Title : Phrack World News XXIV
Author : Knight Lightning
==Phrack Inc.==
Volume Two, Issue 24, File 11 of 13
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXIV/Part 1 PWN
PWN PWN
PWN February 25, 1989 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Time And Time Again
~~~~~~~~~~~~~~~~~~~
Greetings to everyone! This issue of Phrack Inc. marks the completion of the
plan I had conceived a little more than one year ago -- "The Phoenix Project."
No, not the bulletin board run by The Mentor (although the name of the board
came from this plan), my scheme to rebuild the hacking community from its
remaining ashes of the "Crisis of 1987." My plan had several parts that needed
to come together.
- Announce the plan and pour lots of hype into it to spur great enthusiasm.
- Hold SummerCon '88 in St. Louis, Missouri to get today's hackers to meet.
- Regain control of Phrack Inc. and put it back on its feet.
- Release the Vicious Circle Trilogy to expose and defeat our security
problems.
- Bring today's hackers into the next Millennium with The Future Transcendent
Saga (which helps to unite yesterday's hackers with the present).
And now...
Announcing The 3rd Annual...
SummerCon '89
~~~~~~~~~~~~~
Saint Louis, Missouri
July 23-25, 1989
The date is a tentative one, but I would imagine that it will not change.
For more information please contact Taran King or Knight Lightning.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On the lighter side, this issue of Phrack World News contains articles dealing
with Shadow Hawk, The Disk Jockey, Compaq, the FBI "Super" Database, the
Australian-American Hackers Ring, Computer Emergency Response Team, StarLink,
The Xenix Project, The Lost City of Atlantis, The Beehive BBS, and much more.
So read it and enjoy.
For any questions, comments, submissions of articles, or whatever, I can be
reached at [email protected] or [email protected] or whatever
bulletin board you can find me on.
:Knight Lightning
_______________________________________________________________________________
Explosives Expertise Found In Computer January 5, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Matt Neufeld (The Washington Times)
One of the four Bethesda youths killed in an explosion in the garage at the
home of the Brazilian Embassy's attache last weekend had access to a local
computer system's how-to listing of bombs and explosives, according to a system
member.
"He was highly involved with computers," said the computer operator of the
18-year-old Dov Fischman, one of the teens killed by the explosion. "Dov used
to go over to my friend's house," where they discussed various types of
software and computer systems, he said.
Located within an elaborate computer system of about 200 private bulletin
boards is a board titled "The Lost City of Atlantis" that contains files under
the following names: "Pipe Bombs," Gas Tank Bombs," "Make Smoke Bombs," "Soda
Bombs," "Explosive Info," "Kitchen Improvised Plastic Explosives," and "Plastic
Explosives," according to system files reviewed yesterday by the Washington
Times.
Details on committing mischief and various illegal activities fill the files of
Atlantis and other boards in the system. The Atlantis board is listed under
the heading, "The Rules of Anarchy."
The files on Atlantis, which is run locally, but could be accessed by computer
owners nationwide, include information and correspondence on how to buy various
chemicals and and explosives used to make bombs. Other files have explanations
on how to use these materials to fashion the bombs.
"Some or all of you reading this may have caught word from the grapevine that I
sell laboratory materials and/or chemicals," begins one message from a system
worker who operates under the pseudonym "The Pyromaniac."
"I can get for you almost any substance you would want or need," the message
says later. "Always remember that I am flexible; Your parents need not know
about the chemicals."
Mr. Fischman and the other teens have been described by friends and relatives
as highly intelligent, hard-working honor students. They were killed about
3:15 a.m. Saturday in an explosion at the home of attache Vera Machado in the
6200 block of Verne Street. A Montgomery County Police investigation
determined the cause was accidental and caused by the youths "experimenting
with some type of explosive."
Nitrates, peroxides and carbonates were found at Mr. Fischman's home, along
with literature on "resources for chemicals and appliances and recipes
utilized for explosive devices," said fire marshal's spokesman Mike Hall. "The
exact nature of resources and recipes has not been disclosed by the
investigative section, as the investigation is going on."
"I have no knowledge that any computer system information was used," but that
possibility will be investigated, Mr. Hall said. Mr. Fischman's father, Joel,
yesterday said his son and the other three youths were involved with computers.
But he said he was not aware of any connection between computers and the
explosion. He referred further questions to the police.
The local computer system operator said most users are 15 to 19 years old. The
operator, however, said it is common for users of the system to peruse the
files while their parents have no knowledge of the contents.
The boards and files are legal, and the bomb information is primarily confined
to "private" bulletin boards created by persons known as "system operators."
However, anyone with a home computer, a telephone and a modem can hook up to
the bulletin boards if they gain approval of the individual operators, the
operator said.
"I think this should be allowed, but not just for any kids," said the operator,
who is an adult. He said it's "really the parents' fault" for not supervising
their children's computer access.
Another board in the system, "Warp Speed," also provides information on
explosives. That board was shut down sometime between December 30, 1988 and
January 1, 1989 the operator said. That board is "host" to "Damage, Inc.,"
which is a "group of people who concentrate on explosives, things to screw
people up, damage," he said.
In the "Beehive" board the following message appears from "Mister Fusion:"
"low cost explosives are no problem. make them yourself. what do
you want rdx? detonators, low explosives? high explosives? i can
tell you what to do for some, but I would reccomend (sic) cia black
books 1-3."
Other boards and files in the system include information on computer hacking,
constructing a device to jam police radar detectors, picking locks, and
"phreaking," which is computer jargon for using computers to make free
telephone calls.
Some of these files are: "Making LSD," "Listing of common household chemicals,"
"Info on Barbiturates," "Make a mini-flame thrower," How to make a land mine,"
"How to Hot Wire a car," "Home Defense: part II, guns or friends," "How to have
fun with someone else's car," "Fun! with Random Senseless Violence," "Picking
up little girls," and "How to break into a house."
"A lot of the information is wrong, in the phreaker world, regarding ways to
defeat the telephone company," said the operator, who has been involved with
computers for at least six years. "But the bomb information is pretty much
accurate."
In the two page, "High Explosives" file, there are detailed explanations on how
to use the chemicals cacodyal, tetryl and mercury fulminate.
"This stuff is awesome," begins the section on cacodyal. "It is possesses
flammability when exposed to air. Plus it will release a cloud of thick white
smoke. The smoke just happens to be arsenic."
The file does offer this warning at the end: "Don't attempt to make these
things unless you are experienced in handling chemicals. They can be very
dangerous if not handled properly."
The "Kitchen Improvised Plastic Explosives" file, which instructs users on "how
to make plastique from bleach" and is credited to a Tim Lewis, warns that the
chemicals are dangerous."
_______________________________________________________________________________
Computer Emergency Response Team (CERT) January 23, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Excerpted from UNIX Today
WASHINGTON -- The federal government's newly formed Computer Emergency Response
Team (CERT) is hoping to sign up 100 technical experts to aid in its battle
against computer viruses.
CERT, formed last month by the Department of Defense's Advanced Research
Project Agency (DARPA), expects to sign volunteers from federal, military, and
civilian agencies to act as advisors to users facing possible network invasion.
DARPA hopes to sign people from the National Institute of Science and
Technology, the National Security Agency, the Software Engineering Institute,
and other government-funded university laboratories, and even the FBI.
The standing team of UNIX security experts will replace an ad hoc group pulled
together by the Pentagon last November to deal with the infection of UNIX
systems allegedly brought on by Robert Morris Jr., a government spokesman said.
CERT's charter will also include an outreach program to help educate users
about what they can do the prevent security lapses, according to Susan Duncal,
a spokeswoman for CERT. The group is expected to produce a "security audit"
checklist to which users can refer when assessing their network vulnerability.
The group is also expected to focus on repairing security lapses that exist in
current UNIX software.
To contact CERT, call the Software Engineering Institute at Carnegie-Mellon
University in Pittsburgh at (412) 268-7090; or use the Arpanet mailbox address
[email protected].
_______________________________________________________________________________
The Xenix Project aka The Phoenix Project Phase II January 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are some big changes in store for everyone's favorite bulletin board.
As of January 25, 1989, The Mentor became the proud owner of the complete SCO
Xenix system, complete with the development kit and text utilities (a $1200
investment, but worth it). He has arranged for a UUCP mail and USENET
newsfeed, and is working on getting bulletin board software up and running on
it.
So what does this mean to you? As I have been illustrating throughout The
Future Transcendent Saga and a few other files/places, the future lies in the
wide area networks. So now for the first time ever, The Mentor is offering the
hackers a cheap, *LEGAL* way to access the gigabytes of information available
through USENET. Mail can be sent through BITNET, MILNET, ARPANET, and INTERNET
gateways to users all over the world. In short, connectivity has arrived and
the future grows ever closer.
The first thing that The Mentor wants to do is get a second hard disk drive.
There is no way the Xenix Project can run right now without it. His 40 meg has
a 20 meg Xenix partition, 17 megs of which is occupied by the /root/ file
system. The MS-DOS partition has 12 megs of the board, plus all the programs
he needs to exist (Pagemaker, Word, Microsoft C, Brief, etc). A *MINIMUM* of a
60 meg drive will be needed to support the newsfeed (USENET generated 50 megs
of traffic in the last 2 weeks). A 100+ meg drive would be better. Once a
hard disk is obtained, the system will go online as a single-line UNIX machine.
Hopefully, enough money will be generated to add a second phone line and modem
quickly. At this point the system will begin to take off.
The Mentor's eventual goal (inside 6 months) is to have 4-6 300-2400 baud lines
available for dialin on a hunt group, plus a 19.2Kbaud line for getting the
USENET feed. The estimated startup cost for a 5-line system is:
110 meg hard disk........................ $1000
4 2400 baud modems (I've got 1 already).. $ 525
Installation of 4 phone lines............ $ 450
MultiPort Serial Card.................... $ 300
SCO Xenix Software....................... $1200
~~~~~
$3475
Financing is a problem. The Mentor has already sunk the $1200 into the Xenix
package (plus his original purchase of the computer system), leaving him $2200
away from the best hacker system in the world. There are two ways that he
hopes on getting the money for the rest of the system.
A) Donations - Many users have already indicated that they will send in
anywhere from $10 to $100. Surprisingly enough, the security
people on The Phoenix Project have been extremely generous.
There *is* an incentive to donate, as will be shown below.
B) Monthly fees - There will be a $5-$12.50 charge per month to use the UNIX
side of the system, but the Phoenix Project BBS will remain
free! Here is how it works:
Level 1 - BBS Only. Anyone who wishes to use only The Phoenix Project will
call and log in to account name 'bbs.' They will be forced into the BBS
software, at which point they will log in as usual. As far as they're
concerned, this is just a change of software with the addition of the front
end password 'bbs.'
Level 2 - Individual Mail & News account. For $5 a month, a user will get
their own private account with full access to UUCP mail and USENET news.
They will be able to send mail all over the world and to read and post to
the hundreds of USENET newsgroups. Legally, for a change!
Level 3 - Individual Mail, News, Games, and Chat. The user will have all
the privileges of a Level 2 person, be able to access games such as Rogue,
Chase, and Greed, plus will have access to the multi-user chat system
similar to the one running on Altos in West Germany, allowing real-time
conferencing between hackers here in the states without having to have an
NUI to get to Datex-P. This will cost $10 per month.
Level 4 - Full Bourne Shell access. This will allow access to the full
system, including the C compiler, text utilities, and will include access to
the online laser printer for printing term papers, important documents, or
anything else (mailing will incur a small fee.) Level 4 access will be
restricted to people technically sophisticated enough to know how to use and
how not to use UNIX compilers. The entire Xenix Development System and
Text Processing Utilities are installed, including online manual pages. I
will aid people in debugging and testing code whenever needed. Charge is
$12.50 per month.
C) Why Donate? - Simple. You get a price break. Here are the charter
membership categories:
Contributing: $20 You receive 6 months of Level 2 access, a $10 savings
over the monthly fees.
Supporting: $45 You receive either 1 year of Level 2 access or 6 months
of Level 3 access.
Sustaining: $75 You receive 1 year of Level 3 access, or life time level
2 access.
Lifetime: $100 You receive lifetime Level 4 access. Contributions in
amounts less than $20 will be directly applied toward Level 2
access (e.g. A $10 donation will give you 2 months Level 2
access).
Hardware contributions will definitely be accepted in return for access.
Contact me and we'll cut a deal.
Information Provided by The Mentor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A Few Notes From The Mentor
~~~~~~~~~~~~~~~~~~~~~~~~~~~
People -- I am not trying to make a profit off of this. If I could afford the
hardware I'd buy it. The Phoenix Project has been committed to bringing you
the best in hack/phreak information available, and will continue to do so FREE.
I stress, even after the switch is made, The Phoenix Project BBS will be
available under a un-pass-worded login that anyone can log into and use. It's
only if you want to enter the world of networks in a *LEGAL* manner that I need
to get money .
The system will expand as interest in it expands. If I never get enough paid
users to add more than one line, it will remain a one-line system. I think
enough people will see the advantages of UUCP and USENET to be willing to shell
out the cost of a 6-pack of good beer to get access.
As a side note to UNIX hacks out there, this system will also offer a good
place to explore your UNIX hacking techniques. Unlike other systems that
penalize you for breaking security, I will reward people who find holes in my
security. While this will mostly only apply to Level 4 people (the only ones
not in a restricted shell), 3-6 months of free access will be given to people
discovering security loopholes. So if you've ever wanted an unrestricted
environment for learning/perfecting your UNIX, this is it!
For more information, I can be reached at:
The Phoenix Project: 512-441-3088
Shadowkeep II: 512-929-7002
Hacker's Den 88: 718-358-9209
Donations can be sent to: Loyd
PO Box 8500-615
San Marcos, TX 78666
(make all checks payable to Loyd)
+++The Mentor+++
"The Future is Forever!"
_______________________________________________________________________________
Breaking Into Computers Is A Crime, Pure And Simple December 4, 1988
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Edward A Parrish Jr., Past President, IEEE Computer Society
Originally printed in Los Angeles Times
During the last few years, much has been written to publicize the feats
of computer hackers. There was, for example, the popular movie War Games,
about a teen-ager who, using his home computer, was able to tap into a military
computer network and play games with the heart of the system. The games got
of control when he chose to play "thermonuclear war." The teen-ager, who was
depicted with innocent motives, eventually played a crucial role in solving the
problem and averting a real nuclear exchange, in the process emerging as hero.
A real-life example in early November involved a so-called computer virus
(a self-replicating program spread over computer networks and other media as a
prank or act of vandalism), which nearly paralyzed 6,000 military and academic
computers.
Unfortunately, perhaps because the effect of such "pranks" seems remote to most
people, it is tempting to view the hacker as something of a folk hero - a lone
individual who, armed with only his own ingenuity, is able to thwart the
system. Not enough attention is paid to the real damage that such people can
do. But consider the consequences of a similar "prank" perpetrated on our
air-traffic control system, or a regional banking system, or a hospital
information system. The incident in which an electronic intruder broke into an
unclassified Pentagon computer network, altering or destroying some files,
caused potentially serious damage.
We do not really know the full effect of the November virus incident that
brought many computers on the Cornell-Stanford network to a halt, but credible
published estimates of the cost in man-hours and computer time have been in the
millions of dollars. The vast majority of professional computer scientists and
engineers who design, develop, and use these sophisticated networks are
dismayed by this total disregard of ethical practice and forfeiture of
professional integrity.
Ironically, these hackers are perhaps driven by the same need to explore, to
test technical limits that motivates computer professionals; they decompose
problems, develop an understanding of them and then overcome them. But
apparently not all hackers recognize the difference between penetrating the
technical secrets of their own computer and penetrating a network of computers
that belong to others. And therein lies a key distinction between a computer
professional and someone who knows a lot about computers.
Clearly a technical degree is no guarantee of ethical behavior. And hackers
are not the only ones who abuse the power inherent in their knowledge. What,
then, can we do?
For one thing, we - the public at large - can raise our own consciousness;
Specifically, when someone tampers with someone else's data or programs,
however clever the method, we all need to recognize that such an act is at best
irresponsible and very likely criminal. That the offender feels no remorse, or
that the virus had unintended consequences, does not change the essential
lawlessness of the act, which is in effect breaking-and-entering. And
asserting that the act had a salutary outcome, since it lead to stronger
safeguards, has no more validity than if the same argument were advanced in
defense of any crime. If after experiencing a burglary I purchase a burglar
alarm for my house, does that excuse the burglar? Of course not. Any such act
should be vigorously prosecuted.
On another front, professional societies such as the IEEE Computer Society can
take such steps to expel, suspend, or censure as appropriate any member found
guilty of such conduct. Finally, accrediting agencies, such as the Computing
Sciences Accreditation Board and the Accreditation Board for Engineering and
Technology, should more vigorously pursue their standards, which provide for
appropriate coverage of ethical and professional conduct in university computer
science and computer engineering curriculums.
We are well into the information age, a time when the computer is at least as
vital to our national health, safety and survival as any other single resource.
The public must insist on measures for ensuring computer security to the same
degree as other technologies that are critical to its health and safety.
_______________________________________________________________________________