RSTS For Beginners bj Tie Marauder RSTSj'F. is ail acronym for Resource System '] sms Sharing Environment , H is- an operating system, most commonly found tunning on Digital Equipment corporatitmY (DEC) PDP series of computers {L.e, PDP-Ll/70 being quip; common.). This article describes the basics of identifying, obtaining entry, and some basic things to do once von are in a system running RSTS/E. Syslem Identification Upon connection to a RSTR/F system, it will usually identify ilSClfwth a system header simitar to: KRAMER CORF. RSTS/E Y7.2 JOB 5 KB32; (DIAL- UP) 1S-FF.B-84 3:46 RM User: So as you can mw, an R5TS/E system is quite easily recognized due to the fact that it actually tells you in 1 he system header. It is possible for the system manager to modify thclogitL EO not display this information, but very tew systems do not print out a standard system header. If it has been changed, it wi II most I iltely still display (he 'user; 1 prompt. Mote: it’s a Iso not entirely uncommon for RSTS system* that prompt for a user number (o use the “‘it'- character. En either case once you have reached the user: (or “Jr") pinmpt, R STS; E is now awaiting you to enter a valid user (account) number. Once you cuter a valid FPN, RSTS will prompt you with: ‘’Password : " If you enter both a valid account, and its match ing password, you’re in . Uopn/Aecounl/Rassword Formats An account on an RSTS system is always two numbers between 0 and 255 (inclusively) separated by a Comma. This is normally referred to os (he Project-Programmer Number Or RPN. The first number is the Protect Number, and the second is the Programmer Number. Some examples of valid PPM’S arc; 2fW,7jOO; 50 , 10 ; 30.30; or 1,7, Passwords on RSTS; Li system are always l to 6 characters long and can include: the upper case Letters 1 A-Z’. the numbers or a combination of both. No lower Ca se letters, and no special characters arc allowed fi,e. !,?,$, %„&, ’.ere,), So you can eliminate using these in an attempt to hack a password. On all RSTS systems there are accounts tlia l miss! be present. Unless mffjor software modifications are made, they rvitfexisl. Here is a list of these accounts and the default passwords that are used when Digital installs a system, ACOOWfT DEFAULT PSWT1S(5) COMMENTS rivato. SVSLIB, SV5MGR, DECMAN SYSTTJvl (J&KAHY,' SYSTEM MANAGER ACCOUNT DEMO AUXILIARY C.raHARV Id DEMO M demo Of all the accounts, it is most difficult to remove ”1,2'' due to software requirements, so if you are hacking a system from scratch, it is suggested that you try to work on a password for this ; recount, also note (bat “’E^” is the system Library, and the default system managers account, SO the passwords chosen for Lt sometimes reflect the« facts. Also hacking at this account kilts two birds with one Slone— not only must it be present, but it also has lull privileges, ns does any account with a project number of | (i.c. E.XXX). Once obtained you will have fall access to anything on the system. Basic System Fluid ions Once in, RSTS;F will prompt you with ’Ready’. You mo now m the RSTS i' E ’BASIC’ monitor, and you could type in a BASIC program, etc, Here are some useful system commands, 1 programs that urn be of use. H FI .P— Simply type help. It’s avails hie on most systems a nd fully self-documenting and menu driven. Ir will give you a Complete description ofmest system commands and functions. E> I R FCT 0 R Y ( o r ’TM R '} wil I gi ve you a list lug o t programs/ flics thal reside in any account you specify. Simply typing T>IR’ wil I list the files in the. account you ate in, to obtain a directory of anotlter account, simply use the format: 'DER (XXX ,XXX}'. where ’XXX . XX X ’is tiny valid account num ber. You Km also substitute an ’*’in place of either, fora 'match ail' Or 'Wildcard' search. SYSTATfor ’SY)— will give you a listing of who else is currently cn the system, what they arc doing or running, ar.d tome other information. Ibis eommaiwf is especially useful for obtaining other valid account numbers (PPNls). CJ1.E> allows you to load a basic program (any file with a '.BAS’ extension) into memory, if the program is in the same account as you, simply type ‘OLD NAME. EXT’, and if the program resides in another account, tisc the formal 'OLD (XX X XXX) NAM F .F.XT’, where NAM E TXT it t he mime of the basic program and XXX,XXX is the account/ RPN that it resides in, PIP— is the Peripteral Interchange Program. It is a fancy name fora basic file utility used 1u transfer files from one place tc another. You Ctin get a full description -of its uses by typing ’HELP RIP', BYE— logs you Offtte system. Always use 1 his command to log of! ! If you simply hangup, your account will remain Logged on, in a 'DF.TACEI ED’ state, and this will automatically arouse (be suspicion of even the densest sysop, especially if you’ve managed to obtain a privileged account. Stjme Final Notes Cnee on under any account, do a d i rectory of all ebe (0 * ) and {I,* 1 ) accounts. You Will notice a column in the d i rectory listing that is labeled ’PROTECTION’. This is a program/ file protection code. It can beset to various levels (i.c, any account can run/ list, ccnain accounts can ran; list, etc,), Look for any programs (files with extensions: .BAC, .R AS, and .INK) which have a protection of {232) or (252). These are programs that give anyone who runs ttem privileges at the lime (hey are run, sc make a note of any programs with extensions of this SOrl and try running, ■'exploring every one. Many programs have At t&s. that can be used to your advantage . This can be discussed in future articles. There is also a program that will allow you to chat with other users on the system You can usually run it by typ in g ’R TjN S I At. K.’. lt will ask for a ’term inal 1 o talk (o’, a nd you can oblain active usd's./ tefiniuals by using Lhe ‘iYSTAT’ command. lu conclusion, RSI'S/ F. is a fairly user friendly system ;o use;' a buse, and one of my personal favorites. You can lea ni | he basics and become fairly proficient in a relatively short time. 5-25 MOBILE PHONES— THEORY AND CONSTRUCTION breaks arc marked by E633 Hr and arc vcm at Id pulses pci second A pulse is 60 ms of 3 (.33 Hv v\-Lth 40 ms of 2 ISO Hr by Tin 1 Kewnjrhcr t his article explains (he operation and construction of a mobile phone. The turn section was written in W>] la bo rat ton with another telephone experimenter. Tt concerned Improved Mobile Telephone service (IMTS) signaling and was eventually posted on a BBS in the Midwest. From there it Jed into the hands of Ihe Chief of Security of Southwestern Red, His words to Lhe Sysop, who had been busted for Glue Boxing were. "A portion with a knowledge of electronics could use the information i n that file to hu i VI h is own roobi le telephone. I "he rest of the article es plains how one can be buLlt. ll is presupposed (hat you have a working knowledge of two-way radio. If you don't possess this knowledge, then yt>u can sludyup on narrow hand FM and 2'Mrler transmitter*. A good source Of information is 'The Radio Amateur's Hand book "( readily available from libraries and book stores). Sjjpudinj; Used in IMTS Eiaeh mobile telephone chan Ur] consists of Iwo frequencies: one fm tlie land base station and one for the mohilc phone, The base station uses two cones tor signaling,; Idle 2000 El/ and Sei Tie — -ROO Hz. The mobiles use Three tones: Guard— 2150 Hz, Conned 1 633 H Y . and Disconnect- — 1 3 36 Hz. The land base station marks the idle channel by placing lhe idle Tone on it, All The mobiles search for tlie channel with the 2000 Hz Idle wise and lock on to it. Each mobile phone is ass ignod fi sin rida nd telephone number consisting of area code + 2 digits. When a land customer dials a mobile number, the Idle lone (2000 Hz) changes to Seize ( IfiOO Hz). The number pulsed lathe mobile phone contains 7 digits consisting of the area code and last 4 digits of lhe number, The digits are made up of 50 ms pulses of 2000 Hz Separated bv 50 ms of I RQO Hz, If lhe re is a mismatch between the digit* sent and (be wired ID in the mobile, the mobile drops off and hauls for the idle channel. If the number matches, the mohilc will send back an acknowledgement tone of 750 ms of Guard (2 1 50 Hz). The hase station waits 3 to 4 seconds for this tone. Tf not received in that time, the calling party gels a recording. If the tone is received, the mobile phone will Ting for up to 45 seconds. Ringing Ly composed of S8Q0 Hz and 2000 Hz shifting at 25 fm for two seconds then four second* of 1800 Hz, When the mobile phone is picked up it sends a connect tone of 1633 Hz for 400 ms to leLI the base station it ha* answered. When the mohitc lia ng.s up, it sends Disconnect, which is 250 mi of S33ti Hz. When the hasc receives the Disconnect tone, it will drop currier for about 300 m* and go off It' it is the Oulv ava ilable channel, it will return to Idle. What follows is what happens when a call is originated by a mobile: When the mohilc gets off hook, it sends 350 ms nf Guard {2150 Hi) followed by 50 m* of Connect (161,1 Hz), When lhe base station hear* the Connect folic, it removes lhe Idle tone and slays quiet for about 250 ms. It then transmits 250 ms of Seize f 1800 TIz). lhe mobile then sends ISO ms nf Guard and starts transmitting the ID sequence at 20 pulses per second. The TD is the area code and last four digits nf (lit mobile'* number. TIk pulses are marked by 25 ms of Conned {1613 Hz} followed by 25 m* of til her silence or Guard tone <2 E 50 H z.}. If the pulse i* odd, it is followed by silence. 1 f even, it is followed by Guard tone. Ibi* i* used for parity checking- Tlie interdigit Lime is 19Ti res and will he either silence or Guard tone depending on whelher the last pulse was odd nr even . If the last pulse of the last digit in tlie ID is even, it will be followed by 190 UL> of Guard (one. When a number is dialed from j mobile phone, 2150 Hz is seal continuously Us soon as the d lal goes otf normal (when the dial is moved from its rest mg position). Dial pulses fCpreseiil ing between pulses. The most popular mobile telephone chanjnel* are located in the VHF high band. Cities are equipped with these channels more than any other hand. They are listed below. Mobile Telephone Frequencies Channel Base Mobile .PL P 52.5 3 157.77 YL 152.54 157.86 .IP 152.5? I57.R1 YP 152.60 157 86 Y.i 152.6.1 157.89 YK 152,66 157.92 JS 152.69 267.95 YS 352T2 157.98 YR 552.35 1 50! JK 352,78 1 58.134 .FR 1 52-8 1 153.07 Building the Mobile Phi mi' Tbi* js Ei list of the components you will need to brnkJ your own mobi le phone: I. Cassette Tape Recorder. '2. Radio Scunner ( Like Those used to receive police calls). 3. Mobile phone dialer' (build your own). 4. low Power Transmitter {Modified 2"Meier transmitter 1-5 waits). Slow a Mobile PSmuu: Duller is Built Build a Wien-RridgC oscillator to generate the needed tones. Ilnesc a re commonly used in red hoses. Hyou dum^ have a red bos schematic. Look u p Wicu-R i i d ge in an electronics textbook. Where yom would normally connect a frequency adjustment pot, use two multi-turn pots connected in series. Power for T he oscihaTor will he suppl ied by ei 9 volt battery. Obtain a rotary dial of Lhe type used on rotary telephone*. "The dial will have four wires coming Old of it: two white, one blue, and one green, The two white wire* make a connection when the dial L* off normal (moved from il* resting position) Connect the two white Wires in series with one of the tcadifrftm the 9 volt battery. The oscillator will he running Only when Lhe dial is moved off normal. Tt works like I his: Dial is moved off normal— circuit L* completed between oscillator and battery, Dial goes hack 1o resLing position— circuit is opened. The blue and green wires go to a normally closed cniitael in the d ial, This COtilaCl open* once Jbr each pulse in ei diEtkd d igit . For example Lt opens chr&e times for the digit Cooneci these two wires (blue and green) across one of the pots in the oscillator. Wish the dial in its resli ng position, Eidjust (he other pot fora frequency of 2150 Hz (Guard tone). Move I he dial until (he contact Open* and adjust the pot with the blue and green wires going To it for a frequency of 1 633 3 3 z. (Connect lone). When the dial ss moved off normal, power will be applied to 1 lie oscillator, and it will begin' running, at 2 1 50 H v . Whc n 1 he dial is released The short across the second pot will be removed each t itne T he contacts open fn r a dial pu Ise. Do ring there pu Ise times the frequency will shift down Lo 1623 Hz. When the dial gel* back tn its fCST iiig posil ion, power wil I he removed from I he oscillator, This- will exEtctly duplicate The dial puking of a mobile Telephone. flit Transmitter Antennae used by mobile phone base shit Tons are located on high towers. Th is al low* 'ine-of-vight transmission to and from the niubi les. K you aTe wisbi n a few miles of a bare station very (Ctwilimiwf on pt/ft j 1 3-2$) -V26 A EtC 2 1 UNO 6 OPER 0 OPEft 0 British Phonebooth Wedding S rv irV. S tf ( .r*j >r i They met m a telephone booth, he proposed to her m it , and the phone company offered them the Qirf-iashioned rod hox as a wedding present. In I , these two Britons met by chance at the payphone in the northeast England city of Middlebrough, Tlie perspective groom said , ‘"She was taking, SO long 3 had 1o knock on the window to hurry her up. "The argument produced a romance, and when he was finally ready to propose marriage, he telephoned her from the same booth . The couple pla n eo nut rry tins yea r and want to pot the booth in 1 heir garden as a memento. A British Telecom spokeswoman said, "We would be very happy to give them the kiosk as a wedding prescilE" The old wooden and metal booths, which are being Tepluced across Britain hy modern facilities are normally sold for 5200 each, Man Worries About Sprint Bill 0.'ii‘?-iibJ "^rvi Sann .Jerry Pepper ol Athens, Georgia, panicked when he received n iclephone hil l for $22 1 .2-6 1 ,9 I , I ist ing c& Us to E.jpy pt a nd Hong Kong, although the phone company assured him that the bill was fraudulent and that be would not be held responsible. "T raditkuia lly, I Vn a wonicr,"^ id Pepper, "l was as nervous as can be for a week. I was real bad. Nobody could talk tome. I worried even when they had (old me T didn't have io wOTry. 1 ' Ihe bill from GTE Sprint was frffi pages long and showed rails from New York. Ballimorc. Dallas, and numerous other Locations. One cal I listed on the bill showed that someone spent two hours and 2.1 minutes talking to someone i n Egypt — which cost $195, Bad Tenant Databases TIv 'iri Yft»£ TiWk Companies hired hy landlords to investigate the finances, rent histories, and backgrounds of prospective tenants have begun operating in the New York area. Tenant groups contend thai such investigations, similar to inquiries by credit-rating agencies On people seeking credit. Heave renters vulnerable to abuses. The companies which ident ify tenants with such problems us bounced checks, past evictions, or cred it shortcomings — say they protect landlords from tenants who have histories of not paying their rents or of causing nuisances that have led to eviction proceedings. The companies are intensifying t heir efforts just as t he public records of the CLtyh Housing Court arc becoming readily available from the court h new computer system. The cpLick access to the data could also help tenants seedling to determine the record of a potentia I land lord. "If you donY get heat or hot water, year have tlie right to withhold your reftl. 1 * Mr Scherer, a Lawyer and housing coordinator for Community Action for IjegaL Services, said. "Thc#e computerised systems will tend to make people very uneasy about exercising fundamental rights guaranteed to them by law." C ompauie^ their land lord cheats to provide the names of tenants who have been evicted. 1 'We’re trying Co develop a database on people wlio have actually been evicted, and we hope to have the names of 50fi,0Q0 such individuals in a year or so," a spokesman for one such company raid . Representative diaries E, Sebumer has introduced a bill in Congress to protect tenants against abusive inquiries. No federal taw now shields tenants from the misuse of in form at ion . This bill wou Id provide protections similar to the 15-ycar-ohl Fair Credit Reporting act, which requires eredtt- £a i hering tompa nics to tell consumers why credit applications are rejected and also gives consumers a chance io challenge the accuracy or any data used agumst them. One Of [he nationwide credit reporting companies now marketing advisories to New York area landlords is TRW Lnc. Other com panics include Data General and Tel (K heck Services 1 ne. . Car Breathalizers I,-"'"- A r p-r'-n- Mib'iv Thanks 10 technology and new legislation luring introduced in Colorado, it may nul be long before those who Slave had One 100 many wont be ahle So .rtarr, let alone d rive, their cars. A bdl will be introduced that makes it mandatory for repeal offenders 10 install a Guardian Interlock System in their caT or lose their license. 1 he device, which relai Is for $295 , ul i lines the Slime technology as the police "hreathalirer." The problem dnnkeT breathes into a mouthpiece tliat analyses ihe sample with a microprocessor, if the alcohol COuni exceeds .0 1 . tlic ca r won 7, start. Phone Phreak Fined Hi CYriali liWh A 19-ycur-old New Jersey man has been fined Is YOU and ordered io pay back $890 iu long-dislanec colls he made ai the ex pcr.se of AT&T. Robert Davenport of Chippewa [rail was also sentenced to one year probation and directed to get a pan-time job within or.e mouth . "My interest is still in telephones and my interest is still in computers, but us far us hacking and phreak ing go not anymore," Davenport said. " Bell is going to be monitoring me like a. hawk ." He had hcen changed with criminal attempt to commit computer-related theft, computer related theft, and theft of services. Repleaded guilty to the Litter charge, so the Other two would he dropped. “This is a case where yoiir technical knowledge exceeded your maturity . " the judge said “jJ ntil you Stun ad ing you rage, you’re likely to gel yourself in trouble again." Davenport said he d id ned comm il (he crime for a ny financial epin, hut only "to continue my existence or my knowledge as a phone phreak. 1 ' Marcos Phones For Free A-.wb Lurtl TYiKv The State Department laid it hud placed no Jimtl on telephone call? made hy former Dictator Ferdinand Marcos while he was a guest of ihe United Slates in Hawaii. A State Department spokesman said he could not confirm reports that Marcos has made thousands of dolhms worth of telephone Cfills from Kickum Air Force Rase in Honolulu or that Marcos was t ry ing to influence polit its in bis homeland by telephone. [Marcos is now living in a private residence in Hawaii and presumably paying for Ires phone calls.) -1-17 letters., .more mail from you... Dear 2600: An issue kit full (September, 1085) described the blue box adding for the verification trunks and gave an example for Michigan fbb}. '[‘he codes wem fiom00to£9 Do you have the ones for area codes4fSand^ L'elco AM’s for Ihe San Francisco area are 76CI If Lhal doesn't work. try '7(5002222." Right! S digits, not 7. A Header Dea r Header: We hope that someone provides us with a list of area identifiers that correspond to different area rod? s. Bui otherwise, /her? ore only fen to choose from: '1 00 " "J 1 " r up to 'W. iir, fry rhmi out. II ear 2*"M; As you can see from the enclosed , 1 wrote to an associate in Hong Kong (after purchasing alt your hack issue* and subscribing) aflcr reading " 1 %i arri ves in Hong Kong "(Flash , .lanwaiy, 1Q(v4) [ hope his reply is of help. Ren Huryoll, San Diego, California Dear R(w)m: ~fl te article Mr. fiprr &H referred so rwnn'or ii£sU\ untested w heme never been used anywhere else and is fudng furiously opposed if practically n'crvom-' here. There is. inf act, every likelihood that having spent about .t5 million in a pilot study ' the H K government will base to quietly shelve the whole thing JEnr 3 noticed uih: error in ybur "final words on VMS" (March. 1^86). The proper command for changing ihe default device prior so a directory search is SET DEFAULT devicename: inslead (if SET DEVICE device name: as stilted in the anisic. The SET DEVICE command requires OHLK privilege and <1 uc-n’i dowhal you want anyway, (i m igjit also be a good idea to qualify the SHOW DEVICE command (SHOW DEVICE.' MOUNTED] so that you don't have to view all to rmina Is. ta pc d rives, eh;. E)«ir2(MWr Die following is true for Unix iy stems versions 3 Jff and lower. Unix is set up so that anyone can view anyone elseh files unless ihe user lias cliangcd the permissions which rarely happens- This it especially true for the password file, Don't girl excited now, this does not mean you can sec rise passwords, at least not for now. Almost always the jiassword file is under the c!c subdirectory which is under ihe rbot dircctoiy. The command-path is "cat; -etc / passwd This is excel lent for looking for accounts without passwords and finding out user names. The username is followed by a colon then COnies the encrypted password. If you see a Username with two colons following it that means the account docs not need a password. All yog have rodo to get into these accounts is type tire username. No password hacking] Rc forewarned lhal these accounts usually have a very low access level but 1 bn sure you can work your way around i I . C p rOgnims arc very good to gel around this minor obstacle. A note on encrypted passwords: they a re encrypted Using a modified version Of the DES encryption nlgorytbm. ( lravo heard that it is possible to use the 'crypt' command to decrypt the password if you know Ihe key which I heard is a rather simple default. 1 hiive vet Lo see Stas work, hut we all know anything is possible in (his world. Another helpful him is ihe ‘passed’ command which a Hows you to change * password . dust type the command arid the computer will become friendly and guide you through the process, Htyzcus Argulllfc DcarJtSM: The day E received my March issue. 1 starred phrcakmg. X round With American Express, and I found that the touch 1 one authorization system is not dead, just a bit different. TtLs found at 6004324102, 8005225171. and SQQ5236D&b. (Numbers to social-engineer arc 6003271005 and 800526t)b62 — act like a dumb meruhunl.) Voice verification is 8005282 1 2 1 . Afler the initial carrier-like tone. Cuter merchant fi (10 digits], AX card fi. and amount, using pound key (*'#"} to signal end of input, and instead of a decimal point inlhenrncuintof.EE use 4 . A beep is heard alter each input, ['he Lady 3 spoke to said you cant access an operator on-line. NYNKX Threalt Dear NYNEX: thanks for dte information about haw- this: ivy works. We did not stay that this service v.w dead in last month 's article (An American Express Pi tone Story), The author, Chester Jfofaies, seas referring to the ability to gel an outgoing dial tone from American Express by using their interna! phone system, ft is that technique which no longer works. MOBILE PHONES f( onnnued from page 5-26) iil ilc power is needed 10 establish contact I to S watts should he completely adequate. Ihe less power you use, the less your Chances of gel ling caught. More on this later 2-Mcter transmitrers, used in amateur Tadio, operate in die toitge al 144 to 1 48 Mbcr. With a change of Crystals. and a little retuning, you have your ( ransmilter. How A Home Brew Mobil? TekplKipe is Used With a scanner, locate the base station frequency which currently has the Idle tone on it.Swilch to the mobile frequency on that Same channel and: monitor it with, the cassette recorder running continuously. What you want is a clean record ing of a mobile unit broadcasting its ID sequence. You aiso want a recording of tlic disconnect tone when he hangs up. Once yon have these, rewind the tape to Ihe start of the sequence. Now you are ready to make a call. life Ltcucedure boar Plating a Call I ■ Set your scanner to the hase station frequency with Ihe Idle tone and leave it there. Monitor wit h earphones to avoid aud io feedback through the transmitter. 2. Set the transmitter to the corresponding mobile frequency. J'urn it on and leave it on. (Continued ow page 5-29) Everybody Anowj an old man '•'■■ho was i>r she Second World War, and has plenty of wot stories to ieti. Well sometimes it pars to take the time to listen. . . We knew chat the enemy was monitoring a] I of our i n t c rn a; ( i o n a 1 f Ad i 0~le lep ho ne: eh a n h e Is ; -d e s pi le t he so p h i sticat cd vn Lcc-sc ra m biers whit h “inve rted ” speech , mfllting high tunes into low ones and viec-versA. Only authorized persons were pt mail Ltd to use overseas telephone circuits. Wu were equipped with elaborate iccordcis and switching control boxes which permitted us 10 cut off either side of a conversation, or to substitute ourselves for either party. A strict set nf rules forbade us to permit maritime information, weal her reports, cargo information, ds. 10 pass over the circuits. Influences in Washington sometimes resulted in Orders issued to us to permit use of the overseas telephone circuits, even though we were suspicious of previous conventions because parables and unusual phrases often used, made it difficult to follow wlLfil w L as being said. “How am we monitor carefully, when Wt Kurt understand what they’re saytng7”went unheeded. We caught one fellow i ed-lianded in Soulh America using weird terms like “birds Heaving the nest with a basket of eggs' 1 . 1 finally cut in the circuit and told him I'd forgotten what they meant. lie tried a couple of other phrases which l also couldn't understand . Finally, he Iasi his pA Lienee and blurted cut. “Oh hell, I In talking about those special munition orders which left yesterday for Germany.” % this time., a special telephone speech scrambler had been developed which to Siftfi II enough to lit and use on a desk . Its availability was extremely limited, hut a couple of Army officers — one in the U.S find the other in Panama — had heen able 10 get hold of a pair of them, and bet ween [bent secretly installed them on their desks, unbeknownst to us of counsel One day 1 heart! the fellow in Panama say “OK Joe. now Over to the scrambler” and tlxiir ensuing conversation became un intelligible ■ W<: quickly checked 1 he rad io telephone ei reuit equipment Olid discovered that the technical cha raeletisl ics of 1 he equipment they were using And OUrOwn was identical. As a result, when they inserted their scramblers the speech invers ion righted itself and their conversations wcnl oul over the radio- A Story of Eavesdropping 2600 (ISSN0749-B5]} Editor »nd Publisher Tvranty Si* Hundnud AriMKiiom Editors Eric Corley f>AVid Rudermcin Executive Director Helen Victory BBS Operator Tom bl.di VVrilar*: Paul Esiev, Mr. Prarreh. £m manual Galdetairti Chester Holmes, The K id Bi Cwnpony, Ltx Lulhor Lord pnreakar. Mike Selen*., The ghadftw, Silent Switchman. and the usual anomm'ipus iHjixjn. Wr. ,, i^Nrh^ Iw, yrti FnkTT-ny-v I,*... In rLT™,v.,< dl: , ™, XXM -,1 M'I'.M HUN if!M 1 1 v in in j riidla! : ™ : w Wgltmilffl! I»l tUHRHtATti SlMPiHffiSUIIX * ' t i ni ';' h - XHpjfiii: SI VI ,.vuhu i - j'j ■. i M| CK.S FaYAHI |* l<^ V-ii J it, .-jrwy | ri . ■p-Kiia id p it nit tv \y lT-l Fniri^r iJihaPSi-iMn ws i»|i JlJlL 1 }' Ml Sl! MUJk hknJ sy lUilJflK!. ist! 1 M vw Vs^lhi' £lK * K 15 ' 1 " 1 ** r ' 13 |llh MilJl ' lhtr,J - y v 1 h nm.iK' ra. d it 3-2* telephone circuit ip clear language -- 1 HidabJe by anyone! ! That was the end of the use of their private ‘"secret conversation system". borne of the worst offenders of overseas telepltone use security were (he top people. 1'3J have to list Generals Fiseirhowerand Marshal] as two of them At least some! i tries, 1 can remember one day (be circuit between London) and Washington happened to be Very poor in quality and Understand ability” was Stretched to else utmost. Gcticpl Marshall in Washington had (icncrat Eisenhower On the line in London who couldnY understand a word of what Marshall Wiis saying. Marshal) repeated several limes “Ike:, this LsGCM — Marshall— GCM — got il?" without results. Finally in frustration Marshall turned to an aide LimJ could he plainly heard to say “What's the code word for my na.uK?” The next filing we knew, Marshall was slowly and distinctly repeat tug his code name interspersed with "GCM" and “Marshal I'*. Of course, we had to clU the circuit and notify the code group in Wash ipgton to immediately “bust” the code we couldn’t take any chances-- revelation o! the code word for his name might have been A II the enemy intelligence was waiting for to help it "code-break" ocher communications, On tlrt other hand, P resident Kooscvell and Prime Minister Churchill were two of I he best and casitst 1o monitor. Rol h used references Io previously transmitted overheard messages bv numbers and most of ebe conversations were Along the lines: “Wdl Winnie, on number 52S, I really don't think vrc should do that— you know how they are.’' Nobody could gain any i h format ton 1 mm Usual ing to their tnl^phone conversations. [ always enjoyed listening 1y Sir Winston originating a call The British telephone operators were- req ui red on every connect ion to announce in art va nee of a conversal ionr “¥ on are warned not Lo mention 1 he mimes of vessels , sailing dates or emotions, cargoes, weather, etc., etc., etc.— any violation on your part will result in the circuit being tut off and your action being reported to the higliest authority. Da you understand?” Sir Winston always docily replied, “Yes ma'am, I understand.” Oik OhSmy group had l&iraed the “language” of speech inversion. For example, listening on the air to a radiotelephone circuit, oiw might hear a word that sounded exactly like ■^rtVrtaiiTOjw”; that was Lhe word 'telephone" aitcr it had pii ssed through i he speech inversion vvsteml ! ! MOBILE PHONES (Com im ted from pay? } Play the taped 1[1 sequence. 4. Use your dial pulser to call the desired number. Jf all lias ftonc well, you will hear your dial pulses in the earphones. You can use Ihis method lo cad one of the special ROO numbers and whistle off with 2*00 Hz; then MF to anywhere in Che world. This technique will reduce your visibility on the bill for (Ik ID you are using. 5. When you are ready to hang up, play the d tsconncct tone and swLLch off the transmitter. A Few Notes About Your flwn Security You should use only as much transmitter power as necessary to maintain a reliable contAd, If you do mi>ch of this kind of experimenting, the FCC ii going to be after vou with direction finding equipment. These use dErediOna! amennae and a process of triangulation to locate illegal transmitters. If you keep your power down, stay mobile, and avoid establishing a piittern of calling at the same lime every day, if will be nearly Lmptxsible to track you down. This fit e wax kindly pee sen ted by P-SO Systems for entertainment and academic study Oniy. It is a viola Sion of i'crftrral taws IO operate an untk eraed trarumitter. This month at 2600 M ore on mute Secrur KBs: We have obtained some vmy interesting information that we hope will allow OS 10 Condude onr study of this fascinating ease. The information takes, the form £>1" two t tan scripts of proceedings to obtain search warrants. The first transcript concents a search warrant for a computer that teas seized in Sew Jersey j ust before the Private Sector was seized on July I 2, 1 985. It was "'evidence'" from this first wa mint that permitted the second ; more well known, raid of seven computers. The second transcript is (he proceedings that permitted the seizure ot "Jtie Private Sector and Ihe Others. W r c don"L have the room to print these documents here, but we can print a few excerpts, Both transcripts have been kindly keyed by JCilK triad typisLs into computer readable form . They are now available on the 2600 olfiec BBS (5 Ilj7512b00. Friday and Saturday nights only from 1 2. ttiidtiijghl until L 2 noon only) and, ol'eourse, on The Private SeoLoi (2Uliibfc44.il ). Hardcopy printouts Or on MS-DOS disk containing these transcripli a re available from 2fA!0 for S5 ■ We ho-pe you read these transcripts aid spread them around the country. They men t ion Ihe usual: credit card fraud, toll fraud, thefl of service. computer traud, mid COUm lew permutations. In them there Is nt> menl ion of the control of satellites, the orderi ng of ta ti k parts, or I he spread of secret Pentagon phone numbers. 1L took Middlesex County PTOseeutnr Alan Rockoff Che whole weekend after the computers weie taken to come up with these fairy tales. Taking Ibe form of typical judicial-type questions and answers, the documents give insight into how law enforcement officials (bin k for don't think). They reflect ihe classic example of an unexperienced government (unexperienced with dealing with computer related issues) stumbling over peopled rights. Here are some of the good parts; H-'Tri' did they pick on there re van people? A We narrowed the list down (o the seven foul of 1 30 possible “suspects”] who we feel arc Ihe main offenders along. with Mr. XXXXXXX and his bulletin hoard service by utilizing his records, read ing his messages from these people that Lhey have posted on his bulletin hoard and also by calling these bulletin boards- up utilizing Patrol man GrCnnicr's computer and obtaining information from their computer. A nd wove hire ft the "evidence ~ which a flowed them to break j'n to the homer, o f.vwn New Jersey computer hobbyists: Q. And this number \ referring to another victim of this farce] also is a is it a bulletin board? A. AIL right. We did not get through CO this number, however, by the way it V. busy it appears to be a bulletin hoard. Onec wc did get through we got a ca rrier but my computer was not set up to, receive i! so there is a computer on Line Ihere and by the way it V busy ith eharaelcrisl ie of a bulEc! in bnard system. How ■ 'r. i ha i /hr cOrtchxdL'c evidence? 0 Whal information d id you receive from Mr. X XXX XXX "s programs thaL would indicate that the computer at 7S7-XXXX was being used tor Lllieil purposes? A. He was. giving, information on how you could tclL — li you were into Ihe phone company Slvcy were tracing you SO that if you wcrecalti ng illega lly you would know fior a tact that you am being traced Me also gave directions On a diverter and how it works with complete mfomui lion . 0 WJmt information did you ohlain from ibis particular number [yet another number]? A. He gave something known us 800 codes along with ar. — he also gave a number for conference calling. 1 believe that's wlnit i hii i, was. 0- What i n format ion did you receive from WJ-XXXX? A All light. Through him we received a conference call number. He also gave you information L vu how A TAT truces numbers. He tells you, tike . for example, there was one number given OUt Cm the bu Iktin board iior conference galls which is 950-1066 and he explains to you how that is traceable. You should not use that number because a lot of people are getting caught He also Slates that it you call him he will give you a list of Sprint accent numbers and he gives fl pllOiVS Humber to call. Sprint uivif.M member:, ore poised around quite gladly by Sprint. Conference cal/ .numbers are a/to pnid/’y know/edge, in formation opt imciitg is not illegal cither, Q. What information did you get off of Mr. XXXXXXX'is bulletin board (hat would indicate that Red Uurchetta is using this computer for illegal purposed A . He explains to you how to imkc mace, a C02 canister bomb, unstable explosives, a jug bomb, a smoke bomb, something known as a rocket engine bomb and he goes in(o how to use household itcu'ii to make those and the correct mixtures for naiking same . V.ven .’hew people catkin 't dent that ihe its A mendrmlht ftffows for thin kind of thing. So her? It hov: (hey go / around that little hindrance: THE COUR'J : Wei I, what’s wrong with telling the whole world on how to make bombs in their kitchen? PATROLMAN C R Li N IN I E R : Well, number One, is the possibility that someone who- was nnS readily accessible to that in formation now has, it much freer and 1 hat type of person may he m nre likely to use it . 1 n ether words, itX right the re now, It is not something that they have to research. .--4 .m lV far shore BBS operators out there who somehow think tiisi iaimerr rerve any adianragc t/l oil ,. , Q. Okay. Whal other questions d id they ask you for the acceiss? A . If I was a law enforcement officer'. If th is was part of an entrapment, and the third quet;1ion if this was a trap. 0. And you had 1 o respond 10 those questions? A. That is corrocl. 0 You responded in the negative? A. I liac Is correct. + +<+ Since The Private Sector was returned, it arrived with someihing interesting. Ihere was a new, u pda Led userl-ng, which listed the logons lhat wcreattempled while thccompulcr was in the hands of M idd lesex County. 17 k order of the logtms subsequent U> the seizure of the equipment were 00000000,3600 MAGAZINE. MIDDLESEX COUNTY PRO. 2600 MAGAZINE (3 times), KID & CO.. 2600 MAGAZINE (2 times), BROADWAY HACKER LEX LL'THOR , I.DGTC COD. PRIVATE SECTOR, JOHN DOE (4 limes), GRIM REAPER, JOHN DOE f3 times 1 HE ADR LIS H, FORFST RANGER, FLYING DRAGON. JOHN DOE, COL. HOtiAN, JOHN DOC {3 times) PRIVATE SECTOR, EVTI, R AUDIT, SHADOW 2600, DOCTOR DEMENTO, DOCTOR WHO, DOCTOR K . JOSHtTA. FR1K BLOODAXE, KERR ANG K F AN . KID & CO., DAVID LiC H l'M AN , JOHN DOF (b mure tinvesl. You can derive what yon want from tbit. The uscrlog shows. Sliat the flnsl few usem in this list "used'" the system for half-hour pc nod s, up to a Ijuosc 1W0 hours for one of the JOHN DOE logons. After GRIM REAPER they used the svstem between 1 and 1 5 minutes lor each logon. The logons arc datc-slampcd from 7/ 1 2 ,i'g3 to Si 1 3 3/65, but we ate told that the interna ] dock may have screwed up She dates when die computer was Ifiken.... Other office notes: we are sliJL investigating that "magazine” called Ctmspsstei. We already have much information un ibem but in another month wd should have { Continued on page J '-32} SVSTEttflTJCRJ.LV SPEAKING 617 Will Be Divided jYO] Km Kmfcv Tdi 198#, area cade fiE7 (Roslon) will be spli? to provide more phone numbers . The western part of the area code will remain the same while I he res! will have a new, a? yet undetermined area code, Congress Chooses AT&T Jehc* Elrnbi Fi'mt Chesapeake & Potomac Telephone Co., the local Washington area Bell affiliate 1 hat has had the congressional phone contract for the past 1(37 year?., is hitlerly contesting a House Administration Committee decision to Teach out and touch AT&T tor its futuie phone needs. Representative Charles Rose said that AT&T';:, offer was Simply betteT particularly because all the phone-switching equipment would be [united on Capitol Hill grounds, C&P would have its switches in another part of the oily. ■"All conversations will remain on f’apitnt Hill." said Rose, eis ing security threats of cicctremic eavesdropping. Baby Bdls Don't Pay AT&T Bills .VMKWnIi AT&'l has liScd for the recovery from its forma Bell offspring of more Lhan 1ft 7 million for failure lo properly biLI and collect revenues flue it from end-users following Ihe switch <■0 fin access-charge hilling system after divestiture. A'J '& f sa id the I ion Is shfl re of 1 he: bu rd cn, about S^O mill ion, is due fmm New Vurk Tel. An AT&T spokesman said the amounts ire now being formally claimed because of a two-year Statute of limitations on such claims. Other claims range from S7 million against New England Telephone down to i.n3Ci,fKX) from Nevada Hell. Since divestiture, the EOcaL Bell Operating Companies have handled billing for most tong distance and some private-line services. AT&T said Lite claims are a Legal procedure, adding lhal “whenever another company handles billings of that magnitude, you're hound to run inLo problems.” In the complaint. AT&T said that in the case of New Lngland Telephone, il hud been “deprived of revenues' " by “various acts and omissions,” including the failure of New England Telephone to “properly record, assemble, edit. Or process details of switched services calls placed by AT&T Communicat loirs' end users.” Other charges were that the Jetco failed in some instances to properly p re pfi rc find process hi lls for mtssagc-bi lied and bulk- billed Services, and some private-line services. Equal Access 800 Drawbacks C'-armiw.vwrL UfaL Over the nest six months, the Bell operating compan iCS and some independent telephone companies will spend millions ot dollars to make au S-OO-type service available to AT&T’s long- distance rivals, . But despite the ensts, the type of fitXl service they 1 11 fee able to provide will represent an interim offering foul will be inferior to AT&T's. In fact, some of AT&T^s riva Is are unsure they wil I he able to use the seiyict, are uncertain they will benefit from it, and are unconvinced their vuslnmeta will buy it. Lnder terms of the divestiture, the BOCs arc required In provide all long distance Companies with access equal to AT&T’s and that includes access to MX) service, one nl 1 lie nation’s fastest growing longdisLancc products But i hr BOC's won't have the technical capability lo offer service equal to AT&l untLl m'A. tfdb numbers were fu net kming so wel I befo re the d ivesli l ure because AT&T used common channeling interoffice signaling fCCIS), which looks at Lhc 8QQ nUtribcT dialed and translates it into an entirely different number— -the number of the cabcd party, Now the RQC”s have to develop their own method of repliealiog CCTS Encryption Provides Signature IrlrwwV A daLa eucryptitsn scheme promises to oflcT increased •security as well as a way of au Lhenlicating messages sen! over a local area lie I work, according lo the manufacturer M uilsafr is the fl nil m ierocomputer secu rily system to rel v on individual public and private “keys,"' said Ration O'Brien, vice president ol' sales for RS-A Data Security. The system will pc mi it users 10 make one of their keys available to anyone, while keeping the other confidential . The publicly available key- can then he freely t sod to encrypt a file that can be d ecoded only by using the matching private key. In MaiJsafe, public keys arc maintained in a database that is incorporated in the program.. " ! his is really the same thing as provid mg a d igi lal cnv^jnpe,” f>'Bi icn wnid The system also provides the equivalent of an electronic signature, he said, A sender can use his pi i vale keylo encode a message 1 hat can he successfully decoded on ly by the matching public key, so the recipient can determine the Aptbcnlicity of a message. Ihe “signature" will allow com puter Users to transmit information, BUCb as that in a legal or financial document, that was previously Limited to paper transactions to verify the authenticity, he said. Mailsafe is based on the patented RKA Public Key Cryptosystem. The algorithm was developed a! the Massachusetts Institute of Technology in 1 L )7K. Directory Assistance Failure b'L :■» i j i ■ I ecVn Earlier 1 his year, operators in four directory assistance urtifes in area code liffl could not gel into their data bank to find telephone listings because of a computer failure. As a result, ihe operators were forced to Look up inquiries manually in photic hooks and only for emcrgeiscy requests. An cstimaied 50.00U directory assistance calls were affected Dial “00” For Operator MKUW'i. Very soon, eresi outers of Pacific Bell will ]ta ve to d ial “OP” to reach the standard A'J &T operators If they dial "IT they will resell new Pad fie Bell operators. The change is pan of the divestiture. T< was decided that the Bell Operating Companies would provide Sheir own operators, primarily for assisting Callers in making intra-LATA calls. Tilts part of the breakup will require AT&T to give up its precious, "O'", T-Tl PLEASE BE PATIENT! If you ordered back issues and you haven't yet received them, they are probably still being processed. We have been deluged with orders over the last few months and we've had to reorder just about every issue. Please allow four to six weeks for delivery. If we can get them out faster, we will. Call (516) 751-2600 if you have questions. EQUIPMENT Security, Privacy, Police Surveillance, Countermeasures. Telephone BOOKS Plans. Secret Repents, Forbidden Knowledge *■* JULND iXhtfi FQH i A RVF f A T>l ! Off 0#£ fhA ft i MU 7£S SHERWOOD COMMUNICATIONS Philmcml Commons 2.7159 PhilmonE Avenue Suite If 1 OlfT Huntingdon Valley, PA 19006 THIS MONTH fCf> nf mut'd t from p eg? J-30) enough to sturt jetting some t efunds its well as find out who, if anyone, is commanding them, For now. we can tell you that these people arc definitely the same tines behind the magSEirte wh ich oamc 0U1 ini he mid seventies cal led 7VJ Thfi [ maga/ine was busted by the phone company tor publishing "trade fences". Now Hit same people are hack, only this lime itY phones or rrf computers in a marine that never comes out and has access to a whole lot of money. A curious sitws Icon indeed . Much thunks 1o the 2600 West -Coast invcsl i pitiv-e team for whut 1 hey re about to do. . .Yes, we wore supposed to announce our meeting 1 ime and plate in 1 his month s issue. But wcVj hud a surprising lack Of input from our readers. WV: want to have a meeting in New York and other cities. Hot we need to know if people aie interested enough Lo attend. Wo also need help gelling a room fdr such an event- rolling special: a meeting mom at any college would do just fine. Call sls — wip'd like tor you to be a pan of ihc many -changes we have planned.. ..Regarding the problems we mentioned last mcuiLh aboul CompuServe, we recently received a full refund. Let's all hope 1 hey learned their lesson. □ TDD SAH HAW THfi Shift TO ADHfTlSC VflUR IfiSl Sslw 1 H* I ■ 4 S 3 atw S« 0 VV FBS UBSJWv. u mr. * * For The Serious Published 12 Times GLOSSY PAGES PHflEAKING AHTICL CRACKING TIPS HACKING SECTIONS INTERVIEWS GAME GH AND MUCH 3-32