==Phrack Magazine== Volume Five, Issue Forty-Six, File 3 of 28 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== PART I ------------------------------------------------------------------------------ !! NEW PHRACK CONTEST !! Phrack Magazine is sponsoring a programming contest open to anyone who wishes to enter. Write the Next Internet Worm! Write the world's best X Windows wardialer! Code something that makes COPS & SATAN look like high school Introduction to Computing assignments. Make the OKI 1150 a scanning, tracking, vampire- phone. Write an NLM! Write a TSR! Write a stupid game! It doesn't matter what you write, or what computer it's for! It only matters that you enter! Win from the following prizes: Computer Hardware & Peripherals System Software Complete Compiler packages CD-ROMS T-Shirts Magazine Subscriptions and MANY MORE! STOP CRACKING PASSWORDS AND DO SOMETHING WITH YOUR LIFE! Enter the PHRACK PROGRAMMING CONTEST! The rules are very simple: 1) All programs must be original works. No submissions of previously copyrighted materials or works prepared by third parties will be judged. 2) All entries must be sent in as source code only. Any programming language is acceptable. Programs must compile and run without any modifications needed by the judges. If programs are specific to certain platforms, please designate that platform. If special hardware is needed, please specify what hardware is required. If include libraries are needed, they should be submitted in addition to the main program. 3) No virii accepted. An exception may be made for such programs that are developed for operating systems other than AMIGA/Dos, System 7, MS-DOS (or variants), or OS/2. Suitable exceptions could be, but are not limited to, UNIX (any variant), VMS or MVS. 4) Entries may be submitted via email or magnetic media. Email should be directed to phrack@well.com. Tapes, Diskettes or other storage media should be sent to Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 5) Programs will be judged by a panel of judges based on programming skill displayed, originality, usability, user interface, documentation, and creativity. 6) Phrack Magazine will make no claims to the works submitted, and the rights to the software are understood to be retained by the program author. However, by entering, the Author thereby grants Phrack Magazine permission to reprint the program source code in future issues. 7) All Entries must be received by 12-31-94. Prizes to be awarded by 3-1-95. -------------------------INCLUDE THIS FORM WITH ENTRY------------------------- Author: Email Address: Mailing Address: Program Name: Description: Hardware & Software Platform(s) Developed For: Special Equipment Needed (modem, ethernet cards, sound cards, etc): Other Comments: ------------------------------------------------------------------------------ COMPUTER COP PROPHILE FOLLOW-UP REPORT LT. WILLIAM BAKER JEFFERSON COUNTY POLICE by The Grimmace In PHRACK 43, I wrote an article on the life and times of a computer cop operating out of the Jefferson County Police Department in Louisville, Kentucky. In the article, I included a transcript of a taped interview with him that I did after socially engineering my way through the cop-bureaucracy in his department. At the time I thought it was a hell of an idea and a lot of PHRACK readers probably got a good insight into how the "other side" thinks. However, I made the terminal mistake of underestimating the people I was dealing with by a LONG shot and felt that I should write a short follow-up on what has transpired since that article was published in PHRACK 43. A lot of the stuff in the article about Lt. Baker was obtained by an attorney I know who has no reason to be friendly to the cops. He helped me get copies of court transcripts which included tons of information on Baker's training and areas of expertise. Since the article, the attorney has refused to talk to me and, it appears, that he's been identified as the source of assistance in the article and all he will say to me is that "I don't want any more trouble from that guy...forget where you left my phone number." Interesting...no elaboration...hang up. As I recall, the PHRACK 43 issue came out around November 17th. On November 20th, I received a telephone call where I was living at the home of a friend of mine from Lt. Baker who laughingly asked me if I needed any more information for any "future articles". I tried the "I don't know what you're talking about" scam at which time he read to me my full name, date of birth, social security number, employer, license number of my car, and the serial number from a bicycle I just purchased the day before. I figured that he'd run a credit history on me, but when I checked, there had been no inquiries on my accounts for a year. He told me the last 3 jobs I'd held and where I bought my groceries and recited a list of BBSs I was on (two of which under aliases other than The Grimmace). This guy had a way about him that made a chill run up my spine and never once said the first threatening or abusive thing to me. I suppose I figured that the cops were all idiots and that I'd never hear anything more about the article and go on to write some more about other computer cops using the same method. I've now decided against it. I got the message...and the message was "You aren't the only one who can hack out information." I'd always expected to get the typical "cop treatment" if I ever got caught doing anything, but I think this was worse. Hell, I never know where the guy's gonna show up next. I've received cryptic messages on the IRC from a variety of accounts and servers all over the country and on various "private" BBSs and got one on my birthday on my Internet account...it traced back to an anonymous server somewhere in the bowels of UCLA. I don't know anyone at UCLA and the internet account I have is an anonymous account actually owned by another friend of mine. I think the point I'm trying to make is that all of us have to be aware of how the cops think in order to protect ourselves and the things we believe in. But...shaking the hornet's nest in order to see what comes out maybe isn't the coolest way to investigate. Like I wrote in my previous article, we've all gotten a big laugh from keystone cops like Foley and Golden, but things may be changing. Local and federal agencies are beginning to cooperate on a regular basis and international agencies are also beginning to join the party. The big push to eradicate child-pornography has led to a number of hackers being caught in the search for the "dirty old men" on the Internet. Baker was the Kentucky cop who was singularly responsible for the bust of the big kiddie-porn FSP site at the University of Birmingham in England back in April and got a lot of press coverage about it. But I had personally never considered that a cop could hack his way into a password-protected FSP site. And why would he care about something happening on the other side of the world? Hackers do it, but not cops...unless the cops are hackers. Hmmm...theories anyone? I don't live in Louisville anymore...not because of Baker, but because of some other problems, but I still look over my shoulder. It would be easier if the guy was a prick, but I'm more paranoid of the friendly good-ole boy than the raving lunatic breaking in our front doors with a sledge hammer. I always thought we were safe because we knew so much more than the people chasing us. I'm not so certain of that anymore. So that's it. I made the mistakes of 1) probably embarrassing a guy who I thought would never be able to touch me and 2), drawing attention to myself. A hacker's primary protection lies in his anonymity...those who live the high profiles are the ones who take the falls and, although I haven't fallen yet, I keep having the feeling that I'm standing on the edge and that I know the guy sneaking up behind me. From the shadows-- The Grimmace [HsL - RAt - UQQ] ------------------------------------------------------------------------------ !! PHRACK READS !! "Cyberia" by Douglas Rushkoff Review by Erik Bloodaxe Imagine a book about drugs written by someone who never inhaled. Imagine a book about raves written by someone saw a flyer once. Imagine a book about computers by someone who someone who thinks a macintosh is complex. Imagine an author trying to make a quick buck by writing about something his publisher said was hot and would sell. And there you have Cyberia, by Douglas Rushkoff. I have got to hand it to this amazing huckster Rushkoff, though. By publishing Cyberia, and simultaneously putting out "The Gen X Reader," (which by the way is unequaled in its insipidness), he has covered all bases for the idiot masses to devour at the local bookseller. Rushkoff has taken it upon himself to coin new terms such as "Cyberia," the electronic world we live in; "Cyberians," the people who live and play online; etc... Like we needed more buzzwords to add to a world full of "Infobahns" "console cowboys," and "phrackers." Pardon me while I puke. The "interviews" with various denizens of Rushkoff's "Cyberia" come off as fake as if I were to attempt to publish an interview with Mao Tse Tung in the next issue of Phrack. We've got ravers talking on and on about "E" and having deep conversations about smart drugs and quantum physics. Let's see: in the dozens of raves I've been to in several states the deepest conversation that popped up was "uh, do you have any more of that acid?" and "this mix is cool." And these conversations were from the more eloquent of the nearly all under 21 crowd that the events attracted. Far from quantum physicians. And beyond that, its been "ecstasy" or "X" in every drug culture I've wandered through since I walked up the bar of Maggie Mae's on Austin, Texas' 6th Street in the early 80's with my fake id and bought a pouch of the magic elixir over the counter from the bartender (complete with printed instructions). NOT "E." But that's just nit-picking. Now we have the psychedelic crowd. Listening to the "Interviews" of these jokers reminds me of a Cheech and Chong routine involving Sergeant Stedanko. "Some individuals who have smoked Mary Jane, or Reefer oftimes turn to harder drugs such as LSD." That's not a quote from the book, but it may as well be. People constantly talk about "LSD-this" and "LSD-that." Hell, if someone walked into a room and went on about how he enjoyed his last "LSD experience" the way these people do, you'd think they were really really stupid, or just a cop. "Why no, we've never had any of that acid stuff. Is it like LSD?" Please. Then there are the DMT fruitcakes. Boys and girls, DMT isn't being sold on the street corner in Boise. In fact, I think it would be easier for most people to get a portable rocket launcher than DMT. Nevertheless, in every fucking piece of tripe published about the "new psychedlicia" DMT is splattered all over it. Just because Terrance Fucking McKenna saw little pod people, does not mean it serves any high position in the online community. And Hackers? Oh fuck me gently with a chainsaw, Douglas. From Craig Neidorf's hacker Epiphany while playing Adventure on his Atari VCS to Gail Thackeray's tearful midnight phonecall to Rushkoff when Phiber Optik was raided for the 3rd time. PLEASE! I'm sure Gail was up to her eyebrows in bourbon, wearing a party hat and prank calling hackers saying "You're next, my little pretty!" Not looking for 3rd-rate schlock journalists to whine to. The Smart Drink Girl? The Mondo House? Gee...how Cyber. Thanks, but no thanks. I honestly don't know if Rushkoff really experienced any of this nonsense, or if he actually stumbled on a few DMT crystals and smoked this reality. Let's just say, I think Mr. Rushkoff was absent the day his professor discussed "Creative License in Journalism" and just decided to wing it. Actually, maybe San Francisco really is like this. But NOWHERE else on the planet can relate. And shit, if I wanted to read a GOOD San Francisco book, I'd reread Armistead Maupin's "Tales of the City." This book should have been called "Everything I Needed to Know About Cyber-Culture I Learned in Mondo-2000." Seriously...anyone who reads this book and finds anything remotely close to the reality of the various scenes it weakly attempts to cover needs to email me immediately. I have wiped my ass with better pulp. ------------------------------------------------------------------------------ BOOK REVIEW: INFORMATION WARFARE CHAOS ON THE ELECTRONIC SUPERHIGHWAY By Winn Schwartau INFORMATION WARFARE - CHAOS ON THE ELECTRONIC SUPERHIGHWAY By Winn Schwartau. (C)opyright 1994 by the author Thunder's Mouth Press, 632 Broadway / 7th floor / New York, NY 10012 ISBN 1-56025-080-1 - Price $22.95 Distributed by Publishers Group West, 4065 Hollis St. / Emeryville, CA 94608 (800) 788-3123 Review by Scott Davis (dfox@fennec.com) (from tjoauc1-4 ftp: freeside.com /pub/tjoauc) If you only buy one book this year, make sure it is INFORMATION WARFARE! In my 10+ years of existing in cyberspace and seeing people and organizations debate, argue and contemplate security issues, laws, personal privacy, and solutions to all of these issues...and more, never have I seen a more definitive publication. In INFORMATION WARFARE, Winn Schwartau simply draws the line on the debating. The information in this book is hard-core, factual documentation that leaves no doubt in this reader's mind that the world is in for a long, hard ride in regards to computer security. The United States is open to the world's electronic terrorists. When you finish reading this book, you will find out just how open we are. Mr. Schwartau talks about industrial espionage, hacking, viruses, eavesdroping, code-breaking, personal privacy, HERF guns, EMP/T bombs, magnetic weaponry, and the newest phrase of our generation... "Binary Schizophrenia". He exposes these topics from all angles. If you spend any amount of time in Cyberspace, this book is for you. How much do you depend on technology? ATM machines, credit cards, toasters, VCR's, televisions, computers, telephones, modems...the list goes on. You use technology and computers and don't even know it! But the point is...just how safe are you from invasion? How safe is our country's secrets? The fact is - they are NOT SAFE! How easy is it for someone you don't know to track your every move on a daily basis? VERY EASY! Are you a potential victim to fraud, breech of privacy, or general infractions against the way you carry on your daily activities? YES! ...and you'd never guess how vulnerable we all are! This book will take you deep into places the government refuses to acknowledge. You should know about INFORMATION WARFARE. Order your copy today, or pick it up at your favorite book store. You will not regret it. ------------------------------------------------------------------------------ _Firewalls and Internet Security: Repelling the Wily Hacker_ William R. Cheswick Steven M. Bellovin Addison-Wesley, ISBN 0-201-63357-4 306 + XIV = 320 pages (Printed on recycled paper) A-Somewhat-Less-Enthusiastic-Review Reviewed by Herd Beast The back of this book claims that, "_Firewalls and Internet Security_ gives you invaluable advice and practical tools for protecting your organization's computers from the very real threat of hacker attacks." That is true. The authors also add something from their knowledge of these hacker attacks. The book can be roughly separated into two parts: Firewalls, and, you guessed it: Internet Security. That is how I see it. The book itself is divided into four parts (Getting Started, Building Your Own Firewall, A Look Back & Odds and Ends), three appendixes, a bibliography, a list of 42 bombs and an index. The book starts with overall explanations and an overview of the TCP/IP protocol. More than an overview of the actual TCP/IP protocol, it is a review of services often used with that protocol, and the security risks they pose. In that chapter the authors define "bombs" -- as particularly serious security risks. Despite that fact, and the tempting bomb list in the end, this book is not a guide for someone with passing knowledge of Internet security who wants to learn more explicit details about holes. It is, in the authors' words, "not a book on how to administer a system in a secure fashion." FIREWALLS (Including the TCP/IP overview: pages 19-131) What is a firewall and how is it built?(*) If you don't know that, then definitely get this book. The Firewalls chapter is excellent even for someone with a passing knowledge of firewalls or general knowledge of what they set out to accomplish. You might still learn more. In the Firewalls chapter, the authors explain the firewall philosophy and types of firewalls. Packet-filtering gateways rely on rule-based packet filtering to protect the gateway from various types of attacks. You can filter everything and achieve the same effect of disconnecting from the Internet, you can filter everything from misbehaving sites, you can allow only mail in, and so on. An application-level gateway relies on the applications set on the firewall. Rather then let a router filter traffic based on rules, one can strip a machine clean and only run desired services -- and even then, more secure versions of those services can be run. Circuit-level gateways relay data between the gateway and other networks. The relay programs copy data from inside the firewall to the outside, and log their activity. Most firewalls on the Internet are a combination of these gateways. Next, the authors explain how to build an application-level gateway based on the work they have done with the research.att.com gateways. As mentioned, this chapter is indeed very good. They go over setting up the firewall machines, router configuration for basic packet filtering (such as not allowing Internet packets that appear to come from inside your network). They show, using the software on the AT&T gateway as example, the general outline of proxies and give some useful advise. That chapter is very interesting; reading it with Bill Cheswick's (older) paper, "The Design of a Secure Internet Gateway" makes it even better. The examples given, like the NFS and X proxies run on the gateway, are also interesting by themselves. INTERNET SECURITY (pages 133-237) Internet security is a misleading name. This part might also be called "Everything else." Most of it is a review of hacker attacks logged by AT&T's gateway probes, and of their experience with a hacker. But there is also a chapter dedicated to computer crime and the law -- computer crime statutes, log files as evidence, the legalities of monitoring intruders and letting them keep their access after finding them, and the ethics of many actions performed on the Internet; plus an introduction to cryptography under Secure Communication over Insecure Networks. The later sections are good. The explanation of several encryption methods and short reviews of applications putting them to use (PEM, PGP and RIPEM) are clear (as clear as cryptography can get) and the computer crime sections are also good -- although I'm not a lawyer and therefore cannot really comment on it, and notes that look like "5 USC 552a(b)(c)(10)" cause me to shudder. It's interesting to note that some administrative functions as presented in this book, what the authors call counter-intelligence (reverse fingers and rusers) and booby traps and fake password file are open for ethical debate. Perhaps they are not illegal, but counter-intelligence can surely ring the warning bells on the site being counter-fingered if that site itself is security aware. That said, let's move to hackers. I refer to these as "hacker studies", or whatever, for lack of a better name. This is Part III (A Look Back), which contains the methods of attacks (social engineering, stealing passwords, etc), the Berferd incident (more on that later), and an analysis (statistical and otherwise) of the Bell Labs gateway logs. Back to where we started, there is nothing new or innovative about these chapters. The Berferd hacker case is not new, it is mostly just uninteresting. The chapter is mostly a copy (they do state this) of Bill Cheswick's paper titled "A Night with Berferd, in Which a Cracker is Lured, Endured and Studied." The chapter concerning probes and door-knob twisting on the Internet (Traps, Lures, and Honey Pots) is mostly a copy (they do not state this) of Steven Bellovin's paper titled, "There Be Dragons". What do we learn from the hacker-related chapters? Let's take Berferd: The Sendmail DEBUG hole expert. After mailing himself a password file and receiving it with a space after the username, he tries to add accounts in a similar fashion. Cheswick calls him "flexible". I might have chosen another F-word. Next are the hacker logs. People finger. People tftp /etc/passwd. People try to rlogin as bin. There are no advanced attacks in these sections. Compared with the scary picture painted in the Firewalls chapter -- that of the Bad Guy spoofing hostnames, flooding DNS caches, faking NFS packets and much more -- something must have gone wrong.(**) Still, I cannot say that this information is totally useless. It is, as mentioned, old. It is available and was available since 1992 on ftp://research.att.com:{/dist/internet_security,/dist/smb}. (***) The bottom line is that this book is, in my opinion, foremost and upmost a Firewaller's book. The hacker section could have been condensed into Appendix D, a copy of the CERT advisory about computer attacks ("Don't use guest/guest. Don't leave root unpassworded.") It really takes ignorance to believe that inexperienced hackers can learn "hacker techniques" and become mean Internet break-in machines just by reading _Firewalls and Internet Security_. Yes, even the chapter dedicated to trying to attack your own machine to test your security (The Hacker's Workbench) is largely theoretical. That is to say, it doesn't go above comments like "attack NFS". The probes and source code supplied there are for programs like IP subnet scanners and so on, and not for "high-level" stuff like ICMP bombers or similar software; only the attacks are mentioned, not to implementation. This is, by the way, quite understandable and expected, but don't buy this book if you think it will make you into some TCP/IP attacker wiz. In summary: THE GOOD The Firewalls part is excellent. The other parts not related to hacker-tracking are good as well. The added bonuses -- in the form of a useful index, a full bibliography (with pointers to FTP sites), a TCP port list with interesting comments and a great (running out of positive descriptions here) online resources list -- are also grand (whew). THE BAD The hacker studies sections, based on old (circa 1992) papers, are not interesting for anyone with any knowledge of hacking and/or security who had some sort of encounters with hackers. People without this knowledge might either get the idea that: (a) all hackers are stupid and (b) all hackers are Berferd-style system formatters. Based on the fact that the authors do not make a clear-cut statement about hiring or not hiring hackers, they just say that you should think if you trust them, and that they generally appear not to have a total draconian attitude towards hackers in general, I don't think this was intentional. THE UGLY (For the nitpickers) There are some nasty little bugs in the book. They're not errors in that sense of the word; they're just kind of annoying -- if you're sensitive about things like being called a hacker or a cracker, they'll annoy you. Try this: although they explain why they would use the term "hacker" when referring to hackers (and not "eggsucker", or "cracker"), they often use terms like "Those With Evil Intention". Or, comparing _2600 Magazine_ to the Computer underground Digest. (*) From the Firewalls FAQ : ``A firewall is any one of several ways of protecting one network from another untrusted network. The actual mechanism whereby this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic.'' (**) This would be a great place to start a long and boring discussion about different types of hackers and how security (including firewalls) affect them. But... I don't think so. (***) ftp://research.att.com:/dist/internet_security/firewall.book also contains, in text and PostScript, the list of parts, chapters and sections in the book, and the Preface section. For that reason, those sections weren't printed here. All the papers mentioned in this review can be found on that FTP site. ------------------------------------------------------------------------------ Announcing Bellcore's Electronic Information Catalog for Industry Clients... To access the online catalog: telnet info.bellcore.com login: cat10 or dial 201-829-2005 annex: telnet info login: cat10 [Order up some E911 Documents Online!] ------------------------------------------------------------------------------ TTTTT H H EEEEE T H H E T HHHHH EEEEE T H H E T H H EEEEE CCC U U RRRR M M U U DDDD GGG EEEEE OOO N N C C U U R R MM MM U U D D G G E O O NN N C U U RRRR M M M U U D D G EEEEE O O N N N C C U U R R M M U U D D G GG E O O N NN CCC UUU R R M M UUU DDDD GGG EEEEE OOO N N Bill Clinton promised good health care coverage for everyone. Bill Clinton promised jobs programs for the unemployed. Bill Clinton promised that everyone who wanted could serve in the military. Bill Clinton promised a lot. So does the Curmudgeon. But unlike Bill Clinton, we'll deliver... For only $10 a year (12 issues) you'll get alternative music reviews and interviews, political reporting, anti-establishment features and commentary, short fiction, movie reviews, book reviews, and humor. Learn the truth about the Gulf War, Clipper, and the Selective Service System. Read everything you wanted to know about bands like the Offspring, R.E.M., the Cure, Porno for Pyros, Pearl Jam, Dead Can Dance, Rhino Humpers, and Nine Inch Nails. Become indoctrinated by commentary that just might change the way you think about some things. Subscribe to the Curmudgeon on paper for $10 or electronically for free. Electronic subscribers don't get everything that paying subscribers do like photos, spoof ads, and some articles. Paper: send $10 check or money order to the Curmudgeon 4505 University Way N.E. Box 555 Seattle, Washington 98105 Electronic: send a request to rodneyl@u.washington.edu ------------------------------------------------------------------------------ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % The Journal Of American Underground Computing - ISSN 1074-3111 % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Computing - Communications - Politics - Security - Technology - Humor -Underground - Editorials - Reviews - News - Other Really Cool Stuff- Published Quarterly/Semi-Quarterly By Fennec Information Systems This is one of the more popular new electronic publications. To get your free subscription, please see the addresses below. Don't miss out on this newsworthy publication. We are getting hundreds of new subscriptions a month. This quarterly was promoted in Phrack Magazine. If you don't subscribe, you're only cheating yourself. Have a great day...and a similar tomorrow * Coming soon * A Windows-based help file containing all of the issues of the magazine as well as extensive bio's of all of the editors. Subscription Requests: sub@fennec.com Comments to Editors : editors@fennec.com Back issues via Ftp : etext.archive.umich.edu /pub/Zines/JAUC fc.net /pub/tjoauc Submissions : submit@fennec.com Finger info : dfox@fc.net and kahuna@fc.net ------------------------------------------------------------------------------ Make the best out of your European pay telephone by Onkel Dittmeyer, onkeld@ponton.hanse.de ----------------------------------------------------- Okay guys and girls, let's come to a topic old like the creation but yet never revealed. European, or, to be more exact, German pay phone technology. Huh-huh. There are several models, round ones, rectangular ones, spiffy looking ones, dull looking ones, and they all have one thing in common: If they are something, they are not what the American reader might think of a public pay telephone, unlike it's U.S. brothers, the German payphones always operate off a regular customer-style telephone line, and therefore they're basically all COCOTS, which makes it a lot easier to screw around with them. Let's get on with the models here. You are dealing with two classes; coin-op ones and card-op ones. All of them are made by Siemens and TELEKOM. The coin-op ones are currently in the process of becoming extinct while being replaced by the new card-op's, and rather dull. Lacking all comfort, they just have a regular 3x4 keypad, and they emit a cuckoo tone if you receive a call. The only way to tamper with these is pure physical violence, which is still easier than in the U.S.; these babies are no fortresses at all. Well, while the coin-op models just offer you the opportunity of ripping off their money by physically forcing them open, there is a lot more fun involved if you're dealing with the card babies. They are really spiffy looking, and I mean extraordinary spiffy. Still nothing compared to the AT&T VideoFoNeZ, but still really spiffy. The 2-line pixel-oriented LCD readout displays the pure K-Radness of it's inventors. Therefore it is equipped with a 4x4 keypad that has a lot of (undocumented) features like switching the mother into touch-tone mode, redial, display block etc. Plus, you can toggle the readout between German, English, and French. There are rumors that you can put it into Mandarin as well, but that has not been confirmed yet. Let's get ahead. Since all payphones are operating on a regular line, you can call them up. Most of them have a sign reading their number, some don't. For those who don't, there is no way for you to figure out their number, since they did not invent ANI yet over here in the country famous for its good beer and yodel chants. Well, try it. I know you thought about it. Call it collect. Dialing 010 will drop you to a long-distance operator, just in case you didn't know. He will connect the call, since there is no database with all the payphone numbers, the payphone will ring, you pick up, the operator will hear the cuckoo tone, and tell you to fuck off. Bad luck, eh? This would not be Phrack if there would be no way to screw it. If you examine the hook switch on it closely, you will figure out that, if you press it down real slow and carefully, there are two levels at whom it provokes a function; the first will make the phone hang up the line, the second one to reset itself. Let me make this a little clearer in your mind. ----- <--- totally released | | | <--- hang up line press to this level --> | | <--- reset | ----- <--- totally hung up Involves a little practice, though. Just try it. Dial a number it will let you dial, like 0130, then it will just sit there and wait for you to dial the rest of the number. Start pressing down the hookswitch really slow till the line clicks away into suspense, if you release it again it will return you to the dial tone and you are now able to call numbers you aren't supposed to call, like 010 (if you don't have a card, don't have one, that's not graceful), or 001-212-456-1111. Problem is, the moment the other party picks up, the phone will receive a charge subtraction tone, which is a 16kHz buzz that will tell the payphone to rip the first charge unit, 30 pfennigs, off your card, and if you don't have one inserted and the phone fails to collect it, it will go on and reset itself disconnecting the line. Bad luck. Still good enough to harass your favorite fellas for free, but not exactly what we're looking for, right? Try this one. Push the hook lever to the suspension point, and let it sit there for a while, you will have to release it a bit every 5 seconds or so, or the phone will reset anyway. If you receive a call while doing this, a buzz will appear on the line. Upon that buzz, let the lever go and you'll be connected, and the cuckoo tone will be shut up! So if you want to receive a collect call, this is how you do it. Tell the operator you accept the charges, and talk away. You can use this method overseas, too: Just tell your buddy in the states to call Germany Direct (800-292-0049) and make a collect call to you waiting in the payphone, and you save a cool $1.17 a minute doing that. So much for the kids that just want to have some cheap fun, and on with the rest. Wasting so much time in that rotten payphone, you probably noticed the little black box beneath the phone. During my, erm, research I found out that this box contains some fuses, a standard Euro 220V power connector, and a TAE-F standard phone connector. Completing the fun is the fact that it's extremely easy to pry it open. The TAE-F plug is also bypassing the phone and the charge collection circuits, so you can just use it like your jack at home. Bring a crowbar and your laptop, or your Pentium tower, power it over the payphone and plug your Dual into the jack. This way you can even run a board from a payphone, and people can download the latest WaReZzzZzz right from the booth. It's preferable to obtain a key for the lock of the box, just do some malicious damage to it (yes, let the animal take control), and call Telekom Repairs at 1171 and they will come and fix it. Since they always leave their cars unlocked, or at least for the ones I ran across, you can either take the whole car or all their k-rad equipment, manuals, keys, and even their lunch box. But we're shooting off topic here. The keys are usually general keys, means they fit on all payphones in your area. There should also be a nationwide master key, but the German Minister of Tele- communications is probably keeping that one in his desk drawer. The chargecards for the card-op ones appear to have a little chip on them, where each charge unit is being deducted, and since no-one could figure out how it works, or how to refill the cards or make a fake one, but a lot of German phreaks are busy trying to figure that out. A good approach is also social-engineering Telekom so they turn off the charge deduction signal (which doesn't mean the call are free, but the buzz is just not transmitted any more) so the phone doesn't receive a signal to charge you any money no matter where you call. The problem with this method is that the world will spread in the neighborhood that there is a payphone where you can call for free, and therefore it will be so crowded that you can't use it, and the phone pals will catch up fast. It's fun though, I tried it, and I still get free drinks at the local pub for doing it. Another k-rad feature on them is the built-in modem that they use to get their software. On a fatal error condition they appear to dial a telecom number and download the latest software just how their ROM commands them to do. We will shortly take a phone, install it some- where else and figure out where it calls, what the protocol is and what else is being transmitted, but that will probably be in another Phrack. If you found out anything that might be of interest, you are welcome to mail it to onkeld@ponton.hanse.de using the public key beneath. Unencrypted mail will be killed since ponton.hanse.de is run by a paranoid bitch that reads all traffic just for the hell of it, and I don't want the phedzZz to come and beat me over the head with a frozen chunk o' meat or worse. Stay alert, watch out and have fun... -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAize9DEAAAEEAKOb5ebKYg6cAxaiVT/H5JhCqgNNDHpkBwFMNuQW2nGnLMvg Q0woIxrM5ltnnuCBJGrGNskt3IMXsav6+YFjG6IA8YRHgvWEwYrTeW2tniS7/dXY fqCCSzTxJ9TtLAiMDBgJFzOIUj3025zp7rVvKThqRghLx4cRDVBISel/bMSZAAUR tChPbmtlbCBEaXR0bWV5ZXIgPG9ua2VsZEBwb250b24uaGFuc2UuZGU+ =b5ar -----END PGP PUBLIC KEY BLOCK----- ------------------------------------------------------------------------------ _ _ _ _ ((___)) INFORMATION IS JUNK MAIL ((___)) [ x x ] [ x x ] \ / cDc communications \ / (' ') -cDc- CULT OF THE DEAD COW -cDc- (' ') (U) (U) deal with it, presents unto you 10 phat t-files, deal with it, S U C K E R fresh for July 1994: S U C K E R New gNu NEW gnU new GnU nEW gNu neW gnu nEw GNU releases for July, 1994: _________________________________/Text Files\_________________________________ 261: "Interview with Greta Shred" by Reid Fleming. Reid conducts an in-depth interview with the editor of the popular 'zine, _Mudflap_. 262: "_Beverly Hills 90210_ as Nostalgia Television" by Crystal Kile. Paper presented for the 1993 National Popular Culture Association meeting in New Orleans. 263: "What Color Is the Sky in Your World?" by Tequila Willy. Here's your homework, done right for you by T. "Super-Brain" Willy. 264: "Chicken Hawk" by Mark E. Dassad. Oh boy. Here's a new watermark low level of depravity and sickness. If you don't know what a "chicken hawk" is already, read the story and then you'll understand. 265: "Eye-r0N-EE" by Swamp Ratte'. This one's interesting 'cause only about half-a-dozen or so lines in it are original. The rest was entirely stuck together from misc. files on my hard drive at the time. Some art guy could say it's a buncha post-this&that, eh? Yep. 266: "Interview with Barbie" by Clench. Barbie's got her guard up. Clench goes after her with his rope-a-dope interview style. Rope-a-dope, rope-a-dope. This is a boxing reference to a technique mastered by The Greatest of All Time, Muhamed Ali. 267: "About a Boy" by Franken Gibe. Mr. Gibe ponders a stolen photograph. Tiny bunnies run about, unhindered, to find their own fate. 268: "Mall Death" by Snarfblat. Story about a Dumb Girl[TM]. Are you surprised? 269: "Prophile: Future History" by THE NIGHTSTALKER. It's the future, things are different, but the Master Hacker Dude lives on. 270: "Time out for Pop" by Malcolm D. Moore. Sad account of a hopless-pop. __________________________________/cDc Gnuz\__________________________________ "And that no man might buy or sell, save he that had the mark, or the name of the Cow, or the number of his name. Here is wisdom. Let him that hath understanding count the number of the Cow: for it is the number of a man; and his number is eight billion threescore and seven million nine hundred fourty- four thousand three hundred threescore and two. So it is written." -Omega Yowsah, yowsah, yowsah. JULY once again, the super-hooray month which marks cDc's 8th year of existence. Outlasting everyone to completely rule and dominate all of cyberspace, blah blah blah. Yeah, think a special thought about cDc's significance in YOUR life the next time you go potty. Name your firstborn child after me, and we'll call it karmicly even, pal. My name is Leroy. We're always taking t-file submissions, so if you've got a file and want to really get it out there, there's no better way than with cDc. Upload text to The Polka AE, to sratte@phantom.com, or send disks or hardcopy to the cDc post office box in Lubbock, TX. No song lyrics and bad poetry please; we'll leave that to the no-class-havin', bottom-feeder e-shoveling orgs. out there. News item of the month, as found by Count Zero: "ROTTING PIG FOUND IN DITCH VERDEN, OKLAHOMA - Responding to a tip from an employee, Verden farmer Bill McVey found a rotting pig in a ditch two miles north of town. Farmer McVey reported the pig to the authorities, because you cannot, legally, just leave a dead pig in a ditch. You must dispose of your deceased livestock properly. There are companies that will take care of this for you. As for proper disposal of large dead animals, McVey contracts with Used Cow Dealer." "...and the rivers ran red with the bl00d of the Damned and the Deleted..." -Dem0nSeed S. Ratte' cDc/Editor and P|-|Ear13zz |_3@DeRrr "We're into t-files for the groupies and money." Middle finger for all. Write to: cDc communications, P.O. Box 53011, Lubbock, TX 79453. Internet: sratte@phantom.com. ALL cDc FILES LEECHABLE FROM FTP.EFF.ORG IN pub/Publications/CuD/CDC. _____________________________________________________________________________ cDc Global Domination Update #16-by Swamp Ratte'-"Hyperbole is our business" Copyright (c) 1994 cDc communications. All Rights Reserved. ------------------------------------------------------------------------------ ===[ Radio Modification Project ]===========================================> Tuning in to Lower Frequency Signals June 26, 1994 ====================================================[ By: Grendel / 905 ]===> The lower frequency regions of the radio spectrum are often ignored by ham'ers, pirates, and DX'ers alike due to the relatively little known ways of tuning in. The following article will detail how to construct a simple-made antenna to tune in to the LF's and show how to adjust an amateur band type radio to receive the desired signals. ___________ \ / \/: \/ / . \ \_______/he lower frequency spectrum has been made to include the very low frequency ("VLF" 2 kHz to 30 kHz) band and a small part of the medium frequency ("MF" 300 - 500 kHz) band. For our purposes, a suitable receiver must be able to cover the 2 kHz to 500 kHz range as well as being calibrated at 10 kHz intervals (standard). The receiver must also be capable of covering AM and CW broadcasts. For best capabilities, the receiver should also be able to cover LSB ("lower side band") and USB ("upper side band"). The Receiving System `'`'`'`'`'`'`'`'`'`' The receiver I use consists of a standard amateur HF ("High Frequency") band receiver adjusted between the 3,500 and 4,000 kHz bands. This causes the receiver to act as a tuneable IF ("Intermediate Frequency") and also as demodulator. You will also require a wideband LF ("Low Frequency") converter which includes a 3,500 kHz crystal oscillator. See Fig. 1: .==[ Fig 1. Block Diagram ]============================. | _____ | | \ANT/ | | \./ crystal | | | ______|______ ____________ | | `-----| 2 - 500 kHz | | 3-4000 kHz | | | | Converter* |--~--| IF Receiver|---OUTPUT | | .-----|_____________| |____________| | | | | | GND | |______________________________________________________| *The converter is a circuit board type 80D/L-101/PCB available from L.F. Engineering Co, 17 Jeffry Road, East Haven CT, 06513 for $43 US including S & H.One may be constructed to work with your receiver (but at a higher price no doubt). Phono jack plugs and sockets are used for the interconnections throughout the receiving system and the converter and receiver (~) are connected with RG58 coax cable of no greater length than 4 ft. When tuning, the station frequency is measured by deducting 3,500 kHz from the scale on the main receiver (ie. 340 kHz = 3,840 kHz on the main receiver, 120 = 3,620 kHz, 95 = 3,595 kHz, etc.) The Ferrite End-fed Antenna `'`'`'`'`'`'`'`'`'`'`'`'`'` This is a small antenna designed to tune between 95 kHz and 500 kHz. It consists of a coil wound around a ferrite rod, with a 4 ft. lead. Materials: o 7 7/8" x 3/8" ferrite rod o 5" 24 SWG double cotton covered copper wire o 2 PLASTIC coated terry clips o a wood or plastic base (8 1/2" x .8" x .5") o 2 standard, two-gang 500 pF tuning capacitors o a plastic plate (preferably 2" high) ------------------------------------------------------------------------------ -- A Few Things on Van Eck's Method of Eavesdroping -- Opticon the Disassembled - UPi Dr Wim Van Eck, was the one who developed the anonymous method for eavesdroping computers ( and, apparently, not only ) from distance, in the laboratories of Neher, Holland. This method is based on the fact that monitors do transmit electromagnetic radiations. As a device, it is not too complex and it can be constructed from an experienced electronics phreak. It uses a simple-direction antenna which grabs monitor signals from about 800 meters away. Simplified schematics are available from Consumertronics. TEMPEST stands for Transient ElectroMagnetic Pulse Emanation STandard. It concerns the quantity of electromagnetic radiations from monitors and televisions, although they can also be detected on keyboards, wires, printers and central units. There are some security levels in which such radiations are supposed to be untraceable by Van Eck systems. Those security levels or standards, are described thoroughly in a technical exposition called NACSIM 5100A, which has been characterized by NSA classified. Variations of the voltage of the electrical current, cause electromagnetic pulses in the form of radio waves. In cathode ray tube ( C.R.T. ) devices, such as televisions and monitors, a source of electrons scans the internal surface and activates phosphore. Whether or not the scanning is interlaced or non-interlaced, most monitors transmit frequencies varying from 50 to 75 Mhz per second. They also transmit harmonic frequencies, multiplies of the basic frequencies; for example a transmitter with signal of 10 Mhz per second will also transmit waves of 20, 30, 40 etc. Mhz. Those signals are weaker because the transmiter itself effaces them. Such variations in the voltage is what the Van Eck system receives and analyzes. There are ways to prevent or make it harder for someone to monitor your monitor. Obviously you cannot place your computer system underground and cover it with a Faraday cage or a copper shield ( If your case is already that, then you know more about Van Eck than I do ). What else ? (1) Certain computers, such as Wang's, prevent such divulges; give preference to them. (2) Place your monitor into a grounded metal box, 1.5 cm thick. (3) Trace your tracer(s). They gonna panic. (4) Increase of the brightness and lowering of the contrast reduces TEMPEST's power. Metal objects, like bookshelves, around the room, will also help a little bit. (5) Make sure that two or more monitors are transmitting at the same frequency and let them operate simultaneously; this will confuse Van Eck systems. (6) Buy or make on your own, a device which will transmit noise at your monitor's frequency. (7) Act naturally. That is: (a) Call IRC, join #hack and never mumble a single word. (b) Read only best selling books. (c) Watch television at least 8 hours a day. (d) Forget altruism; there is only you, yourself and your dick/crack. (8) Turn the monitor off. ------------------------------------------------------------------------------ -Almost Busted- By: Deathstar It all started one week in the last month of summer. Only my brother and I were at the house for the whole week, so I did whatever I wanted. Every night, I would phreak all night long. I would be either at a payphone using AT&Tz, or at home sitting on a conference. I would be on the phone till at least four or five in the morning. But one night, my luck was running thin, and I almost phreaked for the last time. I was at a payphone, using cards. I had been there since around twelve midnight.. The payphone was in a shopping center with a supermarket and a few other stores. Most every thing closed at eleven.. Except for the nearby gas station. Anyway, I was on the phone with only one person that night. I knew the card would be dead by the end of the night so I went ahead and called him on both of his lines with both of the payphones in the complex with the same card. I had talked for hours. It started to get misty and hard to see. Then, I noticed a car of some kind pulling into the parking lot. I couldn't tell what kind of car it was, because it was so dark. The car started pulling up to me, and when it was around twenty feet away I realized it was a police car. They got on the loudspeaker and yelled "Stay where you are!". I dropped the phone and ran like hell past the supermarket to the edge of the complex. I went down a bike path into a neighborhood of townhouses. Running across the grass, I slipped and fell about two or three times. I knew they were following me, so I had to hide. I ran to the area around the back of the supermarket into a forest. I smacked right into a fence and fell on the ground. I did not see the fence since it was so dark. Crawling a few feet, I laid down and tried to cover my body with some leaves and dirt to hide. I was wearing an orange shirt and white shorts. I laid as still as I could, covered in dirt and leaves. I could hear the police nearby. They had flashlights and were walking through the forest looking for me. I knew I would get busted. I tried as hard as I could to keep from shaking in fear. I lay there for around thirty minutes. Bugs were crawling around on my legs biting me. I was itching all over. I couldn't give up though, because if they caught me I knew that would be the end of my phreaking career. I was trying to check if they were still looking for me, because I could not hear them. Just as I was about to make a run for it, thinking they were gone I heard a police radio. I sat tight again. For another hour, I lay there until finally I was sure they were gone. I got up and started to run. I made my way through the neighborhood to my house. Finally I got home. It was around five thirty a.m. I was filthy. The first thing I did was call the person I was talking to on the payphone and tell him what happened. Then, I changed clothes and cleaned myself up. I checked my vmb to find that a conference was up. I called it, and told my story to everyone on. I thought that was the end of my confrontation with the police, but I was wrong. The next day I had some people over at my house. Two or Three good friends. One of them said that there was a fugitive loose in our town. We were bored so we went out in the neighborhood to walk around and waste time. Hardly anyone was outside, and police cars were going around everywhere. One guy did leave his house but he brought a baseball bat with him. We thought it was funny. Anyway, we soon got bored and went back home. Watching tv, we turned to the news. They had a Report about the Fugitive. We watched. It showed a picture of the shopping center I was at. They said "One suspect was spotted at this shopping center last night at around four thirty in the morning. The officer is around ninety five percent sure that the suspect was the fugitive. He was wearing a orange shirt and white shorts, and ran when approached." I then freaked out. They were searching my neighborhood for a fugitive that didn't exist! I called back the guy I was talking to the night before and told him, and then told everyone that was on the conference the night before. It ended up that the fugitives never even entered our state. They were caught a week later around thirty miles from the prison they escaped from. Now I am known by two nicknames. "NatureBoy" because everyone says I communed with nature for a hour and a half hiding from the police, and "The Fugitive" for obvious reasons. Anywayz, That's how I was almost busted.. -DS ------------------------------------------------------------------------------ The following is a *true* story. It amused the hell out of me while it was happening. I hope it isn't one of those "had to be there" things. Copyright 1994 Captain Sarcastic, all rights reserved. On my way home from the second job I've taken for the extra holiday ca$h I need, I stopped at Taco Bell for a quick bite to eat. In my billfold is a $50 bill and a $2 bill. That is all of the cash I have on my person. I figure that with a $2 bill, I can get something to eat and not have to worry about people getting pissed at me. ME: "Hi, I'd like one seven layer burrito please, to go." IT: "Is that it?" ME: "Yep." IT: "That'll be $1.04, eat here?" ME: "No, it's *to* *go*." [I hate effort duplication.] At his point I open my billfold and hand him the $2 bill. He looks at it kind of funny and IT: "Uh, hang on a sec, I'll be right back." He goes to talk to his manager, who is still within earshot. The following conversation occurs between the two of them. IT: "Hey, you ever see a $2 bill?" MG: "No. A what?" IT: "A $2 bill. This guy just gave it to me." MG: "Ask for something else, THERE'S NO SUCH THING AS A $2 BILL." [my emp] IT: "Yeah, thought so." He comes back to me and says IT: "We don't take these. Do you have anything else?" ME: "Just this fifty. You don't take $2 bills? Why?" IT: "I don't know." ME: "See here where it says legal tender?" IT: "Yeah." ME: "So, shouldn't you take it?" IT: "Well, hang on a sec." He goes back to his manager who is watching me like I'm going to shoplift, and IT: "He says I have to take it." MG: "Doesn't he have anything else?" IT: "Yeah, a fifty. I'll get it and you can open the safe and get change." MG: "I'M NOT OPENING THE SAFE WITH HIM IN HERE." [my emp] IT: "What should I do?" MG: "Tell him to come back later when he has REAL money." IT: "I can't tell him that, you tell him." MG: "Just tell him." IT: "No way, this is weird, I'm going in back." The manager approaches me and says MG: "Sorry, we don't take big bills this time of night." [it was 8pm and this particular Taco Bell is in a well lighted indoor mall with 100 other stores.] ME: "Well, here's a two." MG: "We don't take *those* either." ME: "Why the hell not?" MG: "I think you *know* why." ME: "No really, tell me, why?" MG: "Please leave before I call mall security." ME: "Excuse me?" MG: "Please leave before I call mall security." ME: "What the hell for?" MG: "Please, sir." ME: "Uh, go ahead, call them." MG: "Would you please just leave?" ME: "No." MG: "Fine, have it your way then." ME: "No, that's Burger King, isn't it?" At this point he BACKS away from me and calls mall security on the phone around the corner. I have two people STARING at me from the dining area, and I begin laughing out loud, just for effect. A few minutes later this 45 year oldish guy comes in and says [at the other end of counter, in a whisper] SG: "Yeah, Mike, what's up?" MG: "This guy is trying to give me some [pause] funny money." SG: "Really? What?" MG: "Get this, a *two* dollar bill." SG: "Why would a guy fake a $2 bill?" [incredulous] MG: "I don't know? He's kinda weird. Says the only other thing he has is a fifty." SG: "So, the fifty's fake?" MG: "NO, the $2 is." SG: "Why would he fake a $2 bill?" MG: "I don't know. Can you talk to him, and get him out of here?" SG: "Yeah..." Security guard walks over to me and says SG: "Mike here tells me you have some fake bills you're trying to use." ME: "Uh, no." SG: "Lemme see 'em." ME: "Why?" SG: "Do you want me to get the cops in here?" At this point I was ready to say, "SURE, PLEASE," but I wanted to eat, so I said ME: "I'm just trying to buy a burrito and pay for it with this $2 bill." I put the bill up near his face, and he flinches like I was taking a swing at him. He takes the bill, turns it over a few times in his hands, and says SG: "Mike, what's wrong with this bill?" MG: "It's fake." SG: "It doesn't look fake to me." MG: "But it's a **$2** bill." SG: "Yeah?" MG: "Well, there's no such thing, is there?" The security guard and I both looked at him like he was an idiot, and it dawned on the guy that he had no clue. My burrito was free and he threw in a small drink and those cinnamon things, too. Makes me want to get a whole stack of $2 bills just to see what happens when I try to buy stuff. If I got the right group of people, I could probably end up in jail. At least you get free food. ------------------------------------------------------------------------------