FREQUENCY: Inside the Hacker Mind June 2001 Freq10 (Disclaimer: Information contained in this ezine is for educational purposes only. Readers are urged to not use this information for illegal purposes.) 1. Introduction "Beyond the Infinite" 2. Adventures in Telnetting 3. Getting Info From Your Telco 4. Curiosity 5. Rules 6. How To Be A Sneak 7. Owning Someone's PC 8. SNET and Social Engineering 9. A Listing of Loop Lines 10. Free Cellular Calls Without Cloning 11. The DMCAs Grasp on Live365 12. Review "Anti Trust" 13. Closing Arguments 14. Crew 1. INTRODUCTION "BEYOND THE INFINITE" Freq10. The tenth issue of Frequency. I promised in the last issue that Freq10 would be about the future, and that's exactly what's going to happen. Looking back through the issues, I realized what was missing from each of them. It wasn't enough to just talk about the same things over and over, I wanted to incorporate the very things we love into each issue. This is why Frequency now has a new look. Each issue will be longer and contain more information, but still retain that Frequency feel. I swore a long time ago that this ezine was about opinions, and that's the way it's going to stay. But opinions are not confined to editorials alone. They're found in the joy of expressing knowledge, sharing information, and enlightening those that may not understand what's going on in the world. No, Frequency will not "teach you how to hack." But it will show people what it's like to think like a hacker, as it always has. Some articles will be extremely technical, some will be for the average joe, others will be completely opinionated. Whatever the case, Frequency is now a much more well rounded ezine. We hope you enjoy the changes, and invite you to continue sending in articles that are of interest to you. All articles can be submitted to articles@hackermind.net Aside from the ezine, you may be wondering why there's a picture included with this issue. This is something unique to Frequency that we wanted to implement. While we don't have a print magazine, we still thought it was important to give each issue it's own identity. Therefore, from now on all new issues of Frequency will have a "cover" included with them. What better way to express the hacker mind than through art? Here's how it will work: We will continue to provide those of you on the mailing list with the first look at the zine, and now the cover as well. This will be done by placing the cover up on our site and providing you with a link to it. Obviously if there's something on a site, someone will find it with or without a link. But then again, what good's a cover without the ezine? Our advice? Sign up for the list, after all it's free! If you have a cover you want to submit for consideration, send them into screamer@hackermind.net. Covers can be computer generated or hand drawn, just be creative and express yourself. What can we expect for the future? Most likely an increase in what you find inside this ezine. Switch Hook will probably meld with Frequency, as two ezines is an awful lot to type up. One thing will remain constant however, and that is our love of both technology and the hacker world. Hackers see things in a different light. The world isn't steel and concrete, but rather data packets and fiber optics. As long as we focus on our love of exploring technology, hackers will be around forever. And now, I hope you enjoy the tenth issue of Frequency. -screamer 2. ADVENTURES IN TELNETTING: by LAnKY If you're anything like me; short, goofy looking, horny all the time, then you've probably spent a lot of time looking around the internet and phone networks to see what you could find. Some people like programming, some like cracking passwords, but me? I like adventures. I like driving around the information superhighway and seeing what can be seen, gathering all the information possible without actually breaking any laws (well not too many). Follow me now on this telnet adventure It began at around one in the morning while I was riding high on a caffeine buzz and trying to find something to do besides watching the tube. I'm sure a lot of you will agree, the middle of the night is the best time for any hacking/phreaking adventures you may have. System operators have gone home in most cases, people's guards are down, and most importantly, it's something to kill the inescapable boredom of the pre-dawn hours. Well then, where to start? This is the same question I asked myself as I stared at my computer screen, watching as the putty.exe file opened before me. I knew perfectly well that more and more security prone systems were turning off port 23 so as to avoid brute force attacks, but undoubtedly someone out there would have it (or some other port) wide open. The only question was, where should I go? Instinctively, I opened a web browser and entered a google search for "astrology," knowing damn well sites of that nature are usually run by amateurs and are more prone to have port 23 open wider than a two dollar hooker. Yes folks, it's time for that typical Alan Smithee/John Doe bullshit name, which is why I'm calling the site abc.com. Um upon realizing that site actually belongs to ABC television I'll use xyz.com er, ok that actually belongs to someone too. Ah fuck it, let's just say the site was xyx.com. Ok so I enter xyx.com into putty to see what I get in terms of telnet connectivity. Sure enough, port 23 opens and gives me a typical UNIX welcome message. (note that names have been changed to protect the brainless) Welcome to xyx.com SunOS 5.7 login: Like anyone else who's read those old 1980's text philes I tried the typical "admin/admin" passwords that never seem to work, and sure enough this was no different. Alright let me stop, suppose one of those did and I got access to the system? Wouldn't that go against what I said above about not breaking the law? I won't lie to you, it most certainly would, but let's face it, anyone who's dumb enough to use a user/pass like that should have their head examined. I refuse to feel bad about gaining access when no security is in place whatsoever. Ok, on with the story. Once I knew port 23 was open, I decided to find out what other services might be available on this baby. I knew a portscan could possibly send up red flags so I decided to do things a bit quieter. Rather than scan every open port with my telnet client (and static IP) I decided it would be wiser to send packets from a different IP each time I connected to a port. True this is not a hundred percent secure, and anyone who can read log files will be able to spot an intrusion attempt, but I seriously doubted anyone would go through the trouble. With my laptop fired up, I dialed up into bluelight first and checked out port 25. It worked, but no expn command. Next I tried port 21 through netzero, once again a big fat nothing! They had no way of ftping files onto the server from a remote location, nor no ESMTP support. It was unusual, but not unbelievable. Sadly, for a site that had taken so much time and effort in their precautions they failed to close the most dangerous (IMO) port of all. Finger. Yes, port 79 was open and waiting for me to call a request. I began trying root, admin, webmaster, and then finally a name I had seen on the site, mistressc. B-I-N-G-O was his name-O! That returned a response. Trying xxx.xx.xx.xx Escape character is '^]' mistressc Login: mistressc Name: Mistress Catherine O'Day Directory: /home/mistressc Shell: /usr/pkg/bin/bash On since Wed April 18 22:21 (PDT) on ttyp2, idle 2 days 19:34, (messages off) Last login Fri May 11 23:22 (PDT) on ttyq4 from xxxx Not exactly enough information to get you in, unless of course mistressc was foolish enough to use her name as her password, but come on how many times does that happen? This information is interesting nonetheless, and I made sure to copy it all down incase I needed it later. Did my adventures in Telnetting end there you ask? Of course not! Telnetting into nether.net, I settled in for a nice comfortable rest in my favorite shell in the whole world. To me, there's nothing like nether. Offering virtually all the services you would find on other UNIX boxes, nether allows you to really experience UNIX without setting up a database in your living room. Once in my directory I did what any other information-seeker would do, I typed out a whois. whois -h whois.geektools.com xyx.com Query: xyx.com Registry: whois.networksolutions.com Results: Registrant: XYX Corporation (XYX-DOM) ADDRESS Domain Name: xyx.com Aministrative Contact Catherine O'Day (CD1) mistressc@xyx.com ADDRESS PHONE NUMBER The rest of the information, while extremely important when trying to gather reconnaissance, is useless in this particular case as a zone transfer was out of the question. I did do an nslookup, but found nothing of interest. So far, what was of interest to me was the fact that Miss O'Day was in charge of everything! Now I had her email (which I already had) as well as her phone number and address! Wow, the information sure was coming in now. The last thing I did, although not really relevant to the telnet theme of this article, was to do a google for Catherine O'Day. Sadly nothing came up, and the same could be said for all the resume sites out there that may have held information. So after a long night of telnetting, I sat back and stared at all the information I had obtained. Of course you can always find a vulnerability, and maybe even write your own exploit that will allow you to gain access to a particular system, but sometimes it's fun to avoid the security all together. To gain all the legal information you can, and then use that to your advantage. Should I use SMTP and try to fake her out to gain access? Should I social engineer her over the phone? These things are possible, but considering my ethics I don't think I will. Sometimes it's better to just figure out how something can be done without actually doing it. Be aware that this article only touched upon a few of the things you can find using the internet. It was meant to be entertaining and show how someone can have all sorts of fun with a telnet prog, and not meant to show you all the ways you can gather info. With online databases on just about every human being out there, it's ridiculous to think that a malicious person would stop there in trying to find out more about you. Take that as advice. And finally, be on the lookout for future articles of mine. Watch for "Adventures in Scanning," which should be coming soon. -LanKY 3. GETTING INFO FROM YOUR TELCO: by Rane ________ | SNET | | | __ | | ( ) | | || | | (__) | < Is that a red box in your pocket, |() | | or are you just happy to see me? |___|____| | || | |_/ | | | | | Your local operator can be of great service to you, probably in more ways than you know. In this article I would like to show the average phone user (loser?) how to get information on the telephone. Getting info from the internet is simple, but when you pick up the receiver and have nothing but a dial tone it can be a bit intimidating. What kind of switch do you use, what's your LATA (local calling area) number, how do you dial overseas information? All of these are questions a legitimate customer may have, you just happen to be a hacker. Know Who To Call Dialing "0" will get your local operator. He/She can normally be found at what's known as the Central Office (CO) and should be relatively nearby. Probably only a few miles from your house. They can provide you with a wealth of information, as long as you know their limitations. Your local operator cannot get you information for anywhere outside your area code, but they can connect you to long distance. For now though, let's examine the type information we can gather from our local operator. (NOTE: Remember, different telco's have different policies. Some of the things mentioned here may not be possible with your phone company) 1. The time. 2. Local information. 3. Local line tests and interrupts. 4. Assisted Calls (may or may not dial 800#'s, those of you in Bell land need not even try, call Verizon long distance instead at 10-15-483-0) 5. Switch Information (may require social engineering) Now let's look at what your local op CANNOT provide. 1. Long distance information. 2. Phone number information (they will connect you to 411 for a charge, try asking them for your local telco business office, they may connect you for free) 3. Some don't allow connections to other telcos. 4. Area code information (will direct you to 00) 5. Country code information Next, long distance or as it's commonly known, "00" information. Dialing "00" will get you the same phone company only if your local provider is also your long distance provider. For example, I have SNET for both local and long distance. Other people may have SNET for local calls, and AT&T for long distance. In that case dialing 0 will get you SNET, while dialing 00 will get you AT&T. This operator will be capable of getting information from out of state or country. Before calling 0 or 00, be sure to know the type of question you have. If it deals with local calls or information, 0 is for you. Matters dealing with long distance, international calls, or anything that leaves your area code and LATA should be routed to 00. 411 and XXX-555-1212 Anytime you want to find a number in your local area code, you can dial 411 to get your information operator. It's been my experience that the information operator is not as friendly as he/she used to be. Back in the day, you could call and get all sorts of numbers before you hung up. Now, you call, say the city and place you're trying to find, and once the operator locates it a machine automatically dials it for you (for a charge of course!) If you're quick enough, you can jot down the number and hang up before the call completes. But suppose you want information for another area code? Some telcos will provide you with this nationwide directory service through 00, but for others you will need to dial into the area code's information service directly. To do this, simply learn the area code by using 00, and then dial 1-XXX-555-1212 (where XXX is the area code). This will get you information in your specified area code, now just ask for whatever you're looking for. Also, be sure to note that this also works for the 800 area code. International Information It's important to find out how much a call to overseas information will cost BEFORE you actually have your operator do it. Dial 00 and specify that you do NOT wish to complete the call at this time, but that you simply want to know how much it will cost. If it's not outrageous, and you need to complete a call, tell the operator the country and city you wish to connect to. Be sure to note that it's not possible to connect to long distance information (with the exception of the UK) from the USA directly, you need to go through an operator (and pay a shitload of money). Some say it would be much cheaper to simply call someone overseas and have them look in the phone book for the number you want, although this is inconvenient to say the least. Special Lines While not necessarily spoken about that often, there are certain lines that provide information about the phone you're calling from. Dialing 1-700-555-4141 from anywhere in the USA will announce who you have for a long distance provider. You can even dial a carrier access code before the 700 number to hear that carrier's particular long distance welcome message. (Below I will list a sampling of CAC's) In New York, dialing 958 from a phone will read back the number you're currently at (VERY handy at payphones, but will not work from a COCOT). In Connecticut the number is 970. If you happen to have any more of these ANAC's please send them into this ezine, we're dying to know them. Carrier Access Codes (A Sample) 10-10-288 - AT&T (will charge 3.50 PER CALL!!!) 10-10-222 - MCI WorldCom 10-10-333 - Sprint 10-10-444 - Global Crossing 10-10-555 - MCI WorldCom 10-10-220 - MCI WorldCom (geez do they have a monopoly?!) 10-10-321 - MCI WorldCom (guess so) 10-10-811 - MC-just kidding, Var Tec Telecom Conclusion Getting information from your telco should not be a trying event. Operator's are there to provide information about the often confusing telephone network. Whether you're trying to make a call, or just exploring the network for fun, keep that in mind. The op is your friend. While they might not always sound friendly, they're there to serve you. As long as you reach the right service you should be ok. Keep living in the lines and may the phreaks never die! 4. CURIOSITY: by DemetriusAC What is it that drives you? That thirst within you? Your craving for knowledge? Where does it come from? Curiosity. It is what drives us and keeps us where we are. It is what pushes us forward, and makes us look back. It is the pass to where you want to go. This is my story of curiosity, and I figure yours must be something like it: "Hmm, this is interesting. A computer. I wonder what I can do with this? A modem? What does that mean? I can connect to the world wide web? Is that a spider's web? You mean I can connect to another computer? Wow." I was around eight or nine then. It was curiosity that really pulled me in. "A 56k dial-up modem? What does that mean? I don't understand. Oh, forget it. Huh? What's this thing? A telephone number?" I had seen the dial up number for my 56k connection. I waited until my dad walked away. I walked over to the phone and called the number. "What is that sound? Wait, that is the same sound that came out of my computer when it was "talking" to the computer that connected me to the world wide web. I know what this is." I ran over to my computer and dialed up. Sure enough, the same ring. I listened to the two computers talking, fascinated. I then tried simulating the sound of my computer with my phone...with very little success. I didn't tell anyone this. It was my secret. I was around ten then. It was curiosity that kept me in. "What does this program do? Norton Anti Virus? McAfee Virus Scan? Oh, I understand. They protect you from computer virii like my anti-bodies protect me from real virii." I was beginning to grasp the concept. I had moved to middle school. We had a big network of computers at the school. Mac and PC. It was this year that I really got into "hacking", or what I thought was hacking. I looked for Mac Virii online. I wanted to be cool., like those virus writers I heard about on the news. I found the site http://www.happyhacker.com online. It amazed me. So many files I could look at. So many virii. I found one especially cool one that interested me. It was for AtEase (the networking tool the school uses). It put a bunny hopping across every screen at the school. I couldn't bring myself to download it though. "What if Mom and Dad found out? What if they knew my secret?" I was around eleven now. It was curiosity that held me in. "Start>Run>Telnet? Huh? I don't understand. Sendmail? Oh man. I can send fake e-mails. Heh heh. This is so cool." But I couldn't figure out how to do that Start>Run>Telnet. I didn't understand. I had to find a document that actually told me step by step what to do. I found one and I started to mess around with telnet. I thought I was a real hacker. I was still in the on-line world. I knew what an ISP was. I pretty much knew what Telnet and Sendmail were. I had a very basic understanding of IP addresses. I thought I was a hacker. I thought I was awesome. I found the Hacker's Manifesto. I thought it was the coolest thing. "We are all alike." I thought it was so cool I printed it and kept it in my desk drawer, with other printed text files on fake e-mail sending. It was the Hacker's Manifesto that lit my spirit. I liked it so much I called myself the (MySchoolName) Mentor, and tried to publish an online hacking newsletter to my school. I ended up sending it out once. Every person that got it knew it was me. In it I told everyone about the user guest I had stumbled upon. Within days the user guest was shut down on the school server. Whether it was from everyone using it or it being temporarily up, I will never know. I found a site called Cyberarmy. "A trooper? I'm a trooper? I can do better than that! Hmm, crack the code...Well. Aha! The HTML script. What? JAVA? Alright, what ever. Hey, I understand this. I know what this means. Hey, here it is. This is the answer!" I became a 2nd Lt. I was so proud of myself. Then came the next challenge, and I never beat it. Something about social engineering. "This isn't hacking! This is talking to a computer. I quit." And so I did. I left Cyberarmy, but returned later to become a Lt., to only realize that I absolutely hated Cyberarmy because everyone tried to cheat. I was around twelve then. At around twelve and a half, my spirit died out to the gaming world. I tried to learn Basic, but ended up learning Qbasic (I thought I could write my own games). I left the underground. Was I ever really in it, or just two feet under? Probably two feet under. I threw away all my texts. I kept the Hacker's Manifesto though. I don't know why, but I did. I turned thirteen, and it was curiosity that brought me back. I learned new things. "TCP/IP was a new concept to me. IRC? FTP? Ports? What are these things. Huh? What's this? Telnet to which port? Wow. Cool." I had found something new. My fire was relit. I learned about Unix, Linux, and Windows. I learned about more programming and networking. I learned about the connection between computers. I really began to learn about the underground. I am still learning, and soon turning fourteen. Curiosity has kept me, and I think it will keep me here. It is curiosity that has kept you here too. PAGE 2--> 5. RULES: by The Blue Giant Rules I hate rules. The majority of them were made to stop stupid people from doing even stupider things. That doesn't bother me though, if we didn't have rules stupid people would do A LOT of stupid things. What does bother me is when people refuse to bend the rules to fit the circumstance, break the traditions for the new times. This is something that apparently no one is willing to do. An example: My school has a mandatory Computer 1. It teaches the basics of Windows (just windows btw) and explains what programming languages do and are used for, that's about it. I refuse to take this class. I have told the principal, the guidance counselor, the teacher. I've told everyone and still nothing has happened. When I first brought it up I wasn't met with kindness, with a "Wow, good for you for wanting to be challenged." No, of course not, instead I was given a cold stare and told that it's a mandatory class that no one had ever skipped before. They had neglected to mention that this class has only been around for five years. I just don't understand this mode of thinking. It's school, I was under the odd belief that you were there to LEARN things you didn't know, to be CHALLENGED. Apparently I was wrong. School is there so that you can sit in an uncomfortable seat for 7 hours a day and try to stay awake. School is a place where you do as you're told without question and without thought. School is a place where you're taught obedience and how to follow the rules, even if you didn't know they were rules. Legally, I should be allowed to skip Comp. 1 but in my small hick town that's against tradition, and so everyone will fight it. What they don't understand is that I have rules to, a mind of my own even. I will NOT take this class, no matter what happens, for the simple reason that it's a stupid rule. I don't follow stupid rules. The problem with the rules that help stupid people is that most often they're mandated by stupid people, and they refuse to believe that they're stupid and what was good for them isn't good for everyone. The rules then are a hindrance, something that must be changed but probably never will. Those in charge have decided that these are the rules, and the rules are changed under no circumstance. No one deserves different treatment, no one thinks different, no one has the right to disagree. If you disagree, you are challenging their power, and you WILL BE PUNISHED. This happens everywhere, not just schools, though schools are where it should happen the least. The government has stupid rules that aren't changed, but the government has a lot of rules, a lot of people to govern, of course some will slip through. The problem is when this is discovered, and not changed. The same can be said of computers, exploits are discovered, they are reported, nothing is done about it. It's just inefficiency and laziness. I can't stand that kind of stuff. When I don't something I do it right, and when other people do something I expect them to do it right, or at least try their hardest to do it right. If they don't, if they REFUSE to , then they're just being asses. They're refusing to admit that they're wrong, to admit that things could be improved, or changed. Maybe it's my perfectionist attitude, my hacker inclination to tinker with things, to optimize everything, but I really can't understand this. Rules are good, when they make sense. When they don't they're just impediments, things to be changed, ignored, or broken. Stupid people make these stupid rules, and I can't stand either. 6. HOW TO BE A SNEAK: by Screamer Chaotix Seen the movie "Sneakers?" If you have, then congratulations, you're almost ready to be a Sneak. The Sneaks was a band of renegade kids who had nothing better to do than imitate what they saw in the movies. After seeing "Sneakers" my friends and I decided that that type of exploration was right up our ally. Banding together, we formed the Sneaks. Consisting of myself and three friends, we were unstoppable in our adventures. Some kids dreamed of going on wild adventures, but we were four that actually did. We could move through the darkness of the night without ever being seen, crawl through a house without being spotted, and navigate a treacherous path with ease. Does this type of real world hacking sound fun? It does? Then keep reading to learn how to become a Sneak. While now disbanded, I would love to get together with my old buds and have one last adventure. No computer, no phones, no technology except flashlights (and maybe radios nowadays). Together we would sneak into the inner most reaches of our town, the most private of property. Since this probably won't happen anytime soon, let me fill you in on what it takes to become a Sneak. First, you need a love of adventure. If you're the type of person that gets scared being somewhere you don't belong on a computer then you need not apply. The types of things we do would be far too much for you. Second, you must be willing to work as a team. If one person goes astray, the team is lost and risks doing jail time for trespassing. If you're to make a Sneak group of your own, you must trust your teammates. Trust is essential. Third, and perhaps most important, PRACTICE PRACTICE PRACTICE! Rushing out into your neighbor's backyard will not do anything except get you thrown in jail, and that's no fun. It was mandatory in my group to have a new recruit run what was known as the "Hell Path." The Hell Path was really nothing more but a long stretch of backyards, bushes, and loud dogs. Navigating your way down the street, by way of the backyards, would earn you respect. Getting back without being spotted earns you a place among the Sneaks. Congrats, I'm assuming you completed your initiation. Rest assured that wasn't to make you feel bad, or bust your chops. It was designed to show your fellow Sneaks how well you work under pressure. Will you cave in if a light comes on? Will you freak if a cop drives by? These are things that must be known before you go out into the wild. But with that knowledge, you're ready for your first real sneak. I don't suggest doing anything too daring your first time out to be honest, I can't recommend anything to daring at all. Remember, sneaking in people's backyards nowadays CAN GET YOU SHOT! So I must beg you not to. If you're going to sneak, try public places like behind stores, parks, and docks to begin with. It might not sound like much fun, but believe me there's nothing like the thrill of ducking behind a phone booth so you don't get spotted. That brings me to my next point. Before you can start dodging police officers, you need to know how to do some fancy "Mission: Impossible" type escapes. To practice, I suggest you try to get from a Point A to a Point B without being seen. Don't tell people what you're doing, just do it. If you manage to make it, great job. If you're spotted be glad it wasn't real. Where do you do this? I would say the best place is in your home. Making it from your room to a downstairs closet without being seen is always a good start, and can give you lots of experience. Next, move up to maneuvering through a public park. You can usually tell when someone sees you, and if you're spotted you need to keep practicing. Don't lie to yourself. If you're spotted, you need to try again failure to do so will only hurt your fellow Sneaks. With hours of practice behind you, you're probably ready to attack bigger and badder sneaks. Where you go is up to you, as I'm not about to suggest places for illegal activity. If you learn nothing else from this article remember one thing. Like hackers, Sneaks harm no one. If you sneak around someone's house you may indeed spot a woman changing, that can't be helped. But if you see something private, don't go and share that information with anyone. Of course, witnessing a crime is a different matter. If it's a serious crime, report it and be honest with the police (it's the best way to save your ass). Have fun being a Sneak, and be sure to uphold the Sneaks code of loyalty to friends and the love of adventure. Happy Sneaking! 7. OWNING SOMEONE'S PC: by Phear Nomore (NOTE: This article talks about Trojans, viruses, and other community deemed "lame" topics. But it does so in an informative manner, for that reason I ask that you read it first before objecting to its very existence) Ok for you lamers out there this article is a nice little way to have fun with someone's private property. That means you're going to be breaking law, and that's why YOU SHOULDN'T DO IT! Why do I tell your sorry asses how to do it then? Because it's fun to read this kind of stuff, that's why. To be honest, I hope most people learn what NOT to let someone do with their computers/accounts. To organize this article, I separated it into several sections. First we have Trojans (yes the virii), followed by shoulder surfing, and lastly password revealers. But before that, an explanation. To Begin No one wants to get into my PC, there's nothing in there. Why should I worry? Who's going to get into my files? I know you told me not to open .exe's, but he said it wasn't a virus! Ooh, so you mean HTML files don't normally have .vbs extensions? Heard those before? Yup, those are the comments of someone who just got royally screwed. People who purchase new computers are often very likely to be the ones that say this, as their the most arrogant when it comes to the technology they just bought. I can't really say why, but for some reason once someone buys a computer they feel like they're professionals with it. No matter what you say to them, they'll think they know everything. You tell them not to open certain files, not to give out certain information, and not to do certain things. Still, they feel invincible and do everything you told them not to. It's only after someone's snooping around inside their box, reading their email, or spreading viruses all over the place that they turn to you and ask what the hell happened. And don't you love this one, "How the hell did this happen?!" when they know damn well they did something stupid. Now, let's look at some of the ways they got owned. Trojans First up, Trojans. How many of you have seen .exe files sitting in your email box and thought "Ooh, a fun new program to run!" No one? Good. Far too often people who purchase new PC's (and are new to computers) don't even know how a Trojan virus works. Yes that's right, they don't even understand the dangers of opening an executable file. Well hey, it's not written in that cute little Windows 9x/2K/Me book now is it? Back in the day, you had to use a little social engineering to get someone to take and open an .exe file. But nowadays, thanks to newer versions of Sub7 it's possible to disguise these suckers in anyway you want. The victim will never even know what kind of file they're really opening. It's extremely easy to make a Sub7 file look just like a notepad file. And when the victim runs it, BOOM! They're owned. What can be done to stop this lame ass attack? Most obviously, don't accept any files whatsoever!!! Paranoia is your friend. But as was said before, it usually takes an attack before a moron realizes the danger files pose. Now I know some of you are saying that files are what a computer is all about, and for that reason I'll give you a few tips. The best tip is (if you must accept them) only accept files from people you know WELL. The next tip is to try and avoid files around 37k to 52k (especially if it's an mp3 that you know should be longer or a text file that you know shouldn't be that big, get the idea?) The problem with this? People can hide Trojans inside other programs, so again, being paranoid can save your ass (and your comp) Shoulder Surfing (surfs up dude) Have a lot of friends over your house when you're on the computer? I know I do, and sometimes I'm one of the friends when I'm at someone elses house. If there's one mistake I see far too many people make, it's entering passwords for their dial up/email/and telnet accounts while other people are in the room. Sound obvious? Don't be so sure. More often than not we're a little to trusting who we let around our precious desk/laptops. The most mischievous method of attack is to visit your friend's (target's) house and ask him or her if they got that email you sent them. They'll say no, or I don't know, or whatever. All you do then is ask them to check, and watch as they log in to their linuxmail account (or whatever service they use) If they're really stupid and use Outlook Express, things are a bit more difficult, but not by much. With their username and password for their email account, all you have to do to really give your friend a bad day is to email everyplace he has an account and say that you (he) forgot his password. They'll send it to his default email, which you now own, and voila you're pretty much guaranteed to be able to get into anything he can. Nice huh? The lesson to be learned? Don't let your friends watch you type, hell, make them leave the room! Password Revealers Exactly what they sound like. Small programs that, when run, will reveal all dial up passwords on a users Win box, and I doubt I have to tell you what you can do with those. How would one go about putting a password revealer on a users system? Pretty much the same way described above, by actually getting into their house (preferably by being invited). Perhaps the most devious method of getting the revealer into someone's PC is by giving your friend a game for free. I've seen it done folks, it works. You go over there with the CD (that contains the game, let's say Quake…cus I like Quake) and a floppy disk. They'll watch you go through the setup process most likely, but tell them it takes time and that you have to give them all the necessary skins and maps (they should buy it). All you have to do now is get them out of the room for a couple minutes. Ask them for a soda in a glass with ice, or a really mixed up mixed drink, or something from your car…anything to get them out of the room for several minutes. Once they're gone, place the disk that has the password revealer in their machine and there you have it, all their dial up passwords. Now it's only a matter of going home and entering their account, not to mention their email, newsreader, shell, and anything else their ISP may have. To Conclude While there are many other ways your computer can be taken over by trusted friends, these are a few of the more obvious ones that may not be so obvious to a person who just purchased a new PC. Of course there are key loggers, viruses, social engineering schemes, and SMTP tricks that will allow you to get control of their box, but those will be covered in another article (if I feel like it). Believe me, this article is not intended to be used as a weapon. That may sound like bullshit to a lot of you, but it's really not. Personally, I think it's sick to invade a friend's (or even a stranger's) private computer. This is a situation where that famous "house analogy" holds some ground, and people are given a reason to hate hackers. If you do use the techniques described above, remember that you're really not doing anything that great. Besides, what kind of information could you get from someone's PC? I would much rather play around with some huge UNIX database myself, but nonetheless, I hope you've learned something from this. It's better to be paranoid that to get screwed over, even if that means you have to be a hardass to your friend when he wants you to try his new program. 8. SNET AND SOCIAL ENGINEERING: by InValid SNET, or Southern New England Telephone, has to be one of the most paranoid phone companies I've seen in a long time. Below is what they have to say about social engineering. It's nothing too revealing, but it sure is a worth a laugh. Enjoy. Social Engineering, also referred to as the 90# scam, is the theft of telephone service through social interaction. Perpetrators call businesses with the ability to transfer callers and engage the PBX operator, Centrex, or Plexar user or small business owner in conversation, often identifying themselves as telephone technicians. They will ask the end user to transfer them to a long-distance operator, generally for testing. The Social Engineer has now gained access to the long-distance service. Calls are made with unlimited duration and usually to international destinations. The business owner bears ultimate liability for the completed calls. Social Engineers may also attempt to derive personal or proprietary information from the called party such as account information, calling cards PINs, or social security numbers. Many times the Social Engineer will pick on members of an ethnic community by speaking in the native language to gain the confidence of the called party. Should you receive unsolicited calls requesting information, don't provide it. Types of Businesses Targeted Any business that has call-transfer capability such as a PBX, Centrex or Plexar, or a small business owner can be a target for this fraud. Examples include: · Hospitals · Government Agencies · Armed Forces · Answering Services Warning Signs of Social Engineering Fraud · Requests for transfers to an operator. · Background noise which indicates that the call is from outside of the business (i.e., cars, trucks, street noise that indicates the call is coming from a payphone.) · Requests for outside lines or transfers after hours or on weekends when most supervisory personnel are gone for the day. · Unsolicited calls requesting personal or proprietary information. Recommendations The best policy is to train employees not to transfer anyone, ever, to an outside line. If a company decides to allow call transfers, then a structured policy should be put into place with regularly scheduled training. When establishing such a policy, consider the use of restrictions such as call-backs, passwords, calling cards or even pre-paid phone cards. The real key to prevention is to make sure the person affecting the transfer knows who they are talking to. Never provide personal or proprietary information to unsolicited callers. In addition, you should not dispose of organizational charts with employees' names and telephone numbers in public dumpsters because Social Engineers can retrieve such information from dumpsters. Call-backs If a person posing as a technician requests an outside line for any reason, ask for his/her supervisor's name and telephone number and a call-back number to verify that the request is legitimate. Remember, telephone technicians do not require any assistance in testing your telephone service. Passwords · Develop password security. · Change passwords every 30 days. · Don't make them too obvious and never keep them in a public document. Training · Discuss fraud in employee orientation, even for temporary workers/consultants. · Cover material whenever you feel it is required, at least once per year. · Use job aids such as tent-cards on every desk. Next, take a look at what Southern New England Telephone has to say about protecting their customers. You may be vulnerable to fraud if your business phone system can be accessed remotely. If you have a telephone system, ask yourself the following questions: · When was the last time I performed a physical security review and a review of the system security features? · Are my telephone closets locked? · Do I have mailboxes assigned to persons that have left the business? · Are there passwords that haven't been changed in months, if ever? If you are unsure about the answers, there are many consulting firms that are extremely qualified to assist you in performing your own evaluation or who can perform one for you. Security Investigate capabilities that allow the user to dial into a system, enter an authorization code, and connect to an outside line. Some applications which allow these types of access include PBXs, Auto Attendants, and Voice Mail. There are others. Consider the following: · Wide Area Telephone Service (WATS): WATS service should only be enabled in the places where you do business. If you only need regional service, don't use nationwide. Contact the provider of your WATS service for more information. · Remote Access or DISA: Do you need the service? If not, disable and remove the feature. · Passwords: Who has passwords? When was the last time they were refreshed? Are they random? Are they longer than 6 digits? The shorter the code, the easier to hack. · System Security: Is your system programmed to drop a caller after the second invalid attempt? Is your equipment vendor-maintenance port password-secured? Have you disabled the manufacturer-provided password? · Dial-out Capability: Most systems use either an 8 or 9 to request an outside line and make calls into the Public Switched Telephone Network (PSTN). If you allow callers to interact with your system and direct calls to an extension of their choice, be sure to block callers from accessing non-legitimate extensions. If extension "700" doesn't exist, ask the caller to try again. If the call fails a second time, abandon the call or transfer the caller to a switchboard operator. Additionally, be sure to block extensions starting with 9 or 8 as in 9XXX or 8XXX. · Toll Restrictions: If you allow dial-out capability after a successful access of the business system, have you placed limits on where the caller can go (International, Operator, 900, 976, Caribbean Area Codes, etc.)? There are many other considerations. For more information contact the vendor of your equipment and ask about system security or seek the advice of a reputable fraud consultant. After reading this, who wouldn't want to call up an SNET operator and try to social engineer them!? 9. A LISTING OF LOOP LINES: by TRON (NOTE: These lead to some guys in California on what they call "The Loop." If you call, tell them Screamer from the east says hi. For those of you that don't know, loop lines are test lines used by telco's. One person calls the low end (first number) and when another person calls the high end (second number) the two people will be connected. Please remember, if they're not in your area code you will be charged for the cost of the call.) 213-227-1118 213-227-1119 310-949-1118 310-949-1119 323-390-1118 323-390-1119 323-623-1118 323-623-1119 323-624-1118 323-624-1119 323-625-1118 323-625-1119 323-626-1118 323-626-1119 562-369-1118 562-393-1119 619-364-1118 619-364-1118 619-747-1118 619-747-1119 619-774-1118 619-774-1119 619-835-1118 619-835-1119 619-868-1118 619-868-1119 626-368-1118 626-368-1119 626-370-1118 626-370-1119 661-620-1118 626-620-1119 714-629-1118 714-629-1119 760-236-1118 760-236-1118 760-551-1118 760-551-1119 760-661-1118 760-661-1119 805-274-1118 805-274-1119 805-851-1118 805-851-1119 818-685-1118 818-685-1119 858-234-1118 858-234-1119 858-236-1118 858-236-1119 858-237-1118 858-237-1119 858-297-1118 858-297-1119 909-661-1118 909-661-1119 949-963-1118 949-963-1119 818-685-1118 818-685-1119 858-234-1118 858-234-1119 858-236-1118 858-236-1119 858-237-1118 858-237-1119 858-297-1118 858-297-1119 909-661-1118 909-661-1119 949-963-1118 949-963-1119 PAGE 3--> 10. FREE CELLULAR CALLS WITHOUT CLONING: by TRON This file is not in any way intended to endorse commiting fraud, rather to show weaknesses in the cellular system that anyone could exploit. 1.) American Roaming Network This Wireline roaming network can be reached by dialing 0 on a phone with no service. It will first ask for the number you want to call, then you can either chose 1 and make a collect call through an automated system or you can bill to a calling card or credit card. To use a calling card you just enter the card number; for a credit card you first enter the card number, you can use mastercard or american express, but not visa. Then you'll be prompted for the expiration date, next it'll want the numeric part of the billing address i.e. if the address is 476 main street you enter 476. Then you have to enter the zip code of the mailing address. If you try to use a card from outside the u.s. it wont work because the system is set up to take zip codes in 5 digit numeric format. You might be able to use a foreign card by talking to a live operator. You can also bill the call to a third party by pressing 0 instead of entering a credit or calling card number and going through a live operator. You can set up the greeting on a direct dial voicemail so it sounds like someones there to accept the billing, it just has to say hello then wait a few seconds for the operator to read their script then say yes they'll accept the call. It may take a couple tries to get the timing right. You can call 800, 888, and 877 numbers and bill it to a credit card but not to a calling card, third party, or collect call. 2.) Cellular Express This non-wireline roaming system call also be reached by dialing 0 on a phone with no service. There are four options to choose from for placing your call. Option one is for billing calls to a calling card, it'll ask for the number your calling, then for the calling card number. Option two lets you bill a call collect through an automated system. Option three like ARN you can bill the call to a mastercard or american express, but not to a visa. You'll be prompted for the card number, then for the expiration date, then finally the billing zip code. Option four allows the call to be placed using a prepaid cellular debit account, I havent been able to do anything with this option it asks for a ten digit cellular number. Like ARN you can call toll free numbers and bill it to a credit card but not to a calling card, nor can you bill collect calls to toll free numbers. Cellular express doesn't allow third party billing. 3.) Roaming Thanks to our friends at the FCC cellular carriers have to honor roaming agreements subscribers have made with other providers. By altering the mobile number and system id on a phone with no service you can trick the cellco into letting you place a few calls before the system catches on. When they block you from making calls, usally a fast busy signal, you can change your min and sid a few times and make some more calls before they block you for good. 4.) Social Enginering You can dial 611 and tell customer service your having trouble placing a call and ask them if they can try to place the call for you, if your lucky you'll get an operator that would be more than happy to try to place the call for you. It helps to have a real customers name, address, mobile number, and social security number incase they ask for it. 5.) Setting Up Accounts Using someones name, address, phone number, and social security number you can call customer service and set up an account over the phone with some cellular providers. You need someone with good credit otherwise they'll want a deposit. Ask about different service plans and act like your actually a real customer wanting service. Make sure you get lots of off peak and weekend minutes so you dont flag the account by making lots of calls that run up a huge bill fast,and be sure to get call waiting and three way calling, there always usefull to have. When they ask for your employers name tell them your self employed as a contractor or artist and give the home phone number as the work number. After you give them the information they'll tell you they have to run a credit check and they'll call you back in like 15 minutes, tell them your out running errands and that they can give you their number and you'll call them back, they shouldn't have a problem with this. Or if you have a loop you can use that. The account should last until the person who's information you used to set up the service gets the bill. 6.) Prepaid Cellular With some service providers you can set up prepaid service over the phone and later add time to it using a credit card. The only bad thing about this is you usally have to talk to a live operator to add more time. If they ask for a social security number and you dont have one just make one up, they only use it for security purposes when you go to add time to your account so be sure you memorize it. 7.) Adding Accounts To Existing Service You can call the providers customer service and tell them you want to add another phone to your service for another family member, but the best way is if the service belongs to a buisness that already has multiple accounts. All you need is the name, address, phone number, mobile number, and social security number of someone with an account. Follow the procedure in section 5 for handling the callback. The account should last until the person or buisness gets their bill with the extra account on it. If you have any questions, comments, suggestions, etc you can email me at tcmitch@frontiernet.net This file is property of The Dark Side Hackers DSH copyright 1995, 2001 11. THE DMCA'S GRASP ON LIVE365 The following is a partial list of the rules with which Live365.com's Internet broadcasters must comply under portions of the Digital Millennium Copyright Act, 17 U.S.C. § 114 (requires Adobe Acrobat plug-in), given the nature of the license Live365.com will be obtaining from the owners of the copyrights in sound recordings. We have abbreviated these rules to include only those that likely would be relevant given the manner in which you are able to use the Live365.com system. The relevant rules which you must carefully review are as follows: Your program must not be part of an "interactive service." For your purposes, this means that you cannot perform sound recordings within one hour of a request by a listener or at a time designated by the listener. In any three-hour period, you should not intentionally program more than three songs (and not more than two songs in a row) from the same recording; you should not intentionally program more than four songs (and not more than three songs in a row) from the same recording artist or anthology/box set. Continuous looped programs may not be less than three hours long. Rebroadcasts of programs may be performed at scheduled times as follows: Programs of less than one-hour: no more than three times in a two-week period; Programs longer than one hour: no more than four times in any two-week period. You should not publish advance program guides or use other means to pre-announce when particular sound recordings will be played. You should only broadcast sound recordings that are authorized for performance in the United States. You should pass through (and not disable or remove) identification or technological protection information included in the sound recording (if any). In order to keep Hackermind on the air we would have to comply to the system and see that we didn't violate any of these rules. Folks...if we're going down, we're going down for a good reason. And fighting the absurdities of the DMCA is a great one. 12. REVIEW "Anti Trust" Few will argue there aren't many very good computer films, and let's not even mention hacker ones. Anti Trust is what I would consider to be an exception to the rule. While being far from accurate in some areas, it's clear the creators of the film did their homework and actually learned about the culture they were portraying (open source fanatics/hackers). Sure, halfway through the film you might notice UNIX commands like "show -i nd47 -s /home users/net" but you can probably forgive them for giving non-computer people an idea of just what "ls -al" would do. Aside from these small technicalities, the film itself is rather suspenseful and well paced, but before I get into that let me give a brief plot summary. Milo Hoffman is a brilliant computer whiz who is working on an operating system out of his garage with his friends. He has a beautiful girlfriend, and things couldn't be better. But one day his life changes forever. After watching a live chat with Bill Gates lookalike Gary Winston he receives a call from him and is invited to work on the new Synapse software at N.U.R.V. headquarters (picture an evil Micr-er just picture Microsoft). Synapse is being designed to link all forms of communication together, a type of standard protocol much like TCP/IP. The problem is he can't compress the data stream enough with the limited bandwidth of cell phones that's where Milo comes in. Promised a fantastic job, new car, and life of luxury, Milo is brought into the corporate world. Leaving his open source friends behind, Milo teams up with the enemy. After starting work, Milo slowly begins to realize that not everything is right with N.U.R.V. (which stands for Never Underestimate Radical Vision by the way). His friend Teddy is murdered, and by chance Milo learns that his boss was involved with his death. Now Milo must prove to everyone he loves that his boss is a psychotic but he soon learns that he can't trust anyone. With people betraying him left and right, it's up to him alone to show the world what's been going on inside N.U.R.V. headquarters, before it's too late. One thing I think I should mention right off the bat is how different this film is from it's trailer. The movie underwent a massive editing session just prior to release, so numerous plot twists and scenes shown in the trailer were removed from the final cut. This left me feeling a little odd after my first viewing, having expected to see several key sequences that were advertised in the trailer (alright, alright Rachael Leigh Cook in her bra was one of them, are ya happy?!) Fortunately, thanks to DVD I was able to see the cut scenes. They really do add a new dimension to the film, but that's not to say the film as it is is bad in anyway. Actually, it's quite good. As I mentioned earlier, the film has a constant feeling of suspense. I admit, a few scenes made me jump, which is always a good thing when watching what's known as a "paranoid thriller." The pacing was also done excellently, with the tension building to unbearable levels as the film progressed. Ryan Phillipe earns my respect with this film. I really believed him as a hacker (the programmer kind) which I never thought would happen. Having seen him in both I Know What You Did Last Summer and Cruel Intentions I only saw him as a jock/asshole. But in Anti Trust you really sympathize with him and for that he gets a thumbs up. The rest of the cast is just as great, including Claire Forlani as Alice (his girlfriend) and the always adorable Rachael Leigh Cook as a Lisa. But the man that really takes the cake is Tim Robbins as the maniacal Gary Winston. His portrayal of the Bill Gates role was right on the money and I hated him from the beginning (especially after that whole "why open source is bad for businessmen" speech). If you want a nail biter that deals a lot with open source programmers, corporate evil, and yes even hackers then check out Anti Trust on DVD and VHS. Personally I recommend the DVD as it includes the bonus features that have the missing scenes as well as the alternate opening and ending shots. But remember, trust no one. 13. CLOSING ARGUMENTS Many say that hackers are pessimistic when it comes to how the world works, and perhaps they're correct to a certain degree. After being thrown in prison for copying files, sent to mental hospitals for drawing cartoons, putting up with incompetence, and dealing with people who insist you obey the rules because they're too lazy to make things better, it's easy to see why hackers feel the way they do about certain issues. You want to be a phone phreak? Be prepared to pay a ton of money just to get information. You want to learn about switching and routing? You have to pay 60 dollars per book. Sick of seeing people who know nothing about what they're talking about trying to tell you why what you did was wrong? The courts protect them because they follow "the system," not you. But is it fair to say that hackers are never optimistic? I don't believe so. Personally I'm very optimistic about the future of technology, in most cases. Digital telephones are linking the world together like never before, quality is improving, and computers are becoming cheaper and cheaper. Of course it will be an uphill battle, with nothing but oppression the whole way, but in the end there will be new electronic mediums, new ways of bringing the world together, and new toys for hackers to play with. This is why I feel optimistic, along with the knowledge that more and more people are starting to see through the pathetic excuses corporations like the MPAA and RIAA are making. People are beginning to see how greedy they really are, and if there's one thing the general public hates, it's an oppressive society. -screamer 14. CREW Screamer Chaotix - Editor in Chief Dash Interrupt - Webmaster The Blue Giant - Writer DamienAK - Writer Contributing Writers - Rane, DemetriusAC, Phear Nomore, InValid, LanKY, TRON Cover Concept and Photo - Screamer Chaotix Pictured: Panther red boxing in New York City Cover Layout - Dash Interrupt Shout Outs: Rachel Nichols, Jennifer Lamiraqui, Nicolas Lea, Emmanuel Goldstein, Izaac Falken Send articles to: articles@hackermind.net Articles for Freq11 due by July 8th, 2001! Tune into Hackermind every Thursday night at 10PM Eastern/9PM Central by opening location 166.90.148.114:9474 with WinAmp or Real Player. . WWW.HACKERMIND.NET 0100100101100110001000000111100101101111011101010010000001100011011000010110111000100000011100100110010101100001011001000010000001110100011010000110100101110011001011000010000001110011011001010110111001100100001000000110110101100101001000000110000101101110001000000110010101101101011000010110100101101100001000000110000101110100001000000110011001110010011001010111000101110101011001010110111001100011011110010100000001101100011010010110111001110101011110000110110101100001011010010110110000101110011011110111001001100111