2600: The Hacker Quarterly (Volume 1, Number 1, January 1984)

8/9/2019 2600: The Hacker Quarterly (Volume 1, Number 1, January 1984)

1/6


2/6

FBI GOES AFTER ADS HACKERSRAt must press charges before action can be taken - Feds reveal their tactics, blow source

On this page we had originally planned to run anarticle entitled: ESS - Orwell's Prophecy. At the lastminute, however, we received this bombshell from ananonymous contributor, I t seems that a group o fhacl?ers was making use o f on e o f IBM's ADS systems. (Audio Distribution Systems enable users withtouch-tone phones to send voice messages back andforth to each other. Look for an in-depth article onthem in a future issue.) Unfor tunately, as is all to ooften the case, on e o f these hackers was really anFBI informant who was taking note o f all o f theillegitimate users (around 40 or so). Luckily' forthis particular group, th e informant was sloppy andlelt many telltale clues which gave them literallymonths of warning, So, when the informant deCided to send a message to the system operator,advising IBM to take action against th e hackersand to call the FBI for more information, thehack!?rs were ready. Th e system o p ~ r a t o r ' saccounthad also been penetrated by them and hence, themessage was received by th e hackers first! On e o fthem actually fol/owed the instructions in themessage and called th e FBI! And for some reason,the investigator there thought he was talking toan IBM executive. This is some o f what he said,

One of the individuals that supplies me with information from time to time has uncovered a lo t ofabuse within the ADS systems, no t only here in th eUnited Sta,tes, bu t in England an d Italy_ I talk tothis individual on a private hulletin board . . .

We have no ability to come in as an outside investigative or law enforcement agency an d do anything about it because, first off, we don't have acomplainant. We don' t want to step on anybody'stoes, bu t it's been ou r policy to monitor bulletinboards and the phone phreaking activity across thecountry an d advise commerci al computer systems andcorporations if we do discover certain computersalong with the passwords an d account numbers beingpublished on th e board. We do this on a on e on onebasis.

The GT E Telemail ConnectionThat was my baby, too! As a matter of fact, that's

how we came across the ADS system - through th eGTE investigation. [These] people iue no t just interested in data communications through term'inals -they will leave voice messages on an ADS. We havebeen slowly uncovering more and more on the ADSin the last tw o months.

Th e major phase of [the Telemail investigation]was about 20 individuals that we had located andidentified an d we're looking for indictments on mostof them coming down in the next month or two.We're talking about a group of highly organizedpeople that do communicate on a daily basis all theway across the country - f rom San Francisco and

L.A. to Denver to upstate New York, So we have acore of individuals that we are still looking at thatare using your system and then we have this peripheral that we are no t as concerned about becausethey are no t part of an ou t & out conspiracy or anorganized network, per se. I know of at least 8 or 10that are the central figures in this, th e carryoverfrom Telemail. And we keep hearing information ofother people who are calling in with junk messages -there's no real substance to their messages. Now th ereason I know that is that they have included one ofmy sources of information onto their system and sohe gets messages from the other parties.

The Communist ConnectionIn a way we're somewhat fortunate that it's 16-

year-olds or 26-year-olds as opposed to people frombehind the Iron Curtain. It gives us th e opportunityto see ho w these systems work and see if we can plugany loopholes before somebody from a not-friendlynation would try the same thing. I personally fullyexpect it - I' m surprised it hasn't happened in thepast. I t ma y have. We just haven't caught it. But th ekids are a little bi t sloppier an d they're gettingcaught . . . I hate to sound paranoid, bu t we're supposed to be considering th e big picture as far as isthere anything sensitive in nature. Fo r us within th ebureau, sensitive in nature first of f means nationalsecurity and you've got corporate trade secrets an d

, the like that yo u don't need being distributed.

How th e FBI Wins Trust an d Gets InfoTh e subjects have an ego problem and they love to

talk to other individuals about what they are capableof doing and bragging about it . They have a tendencyto trade information. Everything is negotiable withthem. We have never ha d to barter away access tosystems - we do it more on th e technical informationof phone networks, computer systems, and the liketo where it's more of a technical information trade offas opposed to an access tradeoff. [An example wouldbe the] login procedure for a PDP-11. You integrateyourself within their confidence and their circle offriends. You feed them a little bit of bait an d a lo tof times they'll go for it. You enter into a dialoguewith them and they end up taking you for a ride.

These people are very hungry fo r technical avenuesthrough which they can communicate. I t used to beth e personal computer bul le tin boards - pub li cmessages that anybody can read. Yo u start findingout that they leave a phone number or an address -an d you start finding out who the parties are. There'sthousands of these bulletin boards across th e countryan d you narrow in on maybe twenty or so that arethe more hardcore bulletin boards that are being usedfor exchange of illicit information. Then they movefrom there to an electroni c mail service, namely GTE

(Col/fillued Oi l hack page)


3/6

GTE raids still have many unansweredquestions-computer owners concerned

Comhined N e ~ ' ! iSource!.

On Wednesday, October 12, at 6:00 AM, the FBI startedto raid the homes of over fifteen individuals for allegedlybreaking into Telemail, GTE Telenet's massive electronicmail service. While much of the publicity has now dieddown, questions remain concerning the legality and theoverall implications of such computer seizures.

At a December 16 meeting of the Long Island ComputerAssociation, this topic was addressed. Some members couldnot understand the rationale for taking away the computersin the first place. "I t sounds like scare tactics to me . . to keepthese kids off of computers," one commented. "To hold theequipment seems like something that should be unlawfuland it's something that the public should look at. I f it's notjustified, we should say that we won't put up with it anymoreand to return the equipment." He did not elaborate onprecisely what kind of action ~ computer group such asL1CA could take.

Legally, the computers can be kept for as long as they areneeded in the investigation. Ultimately, a judge will decidehow long that can be.

"The allegation," said an attorney familiar with the case,"is that the services of the Telemail bulletin boards were usedand the theory that the government is proceeding under isthat it was a violation of Section 1343, wire fraud (a schemewith intention to defraud someone else using eithertelevision, telephone, or some other communicationsmeans). They're saying that if there was use of the bulletinboard service, then that was a 'theft of service' and there wasintention to defraud GTE."

One member took GTE's side. "These are all nice gamesthese people are playing, but they are a theft of service.Somebody is in the business of providing that service andthey're deliberately interfering with their providing thatservice. They're trying to get something for nothing."

Another disagreed. "You may be on their computer, butit's not costing them anything, if you're not taking up time.Unless the whole system is fully used and you were the lastuser on, are you really using any of their time? Really andtruly?"

Many hackers felt they were unjustly accused. One evensaid he'd never used the Telemail system. Others said theyhad looked around once or twice but had never hurtanything. Others, though, admitted to deleting mail andplaying tricks, like sending obscene messages back and forthbetween two innocent executives.

Whether or not the Telemail system was'used fraudulentlydid not seem to be the overriding issue at the L1CA meeting.What had members there worried was the way in which theinvestigation was being carried out. When dealing withcomputers as evidence, different rules apply, rules that forthe most part have not been written yet. "Data can bemanufactured just as easily as it can be erased from apersonal computer," one member commented. "And thelonger tha t they have the computer in their custody, the lesslikely that the information that they claim is on it wasactually there. Because, as we know, you could enter anydate, any time into the computer and have it date- and timestamp the files."

- - ---- - - - -- - - -- = = - - - - -- - -- -- --- --- - - - -- - - - -= ==-= --== ~- - - - -- - - - - - - - - -- - - - - - - - - - - -- - - ~ - - - - - - - -Meanwhile, a GTE Telenet spokesperson said that the

corporation still intends to prosecute and denied that thewhole thing was being put on for the deterrent effect that itmight have on other people. The spokesperscin 'also said thatabuse on the system was' discovered in the past, but theydidn't prosecute at that time. This time, though, they'reserious.

AT&T Credit Cards Make Debut2600 News Service

There's now another way to place telephone calls withoutdimes. This month, the "true" AT&T credit card phones arema.king their debut in various. airports around. the country.This new phone actually takes an AT&T credit card (notthose wimpy "calling cards" or "PIN cards." We're talkingabout a real hunk of plastic, with a magnetic strip andeverything.) - and there's even a little video screen thatgives you directions.

Unless some sort of a bug can be found within the systemitself, phone phreaks won't accomplish very much here,unless they can actually get their hands on other people'scards. This, in itself, wouldn't be too difficult, since largenumbers of the cards would be sent out on the same day in aparticular area. Stealing out of personal mailboxes, though,is an act most phone phreaks would never stoop to. And thefolks at AT&T are well aware of this.

Wireless phones spell trouble2600 News Servi

With cordless phones popping up all over the place,problems were bound to arise. It's not at all uncommon tohear anothe r cordless conversation on your phone or to hearthe electronic pulse-beeping when you're not even dialing.Then there are cordless phone phreaks to deal with, whodrive into heavily populated zones holding one of thecommon cordless models. It's called "cruising fordialtones." And some phones are nice enough to broadcastyour conversation on an AM frequency. This feature isn'tvery good for private conversations. It helped shape a recentdrug bust in the state of New York.

Recently, a lady in the Midwest called up her local electriccompany to tell them that she was going to be away for twomonths. A member of the 2600 Club heard this on his radioand, being in a good mood, called her and told her thatimportant, personal business should never be discussed oncordless phones. After thanking him, she exclaimed, "Thatthing's ,going right back to the Phonecenter Store '"

1984 arrives in Hong KongThe Los Angeles Times

In an effort to "discourage people from drivmg their carsin heavily congested areas" all 350,000 of Hong Kong'smotor vehicles will be fitted with tracking devices that willlet government computers know exactly where each car hastraveled so that the owner can be billed for road use. Thissystem could be in full implementation by 1987, if thegovernment has its way. Such a system would also allow thepolice to quickly pinpoint the whereabouts of any vehicle.Tampering with the $45 tracking devices will be illegal andany attempt to do so will trigger street cameras tophotograph the licens'e plate of the car.


4/6

THE TRUTH BEHIND THOSE 9999 NUMBERSby Mark Bluebox

Once upon a time, I was talking to one of my favoritefriends, one of the nation's oldest and most experiencedtelephone enthusiasts-some might refer to him as a phonephreak. In this particular conversation, he mentioned to methat 1 might want to experiment with a series of 800numbers: exchanges starting with 9, followed by the suffix9999 (800-9xx-9999). And so I did, and a whole new worldbegan to open up in front of me.

They were mostly weather an d time numbers in variouslocations throughout the country . And, since these were 800numbers, there was NO CHARGE! One number inparticular was of a great deal of interest to me and to manyothers. This was 800-957-9999, which hooked up to WWV,the radio station operated by the National Bureau ofStandards that does nothing but tell the time and giveshortwave reports. This is the most accurate clock in theentire world! You either have to tune WWV in on ashortwave receiver or dial 303-499-7111 in Fort Collins,Colorado. Yet, here I was with an 800 access! Being a bit of ashortwave enthusiast, I don't have to tell you how

convenient this was for me. Unfortunately, it got tooconvenient for too many people.I guess I made the mistake of giving it to a former

president of a large amateur radio club in the Dallas area.He, in turn, printed it in the Amateur Radio Newsbulletinwhere thousands of people probably saw it. Anotherstatewide news bulletin picked it up and pr inted it. Throughan amateur radio news network which this bulletin was apart of, the news got as far as California.

On e day, I called up the West Link Amateur Radio NewsService at 213-768-7333. (This is a service located in WestLink, California that broadcasts news over amateur radio,VHF, UHF, etc.) Their latest report had this little item:"Speaking of interesting things, the National Bureau ofStandards

has got a very convenient timenumber

for thoseof you that are not constantly at a shortwave receiver. Youcan dial 1-800-957-9999 for WWV. It's just another goodtoll-free service for us to use." Th e avalanche had reallybegun now.

The West Link report was heard on bulletin stations allaround the world and, apparently, one station in Nashville,Tennessee broadcast it. From there it fell into the hands ofon e of the writers for the DX program on Radio SouthAfrica! I happened to be listening to a program where theywere talking about pulling in distant time stations, weatherstations, etc. He then mentioned, "For those of you that livein the United States, a convenient toll-free 800 number has

been provided by the National Bureau of Standards forWWV and that number is 1-800-957-9999." Imagine mysurprise! Once again, the number had been broadcast allaround the world. People in many, many nations now hadthat number. Of course, the number only worked inside theUnited States, but the word was being spread by shortwavelisteners and QSL people everywhere.

The number was getting swamped. Needless to say, it wasbusy much of the time. A government official, who also hadthis number, thinking that it was legitimate, called up WWVand complained. He told them that they needed to add somemore lines to their new 800 number. Th e general manager ofthe station said, "I don't know what you're talking about. Idon't know of any 800 number that gets you WWV."

The government official told him what the telephonenumber was. The general manager called it and heard hisow n station. Astounded. he contacted the Mountain BellTelephone Company in Denver. Colorado. They said,"You're no t paying for any 800in-WATSnumber. We show303-499-7111 for WWV, but we don't have any 800-957-9999."

Mountain Bell checked it ou t an d sure enough, thenumber existed but not on their records. No one was gettingcharged for this! Now, of course, you know a monopoly aswell as I do-they ' re sure no t going to let anyone have a freeride. So they told the W A TS coordinator to find ou t whathappened. He finally made the discovery that sometechnicians had hooked that number up for transmissiontesting. [These switching technicians ar e toll technicians,AT&T Long Lines switching technicians, and carriersystems technicians. In other words, they're the group ofpeople wh o link switching centers together, from New Yorkto Los Angeles, for example. In this case, the wholeescapade was a kind of group effort. The switchmen and thecarrier people got together an d set up this number for

testing, finding noisy carriers, carriers with cross-talk onthem, etc.]Th e WA TS coordinator told them they'd better get this

number off - too many people knew about it. He told themto erase every 800 test line number that was on the system.No t surprisingly, someone also got chewed out veryseverely.

So, consequently, 800-957-9999 is no longer in existence., But since then, less than two weeks later, several of the 800i test numbers have begun to defiantly reappear. CheckI around, you'll probably find a few interesting ones. But II doubt if WWV's brief stint as a toll-free service will ever be! repeated.

Ahoy, folks! I f any o f you have everused an extender that goes by the nameof8006213129, you'd better give i t a callnow! The people running it have amessage for you. /l/SRf.'CiA RI l FIIIS:.10 T/d/W.\77'


5/6

2600 page 51'".,;I;on N I ~ [ytrl1.'tion Posit inn Nnw [ l I l rMion

Office of the President Director of advance Stephen M. Studden 7.S6SThe P r e ~ i d e n t Ronald Rea, ln 28S8 De:put)' director o( ad- Hugh L. O'Neill 756S

S p c c i ~ 1a ~ s i s t a n l D3vid C. Fischer 2168 vanceP e ~ r u lsecretary to Kathleen Osborne 28S8 A d m i n i s t r ~ t i v ea u s- CcCe B. Kremer 156S

the President tant

Office of the Counselor to (he PresidentTrip desi. off,cen Marti J. Frucci 7S65

Karen JOnel Robens 7S65CoYnsdor to the President Edwin Meese III 223S . Lynn SmalJpale 7565

Deputy counselor James E. Jenkins 7600 Advance s ~ f f Robert K. Gubitosi .7565A s . s i s ~ " tcounselor Edwin W. Thomas Jr . 2235 James F. Kuhn 7S65Special assistant Mitchell F. Stanley 223S

Dan Morris 1.s65A ~ ~ i s l Jnt to the President Craig L. Fuller 2823 Lanny F. Wiles 7S65

for Cabinet affairs Rocley D. Kuonea 7565Secrelary Adela Gonulez-Nardi 2823 DireCior or scheduling Gregory Newell 7560Assistant director T. Kenneth G ribb Jr. 2800 Deputy director of Tricia Rodgers 7560Administrative assis- Karen Hart 2823

tanU Nancy A. (Missy) 2800scheduling

HodappAdministrative auis- Cristy Valentine 7560

Dire:elOr o f plann ing and Richard S. Beal 6690lant

Staff assistanu Michael Castine 7560e v ~ l u a t i o n

frances ( fan) Snodgrass 1560Office of Chief of Staff Netta A. Dickey 1S60

Chief of staff James A. Baker II I 6797 Confident il l assistant Mary H. Rawlins 1560Executive assiSlant 10 Margarel D. Tutwiler 6797 P r e ~ i d e n t ' sdiarist Ellen Jones 7560

I he. chief of staff Appointment s s ec re - Helen C . Dona ldson 7560Sta,rassistanl Kathy Camalicr 6797 taryC ~ n f i d e n l i a lsecretary Margaret Olasscoc:k 6797 Staff directory (or the First Peter McCoy 6702

DefllJly 10 the chief o( stall' Richard G. Darman 2702 LadyAdministrative assis. Sara Currenc(: Emery 2702 A d m i n i ~ t r a t i v eassis Christine J. Hlthaway 6702

lant 13ntSe:cretary Janet F. McMinn 2702 Press ~ c c r c t a f ) ' She:ila P. Talc 7136

S ~ c j 3 1assiSlantlo the Jlmes W. Cicconi 2174 Assistant press secre- B a r ~ a r lCook '7136chid of st3ff 13r)'

Pr csidc nl ia I corresron Anne Higgins 7610 Pcrsortall'ecrClar)' Elaine Crispen 6633dence Social ~ c c r c t a r y MuRic Brandon 7064

Src,i;!1 presidential mes- Dodie I,..ivingston. 2941 A ~ ~ i ~ t : l n tl 'oc ial secre:- Lirtda faulkner 7064sages lar)'

Office of the Deputy Chief of Staff Scheduling director Nina \\'ormser 7910Deputy ehier of staff Michael K. Deaver 6475

Special projects Ann Wroble:ski 7905

Assistant to the dep- Jose:ph W. Canzeri 286) Office of the Vice Presidentuty chief of sJaff The Vice President George: Bush 7123

Staff assistant Sllirlcy Moore 6475 Elecuti\le assistant Charles G. (Chase) Un- 2517Srceial assistant 10 th e J a m e ~S. Rosebush ~ ? S 7 termeyer

President ror private ini- Chief of staff Danie:l J . Murphy 66061 iJI ivcs Dep uty chid of statT Richard N. Bond 7056

Elccutivc 3ssislanl Bcrnyce Fletcher 2957 11.1ilitar), assist3 nu Lt. Col. Michael D. Fry ~ 2 1 3Dlfeclor of srccial support Ed ....ard V. H id.e)' Jr. 2150 Lt. Col. William E d e n ~ 2 2 )

sc rVlces Counsel C. Boyden Orl), 7034Dcru1)" d i r c ~ ! o 'of Dennis E. LeBlanc 2150 Deputy counsel . Rafacl V. Capo 7034

special SUp;Xlrl se:r- Press secreta ry Peter Teeley 6772vices Deput)" press secre- S hi rl ey M Green 6772

Deput)' director of Col. Frank E. Millner 2150 tarymilil:!r} office Spcc;:ch""rilcr Christopher Buckle), 74S3

Army aide to , h ~ Lt. CoL JOl'e A. Muraui 2150 Domeslic policy adviser T h ~ d d e u sA. Garrett Jr. 2173Presidenl Jr. Assistanl domestic Mary S .Gall 7935

Air Force aide to the Maj. William M. 2150 polic), adviserPrc,idenl Drennan National security atTain Nancy Bearg Dyke 4213

NJvy aide 10 Ihe Pres;- Cdr. William R. Schmidt 2150 adviserdenl Congrnsional rel31ions as- Roben V. Thomp!>On 224-2424

Marine C O I ~aide to Maj. John P Kline Jr. 2150 sistantth.: Pr':,ldenl LC/;islativc a s s i ~ l a n t Su\an Alvarado 224-8391

P h y ~ i e i J n10 the Presi Dr. Da nicl R ugc: 2672 Assistant for aproinlments Jennifer Fitzgerald 7870denl and scheduling

: \ I i Iclcphor.:: numbcn arc on Ihe ' :)6 e ~ e h J n g celeCrt ' h ~ (marl.cd ..,.ith an asterisk. which are on Ihe 395- e.change . ndi ; , . ~ ' ~ ;! : ~ : r : : :; ~ : fun '

' - - ~ - --- --_ . . . . , . - - - - - - - - -Prul)cr tabbing is cxtrcmely important whcn IYI)ing u list. Aho\'C is un l'Xaml)lc of hlhs USl't! s l l c c l s s f l l l l ~ ' .


6/6

This here paKe is usually a continual ion a/page 5. However, when we gel a hlock husler s[orylike [he one below, we have 10 real/ocate ou r space. We knowyou'/Iunderstand. By the way,as long as we've go t you looking up at this part o.l the page. wh y no/ lake the lime 1 0 send U. fsome mail? Letlers. articles. information. old telephones. paintings. anything, r e a / ~ l ' .Youknow the address (it's on Ihe fronl page). Let's hear from you.

FBI VS. HACKERS(Continued/rom second page)Telemail. They caused fits within Telemail whenthey decided to get a little bi t cocky and see if theycould shut down accounts and change passwords ofthe administrators and things like that. From therethey have moved one step further to where they arenow the same individuals communicating through theADS systems and they also set up conference callsthrough the Bell System, so they're no t just attackingone particular system or one individual avenue ofcommunication - they try to hi t them all. It's anego trip fo r all of them.

Pen RegistersWe would pu t a pen register on the phone line of

the individual (suspect) and it would record only t h ~digits dialed on his telephone - we would no t use afull blown wiretap to record his voice. We can onlypu t a pen register on an individual's phone for like,thirty days before we have to go back to a judge andtr y to get an extension and we try to minimize theuse of ou r electronic surveillance equipment so thepublic does not think we're th e Big Brother of 1984.(laughter) It's coming. Actually, we're already

there! (hearty laughter)We have no t utilized any pen registers fQl' the specific purposes of going after abusers of th e ADSsystems. First off, we have to have an actual casepresented to us or a complaint. It's a roundaboutway of doing it, bu t it's the way that we, in thebureau, have to have somebody outside come tous. Otherwise we ca n carryon the whole investigation without IBM even being aware that we aremonitoring activity within their system and wedon't want to become that secret police, or anything like that. We want to be above board and workwith the corporations in the community.

or for services rendered or whatever to th e clientcompany - it stays on his record for a year, he's onprobation for a year and at the end of that, his recordis wiped clean. Rarely do they get the maximumpenalty. It just doesn't happen.

Do Me a FavorPlease do no t disclose any geographic location be-

cause we are kind of unique in that we do no t haveany other source available in an y other part of thecountry that could supply us with information likethis. He may be on e of 20 0 people, bu t if you identify Michigan you identify between 2 or 3 individualsand it ma y burn th e source.

We'd like to make it clear that we don't intend todo this kind of thing very often, since rumours aboutcertain people being informants are very common inthis business. But this is no rumour. This, friends, issolid fact - we would not have printed this story i f

,! we weren't able to substantiate the claims it makes,!and we had no trouble at all doing that. Our intent

in making this information known was no t to screw

up ,the FBI's fun (they're really not doing all thatmuch out of th e ordinary anyway), bu t rather toexpose a very dangerous individual who goes byth e name of Cable Pair (some say his real name isJohn Maxfield). This person has been posing as anextremely friendly hacker who lives in Detroit andis just bubbling over with technical information inexchange for your secrets. He claims to have beenon e of th e nation's first phreaks, which mayor ma ynot be true. He gives ou t his telephone numbersfreely, will do anything to communicate with some-

I body (like place conference calls from his ow nI rivate PB X system, provided yo u give him YOUR

phone number), and generally will use anything youJust How Much Trouble Are These Hackers In ? rsay to hi m against yo u in the future. Our advise isOn th e federal level we can prosecute them for : simple: stay the hell away from this person. Even if

telephone fraud (fraud by wire) if we can determine yo u haven't done anything wrong yourself, your lifethat the ADS is an ongoing business operation and can still be made miserable by him if you' re even susthat you are being denied your.just revenues by them pected o f having contact with wrongdoers.sneaking onto your system an d abusing your system. This latest turn of events has saddened u s - weTh e strictest penalty is a $1000 fine an d 5 years in thought Cable Pair would be a promising contributorjail for an actual conviction of 'fraud by wire vio- to this publication and instead we learned a valuablelation. Those are always lax - a more common lesson: don't trust anybody. Have fun, Cable Pair.sentence may be for an adult maybe a year in jail, Enjoy yourself. Just don't expect to see an y o f us18 months, or a fine, sometimes they get probation, . over at the Chestnut Tree Cqfe with you. You'r eor agree to pay back any fraudulent money obtained on your own now.

Documents

2600: The Hacker Quarterly (Volume 1, Number 1, January 1984)