%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % T H E E M P I R E T I M E S % % ------------------------------- % % The True Hacker Magazine % % % % August 20th, 1992 Issue III % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Editor in Chief: Albatross Co-Editor: {Spot is Open} Email: bbs.Alby@goonsquad.spies.com Staff: {Spot is Open} Dist. Center: The Empire Corporation =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Phile Description Size Author or Group - ------------------------------------------------ ---- --------------- 1 Introduction 1k Albatross 2 Warez Vs. Hackers 4k Daemon 3 ATM Thieft '92 Style 20k The Raven 4 How to Build a BUG Detector 3k The Gremlin 5 Hacking on the Milnet 7k Dispatar 6 What is CyberSpace 18k Hyperion 7 Summary of CFP-2 41k Steve Cisler 8 A Bit on Cordless Telefones 25k Tom Kneilel 9 Hacking Renagade & Teleguard BBS's 4k King Pin 10 Listing of Media Fax Machines in the USA 5k {Unknown} =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 1 of 10 Introduction Sorry for the phile to be so late but Hey Good Info is Hard to Come by and all ya'll wanna be hackers just sit around waiting to look kool with your latest copy of The Empire Times. That's Why I say, c'mon folks gimme the best of what ya know and show you fame and forture buy getting your name in a K00l guy mag like this and running around to all your buddies and telling them about how you know your shit (Or think you do) instead of Bullshit everybody..... WARNING: There is about a 80% chance that most boards in the Washington Metro area (202,703,301,410) has had there security compromised by either the FBI or the NSA due to the fact the NSA is located in Fort Meade,Md (Howard County), and the FBI HQ located in Washington, D.C. But this msg isn't to alarm anybody, all it is, is to note that any and all Highly secret info you might have, I'd suggest never talking about it on Boards or the IRC for the reason being is that some serious attention might be drawn to you.. Let me note that this info is for a FACT true... Just be very careful in what you say......... And ohh yes, Please send me any and all info you want published to me Albatross on The Empire.. I also can be reached on The Blitzkrieg BBS in Kentucky..... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I recognize that a class of criminals and juvenile delinquents has taken to calling themselves 'hackers', but I consider them irrelevant to the true meaning of the word; just as the Mafia calls themselves 'businessmen' but nobody pays that fact any attention." rab'90 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 2 of 10 Warez vs. Hackers If you call P/H BBS's, chances are you have seen the constant insults towards the so named "Warez D00ds". You also may have seen people going the other way, or talking about pirates or k0dez kidz. Well, what I'm trying to do is sort out all the classifications that are known to the hacking world, so that you may educate yourself towards the people of the hacking world. However, you must remember THERE ARE EXCEPTIONS. No one will always classify in one group and people do change. 1. Hackers vs. Pd Pd, or public domain, users, are the people you find walking down the street, sitting in the park, or serving you fries. The title "Pd" also generally refers to those modem users who are strictly legal, and usually know nothing of the underground beyond pirating. The only concern they have to hackers is their closeness with the police. These are the people that will report something if they see someone illegally login to a UNIX or something, or if their fone line starts acting weird. However, they also are the easiest of people to convert into our world. 2. Hackers vs. Pirates Pirates are the people who use copied versions of software illegally. The software can range from the latest copy of Uninvited to a nice copy of Turbo C++. Many hackers will use pirated versions of compilers, or other such useful software, but have to remember : if you are going to use someone else's software, something should come of it. Don't pirate unless it will benifit more then just you. Pirates are the tie between Pd users and Warez D00ds, which will be explained later. These people are on the line between easy and difficult to convert. 3. Hackers vs. Warez D00ds Warez D00ds are the people who use pirated and cracked versions of games. They are generally seen as people who waste their time playing games, with nothing better to do with their life. Because of this, they are looked down upon the most. What seperates them from pirates is that warez d00ds usually stick to games. These are almost the hardest to convert, however, they are not dangerous to us. As it has been said, they can serve as a buffer, and make people more worried about pirates then they are about hackers. 4. Hackers vs. Crackers These people are the intellegent and curious of the warez d00ds. These people are the ones that use their programming skils to remove the protections on games and such. They also are the people that "hack" into normal BBSes. Since this is almost pointless, it is obvious as to why it remains in the cracking realm. Hackers can use the skills if there happens to be a protect on a file that they want to use, but it is rare that this happens. Since these have the curiosity, they are easier to convert then warez d00ds. They are also the less mentioned of those in the underground, due to the fact that they are not too common, and not as easy to catch as the warez d00ds and pirates. 5. Hackers vs. K0dez Kidz K0dez kidz are the greatest danger to hackers and the underground world as we know it. These are the people that learn of how to hack into a UNIX system, or how to tamper with the fone lines, but do not take neccessary precautions and alert the Fone company and Pd users that hackers exist and are a danger. These are the people that cause the fone company to escalate their security. These are the prime example of power given to ignorance (next to P. Bush, that is). These are the most difficult to convert, and are not worth trying, as they do not have the neccessary drive or curiousity to push them into the hacker world. This is just a informative article, meant to help you with your move to create a better world for us hackers, and to help you find out who's your friend and who isn't. There is no copyright on this, all rights wronged, all fun meant to be explored, every route meant to be taken. - Daemon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 3 of 10 ATM's '92 Style AAAAAAA TTTTTTTTT MMM MMM ''' A A TT MMMM MMMM ''' A A TT M M M M ' SSSS AAAAAAAAA TT MM M M MM S A A TT MM MM MM SSSS A A TT MM MM S A A TT MM MM SSSSS THE REAL FILE FOR ATM THIEFT IN 1992!! WRITTEN BY: THE RAVEN =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-===--=-=-=-=-=-= NOTE: There has been a few files written about how to 'RIP OFF' ATM's of some sort but this file will not contain technical shit on the card tracks or a xxxyyyooo17ss type of format. This text will tell you how to rip off ATM's with out all of that technical stuff that you can't really use because most of the stuff are too hard. So I give you methods on how you can defeat ATM's with things you may or may not need to pay a-lot for! This file is real unlike a file I came accross that a user uploaded on Blitzkreig called KRAD#1 which I feel was written by 10year olds. That file is totally SHIT! Now there was a-lot of Valid writers on the subject of ATM's but I feel they were on the subject of PINs & PANs which is very hard to do right. NOTE II: ATM theift is a Federal Crime and the Government doesn't like there funds fucked with. The author does not, DOES NOT bare responsiblity for the misuse of the information, if you are able to commit any of the crimes listed then your able to be responsible for your own damn actions! Dont tell'em I made you do it! THE RAVEN +=======+ INDEX ----- I. Con Jobs II. Physical Methods III. Electronic & Computer Scams IV. Bogus Cards, Getting PINs V. Authors Note --------------------------------------------------------------------------- I. CON JOBS New York City (My Home!) is the leader in ATM con jobs. Altogether, about 2,000 Citibank users were victimized by ATM con artist in one years time for a tune of $495,000!!So I'm going to spread some light on what and how these cons are pulled off. Method 1: THE "DEFECTIVE ATM" CON A con method popular with Citibank ATMs netted one con artist $92,000- with the unwitting assitance of his 374 victims. The scheme works in lobbies with more than one ATM, and a service phone. The well dressed and articulate con man poses as a legit user and stands between two ATMs, pretending to be talking to the bank service personnel over the service phone. After a user inserts his card into the ATMs card reader slot he tells his that the machine is not working. The user withdraws his card leaving the ATM activated. THe con man then observes theuser enterring his PIN into the adjecent ATM. Then, still holding the phone, the con man enters the users PIN into the first ATM. In make-believe conversation with the bank, the con man acts like he is receiving instructions from the bank. To complete the theft he talks the user (major social engineering!) into entering his card into the first ATM again to "test" or "clear" the ATM. He claims that bank personnel think that the user's card "locked up" or "jammed" the ATM and or that ATM may have made the users card defective, and the insertion of it is required to "unlock" or "unjam" the ATM and/or to verify that the user's card is still vaild. After the users leaves, the con manenters into the keypad and withdraws the maximum daily amount from the users account. This only works on Citibank ATMs cause they don't take the users card, but once the card is slipped in the ATM is activated. Method 2. PHONE PIN-EXTRACTION SCAMS Another popular con is for the con man to call up an ATM user whose card he's found or stolen. He identifies himself as a police officer, and obtains the PIN from the user by stating that it is required by law to verify the card owner. This works really well if you can bullshit them good like act like you have to do something and tell them to call you right back (on a loop!) and have a friend answer as the police station! Method 3. THE BANK DICK CON A subject was recently was recently convicted in N.Y. and Boston of defrauding ATM accounts of $150,000. He dubed over 300 ATM users into believing he was a bank security officer who needed assistance in the apprehending of a dishonest bank employee. The users were convinced to leave their bank cards under the locked door of the bank. The con man would then "fish" the cards out. The next morning the con man would have someone make a phone call to the card holder saying that they have caught the employee and dective "hacker" would like to thank you to. But since the employee did come is contact with there card the bank is going to give them a new PIN # after the get the old one! Then the con man's helper would say come pick up your new card and we will tell you your new PIN #. II. Physical Methods Some folks just dont like to outsmart a system or person. They prefer the more physical approach by either breaking or removing the ATM. The hazards are obvious-several built-in silent alarms,heavy stainless steel safe like construction, the amount of commotion and noise that results from their efforts, hard to dispose of evidence, etc. Those who have the most success with physical methods, plan and execute their operation as if it were commando mission. The methods described below can also be used on night depositories, payphones, dollar changers, candy machines, parking meters,etc. Physical attacks must be completed within 10 minutes as ATMs abound with vibration, heat and proximity detectors, and most are silent. To defeat any internal alarm mechanism,refer to the phone tapping approach (described in detail later) that hooks-up both the ATM and main computer to a programmed micro. So while Hood one is ripping-off or -up the ATM, the micro is whispering sweet nothings to the main computer. NOTE that not all ATM alarms transmit thru the ATM como lines, particulary with thru-the-wall ATMs. To minimize the noise and commotion, heavy blankets(used by movers) can be drapped over the ATM. Method 1. SUPER COLD GASES Liquid nitrogen can be used. It is simply poured onto or into the offending part of the ATM and when it hits 100 degrees or so, a sledge or a ballpeen hammer is smartyl slammedin to. THe metal SHOULD shatter like glass. Then one just simply reaches in and examines the untold riches stored inside. Super-cooled gases can also wreck havoc on electronics, cameras and films, and bullet-proof glass, and can be purchased from suppliers of medical and chemical supplies. Method 2. WATER & ICE We have also herd that pouring warm water into an isolated ATM on a very cold night is effective. When water freezes, it expands with a terrific force, and will shatter or tear apart anything made by man. The water is poured or pumped in thru the card slot or cash dispenser. It is heavily mixed with wood shavings or fiberglass to stop-up any drainage hole in the ATM. Leaks can also be plugged up with window putty or bubble gum. Method 3. MORE FREEZE METHODS ATMs use ACE locks (the ones found on most vending machines, the circle type lock) Freon works on these locks. Somw outlaws empty a can of freon into an ATM lock, pound a screwdriver into the key way, and wrench the lock out. And motor-driven ACE lock pick will vibrate pins into the right positions withine a few minutes. The ACE lock picks can be aquired from STEVE ARNOLDS GUN ROOM call (503)726-6360 for a free catalog they have a-lot of cool stuff! Method 4. ACETYLENE & DRILLS ATMs are notorisly vulnerable to attacks using acetylene torches. With most ATMs no more than 5 minutes are required for the entire job! And most ATMs can be drilled out in under 15 minutes, using carbide bits and high rpm drills (check on my SAFECRACKING text to see more about drilling.). Method 4. SHAPED CHARGES Placing shaped charges on each support and detonating them all at the same time liberates the ATM. You can firgue this out by yourself.You can also check most BBS's to find out how to make explosives but I wouldn't recommed it, since most of the expolsive files I've seen are inaccurate and leaves out MAJOR measurements and cautions! Your best best is to use black powder that you can get form almost all gun stores. Method 5. BLOCKING THE DISPENSER Some ATMs use money drawers. The ATM outlaw screws or epoxies the drawer solidly shut, at the onset of a busy three-day holiday. At the end of each night he returns and he removes the money by unscrewing or with a hammer & chisel, shatter the epoxy bond. III. ELECTRONIC & COMPUTER SCAMS Scarcely a week goes by that I don't hear about one scheme or another successfully used by phreaks & hackers to penetrate large systems to access data banks and to perform various manipulations. Although we have only been able to verify one or two of the methods that we will discribe, numerous cases have arisen in recent years in which an ATM was defrauded with no evidence of a hardware or software bug to account for the robbery. The outlaw can use several approaches. One is to use wiretapping. Another is to obtain the secrets of the cipher, or hardware or software defeats to the system and proceed accordingly. Another one that works with banks is to set up phony debit accounts and program the computer to beleive that the debit accounts are full of money. Then when a three day weekend comes around proceed with friend to deplete all of these debit accounts by making various rounds to ATMs. Electronic frauds of ATMs require an excellent technical understanding of phone and-or computers all of which you can obtain from worthy underground news letters such as TAP, and 2600, etc. OR from a H/P BBS. "Tapping" or "wiretapping" consists of the unauthorized electronic monitering of a signal (voice or digital) transmitted over a phone or computer (commo) circuit. A "tap" is the monitoring device that does this. Athough a tap is usually placed somewhere on a phoneline or junction box, it may be placed inside of a phone, modem or computer. With the advent of isolated stand-alone ATMs (with vulnerable phone lines, including POS terminals) and computer technology. The phone circuits that connect ATMs to their host computer (located in the banks data processing center) can be tapped anywhere between the two. An "invasive tap" is one in which a hard electronic connection is made between the tap and the commo circuit. A "non-invasive" tap is one in which an induction loop or antenna is used to pick up the EMI generated by the signal, and there is no physical connection between the commo circuit and the line. A "passive tap" is one in which the tap simply tramits to a recorder or directly records the tapped signal and in no way interfers with it. An "active tap" is one in which the tap ALSO interferes (changes,adds to or deletes) the tapped signal in some way. Active taps are more sophisted. A typical ATM active tap is one that records a signal, the later plays it back over the line. Be sure to look for my text "HIGH TECH TOYS" it lists were to get things that are VERY hard to get or things that you may need a license to obtain without those hassles all you need will be money! Method 1. PASSIVE TAPS All tapped ATM transactions are recorded over a period of time (but not interfered with). Once the serial protocal and MA codes are understood, the transmitted data is decrypted (if encrypted) using known entry data to the ATM. Note that some systems use a MA code that is complex and very difficult to crack. Messages to and from the ATMs host computers are composed of various fields. One field identifies the transaction type, one the PIN, one the PAN, one the amount, one the approval code, one the transaction number and perhaps other fields. In most systems, either nothing is encrypted or only the PIN field. In others, the entire message is encrypted. The ATM/host circuit is monitored over a period of time to deterive PINs,PANs and other entry data of other ATM users based upon (decrypted) transmitted data. Phony debit cards are then made to defraud ATM accounts with known PINs and PANs. Method 2. ACTIVE TAPS Active tapping is one method of spoofing. The c4ritical part of the host computer's message are the approval and amounts fields. The critical parts of the ATMs transmission are the continuous transmission it makes to the host computer when NO one is using it to indicate that it is OK, and the PIN and amount fields. Booth good and bad cards and good and bad PINs are entered at various times and days to differentiate between the various massage components. Various quiescent periods is also recorded. Once the message structures are understood, a computer is then substituted to act as both the host computer and the ATM. That is, a computer is then connected between the ATM and the host computer. This computer acts like the host computer to the ATM, and like the ATM to the host computer. An accomplice uses the ATM to go thru the motions of making legitimate transactions. If his procedures are correct, the ATM communicates, with the host computer for permission to discharge the money. Several methods: (A) The phreaker changes the approval field in the hosts message to OK the transaction regardless of its real decision. The phreaker may interdict the message regardless of iits real decision. The phreaker may interdict the message from the ATM to tell the host that the ATM is inactive while it interdicts the host message to tell the ATM to disburse the cash. Since the ATM is no longer connected to the host computer, and the host computer believes that it is talking to an unused ATM (or one engaged in balance inquiry transaction), no monies will be deducted from any debit account, no denials will be made based upon daily maximum limits, and no alarm will be sounded due to suspicious behavior. Even if the ATM sounds an alarm, the host computer wont hear it as long as the phreaker is whispering sweet nothings into its ear. Also by using this method, as long as the PIN & PAN check digits are legitimate ones based upon the ATMs preliminary and cursory checks, the PINs and PANs themselves can be phony because the host won't be there to verify legitimacies! That is no legal PINs and PANs need be known nor the algorithm for encrypting PINs. (B) The ATMs message is replaced by a previously recorded legitimate transaction message played back by the phreaker. The cash is despense as before. The play back method won't work if the encryption or MA process embed a transaction, clock or random code into the message, making all messages unique. (C) The phreaker/hacker changes the PIN field in the ATMs message to a legitimate PIN of a fat-cat like DONALD TRUMPs account. The phreaker/hacker then withdraws someone else's money. (D) The phreaker/hacker changes the amount field in the ATMs message to a much lower one, and then changes the amount field in the host's message back to the higher amount (debit transactions- the opposite changes are made for credit transactions). Sooo the phreaker can withdraw $200 from his account with only $10 actually debited from it by the host. He can then make many withdrawals before the host cuts him off for exceeding the daily max. Method 3. TEMPEST IV A thin induction pick-up coil, consisting of many turns of one thickness of #28 or thinner enamel wire sandwiched between two self-adhesive labels, no larger than a debit card, can be inserted at least part way inside the card slot of most ATMs. This coil is then used to "listen in" on the electrical activity inside of the ATM to try to determine which signals control the release of money. Using this same coil as a transmitter anteenna, these signals are then transmitted ti the realse logic to activate it. It is believed that a thin coil about the size of a dime can be maneuvered quite a ways inside most ATMs for sensing purpose, and that small metal hooks have also been fed into ATMs to obtain direct hookups to logic and power circuits. It is believe that some outlaws have obtained ATM cards. They then machined out the inside of the cards, except the magnetic strip. They then place flat coils inside the machined out area. They then monitor the coils during legitimate transactions. They can also use the coils to transmit desired signals. This is kind of the method used in TERMINATOR 2. IV. BOGUS CARD, GETTING PINs Almost all credit cards now come with either a hologram or an embedded chip ("Smart Card"), and are thus nearly impossible to counterfeit to date. However, since most debit cards are not optically read by ATMs, they are much easier to counterfeit. To counterfeit a card the following is needed: (1) A card embosser, which can be readily obtained from commercial sources (see "Embossing Equipment and Supplies" or similar in the Yellow Pages) without question asked. A used, serviceable embosser ran use $210 + shipping & handling. (2) A magnetic stripe decoder/encoder (skimmer), which can be purchased from the same company as the embossing equipment or just look in the back of Computer Magazines. (3) PIN checkers are not known to be available to the general public. However, if one were stolen, the user could guess at card PINs by trial-and-error effort based upon the knowledge of how PINs are derived. (4) PANs,PINs and ciphers, which can be obtained from a number of ways usually involving theft. About 50% of ATM users write their PINs either on their debit card or somewhere in there wallet or purse. And most user-chosen PINs are easily guessed. The encrypted PINs can be directly lifted or read from the magnetic stripe, and the encryption scheme determined by comparing the encryption with the known PIN # of a dozen or so cards. V. NOTE Now this text covers the file that I have put together on ATMs but I know that there is more on the subject that I have left out either because I dont want to put it or because my staff: The High-Tech Hoods did get or know the info. now I am open to suggestions for ATM 2 but I dont want any ideas I want proof. !! Then I'll publish it and give credit where credit is due. I can be reached on the following bbs's: Blitzkreig (502) 499-8933 RIPCO (312) 528-5020 Those bbs's get my files first run!!! C Ya and remember dont get caught!! Look for my other files: Burglar Alarm Bypass prts. 1,2 & 3 SafeCracking Van Eck Phreaking (will appear in TAP) Counterfeiting prt 1. & prt 2 High-Tech Toys Sources List The Raven Reports 1-??? Comming Soon: Stopping Power Meters KW-HR METERS ^ Liberate Gas & Water Meters Cons & Scams Shoplifting and what ever you want info on! THE RAVEN +=======+ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 4 of 10 Building a Anti-BUG This file Presented by METRONET system (301)-944-3023 The bug's that this device detects are Infinity transmitters, read the Infinity transmitter bulletin for more info. :::::::::::::::::::::::::::::::::::::: : : : How to build a Bug Detector : : : : by : : : : The Gremlin : : : :::::::::::::::::::::::::::::::::::::: Warning: This formatted for 80 column and upper/lower case capabilities... ][][][ Basic theory ][][][ Because most bugs are triggered through certain frequencies, it is very simple to build a small sweeping device that will trigger any bug present. The two IC's are what create the oscillating tone. The IC1 operates at .8 Hz where the IC2 runs at about 10 Hz. Frequency is determined by this formula: f=1.44/(R1+2R2)C) f measured in Hertz, R in megohms, and C in microfarads The oscillation can be varied by the voltage placed upon pin #5. This is how we create the wave sound. When voltage goes up, so does the frequency, and vice-versa. Normally, the output pin 3 is a square wave. Since we need varying wave at pin #5, we need a triangular wave. We get this through integrating the square wave created at pin #3 of IC1. It is acheived by D1, D2, R3, R4 and C2. This varying output is fed into the phone line by transformer T1 which has an 8 ohm winding going to pin #3 of IC2 and the 500 end to a 0.1 microfarad capaci- tator at the phone line. Enuf talk..let's get movin! ][][][ Schematic Design ][][][ +9v __________|_____________________________ | _|__|_ _|__|_ | R1 | 4 8 | _||R2__R4__| | | | | R2 | ic1 | | | ic2 | R6 D3 | +-+6 | ___| | 6+-+ | V | | | | | | | | | - +---+-+7 | | +--+3 7+-+-----+----+ | |___1__| | | |___1__| | | | | | | C4 | | | | | ^ C1 | C2 T1 _|_._C3|(_. | ^ | ^ 8--500<_|_. | |_________|______________|__|______|__________| | -G- ][][][ Parts List ][][][ C1 10-uF electrolytic capacitator 25 WDVC C2 300-uF electrolytic capacitator 25 WDVC C3 0.1-uF capacitator C4 0.068-uF capacitator D1-D3 1N914 IC1,IC2 555 timers R1, R4-R6 1-kilohm resistors R2 91-kilohm resistor R3 22 kilohm resistor T1 500-to-8 ohm audio output transformer ][][][ Construction ------------ When building this unit, it is very useful to use a breadboard or vector board. I suggest that leads being connected to phone line (T1, C3) end in a jack or a modular connector to make the hookup easier. To test it, hook it to the phone line (not the suspected line) and call the line you suspect is being bugged. The party you are calling should not answer the phone. Now, the unit is activated. 3 times, every 4 seconds, the oscillator will go up to 10 kHz and back down again..like a bell curve..If there is a frequency sensitive bug on the line, the phone will stop ringing, and you will be able to hear everything said in the room. If the phone keeps ringing, chances are that all is fine..unless the bug requires a multi-frequency trigger..but these are very rare.. So, we can see that 415-BUG-1111 really does work! It creates the tone..any click heard is the Phone Co's (or whoever is bugging) speaker/tape recorder picking up! Have phun, and hope it helped! The Gremlin ...call the Gremlin's Lair..201-536-7794..today!... [Thanks again Metronet!] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 5 of 10 The Milnet ][=-----------------------------------------------------------------------=][ ][ ][ ][ Finally it's here.......... ][ ][ /\/\ /\/\ ][ ][ / \ / / ][ ][ \/\/\/il\/\/et ][ ][ by: ___ __ ______ ][ ][ __) / _` / ____/ ][ ][ __)rigadier \__eneral / /wipe ][ ][ ______________________/ / ][ ][ /_______________________/ ][ ][ (aka: Dispater) ][ ][ ][ ][ Thanx to: no one! G.D.I. (God Damn Independant) ][ ][ ][ ][=-----------------------------------------------------------------------=][ Into: ----- First of all Milnet is a system used by the Air Force and the Pentagon for communication use. You know you are on milnet when you see that infamous TAC login xxx. Milnet is run out of the University of Southern California, (this might give some of you some ideas who live around there). Logon Info ------------ The Milnet number is 1-800-368-2217. The ISI MASTER DIAL UP IS 213-306-1366. This is a more tricky logon procedure but if you got balls, you're using a trunk box, or you are just S-T-U-P-I-D here goes: ISIE MASTER LOGON PROCEEDURE ---------------------------- 1> call 213-306-1366 2> when the phone stops ringing you are connected 3> enter location number (9 digits) + 1 or 0 4> hang up and it will call you 5> pick up the phone and hit the '*' on your phone 6> hit a carriage return on the computer 7> at the 'what class?' prompt hit RETURN!!! 8> then a 'go' prompt will appear and log on as you would the 800 number. MILNET LOGIN PROCEEDURE ----------------------- If you have trouble connecting try 300 bauds instead of 1200. It's a bite in the ass but, sometime the connection will fuck up if you don't. When you first connect you will see: 'WELCOME TO DDN. FOR OFFICIAL USE ONLY.TAC LOGIN CALL NIC 1-800-235-3155 FOR HELP WRPAT TAC 113 #:36 (you type) @o 1/103 YOU ALWAYS TYPE @o then other connections are: ISIA 3/103 ISIB 10:3/52 ISID 10:0/27 ISIE 1/103 (THE EXAMPLE) ISIF 2/103 VAX A 10:2/27 ------------------------------------------------------------------------------- Next you will see a 'USER-ID' promt. The first 4 characters vary but it is is always followed by a '-' and what ever connection you choose. User-Id: (example) CER5-ISIE or MRW1-ISIE The first three letters are the initials of the user followed by a random number (1-9). ------------------------------------------------------------------------------- Access Code: (example) 2285UNG6A or 22L8KK5CH An access code will never contain a ( 1, 0, G, Z). ------------------------------------------------------------------------------- @ USERNAME + PASSWORD IE USERNAME SAC.305AREFW-LGTO THE USERNAME EXPLANATION: The first 3 letters will be SAC. This stands for Strategic Air Command. Followint that is a '.' Then the squadron number and the prime mission. In this case '305AREFW', (305TH AIR REFULING WING). Then a '-' and the Individual Squadron name 'LGTO' (LOGISTICS GROUND TRANSPORATION OPERATIONS), a fancey name for the motor pool. I'll try and get a list of these there are tons of names. The password will not be echoed back and should be entered after a the username. The new user password as a default is: NEW-UZER-ACNT ------------------------------------------------------------------------------- +-------------+ THINGS TO DO: PROGRAMS AVALIABLE TO SAC USERS: +-------------+ and what they are for copied direcly from the help manual ADUTY aids in management of additional duty assignments. (International help - use the ? and keys, HELP.) ARCHIVE requests files to be stored on tape for later retreval. (Type HELP ARCHIVE at TOPS-20.) CHAT Provides near real time communication between terminal users on the same host computer. (Use ? with CHAT.) DAILY Executive appointment scheduleing program DCOPY Handles output on DIABLO and XEROX printers EMACS Powerful full-screen text editor FOLLOW Suspense follow up program FTP provides file transfer capabilites between host computers FKEYS allows user to define function key (real spiffaruni) HELP the command used by stupid generals or hackers that have never used milnet before HERMES E-Mail NCPCALC spreadsheet program PHOTO saves transcripts of sessions REMIND sends user-created reminders RIPSORT a sophisticated data sorting program (Described in SAC's User manual (sorry)) SCRIBE a powerful text formatter for preparing documents. (ISI's manual, SCRIBE manual - soon on MILNET V.2) SPELL text file spelling checker. (HELP at TOPS-20 and directory international help -?) SUSCON allows the creating, sending, and clearing of suspenses. (international help - ? and , HELP command) TACOPY used for printing hard copies of files (international help - ?) TALK pretty much the same as chat. TIPCOPY predecessor of TACOPY TEACH-EMACS (SELF EXPLANITORY: GIVES LIST OF COMMNADS) TN Tel-Net provides multi-host access on MILNET. (HELP at TOPS-20 and directory, international help - use ? and ) XED line oriented text editor. (HELP at TOPS-20 and directory) LOGGING OFF ------------ TYPE: @L (PRETTY TOUGH HUH?) +------------------+----------------------------------------------------------- The Milnet ID card If you should be trashing somewhere and find a card that +------------------+ looks like this, then save it. (it will be blue & white) _______________________________________ / \ It's also wallet sized so you may HOST USC-ISIE 26.1.0.103 wish to mug someone who you know HOST ADMINISTRATOR GORDON,VICKI L. is in the air force..haha! --------------------------------------- (just kidding!) DDN CARD HOLDER: REID, CALVIN E, 1st LT. CARD 118445 --------------------------------------- USER ID:CER5-ISIE ACCESS CODE:2285UNG6A USERNAME: SAC.305AREFW-LGTO PASSWORD: NEW-UZER-ACNT \_______________________________________/ ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 6 of 10 What is CyberSpace What is Cyberspace? David G.W. Birch & S. Peter Buck, Hyperion 1 WHAT IS CYBERSPACE? Introduction In a recent issue of the Computer Law & Security Report [1], Bernard Zajac suggested that readers might want to peruse some of the "cyberpunk" novels-in particular the works of William Gibson-in order to gain an insight into the organisation and behaviour of hackers. While wholly commending the incitement to read Gibson's work, we feel that this view understates the breadth of vision of the cyberpunk genre and could mislead, because the "console men" and "keyboard cowboys" of Gibson's works are not really the same people as the hackers of today. We thought it might therefore be both entertaining and stimulating to provide readers with an overview of the world of cyberspace and to draw attention to some elements of the works where we feel that there are indeed some points worth further analysis and discussion. Is it possible that, like Arthur C. Clarke's much vaunted prediction of the communication satellite [2], Gibson has produced works which are not so much science fiction as informed prediction? Gibson is not the only cyberpunk author, but he has become probably the most well-known. Essential reading includes his books Count Zero [3], Neuromancer [4], Burning Chrome [5] and Mona Lisa Overdrive [6]. For readers new to the subject, Mirroshades [7] is an excellent anthology of cyberpunk short stories which gives an overview of the spectrum of cyberpunk writing. Cyberspace Description Cyberspace is an extension of the idea of virtual reality. Instead of seeing computer data converted into pictures that come from human experience (as in a flight simulator), or extensions from human experience (such as the "desktop" metaphor used with personal computers), cyberspace comprises computers, telecommunications, software and data in a more abstract form. At the core of cyberspace is the matrix or the Net: "The Net... joins all of the computers and telephones on Earth. It is formed by radio, telepho and cellular links with microwave transmitters beaming information into orbit and beyond. In the 20th century, the Net was only accessible via a computer terminal, using a device called a modem to send and receive information. But in 2013, the Net can be entered directly using your own brain, neural plugs and complex interface programs that turn computer data into perceptual events" View From the Edge, [8]. In several places, reference is made to the military origin of the cyberspace interfaces: "You're a console cowboy. The prototypes of the programs you use to crack industrial banks were developed for [a military operation]. For the assault on the Kirensk computer nexus. Basic module was a Nightwing microlight, a pilot, a matrix deck, a jockey. We were running a virus called Mole. The Mole series was the first generation of real intrusion programs." Neuromancer, [4]. "The matrix has its roots in primitive arcade games... early graphics programs and military experimentation with cranial jack" Neuromancer, [4]. Gibson also assumes that in addition to being able to "jack in" to the matrix, you can go through the matrix to jack in to another person using a "simstim" deck. Using the simstim deck, you experience everything that the person you are connected to experiences: "Case hit the simstim switch. And flipped in to the agony of a broken bone. Molly was braced against the blank grey wall of a long corridor, her breath coming ragged and uneven. Case was back in the matrix instantly, a white-hot line of pain fading in his left thigh." Neuromancer, [4]. The matrix can be a very dangerous place. As your brain is connected in, should your interface program be altered, you will suffer. If your program is deleted, you would die. One of the characters in Neuromancer is called the Dixie Flatline, so named because he has survived deletion in the matrix. He is revered as a hero of the cyber jockeys: "'Well, if we can get the Flatline, we're home free. He was the best. You know he died braindeath three times.' She nodded. 'Flatlined on his EEG. Showed me the tapes.'" Neuromancer, [4]. Incidentally, the Flatline doesn't exist as a person any more: his mind has been stored in a RAM chip which can be connected to the matrix. Operation So how does cyberspace work? As noted previously, you connect to the matrix through a deck which runs an interface program: "A silver tide of phosphenes boiled across my field of vision as the matrix began to unfold in my head, a 3-D chessboard, infinite and perfectly transparent. The Russian program seemed to lurch as we entered the grid. If anyone else had been jacked in to that part of the matrix, he might have seen a surf of flickering shadow ride out of the little yellow pyramid that represented our computer." Burning Chrome, [5]. "Tick executed the transit in real time, rather than the bodyless, instantaneous shifts ordinarily employed in the matrix. The yellow plain, he explained, roofed the London Stock Exchange and related City entities... 'Th's White's,' Tick was saying, directing her attention to a modest grey pyramid, 'the club in St. James'. Membership directory, waiting list..." Mona Lisa Overdrive, [6]. Is this view of operating computers and communications networks by moving around inn ethereal machine-generated world really that far-fetched? When the first virtual reality (VR) units for personal computers will probably be in the shops by next Christmas? If you still think that VR is science fiction, note that British television viewers will shortly be tuning in to a new game show (called "CyberZone") where the digital images of teams of players equipped with VR helmets, power gloves and pressure pads will fight it out in a computer-generated world (built using 16 IBM PCs fronting an ICL master computer). Cyber World Organisation The world of cyberpunk is near future (say, 50 years at the maximum) Earth. Nation states and their governments are unimportant and largely irrelevant. The world is run by giant Japanese-American-European multinational conglomerates, the zaibatsu. Gibson frequently uses Japanese words and Japanese slang to reinforce the expanding role of Japan in the world and in society. In the same way that business has agglomerated on a global scale, the mafia have merged with the Japanese gangs, the yakuza. The zaibatsu are in constant conflict and the yakuza are their agents: "Business has no stake in any political system per se. Business co-operates to the extent that co-operation furthers its own interests. And the primary interest of business is growth and dominance. Once the establishment of Free Enterprise Zones freed corporations from all constraints, they reverted to a primal struggle, which continues to this day." Stone Lives, [9]. Far fetched? Again, not really. Even as we sat down to write this article, the Chairman and Vice-Chairman of Nomura (the world's largest financial institution) were resigning because of their links with organised crime: "Sceptics say that four decades of accommodation between police, politicians and yakuza will not be overturned simply by new legislation. There are believed to be almost 100,000 full-time gangsters in Japan, a quarter of whom belong to the Yamaguchi-Gumi, a mammoth organisation with 900 affiliates and a portfolio of operations ranging from prostitution, drugs and share speculation to run-of-the mill protection rackets" [10]. Herein lies a major feature of Gibson's books. The cyber jockeys are not student pranksters or teenage hackers messing about with other peoples' computers for fun or mischief (The Lord of the Files, [11]): by and large they are either working for the zaibatsu or the yakuza and their (for profit) activities revolve around industrial espionage and sabotage. Information A fundamental theme running through most cyberpunk literature is that (in the near future Earth) commodities are unimportant. Since anything can be manufactured, very cheaply, manufactured goods (and the commodities that are needed to create them) are no longer central to economic life. The only real commodity is information. In fact, in many ways, the zaibatsu are the information that they own: "But weren't the zaibatsu more like that, or the yakuza, hives with cybernetic memories, vast single organisms with their DNA coded in silicon?" Neuromancer, [4]. Naturally, with information so vital, the zaibatsu go to great lengths to protect their data. In Johnny Mnemonic, one of Gibson's short stories, the eponymous "hero" has data hidden in his own memory to keep it safe from the yakuza: "The stored data are fed in through a series of microsurgical contraautism prostheses.' I reeled off a numb version of my standard sales pitch. 'Client's code is stored in a special chip... Can't drug it out, cut it out, rture it out. I don't know it, never did." Johnny Mnemonic, [12]. With information so fundamental to the business world, the mechanics of business are vastly different from those we know at present. In our current product- and service-based business world, we are used to dealing with items that can be stamped, traced, taxed, counted and measured. When the primary commodity is information, these attributes no longer apply and the structure of the business world is different. This has already been recognised by many people, including the well-known management consultant Peter Drucker [13]: "So far most computer users still use the new technology only to do faster what they have done before, crunch conventional numbers. But as soon as a company takes the first tentative steps from data to information, its decision processes, management structure and even the way it gets its work done begin to be transformed." Net Running Hacking is too trivial and undescriptive a term to use for the unauthorised and illegal activities of the cyber jockeys in cyberspace. A much better terms is "Net running". "They found their 'paradise'... on the jumbled border of a low security academic grid. At first glance it resembled the kind of graffiti student operators somimes left at the junction of grid lines, faint glyphs of coloured light that shimmered against the confused outlines of a dozen arts faculties. 'There,' said the Flatline. 'the blue one. Make it out? That's an entry code for Bell Europa. Fresh, too." Neuromancer, [4]. Everywhere in the Net, there is "ice". Ice is security countermeasures software. The Net runners spend most of their time in the matrix encountering, evaluating and evading these countermeasures. The encounters with ice are brilliantly described in many of Gibson's books: "We've crashed her gates disguised as an audit and three subpoenas, but her [the organisation being attacked] defences are specifically geared to deal with that kind of intrusion. Her most sophisticated ice is structured to fend off writs, warrants, subpoenas. When we breached the first gate, the bulk of her data vanished behind core command ice... Five separate landlines spurted May Day signals to law firms, but the virus had already taken over the parameter e... The Russian program lifts a Tokyo number from unscreened data, choosing it for frequency of calls, average length of calls, the speed with which [the organisation] returned those calls. 'Okay,' says Bobby, 'we're an incoming scrambler call from a l of hers in Tokyo. That should help.' Ride 'em cowboy." Burning Chrome, [14]. The best ice contains elements of artificial intelligence (AI): "'That's it huh? Big green rectangle off left?' 'You got it. Corporate core data for [another organisation] and that ice is generated by their two friendly AIs. On par with anything in the military sector, looks to me. That's king hell ice, Case, black as the grave and slick as glass. Fry your brains as soon as look at you." Neuromancer, [4]. These descriptions cannot be seen as predictions: they are just straightforward extrapolations based on current technology and trends. Predictions So what are the core "predictions" of cyberpunk and do they have relevance to security strategies today? Computer and communications technology is already at a point where the Net is only a few years away. Charles L. Brown, the CEO of AT&T, put it like this: "The phone system, when coupled with computer technology, permits a person almost anywhere to plug in to a world library of information... Just around the bend is an information network that would increase the range of perception of a single individual to include all of the information available anywhere in the network's universe." [15]. The development of the corrate world so that information becomes the primary commodity is already underway. This does have implications for planning, because too many existing risk management policies are asset-based. As it is easier to value a computer than value the information it holds, too much effort has gone into valuing and protecting physical assets rather than information assets. Already, there is a good argument for saying that the information assets are the key [16]: "A new concept of business is taking shape in response to the info-wars now raging across the world economy. As knowledge becomes more central to the creation of wealth, we begin to think of the corporation as an enhancer of knowledge." How will the information assets be valued? How will the world of mergers and acquisitions deal with the problem of rate of return on "intangible" assets. An interesting parallel can be drawn with the relatively recent attempts to value brand names and include the brand names as assets on balance sheets. The legal sector is probably even further behind than the security sector. With the legal system already struggling to catch up with the developments in computer and communications technology, it is hard to imagine how it could come to terms with cyberspace: "As communications and data processing technology continues to advance at a pace many times faster than society can assimilate it, additional conflicts have begun to occur on the border between cyberspace and the physical world." [17]. In fact, these conflicts are already causing many problems as evidenced by recent events and court cases in the U.S. [18]: "Do electronic bulletin boards that may list stolen access codes enjoy protection under the First Amendment?" "How can privacy be ensured when computers record every phone call, cash withdrawal and credit-card transaction. What "property rights" can be protected in digital electronic systems that can create copies that are indistinguishable from the real thing." " Ten months after the Secret Service shut down the [electronics bulletin boards], the Government still has not produced any indictments. And several similar cases that have come before the courts have been badly flawed. One Austin-based game publisher whose bulletin board system was seized last March is expected soon to sue the Government for violating his civil liberties." Summary We hope that this brief overview of the world of cyberpunk has done justice to the excellent books from which we have quoted and encouraged some readers to dip into the collection. So is Gibson's work an example of a science fiction prediction that will prove to be as accurate as Clarke's prediction of the communications satellite? Not really: the world that Gibson writes about is more a well thought out extension of the situation at present than a radical prediction. After all, as Gordon Gekko (the character played by Michael Douglas) says in the film Wall Street, "The most valuable commodity I know of is information. Wouldn't you agree?" References 1. Zajac, B., Ethics & Computing (Part II). Computer Law and Security Report, 1991. 7(2). 2. Clarke, A.C., Extraterrestrial Relays, in Wireless World. 1945, p. 305-308. 3. Gibson, W., Count Zero. 1987, London: Grafton. 4. Gibson, W., Neuromancer. 1984, New York: Ace. 5. Gibson, W., Burning Chrome. 1987, New York: Ace. 6. Gibson, W., Mona Lisa Overdrive. 1989, London: Grafton. 7. Sterling, B., ed. Mirrorshades. 1988, Paladin: London. 8. View from the Edge-The Cyberpunk Handbook. 1988, R. Talsorian Games Inc. 9. Fillipo, P.D., Stone Lives, in Mirrorshades, B. Sterling, Editor. 1988, Paladin: London. 10. Japan's Mafia Takes on a 6bn Business, in The Guardian. 1991, London. 11. Girvan and Jones, The Lord of the Files, in Digital Dreams, Barrett, Editor. 1990, New English Library: London. 12. Gibson, W., Johnny Mnemonic, in Burning Chrome. 1987, Ace: New York. 13. Cane, A., Differences of Culture and Technology, in The Financial Times. 1991, London. p. European IT Supplement. 14. Gibson, W., Burning Chrome, in Burning Chrome. 1987, Ace: New York. 15. Wurman, R.S., Information Anxiety. 1991, London: Pan. 16. Toffler, A., Total Information War, in Power Shift. 1991, Bantam Books: London. 17. Barlow, Coming in to the Country. Communications of the ACM, 1991. 34(3). 18. Elmer-Dewitt, P., Cyberpunks and the Constitution, in Time. 1991, p. 81. Authors David Birch graduated from the University of Southampton and then joined Logica, where he spent several years working as a consultant specialising in communications. In 1986 he was one of the founders of Hyperion. He has worked on a wide range of information technology projects in the U.K., Europe, the Far East and North America for clients as diverse as the International Stock Exchange, IBM and the Indonesian PTT. David was appointed Visiting Lecturer in Information Technology Management at the City Univeristy Business School in 1990 and was one of the founder members of the Highfield EDI and legal security business research group. His Cyberspace address is 100014,3342 on Compuserve. Peter Buck graduated from the Imperial College and spent 10 years with the International Stock Exchange, where he was co-architect of SEAQ, the computer system that was at the heart of the City's "big bang" He then joined Hyperion, where he is a Senior Consultant working in the field of advanced communications. His work on the application of satellite and mobile communications-for clients including Mercury, Dow Jones and SWIFT-for business has put him at the leading-edge of work in these fields. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 7 of 10 Summary of CFP-2 COMPUTERS, FREEDOM, AND PRIVACY-2: A REPORT by Steve Cisler (sac@apple.com) [The opinions and views expressed are those of the author, Steve Cisler, and not necessarily those of Apple Computer, Inc. Misquotes of people's statements are my responsibility. Permission is granted for re-posting in electronic form or printing in whole or in part by non-profit organizations or individuals. Transformations or mutations into musicals, docudramas, morality plays, or wacky sitcoms remain the right of the author. This file may be found on the Internet in ftp.apple.com in the alug directory. -Steve Cisler, Apple Computer Library. Internet address: sac@apple.com ] The Second Conference on Computers, Freedom, and Privacy, (March 18-20, 1992. Washington,D.C.).was sponsored by the Association for Computing Machinery and thirteen co-sponsors including the American Library Association and a wide variety of advocacy groups. The diversity of the attendees, the scope of the topics covered, and the dynamism of the organized and informal sessions gave me a perspective I had lost in endless conferences devoted only to library, information, and network issues. I can now view the narrower topics of concern to me as a librarian in new ways. Because of that it was one of the best conferences I have attended. But there's a danger of these issues being re-hashed each year with "the usual suspects" invited each time to be panelists, so I urge you, the readers, to become involved and bring your own experiences to the next conference in 1993 in the San Francisco Bay Area. ++====================================================================++ Wednesday, March 18 The day began with concurrent tutorials on the following topics: Getting on the Net (Mitchell Kapor, Electronic Frontier Foundation); Making Information Law and Policy (Jane Bortnick, Congressional Research Service); Communications and Network Evolution (Sergio Heker, JVNCNet), Private Sector Privacy (Jeff Smith, Georgetown University); Constitutional Law for Non-lawyers (Mike Godwin, EFF); Computer Crime (Don Ingraham, Alameda County (CA) District Attorney); Modern Telecommunications: Life After Humpty- Dumpty (Richard Wolff, Bellcore); International Privacy Developments (David Flaherty, Univ. of Western Ontario); and the one I attended... Information Law and Policy: Jane Bortnick, Congressional Research Service (CRS) In Bortnick's tutorial, she covered the following points: 1)Setting information policy is not a linear process, and it's not clear how or when it is made because of many inputs to the process. 2) Many policies sit on the shelf until a crisis, and the right technology is either in place, or certain people grab it. 3)Events create renewed interest in information policy. 4)Industry, academic, or non-governmental groups play an important role by testifying before committees studying policy and by lobbying. 5)CRS is the institutional memory for Congress because of the rapid turnover in the staff on the Hill. 6) The challenge is to develop policy that does not hinder or hold things up, but there is a high degree of uncertainty, change, and lack of data. The idea is to keep things as open as possible throughout the process. Bortnick said that the majority of laws governing information policy were written in an era of paper; now electronic access is being added, and Congress is trying to identify fundamental principles, not specific changes. Because of the economic factors impinging on the delivery of information, members of Congress don't want to anger local cable, phone, or newspaper firms. To get sensible legislation in a rapidly changing environment you have to, paradoxically, slow down the legislative processes to avoid making bad laws. Nevertheless, in a crisis, Congress can sometimes work very quickly. We have to realize that Congress can't be long term because of annual budget cycles and because of the hard lobbying by local interests. In making good policy and laws, building consensus is the key. The current scope of information policy: -spans broad range of topics dealing with information collection, use, access, and dissemination -global warming has a component because new satellites will dump a terabyte a day: who is responsible for storage, access, adding value to all of this data? -many bills have the phrase: "and they will establish a clearinghouse of information on this topic" -information policy has increasingly become an element within agency programs -impact of information technologies further complicates debate -result=more interested players from diverse areas. Congress has many committees that deals with these issues. CRS gets 500,000 requests for information a year: 1700 in one day. After "60 minutes" is broadcast CRS gets many requests for information. from Congress. Jim Warren asked several questions about access to government information. There was a general discussion about how the Library of Congress would be digitized (size, cost, copyright barriers). It was noted that state level experiments affected federal activity, especially the states that are copyrighting their information (unlike the federal government). The discussion about Congressional reluctance to communicate via electronic mail with constituents: a new directory does not even list some fax numbers that had been quasi-public before some offices felt inundated with fax communications. ++====================================================================++ Keynote Address: Al Neuharth, The Freedom Forum and founder of USA Today "Freedom in cyberspace: new wine in old flasks" Lunch, following the tutorials, was followed by an address by Al Neuharth. The high points were: 1. First amendment freedoms are for everyone. Newspaper publishers should not relegate anyone to 2nd class citizenship or the back of the bus. 2. The passion for privacy may make our democracy falter. 3. Publishing of disinformation is the biggest danger, not information-glut. Commenting on American Newspaper Publishers Assn. to keep RBOCs out of information business, Neuharth noted that the free press clause in the Bill of Rights does not only apply to newspapers. Telcos have first amendment rights too. "ANPA is spitting into the winds of change", he said, and some newspaper publishers are not happy with this stance, so there is a lot of turmoil. People should get their news when, how and where they want it: on screen or tossed on the front porch. Telcos have yet to demonstrate expertise in information gathering and dissemination; they have an outmoded allegiance to regulation . He strongly criticized the use of anonymous sources by newspapers. Anonymous sources, he said, provide misinformation that does irreparable harm. The Washington Post is the biggest user of confidential sources. Withholding of names encourages fabricating and misinformation. Opinions and style should not be hidden in news pages but kept on the editorial page. ++====================================================================++ Wednesday Afternoon Session: Who Logs On? Given by Robert Lucky of Bell Labs: Speaking personally, Lucky covered the following points: 1. Fiber to the home: who pays for it? The consumers will pay and the consumer will benefit. How much they will pay and how much they will benefit is what matters. We must to install wideband switching and we will.The drama is mainly economic and political, not technical. It will happen in 40 years. Asked what fiber will bring that copper will not, Lucky took the Field of Dreams approach: supply of bandwidth will create demand. 2. Access and privacy. This is a personal quandary for Lucky. Intimate communications will be coming-- individual cells on each pole and an individual number for each person. "I like to call anybody from my wrist, but I hate having people calling me." If you have access, you can't have privacy. The right to be left alone takes away from the 'right' from other people. Lucky was the first of many to raise the problems of the FBI recommend legislation, the Digital Telephony Amendment, that would require re-design of present network so that surveillance could take place, and that the cost of doing this would be 20 cents a month per subscriber. It will be hard to find conversations, but you will pay for this. He viewed this with grave concern; it's a bad idea. He is all for getting drug kings but he wants his privacy. 3. Lucky's observations on the Internet/NREN: One of the wonderful things is the sense of freedom on the Internet. Anonymous ftp. There are programs and bulletin boards. Sense of freedom of information and freedom of communication, but nobody seems to pay for it. It just comes. As a member of AT&T, this needs to be transitioned to a commercial enterprise. Government is not good at this; intellectual property lawyers will build walls, and hackers may screw it up too. "I still want all the freedom in the commercial enterprise." Linda Garcia of the OTA (Office of Technology Assessment) spoke about access issues and said it was a cost/benefit problem. Rural areas should be able construct a rural area network (RAN). Take small businesses, educators, hospitals and pool their demand for a broadband network. Government could act as a broker or community organizer and transfer the technology. Rural communities should not be treated the same way as urban areas. The regulatory structure should be different for rural Maine than for lower Manhattan. See her OTA reports "Critical Connections and Rural America at the Crossroads" for in-depth treatments of these issues. Al Koppe of New Jersey Bell outlined the many new services being rolled out in NJ at the same time they are maintaining low basic rates. --In 1992 there will be narrowband digital service for low quality video conferencing; in 1994 wideband digital service. --Video on demand, entertainment libraries and distance learning applications will be coming along soon after. --Koppe predicted a 99% penetration by 1999 with complete fiber by 2010. This will be a public network and not a private one. It will still be a common carrier. This is a very aggressive and optimistic plan, an important one for all of us to watch. Lucky said he had never seen a study that shows video on demand services can be competitive with video store prices. The big question remains: how does a business based on low-bandwidth voice services charge for broadband services? It remains a paradox. Brian Kahin, Kennedy School of Government, discussed the growth of the Internet and policy issues: --points of access for different users --network structure and current NSFNet controversy He said the NREN debate is one between capacity (enabling high end applications) and connectivity (number of resources and users online). ++====================================================================++ Afternoon Session: Ethics, Morality, and Criminality Mike Gibbons of the FBI chaired this session which was one of the central themes for all present. In the same room we had law enforcement (LE) representatives from state, local, and federal governments, civil libertarians, and convicted computer criminals, as well as some victims. The FBI views the computer as a tool, and Gibbons told a story about the huge raid on Lyndon LaRouche's data center in Virginia where 400 LE types took part. I had the feeling that Gibbons was telling his own hacker story because the audience would appreciate the challenges that faced him more than LE supervisors without a technical knowledge of computers would appreciate it. He was also involved in the Robert Morris case. Mike Godwin of EFF agrees that it is not ethical to access other people's computer without permission, but Mike represents those who may have acted unethically but still have rights. Case involving Craig Neidorf of _phrack_ who felt that his publication of a Bell South document was within the 1st amendment . Bell South pegged the Document cost was $70K because it included the Vax workstation and the software in the cost! There was a question whether that document was property at all. LE folks can make good faith mistakes, but Craig had to spend $100,000 and that the prosecutor and Secret Service never admitted they were wrong. Jim Settle from FBI sets policy on computer crime and supervisor of computer crime squad. Background in Univacs in 1979. There is not a lot of case law on computer crimes. LE was computer stupid and is not out there to run over people's rights. They discuss moral issues even when an action was legal. Don Delaney of the New York State Police: He has been dealing with PBX and calling card fraud; he talks to students about perils of computer crime, and works with companies who have been hit. Every day at least one corporation has called him. $40,000 to $400K loss in a short time. He has found glitches in the PBX software; he complained that few PBX salespeople tell the customers about remote access units through which criminals gain access. Once this happens the number is sold on the street in New York at about $10 for 20 minutes. Even Westchester County Library was hit. People used binoculars to read the PIN numbers on caller's cards as they dialed in Grand Central Station. Delaney called this 'shoulder surfing' and noted that cameras, camcorders, and binoculars are being used regularly. Mitch Kapor raised the issue of the Digital Telephony Amendment. It is proposed legislation to amend 18 USC 2510 (government can intercept communications on showing probable cause as they did with John Gotti) Settle of the FBI asked: "What happens if the technology says you can't do it? You change the tech. to allow it or you repeal the law that allows wire tap. Don Parker of SRI said it is essential to have wiretap ability as a tool for LE. The FBI under the Department of Justice has authority to use wiretaps in its operations. This has been one of the most effective tools that law enforcement has, but with the advent of digital telephony such as ISDN, the LE community is worried that no capability exists to intercept these digital signals, and this will preclude the FBI and other LE officials from intercepting electronic communications. The FBI proposes an amendment to the Communications Act of 1934 to require electronic services providers to ensure that the government will e able to intercept digital communications. There are a number of parts to the bill: 1. the FCC shall determine the interception needs of the DOJ and issue regulations 120 days after enactment. 2. Service providers and pbx operators to modify existing telecom systems within 180 days and prohibit use of non-conforming equipment thereafter, with penalties of $10,000 per day for willful offenders. 3. Gives FCC the authority to compensate the system operators by rate structure adjustment for required modifications. That is, the user will pay for this decreased security desired by the government. Godwin said he believes that wiretap is okay when procedures are followed, but you have to decide what kind of society you want to live in. The FBI asked, "Are you going to say that crime is okay over the phones and that it should not be controlled?" He implied that not making changes to the law would leave cyberspace open to sophisticated criminals, many of whom have more resources for technology that does the LE community. For more information on this there is a 10 page legislative summary. ++====================================================================++ The Evening of Day One: There were Birds of a Feather (BOF) sessions that were less formal and with less attendance. Nevertheless, they were some of the high points of the conference. Where else would one find the law enforcement types switching roles with computer intruders who had to defend a system against an attack? Kudos to Mike Gibbons for setting this up. There was also a panel of hackers (I use the term in the broadest and non-pejorative sense) including "Emmanuel Goldstein"--the nom de plume for the editor of 2600: The Hacker's Weekly; Craig Neidorf, founder of phrack; Phiber Optik, a young man who recently plea bargained to a couple of charges; and Dorothy Denning, chair of the CS department at Georgetown University. Goldstein (this was a character in Orwell's 1984 who was a front for the establishment!) sees hackers as intellectuals on a quest for bugs which, when corrected, help the system owner.He is extremely frustrated over media treatment of hackers, yet he was open to a Japanese camera crew filming the casual meetings of 2600 readers that took place in the hotel lobby throughout the conference. He said that hackers and system administrators work together with each other in Holland. As an example of lax system management there was a military computer during the middle east war had a password of Kuwait'. Don Parker of SRI believes that Goldstein should not continually blame the victim. Many of the hackers and publishers strongly believed that "knowing how things work is not illegal." The current publisher of Phrack said, "I believe in Freedom of Speech and want to tell people about new technology." Most librarians would agree, but much of the problem was what some people did with that knowledge. An interesting discussion followed about who was responsible for security: vendors, system administrators, or public law enforcement personnel. Phiber Optik is now maintaining a Next machine on the Net and complained that answers to technical questions cost $100 per hour on the Next hotline. ++====================================================================++ Electronic Money: Principles and Progress Eric Hughes, DigiCash Electronic money uses public key encryption. People can recognize your digital signature, but cannot read it. The goal is to create a bank on the Internet that only uses software and affords the user complete anonymity. There is the bank, the buyer, and the seller. Money flows from the bank in a money loop. Bank does not know what is signs but it knows that it did sign it and will honor the electronic check. This would allow financial transactions and privacy for the buyer. In a library setting this would mean I could buy an item electronically (a document, image, code) and nobody could link it with my name. My buying habits would be private, and a person roaming through the transactions might see that someone purchased the computer simulation "Small furry animals in pain" but would not know the name of the purchaser. Doing private database queries will become more and more important as the network is used for more business activities. The DigiCash scheme has multi-party security and is a safe way of exchanging files and selling them in complete privacy. It's also very cheap and the unlinkability is very important. In the discussion session the issue of drug lords using the system was raised. DigiCash has limited its transactions to less than $10,000, and most would be far less. A British attendee said that stores had to keep extensive records for VAT tax audits, so EEC and US regulations would conflict with the goals of DigiCash. ++====================================================================++ Thursday Morning Sessions For Sale: Government Information This was staged as a role playing advisory panel where a grad student made a broad and complicated request for information in a particular format. The panelist made short statements about their interests and then tried to answer the pointed questions from George Trubow of John Marshall Law School. Dwight Morris (LA Times): His job is to get government data and turn it into news stories. He noted that the FOIA is a joke; it's a last resort. Vendors are foia-ing the agencies and then trying to sell those foia requesters software to read the data tapes! Ken Allen of the Information Agency Association: The government should not elude the appropriations process by selling information, nor should the agency control content. The IIA is against exclusive contracts. Mitch Freedman,Westchester Co. Library ALA Coordinator for Access to Information: Are many people asking for access for this information, or will the coding benefit many users in the long run? He mentioned of WINDO program, freedom of access, and its link to informed democracy. Franklin Reeder, Office of management and Budget: He observed that unusable databases in raw form mean that choice of format is irrelevant. There may be broader demand for this information, and the database should be provided with interfaces for many users. Government agencies should not turn to information provision for revenues; it becomes an impediment to access. "I don't think the public sector should be entrepreneurial. " Costin Toregas, Public Technology, Inc.--owned by cities and counties in U.S. and Canada: We should re-examine our language when discussing information and access. How do you recover the costs of providing the new technological access mechanisms. The provision of this should be high priority. Robert Belair, Kirkpatrick and Lockhart, deals in FOIA and privacy issues: Choice of format is an issue, and in general we are doing a bad job. Belair notes that FOIA requests are not cheap. There are $2-4,000 fees from government agencies--even more than the lawyer fees! Questions: Denning: no view of where technology is taking us. Why not put the FOIA information online? Freedman says the Owens bill handles this. Weingarten says that one agency is planning for a db that has no equipment to handle it yet. Belair: we will get change in FOIA and the Owens bill is good. Toregas: A well-connected community is crucial. Harry Goodman asked Ken Allen if he still believed that "libraries be taken off the dole." Allen denied he said this but Goodman had it on tape! Allen said privatization is a red herring. Government agencies might not be the best way to provide the access to information. Allen says it should be by diverse methods. Glenn Tenney, running for Congress in San Mateo County (CA), said he had trouble getting information on voting pattern of the members of Congress and to buy it would have cost thousands of dollars.( Ken Allen replied that a private company had developed the information from raw material, but others thought this was basic information that should be available to all citizens. Other people wanted the Congressional Records online (and cheap); others wanted the private sector to do it all and to get the government to partner in such projects. ++====================================================================++ Free Speech and the Public Telephone Network Jerry Berman of the EFF: --Do telcos have the right to publish over their own networks? --What are the implications of telcos as newspapers vs. telcos as common carrier? Aren't safeguards needed to compel free access for all players? --There is already discrimination on the 900 services (provision or billing for porno businesses). --When the public finds out what is on the network, there will be a big fight. --Will we follow the print model or the broadcasting model? --How can a new infrastructure secure a diversity of speech and more participants, and how we can break the deadlock between cable, papers, and telcos. Henry Geller, Markle Foundation (FCC/NTIA) : -- The key is the common carrier nature of the telephone networks and that they should carry all traffic without determining what is appropriate. --Congress can't chose between warring industries, so it won't act on some of these telecomm issues. --Broadband area: if the bits flowing are TV programming, the telco is forbidden to provide. Print model is a good one to follow, not the cable or broadcast model. He mentioned CNN's squelching of NBC cable channel. John Podesta (Podesta Associates): --There are forces that are trying to push messengers off the road and keep the network from being diverse. --We need a network with more voices, not just those of the owners. --We will be faced with censorship by the government and network owners (MCI, US West); --There will be more invasion of privacy Six things have to happen: 1. More competition via open platform. Personal ISDN at low tariffs. 2. Structural safeguards 3. Common carriers should be content neutral when providing access 4. Originators should bear responsibility for obscene or salacious postings. 5. Protect net against invasion of privacy. Debate is whether it will be easier or harder to wiretap in the future. 6. Don't adopt broadcast or cable model for network; both are more restrictive with regards to First Amendment issues. Bob Peck (ACLU): --Government ban on RBOCs providing information is a first amendment issue, but there is also an issue of access. How do we make sure that everyone gets charged the same rates? --The Rust vs. Sullivan decision could affect network use; abortion clinics could not answer any questions about the topic. US Govt. claimed: "We paid for the microphone; we just want to be able to control what is said." This is being argued in other cases by DOJ and should be resisted. Eli Noam (NYU): --Coming from state government he tried to be an oxymoron, a "forward-looking state utility commissioner". --Telcos say: If anyone can use the common carrier, why not themselves. --Free speech is rooted in the idea of scarcity and restraints to access. --When you have 9000 channels, who cares? --There will be no scarcity. He predicts people will be video literate. Video will have new obscene phone calls. --We are over-optimistic about the short term and too cautious about long term effects. --Telecommuting is already happening on a significant scale. --We will have telecommunities, subcultures of special interest groups. --Our political future is based on jurisdiction. Is there a new form of political entity emerging that transcends time zones? --Information glut: The key issue will be how you filter and screen it. --Handling the information will be a big issue.The user's brain is the ultimate bottleneck. --Internet news is about 18 MB a day. --Screening will be by the network itself or by user groups and telecommunities. --Rights of individuals vs. the governments. Is the first amendment a local ordinance? --We need power over international interconnection. Fly the flag of teledemocracy. ++====================================================================++ Lunch with Bruce Sterling Bruce Sterling, author of The Difference Engine (with William Gibson) and a new title, The Hacker Crackdown, gave an outstanding performance/speech entitled "Speaking the Unspeakable" in which he represented three elements of the so- called computer community who were not at CFP-2. --The Truly Malicious Hacker: "Your average so-called malicious user -- he's a dweeb! He can't keep his mouth shut! ....Crashing mainframes-- you call that malice? Machines can't feel any pain! You want to crash a machine, try derailing a passenger train. Any idiot can do that in thirty minutes, it's pig-easy, and there's *nothing* in the way of security. Personally I can't understand why trains aren't de-railed every day." --A narco-general who has discovered the usefulness of his contacts with the North American law enforcement communities--and their databases: "These databases that you American police are maintaining. Wonderful things....The limited access you are granting us only whets our appetite for more. You are learning everything about our criminals....However, we feel that it is only just that you tell us about your criminals.....Let us get our hands on your Legions of Doom. I know it would look bad if you did this sort of thing yourselves. But you needn't." --A data pirate from Asia: "The digital black market will win, even if it means the collapse of your most cherished institutions....Call it illegal, call it dishonest, call it treason against the state; your abuse does not matter; those are only words and words are not as real as bread. The only question is how much suffering you are willing to inflict on yourselves, and on others, in the pursuit of your utopian dream." Sterling's speech was a hilarious, yet half-serious departure from the usual fare of conferences and is well worth obtaining the audio or video cassette. I also recommend you attend the American Library Association conference in late June 1992 when Sterling will address the LITA attendees. ++====================================================================++ Who's in Your Genes Who's in Your Genes was an overview of genetic data banking, and a discussion of the tension between an individual's right to privacy and the interests of third parties. DNA forensic data banks and use of genetic records by insurers were explored. Madison Powers was chair. Panelists included John Hicks, FBI Lab; Paul Mendelsohn, Neurofibromatosis, Inc.; Peter Neufeld, Esq.; Madison Powers, Kennedy Center for Ethics, Georgetown University. ++====================================================================++ Private Collection of Personal Information This was another role-playing session where the participants took positions close to those they would hold in real life. Ron Plessor of Piper and Marbury acted as the 'scene setter and facilitator'. It was he who posed the broad question "Should the government have a role in the privacy debate?" and asked the panelists to debate about the establishment of a data protection board (as proposed by Congressman Wise in H.R. 685d). Janlori Goldman of the ACLU enthusiastically embraced the role of general counsel to the Data Board. She questioned the representatives from the fictitious private enterprises who were planning a supermarket discount shoppers' program where all items are matched with the purchaser and mailing lists would be generated with this fine-grained information. "It would be good to come to the board before you start the service." Her tone was very ominous, that of a friendly but all powerful bureaucrat. "Bring your papers and come on in to discuss your project. Let's keep it informal and friendly this time to prevent the more formal meeting." She even alluded to making subpoenas and getting phone records of the direct marketeers. She would not offer the marketeers assurances of confidentiality in their discussion, and even though this was role playing, several people around me who had thought the idea of a board would be useful, changed their mind by the end, partly because of her fervor. At the Q&A session about 25 people dashed for the microphones, making this session the most provocative of all. At least it touched a chord with everyone. ++====================================================================++ On the evening of March 19, the Electronic Frontier Foundation presented the EFF Pioneer awards to those individuals who have done the most to advance liberty, responsibility, and access to computer-based communications. I was honored to serve as a judge and read the large number of nominations. Each person or institution made a strong impression on me, and it was difficult to narrow it down to five people. The recipients each made a very moving statement after they were called to the podium by Mitchell Kapor of the EFF. ++====================================================================++ March 20 Privacy and Intellectual Freedom in the Digital Library Bob Walton of CLSI, Inc. Walton discussed the transformation of libraries as collections of books into digital libraries with falling technological costs and volatile questions of intellectual property and reimbursement. Gordon Conable, Monroe (MI) County Library system, spoke of libraries as First Amendment institutions, ones where Carnegie saw the provision of free information as a public good. However, the economics of digital information are quite different, and this causes problems, as does the government using the power of the purse to control speech (Rust vs. Sullivan). I spoke about the case of Santa Clara County (CA) Library defending its open access policy when a citizen complained about children checking out videos he thought should be restricted. It was a good example of how the whole profession from the branch librarian on up to the California State Librarian presented a unified front in the face of opposition from some parts of the community and the San Jose Mercury News, the local paper that waffled somewhat on its own stance. Jean Polly of Liverpool Public Library spoke about the problems running a library BBS where religious fundamentalists dominated the system, but outlined her library's many activities (smallest public library as an Internet node) and her plans for the future. ++====================================================================++ Who Holds the Keys? In a sense the cryptography discussion was one of the most difficult to follow, yet the outlines of a very large battlefield came into view by the end of the session. The two sides are personal privacy and national security. Should the government be allowed to restrict the use of cryptography? (Only weakened schemes are allowed to be legally exported.) What legal protections should exist for enciphered communications? David Bellin of the Pratt Institute stood up and spoke in code. He thought encrypted speech was protected and that he should have the right to associate with his peers through encryption (to prevent snooping). He did not believe the technology is controllable, nor that there is safety and one end and freedom at the other. Jim Bidzos of RSA Data Security said we need a review of cryptographic policy. The long term effects of the current confrontational relationship will be bad. John Gilmore of Cygnus Support felt that the public should discuss cryptographic issues and not behind closed doors. This is a good time for network people, manufacturers, and the government to work together. John Perry Barlow sees encryption as an answer to the problem of having lots of privacy. Using the drug war rationale to prohibit export is a bad idea. Whitfield Diffie, of Sun Microsystems gave an excellent overview of the philosophy of encryption and why it's important as we move from face-to-face communications to electronic. There are a number of policy problems: --a bad person might be able to protect information against all assaults. In a free society a person is answerable for your actions, but a totalitarian society uses prior restraint. What will ours become? --Can a so-called 'free society' tolerate unrestricted use of cryptography? Because cryptography can be done on standard processors with small programs, and because covert channels are hard to detect, enforcement of a strong anti-crypto law would require drastic measures. I asked Jim Bidzos about the government agencies beating their swords into plowshares by looking for new roles in a world without a Soviet threat. He thought NSA could use budget hearings to say that with a lean/mean military budget, a modest increase in crypto capability might give the government more lead time in an emergency. One member of the audience challenged Bidzos to go ahead and export RSA outside of the US. Barlow responded "Come on, Jim. The Russians are already using RSA in their launch codes." To which Bidzos replied, "My revenue forecasts are being revised downward!" Barlow answered, "You would not have gotten any royalties from them anyway." Bidzos: "Maybe..." With only a partial understanding of some of the technology involved (cryptography is a special field peopled mainly by mathematicians and intelligence officials), I think that this will be the issue of the 90s for libraries. It may be a way to protect both privacy and intellectual property in the digital libraries of the future. ++====================================================================++ Final Panel: Public Policy for the 21st Century, moderated by Mara Liasson, National Public Radio "How will information technologies alter work, wealth, value, political boundaries?... What will the world be like in a decade or two?... What public policies now exist that may pull the opposite direction from the economic momentum and will lead to social tension and breakage if not addressed properly?" Peter Denning, George Mason University: People used to have faith that strong governments would bring salvation through large programs (he named failures). The poor track record of government and changes in comms technology have accelerated the decline of the faith. Mitchell Kapor: He sees digital media as the printing press of the 21st century. The WELL and others make us realize we are not prisoners of geography, so our religious, hobby, or academic interests can b shared by the enabling technologies of computers. "Individuals flourish from mass society with this technology" Openness, freedom, inclusiveness will help us make a society that will please our children and grandchildren. Simon Davies, Privacy International: "There is possibly a good future, but it's in the hands of greedy men. I see a world with 15 billion beings scrambling for life, with new frontiers stopping good things. For 14 billion they are very pissed off, and that our wonderful informational community (the other billion) becomes the beast. It will be something most of the world will do without. If we recognize the apocalypse now we can work with the forces." Esther Dyson, EDventure Holding, Inc.: She thinks that cryptography is a defensive weapon. The free- flow of cryptic information is dangerous to the powerful. She want more markets and less government. Large concentrations of power makes her suspicious. Global protected networks will help those in the minority(disagreeing with Davies). We don't have one global villages but many. How do we avert tribalism of class? Roland Homet, Executive Inc.: Homet was more conciliatory. America has a penchant for ordered liberty. It uses toleration and restraint to keep forces working together. ++====================================================================++ Lance Hoffman, of the George Washington University and organizer of the conference, deserves a great deal of credit for a smooth running yet exciting three days. There will be a CFP-3 in the San Francisco area next year. If you find these issues to be a major force in your professional life, we hope you will be able to attend next year. Traditionally, there have been scholarships available, but these depend on donations from individuals and firms. End of Report/ Steve Cisler sac@apple.com =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 8 of 10 Cordless Fones This file is a work of fiction. Everything in it is fictitious. Any resemblance to persons living or dead, magazines, companies, products, trademarks, copyrights, or anything else in the real world is purely coincidental, and you should see a shrink about your over-active imagination if you think otherwise. - \/\/ O M B A T - presents: Cordless Telephones: Bye Bye Privacy! ##################################### by Tom Kneitel, K2AES, Editor ============================= A Boon to Eavesdroppers, Cordless Phones Are as Private as Conversing in an Elevator. You'll Never Guess Who's Listening In! (originally published in Popular Communications, June 1991) OK, so it took a while, but now you've accepted the fact that your cellular phone conversations can easily be overheard by the public at large. Now you can begin wrestling with the notion that there are many more scanners in the hands of the public that can listen to cordless telephone calls than can tune in on cellulars. Monitoring cellular calls requires the listener to own equipment capable of picking up signals in the 800 to 900 MHz frequency range. Not all scanners can receive this band, so unless the scannist wants to purchase a new scanner, or a converter covering those frequencies, [see February and March issues of Radio-Electronics for a converter project -\/\/ombat-] they can't tune in on cellular calls. And let's not forget that it's a violation of federal law to monitor cellular conversations. Not that there seems to be any practical way yet devised to enforce that law, nor does the U.S. Dept. of Justice appear to be especially interested in trying. On the other hand, cordless telephones operate with their base pedestals in the 46 MHz band, and the handsets in the 49 MHz band. Virtually every scanner ever built can pick up these frequencies with ease. Cordless telephones are usually presented to the public as having ranges up to 1,000 feet, but that requires some clarification. That distance represents the reliable two-way communications range that can be expected between the handset and the pedestal, given their small inefficient receivers and antennas, and that they are both being used at ground level. In fact, even given those conditions, 1,000 feet of range is far more coverage than necessary for the average apartment or house and yard. Consider that 1,000 feet is a big distance. It's almost one-fifth of a mile. It's the height of a 100-story skyscraper. The Chrysler Building, third tallest building in New York City, is about 1,000 feet high, so is the First Interstate World Center, tallest building in Los Angeles. When someone uses a sensitive scanner connected to an efficient antenna mounted above ground level, the signals from the average 46 MHz cordless phone base pedestal unit (which broadcasts both sides of all conversations) can often be monitored from several miles away, and in all directions. Some deluxe cordless phones are a snoop's delight. Like the beautiful Panasonic KX-T4000. Its range is described as "up to 1,000 feet from the phone's base," however the manufacturer brags that "range may exceed 1,000 feet depending upon operating conditions." When you stop to think about it, what at first seems like a boast is really a somewhat harmless sounding way of warning you that someone could monitor the unit from an unspecified great distance. In fact, just about all standard cordless phones exceed their rated ranges. But the KX-T4000's main bonus and challenge to the snoop is that it can operate on ten different frequencies instead of only a single frequency. The BellSouth Products Southwind 170 cordless phone suggests a range of up to 1,500 feet., depending on location and operating conditions. The ten-channel Sony SPP-1508 has a built-in auto-scan system to select the clearest channels. What with millions of scanners in the hands of the public, a cordless telephone in an urban or suburban area could easily be within receiving range of dozens of persons owning receiving equipment capable of listening to every word said over that phone. Likewise, every urban or suburban scanner owner is most likely to be within receiving range of dozens of cordless telephones. Many persons with scanners program their units to search between 46.50 and 47.00 MHz and do listen. Some do it casually to pass the time of day, others have specific purposes. Not Covered =========== The Electronic communications Privacy Act of 1986, the federal law that supposedly confers privacy to cellular conversations, doesn't cover cordless telephones. A year and a half ago, the U.S. Supreme Court wasn't interested in reviewing a lower court decision that held that some fellow didn't have any "justifiable expectation of privacy" for their cordless phone conversations. It seems that man's conversations regarding suspected criminal activity were overheard and the police were alerted, which caused the police to investigate further and arrest the man after recording more of his cordless phone conversations. Yet, even though (at this point) there is no federal law against monitoring cordless phones, there are several states with laws that restrict the practice. In New York State, for instance, a state appellate court ruled that New York's eavesdropping law prohibits the government from intentionally tuning in on such conversations. California recently passed the Cordless and Cellular Radio Telephone Privacy Act (amending Sections 632, 633, 633.5, 634, and 635 of the Penal Code, amending Section 1 of Chapter 909 of the Statutes of 1985, and adding Section 632.6 to the Penal Code) promising to expose an eavesdropper to a $2,500 fine and a year in jail in the event he or she gets caught. Gathering the evidence for a conviction may be easier said than done. There may be other areas with similar local restrictions, these are two that I know about. Obviously listening to cordless phones in major population areas is sufficiently popular to have inspired such legislative action. There are, however, reported to be efforts afoot to pass federal legislation forbidding the monitoring of cordless phones as well as baby monitors. Such a law wouldn't stop monitoring, nor could it be enforced. It would be, like the ECPA, just one more piece of glitzy junk legislation to hoodwink the public and let the ACLU and well-meaning, know-nothing, starry-eyed privacy advocates think they've accomplished something of genuine value. Strange Calls ============= On April 20th, The Press Democrat, of Santa Rosa, Calif., reported that a scanner owner had contacted the police in the community of Rohnert Park to say that he was overhearing cordless phone conversations concerning sales of illegal drugs. The monitor, code named Zorro by the police, turned over thirteen tapes of such conversations made over a two month period. Police took along a marijuana-sniffing cocker spaniel when they showed up at the suspect's home with a warrant one morning. Identifying themselves, they broke down the door and found a man and a woman, each with a loaded gun. They also found a large amount of cash, some cocaine, marijuana, marijuana plants, and assorted marijuana cultivating paraphernalia. In another example, Newsday, of Long Island, New York, reported in its February 10, 1991 edition another tale of beneficial cordless phone monitoring. It seems a scanner owner heard a cordless phone conversation between three youths who were planning a burglary. First, they said that they were going to buy a handheld CB radio so they could take it with them in order to keep in contact with the driver of the car, which had a mobile CB rig installed. Then, they were going to head over to break into a building that had, until recently, been a nightclub. The scanner owner notified Suffolk County Police, which staked out the closed building. At 10:30 p.m., the youths appeared and forced their way into the premises. They were immediately arrested and charged with third-degree burglary and possession of burglary tools. I selected these two examples from the many similar I have on hand because they happen to have taken place in states where local laws seek to restrict the monitoring of cordless telephones. Most of the calls people monitor aren't criminal in nature, but are apparently interesting enough to have attracted a growing audience of recreational monitors easily willing to live with accusations of their being unethical, nosy, busybodies, snoops, voyeurs, and worse. As it turns out, recreational monitors are undoubtedly the most harmless persons listening in on cordless phone calls. They're All Ears ================ A newsletter called Privacy Today, is put out by Murray Associates, one of the more innovative counterintelligence consultants serving business and government. This publication noted (as reported in the mass media) that IRS investigators may use scanners to eavesdrop on suspected tax cheats as they chat on their cordless phones. But, the publication points out that accountants who work out of their homes could turn up as prime targets of such monitoring. Their clients might not even realize the accountant is using a cordless phone, and therefore assume that they have some degree of privacy. One accountant suspected of preparing fraudulent tax returns could, if monitored, allow the IRS to collect evidence on all clients. Furthermore, Privacy Today notes that this has ramifications on the IRS snitch program (recycle tax cheats for cash). They say, "Millions of scanner owners who previously listened to cordless phones for amusement will now be able to do it for profit. Any incriminating conversation they record can be parlayed into cash, legally." In fact, in addition to various federal agents and police, there are private detectives, industrial spies, insurance investigators, spurned lovers, scam artists, burglars, blackmailers, and various others who regularly tune in with deliberate intent on cordless telephones in the pursuit of their respective callings. If you saw the film Midnight Run, starring Robert DeNiro, you'll recall that the bounty hunter was shown using a handheld scanner to eavesdrop on a cordless phone during his effort to track down a fugitive bail jumper. No, cordless phone monitoring isn't primarily being done for sport by the incurably nosy for the enjoyment and entertainment it can provide. The cordless telephone has been recognized as a viable and even important tool for gathering intelligence. Intelligence Gathering? ======================= In fact, there are differences between cordless and cellular monitoring. When a cellular call is monitored, it's quite difficult to ascertain the identity of the caller, and impossible to select a particular person for surveillance. These are mostly portable and mobile units that are passing through from other areas, and they're operation on hundreds of different channels. Sometimes the calls cut off right in the middle of a conversation. The opportunities for ever hearing the same caller more than once are very slim. Not so with cordless phones. These units are operated at permanent locations in homes, offices, factories, stores. Most models transmit on only one or two specific frequencies, and while a few models can switch to any of ten channels, that's still a lot fewer places to have to look around than scanning through the hundreds of cellular frequencies. So, with only minor effort, it's possible to know which cordless phones in receiving range are set up to operate on which channels. And you continually hear the same cordless phone users over a long period of time. They soon become very familiar voices; you might even recognize some of them. The diligent, professional intelligence gatherer creates a logbook for each of the frequencies in the band, then logs in each cordless phone normally monitored using that frequency. Then, each time a transmission is logged from a particular phone, bits and scraps of information can be added to create a growing dossier picked up from conversations. With very little real effort, it doesn't take long to assemble an amazing amount of information on all cordless phones within monitoring range. Think about the information that is inadvertently passed in phone calls that would go into such files. Personal names (first and last) which are easily obtained from salutations, calls, and messages left on other people's answering machines; phone numbers (that people give for callbacks or leave on answering machines); addresses; credit card numbers; salary and employment information; discussions of health and legal problems; details of legit and shady business deals; even information on the hours when people are normally not at home or will be out of town, and much more, including the most intimate details of their personal lives. Anybody who stops for a moment to think about all the things they say over a cordless telephone over a period of a week or two should seriously wonder how many of those things they'd prefer not be transmitted by shortwave radio throughout their neighborhood. Cordless phone users don't realize that these units don't only broadcast the phone calls themselves. Most units start transmitting the instant the handset is activated, and will broadcast anything said to others in the room before and while the phone is being dialed, and while the called number is ringing. Using a DTMF tone decoder, it's even possible to learn the numbers being called from cordless phones. [see the classified ads in Popular Communications for DTMF decoders; also for books on how to modify scanners to restore the cellular frequencies, and more! -\/\/ombat-] One private investigator told me that part of a infidelity surveillance he just completed included a scanner tuned to someone's cordless phone channel, feeding a voice-operated (VOX) tape recorder. Every day he picked up the old tape and started a new one. The scanner was located in a rented room several blocks away from the person whose conversations were being recorded. Hardware Topics =============== Many people are under the impression that the security features included in some cordless phones provide some sort of voice scrambling or privacy. They don't do anything of the kind. All they do is permit the user to set up a code so that only his or her own handset can access the pedestal portion of his own cordless phone system. In these days of too few cordless channels, neighbors have sometimes ended up with cordless phones operating on the identical frequency pair. That created the problem of making a call and accessing your neighbor's dial tone instead of your own, or your handset ringing when calls come in on your neighbor's phone. The FCC is going to require this feature on all new cordless telephones, but it still won't mean that the two neighbors will be able to talk on their identical-channel cordless phones simultaneously. Such situations allow neighbors to eavesdrop on one another's calls, even without owning a scanner. The FCC is attempting to relieve the common problem of too many cordless phones having to share the ten existing base channels in the 46.50 to 47.00 MHz band. These frequencies are 46.61, 46.63, 46.67, 46.71, 46.73, 46.77, 46.83, 46.87, 46.93, and 46.97 MHz. Each of these frequencies are paired with a 49 MHz handset channel. Manufacturers are going to be permitted to produce cordless phones with channels positions in between the existing ten frequency pairs. Cordless phones will now be permitted operation on these additional offset frequencies to relieve the congestion. A date for implementing these new frequencies hasn't yet been announced, but it should be soon. The FCC feels that the life expectancy of a cordless phone isn't very long, and they'd like these new phones to be ready to go on line as the existing phones are ready to be replaced. The new model phones are going to have to also incorporate the dial tone access security encoding feature I mentioned. Let's hope the new batch of cordless phones is less quirky than some of the ones now in use. We understand that the transmitters of some cordless phones switch on for brief periods whenever they detect a sharp increase in the sound level, such as laughter, shouting, or a loud voice on the extension phone. Privacy Today tells of the cordless phone that refused to die. They noted it was reported that the General Electric System 10 cordless phone, Model 2-9675, just won't shut up. It broadcasts phone calls even when they are made using regular extension phones! As for receiving all of these signals, any scanner will do. Antennas that do an especially good job include 50 MHz (6 meter ham band) omnidirectional types, or (secondarily) any scanner antenna designed for reception in the 30 to 50 MHz range. There is a dipole available that is specifically tuned for the 46 to 49 MHz band, which you can string up in your attic (or back yard) and get a good shot at all signals in the band. This comes with 50 ft. of RG-6 coaxial cable lead-in, plus a BNC connector for hooking to a scanner. This cordless phone monitoring antenna is $49.95 (shipping included to USA, add $5 to Canada) from the Cellular Security Group, 4 Gerring Road, Gloucester, MA 01930. [you can build one yourself for much less $; look in the chapter on antennas in the ARRL Radio Amateur's Handbook -\/\/ombat-] The higher an antenna is mounted for this reception, the better the range and reception quality, and the more phones will be heard. Zip The Lip =========== Once you understand the nature of cordless phoning, you should easily be able to deal with these useful devices. Let's face it, it isn't really absolutely necessary for all of your conversations to achieve complete privacy. You are perfectly willing to relinquish expectations of conversational privacy. You do it every time you converse in an elevator, a restaurant, a store, a waiting room, a theatre, on the street, etc. You take precautions not to say certain things at such times, so you don't feel that you are being threatened by having been overheard. Think of speaking on a cordless phone as being in the same category as if you were in a crowded elevator, and you'll be just fine. It's only when a person subscribes to the completely erroneous notion that a cordless phone is a secure communications device that any problems could arise, or paranoia could set in. Manufacturers don't claim cordless phones offer any privacy. Frankly, because they instill a false and misleading expectation of privacy, the several well-intentioned but unenforceable local laws intended to restrict cordless monitoring actually do more harm than good. The laws serve no other purpose or practical function. It would be far better for all concerned to simply publicize that cordless phones are an open line for all to hear. So, cordless phones must be used with the realization that there is no reason to expect privacy. Not long ago, GTE Telephone Operations Incorporated issued a notice to its subscribers under the headline "Cordless Convenience May Warrant Caution." Users were told to "recognize that cordless messages are, in fact, open-air FM radio transmissions. As such, they are subject to interception (without legal constraint) by those with scanners and similar electronic gear... Discretion should dictate the comparative advisability of hard-wired phone use." Good advice. We might add that if you are using a cordless phone, you don't give out your last name, telephone number, address, any credit card numbers, bank account numbers, charge account numbers, or discuss any matters of a confidential nature. Moreover, it might be a good idea to advise the other party on you call that the conversation is going through a cordless phone. Some people might not care, but others could find that their conversations could put them in an unfortunate position. Harvard Law School Professor Alan M. Dershowitz, writing on cordless phone snooping in The Boston Globe (January 22, 1990), said, "The problem of the non-secure cordless telephone will be particularly acute for professionals, such as doctors, psychologists, lawyers, priests, and financial advisors. Anyone who has an ethical obligation of confidentiality should no longer conduct business over cordless phones, unless they warn their confidants that they are risking privacy for convenience." That's more good advice. Not that the public will heed that advice. People using cellulars have been given similar information many times over, and somehow it doesn't sink in. But _you_ got the message, didn't you? Zip your lip when using any of these devices. And, if you've got a scanner,you can tune in on everybody else blabbing their lives away, and maybe even help the police catch drug dealers and other bad guys -- well, unless you live in California or some other place where the local laws are more protective of cordless phone privacy than the federal courts are. ============================================================================== That's it. There wasn't much high-tech intelligence there, but it was a lot more readable than something copied out of The Bell System Technical Journal, right? Think about the implications: Someone who'd turn in their neighbours for enjoying recreational chemicals would probably narc on phreaks, hackers, anarchists or trashers as well. It isn't just the FBI, Secret Service, and cops you have to worry about -- it's the guy down the street with a dozen antennas on his roof. The flip side is that if you knew someone was listening in, you could have a lot of fun, like implicating your enemies in child prostitution rings, or making up outrageous plots that will cause the eavesdropper to sound like a paranoid conspiracy freak when he she or it talks to the cops. On the more, uh, active side, the potential for acquiring useful information like long-distance codes is obvious. Other possibilities will no doubt occur to you. Cordless phones also have the potential to allow you to use someone's phone line without the hassles of alligator clips. With a bit of luck you could buy a popular model of phone, then try various channels and security codes until you get a dial tone. Since many phones have these codes preset by the factory, one might have to capture the code for a given system and play it back somehow to gain access. The ultimate would be a 10 channel handset with the ability to capture and reproduce the so-called security codes automatically. This subject requires further research. Guess I'd better get a scanner. Most short-wave receivers don't go past 30 MHz, and they generally don't have FM demodulators. Looking in the Radio Shark catalog, any of their scanners would do the job. Some scanners can be modified to restore cellular coverage and increase the number of channels just by clipping diodes. If you're going to buy a scanner, you might as well get one of those. The scanner modification books advertised in Pop Comm would help, or check out Sterling's article "Introduction to Radio Telecommunications Interception" in Informatik #01. He lists many interesting frequencies, and has the following information on the Radio Shark scanners: ============================================================================== Restoring cellular reception. Some scanners have been blocked from receiving the cellular band. This can be corrected. It started out with the Realistic PRO-2004 and the PRO-34, and went to the PRO-2005. To restore cellular for the 2004, open the radio and turn it upside down. Carefully remove the cover. Clip one leg of D-513 to restore cellular frequencies. For the PRO-2005, [and for the PRO-2006 -\/\/ombat-] the procedure is the same, except you clip one leg of D-502 to restore cellular reception. On the PRO-34 and PRO-37, Cut D11 to add 824-851 and 869-896 MHz bands with 30 kHz spacing. All these are described in great detail in the "Scanner Modification Handbook" volumes I. and II. by Bill Cheek, both available from Communications Electronics Inc. (313) 996-8888. They run about $18 apiece. ============================================================================== (reproduced from Informatik #01, file 02) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 9 of 10 Hacking Renegade & TeleGuard BBS Systems This file will teach you the basic methods in hacking Renegade and TeleGuard Bulletin Board Systems. There will, also, be a few commands listed. With more sysop's modding their bbs's for their specific tastes, familiar youself with the system before you plan to hack it! Look for similar commands in the menus if the particular command is not listed as in this text. μμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμ Disclaimer: μμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμ This file is for informational purposes only. None of the information contained herin is practiced by the author. The author is in no way responsible for any liabilities. This file should remain in its entireity. Any reproduction of this file should be reported to the author, immediatly. μμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμ A couple of things to do before we get started to hack a Renegade/ TeleGuard BBS system. 1) Get in good with the sysop before you plan to hack his board. 2) Cover your tracks when you login as a New-User and when you begin to hack your way on his system. Do this to ensure safety of not getting your ass busted. 3) Make sure the sysop has a few things set before you begin to hack his board. The first thing is is to make sure the sysop has the Auto-Validate all new files set to 'ON'. You can check this very easily by uploading any file and see if that file has an 'Unvalid' word next to the file's name. If it has this you will have to wait until he validates the file. Or if the file has a number or the size of the file, you're in luck. The next step, make sure the sysop has an 'Archive Menu'. Some sysops choose to have this privelage to only "Quality" users. The command switch for the archive menu is either 'A' or '/A', but it could be under any other name. If the sysop doesn't have the menu then you can't hack his board, and you're SoL! There are other ways to hack Renegade/TeleGuard board, but I won't go into them. The most effective way to hack yourself into the sysop's DoS is to use the PKZIP.BAT method. To do this read the instructions below. 1) Make the PKUNZIP.BAT file from DOS, by typing in this: copy con pkunzip.bat command ^Z 2) Then go and zip the file up, call it something that sounds catchy, but not too suspicious. Ok, if you have the file ready to upload, you are ready to begin to hack the board. Logon to the board, then go to the file area. Once you have done this, upload the file to a directory that you can retrieve the file from. After you have up'ed the file, go to the archive menu and extract the file, usually the sysop will have the extract command under 'X'. Well if you did everything right, you should be in the sysop's DoS, if not you probably have done something wrong. Well if you have dome something wrong tough shit! Once you are in DoS, delete this file, 'x:\bbs\logs\sysop', where 'x' is the sysop's drive that he runs Renegade/Teleguard off of. Also delete any files in the temp. directories. To run Reneagde/Teleguard in local mode, type 1) TTY COM# <- where # is the sysop's com port 2) Renegade -k That will let you basically anything you want to his bbs system w/o him even seeing what you are doing to his machine. Well this is King Pin signing out, and saying "Hack 'em for your personal use!". μμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμ Hacking Renegade/TeleGuard is made possible by the loans and grants by, me and some lame sysops running the software. But not all of the Renegade/TeleGuard boards are lame! μμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμμ ΔΔΔΔ King Pin ΔΔΔΔ The αlack Death ΔΔΔΔ 7o3.892.0015 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=- The Empire Times -=- Volume 1, Issue 3, File 10 of 10 Media Fax Numbers Here is a Listing of FAX machine Numbers of Press organizations around the country and in a city/town near you... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CNN - Atlanta Atlanta, GA 404.827.3015 LA Times Los Angeles, CA 213.237.7190 KCBS Los Angeles, CA 213.460.3733 KNX Los Angeles, CA 213.460.3733 CNN Los Angeles, CA 213.460.5081 KTLA TV 5 Los Angeles, CA 213.460.5952 KHJ TV 9 Los Angeles, CA 213.460.6265 City News Los Angeles, CA 213.465.7236 ABC TV Los Angeles, CA 213.557.5210 UPI Los Angeles, CA 213.620.1237 Reuters Los Angeles, CA 213.622.0056 CBS TV Los Angeles, CA 213.651.0321 KABL Los Angeles, CA 213.660.9258 AP Los Angeles, CA 213.748.9836 KFWB Los Angeles, CA 213.871.4670 Orange Co Reg Los Angeles, CA 714.543.3904 Riverside Press Los Angeles, CA 714.782.7572 Daily News Los Angeles, CA 818.713.0058 LA Daily News Los Angeles, CA 818.731.0058 KNBC Los Angeles, CA 818.840.3535 NBC TV Los Angeles, CA 818.840.4275 MacNeil/Lehrer New York 212.581.7553 ABC Prime Time New York, NY 212.580.2427 ABC Am Agenda New York, NY 212.751.0479 NBC Nightly New York, NY 212.765.8447 ABC World New York, NY 212.887.2795 ABC 20/20 New York, NY 212.887.2969 Good Mng NY New York, NY 212.887.4724 CBS New York, NY 212.975.1519 CBS Eve News New York, NY 212.975.2115 Oakland Trib Oakland, CA 415.645.2285 CC Times Oakland, CA 415.943.8362 Sac'to Bee Sacramento, CA 916.321.1109 Sac'to Union Sacramento, CA 916.440.0664 KCRA TV Sacramento, CA 916.441.4050 Gannett Sacramento, CA 916.446.7326 AP San Diego San Diego, CA 619.291.2098 San Diego Union San Diego, CA 619.299.3131 San Diego Trib San Diego, CA 619.299.7520 KPOO San Francisco, CA 415.346.5173 Chris Jones CBS TV San Francisco, CA 415.362.7417 Wall St. Journal San Francisco, CA 415.391.4534 KSFO Radio San Francisco, CA 415.391.5464 CNN TV San Francisco, CA 415.398.4049 NY Times San Francisco, CA 415.421.2684 NBC TV San Francisco, CA 415.441.2823 KTVU TV (2) San Francisco, CA 415.451.2610 SF Chronicle San Francisco, CA 415.512.8196 KQED Radio San Francisco, CA 415.552.2241 LA Times San Francisco, CA 415.552.2776 UPI San Francisco, CA 415.552.3585 Bay City News San Francisco, CA 415.552.8912 AP San Francisco, CA 415.552.9430 NPR Radio San Francisco, CA 415.553.2241 KQED San Francisco, CA 415.553.2241 Carole Pierson KOFY TV San Francisco, CA 415.641.1163 KALX San Francisco, CA 415.642.9715 Theo Davis KCBS Radio San Francisco, CA 415.765.4080 KRON TV (4) San Francisco, CA 415.765.8136 KPIX TV (5) San Francisco, CA 415.765.8916 KJZZ San Francisco, CA 415.769.4849 Tim Hodges SF Examiner San Francisco, CA 415.777.2525 KGO Radio San Francisco, CA 415.781.7957 KPFA Radio San Francisco, CA 415.848.3812 KFJC San Francisco, CA 415.948.1085 P. Tool ABC TV San Francisco, CA 415.954.7633 KGO TV San Francisco, CA 415.956.6402 San Jose Merc San Jose, CA 408.288.8060 KSJS San Jose, CA 408.924.1018 Public Affairs Christian Sci Washington, DC 202.223.3476 Gannett Washington, DC 202.243.0190 CBS Morning Washington, DC 202.331.1765 Hearst Washington, DC 202.333.1184 Wash Post Washington, DC 202.334.4480 NBC Washington, DC 202.362.2009 Knight Ridder Washington, DC 202.383.6075 New House Washington, DC 202.383.7820 Copley Washington, DC 202.393.3643 Scrips Howard Washington, DC 202.408.1511 Business Week Washington, DC 202.463.1611 Time Washington, DC 202.463.5005 CBS Washington, DC 202.659.2586 CBS (Radio) Washington, DC 202.659.5578 States News Washington, DC 202.737,1653 Newsweek Washington, DC 202.783.6512 UPI Washington, DC 202.789.2362 AP Washington, DC 202.828.6422 UPI (Radio) Washington, DC 202.842.3625 NY Times Washington, DC 202.862.0340 Wall St Jour Washington, DC 202.862.9266 ABC Washington, DC 202.887.7684 Good Mng Amer Washington, DC 202.887.7685 Cross Fire Washington, DC 202.887.7977 CNN Washington, DC 202.898.7588 Reuters Washington, DC 202.898.8383 US News & Wld Washington, DC 202.955.2713 AP (Broadcast) Washington, DC 202.955.7367 NBC (Radio) Washington, DC 703.685.2197