home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
phrk3
/
phrack28.9
< prev
next >
Wrap
Text File
|
1992-09-26
|
25KB
|
495 lines
==Phrack Inc.==
Volume Three, Issue 28, File #9 of 12
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXVIII/Part 1 PWN
PWN PWN
PWN October 7, 1989 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Welcome to Issue XXVIII of Phrack World News!
This issue of Phrack World News contains stories and articles detailing events
from June - October, 1989 and features Bellcore, Chalisti, Chaos Computer Club,
Clifford Stoll, The Disk Jockey, Fry Guy, The Grim Phreaker, Legion of Doom,
The Leftist, Major Havoc, Kevin Mitnick, Robert Morris, Oryan QUEST, The
Prophet, Red Rebel, Shadow Stalker, Shadow 2600, Terra, The Urvile, and much
more so keep reading.
"The Real Future Is Behind You... And It's Only The Beginning!"
_______________________________________________________________________________
Judge Suggests Computer Hacker Undergo Counseling July 17, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Karen E. Klein (New York Times)
LOS ANGELES -- A federal judge has suggested that Los Angeles computer hacker
Kevin Mitnick be sentenced to a one-year residential treatment program to break
his "computer addiction."
Although she did not finalize her sentence, U.S. District Judge Mariana R.
Pfaelzer said Monday that she thought Mitnick had some problems that would
benefit from counseling.
Pfaelzer will actually pass sentence at a hearing set for Tuesday, July 18.
The idea that a computer "junkie" who cannot control his urge to break into
computers could be helped with a program similar to Alcoholics Anonymous is a
new one, Harriet Rossetto, director of the treatment program, told the judge.
"His behavior is an impulse disorder," Rossetto said. "The disease is the
addiction, whether it be drugs, alcohol, gambling, hacking, money or power."
Rossetto, who was contacted by Mitnick's family, said Mitnick would be the
first person addicted to computer crime to be treated in the Bet T'shuvah
program , a 20-bed residential treatment program for Jewish criminal offenders.
"It's not willful conduct, what Kevin does," she said. "He's tried to control
his behavior but hacking gives him a sense of power, makes him feel like
somebody when he's depressed or he's lost a job."
Mitnick, age 25, has been in federal prison for seven months since his arrest
last December on computer fraud charges.
He pleaded guilty in May to possessing 16 unauthorized MCI long-distance codes
and to stealing a computer security program from the Digital Equipment
Corporation in Massachusetts.
Mitnick has been described in court as a computer whiz who could break into
secured systems and change telephone or school records at will. He told the
judge on Monday, July 17 that he wants to stop hacking.
"I sincerely want to change my life around and be productive rather than
destructive," Mitnick said.
"With counseling to break the addictive pattern I feel I have towards computer
hacking, I can take an active role and I don't have to have the compulsive
behavior again."
Assistant U.S. Attorney James R. Asperger said that the government does not
oppose Mitnick's release from prison to be treated at Bet T'shuvah.
"The judge has taken this case very seriously. It shows computer hacking is
not like a Nintendo game," Asperger said.
Mitnick has cooperated with FBI investigators since his pleaded guilty and
helped bring charges against his former best friend, Leonard DiCicco, 23, of
Calabasas, Asperger said.
DiCicco, who initially tipped the FBI to Mitnick's crimes, has agreed to plead
guilty to a charge of aiding and abetting the transportation of a stolen
computer program.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Authorities Backed Away From Original Allegations July 23, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Karen E. Klein (New York Times)
LOS ANGELES -- Shortly after computer hacker Kevin Mitnick was arrested last
December (1988), he was characterized as an extreme threat who could wreak
electronic chaos if he got near so much as a telephone without supervision.
Police and FBI agents started trying to corroborate the flurry of rumors that
arose about the malicious actions of the computer whiz from suburban Panorama
City, whose case attracted national attention.
Three judges denied Mitnick, age 25, bail on the ground that he was a danger to
society and ordered him held in a high-security jail cell.
But after separating the Mitnick myth from the reality, authorities backed away
from many of their original allegations.
"A lot of the stories we originally heard just didn't pan out, so we had to
give him the benefit of the doubt," said James R. Asperger, the assistant U.S.
attorney who handled Mitnick's case.
Mitnick, pudgy and nervous, appeared in court last week to apologize for his
crimes and to ask for treatment to help break his compulsive "addiction" to
computers.
U.S. District Judge Mariana R. Pfaelzer sentenced him to serve one year in
prison -- including the nearly eight months he already has served -- and then
to undergo six months of counseling and treatment similar to that given to
alcoholics or drug addicts.
"I think he has problems that would benefit greatly from this kind of therapy,"
Pfaelzer said. "I want him to spend as much time as possible in counseling."
The case that began with a bang ended with Asperger pointing out that the
one-year prison term is the stiffest sentence ever handed out in a computer
fraud case.
Mitnick originally was accused of using unauthorized MCI long-distance codes to
tap into Leeds University computers in England and of stealing a $4 million
computer security system from the Digital Equipment Corporation in
Massachusetts.
He ultimately agreed to plead guilty to possessing 16 unauthorized MCI
long-distance codes and to stealing the computer security program. The other
charges were dismissed.
Alan Rubin, Mitnick's lawyer, said he felt vindicated by the outcome of the
case.
Rubin contended from the start that computerphobia and adolescent exaggeration
led authorities to mistakenly brand Mitnick a malicious criminal.
"Once the snowball starts rolling, you can't stop it," said Rubin, who waged an
unsuccessful campaign up to the federal appeals court to get bail for his
client.
Far from being serious, Rubin said, Mitnick's actions were mostly immature,
adolescent pranks.
He pointed to evidence that Mitnick was able to electronically cut off
telephone service to people he was angry with and once sent an enemy a $30,000
hospital telephone bill.
"It was the computer equivalent of sending your friend 14 pizzas," he said.
Many of the legends surrounding Mitnick came from the subculture of computer
hackers -- and specifically from a man who was once Mitnick's best friend,
Leonard Mitchell DiCicco, age 23, of Calabasas, California.
DiCicco, who had a falling out with Mitnick over a $100 bet, told computer
security specialists at the Digital Equipment Corporation that Mitnick had been
trespassing on their system.
They in turn contacted the FBI agents, who arrested Mitnick.
What DiCicco told investigators may or may not have been entirely truthful,
Rubin said.
"I have no idea what his motives were," Rubin said.
But DiCicco, who alerted authorities to Mitnick's crime, had the tables turned
on him after the government refused to grant him absolute immunity for his
testimony against Mitnick.
When the prosecution said they might charge him with a crime, DiCicco clammed
up and refused to cooperate any further. But from his prison cell, Mitnick
agreed to cooperate and provided enough incriminating evidence for the
government to charge DiCicco.
DiCicco is expected to plead guilty to a charge of aiding and abetting the
interstate transportation of stolen property -- the computer security program
-- on Monday.
Asperger said he was not sure whether DiCicco would get a sentence similar to
Mitnick's.
"Although they were friends and partners in computer hacking, (DiCicco)
appeared to play a subordinate role (in the crime)," Asperger said.
Other rumors about Mitnick's conduct came from fellow hackers, who may have
blown the stories out of proportion.
"It's a very strange sub-culture, with a lot of jealousies," Rubin said. "Part
of it is bragging about how macho you are and what systems you've broken into.
It's very immature in a lot of ways."
But prosecutors, citing Mitnick's various scrapes with computer misconduct
since he was 13, aren't willing to let him off the hook entirely.
"I think there's some substance to these things (the rumors that arose in
Mitnick's case), an awful lot of them," said Los Angeles FBI chief Lawrence
Lawler, who is a computer buff himself and followed Mitnick's case closely.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you are looking for other articles about Kevin David Mitnick aka Condor
please refer to;
"Pacific Bell Means Business" (10/06/88) PWN XXI. . .Part 1
"Dangerous Hacker Is Captured" (No Date ) PWN XXII . .Part 1
"Ex-Computer Whiz Kid Held On New Fraud Counts" (12/16/88) PWN XXII . .Part 1
"Dangerous Keyboard Artist" (12/20/88) PWN XXII . .Part 1
"Armed With A Keyboard And Considered Dangerous" (12/28/88) PWN XXIII. .Part 1
"Dark Side Hacker Seen As Electronic Terrorist" (01/08/89) PWN XXIII. .Part 1
"Mitnick Plea Bargains" (03/16/89) PWN XXV. . .Part 1
"Mitnick Plea Bargain Rejected As Too Lenient" (04/25/89) PWN XXVII. .Part 1
"Computer Hacker Working On Another Plea Bargain" (05/06/89) PWN XXVII. .Part 1
"Mitnick Update" (05/10/89) PWN XXVII. .Part 1
"Kenneth Siani Speaks Out About Kevin Mitnick" (05/23/89) PWN XXVII. .Part 1
_______________________________________________________________________________
BITNET/CSNET Announce Merger and Formation of CREN August 18, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Washington, DC -- Two of the nation's leading academic and research computer
networks announced today that final steps are being taken to merge their
organizations.
Ira Fuchs, President of BITNET, and Bernard Galler, Chairman of CSNET, jointly
reported that the two networks, which together include 600 colleges,
universities, government agencies, and private sector research organizations,
will unite to form the Corporation for Research and Educational Networking,
CREN.
Galler, a Professor of Electrical Engineering and Computer Science at the
University of Michigan, commented: "The aims of CSNET and BITNET -- to support
and promote the use of computer networks on campuses and within research
organizations -- have converged over the last several years. We believe that
by bringing these two networks into a single organization, we will be able to
provide better service to our network users and more effectively participate in
the fast-changing national network environment."
Fuchs, Vice President for Computing and Information Technology at Princeton
University, sees the move as a strengthening factor: "The need for campus
networks and the introduction of new technology make it necessary to build a
common base of network services using the most progressive technology
available. By eliminating overlap between our two organizations, we will
become more efficient, and more importantly, we can take a stronger role in the
the formation of the national education and research network. We can achieve
this goal faster and at lower cost by leveraging the efforts of the two major
academic networking organizations."
The merger of CSNET and BITNET has been studied for more than a year by a
planning group consisting of representatives from both networks. CSNET
currently lists 145 institutional and corporate members, and BITNET 480
members. Together, the two networks cover all 50 states and 32 foreign
countries, including Japan, Brazil, Mexico, and Argentina. Both maintain
gateways to EARN (European Academic Research Network), NetNorth (Canada), and
the National Internet.
The planning group's recommendations to merge were approved by the BITNET, Inc.
Trustees and the Directors of the University Corporation for Atmospheric
Research, operators of CSNET for the last five years. An information packet on
the merger is being mailed to all members of both networks this week, with a
ballot for BITNET members, who must approve the final legal steps under the
provisions of BITNET By-Laws. In an advisory vote last winter, BITNET members
approved the merger in principle by more than 90% of those voting.
A gradual transition period is planned to bring together CSNET and BITNET
services. CREN plans to continue use of EDUCOM and Bolt, Beranek and Newman
(BBN) to provide technical and general management services to its members.
EDUCOM President Kenneth M. King commented, "We are entering a particularly
challenging period in the creation of an advanced national network
infrastructure for research and education. CREN will play a major role in the
future of these computer networks, which are becoming more and more important
to the conduct of research and the quality of education. EDUCOM is pleased to
have an opportunity to support the services and activities of CREN. "
Frank Heart, Senior Vice President, BBN Systems and Technologies Corporation,
said, "In keeping with its long involvement in the development of networking
technologies, BBN is pleased to play a major supporting role in the evolution
of BITNET and CSNET."
The proposed CREN Board includes Fuchs and Galler;
Douglas Bigelow. . . . . Wesleyan University
William Curtis . . . . . University Corporation for Atmospheric Research
David Farber . . . . . . University of Pennsylvania
Suzanne Johnson. . . . . INTEL Corporation
Mark Laubach . . . . . . Hewlett-Packard Corporation
Philip Long. . . . . . . Yale University
Dennis Ritchie . . . . . AT&T Bell Laboratories
Martin Solomon . . . . . University of South Carolina
Douglas Van Houweling. . University of Michigan
William Yundt. . . . . . Stanford University
For more information, contact
Corporation for Research and Educational Networking
Suite 600
1112 16th Street NW
Washington, DC 20036
(202) 872-4215
[Obviously they decided not to call it ONEnet --KL]
_______________________________________________________________________________
CERT Internet Security Advisory August 16, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From Kenneth R. van Wyk
Many computers connected to the Internet have recently experienced unauthorized
system activity. Investigation shows that the activity has occurred for
several months and is spreading. Several UNIX computers have had their
"telnet" programs illicitly replaced with versions of "telnet" which log
outgoing login sessions (including usernames and passwords to remote systems).
It appears that access has been gained to many of the machines which have
appeared in some of these session logs. (As a first step, frequent telnet
users should change their passwords immediately.) While there is no cause for
panic, there are a number of things that system administrators can do to detect
whether the security on their machines has been compromised using this approach
and to tighten security on their systems where necessary. At a minimum, all
UNIX site administrators should do the following:
o Test telnet for unauthorized changes by using the UNIX "strings"
command to search for path/filenames of possible log files. Affected
sites have noticed that their telnet programs were logging information
in user accounts under directory names such as "..." and ".mail".
In general, we suggest that site administrators be attentive to configuration
management issues. These include the following:
o Test authenticity of critical programs - Any program with access to
the network (e.g., the TCP/IP suite) or with access to usernames and
passwords should be periodically tested for unauthorized changes.
Such a test can be done by comparing checksums of on-line copies of
these programs to checksums of original copies. (Checksums can be
calculated with the UNIX "sum" command.) Alternatively, these
programs can be periodically reloaded from original tapes.
o Privileged programs - Programs that grant privileges to users (e.g.,
setuid root programs/shells in UNIX) can be exploited to gain
unrestricted access to systems. System administrators should watch
for such programs being placed in places such as /tmp and /usr/tmp (on
UNIX systems). A common malicious practice is to place a setuid shell
(sh or csh) in the /tmp directory, thus creating a "back door" whereby
any user can gain privileged system access.
o Monitor system logs - System access logs should be periodically scanned
(e.g., via UNIX "last" command) for suspicious or unlikely system activity.
o Terminal servers - Terminal servers with unrestricted network access (that
is, terminal servers which allow users to connect to and from any system on
the Internet) are frequently used to camouflage network connections, making
it difficult to track unauthorized activity. Most popular terminal servers
can be configured to restrict network access to and from local hosts.
o Passwords - Guest accounts and accounts with trivial passwords (e.g.,
username=password, password=none) are common targets. System administrators
should make sure that all accounts are password protected and encourage users
to use acceptable passwords as well as to change their passwords
periodically, as a general practice. For more information on passwords, see
Federal Information Processing Standard Publication (FIPS PUB) 112, available
from the National Technical Information Service, U.S. Department of Commerce,
Springfield, VA 22161.
o Anonymous file transfer - Unrestricted file transfer access to a system can
be exploited to obtain sensitive files such as the UNIX /etc/passwd file. If
used, TFTP (Trivial File Transfer Protocol - which requires no
username/password authentication) should always be configured to run as a
non-privileged user and "chroot" to a file structure where the remote user
cannot transfer the system /etc/passwd file. Anonymous FTP, too, should not
allow the remote user to access this file, or any other critical system file.
Configuring these facilities to "chroot" limits file access to a localized
directory structure.
o Apply fixes - Many of the old "holes" in UNIX have been closed. Check with
your vendor and install all of the latest fixes.
If system administrators do discover any unauthorized system activity, they are
urged to contact the Computer Emergency Response Team (CERT).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Internet Cracker On The Loose: Who Is He? October 2, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There is a cracker on the loose in the Internet. This is the information
made public so far. Traces of the cracker were found at the Institute for
Advanced Studies in Princeton. He also left traces at one of the Super
computer centers. Both CERT and the FBI have been called.
The technique that is being used is as follows:
1) He has a modified telnet that tries a list passwords on accounts. Username
forwards and backwards, username + pw, etc.
2) He seems to have a program call "ret", that is breaking into root.
3) He seems to be getting a list of victim machines via people's .rhosts files.
4) He copies password files to the machines that he is currently working from.
5) He is good about cleaning up after himself. He zeros out log files and
other traces of himself.
6) The breakins are occurring between 10 PM Sunday nights and 8 AM Monday
mornings.
7) He seems to bring along a text file of security holes to the machines he
breaks into.
8) Backtracing the network connections seem to point to the Boston area as a
base of operations.
The system administrator at IAS found a directory with the name ".. " (dot dot
space space). The files mentioned above were found in this directory.
_______________________________________________________________________________
Worried Firms Pay Hush Money To "Hackers" June 12, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Richard Caseby (London Times)
"Are London Firms Offering Amnesty To Hacker Thieves?"
Firms in the City of London are buying the silence of hackers who break into
their computers and steal millions of pounds.
At least six London firms have signed agreements with criminals, offering them
amnesty if they return part of the money. The firms fear that if they
prosecute they will lose business when customers learn that their computer
security is flawed.
In several of the case the losses exceeded 1 million pounds, but only a tenth
of the total was returned.
The Computer Industry Research Unit (CIRU) which uncovered the deals and which
is advising the Department of Trade and Industry in data security, believes the
practice of offering amnesties is widespread.
"Companies who feel vulnerable are running scared by agreeing to these immoral
deals. Their selfishness is storing up serious problems for everyone else,"
said Peter Nancarrow, a senior consultant.
Police have warned that deals struck with criminals could possibly lead to an
employer being prosecuted for perverting the course of justice.
Detective Inspector John Austin, of Scotland Yard's computer fraud squad, said,
"Employers could find themselves in very deep water by such strenuous efforts
to protect the credibility of their image."
Legal experts say the firms are making use of section five of the Criminal Law
Act 1967 which allows them to keep silent on crimes and privately agree on
compensation. However, an employer becomes a witness to the offense by taking
evidence from a criminal when the deal is drawn up.
Hackers steal by electronically transferring funds or by programming a computer
to round off all transactions by a tiny amount and diverting the money to a
separate account.
In one case, an assistant programmer at a merchant bank diverted 8 million
pounds to a Swiss bank account and then gave back 7 million in return for a
non-disclosure agreement protecting him against prosecution.
Such thefts have spread alarm throughout London, with consultants offering to
penetrate the computer networks of banks and finance houses to pinpoint
loopholes before a hacker does.
The biggest contracts cost up to 50,000 pounds and can involve a four month
investigation in which every weakness is explored.
Detectives have found that computer security at many London institutions is
riddled with loopholes. A city of London police operation, codenamed Comcheck,
revealed wide spread weaknesses. Firms were asked to track the number of
unauthorized logons over Easter bank holiday.
Some companies unable to tell whether hackers had penetrated their network,
while others lacked any security defenses.
In addition to theft, companies are vulnerable to blackmail. Hackers can
threaten to sabotage computers by inserting "viruses" and "logic bombs" --
rogue programs which can paralyze a system.
This type of threat has prompted the offer of a new insurance policy
underwritten by Lloyd's which specifically covers viruses and other computer
catastrophes.
_______________________________________________________________________________
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+