mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
390 lines
22 KiB
Text
390 lines
22 KiB
Text
==Phrack Inc.==
|
|
|
|
Volume Two, Issue 24, File 12 of 13
|
|
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
PWN PWN
|
|
PWN P h r a c k W o r l d N e w s PWN
|
|
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
|
|
PWN Issue XXIV/Part 2 PWN
|
|
PWN PWN
|
|
PWN February 25, 1989 PWN
|
|
PWN PWN
|
|
PWN Created, Written, and Edited PWN
|
|
PWN by Knight Lightning PWN
|
|
PWN PWN
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
|
|
|
|
Shadow Hawk Gets Prison Term February 17, 1989
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
An 18 year old telephone phreak from the northside/Rogers Park community in
|
|
Chicago who electronically broke into U.S. military computers and AT&T
|
|
computers, stealing 55 programs was sentenced to nine months in prison on
|
|
Tuesday, February 14, 1989 in Federal District Court in Chicago.
|
|
|
|
Herbert Zinn, Jr., who lives with his parents on North Artesian Avenue in
|
|
Chicago was found guilty of violating the Computer Fraud and Abuse Act of
|
|
1986 by Judge Paul E. Plunkett. In addition to a prison term, Zinn must pay
|
|
a $10,000 fine, and serve two and a half years of federal probation when
|
|
released from prison.
|
|
|
|
United States Attorney Anton R. Valukas said, "The Zinn case will serve to
|
|
demonstrate the direction we are going to go with these cases in the future.
|
|
Our intention is to prosecute aggressively. What we undertook is to address
|
|
the problem of unauthorized computer intrusion, an all-too-common problem that
|
|
is difficult to uncover and difficult to prosecute..."
|
|
|
|
Zinn, a dropout from Mather High School in Chicago was 16-17 years old at
|
|
the time he committed the intrusions, using his home computer and modem. Using
|
|
the handle "Shadow Hawk," Zinn broke into a Bell Labs computer in Naperville,
|
|
IL; an AT&T computer in Burlington, NC; and an AT&T computer at Robbins Air
|
|
Force Base, GA. No classified material was obtained, but the government views
|
|
as 'highly sensitive' the programs stolen from a computer used by NATO which is
|
|
tied into the U.S. missile command. In addition, Zinn made unlawful access to a
|
|
a computer at an IBM facility in Rye, NY, and into computers of Illinois Bell
|
|
Telephone Company and Rochester Telephone Company, Rochester, NY.
|
|
|
|
Assistant United States Attorney William Cook said that Zinn obtained access to
|
|
the AT&T/Illinois Bell computers from computer bulletin board systems, which he
|
|
described as "...just high-tech street gangs." During his bench trial during
|
|
January, Zinn spoke in his own defense, saying that he took the programs to
|
|
educate himself, and not to sell them or share them with other phreaks. The
|
|
programs stolen included very complex software relating to computer design and
|
|
artificial intelligence. Also stolen was software used by the BOC's (Bell
|
|
Operating Companies) for billing and accounting on long distance telephone
|
|
calls.
|
|
|
|
The Shadow Hawk -- that is, Herbert Zinn, Jr. -- operated undetected for at
|
|
least a few months in 1986-87, but his undoing came when his urge to brag about
|
|
his exploits got the best of him. It seems to be the nature of phreaks and
|
|
hackers that they have to tell others what they are doing. On a BBS notorious
|
|
for its phreak/pirate messages, Shadow Hawk provided passwords, telephone
|
|
numbers and technical details of trapdoors he had built into computer systems,
|
|
including the machine at Bell Labs in Naperville.
|
|
|
|
What Shadow Hawk did not realize was that employees of AT&T and Illinois Bell
|
|
love to use that BBS also; and read the messages others have written. Security
|
|
representatives from IBT and AT&T began reading Shadow Hawk's comments
|
|
regularly; but they never were able to positively identify him. Shadow Hawk
|
|
repeatedly made boasts about how he would "shut down AT&T's public switched
|
|
network." Now AT&T became even more eager to locate him. When Zinn finally
|
|
discussed the trapdoor he had built into the Naperville computer, AT&T decided
|
|
to build one of their own for him in return; and within a few days he had
|
|
fallen into it. Once he was logged into the system, it became a simple matter
|
|
to trace the telephone call; and they found its origin in the basement of the
|
|
Zinn family home on North Artesian Street in Chicago, where Herb, Jr. was busy
|
|
at work with his modem and computer.
|
|
|
|
Rather than move immediately, with possibly not enough evidence for a good,
|
|
solid conviction, everyone gave Herb enough rope to hang himself. For over two
|
|
months, all calls from his telephone were carefully audited. His illicit
|
|
activities on computers throughout the United States were noted, and logs were
|
|
kept. Security representatives from Sprint made available notes from their
|
|
investigation of his calls on their network. Finally the "big day" arrived,
|
|
and the Zinn residence was raided by FBI agents, AT&T/IBT security
|
|
representatives and Chicago Police detectives used for backup. At the time of
|
|
the raid, three computers, various modems and other computer peripheral devices
|
|
were confiscated. The raid, in September, 1987, brought a crude stop to Zinn's
|
|
phreaking activities. The resulting newspaper stories brought humiliation and
|
|
mortification to Zinn's parents; both well-known and respected residents of the
|
|
Rogers Park neighborhood. At the time of the younger Zinn's arrest, his father
|
|
spoke with authorities, saying, "Such a good boy! And so intelligent with
|
|
computers!"
|
|
|
|
It all came to an end Tuesday morning in Judge Plunkett's courtroom in Chicago,
|
|
when the judge imposed sentence, placing Zinn in the custody of the Attorney
|
|
General or his authorized representative for a period of nine months; to be
|
|
followed by two and a half years federal probation and a $10,000 fine. The
|
|
judge noted in imposing sentence that, "...perhaps this example will defer
|
|
others who would make unauthorized entry into computer systems." Accepting the
|
|
government's claims that Zinn was "simply a burglar; an electronic one... a
|
|
member of a high-tech street gang," Plunkett added that he hoped Zinn would
|
|
learn a lesson from this brush with the law, and begin channeling his expert
|
|
computer ability into legal outlets. The judge also encouraged Zinn to
|
|
complete his high school education, and "become a contributing member of
|
|
society instead of what you are now, sir..."
|
|
|
|
Because Zinn agreed to cooperate with the government at his trial, and at any
|
|
time in the future when he is requested to do so, the government made no
|
|
recommendation to the court regarding sentencing. Zinn's attorney asked the
|
|
court for leniency and a term of probation, but Judge Plunkett felt some
|
|
incarceration was appropriate. Zinn could have been incarcerated until he
|
|
reaches the age of 21.
|
|
|
|
His parents left the courtroom Tuesday with a great sadness. When asked to
|
|
discuss their son, they said they preferred to make no comment.
|
|
|
|
Information Collected From Various Sources
|
|
_______________________________________________________________________________
|
|
|
|
FBI National Crime Information Center Data Bank February 13, 1989
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Evelyn Richards (Washington Post)
|
|
|
|
"Proposed FBI Crime Computer System Raises Questions on Accuracy, Privacy --
|
|
Report Warns of Potential Risk Data Bank Poses to Civil Liberties"
|
|
|
|
On a Saturday afternoon just before Christmas last year, U.S. Customs officials
|
|
at Los Angeles International Airport scored a "hit."
|
|
|
|
Running the typical computer checks of passengers debarking a Trans World
|
|
Airlines flight from London, they discovered Richard Lawrence Sklar, a fugitive
|
|
wanted for his part in an Arizona real estate scam.
|
|
|
|
As their guidelines require, Customs confirmed all the particulars about Sklar
|
|
with officials in Arizona - his birth date, height, weight, eye and hair color
|
|
matched those of the wanted man.
|
|
|
|
Sklar's capture exemplified perfectly the power of computerized crime fighting.
|
|
Authorities thousands of miles away from a crime scene can almost instantly
|
|
identify and nab a wanted person.
|
|
|
|
There was only one problem with the Sklar case: He was the wrong man. The
|
|
58-year old passenger - who spent the next two days being strip-searched,
|
|
herded from one holding pen to another and handcuffed to gang members and other
|
|
violent offenders - was a political science professor at the University of
|
|
California at Los Angeles.
|
|
|
|
After being fingered three times in the past dozen years for the financial
|
|
trickeries of an impostor, Sklar is demanding that the FBI, whose computer
|
|
scored the latest hit, set its electronic records straight. "Until this person
|
|
is caught, I am likely to be victimized by another warrant," Sklar said.
|
|
|
|
Nowhere are the benefits and drawbacks of computerization more apparent than
|
|
at the FBI, which is concluding a six-year study on how to improve its National
|
|
Crime Information Center, a vast computer network that already links 64,000 law
|
|
enforcement agencies with data banks of 19 million crime-related records.
|
|
|
|
Although top FBI officials have not signed off on the proposal, the current
|
|
version would let authorities transmit more detailed information and draw on a
|
|
vastly expanded array of criminal records. It would enable, for example,
|
|
storage and electronic transmission of fingerprints, photos, tattoos and other
|
|
physical attributes that might prevent a mistaken arrest. Though
|
|
controversial, FBI officials have recommended that it include a data bank
|
|
containing names of suspects who have not been charged with a crime.
|
|
|
|
The proposed system, however, already has enraged computer scientists and
|
|
privacy experts who warn in a report that the system would pose a "potentially
|
|
serious risk to privacy and civil liberties." The report, prepared for the
|
|
House subcommittee on civil and constitutional rights, also contends that the
|
|
proposed $40 million overhaul would not correct accuracy problems or assure
|
|
that records are secure.
|
|
|
|
Mostly because of such criticism, the FBI's revamped proposal for a new system,
|
|
known as the NCIC 2000 plan, is a skeleton of the capabilities first suggested
|
|
by law enforcement officials. Many of their ideas have been pared back, either
|
|
for reasons of practicality or privacy.
|
|
|
|
"Technical possibility should not be the same thing as permissible policy,"
|
|
said Marc Rotenberg, an editor of the report and Washington liaison for
|
|
Computer Professionals for Social Responsibility, a California organization.
|
|
The need to make that tradeoff - to weigh the benefits of technological
|
|
advances against the less obvious drawbacks - is becoming more apparent as
|
|
nationwide computer links become the blood vessels of a high-tech society.
|
|
|
|
Keeping technology under control requires users to double-check the accuracy of
|
|
the stored data and sometimes resort told-fashioned paper records or
|
|
face-to-face contact for confirmation. Errors have plagued the NCIC for many
|
|
years, but an extensive effort to improve record-keeping has significantly
|
|
reduced the problem, the FBI said.
|
|
|
|
Tapped by federal, state and local agencies, the existing FBI system juggles
|
|
about 10 inquiries a second from people seeking records on wanted persons,
|
|
stolen vehicles and property, and criminal histories, among other things. Using
|
|
the current system, for example, a police officer making a traffic stop can
|
|
fine out within seconds whether the individual is wanted anywhere else in the
|
|
United States, or an investigator culling through a list of suspects can peruse
|
|
past records.
|
|
|
|
At one point, the FBI computer of the future was envisioned as having links to
|
|
a raft of other data bases, including credit records and those kept by the
|
|
Immigration and Naturalization Service, the Internal Revenue Service, the
|
|
Social Security Administration and the Securities and Exchange Commission.
|
|
One by one, review panels have scaled back that plan.
|
|
|
|
"There's a lot of sensitive information in those data bases," said Lt. Stanley
|
|
Michaleski, head of records for the Montgomery County [Maryland] police. "I'm
|
|
not going to tell you that cops aren't going to misuse the information."
|
|
|
|
The most controversial portion of the planned system would be a major expansion
|
|
to include information on criminal suspects - whose guilt has not yet been
|
|
established.
|
|
|
|
The proposed system would include names of persons under investigation in
|
|
murder, kidnapping or narcotics cases. It would include a so-called "silent
|
|
hit" feature: An officer in Texas, for instance, would not know that the
|
|
individual he stopped for speeding was a suspect for murder in Virginia. But
|
|
when the Virginia investigators flipped on their computer the next morning, it
|
|
would notify them of the Texas stop. To Michaleski, the proposal sounded like
|
|
"a great idea. Information is the name of the game." But the "tracking"
|
|
ability has angered critics.
|
|
|
|
"That [data base] could be enlarged into all sorts of threats - suspected
|
|
communists, suspected associates of homosexuals. There is no end once you
|
|
start," said Rep. Don Edwards (D-Calif.), whose subcommittee called for the
|
|
report on the FBI's system.
|
|
|
|
The FBI's chief of technical services, William Bayse, defends the proposed
|
|
files, saying they would help catch criminals while containing only carefully
|
|
screened names. "The rationale is these guys are subjects of investigations,
|
|
and they met a certain guideline," he said.
|
|
|
|
So controversial is the suspect file that FBI Director William Sessions
|
|
reportedly may not include it when he publicly presents his plan for a new
|
|
system.
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
A case similar to Sklar's was that of Terry Dean Rogan, who was arrested five
|
|
times because of outstanding warrants caused by someone else masquerading as
|
|
him. He finally settled for $50,000 in damages.
|
|
_______________________________________________________________________________
|
|
|
|
Legal Clamp-Down On Australian Hackers February 14, 1989
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Julie Power (The Financial Review)
|
|
|
|
Federal Cabinet is expected to endorse today draft legislation containing tough
|
|
penalties for hacking into Commonwealth computer systems. It is understood
|
|
that the Attorney-General, Mr. Lionel Bowen, will be proposing a range of tough
|
|
new laws closely aligned with the recommendations of the Attorney-General's
|
|
Department released in December. Mr. Bowen requested the report by the Review
|
|
of Commonwealth Criminal Law, chaired by Sir Harry Gibbs, as a matter of
|
|
urgency because of the growing need to protect Commonwealth information and
|
|
update the existing legislation.
|
|
|
|
Another consideration could be protection against unauthorized access of the
|
|
tax file number, which will be stored on a number of Government databases.
|
|
|
|
If the report's recommendations are endorsed, hacking into Commonwealth
|
|
computers will attract a $48,000 fine and 10 years imprisonment. In addition,
|
|
it would be an offense to destroy, erase, alter, interfere, obstruct and
|
|
unlawfully add to or insert data in a Commonwealth computer system.
|
|
|
|
The legislation does not extend to private computer systems. However, the
|
|
Attorney-General's Department recommended that it would be an offense to access
|
|
information held in a private computer via a Telecom communication facility or
|
|
another Commonwealth communication facility without due authority.
|
|
_______________________________________________________________________________
|
|
|
|
Multi-Gigabuck Information Theft February 8, 1989
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Bob Mitchell (Toronto Star)(Edited for this presentation)
|
|
|
|
A man has been arrested and charged with unauthorized use of computer
|
|
information, following a 2-month police investigation. The suspect was an
|
|
associate of a "very big" Toronto company: "A company that people would know,
|
|
with offices across Canada." Police are keeping the company's name secret at
|
|
its request. They say the perpetrator acted alone.
|
|
|
|
A password belonging to the company was used to steal information which the
|
|
company values at $4 billion (Canadian). This information includes computer
|
|
files belonging to an American company, believed to contain records from
|
|
numerous companies, and used by large Canadian companies and the United States
|
|
government.
|
|
|
|
"We don't know what this individual was planning to do with the information,
|
|
but the potential is unbelievable. I'm not saying the individual intended to
|
|
do this, but the program contained the kind of information that could be sold
|
|
to other companies," said Lewers.
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
Further investigation of the above details led to the following;
|
|
|
|
Multi-Gigabuck Value Of Information Theft Denied February 17, 1989
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Different facts about the information theft were reported two days after the
|
|
original story.
|
|
|
|
The information in this article is from the Toronto Globe & Mail. The article
|
|
is headlined "Computer Information Theft Detected By Security System, Company
|
|
Says." And it begins as follows:
|
|
|
|
"The theft of information from a company's computer program was
|
|
detected by the firm's own computer security system.
|
|
|
|
Mike Tillson, president of HCR Corporation, which specializes in
|
|
developing computer software, said yesterday an unusual pattern
|
|
of computer access was noticed on the company's system last week."
|
|
|
|
The article continues by saying that police reports valuing the "program" at $4
|
|
billion (Canadian) were called grossly exaggerated by Tilson: "It's more in
|
|
the tens of thousands of dollars range." He also said that the illegal access
|
|
had been only a week before; there was no 2-month investigation. And asked
|
|
about resale of the information, he said, "It's not clear how one would profit
|
|
from it. There are any number of purposes one could imagine to idle curiosity.
|
|
There is a possibility of no criminal intent."
|
|
|
|
The information not being HCR customer data, and Tilson declining to identify
|
|
it, the article goes on to mention UNIX, to mumble about AT&T intellectual
|
|
property, and to note that AT&T is not in the investigation "at this stage."
|
|
_______________________________________________________________________________
|
|
|
|
More Syracuse Busts February 6, 1989
|
|
~~~~~~~~~~~~~~~~~~~
|
|
St. Elmos Fire was arrested after a supposed friend turned him in to the police
|
|
and signed an affidavit. His crimes include hacking into his school's HP3000
|
|
and the FBI and Telenet are trying to get him for hacking into another HP3000
|
|
system in Illinois.
|
|
|
|
However, it was the "friend" that was actually the person responsible for the
|
|
damage done to the computer in Illinois. The problem is that Telenet traced
|
|
that calls to Syracuse, New York and because of the related crimes, the
|
|
authorities are inclined to believe that both were done by the same
|
|
individual.
|
|
|
|
St. Elmos Fire has already had his arraignment and his lawyer says that there
|
|
is very little evidence to connect SEF to the HP3000 in Syracuse, NY. However,,
|
|
nothing is really known at this time concerning the status of the system in
|
|
Illinois.
|
|
|
|
Information Provided by Grey Wizard
|
|
_______________________________________________________________________________
|
|
|
|
Television Editor Charged In Raid On Rival's Files February 8, 1989
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
>From San Jose Mercury News
|
|
|
|
TAMPA, Fla. (AP) - A television news editor hired away from his station by a
|
|
competitor has been charged with unlawfully entering the computer system of his
|
|
former employer to get confidential information about news stories.
|
|
|
|
Using knowledge of the system to bypass a security shield he helped create,
|
|
Michael L. Shapiro examined and destroyed files relating to news stories at
|
|
Tampa's WTVT, according to the charges filed Tuesday.
|
|
|
|
Telephone records seized during Shapiro's arrest in Clearwater shoed he made
|
|
several calls last month to the computer line at WTVT, where he worked as
|
|
assignment editor until joining competitor WTSP as an assistant news editor in
|
|
October.
|
|
|
|
Shapiro, 33, was charged with 14 counts of computer-related crimes grouped into
|
|
three second-degree felony categories: Offenses against intellectual property,
|
|
offenses against computer equipment and offenses against computer users. He
|
|
was released from jail on his own recognizance.
|
|
|
|
If convicted, he could be sentenced to up to 15 years in prison and fined
|
|
$10,000 for each second-degree felony count.
|
|
|
|
Bob Franklin, WTVT's interim news director, said the station's management
|
|
discovered several computer files were missing last month, and Shapiro was
|
|
called to provide help. Franklin said the former employee claimed not to know
|
|
the cause of the problem.
|
|
|
|
At a news conference, Franklin said: "Subsequent investigation has revealed
|
|
that, at least since early January, WTVT's newsroom computer system has been
|
|
the subject of repeated actual and attempted 'break-ins.' The computers
|
|
contain highly confidential information concerning the station's current and
|
|
future news stories."
|
|
|
|
The news director said Shapiro was one of two people who had responsibility for
|
|
daily operation and maintenance of the computer system after it was installed
|
|
about eight months ago. The other still works at WTVT.
|
|
|
|
Terry Cole, news director at WTSP, said Shapiro has been placed on leave of
|
|
absence from his job. Shapiro did not respond to messages asking for comment.
|
|
|
|
Franklin said Shapiro, employed by WTVT from February 1986 to September, 1988,
|
|
left to advance his career. "He was very good at what he did," Franklin said.
|
|
"He left on good terms."
|
|
_______________________________________________________________________________
|