2600 Magazine - Volume 1, Number 7 July, 1984 n: i-sura: thaAg Admoot everyone to tzg&csyxd thia to some extent, though ;*Qine ^.c^Tspj^.^.iO far hftiffr s ha '^jC}|Jh|C^ rgrcat deaJ ^K?ptd Tpcflgnl^-^^ ^^a^ea^ :l £ , Wbai> the 'tfiFferpr**? The tjvo are dtj^itel^ plated. no denying that , 1 But ! they art fair Trprii identical One; erf J^nwst outstanding differences lies in the Act that people wiki dfaiin to he ’’^afraid” of compute rs ( vi hither it V because of their efficiency, rapid growth, of wtoeVet>teitf iofc^ the things. But people wh&.iA^unilfentaitd computed are the ones who are running and rt&ubltifig them. ■-. . .= --, :.(twt ^fithjki ; m*=rt|>ottcd that -.Tom Teimpidii; who operates a computer bulletin board system from his home intb^|j^^igtJ^ 4 rtA T . j^^^uipjT^tjrei^ by the ^Os An^ksPolioe Depffltra^tJ Why? .S^.ehodyv y if be re had called up his^ystem an£ lefian AT AT cipdit rtl r! ... i fie Teltphouit fcyiklcut: to rfejt it& hiu^cfcs- drfficiafs 1 Thyolve^ m the cas? l insiit tfiai the "system ’operator be ^jjfp.'The itibhWHd appl^rited t+kle s^kkrt-Vr rrii rrl: ; Sd fWrfci-r Cbtirt Judge Robert Fratianne, was quoted in info Wo r Id a.<*ayi tf£- * As -fat a s [cahset, for someone 'to vUtifhntif-^br^riiytJttft! crirtte:; (Hfcy to hiivt the knowledge, the: sowipratTiiV’ and; the atou toanillegflt fiuMn] |u^rdi^l^^An^n«j£njcrw wMrhe’s talking alwui^WhatJm the rid , js^.R r^^boM^l Jciptf flqitipnvnl is^ liking The ■,pTi|ly ^yipmeot here.is a b^c p^puicc!^ aruodicFg^K;le< oa^gfibe officials claims that he knows all about this, kind of. thing, because he saw Wgr Gomes , Ihefilm where. a Laities to start a nuclear wtur. Ferheps he didn't seethe same film as fne rest of the world, but in any etent, seeing Odmes, whether you understand it or not, doesn't make -you an automatic expert on Anything having to do with computers! This is what is known as aggressive ignorance. Another fun thing that happened lasTmotithwai theTRW escapade. The ration was shocked to find out that the TRW computer, which houses credit inf-armatittvon a large number of people, might have bccn broMQ iptt>. Nobody, knew what, hadeven happened! Did someone raid ^systemand destroy or chongemfo? Did the feds bust another p&R for posting “illegal" jjifq?Wepe real criminals involved this time? Did a large b|U get Bent loan innocent corporation? According to all of the articles thai have been written, not one of the above happened, but they all could have happened, So where is the story?! Are they saying that the worst thing that happened here was the posting of this nifty ifnbrhtstibn somewhere? Well, that> not even interest mgrinoe any employee that uses the system couM tell someone ekcahtitit.Lt at any moment, • -■■■■' Again, what we. are B«ing here it aJoiture to -appreciate the full implications of such a thing. There is a story in this whole TRW thing. out a , howdoyou fed abtiwfrNingiHtegmirad? ™'y Ptrlb^ckpageg^f^r witVed^^^san* space 3l f caube^wd^ We " 1 J □ n tT th y could figure out a mytohirajf into 'lishlpg these Tjfofg *b uuFa£mkA£ *c#k.a> jfos&ibb can become aware of the wide avalkbifA^ of i ricr^Bi r^fy ^r^> ni l tidbits and hoW this! can ttffertvs foi- (hpq rtst of our lives, Well! doing this so that people can realize how easy it is for items to ; be altered and for assumptions to be rnude by people hading tfc& daW/ : t «A : iat the aasnpte pdnacM, and. rf its ct^-iM^lTOLBs miiprk<(rt yiu^Try to lipfkgjbql^ thti rtjjugh ** .qg uJd>feeco ttA iivten ytjani writh j mpmfftne nts •fffiwns gf pcil^hfnjodtwA The FBI ji'. docBhT matter if most of the irtfo^natidr« lS :iri4iiy wfd^.tM people will mad it. Nobody xtants 1 to' read sibout htitv wieYe f^ihg whatever freedom wc have left, liot tda^ machine, but to the people running the nwchi'tK; 1 t's depressing to heat about your entire life story being written to disk somewhere and to know that there^ not a thing you can do about ih But, like k or not, this is exactly what's happening. Ilk quite possible that TRW has a file on you t]ra.t eon be checked and appended by people all over the place, [ts ^boieolirely possible that some of that information is- wrong, Aud it S a fact ih'^J claims no responsibility for the accuracy of this info. But even if all of im^reis^ed. bo^ri L : Whkimiftyare Hpt rtilnlitlglj ^(Mijnsco^f^eitiut^s^^ ' E -dOmpbl^SvWhht kijft liFa ; sticreiy art kcfieadirtg tbw^#tSki wants .■ tor keep ■tlose 1 jie^heTdata tih Re^rdiess of k+ietlitr or not one is on the right side of lire law, nobody wants Jeverytfiin g Ubo* "" j th empire to>wm ftVe all bimou r, secim sand moveayiieaH kkeTR\ . vyill luake^^prn^ .^retis.: ng^y. ban} kcepj Jto atwoedUng to , p*p*j>, t t*yt bjg^ probto^jthriximpute^ utf the habere. People wtredo little more than type fiiwrtf jaumbeps ; ont^a.te^rqjnal and do a little bit of thinking are. refereed' to fl^rmai^as.^^ylcr geniuses and computer bandits by lire media. Arid ready every stbty written about such things k full of astronomical kpses. mtakfor- mat ion, corporate sympathy, and iht obligatory Donn Parkerquotes. Tfw Washington Bolt recently did a three-parl stoiy on “odbiptiter crime? 'which said absolutely nothing : It- £tm\d ^ : liev i e , 'bben mamu&ctured by^ a Computer program f.' ■ r>T Meanwhile, Icgislaiofs are trippipg -over themselves- trying id: get laws passed- to control these computer people before they fnkftoyefJhc ■world . The intensity with which the FBI h&sehased hadeer^ Uf Repast year or so indicates the power they think those withco^pot^ have or are capable of achieving. And most of this fuss is bjwi^jiadt over people simply accessing other systems. What in the wpr^|^jp|mg to be the reaction when people finally start to use the computers, to calculate arid design? A new bill has: been proposed to outlaw computer crime- Ufi*i/ibai wonderful? Do you know what they consider ft computer tirime? Personal use of a computer in the workplace. This meam that if an : , pffree worker were to open a file and write a note to himself Rmioditlg r hunto ^op^Vtheri^re lateflori, ta&Hre emwniktmga fclooy^Flw»are .r .flSpjii Mte ^rbitts ji^ut womW ftwrtwre committed with the help of computera. In other words, stealing is v steal^but st^llbg witha.coippjit^ iss^li^an4aJb^fr.r, r even/thing .m its wwer to. preyenf- the soyrets go® obtaining -cdmpUfeix lilit ire p^tfciiilly "a 4ible a d bii ri here ^ i bti 1 d this possibly achieve in the long run? And why pick bn'tht^ - ^pilic ? *\ It s not a weapon in itself, but merely a Urol. A vifc/tool , vti buWtih tool. It's clear that computer people are in for an era of- harassment from the authorities, who havenT been this riled up since Prohibition. And . everyone clre.vrijl be fating itfrgm the.computcrohuiet^srtoiKist oft trrpking ovefychirig ^at We pan aiiryisft by i[t*ying^nkc But we'd better start working on it. 1 MCI MAIL: The Adventure Continues You really have to hand it to thou folks over at MCI. Pint they tackle Ma Bell arid nowtheyYe going after the U.S, Postal Service! MCI Mail's slogan, “The Nation's New Postal System,” is printed on every bright orange envelope that they send through, you guessed it. U.S. Mail. On this system a user is assigned a “mailbox 7 ' that he can use to send and receive mail. Sending is done either electronically, that is. to other people with MCI mailboxes or through the post office, which covers everybody etoe in the worid. The first type of letter will cost you 5 L for the first three pages while the second type is double the cost. It's also possible to send an overnight letter ($6) ora four-hour letter (S25) to some places. The purpose of MCI Mail L$ to stimulate the use of electronic mail by making it more accessible to the average person. For that we must give them credit — anybody can get an account on this system? There is no start-up fee and no monthly fee of any kind. To gel an account, all you have to do is call thenv— either by voice ordata. If youcall by data (see page 5 of April issue of 2600 for number*), you 11 have to enter REGISTER as the username and REGISTER as the password. The rest is self- explanatory. After a couple of weeks, youll get in the mail (regular mail, that is) a big orange envelope that has, among other things, your password. With this info, you're now free to log Onto the system, look for people you know, send and retrieve messages, read all of their help files, or even hop onto the Dow Jones News Service (watch it though — that can get pretty expensive!) The system is set up on a network of Vaxes throughout the country. They Ye been operating since September I9&3 and claim to have over 100,000 subscribers. Many of these are actually subscribers to the Dow Jones service, who are automatically given MCI Mail accounts whether they want them or not. While the rates aren’t overly expensive, they Ye certainly not cheap. Mailing regular letters is much cheaper and often just as fast since not eve ly M Cl Mail user checks their mailbox every day. Apart from that, though, there are many problems with the system as it stands now. For one thing, it can take foiever getting on it, particularly through the SQ0 numbers. When you finally do get a carrier, you should get a message like this after hitting two returns: Fort 21. Please enter your user name: Enter the username you selected and the password they assigned you. It should say, “Connection initiated ..-.Opened.* 1 From that point on, you're in. But the system will often appear to be bogged down. Often you have to hit twenty returns instead of two. Sometimes the system won't let you in because all connections are “busy". Otheriimes it willjustdrop the earner Real mailboxes don't do that. Another thing that will drive you crazy are the menus. Every time you enter a command, you get a whole new menu to choose from. If you're at 300 baud, this can get pretty annoying, especially if you know what all the options ait. There art two ways around this: get the advanced version, which allows you to enter multi-word commands and even store some files, at a cost of $10 per month, or simply hit a control O. One part of the system that works fast and is very convenient is the user info. As soon as you type the command CREATE to begin writing® letter, youll be asked whoyou want to stud it to. Enter cither the person's last name, first initial and last name, or username (which is usually one of the first two, but which can be almost anything the user desires). Immediately, youll get a list of everyone with that name, as well as their city and state, which often don't fn properly on the line. Then are no reports of any wildcards that allow you to see everybody At once. (The closest thing is *R, which will show all of the usernames that you Ye sending to.) It safe’ impossible fur a user not to be seen if you get his name or alias right. It's a good free information retrieval system. But there's more. MCI Mail can also be used as a free word processor of sorts. The system will allow you to enters letter, or for that matter, a manuscript. You can then hang tip and do other things, come back within 24 hours, and your words will still be there. You can conceivably list them out using your own printer on a fresh sheet of paper and send it through the mail ail by yourself, thus sparing MCI MaiJ^ laser printer the trouble. You Could also shale your account with somebody else and constantly leave unsent drafts for each other. Again, they have to be retrieved within 24 hours. Yet another way of getting "free" service from these people is to obtain many different accounts. There docsnY seem to be any kind of a limit on this and since each account comes with 52 of free messages, a few accounts can get you quite a bit of free service. And, of course, there's no charge for receding messages on any of these accounts, 2600 has learned of several penetrations onto MCI Mail by hackers. This isnY really surprising considering (a) there are multiple usernames, i.e. John Smith's username would always default to JSMITH, which means that several passwords can work for one username: (b) all passwords seem to follow a similar pattern— & character* with the odd-numbered characters always being consonants and the even-numbered ones always being vowels — any true hacker would obtain several accounts and look fpr any correspondence between the random password and the account number everyone is assigned; (c) MCI Mail doesn't hang up after repeated tries— the only thing that will make it disconnect intentionally is inactivity on your part. But by far the biggest blunder that MCI Mail has made is not found on t(je system. It lies in their bills. There iy/io carry-over from month to month f If you get billed for S& one month and you don Y pay it , then proceed to use the system for S3 more the next month, your next bill will only show the S3! The 58 has vanished! (This is by far the dumbest mistake we have ever reported in these pages.) You'll find quite a few unanswered questions in your travels through MCI Mail, which you can try to solve by reading the HELP files or by sending a free message to MCIHELP. It usually takes them a couple of days to respond to you instantly, however. There are some software lapses as well. The system seems to be patterned largely after GTE Telemail, but it never really reaches that level of clarity. A small example oan be seen in the 'Scan tables, which have a heading of Prom, Subject, Size, etc. On outbound messages, the name of the person you're sending to appears under the From heading? Pretty silly. MCI Mail shows every indication of overspending with a passion. Free messages, free accounts, sloppy programming, toll-free dialups, single sheets of paper (like their bills) sent in huge envelopes, etc. Either they Ye very optimistic out there or they Ye very naive. (MCI Mail can be reached at 8004246677.) 2 n>fnhw#d N«*n Seurat* The city of New York has come up with a new way to fight parking scofflaws. It + s called SIDNEY- -Summons Issuing Device for NEw York. It's a handheld computer terminal that will be able to get information about License plate numbers that are “suspected" of being attached to scofflaws. The device weighs less than five pounds and looks rather like a calculator. It would ask whoever was operating it to enter the color, make, model, registration expiration, location, time, and nature of violation. SIDNEY would then prim out a water- proof parking ticket and at the same time check its HhQOQ-plate memory to see if the license plate belonged to a scofflaw or a stolen car. An appropriate message would then be flashed on the screen. Details of each ticket issued would be stored in the device and entered automatically into the main computer system each day. There hasn’t been much talk circulating about what will happen when these things get stolen and fake tickets are handed out by the thousands. It is expected that these creatures will be turned loose into the hands of meter-maids within two years. The contract for producing SIDNEY has tentatively been awarded to Citisource of New Jersey. Bell to AT&T: Get Lost! ^WKiated Pilu One of the so-called “Baby Bells" is displaying its Lndepen- " v . dence front its former parent— AT&T. Southwestern Bell says it + s chosen GTE Sprint to provide long-distance telephone service for its Houston operation. By using GTE Sprint instead of AT&T, Southwestern Bell figures to save about fifty thousand dollars. Long distance service from Houston currently costs the former Bell system unit about $300,000 a year, GTE Sprint will replace AT&T in Houston in mid-August. Five Arrested in Phone Fraud The hew York Tim Five Manhattan residents were arrested last month on charges of defrauding the New York Telephone Company by . making more than 1 ,500 illegal telephone calls, mostly to the Dominican Republic, in a three-day period. The Manhattan District Attorney^ office said the suspects used “blue boxes** to make the calls. The five were charged with possession of burglary loots and theft of services. One was also charged with selling a stolen credit card number to an undercover investigator and using such numbers to make calls for other people. He could get four yeare for his trouble. Supposedly, the suspects were offering neighbors low-cost lopg distance calls, however they frequently charged more than the cost of legitimate calls! An Official Crackdown on Hackers Contained hw&WKfr According to Rep, William Hughes (D-N.J.), computer ^ crime is increasing by Icapsftnd bounds. Speaking on the House floor, Hughes said, “It's time we recognised that computer — ^ 1 hackers* who intrude into data banks are not just mischievous kids looking for fun. They're engaging in illegal activities which pose potentially serious threats to our society." He urged quick passage of the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984* being sponsored by him and eight other House members, including Democrats and Republicans. Die House Judiciary Committee took a step towards making it a crime for hackers to break into systems such as TRW by adopting an amendment by Rep. Dan GLickman (D-Kan.). His proposal would make it a misdemeanor to raid computer files containing private credit histories or banking information. A subcommittee staff lawyer said the bill would dose loopholes in existing federal and state laws by making it a felony offense to access a computer without authorization and with intent to defraud, if that act enables the perpetrator to obtain anything worth at least $5,000 over a one-year period or any classified government information. The bill is expected to come before the full House either late this month or in early August. Pay Telephones Deregulated MW Ski-vet On June 15, the FCC decided to allow justabout anybody to get involved in the pay phone business. Up until now, pay phones have been provided by whichever local company serves the area. But with this new ruling, all kinds of new companies will be seen. In fact, some phones may even have different prices! And, of course, it's to be expected that each of these new types of phones will have their own quirks and bugs. Look for Matrix, Tonka, and Paytel phones in the near future. Of course, there will be disadvantages. Some phones will only be able to dial locally. Others won't be able to reach 9 1 1 or information. Many will probably be rotary and most will certainly break down more frequently. Still, diveraity is what makes this entire field so interesting. “You Must First Dia! a One...” AHoraTed Preii As of July 1 st, 3 million customers in New Jersey had to start dialioga one before area codes when calling long distance. This leaves 302 and 516 as the last remaining areas in the countiy that donX have to do this. Company officials say the new system was introduced to provide 152 more exchanges to meet increasing customer demand. Under the new system. New Jersey Bell will begin using certain area codes as telephone exchanges. They will avoid using area codes of neighboring states to prevent mass confusion. Information News OimlMad Krturcfa Starting this month, MCI will connect subscribers to long distance information just like AT&T does. And, like AT&T, MCI will offer two free information calls per month, provided their service is used for at least two long distance calls in that same month. After that, they will charge for a call to informal ion, just Like AT&T does! So what's the difference? In the price, of course. AT&T charges a hefty fifty cents for each call to directory assistance, while MCI will be under-selling them with an affordable 45e, Good old capitalism. In another development, a computer program to help find a telephone number without complete information from the caller has been patented by Richard H. Boivie for Bell Labs. In cases where the caller can give the. information operator the name of the person being sought, but is unsure about the spelling, the computer will trace alternative spellings. It will also sort through different addresses for the most Likely candidates. INTRODUCING THE CLEAR BOX! A new device has ju&t been invented. Uncalled thc H dearbon" [(can be used throughout Canada and through rum] United SHKt- This interesting gadget works on ‘"post-pay'" payphones* in other words, those phones that don't require payment until after the connection has been established. You pick up the phone, get a dial tone, dial your number, and then put in your coins after Ihe person answers. If you donT deposit money, you can't speak to the person at (he other end, because your mouthpiece is cut off — but not your earpiece. fYs, you can make free calls to the matter, etc. from such phones.) In order to bypass this, al! one has todo is visit a nearby electronics store, get a 4-transistor amplifier and a telephone suction cup induction pick-up. The induction pick -up would be hooked up as it normally would to record a conversation, except that it would be plugged into the output of the amplifier and a microphone would be hooked to the input So when the party answers, the caller could apeak through the little microphone instead, his voice would then go through the amplifier* out the induction coil, and into the back of the receiver where h would then be broadcast through the phone lines and the other party would be able to hear the caJkr. The clear box thus "clean" up the problem of not being heard. The line will not cut off after a certain amount of time— it will wait forever for the coins to drop in. . Many independents are moving towards this kind of stupid payphone system. For one thing, it*s a Cheap way of getting DTF {dial tone first) service. It doesnlt require arty special equipment- That type of payphone will work onany kind of a phone line. Nwmsllys payphone line is different, but this isiusta regular phone line and ii^ set up so that the payphone does all of the charging, not the CO. With the recent deregulation of payphones, this kind of a system could become very popular LETTERS FROM OUR READERS 6/I4/S4 Dm - 2600 : A few exchanges in my vicinity have recently upgraded their switching equipment. On 11/5/83, 914-268 switched from a SxS to a Northern Telecom DMS 100. 914-634 & 638 also switched from a No. 5 Crossbar to a DMS1Q0 on 6/9/ 84. Through trashing, 99XX scanning, and “social engineering,” 1 have found out the following: The suffix 990 1 is a Verification" recording. In 268:9903,9906,9909,991 1, 9912, & 991 3 are all various recordings. Another neat function on DMS 100 is that you can hear the MF tones after most calls. NYTelco calls this the sound of their new system helping to serve you better. Also, these CD's are under NYTelco jurisdiction. Yet. they bought from Northern Telecom DMS100 instead of a "nice” ESS system from Western Electric. Could this be the break-up at work? This equipment offers ESS functions such as call waiting, call forwarding, dial-tone^first fortresses, etc. My question is: What type of toll-fraud equipment is standard or optional for the DMS 1 00? Does it record everything like a pen register? Etc... Curious Dear Curious: First off, our compliments on your ability to notice the changes that most people miss. As far as your 9901 discovery* many exchanges in your area have been known to do that. If you dial XXX -9901 , you'll hear a computer read the exchange and area code. It doesn't really serve much of a purpose. But interesting things can always be found in the 99XX area, if your company uses it. Concerning the DMSIG0* it is the break-up of the Bell System to an extent. New York Telephone has been buying equipment from Northern Telecom for some time now. But since the divestiture* they've become a little more flagrant about it. You'll see quite a bit more experimentation with products from other suppliers in the near future. The DMSIQO is a very good switch, but it's got certain drawbacks as far as phone phreaking is concerned. It does have certain “devices", These don't work exactly 3 ike a pen register, but they wind up having the same effect. What is done is this: if you happen to send a 2600 Hertz tone down the line, DM 5 100 will make a Computer record of whatever you did in the surrounding time. They automatically investigate your line if this is detected more than an undeteimined amount of times. This is where the pen register comes in. The system is already equipped to handle a pen register through a special box in the exchange that> set up entirely for that purpose. This box ties into their automatic surveillance equipment. So it's kind of a two step process, but the DMS 1 00 makes it much easier. So far, we haven't been able to find any advantages (or bugs) in a DM SI 00, We will continue to look, though. Regarding the MF tones* they're simply not being filtered as they are in most places. The GTD#5 (nude by GTE) and the DMSIQO both* as a rule, only filter about ten percent of the MF tones. They also don’t filter out rotary outpulses, whenever they exist. Perhaps it's a way of cutting comers, DMS 100, as you know, sounds just like ESS. About the only way you can tell if youVe dialed into one is if you hear absolutely no clicks or pops when the party answer** as you do with ESS, crossbar, and step. Instead you hear a real faint, mild tick. When dialing out on one, you won't hear any clicks either. Dear 260ft I hear you people are keen on answering people's questions, so answer me this: What ever happened to that operator who was so damn nasty that she refused to call that ambulance for this guy's dying mother just because be used a couple of cuz words on the telephone? By the way, the lady died a horrible violent death, I think. (1 think the operator didn't die yet.) Oh yea, 1 also think that there was some aorta lawsuit against the nasty -oppy or the telco or someone. RC Dew RC The incident you're referring to took place a few months ago. It happened in Dallas, Texas and it concerned a man who was trying to get an ambulance for his mother-in-law who was having a massive heart attack. Not only did the operator refuse to send an ambulance until the woman herself got on the phone, but her supervisor aho got on the line and said something to the effect of, "Sir, if you don't quit cussing out the operator, I'm going to have to hang up on you." The operator was fired and the supervisor demoted. But both are currently claiming that they were only following orders. The city of Dallas allegedly said that at all costs an ambulance should nit he sent out unless it was an extremely life threatening situation. Anonymous people have even come forward and claimed that bonuses were offered to those who sent the least amount of ambulances out! We should say that thii doesn't involve the phone company, since it wasn't their operators who handled this call. Any lawsuits would be against ihe city of Dallas, in all likelihood. It's also interesting to note that there is no9l 1 service in Dallas. Residents there dial 744-4444 instead, perhaps an advanced 9 1 1 service might cut back on the fake calls they're supposedly plagued with since such systems immediately truce hack the number calling and do an instant CNA on it. (Wriit to Box 752, MtikBc hhmt, NY I&S3 MCI Mail t&. 2600.J 2600 page 5 TRW Information Services is America's largest credit reporting institute, containing the credit histories of over 90 million Americans online. . Recently it was reported thata password belonging to Sears, Roebuck, A Co H was stolen. TRW and the media are currently circulating several conflicting reports about the use of the account. Some reports insist that the account was never used illegitimately. Others say that 'criminals* used the account to pillage credit card numbers to illegally buy goods and services while knowing the account limit. Another account of the incidents) says it was merely hackers exploring a very interesting system. It seems hard to believe that hackers managed to infiltrate TRW, since the system is basically user spiteful* but they seem to have pulled it off. Once the subscriber initiates a connection with one of the many dial-ups* located in most major cities, the system will hospital is given as the main address, 33333 would be vied as the house number. When an address is General Delivery, 44444 would be the house number and G would-be the street name. Others; ITS, Air Fmnce* 55555 A; U.S. Army, 66666 A; U " Coast Guard, 77777 C; VS, Marines, ftflggg Mi ITS* N* 99999 N .) AssumLig the subscriber is calling from a California business and he is requesting areport on Winston Smith at 3 Main Street, Anytovm, CA 90003 he would type the following after the controFQ: TCA2 (This identifies the subscriber as being from CA) RTS 33xxxxxAB€ SMITH WINSTON 3M9M03, In this case, the subscriber password was ABC and the account number was represented by 33 hmx. At this stage* he can request the report printout by typing a terminating controls or he can tell the computer some information that it will then record into the account. This is identify itself with TRW. It will then wait for the subscriber to send an appropriate answerback (such as a controTG). Once this has bent done, the system will say CIRCUIT BUILDING IN PROGRESS along with a few numbers. After this, it dears the screen (CtrJ-L) followed by a coutrol-Q* Once the control-Q is sent, the system i s ready to accept the subscriber's request. The subscriber must first type a 4 character preamble which identifies the geographical area of the subscriber's account. For example: TCA1 - for certain Caflfomia & vicinity idMcribrn TCA2 - a second TRW system In OUtfcmla TNJ1 - their New Jeney database TCAl forte fTtniffi rinfihanr The subscriber then types a carriage return (followed by an optional 3 line feeds). On tbe next line* be must type his 3 character option. Moat requests use the RTS option. OPx, RTx, and a few others exist. Some of these* such as RTA* return you with an error saying that this option is used for credit bureau collection activity only. TRW will accept an A* C, or 5 as the third character. After the option (RTS)* a space must be skipped, and then a 1 digit subscriber code is typed in. The first two digits represent the region in which the subscriber is located and the subscriber's industry* respectively. Trii*] Trite n 1 - TVW Eoteiii h«|H O.priHcftwc rf 2 - Tgw Mldwwteffl Kt&n l - Bari 3 - THW W«rin 2 - Ciril Cud 4 - MteSnlirirCriiMn 3 - Rrtri 5 - * A - tntfl C«nl known as using tbe second line, which is entirely optional. The first option that can be specified here is a previous address. This can be done by typing P- followed by the house number, a space, the first letter of the street* another space, and the full up. For example, if Mr. Smith previously Jived at 2600 Elm Street in New York City* the subscriber would type the following: P-2600 E 1000 1 . He can then type a comma after this and move onto another option. If Mr. Smith had another previous address* the subsenbercan enter it in the same fashion as above (after the comma) ifbe omits the P and the dash. This is followed by a comma also. He can then enter in Mr Smith's Social Security number in the format of S-l 234567890. If this is followed by a comma, he can then enter A-age or Y-year of birth (4 digits* e.g. t 1964). The subscriber can next enter in information telling how much money Mr, Smith has requested and/or on what type of account This is done by typing T- followed by a two digit account type* a 3 digit terms* and a 3 digit amount code. For instance* for a credit caid account (which happens to be #18), with a limit of S100 (001 >, which ~ ~> being financed for 24 (024) months, be would type: T- 1 80240C This information will show up as an inquiry under the subscriber’s name on Mr. Smith’s account. There is one final option on line 2 which prints a beading at the top of the page (TRW supplies pre-printed forms with “nice* columns). If the subscriber cannot afford to buy their paper, he would probably type H-Y to get the heading. The last option on Iine2 is followed by a comma* carriage return* and an optional line teed. For example: TCA2 * - OdwflrinnidiiiiatHki J ■ L« Ftent wfeMn hum Ktfton ft i - S*k* F lmwrr ■" t jjnr rrtel nri ijg tT rn 7 - Cnrii Unto* 7 ' othtt wtUlte Wtriffl lltftan I , Sntaw * 1* ft - Otfwt* Wrin R**k*i < - S tnkt & mftwtawl Using the tables above* it is evident that the stolen Scars Password from Sacramento must begin with a 33 . identifying it as from the Western Region and as being a retail store. Once the subscriber enters his 7 d igit subscriber code which is printed along on tbe reports, he then appends a 3-4 character password immediately after it. ( In the Scars example, the whole thing was: 3319122NXK. This code has allegedly been floating around hacker circles for at taut two years!) Following this* he must type a space and then the full Last name of the person he wants a report on. This is followed by another space and the full first name. After this comes yet another space. Now the subscriber has 3 optional parameters. He can just type 3 periods after the first name and space or he can fill them in. The first period can be replaced by the person's middle initial* tbe second by the spouse's first initial* and the third by an S or a J which indicates Senior and Junior respectively. The last of the three parameters is followed by a comma. This is immediately followed by the house numberand a space. After the space, he then places the first letter of the street name. For example* he would type M for Main Street, a # fora P.O. box, or 3 for 32nd Street. This single character is then followed by the 5 digit zip code (mandatory) and a final comma. After the zip* he would hit carriage return and an optional line feed. (There are some special conditions which can apply to the house number — if an institution such as a school, motel, or RTS 33mmABC SMITH WINSTON ...,3 M 900*3, P'260* E 19*01 4313 M »1C2^-1234567?W 1 Y-19*4,T-1 *0240*1 t This can then be finally entered by typing a control-S. Rut wait! Thafte not all. The subscriber has one more option. He can specify the person^ employer. Let's suppose that Mr. Smith works for NYTelco Security at 1095 Avenue of the Americas in New York City. The subscriber would then type: E-NYTELCG SECUR1TY/1095 AVENUE OF THE AM W NEW YORK 10036 After this he would enter the familiar carriage return and optional line feed. (TRW emphasizes to their subscribers that this area is for the name and address of the employment only, not occupation or source of income- “Do not use terms such as 'housewife,’ ‘retired,’ ‘welfare 1 or ‘unemployed 'which could be considered damaging to the applicant*" a special warning reads.) Since this is the last bit of information that the subscriber can enter, he is now forced to type the inevitable control-S. The first line of the actual printout sends the page number, the date, the time* the port number, and the H/ V P).It will then print the person Y address and their employer. After this it should print the person’s actual credit history. Each individu^ v account entry Lakes up 2 lines. In the first line* the accou. profile, subscriber’s name and TRW account number, theiri" association code, and the individual Is account number with the subscriberare listed. The A on the left i s the account profile. A means that the subscriber (SAKS FIFTH* as an example) transmitted this information automatically from theircomputer (as opposed to an M, which means that the subscriber manually 5 TRW: Big Business is Watching You pr. d forma with the info). The position of the A (or M) indicated a positive, non-mted, or negative rating (P/N) of the account, lit this example* the A is under the P T therefore it refteoLs positively upon the account The person hat an account with Saks Fifth Avenue. Saks' subscriber number onTRW is I J475l5.The person's account number with Saks is 26000000, On the second line of each entry, the account status, date (last) reported, the date the aooounl was opened, the type of account, the credit limit, current balance, and a credit profile are listed. For example, on the second line of the Saks entry, CURR ACCT indicates that it is a cdfrently active revolving (REV) charge (CHG) aa'ount that was opened in October I9S0. The account has a S6700 credit limit and as of April 5, 1984, the person had a $55 balance on the account. The C*i and dashes indicate how the person pays the account. In March (one month prior to the balance data of the account was paid on time. In February , two months prior to the balance date, the account was also paid on time. In January (J)> the account was thirty days past due (I “30, 2=60, 3=90, etc ). Ln December, the account was not reported by Saks as indicated by a dish. In October, the account was sixty days past due. Court judgments, tax Ikns, and other interesting facts are also recorded- Thc person may also have a 10C word or less statement in the Etc explaining certain entries in their account. (There is also another TRW service for business reports (similar to Dutm &. Bradstrcct) which has an entirely different set of subscriber codesand passwords, as well as access procedure) TRW doe silt like to be held Up for anyone. Therefore* if the subscriber vegetates for more than a few seconds (i.e., he is send tug nor receiving anything), TRW will abruptly a ft V ICE INTERRUPTED; PLEASE REDIAL (EM) as it log* him off. Incidentally, any information that the subscriber types on lines 2 or 3 (i.e, age, social security number, employer, etc.) L& automatically recorded on that person’s File. Any previous information on the option is d iscarded (in most cases). Technically, if a hacker hacked out an account belonging to a supreme court or other such institution, be could use the T -option to hack out the code for JUDGMENT^ TAX l LIENS, and other neat things. He would then be able to modify anyone's account to report them bankrupt or that a judgment was handed down. Hacking passwords h still reported to be very easy, Assuming that someone is trying to guess a password to a 3xxxxxx account, the following could be done: TCAI RTS 3909000 AAA (return, controFS) and the system fliponds with: *■ ii ** INVALID SECURITY PASSWORD and the hacker types: TCAI RTS 3909009AAB (return, control-S) and the system responds with: « xx •* format ERROR The hacker has correctly guessed the password — it accepted the password but didn't End a name field. Since account numbers arc very easy to get ahold of, the password is the only real challenge. Thai, and the fact that the system operates on half duplex, even parity, 7 bits, and 1 stop bits, which might catch a few by surprise. All accounts can do reports on anyone in the United States i^^tsafile. For example, if a California account requested d, n a person in New York, the system would simply switch over to its New Jersey database to accomodate tbe request. A few states though, &uch as Tennessee, have government control over credit information. Thus, people from that state cannot be found on TRW, Can you he? TCA2 UTS I234567A6C SMITH WlffiTM ...*3 M 9*0 $ t _ __. MM £ 1*01.1313 n 561ttS-l£M567a»¥-19B4,T-J*£*i, E-NYTELCfl SEEURITY/1W5 AVENUE OF TIC ft€R/l€H YDffi 1*36 1 04-63-04 15:25:02 WINSTON SMITH 3 WIN ST LOS ANGELES Cfl AN23 005 WITH TCfii 4-64 wren security ins AttNUE OF THE WER l€U YORK 1*36 / N SUBSCRIBER MAC STATUS DATE COVENT REFT SUBFt t ASft DATE TYPE TEW AfT OPEN ACCOUNT t MONTHS PRIOR ML MUKE APOUjT TO BfiLMJE DATE PAST DIE 123436769012 -FILE [SENT r SSI 15 123456769tr SfBJSE 1NIT IS JtYQB IS 1964 B OF A TOD m RT 4-64 SPH CURR ACCT 16*¥ A C SUCKER B#K CURR ACCT 4-64 A SEARS CURS ACCT 3-79 A mpxm CURR peer 4-64 A NAY CO CURR ACCT 4-64 A BULLOCKS CURR ACCT 3-64 A J N ROBINSONS OJRfl ACCT 4-04 CARTE DLAN0C CURR ACCT 12-63 3111344 5 b* PUT 46 31113* 0 HFV CHS KV *1* 31*354 l 5-77 C/C IEV 92*1 3313642 « 16-Y ISC 14 tin 33743* 1 3-63 Oil REV til* 3374510 1 0- 61 CHS REV -tl* 33714* 1 1- 77 CHS REV 93* 3371553 4 7-62 CHB REV $4* 1 1 160* 96* 4-10-64 «2H r _fc 17:04. £ * a *» ' 4-IH4. 3E0MN0M 136 4-16-64 4133 3-09-64 6fi*>e* * 3-09-64 5-61 CRf 1 114* 11464 13-31-63 ccomccccc -comm: ccccc ccccc cam -*ATTN» FILE VARIATION! ZIP IS 90W4/DTHER FILE I DENT ! SSI IS 133333333* NJD INIT 15 I,S ABUSE iHlT IS £ A CITIBANK 1391556 1 SSBMH DURR ACCT 3-63 6-76 CH6 REV -91* M 2-31-43 CDC — COOC A SAKS FIFTH 1347515 1 2&HMSB CURR ACCT 4-64 10-M QflJ REV *67* 133 445-44 CC1-C2CC3CC- A NGRQSTftM 33902*1 » mm CURR ACCT 0-63 6-03 CHB (CV L1KN M 12-15-83 CCCCC A OECD 36*711 4 CURR ACCT 12-63 6-fl3 CHB REV 915* 91275 12-15-63 A CRSI/DCSMMD 1391554 1 CURR ACCT 6-02 I m CHB REV -91* to CDC-DCCDCCDC A TWA 2455616 I 20000000* CURR A0CT 10-Y 10-Y CAC 24 415* A SECURITY PACIFIC NATL 311(954 1 l2D*BB mVmVVv CURR ACCT 12-62 £-61 CAC REV *20* « 4-89-84 DCC A FIRST INTERSTATE 327*27 £ durr non 4-64 6-61 CAC REV *£500 965 4-25-64 caxDccccca: A CARTE BLACHE 34252* 2 cum ACCT 12-63 16-Y CAC 1 99* 1ST 12-31-83 cam A WESTERS AIRLlfCS 3457670 1 MID SATIS 7-63 FORD DO CURR ACCT 13-63 MEAT NESTEHN S 4 OJffl ACCT 1976 tfFILIATED CREDIT P D CELL AC 9-63 it — y cac «v am 36*155 1 £-63 flUT 484333W4I7E39 12-31-63 L 3651*9 t 1974 ft/C 3961756 I 4-62 m INK -41* ££0000* H HANTHORNE MAZDA 3967686 INQUIRY 11-22-03 A MAY CC 3371319 INBJIRY 12-26-82 ISC A B OF R 3181344 INQUIRY 4-22-62 FIRST INTERSTATE 327*27 2 PAID SATIS 7-62 UKN CRC REV 920* N CD SUP CT WWHERE CO him « UkkWUHCI JUD60©fT 920* STATE TAX -END 6