Title : PWN/Part 2
Author : Spirit Walker
Volume Four, Issue Thirty-Seven, File 12 of 14
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN Phrack World News PWN
PWN PWN
PWN Issue XXXVII / Part Two of Four PWN
PWN PWN
PWN Compiled by Dispater & Spirit Walker PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Operation Sun-Devil Nabs First Suspect February 17, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Michael Alexander (ComputerWorld)(Page 15)
"Defendant Pleads Guilty To Possession Of Access Codes, Faces 10-year Term"
The U.S. Department of Justice said last week that it had successfully
completed its first prosecution in the Operation Sun-Devil investigation.
Robert Chandler [a/k/a The Whiz Kid and former bulletin board system operator
of the Whiz House in 619 NPA], 21, pleaded guilty in federal court in San Diego
to a single felony for possessing 15 or more access codes, which can be used
illegally to make toll-free telephone calls, said Scott Charney, who heads the
Justice Department's computer crime unit in Washington, D.C. Chandler also
admitted to using the access codes, Charney said.
Chandler will be sentenced on May 11. The legal maximum penalty is 10 years'
imprisonment, but federal prosecutors will probably recommend probation,
assuming the sentencing guidelines and the judge handling the case permit it,
Charney said.
Chandler may also be required to make restitution of a still-undetermined
amount for telephone calls made with the access code.
On May 7 and 8, 1990, U.S. Secret Service and local law enforcement officials
executed more than 20 search warrants [more like 27] in 14 cities in a
nationwide crackdown on computer crime code called Operation Sun-Devil.
Federal law enforcers said the raid was aimed at rounding up computer-using
outlaws who were engaged in telephone and credit-card fraud.
Approximately 42 computers and 23,000 disks were swept up in the dragnet, but
until last week there were no indictments or convictions in the investigation.
The Justice Department has been severely criticized by Computer Professionals
for Social Responsibility (CPSR), the Electronic Frontier Foundation (EFF), and
other advocacy groups for its handling of Operation Sun-Devil cases. CPSR has
charged that federal law enforcers trampled on the First and Fourth Amendment
rights of those targeted in the raids.
_______________________________________________________________________________
No More Fast Times For Spicoli
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Night Ranger
On November 19, 1991, Spicoli was awaken by Pima County (Arizona) Sheriffs and
some other agents in his apartment. They showed him their search warrants,
which was obtained under the suspicion of "Computer Fraud and/or Theft" and
asked him to step outside. They began dismantling his computer system, which
ran his bulletin board called "Fast Times." It was not a hack/phreak bulletin
board and contained no information that would normally be construed as such.
The main reason he ran the board was because he was writing it himself.
The authorities took many items not related to his computer, including his VCR.
He was not charged with any crimes and additionally he was informed that he
was "free to go." This incident is very similar to what happened with the
hacker "Mind Rape." Late last year, his home was raided and lots of items
were seized, but no charges followed.
Spicoli attempted to hire private legal counsel, but discovered that it was
beyond his means financially. Since then, he has chosen to go with the public
defender's office.
Weeks later, it was revealed that his case concerned an undisclosed, but
presumably large amount of stolen money and he was charged with various
felonies. He further learned that the authorities had been monitoring him over
a period of at least three months. Anyone who had contact with him between
August and November should be careful. His computer is now in the hands of the
government.
This is the second major bust in Arizona during the last half of 1991. With
people like Gail Thackeray residing there and anti-hacker companies such as
Long Distance For Less and U.S. West it is definitely not the place for any
kind of hacking.
_______________________________________________________________________________
U2 Shakes Up New England Bell February 24, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Steve Morse (The Boston Globe)(Page 15)
Irish rockers U2 left local telephone operators hasping for breath. In an
unprecedented move designed to thwart scalpers, tickets for U2's March 17 show
at Boston Garden went on sale through telephone charge only -- and the result
was a long morning for the phone company.
"It was complete gridlock. I don't know how else to describe it. The bombed
us right out of the water," said Joanne Waddell, a New England Telephone
manager. "We expected a lot of calls ... but this was unbelievable. Our
operators were clicking away like crazy out there."
The Garden show sold out in 4 1/2 hours, said Doug Borg of Tea Party Concerts,
adding that it took that long because there was a two-ticket limit per person
-- another step taken to frustrate scalpers.
"The demand was overwhelming. I heard there were a half-million calls in the
first hour," said Larry Moulter, president of Boston Garden. The telephone
company said exact figures were not yet available, but Moulter's information is
consistent with a recent U2 sale in Atlanta, where more than one million calls,
many from eager fans with automatic redial, were logged.
"I don't really have a number. It's safe to say thousands, many thousands,"
said Peter Cronin, a spokesman for New England Telephone. He admitted there
were minor delays in getting a dial tone, but that it was "not a serious
situation. If people stayed on the line, they'd get dial tone in a few seconds."
There were 100 lines selling sales for the Garden concert. They checked for
duplicate names, credit card numbers and addresses (to help enforce the limit
of two per person) and caught 'some' attempts to use a card number more than
once.
_______________________________________________________________________________
Federal Agents Raid WCFL; Station Silenced, Forced Off Air January 28, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Patrick Townson (Telecom Digest)
In an unusual move by the Federal Communications Commission, a far southwest
suburban radio station in the Chicago area has been forced off the air by the
FCC which alleges illegal activity at the station.
WCFL-FM (104.7), a station licensed in Morris, IL with no connection to the
station using the same call letters in Chicago several years ago was silenced
by FCC officials who raided the station accompanied by members of the United
States Marshall's Office on Friday, January 24.
Prompted by complaints from other broadcasters in the Chicago area, an FCC
field inspection team on January 16 found WCFL was beaming its signal at more
than twice its authorized power of 11,000 watts, and was using a nondirectional
rather than directional antenna as called for in its license to operate.
The effect of the violations was to broacast a more powerful signal toward
Chicago and elsewhere, and "to increase the likelyhood of interference with
other stations," acccording to Dan Emrick, chief of investigations for the
FCC's office in Chicago.
The FCC had cited the station for similar offenses in 1990, and fined the
owners $3000. Emrick said there was no record of payment.
Tim Spires is the General Manager of WCFL, and an officer of the parent company
'MM Group' which is based in Ohio. Neither Mr. Spires nor other officials of
'MM Group' would make any response to the FCC action which forced the station
off the air at 1:00 PM last Friday.
Emrick said federal officers entered the station shortly before 1:00 PM and
served the appropriate legal papers on employees on duty. FCC staffers then
siezed the broadcasting studio and transmitting equipment. After giving the
obligatory sign off message and station identification over the air, power was
killed to the transmitter. Employees were ordered to leave the premises, which
was closed with a US Marshall's Seal.
Emrick went on to say the station would not be allowed to return to the air
until the station settles its account with the FCC and completes construction
of a directional antenna. At that point, the station would be permitted to
operate 'in probation' while the Commission did further technical inspections,
and the probation status would continue for an unspecified period of time
afterward.
A press release was finally issued by the 'MM Group' yesterday which said in
part that WCFL " ... went off the air voluntarily in order to install a new
antenna; bring their transmitter into compliance with FCC regulations and
better serve their listening area."
_______________________________________________________________________________
New Cellular Phones Raise A National Security Debate February 6, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By John Markoff (New York Times)(Page D1)
Advocates of privacy rights are challenging the nation's most clandestine
intelligence-gathering agency over how much confidentiality people will have
when communicating via the next generation of cellular telephones and wireless
computers.
The issue has emerged at meetings this week of an obscure committee of
telecommunications experts that is to decide what kinds of protections against
eavesdropping should be designed into new models of cellular phones. People
concerned with privacy are eager to incorporate more potent scrambling and
descrambling codes in equipment to prevent the eavesdropping that is so easy
and so common in the current generation of cellular phones.
But privacy advocates contend that the industry committee has already decided
not to adopt the maximum level of protection because of pressure from the
National Security Agency, whose intelligence gathering includes listening in on
phone conversations in foreign countries and intercepting data sent by
computers. The privacy-rights faction contends that the security agency
opposes codes that are hard to crack because the equipment might be used
overseas.
"The NSA is trying to weaken privacy technology," said Marc Rotenberg,
Washington director of Computer Professionals for Social Responsibility, a
public advocacy group organized by computer scientists and engineers. "At
stake is nothing less than the future of our privacy in the communications
world."
The standards setting group is made up of cellular telephone equipment
manufacturers and service providers.
The National Security Agency is the Defense Department Agency in charge of
electronic intelligence gathering around the world for use by many other
branches of the government. Officials of the agency, who have been
participating in the meetings as observers, said their only interest in the
matter was insuring that the government's own secure telephones were compatible
with the new cellular phones. They said that agency officials have
specifically been told not to participate in the standards-setting effort, and
indeed some engineers attending the meetings said they have felt no outside
pressure.
But other engineers involved in the standards process said the agency's
presence had loomed large in earlier technical meetings during the past two
years. "I would talk to people and they would say, 'The NSA wouldn't like
this, or wouldn't like that,'" said one committee member, who spoke on the
condition that he not be identified.
The Agency's Long Reach
The debate is important, the privacy advocates say, not just for cellular
phones but for many other emerging technologies that communicate using radio
signals, which are easier to intercept than information sent over conventional
telephone lines. These include wireless "personal communicators" that transmit
and receive data, and portable "notebook" computers.
But the dispute also illustrates that even as the cold war ebbs, the
National Security Agency is still wielding influence over many United States
high-technology industries. Indeed, executives from a number of high-
technology companies say the agency is hampering their efforts to compete for
business overseas by forcing them to make products for foreign markets that are
different from products sold domestically.
The agency exercises this power in evaluating some of the applications by
companies to export high-technology products. In that role, critics say, the
agency has opposed exports of equipment fitted with advanced encryption systems
that are increasingly vital to modern business.
Buyers Can Shop Elsewhere
The agency's critics say it is almost impossible to contain the proliferation
of encryption technologies and that customers who are deterred from buying it
in the United States will simply shop abroad or steal the technology.
"The notion that you can control this technology is comical," said William H.
Neukom, vice president for law and corporate affairs at Microsoft Corporation,
the big software publisher.
Critics also say that it is ludicrous that encryption systems used in popular
software programs receive the type of Government scrutiny that might be
expected for weapons. "The notion that our our products should be classified
as munitions, and treated that way just doesn't make sense at all," Mr. Neukom
said.
Privacy advocates have also challenged the committee's intention not to publish
the algorithm on which the encryption technology is based. Traditionally,
cryptographers have said that the best way to ensure that encryption techniques
work is to publish the formulas so they can be publicly tested.
The committee has said that it will not disclose the formula because it does
not want to criminals an opportunity to crack the code. But publishing the
formula is only a danger only if the formula is weak, said John Gilmore, a
Silicon Valley software designer, and privacy advocate. If the formula is
strong, disclosing it publicly and letting anyone try to crack it would simply
prove it works.
The code, however, is simple to break, say a number of engineers who have
examined it. Several committee members said they realized that the security
agency would never permit the adoption of an unbreakable privacy scheme.
"The cynics in the bar would say that you're never going to get anything by the
NSA that they can't crack trivially anyway," said Peter Nurse, chairman of the
authentication and privacy subcommittee of the standards committee and an
engineer at Hughes Network Systems.
NSA Role Denied
But a number of engineers who worked on the technical standard insist that the
agency has had no overt role in setting it. "The standard was based on the
technical deliberations of some of the best experts in North America," said
John Marinho, chairman of the standards committee and an executive at AT&T. He
said the committee relied on the NSA only for guidance on complying with United
States regulations.
He also said that the new standard would offer far more privacy protection than
is available under the present cellular telephone system. Today, although it
is against the law to eavesdrop on a cellular telephone conversation, many
individuals modify commercial radio scanners so they can receive the
frequencies on which cellular calls are transmitted.
_______________________________________________________________________________
FBI Eavesdropping Challenged February 17, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Taken from The Washington Post
WASHINGTON -- Cellular telephones and other state-of-the art telecommunications
technology are seriously challenging the FBI's ability to listen to the
telephone conversations of criminal suspects, law enforcement officials say.
The FBI is seeking $26.6 million next year to update its eavesdropping
techniques. Normally tight-lipped FBI officials become even more closed-
mouthed when the subject of investigative "sources and methods" comes up. But
a review of the bureau's 1993 budget request provides an unusual glimpse into
the FBI's research on electronic surveillance and its concerns about new
technologies.
"Law enforcement is playing catchup with the telecommunications industry's
migration to this technology," said the FBI's budget proposal to Congress. "If
electronic surveillance is to remain available as a law enforcement tool,
hardware and software supporting it must be developed."
The new technologies include digital signals and cellular telephones. At the
same time, there has been an increase in over-the-phone transmission of
computer data, which can be encrypted through readily available software
programs, say industry experts and government officials.
The FBI's five-year research effort to develop equipment compatible with
digital phone systems is expected to cost $82 million, according to
administration figures.
The FBI effort is just a part of a wider research program also financed by the
Pentagon's secret intelligence budget, said officials who spoke on condition of
anonymity.
Electronic surveillance, which includes both telephone wiretaps and microphones
hidden in places frequented by criminal suspects, is a key tool for
investigating drug traffickers as well as white-collar and organized crime.
Conversations recorded by microphones the FBI placed in the New York City
hangouts of the Gambino crime family are the centerpiece of the government's
case against reputed mob boss John Gotti, now on trial for ordering the murder
of his predecessor, Paul Castellano.
Taps on the phones of defense consultants provided key evidence in the Justice
Department's long running investigation of Pentagon procurement fraud, dubbed
"Operation Ill Wind." But with the advent of digital phone signals, it is
difficult to unscramble a single conversation from the thousands that are
transmitted simultaneously with computer generated data and images, industry
officials said.
"In the old days all you had to do was take a pair of clip leads and a head
set, put it on the right terminal and you could listen to the conversation,"
said James Sylvester, an official of Bell Atlantic Network Services Inc. But
digital signal transmission makes this task much more difficult. Conversations
are broken into an incoherent stream of digits and put back together again at
the other end of the line.
John D. Podesta, a former counsel to the Senate Judiciary's law and technology
subcommittee, said the FBI and other law enforcement agencies are simply
victims of a technological revolution. For more than 50 years the basic
telephone technology remained the same.
_______________________________________________________________________________
Nynex Will Go On-line With Listings February 20, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Adam M. Gaffin ([email protected])(Middlesex News, Framingham, MA)
You can now let your fingers do the walking electronically through the Yellow
Pages.
Nynex yesterday announced an online Yellow Pages available to anyone with a
computer and modem, becoming the first regional Bell operating company to offer
an electronic Yellow Pages database. The 1984 court order that broke up AT&T
had barred such efforts, but that provision was overturned last year.
The service, at least at first, will offer listings only, rather than ads, from
close to 300 Nynex directories -- the company serves most of New York and New
England, except for Connecticut.
Users will also be able to scan UPI news and financial information, according
to Kurt Roessner, president of Nynex Information Technologies, the subsidiary
that will run the service. Ultimately, the company hopes to begin offering and
displaying Yellow Pages-like ads to users, Roessner said yesterday.
Users will require special software to access the information through the
Minitel network, a French system that has so far failed to catch on in the U.S.
Nynex will provide the software for free to users of MS-DOS, Macintosh, Apple
II and Commodore computers, Roessner said.
Roessner said Nynex eventually hopes to offer the service on other, more
popular computer networks. Minitel was chosen because Nynex has offered its
Yellow Pages information to French subscribers for almost two years, he said.
Nynex will charge 61 cents a minute -- $36.60 an hour -- the same as French
users pay. However, Roessner acknowledged this may be more than Americans are
willing to pay and that the company will look at lowering the rate.
CompuServe, the nation's largest consumer-oriented computer network, charges
$12.80 an hour -- but drops that to just 50 cents an hour to people who use an
AT&T directory of national toll-free numbers.
The Nynex project is the latest in a series of efforts by large companies to
sell information to consumers via computer. Some, such as an effort by Knight-
Ridder in the mid-1980s, have ended in spectacular failure. Last year, Nynex
dropped its own information "gateway" service after losing several million
dollars. CompuServe and several other online services, however, reportedly
earn sizable profits.
Phone-company information services have been surrounded by controversy.
Opponents, who include organizations representing newspaper publishers, say it
is unfair to allow a company that provides the means of distribution to also
offer services -- a common comparison is to a turnpike authority that also ran
a trucking company.
Roessner, however, said he hopes the phone company can cooperate with, rather
than fight, other potential "information providers." He said he has already
talked with officials at a number of newspapers who seem more willing to work
with the phone company on joint projects than their national organizations
would let on.
_______________________________________________________________________________
Civil Jury Rules Against AT&T in Patent Violation Case February 9, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Paul Deckelman (United Press International/UPI)
NEW YORK -- A jury ruled American Telephone & Telegraph Company infringed upon
somebody else's patent for telephone switching equipment and awarded the
plaintiff $34.6 million, an attorney said.
AT&T contends the suit is without merit and said it will appeal the verdict.
The six-member jury at the federal district court in Midland, Texas, returned
its verdict after having heard six days of testimony in the case, brought
against the telecommunications giant by Collins Licensing L.P., of Dallas.
The plaintiff's lawyer, Joseph Grear, of the Chicago-based firm of Rolf
Stadheim Ltd., held out the possibility that the total award could go
substantially higher, due to interest accruing back to 1985. An AT&T spokesman
dismissed the possibility.
U.S. District Court Judge Lucius Bunton is considering the jury's
recommendation.
Grear claimed AT&T's 5ESS digital central office switching device infringed
upon a 1976 federal patent for a "Time Space Time (TST) Switch" awarded to the
late Arthur A. Collins.
Collins was the founder of Collins Radio Co., now a division of Rockwell
International Inc., of El Segundo, California.
"Arthur Collins was a pioneer in the field of digital telecommunications. The
jury's verdict provides recognition of Mr. Collins' substantial research and
development investment in, and important technical contributions to, the field
of digital telephony," Grear said.
AT&T's Network Systems division came out with the device in the early 1980s,
using it for central-office telephone switching equipment used to route calls
to the proper exchange and number.
The suit, filed in December 1990, originally named Southwestern Bell, of
Dallas, as a co-defendent. That portion of the case, however, was dismissed
when the regional telephone company argued it had not violated the patent
because it did not make the disputed switching equipment -- it had only bought
it from AT&T.
But AT&T contends that Collins' patent was not valid.
Spokesman Curt Wilson said the Federal Patent Office is currently examining the
patent in question in a separate proceeding at the request of both AT&T and
Collins Licensing. "We think they will invalidate that patent and we won't
have to pay," he said.
There is no firm time frame for the anticipated Patent Office ruling.
Wilson added that even if the patent is found by the government to have been
valid, AT&T does not believe its equipment used Collins' discovery, and thus
feels it did not infringe upon the patent.
"The jury found in our favor on seven of the original eight counts of the
suit," Wilson said, "and on the remaining claim, awarded them $34 million, 70
times less than the amount they had originally sought."
We believe this suit is totally without merit," the spokesman asserted. "The
patent is not valid -- and we expect the patent office to agree."
_______________________________________________________________________________
User "Bill Of Rights" Introduced January 23, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TAMPA, FLORIDA.-- .The North American Directory Forum (NADF) introduced a "User
Bill of Rights" to address security and privacy issues regarding entries and
listings concerning its proposed cooperative public directory service. NADF
members also approved continuing efforts on an experimental publish directory
pilot at their eighth quarterly meeting.
The "User Bill of Rights" addresses the concerns of the individual user or the
user's agent, and is in response to issues brought to the attention of the
NADF.
Final plans were completed for the X.500 directory pilot scheduled to begin in
the first quarter of this year. The pilot will be used by the NADF to validate
its technical agreements for providing a publich directory service in North
America. The agreements have been recorded in standing documents and include
the services that will be provided, the directory schema and information
sharing required to unify the directory. It will test the operation of X.500
in a large-scale, multi-vendor environment.
All NADF members are participating in the pilot. The members are AT&T, Bell
Atlantic, BellSouth Advanced Networks, Bellcore representing US West, BT North
America, GE Information Services, IBM, Infonet, MCI Communications Corp.,
Pacific Bell, Performance Systems International, US Postal Service and Ziff
Communications Co. Joining the NADF at this meeting are Canada Post
Corporation and DirectoryNet, Inc.
The NADF was founded in 1990 with the goal of bringing together major messaging
providers in the U.S. and Canada to establish a public directory service based
on X.500, the CCITT recommendation for a global directory service. The forum
meets quarterly in a collaborative effort to address operational, commercial
and technical issues involved in implementing a North American directory with
the objective of expediting the industry's transition to a global X.500
directory.
This quarter's meeting was hosted by the IBM Information Network, IBM's
value-added services network that provides networking, messaging, capacity and
consulting services.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
USER BILL OF RIGHTS (for entries and listings in the Public Directory)
The mission of the North American Directory Forum is to provide interconnected
electronic directories which empower users with unprecedented access to public
information. To address significant security and privacy issues, the North
American Directory Forum introduces the following "User Bill of Rights" for
entries in the Public Directory. As a user, you have:
I. The right not to be listed.
II. The right to have you or your agent informed when your entry is created.
III. The right to examine your entry.
IV. The right to correct inaccurate information in your entry.
V. The right to remove specific information from your entry.
VI. The right to be assured that your listing in the Public Directory will
comply with US or Canadian law regulating privacy or access information.
VII. The right to expect timely fulfillment of these rights.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scope of Intent - User Bill of Rights
The North American Directory Forum is a collection of service providers that
plan to offer a cooperative directory service in North America. This is
achieved by interconnecting electronic directories using a set of
internationally developed standards known as the CCITT X.500 series.
In this context, the "Directory" represents the collection of electronic
directories administered by both service providers and private operators. When
an entry containing information about a user is listed in the Directory, that
information can be accessed unless restricted by security and privacy controls.
A portion of the Directory -- The Public Directory -- contains information for
public dissemination. In contrast, other portions of the Directory may contain
information not intended for public access. A user or user's agent may elect
to list information in the Public Directory, a private directory, or some
combination. For example, a user might publicly list a telephone number or an
electronic mail address, and might designate other information for specific
private use.
The User Bill of Rights pertains to the Public Directory.
Source: NADF, January 1992