|
The Phreaking Articles - Volume 2
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
It's Baaaaa-ack!
*------------------------*
| The Phreaking Articles |
| Vol. 2 |
| by |
| * Black Death * |
*------------------------*
An Official ZoNE Product
Well, Here it is. The Not-so-Long awaited sequel to The Phreaking
Artciles Vol 1. What I'm trying to do here is keep the pirate/phreak/hack
world informed on what's going on to it's members, and what good ol' Mrs.
Bell is up to to try and stop us. Just keeping you informed on the War..
So I get a bunch of articles on the subject, type them up and send 'em to
you. So Hopefully you'll get something out of this and learn. Have phun!
`TELEPHONE HACKING: WIDESPREAD, GROWING'
By Alex Barnum - Mercury News Staff Writer
The alleged case against Kevin L. Poulsen is an extreme example of a
widespread and growing telephone crime problem that usualy gets scant
attention except from it's major victims: the phone companies.
Law enforcement efforts against telephone and computer crime have few
tangible results, experts say. Although some cases have been widely public-
ized, less than 10 percent of known security breaches have been prosecuted.
The longest prison term for a computer hack has been 1 year.
At the same time, state legislatures, including California's, have passed
computer crime laws that give law enforcement officials broader authority
that federal statutes to pursue computer hackers and so-called phone phreaks.
In the most recent case, Poulsen, 24, was chaged Wednsday with illeagaly
obtaining and using Pacific Bell Co. equipment and access codes, obtaining
sensitive military documents and stealing a computer printout relating to
an FBI investigation of former Philippene President Ferdinand Marcos.
The indictment charges Poulsen with telephone crimes, such as evesdropping
and recording conversations, that are far more sophisticated and rare than
the activities of the typical phreak who makes free long-distance phone calls
using illeagaly obtained telephone credit card numbers.
Phreaks, who began 20 years ago with blue boxes that could trick the
phone network into allowing free access to long-distance calling, now
typically obtain these credit card numbers on computer bulliten board systems
(BBSs). The numbers usually belong to large buisnesses, which monitor the use
of their numbers less frequently than individuals.
As a whole, phone phreaking is a widespread problem and the fastest growing
segment of computer crime. the National Center for Computer Crime Data in
Santa Cruz estimates that it has grown from about 10% of all computer crime
in 1986 to 34%.
Moreover, as with all computer crime, the vast majority of it goes
undetected or unreported. In a 1988 survey, the center found that only 6% of
the serious break-ins known to computer security professionals were ever
prosecuted.
The abuse of phone access codes is "obviously epidemic" said Ken
Rosenblatt, assitant district attorney in Santa Clara County. `The phone
companies are losing lots of money.'
Public prosecutors say law enforcement efforts to stop telephone crime
are lagging even in Santa Clara County, which has two full-time district
attorneys assignd to its High Technology Crime Unit, the largest such group
in the country.
`We just don't have the bodies (we need) if we want to stop phone hacking,'
Rosenblatt said, adding that his unit is focussing mostly on computer chip
theft and industrial espionage, which are financially more significant.
Several weeks ago, the California legislature passed a new "for-feiture"
law, in which convicted hackers would forfeit their telephone or computer
equipment as part of the punishment. Unless stolen, the equipment would go
to the vitims or the prosecutors.
Although that may seem like a minor inconvinience to a convicted hacker,
Jerry Coleman, assistant district attorney in San Fransisco, said it's a
punishment with psychological effects that better fit the crime than does
a period of probation.
PSYCHOLOGICAL PUNISHMENT
`Hackers suddenly feel that loss they've been perpetrating on their vic-
tims,' Coleman said. `It's a psychological punishment for a psychological
crime.'
Despite new legal weapons for prosecutors, the leaders in the war against
phreaks are also their biggest victims: the phone companies. And law
enforcement officials say the phone companies are winning. ( BAHAHAHAAHA!!!
yeah right! -BD)
`They are trying to stay one step ahead' of the phone phreaks, Coleman
said. `And I think they are successfull.'
ENHANCING AWARENESS
John Hancock, vice president for systems technology at Pacific Bell, noted
that many security breeches occur when hackers trick employees into giving
them access codes. As a result, Hancock said, the company recently began a
`Security awareness program' for it's employees and cutomers.
Pacific Bell has developed a sophisticated identification system for
it's technicians in the field. Hancock notes that repairmen used to have to
call a central switchboard and identify themselves over the line to get
access to one of the company's switching lines.
Now, technicians are given `smart cards'. The card flashes an eight-
digit number that changes randomly every 30 seconds. Technicians must punch
in that number on a phone keyboard, in addition to giving their individual
password. A central <*COMPUTER*> verifies the number, giving the technician
access.
Among other measures, Hancock said Pacific Bell recently installed a
more secure version of the Unix operating system, sophisticated computer
software that runs the phone network. And through their joint research
facility, the Bell operating companies have drafted a plan that immidiately
alerts other phone companies to a case of infiltration into any one.
San Jose Mercury News - Morning Edition - 1/20/90
PHONE CRACKING
High Tech Thugs Prey on Voice Mail
By Alex Barnum (Mercury News Staff Writer)
A new generation of computerized telephone answering machines has spawned
a new breed of technological terrorists: the voice-mail hacker
Like their counterparts among computer hackers, voice-mail hackers are
typically nerdy teen-agers whose interests in computers and phones borders
on obsession, law enforcement officials say. They range from high-school
students who crack voice-mail codes for the sheer thrill to gangs of high
tech ruffians who prowl the nation's phone lines for profit. Altogether,
their nefarious trade (I just love this guys vocab) is contributing to
a telecommunications fraud problem that officials estimate is costing
corporations and phone companies nationwide more than $500 million a year.
Consider the case of Certified Grocers of California, one of the voice-
mail hackers better known exploits. Several years ago, the Los Angeles-based
grocery wholesaler installed a new voice-mail system, hooked up to its toll-
free 800 lines. the system greeted cutomers in a friendly feminine voice
("Welcme to Cer-Gro"), routed their calls ("Please enter the four digit
extension you wish to reach"), even told of delivery schedules ("For inbound
scheduling and outbound load information, press 2").
The system was considered a convinience to both the company and its
cutomers until Cer-Gro managers noticed that the company's toll-free
phone bills began to soar. After a little digging, they found a gang of
teen-agers had cracked the passcodes on the voice-mail system and transferred
control of some 200 of it's 300 "voice-mail boxes" to a drug and prostitution
ring. Instead of delivery schedules, the voice-mail system was being used
to dispense up-to-the-minute New York cocaine prices and information about
prostitution services.
This new generation of office answering machine may be transforming
corporate America, replacing the office secretary, receptionist, and even
the inter-office memo. but it has also provided the teen-age bandits who
pirate the computer and phone networks with a new target. "We've had a lot
of cases," says Gail Thackeray, Arizona assistant attorney general and a
specialist in voice-mail hacking. "Everybody from local mom-and-pop
buisnesses to giant corporations have been affected."
Although voice-mail hacking reached a plateau last year, the problem is
likely to get worse as voice-mail gains a greater following, voice-mail
specialists say. Once used primarily by large corporations, voice mail
is growing in popularity among smaller buisnesses. What's more, with regional
phone companies experimenting with residentia service, voice-mail may soon
be widely availiable to homes across the country. Many specialists fear that
residential use will bring a new wave of hacking.
Developed a decade ago, voice-mail systems are specialized computers
that can answer a company's phones, direct callers through a maze of options
and record their messages. A system typically gives every employee a personal
voice-mail box to leave an retrieve messages, which they gain access to
using secret passcodes that range from two to 14 digits. With a versatility
far greater than normal answering machines, the system also allows employees
to send voice messages to co-workers and even whole departments or groups
of employees.
The passcode is the key to voice-mail security. But armed with a Touch-
Tone phone, a little knowledge of voice-mail, and a lot of patience, a hacker
can easily infiltrate the mailbox of someone who has been lax about security.
Here's how a hacker might do it: Dialing in over toll-free lines, the hacker
is greeted by the company's "automated attendant," which attempts to direct
the call. At that point, the hacker simply starts trying passcodes. The
easiest codes to break are short, obvious combinations of numbers, such as
1-2-3, or codes that are identical to an employees phone extension.
Once inside a mailbox a user is directed by a recorded voice through a
series of options. Using these options, a hacker can request a new passcode
and take control of the mailbox. (Hackers are no dummies, and frequently
request 14 digit passcodes.) The hacker can read an employees messages and
send messages to others. If the hacker breaks in to an active but unassigned
mailbox, as happened at Certified Grocers, or if he breaks into the mailbox
of an employee on vacation, the hacker could remain undetected long enough
to use it for his own purposes.
In some cases, hackers have cracked the mailbox code of the system operator,
the employee in charge of administering the voice-mail system. That allows
the hacker to roam freely through the voice-mail system. Several years ago,
a disgruntled ex-employee of a San Jose office supply store gained "system
operator" status on the company's voice mail system and changed it's
greeting to outsiders. Customers who dialed the store were told that it had
gone out of buisness.
Voice-mail hacking even has triggered concern among corporate executives
about industrial espionage, says Donn Parker, a computer security specialist
at SRI Inernational in Menlo Park. Voice-mail equipment manufacturers agree
that sensitive information, such as the detail of an impending merger, is
best not left on voice mail messages. But that didn't deter an executive at
one company who left sensitive end-of-the-quarter financial information
on a message, only to have it recorded and broadcast to competetors around the
country.
Voice-mail hacking has also attracted more serious criminals, says Thackeray.
She and other law-enforcement officials worry particularly about the national
gangs that trade stolen long-distance access codes and credit card numbers
over "code lines", voice-mail boxes that hackers use as audio bulliten
boards.
Code lines work like this: A hacker obtains stolen access codes and
credit card numbers through computer bulliten boards, from voided retail store
receipts, by overhearing them at public pay phones and other nefarious means.
he posts the ill-gotten codes to 10 voice-mail boxes around the country. In
turn, each of his cohorts checks the code lines several times a day, records
the numbers and posts them to 10 more code lines. Wihin hours, the number
of hacker with access to the code mushrooms.
"The loses go right through the roof," Thackeray says. "The loses are so
high because hundreds of people have access to the numbers immidiately."
The costs to buisnesses can be staggering. Thackeray says hackers can easily
rack up a $10,000 phone bill on one number within days. And buisnesses don't
find out about the abuse unitl they get the monthly bill. In a case pending
in Tuscon, the cost of stolen long distance codes to US Sprint was conser-
vatively estimated at $500,000, she says. The Communications Fraud
Control Association in McLean, Va.,says it's all part of a telecommunications
fraud problem that is costing the phone companies more than $500 million a year.
In a case uncovered last year, a nationwide teen-age hacking ring allegdly
infiltrated the voice-mail systems of 20 buisnesses and organizations, set up
code lines and racked more than $200,000 in unauthorized calls, the Secret
Service charges. The alleged mastermind of the ring, Leslie Lynn Doucette,
a Chicago woman who had been convicted of telecommunications fraud in Canada,
reportedly supported herself and her two children through her hacking
activities.
The 35-year-old Doucette allegedly ran the ring of electronic pickpockets
like something out of a computer age "Oliver Twist," Using the code name,
"Kyrie." Doucette held telephone confrences with her hackers across the country,
teaching them to get access codes from AT&T credit card holders. In one scheme,
the hackers allegedly used stolen credit card numbers to wire Doucette more
than $1,000 worth of Western Union money orders.
Voice-mail hackers are particularly hard to catch, law enforcement officials
say. Hackers, who prowl through the phone lines using code names, direct their
calls along cuitous routes and across state lines, making them difficult
to track. "They're like schools of fish," Thackeray says. "They move quickly
from one system to another." Officials say phone companies, which are often
their only hope of tracking hackers, are of little help because they fear
invasion-of-privacy lawsuits.
Long distance carriers have beefed up security, implementing 14-digit access
codes and features that enable buisnesses to monitor the source of toll-free
calls. By closing the door on corporate 800 lines, the carriers have cut out
some of the hacking. But hackers have lighted on other vulnerable branches
of public phone network and are busy trying to crack the shorter acces codes
of smaller carriers and the regional Bell operating companies, officials say.
More important, voice-mail equipment manufacturers have launched an assault
on voice-mail hacking. Many systems now have features that lock a voice-mail box
after several attempts at entry and provide "audit trails" that monitor use.
Voice-mail makers have given users tools to ensure security, says David Ladd,
executive vice president at VMX Inc., a San Jose voice-mail company. As a
result, he says, voice-mail security now depends on company efforts ti train
cutomers and the vigilance of the user.
"A voice-mail system is only as secure as the people who take care of it,"
adds Elizabeth Johnson, an industry consultant. "The only thing that keeps
a hacker out of your voice mail is your password."
San Jose Mercury News - Morning Edition - 2/19/90
The Phreaking Articles are written by Black Death for ZoNE, at
The Unholy Temple BBS.
All Real names have been used, and no editing has been done to protect
the innocent/guilty.
Call these GREAT ZoNE boards.
[305] 386-6219 - FerrarI BBS - ZoNE HQ. 38.4 HST -
[408] 249-5405 - The Unholy Temple - ZoNE Site #1 - 12/24oo - P/hack filez
[514] 358-1987 - The Order of the Kamikaze - ZoNE site #2 - 12/24oo - Elite
Greetings to Lord Sharp, The Zenabyte, The Prisoner, Sam Brown,
Shadow Lord, The Mentor, Barimoor, and Mr. FerrarI.
|------------------- |-------------| |--\ |--| |--|--------
|_____________ / | | | \ | | | |
/ / | | | \ | | | |-------|
/ / | |---| | | | \ | | | ]
/ / | | | | | |\ \ | | | |-------|
/ / | |---| | | | \ \ | | | |-------|
/ /___________ | | | | \ \| | | ]
| | | | | | \ | | --------|
|------------------| |-------------| |__| \___| |__--------|
|
|
