home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Hacker Chronicles - A…the Computer Underground
/
The Hacker Chronicles - A Tour of the Computer Underground (P-80 Systems).iso
/
cud2
/
cud203d.txt
< prev
next >
Wrap
Text File
|
1992-09-26
|
9KB
|
146 lines
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 2, Issue #2.03 (Sepember 14, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith
USENET readers can currently receive CuD as alt.society.cu-digest.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. It is assumed that non-personal mail to the moderators may be
reprinted, unless otherwise specified. Readers are encouraged to submit
reasoned articles relating to the Computer Underground.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Date: September
From: Entity
Subject: A comment on Zod's case
********************************************************************
*** CuD #2.03: File 4 of 4: A Comment on the Zod Case ***
********************************************************************
I hope to present you with some of the details regarding Zod's bust so
that your readers can be more familiar with the case. Sometime around
late October 1989 or so, Zod set up a multi user chat system on a US Air
Force system. The program he was using was Hans Kornedor's chat program ,
which many of you may recognize as the chat program used on the ALTOS
german hacker chat systems. In any case, Zod modified this program,
making superficial changes and labelled it TDON chat.
What he did was infiltrate a US Air Force UNIX system at Andrews Air Force
Base. Because of the extremely lax security on the system, he was easily
able to gain super user privileges and set up an SUID shell in one of the
directories. He then changed the password on an unused account (Foster.
Password was TDON) and set his TDON chat system up. He then went onto
places such as TCHH (Germany), ALTGER (Germany) and QSD (France) and
started spreading the news of this great new chat. Thankfully, not many
people paid any attention to Zod (who is world reknown to be a class "A"
bozo.) Very few people called and of those who did, it was mostly
american users on telenet, although there were a few european callers as
well. I was actually invited to the system by an up and coming VAX/VMS
hacker who used the alias 'Corrupt' (he was part of the group HiJiNx!). I
knew him from meetings on the various european chat systems as well as him
being on the Corrupt Computing Canada BBS System in Toronto, Canada. Last
I heard, he was busted as well, although I am not sure of on what charges.
The chat itself was up for maybe a week -- a week and a half at best. At
this point you are probably wondering who would be suicidal enough to set
up a hacker chat system on a US Air Force system, right? Well, there's
more to Zod's stupidity than just that. In addition to setting up the
chat, Zod decided that he would be smart and in the .login script for the
foster account he added in the TEE command to log everything to a file.
For those unfamiliar with UNIX, the tee command basically takes the input
coming into the user's TTY, and makes a copy of it into a specified file.
Zod had this input go into a directory with the filename the same as the
user's process ID. I guess Zod's intention was to at a later time peruse
these files for useful information, but what he ended up doing was handing
us all to the authorities on a silver platter.
Now one of the modifications that Zod had made to the chat program was to
add in a shell escape. I never did figure out what the escape sequence
was (not that I ever looked very hard), but I noticed that if I lifted my
phone up, (thereby sending garbage over the modem) and put it back down, I
would automatically be plopped into the shell! It was here that I
discovered all the craziness that Zod had set up. You can imagine my
surprise when I looked at some of the files in my directory and discovered
that this chat system had been set up on a military unix machine! It was
then that I found all the TEE'd files, the source code to his TDON chat,
and the SUID root shell. Again for those unfamiliar with unix, an SUID
root shell basically allows a user to run this file and gain superuser
privileges by temporarily changing their User ID to that of root
(superuser). Those familiar with hacking unix's will agree that it is
never a good idea to leave such a file around on a system since it can be
easily detected if not hidden properly. Not only was this file NOT
hidden, it was put in plain view of the system administrator! If my
memory serves correctly, it was put into the /tmp directory under a very
obvious filename!
Of course, the biggest problem with this particular set up was the TEE'd
log files that zod had created. Those files had some very far reaching
consequences as I shall describe in just a minute. Because of Zod's
generosity in logging all chat sessions, Air Force Security staff had no
reason to do any additional logging of information. What the security
staff did was first of all change the password on the foster/tdon account
and then made backups of all the chat session files. These were then
compiled into a huge document (looks to be about 800-900 pages) and was
edited to take out overlapping chat processes. I have managed to acquire
this document through a friend of mine who was recently charged for
infiltrating several systems. Part of the evidence was that document
submitted by the Andrews Air Force base.
For the benefit of those people who called this chat and who gave out
incriminating evidence, I will just briefly list their names. You guys
should realize that your particular sessions were logged and are included
as part of the evidence. I would not be surprised if a further
investigation stemming from Zod's bust were to be carried out. The people
who should be watching their tails are: Sam Brown, Hunter, Phreakenstein,
Outlaw, Corrupt and Jetscream. These are obviously not the only people
who were logged, but they do represent those who passed out accounts and
passwords and other incriminating information on the chat, as well as
having spent the most amount of time on there.
So how does this lead up to Zod's arrest? Well, I'm not positive. On the
Air Force machine, zod was dumb enough to leave his name plastered all
over the chat including on the logon screen. Of course this cannot be
used solely as evidence enough to convict, but it sure as hell points in
his direction. Zod was also not a very careful person -- this is of
course obvious from him having set up the Air Force Chat, but in addition,
he left behind a lot of clues. He wasn't a very competent hacker and never
cleaned up after himself. I assume it wasn't very difficult to track him
down from his blatant misuse of the City University system in Washington.
It is my understanding that Corrupt and others were busted indirectly
because of him. Perhaps someone closer to the source can confirm this.
In any case, what all this goes to show you is how the stupidity of one
individual can lead to the problems of so many others. By setting up a
hacker chat system on the Andrews Air Force base system, he committed a
great mistake. By then inviting so many hackers from the international
hack scene, he committed a greater sin. But for actually logging all this
information and never deleting it, he committed the ultimate crime. This
kid is a royal pain in the posterior and a serious threat to all hackers.
- Entity/CCCAN! (Corrupt Computing Canada)
********************************************************************
------------------------------
**END OF CuD #2.03**
********************************************************************
!
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+