FREQUENCY: Inside the Hacker Mind July 2001 Freq11 (Disclaimer: Information contained in this ezine is for educational purposes only. Readers are urged to not use this information for illegal purposes.) 1. Introduction "Those Damn Kids" 2. Monitoring the World With Shortwave 3. Cingular's Cell Phone Nightmare 4. Adventures in Scanning 5. Simplistic Email Tracing 6. The Power of a Journalist 7. Support Your Local Phone Phreak! 8. Why I Trust No One 9. Control 10. The Dangers of NetBIOS 11. Fun With Telemarketers 12. Review "Swordfish" 13. Crosstalk 14. Closing Arguments 15. Crew 1. INTRODUCTION: "THOSE DAMN KIDS" Those damn kids are at it again. Dialing up telephone conferences and pulling me into them, how dare they! Those damn kids. Port scanning my huge corporate database, little fuckers probably want to hack in! Those damn kids. Going through my private garbage, if I wanted you reading it I wouldn't have put it in the dumpster! Little bastards think they can read my garbage? They think they have the right to draw a cartoon depicting violence and get it away with it? As long as I'm in control (I being a 65 year old white haired, white skinned, white collar CEO) those little pricks are going to get as much hell as I can give them! I'll be damned if those little shitheads think they can outsmart me! Wow. What made me say all that you ask, well I'll gladly offer you an explanation. You may remember a good friend of ours, and crewmember as well, DamienAK. Sadly, DamienAK (like Dash) is being punished for something that may seem silly to you and me. While I'd much rather have him explain it to you, I think it would be best to let our readers know exactly what's going on with him. However, you can expect a full article from him in the future. That is, after his probation is up. DamienAK was found doing something that is a terrible crime in our country. Trashing. He was digging through the Department of Motor Vehicles dumpster, and apparently the guard didn't like that. Inside DamienAK's backpack, they found what they like to call "sensitive information." I won't speculate, but you can imagine what that is. A note written on a napkin perhaps? Dash on the other hand, drew a cartoon and is now on probation until his 18th birthday. This means he has a curfew, can't associate with one of his best friends. He also has to pay a hundred dollar fine (to the state…great way to get money out of people) and 20 dollars a month for a probation officer. Did I mention the random drug tests he'll have to submit to? Aside from these two incidents, I would like to ask people where the harm is, and why kids should be sent to prison for what used to be considered pranks. It used to be you could bring numerous operators into a teleconference by having them wait on the line and just get a good laugh…but can you really risk it today? Odds are if you're caught, you won't pass go, you won't collect 500$…you'll go directly to jail. And that's the way they want it. They being the moneymakers of the world. The white haired CEO's sitting in their cozy offices, the hotshot slick haired businessmen who don't know the first thing about the internet…except how to sell stuff. As long as these people have more influence in the government than you or I, you'll never be able to get the freedoms you desire. Recently on Hackermind, Dash and I pointed out a serious vulnerability in Var Tec Telecom. We in no way broke the law, but nonetheless you can imagine how those corporations with stock in Var Tec feel. You can imagine how Var Tec themselves feel. And of course, you can imagine how the authorities feel. All of them are angry. Angry at us, angry at hackers, because they're the only ones awake in this confusing world of technology. While some use their knowledge for foolish pranks, others to help the improvement of security, and yes some for purposes of crime, it's the idea of the hacker that scares those CEO's. Those men who have worked in the old fashioned world, and will be damned if they'll be shown up by some fourteen year old kid. For that reason, and perhaps that reason alone, hackers are shown as the demons of cyberspace. Hackers are people, and people can be good or bad. But when you're a strong interest group you can influence others into thinking that they're all evil, and that they all want to commit crime. Sadly for the CEO's, their power is slipping. How much longer can groups like the MPAA and men like Jack Valenti tell people "this is for your own good" before people begin seeing the truth? Before they begin realizing that hackers are simply fighting back against a system that overpowered its people by a lack of knowledge? The up and coming world is one that is slowly but surely beginning to understand what's going on, and with a little luck things will stay that way. Phew, with that out of me, welcome to Freq11. -screamer 2. MONITORING THE WORLD WITH SHORTWAVE: by Hammy Sitting in the dark, at around 3 in the morning, I listened to the static that came through the speaker. After pressing a few buttons, the static was replaced with the voice of a Vietnamese woman. She spoke English, but the things she said were still very foreign to me. Talk of China, and far eastern lands that I had never seen with my own eyes. Yet even though I was thousands of miles away, her voice came through my small shortwave radio. The frequency was 5,950 Khz, and had quite a bit of static, but this was to be expected. It didn't bother me at all, as I was too caught up in what she was saying to even care. For anyone who's ever listened to a shortwave radio you probably know what I'm talking about. There's something amazing about hearing voices from a foreign land coming through the air and into your room late at night. Have you ever tuned into the Voice of Russia (formerly Radio Moscow)? If not, I highly recommend giving it a try sometime. They can be found on various frequencies at different times of the day, but the best reception is always late at night. For more information, do a google search for "shortwave frequencies" and you're bound to come across numerous sites that can help you out. On the Voice of Russia, American listeners are able to see a different perspective of the country in which they live. Rather than the typical Americanized view of the world, shortwave radio provides a much broader view that can possibly open your eyes to the truly important issues facing the world. Not just the new diet pills or what tv show is topping the charts. Shortwave radio's are very inexpensive. The model I have is the DX-396 from Radio Shack. With a digital display, 12 band SW capabilities, and FM/AM as well it's a good deal at 70 dollars (on sale, 100 retail). The 12 bands are broken up by wavelength, for example: 120m covers frequencies 2300khz to 2495khz. For best reception, at a low price, a good trick is to take a long piece of copper wire and wrap it around the antenna and then extend it out into your backyard. The copper wire will actually act as an antenna and help you pick up more and clearer frequencies. The thing with shortwave is that you need to find just the right area of your house or room where the signal comes in the strongest. Some people find that sitting on their roof is the way to go, while others use their refrigerators as a grounding unit. Wherever you go, be sure to try all possible frequencies as one may have a better transmission than another. Be advised, shortwave radios are extremely sensitive to outside interference. Even the slightest EM emission from your computer will cause an incredible amount of static. Turn off all radios, televisions, computers, and microwaves before attempting to listen. Foreign countries are not all you're hear however. For those of you that want something a bit more interesting, there's always something good on the NORAD frequencies, as well as the Navy. Also, if you're the type of phone phreak or radio nut who loves strange transmissions, check out the ever famous atomic clock in Fort Collins, Colorado. Of course you can call this marvel of modern technology at 303-499-7111 but it's so much more fun (and cheaper) to tune into frequencies 5,000khz, 10,000khz, 15,000khz, and 20,000khz to hear what the coordinated universal time is. This is also a great way of knowing when a particular program is going to air. If you're a non-hacker and somewhat nervous about investing something you won't understand, fear not. A shortwave is just like any other radio. The frequencies may be a bit different, but you can find those online or in bookstores. Just tune in like you would to any other radio program. What's great about shortwave, when you're sick of listening to the same recorded DJ's going on and on about the dumbest things in the world you can tune in and listen to some real world news on your SW. And for those of you with that hacker frame of mind, I'm sure the mere thought of radio waves bouncing around the world to your receiver is enough to make you drool. Enjoy, and keep listening, you might learn something. 3. CINGULAR'S CELL PHONE NIGHTMARE: by Rane * |_ (O) |#| '-'sw You've probably seen those annoying Cingular Wireless commercials on television if you live anywhere in United States (with an exception for Alaska and possibly Hawaii). They usually feature a person far in the distance doing something to show expression, and as the camera zooms in a part of them turns into a small X (or a stick figure, depends on how you view the design). Charlie Sheen then tells us that Cingular is a company that understands the value of self expression, apparently so, considering this gaping hole in security that could seriously undermine your privacy. The problem is not a new one. Back in the early 90's MCI had the same trouble, and throughout the years other phone companies have adopted this particular approach to giving out information, but now it's Cingular. In Cingular's case, all a person need do is dial 711 on their wireless phone and they'll be connected to a machine that welcomes them with open arms. "Welcome to Cingular Wireless, for quality assurance your call may be monitored. Press 1 for sales, press 2 to check your balance…." It goes on, but we're only concerned with option 2 at this time. Press 2, and it will ask you to enter your wireless phone number. With that done, it will then ask for your PIN…unfortunately that PIN is your zip code. After this has been entered, Cingular will proceed to read back when your next cell phone bill is due, how much you owe the company, what your current balance is, how much time you have remaining, etc etc. Certainly a good service to have…when handled properly. The problem is, it's not very difficult to get someone else's cell phone number and zip code. If you're like me, the town you live in doesn't really have all that much competition when it comes to quality service (ie. It's Verizon or Cingular, choose your poison) so odds are all your friends are using Cingular as well. You have their numbers already, and you certainly know where they live…how difficult would it be to send them a forged letter demanding money be paid? And how embarrassed would they feel if you told everyone how much they owed on their cell phone bill? You probably have friends like I do. The kind that insist there's nothing private given out on the 711 service, and even if there was, who would want to listen to it? Yes we've all heard this moronic way of thinking before, and perhaps in a way they're correct. As far as I can tell (from the limited exploring I've done) there is no credit card or social security information given out on the system. Nonetheless, to offer up the information they do without so much as a password sounds a bit ridiculous. And since when did I say I wanted my information available to the world? I certainly don't remember giving anyone permission to put it up on what's the equivalent of a public bulletin board. With a little luck Cingular will get their act together and remove this before anyone can do anything with it. And guess what, you don't even need a Cingular phone to access this service. Just dial 866-246-4852 and experience it for yourself! . If that's what they consider secure, then I would love to see how much of my information they leave laying around their offices for anyone to see. Personally I would love to get the phone numbers of all the CEO's at Cingular, and let them see how much they like having their private information going out before the world. 4. ADVENTURES IN SCANNING: by LAnKY ______ | _ | |( )ooo| || |ooo| |(_)ooo| |_g____|jsm I'll be the first to admit that dialing random phone numbers isn't all that fun. More often than not you bump into the common intercept message saying your call cannot be completed, the number you dialed is not accessible by your area code, or the number you have dialed is invalid. When explaining to someone the fun involved with phone scanning your bound to get one or two odd looks. Most people don't see the fascination with dialing numbers just to see what you can find. Oddly enough, if you say you love to "talk on the phone" they understand it perfectly. But examining the phone network to see how it operates and what services are available is a strange undergoing indeed. As in my previous article, "Adventures in Telnetting," (Freq10) I want to show people the fun they can have with dialing numbers and playing around with phone systems such as PBX's, voicemails, call forwarding, and yes even talking to total strangers. But before I begin, let me tell you why the art of scanning excites me so much. No, it's not actually hacking until you begin trying to make something do what you want it to do, but the scanning is half the fun. For me, the thrill comes from the unknown. First I choose an area code, usually 800 considering they're free and typically hooked up to business lines (although more and more people are getting their own 800#'s these days, so be forewarned). Next, I choose an exchange, let's say 678, which came off the top of my head just now. Usually to do a complete scan of 678 you would have to dial consecutively beginning with 1-800-678-0000 all the way up to 1-800-678-9999, write down all the numbers you find, and then move on to the next exchange. To take you through all the numbers in any given exchange would take far too long. Instead, I would like to show you a few of the numbers you can find in your scanning adventure. But please remember, it's up to you to find these! Scanning takes a lot of time, so I recommend you get a friend to help. PBX One of the most famous of all scanning treasures is the PBX or Diverter. A PBX, or Private Branch Exchange acts as a switching station for a single entity (such as a large company). Nine times out of ten they will allow someone to dial in from the outside and access the system, thus allowing that person to make a call and charge it back to the business. You would think after years and years of this type of hacking going on that someone would bother to make a secure PBX, but alas, that day has not yet arrived. A diverter is slightly different. A diverter is an 800# you dial which will allow you to dial to another number and thus block your home ANI. Of course there is a charge for this service, unless you can happen to stumble upon a code. Voice Mail Another treasure of the hacker world. For years hackers would call up businesses late at night, long after the operator's had gone home, and play around with their voicemail system. Usually it would be extremely easy to find out someone's mailbox and password just by pressing the right number of buttons. For example, if after pressing any four buttons you received an error message…than in all likelihood it was a four digit password you were trying to find. Once found through brute force, you would have your own voicemail box on the system for all your other hacker friends to reach you at. Today's voicemails are a bit more secure, although not by much and not in all instances. Some now require you to press the # key after entering your code, this way no one can guess how many digits long it is. Others simply won't allow you to dial the 800# and enter the system. But all is not lost. Many voice mail systems exist today that have poor security and can be easily hacked. Of course, storing private messages on one of these boxes might not be the smartest thing in the world as anyone can listen to them. Modems and Fax Machines Yes, there is a difference in the way these both sound, but to demonstrate through text is impossible. With a trained ear though, you can certainly decipher what it is you've dialed up. One easy way is to whip out your favorite PPP program and try to connect to the number. If you receive a login prompt, congrats! You just found a dial up the old fashion way! If there's nothing there, or just garbled letters, odds are you've reached a fax machine. Aside from sending this unknown organization a million fax backs there's little that can be done with a fax machine. Before I move on, I think I should mention one more thing that fits into the modem category, and that of course are beepers. Pagers, beepers, whatever you want to call them, those are the little devices that allow you to message someone while they're on the go. Different types of pagers exist, although the most common ones today allow you to enter in a numerical message after the beep. This way the person receiving the page can know who's calling them before returning the call. What other type are there you ask? Well a while back there were "single purpose" beepers. These would do nothing more than beep when dialed, and unlike pagers, if you were on the calling end they would not wait for further digits after the beep. Pagers like this were typically used for doctors or technicians. When they were beeped, they would know to return to work immediately. Although it's very doubtful you'll find a beeper/pager of this type lying around nowadays. People If you've ever gone through the hell of scanning your local exchange this should be a cake walk for you. But many times, even when you call in the middle of the night, you'll find an 800# that has an operator answering. You have two choices here. One is to be extremely rude and hang up without even explaining yourself, the other is to get a bit more information. I hope you choose the latter, as it is much more enjoyable. You know you've hit an operator when they ask if they can help you (duh) but some may not identify themselves immediately. Perhaps you've called your local operator and only received an unsatisfactory "network operator how may I help you?" response. In this case, act surprised. Use your best social engineering voice and ask "w..what did I reach!?" and they're sure to tell you. In fact, one trick that I love is to ask "whoa…what city do I have?" and they'll probably spit out that info. It's always cool to see how far your call has gone, or how close it really is. If it's a business you reached, and it's half past the middle of the night, the operator will most likely welcome a little chit chat (if they're awake). Of course more information can be gathered, but let's just leave it at that for now. Moving on, there's one thing you never want to reach. A personal 800#. These are typically set up for people who have loved ones far away and acts as an inexpensive way for them to call home without doing the "Bob Weaddababyeetsaboy" trick. Ok, so maybe you do want to reach one of these, although I don't know why. You'll probably just wind up waking up some old lady in the middle of the night and wind up scaring the hell out of her. Obviously you can tell when you've found a number like this by the casual "hello?" you receive when answered. Calmly explain you have the wrong number and hang up, I've never met a single person who was upset after just one call. In fact, most people welcome telephone calls! Have you ever received a phone call from someone about your age, and after they apologize for calling you by mistake you say jokingly "aw that's ok, call back anytime!" Well, what if they did? Bingo, new friend! That's not all though, I would like to introduce you to the friendliest people in the world. These are the people who answer public phones. While having nothing to do with 800#'s, you're bound to reach a payphone if you're scanning your local exchange. The trick is to know whether or not it's a payphone (preferably before hand). You can do this by listening for noises in the background, or by getting the number ahead of time (the latter being the better choice). Should you receive an answer, you can remain anonymous and just say you're with AT&T and checking the lines, or tell them they've bumped in a genuine phone phreak and wish them a fantastic day. Don't feel like hanging up? Think you found the girl of your dreams at a payphone? Well, if they don't mind, keep talking! You can meet all sorts of people this way, and it's a lot better than just chatting on the internet. Remember, if you call a business the operator will not care if you made a mistake (just don't do it repeatedly, that's harassment) and if you call a payphone, the person is answering by their own free will. But please…don't pretend to be the operator and demand they put 50 dollars in the phone! page 2 --> 5. SIMPLISTIC EMAIL TRACING: (Originally published in Blizzard of Oz Issue 5) blizzardofoz.box.sk Don't you ever run into that occasional user that pisses you off so bad you just want to strangle the bastard? Well now through this special blizzard of oz offer you might be able to. Most people think email tracing is a complicated procedure only an admin can perform correctly, not the case if you can use a web browser you can trace email. So here's the gig. All email sent and recieved has a header. The header has the i.p.'s of all the smtp servers which sent, relayed, and recieved a message. So here's an actual mail header sent from and recieved by actual people using netscape navigator with "show all header information" turned on slightly reformatted and broken down in easy to read form. Received: from mail.webchoice.net (webchoice.net.6.240.24.in-addr.arpa [24.240.6.14] (may be forged)) by services.computerland.net (8.8.7/8.8.7) with ESMTP id MAA2667933 for ; Wed, 26 Jan 2000 12:33:29 -0600 (CST) << mail.webchoice.net aka 24.240.6.14 is the sending mail server the may be forged line was inserted automatically since it is possible to forge the sending server. services.computerland.net is the receiving mail server running extened simple mail transfer protocol (ESMTP) ver. 8.8.7 plus the esmtp id, which isn't of much use to you unless your a sys admin on that mail server, and then the address it was implemented for, which would be the pop account - kbooth. >> Received: from logan (unverified [208.18.8.3]) by mail.webchoice.net (Rockliffe SMTPRA 3.2.0) with SMTP id for ; Wed, 26 Jan 2000 12:36:45 -0600 << the webchoice mail server got the request to nab this message off the server from "logan" @ 208.18.8.3 which would be the place the pop3 server was logged into from. there's another smtp id we don't need and the date. >> Message-ID: <388F3F12.7DB2@webchoice.net> << only useful to the admin of the smtp server >> X-Mailer: Mozilla 3.04 (Win95; I) MIME-Version: 1.0 << the o/s and mail client used to mail >> Reply To: logan@webchoice.net I snipped the last 5 entries or so since thier pretty useless for tracing purposes really. So the bulk of the information we need is in the first header. First things first, we need to identify the server the mail was sent from. Which is webchoice.net, next we need to know the user name which is anything before the @ in the reply to address. Which would be logan. So it looks like the mail was sent from a user named "logan" through the webchoice.net smtp server. But what was logan's point of origin? Check out the second recieve header - from logan at 208.18.8.3 by webchoice. That ip isn't even close the webchoice smtp server's. So "logan" wasn't getting his internet service from the webchoice dial-up server. A quick scan on 208.18.8.3 will tell you that that ip has a firewall, which means someone has a reason for hiding behind it and that would have to be a business of some sort possibly a corporation. So that's all great but we need more information. At this point it would be in our best interest to make a WHOIS query. What is a whois query? Every domain on the net has to be registered through internic, internic by law is required to make those records public information searchable through a database. There are a ton of whois servers out there and so i'm just gonna name a few that I have had good luck with. www.arin.net - American Registy for Internet #'s really excellent. 5 star service. www.apnic.net - good for getting info on asian pacific servers. www.aunic.net - good for getting info on australian servers. www.nic.mil - all you ever wanted to know about military servers-beware monitoring. www.nic.gov - secrets of the government revealed. www.ripe.net - good for european servers. samspade.org/t/ - more than just whois excellent set of tools. So I plug in 24.240.6.14 to the whois server windows and hit go: High Speed Access Corp (NETBLK-HSACORP-2BLK) HSACORP-2BLK 24.240.0.0 - 24.240.127.255 HSA Corporation (NETBLK-HSA-COLUMBIA1) HSA-COLUMBIA1 24.240.6.0 - 24.240.6.255 Interesting, webchoice's t-whatever block is served to them by HSA Corporation. Useful, you could take superscan and work up the whole ip block and the cross reference webchoice to the ip's and query that ip but i think we can do better. Skip over to samspade.org/t/ and plugin webchoice.net to the address digger and check the whois box. Put webchoice.net in the box and stand back cuz' its about to get messy. Registrant: Capital International Holdings (WEBCHOICE3-DOM) 7777 Bonhomme Ave. Suite 1715 St. Louis, MO 63105 US Domain Name: WEBCHOICE.NET Administrative Contact: Meier, Mary (MM10406) mmcap@AOL.COM 314 726 0099 (FAX) 314 726 4880 Technical Contact, Zone Contact: Ruthenberg, Mark (MR15519) noc@WEBCHOICE.NET 573-875-0396 (FAX) 573-875-3007 Billing Contact: Meier, Mary (MM10406) mmcap@AOL.COM 314 726 0099 (FAX) 314 726 4880 Record last updated on 19-Jan-2000. Record created on 16-Dec-1997. Database last updated on 26-Jan-2000 14:15:01 EST. Domain servers in listed order: DNS1.WEBCHOICE.NET 24.240.6.9 DNS2.WEBCHOICE.NET 24.240.7.9 That's more like it. These are the people that registered the webchoice domain. A look at www.webchoice.net will tell you the home office is in columbia, mo so we want to find which one of these contact #'s is columbia based. Well the 314 area-code is St. Louis so we'll search on the 573.875.3007 #. Over to www.phoneloser.org/pi.html for an area code and prefix search and KABLAM. We now have a contact name and number to social engineer details about the account. Using the number on the homepage is always an option but the numbers here are upper administration if we can't weasal any info about logan out of Mark Ruthenburg we can just as easily call up the home office in St. Louis and talk to our new friend Mary. The conversation would go a little something like this. Hello this is Mark can I help you? Yea, this is (name of admin) for computerland internet services and we received a message from your mail server using an account called "logan" and would like to contact the owner of the message concerning it's content. Could you tell me the name on the account? Well, Im sorry to hear that one of our users is misusing thier account, Ill get that information for you just one minute << one minute later >> Yea that account is registered to Chad Logan and he didn't leave a phone #. Thank you very much, SUCKAH, I mean Mark. Have a fantastic day. It really is that easy usually. Back over the phoneloser's pi page with a person search for columbia,mo and here's mr. chad logan who due to the fact he didn't sign up to have his # unlisted has made his address and phone # public record. So now you know without a question the owner of the acount's full name, address, and telephone number. Now if we could just figure out where he works at. A quick call the Columbia Utility office pretending to be chad wanting to check his current billing address and work information will tell us his place of employment. Lucky for us Mr. Logan has a job at mbs books who has a website www.mbsbooks.com by taking the info from a search on arin.net for 208.18.8.3 and mbsbooks.com you can see that mbsbooks domain server is server via sprintlink as is the 208.* ip address. So it looks the firewall at mbs gave up the identity of the user at the terminal the mail was sent from. KABLAM. Another piece of the puzzle now we know the sender where the sender works where the sender was at when the message was sent the date and time. You still want more information? Well let's say this Chad Logan clown is an underground kingpin and you cant take him on alone. Call up his work and make up something halfway believable and more than likely they'll tell you his SS# over the phone. Then you will own the chadster. Every service he is subscribed to, every loan, every traffic ticket, every credit card transaction can be exploited to it's full extent. I don't have enough room here to cover all that but in future issues watch for it. So now you know the basic fundamentals of tracing down an email message. There are a few services which are going to be tough to trace through like hotmail, flashemail, and yahoo. It can be done, but it will require a little advanced social engineering and some mad technique since they specifically safeguard against things like that. The only real problem in tracing email, like tracing anything it doesn't do you any good to trace something to the source if the source isn't the place the person is at or they are using a hacked account and dialing in anonymously, since most isp's aren't gonna cough it up for ANI2 these people are invisible. If their thinking ahead anyway they wont dialup from home to send a message they don't want traced. So a word to the wise be careful where you send your mail it's really not that hard to pinpoint exactly where it came from. 6. THE POWER OF A JOURNALIST: by Screamer Chaotix We all know that social engineering can get you into many places, including those areas where you don't belong. But what few people know is how you can receive privileged information through legal means. The most important thing to remember, is that anyone can be a journalist. Journalists have power in this country, whether they publish an ezine (such as the one you're reading) or work for the New York Times. This fact is not lost by those in power. A journalist has the ability to post information about organizations and companies and bring sensitive information to the publics attention. As a journalist, you hold a power over these companies that they fear. You have the power to reveal the truth. What you see below is a reply to a letter I sent to the press department at idrive.com once it was learned they would be selling out to corporate ISPs, and thus leaving their customers without space for their files. While there is little information that one would deem "sensitive," it does provide you with more than just a customer service representative's speech. While making these inquiries, I could tell they wanted to do everything in their power to please me. They apologized for how long it took, offered me an interview with their CEO, and provided me with the following answers. (NOTE: I used the alias "Curtis Walker" when setting up the interview. There's no reason to hide, but I wished to remain anonymous) _______________________________________________________________________________________________ Ms Bonforte, My name is Curtis Walker, I'm an investigative journalist for a magazine in southern New England entitled "Frequency." We deal with the technological world and how it relates to security, privacy, and individual rights. In a future issue, we would like to focus on websites which offer free services to everyday people. Recently we had become aware that idrive.com would no longer be catering to the average user, instead turning its attention to the corporate world (with ISP's in particular). While I understand you are very busy, I was wondering if you would be kind enough to answer a few brief questions. 1) Why has idrive decided to move away from servicing individual people and integrate itself into the corporate world? **** i-drive has made this decision for strategic reasons. i-drive's strength is technology and we do not want to compete with our customers (i.e. ISPs and wireless operators who provide a bundle of services to their consumers) as we offer our technology to the market. Storage services will be an essential element of the services that telcos, ISPs and other providers are offering to their users - we would rather sell our technology to them than compete with them for consumer attention. **** 2) In relation to this, have you received any feedback from users? If so, has it been negative or positive? **** We have ensured a smooth transition to another quality service for customers that choose that option. Of course our users are disappointed, but many of them have been very supportive of our decision. (UH HUH, ANYBODY HEAR THE VOICEMAIL I LEFT THEM?) **** 3) What do you predict will happen to idrive now that its attention has been given soley to Internet Service Providers? **** Our focus is as a software company providing storage infrastructure and applications to Communication Service Providers worldwide, including wireless operators, ISPs, cable companies and satellite operators. There is a lot of interest in this space and i-drive has a very strong product to offer. We have formed key partnerships with companies such as ACCESS, Openwave, IBM and Retrieval Dynamics that give us market validation and will be a tremendous asset in developing, introducing and selling our products. **** 4) Finally, what does this mean for long time users of your site? **** In the immediate future, consumers will most likely transition to an alternate online file storage site which offers a subscription-based service. Eventually, i-drive will be serving those customers in a different capacity - through a wireless operator, ISP or telecommunications company that licenses our technology to offer to their subscribers. **** I thank you for your time, and would greatly appreciate a reply along with any other further comments you like to make. Before I conclude, I was wondering if there would be any way to get in touch with the CEO of idrive for a statement, be it email or telephone. Thank you. Curtis Walker Frequency Magazine ______________________________________________________________________________________________ Sure enough, they offered me a telephone, person to person, or email interview with their CEO. Maybe I'll take them up on this offer, but even if we don't pursue this any further hopefully people have seen just how much power you can give yourself by saying you're a journalist. Yes we can all see the bullshit they're spewing, but that's to be expected. The advantage of being a journalist is that they have to kiss YOUR ass, because you have the power to make or break them. Of course it's better not too lie. So if you like, start up your own ezine. Refer to yourself as "a small publication" and you won't be giving false information. Remember, the media cannot control what information we receive…if we are them. -screamer 7. SUPPORT YOUR LOCAL PHONE PHREAK!: by Winston Smith One day, while fucking around on the phone with a friend of mine, I began to wonder something. Where are all the phone phreaks? I remember them meeting each other on voice mail systems, loop lines, and conferences…but these are all relatively old ways of communicating. With so much done on the internet, I began to worry that maybe all the old telephone lovers of yesterday had completely abandoned this amazing contraption for the ease of IRC. First let me give you the typical "Why I'm a hacker" speech, or in this case why I'm a phone phreak. Let me stress to you that I do consider myself a hacker. In my opinion, anyone with a strong curiosity is a hacker…but there are different subsets of the word. The subset I most readily relate to is that of the phone phreak. The person who explores the complex network of phone lines looking for those numbers they're not supposed to be able to reach, those lines where people can communicate freely, and who learns new ways of getting information through the phone. I easily relate to this because of how long I've been into it. Back in the 80's, I remember picking up the phone and getting strange phone calls from hell knows where. That's what first amazed me. The simple fact that I was connected to another part of the world, and that I could travel all over without leaving home. How did it work, where could I go, and what could I do were several questions I had. With a rotary dial, I first set out to learn all about those copper wires that kept us connected. Back to my point, and allow me to apologize for branching off. Back in the day, special vacant line intercept recordings could be heard by more than one person at once calling in. For example, if I called 212-345-6789 I might get an intercept that said the number was not in service. If the message repeated, rather than hanging up…I had found something priceless. By keeping that line open, and calling the same vacant line with another phone I would be able to talk to myself! Ok, so I'm sure many of you talk to yourselves all the time…what's so great about doing it on the phone? Well nothing, unless of course someone else called that same intercept recording. What would result is a mini-conference call of sorts. When the message paused, everyone on the line at that time could yell out some information and actually have conversations! And when the message reset itself, watch out! Five seconds of silence was all anyone needed to let loose a hail of questions and comments…only to be answered or replied to during the next pause. Now this was all well and good, but a little distracting. That's why a vacant line with a broken recording was the best possible thing to a phone phreak of yesteryear. When dialing this line, you would be able to talk to anyone else calling up…without the damn intercept recording! A complete conference call on a vacant line…pretty cool huh? While you may not consider these people phone phreaks, remember that they did find something extremely useful and had fun doing it. That makes them phreaks in my book. Do you see this often today? Not really. Sure there are special lines you could call (as you saw in Freq10), but they're few and far between. Where can people meet now, I asked myself. Voicemail? Sure, if you both hack out a box on the same system you may meet up…but that's unlikely given the extremely secretive personalities out there. To be honest, the point of this article isn't to complain about the lack of phone phreaks to meet…rather it's to focus on a group of people that deserve more notoriety than they receive. With so many people jumping online the world has become a very text based system. Chatting no longer entails talking to another person, but rather sitting at a keyboard and typing special characters like :) and LOL. The world has become very impersonal, and if you ask me this is a bad thing. Again, please don't think that I'm condemning computer hackers or saying that computers don't interest me, they most certainly do. What I'm getting at is how much more fun phone phreaking can be. Dealing with actual people and having real conversations is lot more fun than communicating with an operating system. Maybe that's just my opinion, but I thank you for listening to it. 8. WHY I TRUST NO ONE: by Sad Is Tic They say the judge that sat before Bernie S put two fingers up to his own head, and made the motion of pulling a trigger. "We got ya Bernie," he must have thought. After all, Bernie S, real name Ed Cummings, had the nerve to sell crystals out of a van. When someone saw this going down, they called the police thinking it was a drug deal. Boom, the cops show up at Bernie's house and demand to search everything. Knowing perfectly well that he had every right to refuse a search of his van, Bernie told them "Please don't go rifling through my van, I have it all in order and don't want you to mess it up." Ten minutes later Bernie sees these men going through his van… "What are you doing? I told you not to search!" "You said don't 'rifle'…we're not rifling." The story is history from there on out. A man who had committed no crime, sentenced to prison for possessing materials that may, under the proper circumstances, been used to commit a crime. Damn shame he never broke a law…that's why people usually get sent to prison. His real name is Mark Abene, but you probably know him as Phiber Optik. Former member of the MoD (Masters of Deception) out of New York City. Here's another example of how our criminal justice system saw fit to punish a man more severely than he deserved to be simply because of what he "represented." Mr. Abene was guilty of spreading knowledge about the phone network, and for that he was sentenced to a year and a day in federal prison. Since when has the constitution changed from "may the punishment fit the crime" to "may the punishment fit the status of the criminal." I suppose we can see examples all over the place. Hackermind showed us what happens to someone who has the nerve to draw a cartoon, countless cases across the US have shown us how corporations have more rights than average citizens, and law enforcement is relentless in showing just how little it knows when it comes to technology. With these examples, why should I trust them? Why should I tell my children that the law is a good thing, and that only bad people get sent away. Especially when thousands of people are in prison…for doing absolutely nothing. Who could expect me to respect a system that throws my friends in jail for looking at trash? Or for spreading information? How can I ever support the system when it sees fit to place me in shackles because I figured out how a free phone call could be made? Am I innocent? Not if the foolish laws that are in place today have anything to say about it. For example, if I figure out how to break encryption on digital technology I am a criminal. There are no ifs, there are no exceptions. I would have broken the law without committing a crime. Did I lie, cheat, steal, or do something to harm humanity? No. All I did was write computer code…and for that I could face prison time. Of course this is all hypothetical, but for millions of people it's very real. Now let's clarify something for all the right-wingers reading this. I don't condemn law enforcement. No one, at least not to my knowledge, wants murderers walking the streets. No one wants child molesters on our playgrounds. And no one wants burglars staking out our homes. But let's not forget that people are innocent until proven guilty. Let's not forget that a person who possesses materials capable of committing a crime has not committed that crime yet. Is it legal to possess a gun? Yes. Is it legal to possess a tone dialer? Yes. Why then does the tone dialer wind up sending you to prison? If Radio Shack can sell crystals that are used in red boxes…why can't I? I'm hoping you see my point. With so much injustice in the world it's ridiculous to think that I could in someway trust law enforcement. This is, of course, excluding all examples of police abusing their power, lawyers breaking the law, and judges making fun of defendants. It happens, and someday it may happen to you. So if you don't understand what I'm saying, just wait a while. Eventually you'll think the wrong thing too. 9. CONTROL: by The Blue Giant Control All of society is a hierarchy. Now, I don't mean we still have royalty and nobles, but think about it. I can guarantee that every person reading this reports to someone else. You have bosses who are responsible for you, you have your parents, the government, and who knows how many other people. No matter how you think about it, there is a very clear and defined structure of power everywhere. Of course, even those 'on the top' report to others, who in turn report to others. Everyone has someone who is responsible for them. What I want to know is why. Why is it that no adult is trusted to be responsible enough to do their job without constantly being monitored by someone? Why is it tha we have to have managers and assistant managers for every level of person? Is the human race really that irresponsible? Most likely. The vast majority of people today hate their jobs. If left to themselves they would half ass them, and a depressingly large amount of them just wouldn't do anything at all. Trust me, living in a small red neck town I've seen how many people simply get workmans comp and spend all day at the bar wasting their lives and money. It's disturbing. Maybe humans are a whole are this irresponsible because we're used to it. You can look back generations and generations and not see a single person that dind't work on a time table or report to someone else. It's dummed us down. The vast feeling now seems to get as much money as you can with a minimum amount of work. Or just don't work at all. The sad thing is that people can do this. The employees can get away with it because that's how the manager feels, the manager can get away with it because that's how the boss feels, and the boss can get away with it because that's the company attitude. The company is making enough money, why work? Think now, for a moment, what would happen if there was minimal supervision. Think about what would happen if there were no work hours and as long as you got the job done, and did it well, no one cared. This worked in the middle ages, in select areas it even worked past that.Times have definately changed. Now, this probably wouldn't affect most of you, I wouldn't be to bothered by it. I already just write and code sporadically. Sure, I probably do it more than most people work, but I do it because I want to, and I do it when I want to. I live durring the late night hours, and survive on jolt cola. Most of you can probably relate, but can the rest of the world? Hell no! The average person would probably do a total sum of zero work. They'd figure, why do it anything? No ones watching me, I don't have to do stay here from 9 to 5, so fuck off. They'd be lost. No one would know what had happened, "Wait...you mean no ones watching me...it's up to me and me alone? I don't have to be in the office 8 hours a day...I can create my own timetable! Alright then, goodbye." They'd then proceed to get lost in their own self power. Maybe we could have pulled of an individually powerfull society a few hundred years ago, but now? Now the average person believes everything that's told to them, and exists solely to live through life, not to actually live it. People have lost their individuality, and in it the power to do things for themselves, by themselves. Even if given back that option, few would know what to do. First the system became corrupt, then the people became lazy. Then the masses became the systems machine. Now the masses simply go through with the motions of being automated, while the 'leaders' are just one step behind. page 3 -->10. THE DANGERS OF NETBIOS: by Screamer Chaotix NetBIOS is something that may strike fear into unsuspecting people on the internet, but in reality there's nothing to be afraid of if you're careful. Running on port 139, NetBIOS is Microsoft's way of allowing people on a LAN to share files with other 9x/NT machines. The problem? It's turned on by default, meaning anyone with the right program and a little know how can get into your machine and see what you have in there. And if you're not careful, or have no clue what's going on, this could be a serious security risk. The point of this article is to give the typical computer user an idea of just what can be done with NetBIOS, as well as some ways of protecting one's computer from intruders. I've left out the really technical stuff so that anyone can understand this. After all, the people that don't know what's going on are the ones at risk. Being the decent cable modem hacker I am, I took it upon myself one evening to see if a friend of mine was open to this possible attack. We both shared the same network, which meant a possible security breach existed (Earlier versions of NetBIOS allowed for attacks from all over the internet, but this has since been patched). To find her IP I did a quick trace of her email (easily done by reading the headers) and found her in a matter of moments. Next, I used my favorite port scanner to immediately check for port 139. Sure enough, it was wide open. But what, you may ask, could be gotten through this? Simply put, not much. Unless, of course, the victim was foolish enough to allow for shared files with no password protection. With the right program, an attacker could see these shared files, download them, and even write to them! Maybe that's why you have that big "j00 b33n 0wn3d" banner in your "My Documents" folder…hmm…. Well here's how it was done. Finding and Attacking Finding a person with a particular port open should be child's play for anyone reading this magazine, so if you don't know how to do that I'm really sorry. Maybe you should go back up top, I mentioned something about a port scanner up there. But let's say you're not a moron, let's say you have found someone on your own LAN who has that particular port open. How can you be sure they have shared files? Simple. All you need is a little program called NAT (or NetBIOS Auditing Tool) available freely on the web. With NAT installed, open a dos prompt and type the following: C:>nat -o file.txt -u userlist.txt -p passlist.txt It should be self explanatory, but I'll take your hand and walk you through it. The file.txt is where your output will go, the userlist.txt and passlist.txt are what the program will use to connect (those actual names will work fine, as most people don't even bother with trouble "security measures") and then of course, the IP address of your victim. Run that as is and you'll see exactly what folders are available to be shared by your victim's machine. For example, let's say the program returns the following folders as being shared. Music My Documents My Shared Folder Does this mean you can simply open a web browser and head over to their IP? Well it's not that easy, but anyone with a little time can figure out how it's done. For your convenience I'll tell you how that's done too. To attack, you must become your target…or at least become like them. Yes, you have to open yourself up the same way they are in order to explore those mysterious files that could hold all sorts of things! Bet ya twenty bucks the first file has mp3's! If you don't have Client For Microsoft Networks under your networking properties, you're a smart little puppy. This is the program that opens people up for this type of attack, or more specifically it's counterpart, File and Printer Sharing does (printer sharing? That's another article). For the sake of this little spy adventure you'll need it, so head on over to the control panel. Click on Network > Add > Client > Microsoft > Client For Microsoft Networks. Add that, but hit no when it asks you to restart. What you'll want to do now is install File and Printer Sharing For Microsoft Networks by doing the following: click on Network > Add > Services > Microsoft > File and printer sharing for Microsoft Networks and hit add. Bingo, once that's up and running restart your machine. You'll be asked to login, so you should probably do that. Now, you're hooked up to your LAN and able to share files with everyone on it…and see everyone else's files as well, exciting huh? To find the computer you're looking for, just go to Start > Find > Computer and then enter the IP address of the person you want to spy on. Once found, double click on the computer name and presto, you've got all the shared files visible to you in a browser window. Here you can search through them just as though they were on your machine. You can play mp3's, watch movies, look at pictures, install games…anything you like. But remember, you're also spying on someone without their permission. And in my case, I really had no desire to see what kind of music my friend was listening to. For that reason, I explained to her the simple task of closing port 139. Keeping Others Out If you're the average internet user then you probably have no reason to keep NetBIOS open. On the other hand, if you and a friend are on the same network and enjoy being able to have immediate access to one another's files then perhaps you would want this service up and running. Here's a few tips on keeping yourself safe. The easiest thing to do for those of you that have no use for NetBIOS is to remove it completely. This can be done the same way it was added above, only this time instead of adding the Client for Microsoft Networks and File and Printer Sharing For Microsoft Networks you would remove them from your network manager inside the Control Panel. With those gone, and a fresh restart, your worries regarding port 139 are over. What if you want to keep port 139 open? Then the best advice in that case would be strong passwords and limited file sharing. You may be able to share your C drive with the world…but do you really want to? Of course not. With passwords that only you and your friend know, you should be fine. But choosing the password is a task I leave up to you. If you've been reading 2600 for a long time I'm certain you know what kinds of passwords are weak (metallica) and which are strong (8sdf9as**s;dka*). Conclusion This article was just a brief explanation of how someone could snoop around in your folders, which is especially dangerous if you have no idea others can see the files you think are private. Snooping is by far the worst danger though. As I'm sure everyone can see, a much more sinister attack is extremely easy with write permissions available to these folders. By placing either viruses, Trojans, or enormous files into these areas one could gain complete control of the PC (or just render it useless). Imagine someone calmly placing Sub7 in one of your folders, running it, and then rooting you completely. It's a scary thought, but it's also one I haven't investigated completely. If anyone has more detailed information about either NetBIOS or it's dangers I welcome you to contribute them. And lastly, yes I did warn my friend about the dangers lurking right under her nose. After all, that was the right thing to do. 11. FUN WITH TELEMARKETERS: by Lost Boy The phone rings at around 4 in the afternoon. You look at it with dread, knowing all too well who's going to be on the other end. Ok maybe you don't know exactly who…but you have a good idea. A bank? A phone company? Someone looking to sell you vinyl siding? Whatever it is, they're probably a telemarketer. "Ugh," "grr," and "aw shit" are several words that may pop into your head when you think about telemarketers. But their phone calls need not be a thing of dread! As long as you remember one key thing…they called you. In a prank call, you phone someone else and act like an ass to get on their nerves. But in those cases you're in the wrong, and may wind up getting into a world of hurt. But not when someone calls you! They're invading your house, so feel free to fuck with them all you like! As long as you remember to not give them any reason to send someone over…ie. "Uh oh, maybe I shouldn't have killed my wife." Shit like that will get the cops to your place, and no one will be laughing. Listed below are a few things that I encourage people to try when being harassed by these pesky annoyances. Oh, and because this ezine is about opinions here's mine…telemarketers suck! A. The Neverending Phone Call Believe it or not, telemarketers LOVE when you hang up right away. This saves them the trouble of having to go through their whole routine for no reason. See, telemarketers call about 20 people at one time and usually go for the one that picks up first. If you get it on the first ring, there's a good chance you're the lucky son of a bitch. Now, if you hang up right away they're free to move on to the next potential sale…but the longer you're on the line, the more time they waste. Here's a brief example of what to do: Telemarketer: Good afternoon sir, I apologize for bothering you at this hour but I have a fantastic offer that just couldn't wait. You: Oh? What offer might that be? TM: Am I speaking with the owner of the household? You: Yes, yes I'm the owner of the household (doesn't matter if you're a fuckin burglar in the house, he won't care) TM: In that case, may I ask how long you've owned your home? You: Yes, yes you may. TM: …alright how long sir? You: You mean how long have I owned my home? TM: Yes. You: Oh I'd say…hmm let's see (drag it out as long as you can, hell go into your drawers and look for proof of how long you've owned your home!) Oh here it is, 15 years. TM: Well then-(at this point he will go into his long speech about what he has to offer, just let him talk) You: Hmm…that's interesting, can you just tell me that one more time so I can write down the information? TM: (he'll probably be a little annoyed, but let him go through it all again) You: Well…I'm not sure. (this makes him have to convince you, and causes him to stay on the line even longer) TM: Well sir, I can offer you blah blah blah (again, let him ramble) You: (if you like, you could keep going and going until he finally got so upset he hung up, or just let it go and finally say you're not interested, it's up to you) B. The Playback This one's fairly simple. Go to Radio Shit and buy one of those line recorders. If you already have a miniature tape player you only need to spend about fifteen bucks for the hook up. With this, record the telemarketers pitch to you. Then rewind, and while he's talking switch it from REC to PLAY and play his whole pitch right back at him. You can also play back anything else you may have recorded, such as a song or perhaps another conversation. The point is to get him so confused that he hangs up on you! C. The (Really) Wrong Number If there's one thing that scares the hell out of telemarketers, it's the Public Service Commission. The PSC is designed to protect the general public from the likes of dirty operators and annoying callers. If you ever find yourself with a telemarketer that won't go away, one thing to do is to forward your phone line to the local PSC. Only do this during the hour at which the telemarketer calls, and if the PSC (or whoever you forward to) picks up first…they'll wind up selling to the VERY wrong person. If you don't have call forwarding, there's always the other alternative. Simply pick up the phone and answer by saying "Good afternoon, Public Service Commission" or whatever. I've been known to say "Hello this is AT&T how may I help you?" when MCI was calling…and for some reason they don't try to sell me service…. That's about it for today. I can think of at least a dozen other ways to mess with their heads but I think maybe I'll save that for some other time. Yeah, yeah… "they're just doing their job." Bullshit! No one has to work as a telemarketer. At least you're not barging into someone's life everyday trying to sell them something when you work at McDonalds. There's plenty of honest jobs out there, but being a part of this garbage is simply inexcusable. For those people who are only trying to support their family by way of this type of job you have my utmost sympathies, but keep in mind that most people who become telemarketers are dumb ass college guys looking for an extra buck. As long as you remember that, and keep in mind that you're the victim…there's nothing wrong with giving them a little hell. At least I don't think so. 12. REVIEW "SWORDFISH" "Log On Hack In Go Anywhere Steal Everything" "You're not going in through the phone lines, you're going into the actual bank!" -Stan I have to admit I had high hopes for this movie…perhaps too high. While I hate the word, John Travolta saying "cracker" clearly showed an initiative to not bring down a bunch of fun loving hackers. Sadly, this is just one meaningless ploy to sound like they know what they're talking about. Before I get into a summary of the film, I think I should point out all the different things I felt while trying to complete this review. Immediately after seeing the film I wanted to stand up and scream about how ridiculous the hacker aspect had been, but later I started to wonder if I was being too harsh. After all, it's not meant to be a realistic hacker movie…its only intent is to be an action film. In the end, I made the decision that whether you like this film or not depends on your mindset. Are you going to see an action film? Or do you expect to see a film full of realistic computer use? If it's the former, you shouldn't be too disappointed…but I'll let the rest of the review speak for itself. Opening with a well written speech about the insanity of Hollywood endings, Swordfish may first seem rather entertaining. John Travolta has hostages with bombs strapped to their chests (set to explode if they wander off too far) and his demands are clear. After one hostage is pulled from the scene, a beautiful "Matrix-like" explosion fills the screen and leaves the viewer thinking they're in for one wild ride. But with the exception of Halle Berry, it's all downhill from there. The film goes back four days, where Travolta plays a sadistic killer known as "Gabriel." Gabriel wants to show the world they can't mess with the United States because of the repercussions that may ensue. To do this he must steal 9 billion in American dollars…and to do that he needs the help of a brilliant hacker. When his first hacker, Axel Torvalds (Linux fans take note), Gabriel has him killed. Why not save him instead? That would be boring! And it would keep our hero Stan, played by the always cool Hugh Jackman, out of the picture. Stan wants his daughter back, as do so many heroes in Hollywood today. And Halle Berry has a way for him to get her back, after all, getting ten million dollars would get a child back in your custody right? Uh huh. Nonetheless that's the plot, take it or leave it. The catch is, in order to obtain the money he has to help Gabriel with his computer needs. "I don't know, sometimes I can just see the code in my head." -Stan So Stan heads for Gabriel's club, where he is then put to the ultimate test. Hack into the DoD while getting oral sex from a beautiful blonde and having a gun stuck at your head…in 60 seconds. Well sure enough Stan flies through that beautiful GUI with complete ease, bringing up command lines out of nowhere and for apparently no reason. Alas, he does not pass the test…fortunately the gun wasn't loaded (no pun intended). At about 61 seconds he does manage to get in, and Gabriel decides he's the man for the job. And so begins what will become a WAY overdone bank heist. I won't waste your time, the rest of the film is predictable Hollywood action. From Halle Berry's nudity (definitely the high point of the film) to a bus dangling from a helicopter, the film tries too hard to be exciting. Sadly, it comes off as only a second rate action film. Enjoyable for what it is, but not recommendable. Ok, this is a hacker ezine so I suppose you want to know how hackers are portrayed. I'll skip over the amazingly vivid GUI screens that any moron could understand and get to the heart of the matter. Are hackers made to be evil? Well, no. Fortunately, Stan does pay homage to the Carnivore system and explains all it's evils…but this is immediately shot down by the FBI's vanilla reply "You broke the law!" Who does the movie favor? …come on, Hollywood is battling hackers as we speak, who do you think? Aside from that, the film does leave some big questions. Why run DS3 fiber optic lines into the bank you're stealing from? Why not just enter the backbone of the network at some other point? …aren't hackers supposed to do amazing things from far away? Oh wait, the film needed that explosion and huge chase at the end! How silly of me. Overall, the cast did a great job portraying their characters. Although I'm not quite sure what the whole magic angle had to do with the film. It's a little hard to explain, but the film actually treats Gabriel as though he can do anything to make himself disappear…another reality fault. But the faults of the film are twofold, one being the treatment of hackers…the second is the preposterous action scenes that appear for no reason at all (Picture a helicopter holding a busload of hostages…and flying through the city). Then again, if you only want a movie where shit blows up then this would be worth the price of a matinee. But if you're a hacker, get ready to stand up and preach to the audience because you'll be sickened by the technical inaccuracies. Hell, this movie makes the graphics in Hackers look realistic! "The best crackers in the world can do it in sixty minutes, unfortunately…I need you to do it in sixty seconds." -Gabriel (*oooo) One out of five stars for the effects and for Halle. 13. CROSSTALK Ok here's a section just for you guys/gals that don't want to write out complete articles or letters. It's a place where we'll print various things people say to us or ask us about. Yes we'll still answer your emails or web board posts when possible, but these are things that affect everyone and should be discussed in public. Ø Ok, I like your US shit, but you don't accommodate for Irish folk. Me and a couple of friends scan ALOT and you guys only have American scans and American loops. its very annoying. also, there's this Irish guy savour or something. email me or reply to this post please. ps phone 1800 555 920 - Microsoft Germany! [Posted by Gringo to the Hackermind Web Board] REPLY > While we want to provide information to everyone around the world, it's somewhat difficult to do on our own. The things we post are either submitted or found by us, but as you know it's extremely expensive to (legally) scan numbers across the country, let alone across the world. To make that happen we need your help. If you want to see more things from Ireland (or any country) start by sending some things that you find into Frequency. You mentioned you and your friends a lot, please share that with us. Once people see that there's an interest in that sort of thing, hopefully we'll see more coming in. Ø Wasn't there supposed to be a new show called Line Noise? I know you guys still do the line noise segment on Hackermind, but I could've sworn it was going to turn into its own show…. [Email from Siko] REPLY > I had made the pilot episode of the show, which was meant to be more phone phreak oriented, and aired it one weekend. I know a few people managed to tune in, but I know a lot others never got a chance to hear it. The show was nothing more than what's known as a "pilot." Consider that a test to see whether or not the show would work. Sure enough I had a great time making it, and those that tuned in seemed to really enjoy it. Sadly, making two shows is a bit much and I cannot continue to make new episodes. Plus, in order to give Hackermind the attention it deserves making another one would be far too much of a strain, both on quality and on myself. 14. CLOSING ARGUMENTS Ok, time to look back on all that this issue has taught me. I suppose this issue has shown me, as well as everyone else, that Hollywood may never get it right. It seems as though wherever we go we're forced to be subjected to their interpretation, and downright lies, of what hackers are. Sure we see some close calls, and even some actors doing their best to show the hacker spirit (Hugh Jackman being one example). But in the end what Hollywood is about is selling their films, as well as their messages. Yes Stan, we know you hacked into Carnivore because it was harmful to everyday citizens…but you broke the law! That's what we see…now take that as you may. Perhaps you see Hollywood admitting that hackers do, in fact, do things for the good of humanity. But I'm assuming most of you can just hear Hollywood screaming "Don't break the laws we make." One wonders how long before "they" make breathing illegal. We're in July right now. That means two more months of summer before we all head back to wherever we go. High school, college, or perhaps some of you are still in work. It makes me wonder what more the summer holds. To me, the summer time is different from the rest of the year. Especially considering I'm cooped up inside a classroom for most of it. But during the summer, you can stay up all night, sleep all day, and do pretty much whatever you want. The best discoveries always come out during the summer months. But what about next summer? What can we expect? For one thing, H2K2. The fourth Hackers On Planet Earth conference in New York City. Dash and I will surely be there, and we hope to meet many of you as well. You can expect to see us in the Social Engineering audience, as well as the network room where we'll be having all sorts of fun. If we're really up to it, we're considering joining the online radio panel…but that remains to be seen. And finally, I'd like to thank all the people out there who don't back down. All the people who question authority and don't follow it blindly. It's because of you that things change. Whether you refuse to give information at Radio Shack, or handcuff yourself to a building…you're making a difference. Stay peaceful, and they can never hurt you. -screamer 15. CREW Screamer Chaotix - Editor in Chief Dash Interrupt - Webmaster Da Peng - Network Operations The Blue Giant - Writer DamienAK - Writer Contributing Writers: Hammy, Rane, LAnKY, Sad Is Tic, Lost Boy Cover Layout/Design: Dash Interrupt Shout Outs: Da Peng, 203/501's, Anna Farris, Hugh Jackman Articles for Freq12 due by August 8th, 2001! Send article/cover submissions to articles@hackermind.net Tune into Hackermind Thursday's at 10PM Eastern by opening location 166.90.148.114:9474 "You mean like hacking into your computer? …I mean if you don't have a firewall that can happen…but no there's no security flaws in our network." - Optimum Online ignoring NetBIOS. WWW.HACKERMIND.NET