####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 09 Release Date: November 19, 1987 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: The National Guards FROM: Omni DATE: August 1987 If you liked 1984, you're gonna love what the military has planed. Americans get much of their information through forms of electronic communications, from the telephone, television and radio, and information printed in many newspapers. Banks send important financial data, businesses their spreadsheets, and stockbrokers their investment portfolios, all over the same channels, from satelite signals to computer hookups carried on long-distance telephone lines. To make sure that the federal government helped promote and protect the efficient use of this advancing technology, Congress pass the massive Communications Act of 1934. It outlined the role and laws of communications structure in the United States. The powers of the president are set out in Section 606 of that law;basically it states that he has the authority to take control of ANY communications facilities that he believes "essential to national defense." In the language of the trade this is known as a 606 emergency. On the second floor of the DCA's four-story headquarters is a new addition called the National Coordinating Center (NCC). Operated by the Pentagon, it is virtually unknown outside of a handful of the industry and government officials. The NCC is staffed around the clock by representatives of a dozen of the nation's largest commercial communications companies- the so-called "common carriers"- including AT&T, MCI, GTE, Comsat, and ITT. Also on hand are officials from the State Department, the CIA, the FAA, and a number of other agencies. During a 606 Emergency the Pentagon can order the companies that make up the National Coordinating Center to turn over their satellite, fiberoptic, and land-line facilities to the government. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: Big Brother is coming. In the event of a national emergency, all communications would be controlled by the government. Long-distance companies would hand over telecommunications control to the government. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: The Caller that Isn't Long-Winded FROM: The Chicago Tribune DATE: August 20, 1987 You may remember our story last month about Kathy and John Riedy of Raleigh, who received a long-distance bill for $24,129.99. The Riedys never were unduly alarmed. "It's easy to prove you dls," Kathy Riedy said, "but imagin e the trouble we would have had if the bill had been for $200." Lorraine Gregory of Glenview a US Sprint customer, does not have to imagine. "Needless to say, when I saw my phone bill I was in total shock," Gregory said in a letter to the company last January about her bill for $293.30. "On my call to Boise, Idaho, on 11/15/86, you show that I talked a total of 1,441 minutes. If you divide that by 60 you get exactly 24 hours and 1 minute. I don't remember exactly how long I talked, but it was apporximately 2 1/2 hours." Gregory inquired again on March 9: "I would like to know when you are going to get my previous unpaid balance of $293.90 corrected." And again May 21: "Until I get a corrected statement, I do not intend to pay this bill." And yet again on Aug. 6: "In January of this year I wrote a letter to you, and to date I have not yet received an answer from someone at US Sprint." "Each month when I received my bill," Gregory said, "I would send a check for my current charges with a copy of my letter(s) and still no response from anyone at US Sprint acknowledging my letters.... "Just recently I received a letter from US Sprint to call 1-700-555-4141 from each of my phones to make sure I was connected with US Sprint's Dial "1" Service. I have been connected to Dial "1" service for almost a year now." "Of course, I don't know what they're talking about; so I call Customer Service availiable '24 hours a day, 7 days a week' at 1-800-531-4646. Ha,ha,ha. All you get is busy, busy, busy 24 hours a day, 7 days a week." We attempted to call the number in Gregory's behalf. It was, as she said, busy, busy, busy. -Clarence Peterson $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: The earlier article that was mentioned can be read in TNS Issue #2. This error seems to be due to the people at Sprint. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: A Call to Stop Long-Distace Scam FROM: The Ann Landers Syndicated Advice Column DATE: Dear Ann Landers: Please suggest to your readers to memorize their long-distance charge-card numbers and make sure that they are alone when making such calls. Anyone who gets hold of a charge-card number can call anywhere in the world. When my son was in Korea on field duty, someone broke into his locker and stole his wallet. Although the wallet was returned with his calling card intact, someone copied the code number. The phone company took note of the large amount charged to our phone and alerted me. When I told the woman at AT&T that my son's wallet had been stolen, she canceled the card immediately. At that time the charges amounted to $485. When the bill arrived 10 days later, it was $3,594. Almost all the calls were placed within 13 days. Whoever stole my son's wallet had either given out the code or sold it. Calls had been made from Korea to all over the United States. There were also calls from Brooklyn and the Bronx to Florida and Californleans and one from Nash ville to Korea. Isn't it sad that someone would do this to a young man who is serving his country? C.M. in Lancaster $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: A standard case of phone fraud... just something I had. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Online Junkies- Artificial Intelligence FROM: Omni DATE: Artifical intelligence guru Marvin Minsky recently wasted three CO-2 cartidges before taking apart the seltzer bottle he was trying to recharge and finding that the culprint was a faulty O-ring, a discovery that turned his thoughts toward the space shuttle. I know this because Minsky told me about it one night, though he was probably already asleep at the time. Minsky's thoughts about O-rings, as well as his detailed message about the design of space telescopes, were carried across the continent to my home computer terminal courtesy of the Department of Defense (DoD). Conceptualized at MIT in the late Sixties and put online in the early Seventies, DoD's computer network ARPAnet (for Advanced Research Projects Agency) was created to provide electronic mail service between the universities and research centers that received department funding for computer science, robotics, and other high-technology projects. But over the years it has been linked to a series of other online services and is now, according to many of its users, almost as addictive as it is informative. DoD could hardly have imagined what would happen when some of the finest minds in the country's most prestigious universities and research labs began conversing with one another on ARPAnet. When a technicalquestion is raised on one of its bulletin boards, you can sit back and watch the responses pour in from the science departments of schools like MIT, Carnegie-Mellon, Stanford, Cornell, Yale, and Caltech and from research centers such as NASA's Ames Research Center, the Jet Propulsions Laboratory, Fermi National Accelerator Laboratory, and Bell Labs. Almost always intriguing, the postings are exceedingly well researched and carefully presented. In part this is because the jury of peers reading tthe boards is highly critical and well-informed. A posting about a new theory of technology might bring a correction or rebuttal from the scientist who did the work under discussion. "You can't just gush blood all over the network," says one user. "It will come back to haunt you." But there is room for irreverence. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: The actual article went on for several pages... it has been edited for the more interesting parts. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Hacking Through NASA: A threat- or only an embarrassment FROM: Newsweek DATE: In late July computer specialists at NASA headquarters in Washington noticed signs of tampering with their system's software. S computer hackers had penetrated the hub of a worldwide network known as the Space Physics Analysis Network, or SPAN. NASA tightened its security and kept the incidents quiet. But last week in Hamburg, West Germany, the culprits themselves came forward. A band of hackers affiliated with the Chaos Computer Club in Hamburg claimed to have tapped into 135 computers around the world, extracting a wealth of sensitive information about the space shuttle, Star Wars and other topics. "The whole system was open to our friends," said Wau Holland, a spokesman for the club. "They found such explosive material that we had to go [public]." It was an empty boast, according to NASA. The space agency acknowledged the break-ins but said the hackers uncovered no classified information: "It really wasn't a very important system," said spokesman William Marshall. NASA said the network, one of several it operates, did not contain secrets about Star Wars or anything else; it was simply a "worldwide library" of space-related information available to perhaps 4,000 authorized researchers on various NASA projects. SPAN is also an electronic medium for scientific discussion. Classified information about the shuttle and military launches, Marshal says, is restricted to more secure computers not linked to SPAN. The SPAN system proved an easy target. The machines at NASA headquarters were Digital Equipments Corp.'s VAX computers, which use software known by the initials VMS-an operating system that has become a hacker favorite because of its wide use at universities and scientific-research centers. One veteran American hackers has even written a series of tutorials entitled "Hacking VMS". The West German group-which reportedly included two computer maintenance workers at major European research centers that belonged to the SPAN network-apparently exploited a flaw in the VMS system, which DEC has subsequently fixed. The hackers gained entry in Europe, then "network-hopped" their way to the VAX 11/785 computer system at the NASA hub. The group was able to roam through the system at will for nearly three months before their initial discovery by systems manager Roy Omund at the European Molecular Biology Laboratory in Heidelburg, West Germany. By then they had surreptitiously planted a "Trojan horse" software program, which subtly overrode the computer's operating instructions and made it easier for others to gain access. The Trojan horse multiplied, as one computer after another on the network automatically copied the profram. (NASA says it defused the program once it was discovered, but last week the OSUNY computer bulletin board in New York was carrying instructions for breaking into SPAN.) The group also discovered that many of the passwords used to restricted access on SPAN were easy to figure out; some could even be found in the manufacturer's instruction manual. The casual attitude toward security is not surprising. Like many networks that essentially function as data banks and bulletin boards, SPAN was desig and communication. "Because the data is not sensitive, you always sacrifice security for ease of use," says U.S. computer-security consultant Robert Courtney. While some managers of large computer centers worry about hackers and have tightened security, most consider them an unavoidable nuisance. Authorized computer users -not hackers- still commit most of the theft and other computer crimes. "[The hackers] haven't done real damage to anything," he says. "The harm is embarrassment, but that's all." - WILLIAM D. MARBACH with ANDREW NAGORSKI in Bonn and RICHARD SANDZA in Washington $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: As noted by the credits at the end of the article, Richard Sandza was one of the writers. For those who do not know of Mr. Sandza, in the past he has written several articles for Newsweek that are on the subject of phone fraud and hackers. He is best known for an article entitled: "The Night of the Hackers." Another article on hackers was "Revenge of the Hackers" which detailed the living hell that he was put through for writing the first article. It should be noted that the German hackers were not arrested. They turned themselves in. They most likely came forward for one of the following reasons: - they were afraid that sooner or later they would get busted But why didn't they just quit then? Why come forward? - they wanted to be K-rad d00dz and get their names in the papers This could be a possibility. They said that they found such "explosive material".. but in reality their boast is believed to be empty. - they wanted to warn NASA about their break-in Another possibility. They thought that they had "explosive material" and they might have decided to be nice. - they thought that if they came forward, NASA wouldn't prosecute them They were on the SPAN network for several months. Perhaps they knew that someone would eventually find out and they wanted to be nice. Richard Sandza mentioned a file entitled "Hacking VMS." Actually, there are probably many such files out there. One of the most well-known is a series by Lex Luthor (I think?). The OSUNY bulletin board was also mentioned. This BBS was mentioned in another article by Richard Sandza