💾 Archived View for spam.works › mirrors › textfiles › phreak › bellfax.txt captured on 2023-11-14 at 11:15:43.

View Raw

More Information

⬅️ Previous capture (2023-06-16)

-=-=-=-=-=-=-


PacBell FAX on several BUSTS !
 
August 3, 1987
 
 
MR. SPILLER
 
Frank:
 
I've attached a summary of some recent events that are alarming.
 
I believe this information should be shared with Mr. Kaplan?  I've sent
a copy to Roland.
 
(signature)
W. M. Kern

                                                 COPY FOR: ROLAND DONALDSON
 
UNAUTHORIZED REMOTE COMPUTER ACCESS
 
 
 
San Francisco, July 29, 1987
Case Nos.: 86-883, 87-497
 
 
 
T. M. CASSANI, Director-Electronic Operations:
 
Electronic Operations recently investigated two cases involving a
number of sophisticated hackers who were adept at illegally
compromising public and private sector computers.  Included among
the victims of these hackers was Pacific Bell, as well as other
local exchange carriers and long distance providers.
 
Below is a synopsis of the two cases (87-497 and 86-883), each
of which demonstrate weaknesses in Pacific Bell's remote access
dial-up systems.
 
Case No. 87-497
 
On May 14, 1987, Electronic Operations received a court order
directing Pacific Bell to place traps on the telephone numbers
assigned to a company known as "Santa Cruz Operations".  The
court order was issued in order to identify the telephone number
being used by an individual who was illegally entering Santa
Cruz Operations' computer and stealing information.
 
On May 28, 1987, a telephone number was identified five separate
times making illegal entry into Santa Cruz Operations' computer.
The originating telephone number was 805-495-6191, which is
listed to Bonnie Vitello, 1378 E. Hillcrest Drive, Apt. 404,
Thousand Oaks, California.
 
On June 3, 1987, a search warrant was served at 1378 E. Hillcrest
Drive, Apt 404, Thousand Oaks, California.  The residents of the
apartment, who were not at home, were identified as Bonnie
Vitello, a programmer for General Telephone, and Kevin Mitnick, a
known computer hacker.  Found inside the apartment were three
computers, numerous floppy disks and a number of General
Telephone computer manuals.
 
Kevin Mitnick was arrested several years ago for hacking Pacific
Bell, UCLA and Hughes Aircraft Company computers.  Mitnick was a
minor at the time of his arrest.  Kevin Mitnick was recently
arrested for compromising the data base of Santa Cruz Operations.
 
The floppy disks that were seized pursuant to the search

 
 
warrant revealed Mitnick's involvment in compromising the
Pacific Bell UNIX operation systems and other data bases.  The
disks documented the following:
 
  o  Mitnick's compromise of all Southern California SCC/ESAC
     computers.  On file were the names, log-ins, passwords, and
     home telephone numbers for Northern and Southern ESAC
     employees.
 
  o  The dial-up numbers and circuit identification documents
     for SCC computers and Data Kits.
 
  o  The commands for testing and seizing trunk testing lines
     and channels.
 
  o  The commands and log-ins for COSMOS wire centers for
     Northern and Southern California.
 
  o  The commands for line monitoring and the seizure of dial
     tone.
 
  o  References to the impersonation of Southern California
     Security Agents and ESAC employees to obtain information.
 
  o  The commands for placing terminating and originating
     traps.
 
  o  The addresses of Pacific Bell locations and the
     Electronic Door Lock access codes for the following
     Southern California central offices ELSG12, LSAN06, LSAN12,
     LSAN15, LSAN23, LSAN56, AVLN11, HLWD01, HWTH01, IGWD01,
     LOMT11, AND SNPD01.
 
  o  Inter-company Electronic Mail detailing new
     login/password procedures and safeguards.
 
  o  The work sheet of an UNIX encryption reader hacker file.
     If successful, this program could break into any UNIX system
     at will.
 
 
Case No. 86-883
 
On November 14, 1986, Electronic Operations received a search
warrant directing Pacific Bell to trap calls being made to the
Stanford University computer.  The Stanford Computer was being
illegally accessed and was then being used to access other large
computer systems throughout the country.
 
The calls to the Stanford Computer were routed through several
different common carriers and through numerous states.  Through a
combination of traps, traces and sifting through information
posted on the Stanford computer, several suspects were identified
throughout the United States.

 
 
The group of computer hackers who illegally accessedd the Stanford
computer system were known as "The Legion of Doom".  Subsequent
investigation indicated that the Legion of Doom was responsible
for:
 
  o  The use of Stanford University high-speed mainframes to
     attack and hack ESAC/SCC mini compuuters with an UNIX
     password hacker file.  Password files were then stored on
     the Stanford systems for other members of the Legion of Doom
     to use.  Login and passwords for every local exchange
     carrier as well as AT&T SCC/ESAC mini computers were on file.
 
  o  The Legion of Doom used the Stanford computers to enter
     and attack other institutions and private contractors'
     computers.  Some of the contractors' computers were used for
     national defense research.
 
 
On July 21, 1987, eight search warrants were served in three
states at homes where members of the Legion of Doom reside.
Three of the searches were conducted in California.  Steve
Dougherty, Senior Investigator-Electronic Operations, accompanied
Secret Service agents at the service of a search warrant at 2605
Trousdale Drive, Burlingame, California, which was the residence
of Stan Cisnero, a sixteen-year-old member of the Legion of Doom.
 
Dougherty interviewed Cisnero, who had used the pseudonym
"O'Ryan Quest", when accessing computers.  During the interview,
Cisnero admitted the following:
 
  o  The entering of central offices, (Burlingame, San Mateo,
     San Bruno, Millbrae) disguised as a Federal Express
     deliveryman.  The entries were done to case out the CO's
     for the purpose of finding computer terminals with
     telephones, the locations of switches and bays, the names of
     Comtechs, and materials related to the operations of the
     central office.  Cisnero also claimed to have been in the
     AT&T Administration office on Folsom Street, San Francisco.
 
  o  Cisnero's telephone service had been disconnected twice
     for nonpayment, and twice he had his service restored by
     impersonating a service representative.
 
  o  Learning to test circuits and trunks with his computer by
     using ROTL and CAROT test procedures.
 
  o  Members of the Legion of Doom often accessed test trunks
     to monitor each other's liness for fun.
 
  o  On several occasions Cisnero would post the telephone
     number of a public coin phone for access to his BBS, Digital
     IDS.  He would then access teh Millbrae COSMOS wire center
     and add call forwarding to the coin phone.  He would
     activate the call forwarding to his home telephone number,

 
 
     securing the identity of his location.
 
  o  Cisnero would impersonate an employee who had
     authorization to use a Data Kit and have it turned on for
     him.  When he was done, he would call back and have the Data
     Kit turned off.
 
  o  Cisnero also would use his knowledge to disconnect and
     busyout the telephone services of individuals he did not
     like.  Further, he would add several custom calling features
     to their lines to create larger bills.
 
  o  It was very easy to use the test trunks with his computer
     to seize another person's dial tone and make calls appear
     on their bills.  Cisnero did not admit charging 976 calls
     to anyone, but he knew of others who did.
 
  o  When the Legion of Doom attacked a computer system, they
     gave themselves five minutes to complete the hacking.  If
     they were not successful in five minutes, they would attempt
     another system.  The Legion of Doom was able to crack a
     computer in under five minutes approximately 90% of the
     time.
 
  o  Cisnero would impersonate employees to get non-published
     telephone listings.  Cisnero received the non-published
     listing for Apple Computer Founder, Steve Wozniak, and
     members of The Beastie Boys rock group.
 
  o  Cisnero told Dougherty of one New York member of the Legion
     of Doom, "Bill from Arnoc", who has been placing his own traps
     in New York.  Bill from Arnoc helped Cisnero place traps in
     Pacific Bell.
 
The review of the evidence seized at Cisnero's residence tends to
corroborate all Cisnero's statements.
 
CONCLUSIONS
 
There are some important conclusions that can be drawn from the
above two cases regarding future computer system concerns.
 
  o  The number of individuals capable of entering Pacific Bell
     operating systems is growing.
 
  o  Computer Hackers are becoming more sophisticated in their
     attacks.
 
  o  Dial-up ports will always be a target for computer entry by a
     hacker.
 
  o  Even dial-up ports with remote callbacks and manually controlled
     modems can be compromised.
 
  o  A hacker can place a central office off-line by overloading

 
 
     a SCC mini computer by improperly placing traps or by putting
     traps on several DID multi-trunk groups such as MCI or
     Sprint groups.
 
  o  Terrorist or Organized Crime organizations could use this
     underground computer technology against Pacific Bell or to
     their own advantage.
 
  o  Pacific Bell proprietary data bases such as PTT ESAC or
     PB2 ESAC could be compromised.
 
  o  The integrity of accurate customer billing statements have
     been compromised through access to the CEBS (Computerized
     Electronic Billing System) and will remain questionable.  A
     customer can dispute large direct-dialed calls and claim his
     telephone was accessed by a computer hacker.
 
 
RECOMMENDATIONS
 
The information gained as a result of the above investigations
should be shared with those individuals responsible for the
integrity of our computer systems.  Further, an ongoing business
partnership between security and the individuals responsible for
the integrity of our computer systems should be initiated and
maintained to ensure prompt, effective resolution of future
computer related security issues.
 
(signature)
 
JOHN E. VENN
Manager-Electronic Operations