number, and they automatically take the cash out of your account every month.
Everyone know it takes a couple of days for a check to clear, right? Well,
this is because every two-bit piece-of-shit bank doesn't have an 800 line like
Mr. Big to verify all the checks their unloyal customers put out. And, lucky
for us, takes a *LOT* longer to detect. I have even had a few last for ten
days, which is when they switch to the second password, effectively cancelling
your account.



   BE SMART... HACK SAFELY!  THIS IS THEFT OF SERVICE AND IT'S VERY ILLEGAL.
	  DO NOT ATTEMPT THIS IF YOU DON'T KNOW THE BASICS OF HACKING!



What You Need:

	1) A REAL, LEGAL checking account and ATM card from the bank you will
	   be hacking. The ATM card must be for the checking account. (Don't
	   worry - you'll just be using this as a template. We'll be sending
	   the bill to someone else, of course!)

	2) Knowledge of where the bank and specific branch is. The smaller
	   the bank the better.

	3) A CI$ IntroPak. (If you don't have one, read on.)

	4) A bogus name, address, phone, social security number, and valid
	   zip code from the phone book. Make up the SSN.

	5) A car, unless you want get a lot of exercise.

	6) Rudimentary hacking knowledge. I am not going to explain many of
	   the terms and obvious safety guidelines in order to prevent rodents
	   from screwing up my system.



Getting Started:

	First of all, you need a local CI$ dialup. If you know yours, skip
this section.

	1) Dial 1-800-346-3247 via modem.

	2) When you connect, press <Return>.

	3) After "Host Name:" prompt, type PHONES.

	4) Follow the menus and select a phone number close to you. The ideal
	   number is NOT in your local exchange.



Researching the Account:

	Okay, what you are basically doing is "figuring" out the numbers on 
someone else's check: the routing transit number, and the account number. This
is all you need to sign up with.

	1) Drive to your local bank. Inside, there should be an ATM. And under
	   the ATM should be a whole shitload of transaction receipts that no
	   one ever cares about. SUCKS FOR THEM! Grab a handful. Now you don't
	   know if the slip was made with the bank's own card, so go to an
	   out-of-the-way bank that people don't use for quick withdrawals.
	   An ATM in the mall or next to a bar is no good. Keep in mind that
	   the best kind is a DEPOSIT slip because it assures you that the
	   person is a customer of the bank!

	2) Make a balance inquiry on YOUR card, or someone else's. Keep the
	   receipt. You must have a matching check for the account.

	3) Compare YOUR receipt with the account number on your check. The
	   account number on your check is the second group of numbers. You
	   see, the ATM prints an incomplete version of the account number on
	   the receipt to prevent just this. Find where your numbers match;
	   note the placement of dashes. Ignore any other funky symbols you
	   might see. For example, if your check looks like 12-3456789-0 and is
	   printed on the receipt as 5815961234567890, you know to lop off the
	   first six digits, place a dash between the the second and third
	   digit and a dash before the last. Thus, if the victim's receipt
	   looked like 1324359876543210 and your check looks like above, the
	   checking account number AS IT APPEARS ON HIS CHECK is 98-7654321-0.

	4) Find the routing transit number on your check. This is the leftmost
	   number on the check. This number is the bank's number.

	+--------------------------------------------------------------+
        | Dick Hymen					       No. 432 |
	| 1234 Cherry Road			_______ 19__           |
	| Intercourse, Virginia 12345                                  |
	| 						     ________  |
	| Pay To.. ____________________________________|  $ |________| |
	| 							       |
	| ___________________________________________________  Dollars |
	|							       |
	|   Ass Chesse Bank of Virginia, etc.			       |
	|				      _______________________  |
	| :123466689:   98=7654321=0:   0432                           |
	+--------------------------------------------------------------+
	    ^			   ^       ^
      Routing Transit No.   Account No.  Check No.

	Congratulations! You have now figured out EXACLY what the victim's
	check number looks like. Since he is (hopefully) a member of the same
	bank, the routing transit number is correct. And since you decoded the
	info on the receipt by using your check as a template, you're all set!



Locating an IntroPak:

	You get an IntroPak whenever you buy a modem. It comes with a temporary
password and a $15.00 credit. The credit is designed to sucker new modemers
into spending a lot of money, because most new users say "$15.00! Wow!" and
don't actually know that it's only 75 minutes of connect time. I usually have
four or five laying around because my modems have the unfortunate tendency to
attract lightning. If you don't have one, there are two ways to get them:

	1) Buy a modem with your credit card from a BIG DEPARTMENT STORE. Then
	   simply remove the IntroPak and return the modem. It is a small
	   pamphlet and will go unnoticed when returned. Use a credit card to
	   expedite the return.

	2) Go to any computer store and buy an IntroPak. These usually run from
	   $20 to $30, but think of the money you'll save when you run up a
	   $500 bill...



Signing Up:

	1) Call your local dialup and follow the instructions in your
	   IntroPak.

	2) Enter the bogus name and address. A good one is local to the bank
	   but a few towns away from you. Remeber, the name will never match
	   the checking account number, so make it look good!

	3) Use an always-busy or always-ringing number for the day phone. If
	   you don't have one, use the bogus name's actual phone. Do NOT leave
	   a night phone number. This way, if CI$ calls, the victim will
	   probably be at work. Make sure the prefix matches the area you 
	   claim you're from.

	4) Enter the checking information as you have deduced. Make up a check
	   number, a good one is in the range of 500 or so.

	5) Do NOT select the executive service option. It makes the account
	   last longer if you don't.

	There - that's all there is to it! Now go the file areas and LEECH!



Tips and Hints:

	Here's how to make the most out of your "limited stay" on CI$ and make
it last longer.

	1) Sign up for the password on Friday, after 6:00 pm.

	2) Make sure only one person uses it at a time. Ignoring this will
	   get your account suspended in four or five days.

	3) Join all the forums you attend, use the bogus name. It looks fishy
	   if you leech from the forums without joining, since joining doesn't
	   cost anything.

	4) Use password only at night, from 6:00 pm to 6:00 am.

	5) Change the password every once in a while.

	6) Don't be profane in any messages or on the CB Simulator.
	   Being an asshole on the CB is the quickest way to get cut.

	7) Keep it to yourself for a few days before you give it to your
	   friends (if at all).

	8) For downloading, always use the Quick B protocol in the IBM
	   Communications Forum. I believe it is called OZBEXT.ARC.
	   Apparently they're too cheap to get Zmodem.

	9) CI$ doesn't have batch download. However, by spending a few
	   minutes with the script commands of your terminal, you can make it
	   do the same thing. I highly recommend BOYAN version 5 for this.
	   See appendix A.

       10) If you see "% Checking your account information..." you will most
	   likely see a "Your account has been temporarily suspended." This
	   means you used too much, too fast. Then again, you may not care,
	   because the next password is only 15 minutes away.
	


Appendix A: Simple Batch Downloading

	Here is a BOYAN version 5 script that will batch download for you. All
you have to do is use a simple editor to copy the first section to how many
files you wish to download. (Bear with me, I spent about 5 minutes writing
this script.) This should easily translate to any other script language: SV1
set var V1 to the file name, BL goes to the leech block, WF waits for the
specified string, %V1 sends the filename to CI$, and DLB is the command to
invoke the Quick B download.
	This script will only download out of one category at a time, and uses
the B protocol. You will have to modify the script if you want more...
	After you have placed all of the filenames into the file, go to the
forum's library menu. Select the category you want to d/l from, and then
use Alt-R to run the script.

------------------------------------------------------------------------------

\SV1[file1.ext]
\BL[leech]

\SV1[file2.ext]
\BL[leech]

\SV1[file3.ext]
\BL[leech]

\HU

|leech
\TO[20]
\WF[Enter choice !]4{
\WF[File name: ]%V1{
\WF[` name for your computer: ]%V1{
\DLB-[]
{



Appendix B: Hip Places to Check Out

CB simulator . . . . . . . . . . . . . . . . . . . . . . . . . . . GO CB
FAX mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . GO FAX
AP sports wire . . . . . . . . . . . . . . . . . . . . . . . . . . GO SPORTS
Atari forums . . . . . . . . . . . . . . . . . . . . . . . . . . . GO ATARI
IBM forums . . . . . . . . . . . . . . . . . . . . . . . . . . . . GO IBM
Human Sexuality forum  . . . . . . . . . . . . . . . . . . . . . . GO HUMAN
GIF pictures . . . . . . . . . . . . . . . . . . . . . . . . . . . GO CORNER



Acknowledgements

	- To CI$, for falling for this trick every single time;
	- To Radio Shack ("Yesterday's Technology at Tomorrow's Prices"), for
	     all those free IntroPaks;
	- To everyone whose checking account I "borrowed";
	- To my friendly bank, for being so small that verification takes 
	     way more than a week;
	- To whoever uploaded the GIF of the babe in the red teddy on the
	     beach to CI$. 'Nuff said;
	- To "Tom Righteous", for always encouraging me to do illegal things;
	- To "Al My Pal", who knows every legality & technicality about
	     everything in said universe;
	- To Lord Rheinhold, for being the hip dude you are, here's the BBS
	     plug;
	- To Dark Knight, for locating those great GIF files and the tacos.
	     May every GIF be an ANNHONG, a-zhe?