==Phrack Inc.== Volume Three, Issue 28, File #9 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXVIII/Part 1 PWN PWN PWN PWN October 7, 1989 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Welcome to Issue XXVIII of Phrack World News! This issue of Phrack World News contains stories and articles detailing events from June - October, 1989 and features Bellcore, Chalisti, Chaos Computer Club, Clifford Stoll, The Disk Jockey, Fry Guy, The Grim Phreaker, Legion of Doom, The Leftist, Major Havoc, Kevin Mitnick, Robert Morris, Oryan QUEST, The Prophet, Red Rebel, Shadow Stalker, Shadow 2600, Terra, The Urvile, and much more so keep reading. "The Real Future Is Behind You... And It's Only The Beginning!" _______________________________________________________________________________ Judge Suggests Computer Hacker Undergo Counseling July 17, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Karen E. Klein (New York Times) LOS ANGELES -- A federal judge has suggested that Los Angeles computer hacker Kevin Mitnick be sentenced to a one-year residential treatment program to break his "computer addiction." Although she did not finalize her sentence, U.S. District Judge Mariana R. Pfaelzer said Monday that she thought Mitnick had some problems that would benefit from counseling. Pfaelzer will actually pass sentence at a hearing set for Tuesday, July 18. The idea that a computer "junkie" who cannot control his urge to break into computers could be helped with a program similar to Alcoholics Anonymous is a new one, Harriet Rossetto, director of the treatment program, told the judge. "His behavior is an impulse disorder," Rossetto said. "The disease is the addiction, whether it be drugs, alcohol, gambling, hacking, money or power." Rossetto, who was contacted by Mitnick's family, said Mitnick would be the first person addicted to computer crime to be treated in the Bet T'shuvah program , a 20-bed residential treatment program for Jewish criminal offenders. "It's not willful conduct, what Kevin does," she said. "He's tried to control his behavior but hacking gives him a sense of power, makes him feel like somebody when he's depressed or he's lost a job." Mitnick, age 25, has been in federal prison for seven months since his arrest last December on computer fraud charges. He pleaded guilty in May to possessing 16 unauthorized MCI long-distance codes and to stealing a computer security program from the Digital Equipment Corporation in Massachusetts. Mitnick has been described in court as a computer whiz who could break into secured systems and change telephone or school records at will. He told the judge on Monday, July 17 that he wants to stop hacking. "I sincerely want to change my life around and be productive rather than destructive," Mitnick said. "With counseling to break the addictive pattern I feel I have towards computer hacking, I can take an active role and I don't have to have the compulsive behavior again." Assistant U.S. Attorney James R. Asperger said that the government does not oppose Mitnick's release from prison to be treated at Bet T'shuvah. "The judge has taken this case very seriously. It shows computer hacking is not like a Nintendo game," Asperger said. Mitnick has cooperated with FBI investigators since his pleaded guilty and helped bring charges against his former best friend, Leonard DiCicco, 23, of Calabasas, Asperger said. DiCicco, who initially tipped the FBI to Mitnick's crimes, has agreed to plead guilty to a charge of aiding and abetting the transportation of a stolen computer program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Authorities Backed Away From Original Allegations July 23, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Karen E. Klein (New York Times) LOS ANGELES -- Shortly after computer hacker Kevin Mitnick was arrested last December (1988), he was characterized as an extreme threat who could wreak electronic chaos if he got near so much as a telephone without supervision. Police and FBI agents started trying to corroborate the flurry of rumors that arose about the malicious actions of the computer whiz from suburban Panorama City, whose case attracted national attention. Three judges denied Mitnick, age 25, bail on the ground that he was a danger to society and ordered him held in a high-security jail cell. But after separating the Mitnick myth from the reality, authorities backed away from many of their original allegations. "A lot of the stories we originally heard just didn't pan out, so we had to give him the benefit of the doubt," said James R. Asperger, the assistant U.S. attorney who handled Mitnick's case. Mitnick, pudgy and nervous, appeared in court last week to apologize for his crimes and to ask for treatment to help break his compulsive "addiction" to computers. U.S. District Judge Mariana R. Pfaelzer sentenced him to serve one year in prison -- including the nearly eight months he already has served -- and then to undergo six months of counseling and treatment similar to that given to alcoholics or drug addicts. "I think he has problems that would benefit greatly from this kind of therapy," Pfaelzer said. "I want him to spend as much time as possible in counseling." The case that began with a bang ended with Asperger pointing out that the one-year prison term is the stiffest sentence ever handed out in a computer fraud case. Mitnick originally was accused of using unauthorized MCI long-distance codes to tap into Leeds University computers in England and of stealing a $4 million computer security system from the Digital Equipment Corporation in Massachusetts. He ultimately agreed to plead guilty to possessing 16 unauthorized MCI long-distance codes and to stealing the computer security program. The other charges were dismissed. Alan Rubin, Mitnick's lawyer, said he felt vindicated by the outcome of the case. Rubin contended from the start that computerphobia and adolescent exaggeration led authorities to mistakenly brand Mitnick a malicious criminal. "Once the snowball starts rolling, you can't stop it," said Rubin, who waged an unsuccessful campaign up to the federal appeals court to get bail for his client. Far from being serious, Rubin said, Mitnick's actions were mostly immature, adolescent pranks. He pointed to evidence that Mitnick was able to electronically cut off telephone service to people he was angry with and once sent an enemy a $30,000 hospital telephone bill. "It was the computer equivalent of sending your friend 14 pizzas," he said. Many of the legends surrounding Mitnick came from the subculture of computer hackers -- and specifically from a man who was once Mitnick's best friend, Leonard Mitchell DiCicco, age 23, of Calabasas, California. DiCicco, who had a falling out with Mitnick over a $100 bet, told computer security specialists at the Digital Equipment Corporation that Mitnick had been trespassing on their system. They in turn contacted the FBI agents, who arrested Mitnick. What DiCicco told investigators may or may not have been entirely truthful, Rubin said. "I have no idea what his motives were," Rubin said. But DiCicco, who alerted authorities to Mitnick's crime, had the tables turned on him after the government refused to grant him absolute immunity for his testimony against Mitnick. When the prosecution said they might charge him with a crime, DiCicco clammed up and refused to cooperate any further. But from his prison cell, Mitnick agreed to cooperate and provided enough incriminating evidence for the government to charge DiCicco. DiCicco is expected to plead guilty to a charge of aiding and abetting the interstate transportation of stolen property -- the computer security program -- on Monday. Asperger said he was not sure whether DiCicco would get a sentence similar to Mitnick's. "Although they were friends and partners in computer hacking, (DiCicco) appeared to play a subordinate role (in the crime)," Asperger said. Other rumors about Mitnick's conduct came from fellow hackers, who may have blown the stories out of proportion. "It's a very strange sub-culture, with a lot of jealousies," Rubin said. "Part of it is bragging about how macho you are and what systems you've broken into. It's very immature in a lot of ways." But prosecutors, citing Mitnick's various scrapes with computer misconduct since he was 13, aren't willing to let him off the hook entirely. "I think there's some substance to these things (the rumors that arose in Mitnick's case), an awful lot of them," said Los Angeles FBI chief Lawrence Lawler, who is a computer buff himself and followed Mitnick's case closely. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you are looking for other articles about Kevin David Mitnick aka Condor please refer to; "Pacific Bell Means Business" (10/06/88) PWN XXI. . .Part 1 "Dangerous Hacker Is Captured" (No Date ) PWN XXII . .Part 1 "Ex-Computer Whiz Kid Held On New Fraud Counts" (12/16/88) PWN XXII . .Part 1 "Dangerous Keyboard Artist" (12/20/88) PWN XXII . .Part 1 "Armed With A Keyboard And Considered Dangerous" (12/28/88) PWN XXIII. .Part 1 "Dark Side Hacker Seen As Electronic Terrorist" (01/08/89) PWN XXIII. .Part 1 "Mitnick Plea Bargains" (03/16/89) PWN XXV. . .Part 1 "Mitnick Plea Bargain Rejected As Too Lenient" (04/25/89) PWN XXVII. .Part 1 "Computer Hacker Working On Another Plea Bargain" (05/06/89) PWN XXVII. .Part 1 "Mitnick Update" (05/10/89) PWN XXVII. .Part 1 "Kenneth Siani Speaks Out About Kevin Mitnick" (05/23/89) PWN XXVII. .Part 1 _______________________________________________________________________________ BITNET/CSNET Announce Merger and Formation of CREN August 18, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Washington, DC -- Two of the nation's leading academic and research computer networks announced today that final steps are being taken to merge their organizations. Ira Fuchs, President of BITNET, and Bernard Galler, Chairman of CSNET, jointly reported that the two networks, which together include 600 colleges, universities, government agencies, and private sector research organizations, will unite to form the Corporation for Research and Educational Networking, CREN. Galler, a Professor of Electrical Engineering and Computer Science at the University of Michigan, commented: "The aims of CSNET and BITNET -- to support and promote the use of computer networks on campuses and within research organizations -- have converged over the last several years. We believe that by bringing these two networks into a single organization, we will be able to provide better service to our network users and more effectively participate in the fast-changing national network environment." Fuchs, Vice President for Computing and Information Technology at Princeton University, sees the move as a strengthening factor: "The need for campus networks and the introduction of new technology make it necessary to build a common base of network services using the most progressive technology available. By eliminating overlap between our two organizations, we will become more efficient, and more importantly, we can take a stronger role in the the formation of the national education and research network. We can achieve this goal faster and at lower cost by leveraging the efforts of the two major academic networking organizations." The merger of CSNET and BITNET has been studied for more than a year by a planning group consisting of representatives from both networks. CSNET currently lists 145 institutional and corporate members, and BITNET 480 members. Together, the two networks cover all 50 states and 32 foreign countries, including Japan, Brazil, Mexico, and Argentina. Both maintain gateways to EARN (European Academic Research Network), NetNorth (Canada), and the National Internet. The planning group's recommendations to merge were approved by the BITNET, Inc. Trustees and the Directors of the University Corporation for Atmospheric Research, operators of CSNET for the last five years. An information packet on the merger is being mailed to all members of both networks this week, with a ballot for BITNET members, who must approve the final legal steps under the provisions of BITNET By-Laws. In an advisory vote last winter, BITNET members approved the merger in principle by more than 90% of those voting. A gradual transition period is planned to bring together CSNET and BITNET services. CREN plans to continue use of EDUCOM and Bolt, Beranek and Newman (BBN) to provide technical and general management services to its members. EDUCOM President Kenneth M. King commented, "We are entering a particularly challenging period in the creation of an advanced national network infrastructure for research and education. CREN will play a major role in the future of these computer networks, which are becoming more and more important to the conduct of research and the quality of education. EDUCOM is pleased to have an opportunity to support the services and activities of CREN. " Frank Heart, Senior Vice President, BBN Systems and Technologies Corporation, said, "In keeping with its long involvement in the development of networking technologies, BBN is pleased to play a major supporting role in the evolution of BITNET and CSNET." The proposed CREN Board includes Fuchs and Galler; Douglas Bigelow. . . . . Wesleyan University William Curtis . . . . . University Corporation for Atmospheric Research David Farber . . . . . . University of Pennsylvania Suzanne Johnson. . . . . INTEL Corporation Mark Laubach . . . . . . Hewlett-Packard Corporation Philip Long. . . . . . . Yale University Dennis Ritchie . . . . . AT&T Bell Laboratories Martin Solomon . . . . . University of South Carolina Douglas Van Houweling. . University of Michigan William Yundt. . . . . . Stanford University For more information, contact Corporation for Research and Educational Networking Suite 600 1112 16th Street NW Washington, DC 20036 (202) 872-4215 [Obviously they decided not to call it ONEnet --KL] _______________________________________________________________________________ CERT Internet Security Advisory August 16, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From Kenneth R. van Wyk Many computers connected to the Internet have recently experienced unauthorized system activity. Investigation shows that the activity has occurred for several months and is spreading. Several UNIX computers have had their "telnet" programs illicitly replaced with versions of "telnet" which log outgoing login sessions (including usernames and passwords to remote systems). It appears that access has been gained to many of the machines which have appeared in some of these session logs. (As a first step, frequent telnet users should change their passwords immediately.) While there is no cause for panic, there are a number of things that system administrators can do to detect whether the security on their machines has been compromised using this approach and to tighten security on their systems where necessary. At a minimum, all UNIX site administrators should do the following: o Test telnet for unauthorized changes by using the UNIX "strings" command to search for path/filenames of possible log files. Affected sites have noticed that their telnet programs were logging information in user accounts under directory names such as "..." and ".mail". In general, we suggest that site administrators be attentive to configuration management issues. These include the following: o Test authenticity of critical programs - Any program with access to the network (e.g., the TCP/IP suite) or with access to usernames and passwords should be periodically tested for unauthorized changes. Such a test can be done by comparing checksums of on-line copies of these programs to checksums of original copies. (Checksums can be calculated with the UNIX "sum" command.) Alternatively, these programs can be periodically reloaded from original tapes. o Privileged programs - Programs that grant privileges to users (e.g., setuid root programs/shells in UNIX) can be exploited to gain unrestricted access to systems. System administrators should watch for such programs being placed in places such as /tmp and /usr/tmp (on UNIX systems). A common malicious practice is to place a setuid shell (sh or csh) in the /tmp directory, thus creating a "back door" whereby any user can gain privileged system access. o Monitor system logs - System access logs should be periodically scanned (e.g., via UNIX "last" command) for suspicious or unlikely system activity. o Terminal servers - Terminal servers with unrestricted network access (that is, terminal servers which allow users to connect to and from any system on the Internet) are frequently used to camouflage network connections, making it difficult to track unauthorized activity. Most popular terminal servers can be configured to restrict network access to and from local hosts. o Passwords - Guest accounts and accounts with trivial passwords (e.g., username=password, password=none) are common targets. System administrators should make sure that all accounts are password protected and encourage users to use acceptable passwords as well as to change their passwords periodically, as a general practice. For more information on passwords, see Federal Information Processing Standard Publication (FIPS PUB) 112, available from the National Technical Information Service, U.S. Department of Commerce, Springfield, VA 22161. o Anonymous file transfer - Unrestricted file transfer access to a system can be exploited to obtain sensitive files such as the UNIX /etc/passwd file. If used, TFTP (Trivial File Transfer Protocol - which requires no username/password authentication) should always be configured to run as a non-privileged user and "chroot" to a file structure where the remote user cannot transfer the system /etc/passwd file. Anonymous FTP, too, should not allow the remote user to access this file, or any other critical system file. Configuring these facilities to "chroot" limits file access to a localized directory structure. o Apply fixes - Many of the old "holes" in UNIX have been closed. Check with your vendor and install all of the latest fixes. If system administrators do discover any unauthorized system activity, they are urged to contact the Computer Emergency Response Team (CERT). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Internet Cracker On The Loose: Who Is He? October 2, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There is a cracker on the loose in the Internet. This is the information made public so far. Traces of the cracker were found at the Institute for Advanced Studies in Princeton. He also left traces at one of the Super computer centers. Both CERT and the FBI have been called. The technique that is being used is as follows: 1) He has a modified telnet that tries a list passwords on accounts. Username forwards and backwards, username + pw, etc. 2) He seems to have a program call "ret", that is breaking into root. 3) He seems to be getting a list of victim machines via people's .rhosts files. 4) He copies password files to the machines that he is currently working from. 5) He is good about cleaning up after himself. He zeros out log files and other traces of himself. 6) The breakins are occurring between 10 PM Sunday nights and 8 AM Monday mornings. 7) He seems to bring along a text file of security holes to the machines he breaks into. 8) Backtracing the network connections seem to point to the Boston area as a base of operations. The system administrator at IAS found a directory with the name ".. " (dot dot space space). The files mentioned above were found in this directory. _______________________________________________________________________________ Worried Firms Pay Hush Money To "Hackers" June 12, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Richard Caseby (London Times) "Are London Firms Offering Amnesty To Hacker Thieves?" Firms in the City of London are buying the silence of hackers who break into their computers and steal millions of pounds. At least six London firms have signed agreements with criminals, offering them amnesty if they return part of the money. The firms fear that if they prosecute they will lose business when customers learn that their computer security is flawed. In several of the case the losses exceeded 1 million pounds, but only a tenth of the total was returned. The Computer Industry Research Unit (CIRU) which uncovered the deals and which is advising the Department of Trade and Industry in data security, believes the practice of offering amnesties is widespread. "Companies who feel vulnerable are running scared by agreeing to these immoral deals. Their selfishness is storing up serious problems for everyone else," said Peter Nancarrow, a senior consultant. Police have warned that deals struck with criminals could possibly lead to an employer being prosecuted for perverting the course of justice. Detective Inspector John Austin, of Scotland Yard's computer fraud squad, said, "Employers could find themselves in very deep water by such strenuous efforts to protect the credibility of their image." Legal experts say the firms are making use of section five of the Criminal Law Act 1967 which allows them to keep silent on crimes and privately agree on compensation. However, an employer becomes a witness to the offense by taking evidence from a criminal when the deal is drawn up. Hackers steal by electronically transferring funds or by programming a computer to round off all transactions by a tiny amount and diverting the money to a separate account. In one case, an assistant programmer at a merchant bank diverted 8 million pounds to a Swiss bank account and then gave back 7 million in return for a non-disclosure agreement protecting him against prosecution. Such thefts have spread alarm throughout London, with consultants offering to penetrate the computer networks of banks and finance houses to pinpoint loopholes before a hacker does. The biggest contracts cost up to 50,000 pounds and can involve a four month investigation in which every weakness is explored. Detectives have found that computer security at many London institutions is riddled with loopholes. A city of London police operation, codenamed Comcheck, revealed wide spread weaknesses. Firms were asked to track the number of unauthorized logons over Easter bank holiday. Some companies unable to tell whether hackers had penetrated their network, while others lacked any security defenses. In addition to theft, companies are vulnerable to blackmail. Hackers can threaten to sabotage computers by inserting "viruses" and "logic bombs" --rogue programs which can paralyze a system. This type of threat has prompted the offer of a new insurance policy underwritten by Lloyd's which specifically covers viruses and other computer catastrophes. ______________________________________________________________________