FREQUENCY: Inside the Hacker Mind November 2001 Freq15 (Disclaimer: Information contained in this ezine is for educational purposes only. Readers are urged to not use this information for illegal purposes.) 1. Introduction "Back to the Beginning" 2. Getting Your Article Published 3. The Dwindling Hacker Community 4. Dollars and Sense 5. A Life Less Moderated 6. The Phone Bill From Hell 7. Program Holes and What They Mean to You 8. On the Inside - Cayman Routers 9. Review - "Alias" 10. Crosstalk 11. Closing Arguments 12. Crew 1. INTRODUCTION "BACK TO THE BEGINNING" With all that's happened in the last few months, the World Trade Center bombing being the most notable, I thought it was time to head back to the origins of the ezine and dedicate this intro to what this ezine is all about. I suppose you can't really appreciate a hacker's mind unless you have one, but that's what this ezine is here for. To show everyone out there who is so preoccupied with using technology to make a buck how incredible it all is, and to open their eyes to a world of infinite possibilities. Many may read older issues and think we're a bunch of anti-government fanatics who don't care about anything except screwing over the people who dedicate their lives to making money…and…well I can't say you're completely wrong (insert laugh track here). But there's a lot more to hackers than showing people the wrongs of the world, or how technology is being used against them. Hackers are people who want to have fun, who want to play around and see what they can find, and this has been so since the beginning. Phone phreaks, people who would use blue boxes to control switches so they could route their own calls. Why? Why would anyone do such a thing, your common businessman would say, unless they wanted to steal? That's it, they want to make free phone calls to rip off the phone company, and that's not right! But wait, you're seeing these phreaks as people who are out to do harm…but what if you got inside one of their heads and realized they just thought it was cool to hear a foreign error message? How would it feel to know they only wanted to travel through the phone lines in search of others who shared their interest? Would you still see them as criminals if you understood them? But that's the problem isn't it? You don't want to understand them, at least, not when it's so easy to hate them. The same for hackers, why would you stop and say "oh…they don't want to harm anyone, they just like playing around with their computers," when it's so much more fun to watch a 15 year old go to prison for getting past your "admin" password? Did the hacker do any harm? No? Then why punish him so severely…why not call him and ask him to stop? Believe me, if he hears he was caught, he will NEVER return to your system again. Of course there are some bad eggs, some people who use programs that screw up your machine, but don't let that one person make you think everyone who calls themselves a "hacker" is a bad person. If one cop wrongs you, you can probably still admit that "not all cops are bad." The same for doctors, lawyers, businessmen, etc, etc, etc. And to those of you that make the argument, just because a person loves cars doesn't mean they have the right to steal mine…let me remind you that your car was stolen, and that's a financial loss. Believe me, if a hacker deleted important files, that would be a crime as well. But let's not over react or jump the gun in every situation. Sometimes, if you look close enough, you'll see that there was no damage done. Like we've said before, hackers think a bit differently than other people. But this is not the same thing as saying they all want to break the law and wreak havoc everywhere they go. So before you string up a hacker for figuring out how to make a free call, please ask yourself if he or she has any malicious intent. Do they want to ruin the phone company and put them out of business, or do they merely want to hear something in another country that would probably cost them ten dollars to do otherwise? Please, ask yourself that…although I'm sure you won't. After all, it's so much easier just to call the feds… -screamer 2. GETTING YOUR ARTICLE PUBLISHED: by The Hackermind Crew For a while now many people have been sending in articles to Frequency. Before we even continue with this article, we would like to thank them for their hard work and dedication. If you've ever submitted an article, you have our utmost thanks and appreciation. People like you are the ones that keep this ezine alive and going strong, but to ensure its continued success and your continued enjoyment of it, we've decided to throw together some pointers on how to get your articles published. Please keep in mind that this article is only relevant to Frequency, other ezines out there may ask for completely different criteria so please use your own discretion. Also, the crew of the ezine are the ones ultimately responsible for how good each issue is, and for that reason they reserve the right to print or not print an article for any reason. Just because your article doesn't make it in does not mean it wasn't any good, it just might not fit with the rest of the issue. That's the price you pay when you have to keep your readers happy. First and foremost, there are many ways to construct an article for Frequency. You may choose to write an editorial, the type of article Frequency is famous for, or perhaps a strictly educational one. There was a time when we were only concerned with editorials, but those times have changed. Frequency is about expressing opinions, and sometimes information is the only way to do that. But for the time being, let's assume you want to write an editorial. We can't tell you what to write about, but here's some editorial tips. First, make sure the opinion you want to convey is about something that hasn't been discussed before. When we first began all we seemed to get where articles regarding "why I hack"or "why I'm a hacker," etc. But after a while this becomes quite dull and repetitive to the average reader who wants to have something new to think about, so for that reason we ask that you please find something new to talk about. Second, spelling and proper grammar are pluses! We won't necessarily shoot down your article because it has a lot of spelling errors, but the more professional the article the easier it is to put in the next issue. If nothing else, please run it through a spell check program before submitting it. Third, present your article in a reader friendly manner. We understand not everyone out there is an English major, but your article should at least be treated with respect. For example, an article full of "fuck you's" and other such profanity really doesn't appeal to many readers. Fourth, and perhaps most importantly, back your argument up with facts! Your job as an editorial writer is to convince people that your opinion is correct, but making your article nothing but a huge cuss out or flame won't accomplish this. Those tips should help you write a publishable editorial, but now let's move on to an informative one. Here's where a balancing act must be accomplished, you don't want your article to be so extremely technical that only the best of the best can read it, nor do you want it to be so simplistic as to not even belong in a hacker ezine. Information is good no matter what, but try to talk about things from the hacker perspective that are hard to find elsewhere, insider information if you will. For example, discussing the possibilities of exploiting a particular Linux program is completely acceptable, while writing an article about how to get an AOL account is a bit too mundane. But perhaps the most difficult question to answer is this, what should I NOT write about? Frequency has always been dedicated to spreading the voice of the hacker community. Sometimes that voice may sound as though it only wants to do harm, sometimes that voice merely expresses an innocent love for playing with computers. And while we strive to not silence anyone, it's important to remember that certain boundaries must be drawn. Explaining how DeCSS works, for example, is perfectly fine. Showing a Trojan program you've written is fine, and so on and so on. What isn't fine are articles dealing with "how to get into my friend John's PC", or articles that explain how to do similar attacks against particular individuals. Do we really need John's dial up username and password? Of course not. If you're going to write an article relating to that subject, please leave John alone and focus on how the information was obtained, or could be obtained again. There was a time when we were able to write back to people and explain why their article couldn't be published, and while we wish we still could we're afraid it's just not possible. We hope you understand why we had to stop replying to each story we receive, and ask that you don't give up just because a few articles you write don't get published. Nonetheless, in case you were wondering why your article didn't get published you could go ahead and email us at articles@hackermind.net. Or, here's some common reasons why an article doesn't get printed: 1. The topic has been talked about far too much ("why I'm a hacker" and "why I hack" are the two most common topics) 2. The article was poorly written, to the point of being unreadable (Grammar and proper punctuation can be fixed, but an article with nothing but mindless banter is not enjoyable to read.) 3. The article simply didn't fit with the overall tone of the issue, but may be used in a future issue. (Perhaps you write a brilliant article on exploiting a particular computer program, but another article deals with that same program already, we may still use your article in a future issue.) 4. The article was written in highly technical terms that only a select few could decipher, or the article was written in a very amateurish way (Articles from all sorts of people are welcome, but again they shouldn't be exact duplicates of technical manuals, nor should they show a clear misunderstanding about a particular topic.) 5. The article was taken from another source without proper credit being given (Taking pieces of information from another source is perfectly alright, but only if credit is given. Copying someone else's work entirely with no credit will not be tolerated.) 6. The article had nothing to do with hackers or the hacker/technological community (Political articles are fine, as long as it involves hackers in SOME form. Articles about why democrats are better than republicans and vice versa, will most likely not be printed.) 7. The article gave away information about particular individuals (As explained above, there's no reason to pick on one individual person solely for revenge purposes.) Those are several reasons why your article wasn't printed, but please don't view this as a reason to give up writing. We're one of the few ezines out there that publish monthly, and as such we need as many articles as we can get, so please continue writing them. If you have any further questions, please address them to screamer@hackermind.net, and ask away. And finally, if you want to know the best kept secret to writing a successful article here it is…write about something that interests you. Good luck, and thanks again. 3. THE DWINDLING HACKER COMMUNITY: by Red Rover No one ever says "I want to be a hacker when I grow up," sound familiar? It should, I ripped it straight out of that junkie commercial, but I have good reason to. When thinking up what kind of article I should write I tried to focus on what seemed most important to me, regardless of whether or not anyone shared my sentiments. The topic I chose was the loss of "true" hackers within the so called hacker community. But before I say anything more, I would like to bring to your attention the fact that I do not consider myself a hacker in the traditional sense of the word. I love computers, but I don't believe I have the drive to find new things that can be done or partake in the thrill of creating something. This article comes from my observations of the hacker world, and is not meant to be directed to any one individual…nonetheless, it needs to be said. How many of you reading this article right now can honestly say you know a programming language so well that you could write your own program, which could then be used to compromise a system you have access to? I won't speak for you, you know whether you can or not. I assure you, I can't, so don't feel bad. Also, how many of you could find a particular system, reverse engineer the software used on it, and then gain access through that knowledge? Once again, don't feel bad…not many people can. For those of you out there who are being sickened by the words I write, I ask you to please hear me out. I'm not suggesting you don't have the spirit of a hacker, I'm only saying that you really don't have the same abilities and talents as those greater hackers out there. But how many people do? With that I'd like to begin my argument. The "hacker community" we know and love really isn't all it's cracked up to be, at least not if you see it from the typical viewpoints. Join an irc chat and you'll be bombarded by people calling themselves hackers, but how much of a hacker can they be when they have to ask someone "what's a wingate?" I'm well aware that Frequency tends to define a hacker as anyone who loves to figure out new things and new ways of "getting around the rules." But I also think this is just a nice way of allowing those that know nothing to feel good about themselves, and to feel as though they're a part of the community. Perhaps they do possess the thoughts and ideas of a hacker, but the fact of the matter is, a hacker is a person who knows enough about computers to make them do incredible things. If you can't do that, you're not one of the greats…ok, I'll let you have one. You can call yourself a hacker if you're trying to improve, but this brings me to my major point. How many hackers can really call themselves "great?" And what does this mean for the overall community? It's rare to find someone that you can talk to about technical stuff nowadays, much less someone who can accomplish some of the amazing things that were done back in the days of Phiber Optik and MOD. Is it because all the real hackers do what we believe they do, stay quiet and keep a low profile? Or have hackers dwindled down to being nothing more than kids who sit in chatrooms and call themselves something that they aren't? If so, what can we do to boost the community back up to what it used to be? A collection of greats who could do so much for the computing world… One solution is to turn away those that know little, as was done back in the early days. True it still goes on, but back in the 80's people that knew nothing weren't humored, they were turned away and forgotten…or ridiculed by those that new more. Today we've moved away from this philosophy for the most part, as can be seen within the content of this very ezine. We now, more than ever, accept people who know little as being a part of the community simply because we hope they will someday move on to bigger and better things and do some good. Along with that, we accept them because so many have said it's cruel to turn them away, and what can be accomplished by not helping them? I propose hackers everywhere turn away these people who know little, if only to give them something to strive for. Why should they continue to learn more if they're accepted without knowing anything? If a person can be considered a hacker just because they join a hacker chat, will they ever bother to teach themselves anything more? This could be debated for years, but I ask those of you that consider yourselves "true" hackers to think about what I've said. You may accept more and more people now, but let's not forget the good that can come from giving people initiative. If everyone looked at high school basketball players as equivalents to Michael Jordan…why should they work to better their skills? If we consider everyone who bangs on a keyboard to be a musician, why would anyone practice? From this article I hope you see how hackers can improve their community. Not by excluding certain people, but by giving them a reason to better themselves. For the last time, I do not consider myself a hacker and am not writing this article to make anyone feel dumb. I'm writing it as a message, a message to true hackers everywhere. If you don't want to be overrun by people who know relatively nothing, you must stop treating them as though they were equals. Be friendly of course, but don't answer their questions. Don't help them with information that can be easily obtained in a book. And above all else, insist that they prove themselves before you treat them as equals. There's no reason why hackers can't be friendly, but a hierarchy must exist to propel more people to strive for greatness. If this is accomplished, I'm sure the hacker world will be rebuilt, stronger than ever. 4. DOLLARS AND SENSE: by Screamer Chaotix A recent discussion with Dash Interrupt on an episode of Hackermind inspired me to write this article, if only to get a few things off my chest. The discussion focused on a movie studio removing a line from E.T., a film many people know and love. The line was something to the effect of "you look like a terrorist!" and was deemed inappropriate due to recent events. We both agreed that removing the line was foolish, mostly because changing the past does us no good, but also because we have to ask where it ends. Do we remove King Kong's climb to the top of the World Trade Center in the 1976 remake? Do we have Kurt Russell land somewhere besides the World Trade Center in Escape From New York? These unbelievable possibilities may soon present themselves as the commercial world feels the American people want nothing but Zoolander and happy go lucky comedies. But here's where the argument began. Dash felt the line from E.T. was removed to prevent the studio from losing money, while I claimed that was ridiculous and made the argument that there was no way money could be made from one line. In a way, we were both right. Through misunderstanding, I had thought Dash was implying that the studio was looking to make more money by removing the line, when he was only stating that they removed it to prevent the loss of money. Decide what you will, but regardless of reasons, I wanted to write this article to talk about the topic of money in our society a bit more, and how it relates to hackers. There's little denying the USA is a country based on capitalism and money in general, but many seem to think that I'm against these things entirely. This is somewhat incorrect, and I'd like to explain my position before continuing. Capitalism in itself is not a bad thing, nor is money. When used properly, capitalism could help the average man succeed in this often unjust world. It's only when capitalism evolves into such a life or death struggle for people that they no longer see things as right or wrong that we have a problem. And that's the situation we're currently in. Everywhere you go, everything is dollars and cents rather than right or wrong, and this is leading us to imprison some of the greatest minds of our generation. Take a hacker for example, a young man who gains access to a network simply by sending in a properly constructed email header. Soon thousands of password files are being sent back to him, some of which are not shadowed…even in the 21st century. With a simple cracker he breaks the encryption and can now enter the system at will. He does, and once inside he looks around, plays with a few programs, and then quickly bores of it and goes to watch a movie. Now, a society which saw things in terms of right and wrong would look at his actions and decide that he did no harm and had no malicious intent, but we don't see things that way. We see money, and more appropriately, the loss of money. Our legal system attacks this young hacker, who was merely playing with computers that were connected to his own by way of the internet, and throw any allegations they want in his direction. "You COULD have done this, and you COULD have done that." Statements like these are the creation of businessmen scared of losing a profit, and these fears come from a misunderstanding of what actually happened. It's even gotten so bad that we add rumor on top of speculation, such as "He had intended to sell the code he found, and that could have led to billions in damages!" A regular, non-technical jury would hear that and become horrified…what else could this hacker have done? But in reality there is no solid fact, nor solid evidence that the hacker did anything…or intended to do anything of the sort! Add to this the "guesstimation" of how much money COULD have been lost and you can probably understand why the court wants him to spend the next 20 years in prison. This is far from being the only example of right and wrong slowly but surely leaving our country. Remember, millions of wannabe entrepreneurs go online everyday trying to make a buck off the internet. Anyone heard of the X-10 camera? Of course you have, it's only one of the most prevalent pop up ads on the internet! Visit enough sites, and soon enough you'll have dozens of X-10 ads on your screen, along with other ads as well. Is it right to subject people to this type of bandwidth loss? Is it fair to install spyware on their computer and cookies in their hard drive to monitor their website viewing habits? We say no, capitalism says yes. For some reason, one that may never be known, spying on people is fine as long as you're doing it to make money. Do it for any other reason, say to gain access to a computer so you can try a new program, and you're likely to find yourself heading to prison sometime soon. Of course, I stand by my argument that not EVERYTHING is done for money. Some is done for power and control, but that's another story entirely. But while we're still on this topic, what can be done about it? What can we do to not only change the mentality of the country, but also protect ourselves as consumers. It's hard to say if we'll ever have a definitive answer for that, but one way is by getting your voice out on the internet. Jay and Silent Bob Strike Back was right, the internet is going to waste…it's being used for virtually nothing but porn and talking about movies. It's time we put a stop to that by letting our government know that exploration and experimentation are not crimes. We have laws to protect us, and when someone violates us they should be punished for the crime they committed. But please, whatever you do, don't let your mind be so focused on making a profit that you're willing to crush anyone that dares to portscan you. -screamer 5. A LIFE LESS MODERATED: by Shelly Bulletin boards were all the rage back in the 80's and early 90's. They were places where the technically inclined could hang out and share information, but perhaps most importantly, they were open to virtually all forms of speech. You could talk about warez and crackz, post access codes, even talk shit about the sysop! Granted each board was different, but there seemed to be that universal understanding that people should be allowed to say what they want. After all, if someone made an inappropriate comment they would be the ones to reap the whirlwind, not the board itself. Times have changed though. We now have people being sued for saying the wrong thing, handing out information, or even just saying the wrong thing about the wrong person. To help boards stay alive, sysops had to develop people called "moderators" or "operators" to manage their boards, which had since evolved into graphical boards on the world wide web. For the most part, moderators do their jobs well. They delete spam and remove posts that are not on par with the board (such as a post about murder on a hacker board) and tend to keep things tidy. This is all beginning to change I'm afraid, and from the several boards I've seen, things are changing for the worst. I won't bother with the ethics behind warez and crackz, but I will say they were once a very active player in the online world. Today most people see them as a negative, claiming they make the hacker world out to be nothing but criminals (don't know about you, but I think posts about how to steal pizza are what do that). As I said, if the sysop doesn't wish to have a particular topic on their board, that's their right. But to ban someone, or even just close their post, because they use the word "warez?" That hardly sounds fair… Another problem I've encountered on several boards is that of moderators acting as though they're a god. "Go off topic just a little…and you'll be dealt with!" is a phrase I've heard uttered one too many times. Why must people fear making a post? If hacker boards are all about free speech, then why do these moderators feel so compelled to shutdown dozens of posts a day? The answer lies in power. Give a person a bit of power and they'll run wild with it, crushing all that get in their way and making everything the way they want it. The same goes for web board moderators, they know they have the power to delete anything they like…and they'll do so without hesitation. And in the worst case scenario, the moderator will act as a filter…forcing people to only discuss what they want to hear. Moderators have power, there's no doubt about it. But it should never be used to regulate a board. Once that happens, freedom of speech is gone. Sadly, this power is not typically used against people that flood a board but on people who just want to ask a question. To be fair, it's only right to say that moderators are a necessary evil. The sysop of a board cannot be expected to maintain the entire site alone, nor protect it from those that may take advantage of free for all posting. Moderators, when used properly, can be a great service to a tired sysop. But if they're so necessary, is there anyway of dealing with them? In the 80's, when I found a bbs where the sysop shutdown posts for saying the wrong thing I left, as did everyone else. There were always more boards to dial up, and more people to talk to…so why waste time on one that will censor you? As I've jogged around the internet I've seen several hacker boards, some of which I've referred to in this article. 99% of them are moderated, and 99% of them have people being silenced. A good question to ask is, why do we feel the need to silence people? Couldn't we deal with the problem of censorship by allowing people to post whatever they want? I'm trying to refrain from naming names, but I'll assume it's alright to use the Hackermind board as an example. Yes it's not exactly a board where hackers can talk about hacker stuff, mainly it's more about comments regarding the show and magazine, but there are no moderators. There's Screamer, D4sh, and I believe some others, but from the times I've viewed the board I've never seen a topic be closed. People have flamed each other, made nasty comments, and said all sorts of things…and yet they remain open. Other boards have people saying "hi" and have their posts shutdown! I don't want to speak for them, and will even say that their board is a bit on the cheap side, but if Hackermind's board hasn't fallen apart without moderators, why should we assume that others would? Because they have more users? Is that really a justifiable argument? In the end we need to ask ourselves what we want in a web board. Do we want people telling us what to say? Or do we want free speech? Being able to say whatever you want is a beautiful thing, especially online. I encourage people to turn away from boards where you'll silenced, or even rise up against them by posting why they should lose their moderators. And if you really want to protect free speech, I suggest starting your own board. It takes little more than a free account to throw up a board and let people talk on it…and if everyone did that the world would be a far less moderated place. -REPLY- I'm trying to cut down on replies and limit myself to only responding to articles that deal with me, or Hackermind, directly. Since this article deals with the latter I thought this would be appropriate. Hackermind's message board will never be moderated because we believe that the people can deal with things themselves. It doesn't hurt us any to see massive flame wars, and we see no reason why we should stop them. On the other hand, should our users demand it of us we will see what can be done. Our users satisfaction is the first thing we're concerned about, and as of now what they seem to want is freedom. -screamer -EOT- 6. THE PHONE BILL FROM HELL: by Screamer Chaotix I'm pretty sure I've used up my daily allowance of space for the month, but considering it was a slow one I figured I'd put in one more. This is more of an update regarding something discussed on Hackermind, but it also looks at an old idea from a new angle. Please note, this article takes two separate perspectives…sometimes assuming you're the victim, and sometimes assuming you're the attacker. I did this so as not to anger people who are against crime, as well as to give a better explanation of how things can be done from a first person perspective. But in neither instance do I condone these illegal behaviors. That may sound really corny, but let's face it, there's nothing to be learned from acting out these schemes. Have you ever received a phone bill that was so high they had to send you three sheets of paper just to hold the digits of the amount to paid? Your first reaction may be that someone got access to your local CO and messed with your line, but these need not be the case. In fact, there are several ways someone can make your phone bill astronomical using nothing more than a regular phone. I'll mention the usual disclaimer now, to save my own ass in the traditional American way, and say that you shouldn't use this against anyone. Not only because it's a really cruel thing to do, but because it's extremely doubtful the phone company would make them pay it if they complained about it enough. I hate to give them credit, but since the telco already makes more money than you or I will ever see in our life, they're not too bad when it comes to letting a bill slide here or there, mainly when it looks outrageous. I don't suggest you use that knowledge to make all the calls you want and then beg them to not sue you, because the honest truth is, you never know. Anyway, on with the info. As we demonstrated live on the show a while back, certain operator services can't receive your originating number if you use three way dialing. While we've been strongly opposed to it, there are people out there that can use this to their advantage. By calling up a friend and splitting the line, an attacker could get an operator (10108110 was used on the show) and ask them to complete a call. If the operator asks for your phone number, you can probably assume they can't see it. It's a very foolish thing for operators to do, but nonetheless it's still being used by some today (others ask for a calling card or other option). Should the attacker give the operator your phone number as their own, the operator will probably act as though they can suddenly see the number, but this is only used to make you think that you can't outsmart them…ironic huh? Once the operator completes the call (preferably long distance for the attacker) your phone number will begin to be billed, and won't stop being billed until the call the attacker is making is completed. Thus, the attacker could stay on the line for the next month while you rack up the bill! Odds are you can get out of that bill, especially if you show the telco how long the call lasted (who talks on the phone for 937 hours straight?…aside from a few cheerleaders I know). But this is not the only way of billing a call to someone else, here's a more (slightly) advanced way of doing the same thing. In reality, the only thing more advanced about this method is that it requires an additional step. Third person billing is also known as "the phone companies worst idea aside from verizon co-opting the peace sign." At least to me it is. The reason for this dread is because it's such an easy service to exploit, and many people have wound up paying for calls they never made because of it. First of all, it's very nature is ridiculous. Assuming you're on the road and you don't have 50 cents to make a local call (or $10.50 for a minute long LD call), you could ask the operator to bill the call to another number. Obviously the operator would connect to this number and ask the person there if they'd accept the third person billing charges (so you either need a friend you can pay back later, or hope someone's home to accept the bill for you). Here's the problem, operators aren't very intelligent. After hearing the same rings and beeps over and over they tend to press the buttons as fast as they can, just to get those precious five seconds of peace between calls. These means that you could have the operator call something for "verification" and they'll never even know if they're talking to the right person…if it's a person at all. Sure you could bill it to a loop line, but if you're one of those vicious attackers who want to give someone the phone bill from hell you'll have this at your disposal. One way to go about tricking the operator, and the one that I don't recommend, is by commandeering their voicemail. We know voicemails are notoriously insecure, usually only requiring four digit passwords, so it shouldn't be too much of a challenge to take someone's over (try their address, birthday, etc). Once you have access, change the welcome message to sound as though it's a real person answering a call. You've probably bought into this yourself at one point or another, you know that jackass friend of yours that has his machine answer with a "hello?" and then laugh at you? Well that's close to what you're doing. Make the machine sound as though it's answering, and time it so that the machine replies right after the operator asks "Would you accept a third person billing request from so and so?" (You can time this better by actually having someone make an operator call you with a few third person billing requests.) If you're lucky, and your sinister enough to go through with it, the operator will most likely believe it was a person that accepted the request and bill the call to that number. Now would be a good time to use a cell phone to call back into the voicemail and change the message around before anyone gets suspicious. There you have it, the not so smart way of making a third person billing call…what's the smartest way? Ah, patience grasshopper. It's always better to not risk the operator realizing your scheme. Will you get busted? Doubtful, not if it's done from a payphone anyway. But there's always the chance she'll report it, and soon the system will be gone (who am I kidding, I wish it was gone!). The more appropriate way to go about things is to "plant" a friend at your targets house (assuming you know the target) who can answer the phone before he/she does. After placing the third person request through the operator she'll call up your targets house, and with a little luck the plant will answer first. The planted person could answer with "so and so residence" so as not to anger the target, who's house they're a guest in. And when the operator asks "is this Mr. So and So?" the plant could just say that it was. After the plant accepts the call, the operator will disconnect, leaving the plant to say "That sounded like so and so…but they didn't leave a message." Odds are the target won't suspect a thing…but sadly, they're phone has started to be billed, and for the duration of the call they'll collect the fee. Of course, this only works if the person you call stays on the line as well. How do you make a person far away keep the connection open. This can only be accomplished by either having yet another accomplice answer the phone, or by calling into something that won't hang up. Just remember, once connected the victim will begin to receive the bill…which could reach astronomical proportions. This, of course, is assuming the phone company doesn't cut into the call. We all know that switchmen are very lonely people, and if their ESS tells them a call hasn't disconnected in a month they might suspect something and cut into the line. But, that's the price you pay when you do something this stupid. These are a few ways that calls can be billed to you without your knowledge, but they're far from the only way. I could go into beige boxing, but I never really saw the thrill in that. Sure I've made a few, but there's no way to control a switch with a beige box…all you can do is rip off someone else, or listen in on their calls. Fun for some, but I'd rather have something that lets me go wherever I want…not just allows me to call for free. But if you ever notice an amazingly high phone bill I suggest you get in touch with the phone company right away, or the Consumer Protection Agency. They will do their best to help you with the problem…hopefully. -screamer 7. PROGRAM HOLES AND WHAT THEY MEAN TO YOU: by JayX Telnet, SSH, FTP, SMTP, finger. All of these programs are designed to make computing easier. With these services running on your system you can access all sorts of information all over the world, but as with anything else, this comes with a price. It's important to remember that the internet is in no way secure, but that by adding more and more programs to your system that run on specific ports you're upping your chances of being attacked. For your novice hacker, scanning for a well known vulnerability and then using the code someone else wrote to exploit it is a common thing. In fact, I'd be willing to bet that 9 out of 10 intrusions come from someone using an already existing vulnerability. This is an easy way to get access to something, but if the challenge of getting in is what interests you, you're probably easily bored by this. Here's where all those security measures, and other programs as well, come into play. First off, this is meant to be extremely hypothetical and is not guaranteed to provide the reader with an answer in any way. Hopefully by reading through this paper you will be able to figure out exactly what you can do to help yourself become a better hacker, so please remember this isn't a tutorial. But enough of that, let us begin. I will assume you have a particular system in mind if you're not interested in finding well known vulnerabilities. The best way to begin an intrusion attempt is by first mapping out the network where the system resides. I won't go into detail about how to scan a network, I'm assuming the reader knows how to do that. With the scan completed, you should be able to see what's running where, as well as the programs on a particular machine. Here's where things begin to get interesting. Let us assume port 21 is open, and is running a particular FTP program…we'll call it XXFTP. An amateur hacker would hop over to securityfocus.com and search for a vulnerability matching the program and version number, but you're too smart for something that pathetic right? Here's where we separate the dummies from the smart guys, although it's really not that difficult of a step. First, do a search for XXFTP (using the proper version of course). You'll undoubtedly find discussions on vulnerabilities, but what you're looking for is the actual software. Most likely it's out there, you just need to find it. If you can find the program, I suggest you install it and learn its ins and outs. Learn everything you can about it, what does it do well, what does it do poorly? With that knowledge you'll be more prepared should you encounter that same program in the wild, not only will you know how to use it, you'll also know its weaknesses. Even more important than the program is the source code, now this is where things really get interesting. Of course, getting the source code of a program can be somewhat difficult in the monopolistic world Microsoft has us living in. The best advice, shy of getting into the manufacturers computer and risking prison time, is to search around on newsgroups related to software and software development. You can probably say you're working out a few bugs in your XXFTP prog and need the source, perhaps some kind person will have it handy. However you get it, once you have the source code for a particular program you've struck gold…if you know how to read it of course. This is where all that advice people gave you about "reading" comes in handy. If you're a moderate C/C++ programmer you can probably read the code and learn for yourself just how it does everything it does. This also means you can see it's ins and outs. Is there an int where there should be a long? Things like that can really be valuable to the hacker who's searching for possible vulnerabilities, but obviously there are far too many to list here. In order to find out how a program is vulnerable, I suggest reading the code, and once you know how it works, try doing different things with it. Send a file that's enormous and see what it does, what happens when a user disconnects halfway through a transfer? Things like that. Hopefully you realize that this need not only be done with port 21. Any program running on any machine can be studied and used to your advantage, the only thing you need is time and effort. I can't tell you how sick I get when I hear someone say "this isn't hackable!" just because port 23 is closed. If people don't begin realizing that every port on every machine has infinite possibilities we'll all be doomed to brute forcing all night and all day, getting nowhere fast. Then again, many people know there are…but choose to go the easy route. Damn shame if you ask me. 8. ON THE INSIDE - CAYMAN ROUTERS: by Da Peng Cayman routers were first heard of a year ago, when it was released that their "out of the box" condition included no administrative password protection. When installed in a users home, few telco technicians bothered to mention that the DSL router was wide open to anyone who dared to connect to the machine using a web browser or telnet. From there, they would have root access to the router and be able to do whatever they wished with it, including steal users passwords. Just recently this was reported on securityfocus.com from Kevin Poulson, where a group of hackers found a few routers (which were password protected) and managed to get in by reading the source of the page! Yes, the admin password was clearly visible in the source…hey folks, didn't we get rid of this nonsense back in the 90's? Cayman routers are typically found under SBC's control, including but not limited to Ameritech, Southwestern Bell, and Southern New England Telephone. I apologize for insulting your intelligence, but they can be found by scanning these companies subnets for machines running port 23 and/or 80. Just start at the beginning and work your way up, from XXX.XXX.1.1 to XXX.XXX.255.255 and you're bound to find dozens of them. Granted, some may be firewall protected and show up as filtered, but a scan of SNET just last night revealed at least a dozen open routers, all ready to be abused. It's important to remember that there is no skill needed to gain access, which is what makes this such a horrible hole. Even if the router is password protected, the password could still be viewable in the source, allowing malicious users to control your machine. Directly below you will find instructions on how these machines can be penetrated, and how they can be secured. Below that is the actual view of the inside of one of these routers. Please note, entering in the commands listed will produce obvious results and have therefore been omitted. ______________________________________________________________ Kewlhair Security Advisory Advisory Name: Router Passwords Advisory Released: 03/09/00 Severity: Moderate Summary: An attacker can seize control of an SBC customer=92s router. Overview: SBC is currently deploying the Cayman-DSL router to its DSL customer=92s.(SBC communications being the parent company for Southwestern Bell, Ameritech, Pacific Bell, Nevada Bell, Cellular One, and a few more.) With this deployment SBC is neglecting to set passwords on the router. Kewlhair has found over 300 of these non-pass worded routers. Description: Telco engineers often fail to set passwords on DSL modems installed at Customer sites. The vulnerability affects many different DSL modems. The Cayman product is especially vulnerable because it defaults to having no Password at all. As the Telco=92s does often not educate the customers, their modems are left vulnerable to intrusion and denial of service events. Vulnerability: An individual with malicious intent could easy scan for these devices on a DSL providers network, connect to them, and disable them without significant effort. In addition, an intruder could disable access to the device itself by installing a password (which only they would know). A significant vulnerability is that these devices often can be set with Static routing tables so packets could be sent through an environment where a malicious third party could monitor the traffic. The Demo: [ user@xxxx /user]# telnet xxx.xxx.xxx..xxx.. Trying xxx.xxx.xxx.xxx... Connected to xxx.xxx.xxx.xxx. Escape character is '^]'. Terminal shell v1.0 Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub Running GatorSurf version 5.3.0 (build R2) ( completed login: administrator level) Cayman-DSLXXXXXX> Worse Case: Someone writes a script that logs into every one of these routers sets the passwords, then changes the ip or kills the interface so it no longer works properly. Then causing and SBC engineer to come to the home or place of business to fix this problem. (I bet that would cost some bucks) Solutions: Mandate that the Telco engineers change the default passwords on the devices at time of install, and provide literature to the consumer advising them of the risks of DSL (or cable) connections to the Internet. Quick solution: Set your password on your Cayman router. http://cayman.com/security.html#passwordprotect How do I password protect the Cayman router? Through the browser: 1. Browse into the Cayman router. 2. Click on the " Expert Mode" link. Through a Telnet session: 1. First establish a telnet session to the unit or connect serially to the console port at 9600 Baud. 2. At the prompt, type " configure" ( NOTE-all commands are typed without quotes) and enter. 3. At this point you will be at the " top" prompt. Then type " system" and enter. 4. Now you will be at the " system" prompt. Here you type," set password" admin and enter. 5. You will then be prompted for the new password and then be prompted to repeat the password. Once you have done this, you will be back at the system prompt. 6. Here you will need to repeat the process, this time for the user password, by doing the following steps: 7. Type, " set password user" and enter. Again you will then be prompted for the new password an then be prompted to repeat the password. Once this is done, you will be at the " system" prompt again. Here type," quit" , and you will be prompted, " Save modified configuration data [y|n] ?" Type, " yes" and the router is now password protected. NOTE- We recommend that the admin and user password be the same to avoid confusion. This approach allows only the admin password to view or change the settings. asiverly@kewlhair.com ______________________________________________________________ --Inside the Cayman Router-- $ telnet XX.XXX.1.40 Trying... Connected. Terminal shell v1.0 Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub Running GatorSurf version 5.6.2 (build R1) Multimode ADSL Capable ( completed login: administrator level) Cayman-DSL1774011> ls Unrecognized command. Try "help". Cayman-DSL1774011> help help to get more: "help all" or "help help" configure to configure unit's options netstat to show IP information ping to send ICMP Echo request traceroute to send traceroute probes nslookup to send DNS query for host atmping to send ATM OAM loopback arp to send ARP request diagnose to self-test options quit to quit this shell reset to reset subsystems restart to restart unit show to show system information start to start subsystem status to show basic status of unit telnet to telnet to a remote host who to show who is using the shell log to add a message to the diagnostic log loglevel to report or change diagnostic log level install to download and program an image into flash download to download config file upload to upload config file clear to erase all stored configuration information wireless to Execute wireless TEACH or LEARN Cayman-DSL1774011> No one ever said the inside of a router looked pretty, but it sure does hold a wealth of data that can be valuable to an attacker. My thanks to kewlhair for doing most of the explaining for me, after all when they say it so well why try to say it better? And thanks to Screamer for pointing the problem out to me and letting me take the credit for this one, along with the kewlhair team who were on top of things long before anyone else. Last but not least, thanks to Kevin Poulson for his wonderful reporting. Until next time, this is Da Peng saying waa. -=[203/501]=- 9. REVIEW - "ALIAS": by The Hackermind Crew True it may not be a completely hacker oriented show, but we would like to take the time to give this relatively new program some recognition. But it's also true the only reason we're doing it now is because Kevin Mitnick had just appeared in an episode. While his part was miniscule, it was nice to see someone actually give him a job instead of run in fear of the largely falsified legend that proceeded him. TV Guide made it abundantly clear in their Cheers and Jeers section that they disapproved of the show allowing Mitnick to guest star, claiming that it was wrong to glorify such serious crimes. …by allowing a person a two second role as a CIA agent you're glorifying bogus serious crimes? I see…well then, on with the review. Alias is a show that looked promising to me since I first saw the initial preview. With a girl sporting a "Run Lola, Run" haircut and some kick ass moves, it looked like a new action movie. When I saw that it was ABC's new series I was quite surprised, although not interested enough to tune in. When I heard Mitnick was going to guest star I knew I would have to watch, and I have to say I was, for the most part, pleased with the program. The action, while extremely preposterous, was entertaining nonetheless. Plot wise, the story felt suspenseful the whole way through, with the main star being a double agent who's actually working against the people she's working for. But of course, when we get down to the technical aspects we begin to see where the show loses its overall sense of reality. James Bond can do anything, we know that and we accept that. If there's a situation he needs to get out of, he'll get out. Whether he just happens to have the right tool for the job, or the perfect escape that relies primarily on chance, Bond is a character that can do the impossible. Alias however, has not been around long enough to have me believe that all these situations magically work out in the end. For example, a computer chip that, when attacked to the monitor, gives you root access and bypasses the firewall? Complete and absolute bullshit. Again, if Bond had one I'd go along with it…hey he's James Bond, but this is no 007 movie. Aside from that major injustice to computers everywhere, the rest of the tech talk was mostly the usual gibberish. Monitors showed somewhat respectable "Hollywood OS's" but those too were flawed with dos windows saying "SYSTEM ADMINISTRATOR ACCESS GRANTED." And while I'm no doctor…is it really possible to remove a bomb from someone's chest by simply cutting the skin? Can a device that large fit through the ribcage? Hmm…. And now the moment you've all been waiting for, Kevin Mitnick. I must say that I was pleasantly surprised by the performance gave. It's been said that anyone could act if it's only for three seconds, but Mitnick still gives a believable portrayal of a CIA computer expert. Yes you heard right, Kevin Mitnick was using a computer…I bet the feds are knocking on his door right now. Oh wait, Hollywood gave him permission this time… In the end, I would recommend Alias to non-hackers who are looking for some over the top action. But all in all, I would like to thank the creators of the show for giving Kevin a break and understanding the genius he possesses. The producer himself has stated that he "admires Kevin's renegade spirit." And no matter what TV Guide says, a renegade spirit is what this country is all about. 10. CROSSTALK Ø I want to publish my own ezine. Should I? If so, what advice could you provide? REPLY> The decision to start publishing an ezine is one you should never make lightly. Perhaps that sounds somewhat ominous, but in reality it's the truth, and the most important thing to remember. Making an ezine is no easy task…especially one that's released monthly. When you first begin, virtually nobody will know you even exist. You'll have to find the people, and forget about having them write for you just because they feel like it. If you don't grab them by the shoulders and shake an article out of them you'll have very few things to read in your first issue. And what about in later months? Will people still send in articles? If not, are you willing to either ask friends to make some or write some yourself? These are all very crucial things to consider, but of course I wish anyone who wants to start publishing the best of luck. Just remember, it's not as easy as it looks. Ø I've tried everything, but the phone phreaking information you publish just doesn't work! What's wrong? REPLY> First off, phone phreaking is not designed to stand the test of time, much like computer hacking. What's proven fact one day can be gone the next, it's as simple as that. But if what you're asking has nothing to do with little "tricks," then I suggest you ask yourself a few key questions. Is the service available from your area, whatever it may be? Are you in the same country the article was written? How old is the article? If you're trying to use some sort of *xx service, it's important to figure off if the service is available, if it isn't, you're going to have a difficult time using it. Next, are you in the same country? In one issue we posted numbers from Ireland, but they could only be reached from that country. Also, quite often carrier access codes that work in the US will not work in Canada or Mexico, but please send in anything you find from any country, we're always interested. And finally, please make sure you're not trying something from Freq3, for example, because that will probably not work anymore. Ø From what I hear, it sounds as though the people at Frequency are very anti-victim. I've been hacked before, and I don't think it was my fault. REPLY> Frequency, and it's crew, are not "anti-victim." If someone's rights are violated when they're not to blame we have nothing but sympathy. However, it's important to dispense responsibility evenly when something does happen. We've always said the internet was not designed with security in mind (after all, creating a world wide network isn't a secure concept in the first place) and for that reason people should be aware of the dangers before going online, or accept the consequences if they ignore them. So if someone is using Outlook Express and opens a file that's really a worm, there are several different people to blame. Microsoft for writing horrible software, the person who opened the file for running something that came from a total stranger, and the writer of the worm for creating malicious code. To exclude Microsoft and the person that was foolish enough to open the file wouldn't help solve anything, we need to educate people as to the dangers of things like this. To use a different example, if my house is broken in to you would no doubt feel bad for me. However, if I told you I had left all my doors unlocked, you would still feel bad but at the same time you would slap me upside the head and say how stupid I was for keeping my doors unlocked. Same thing should be said for the internet. 11. CLOSING ARGUMENTS As you may have heard on the show, we went through quite some trouble to get our domain name back. It began after we renewed it several months ago, apparently ehost.com claims they sent a confirmation email (which we never received) stating there was some sort of problem. After we, obviously, didn't reply, they cancelled the domain and we lost it. For anyone who's ever lost a domain they treasured and cherished, I'm sure you'll agree it's a sickening feeling…especially when you did everything you thought you were supposed to. Immediately after realizing the domain was gone I had called up ehost and they claimed there was a problem, perhaps because they thought it was a fraudulent renewal (the word "hacker" in the domain will do that according to them). I asked how I could get it back, as the customer service agent saw clear as day on his screen that I had in fact renewed. He informed me they had already handed the domain back off to NSI who would then let it "back into the wild." If I wanted it, I would have to fight anyone else who knew it was available. So there we were, waiting for the domain to become available, and hoping no one would snatch it first. Fortunately we managed to grab it before anyone else did…but unfortunately, there was a problem with the order. The email said there was an authoritative problem and that I should either email them or call, and of course they weren't open on the weekend. The next day I called and the man on the line informed me that it was possible my information didn't match up with my IP address, which it did (if you went by credit card info of course). He told me he would "push the order" through, and after that I had the domain back…finally. If there's a lesson to be learned here, it's that the unexpected can happen at any moment. That one small, otherwise unimportant event, can come along and throw everything into askew. Whether it's a car accident that makes you afraid to drive, a domain nearly being lost, or any other situation you can think up…these little things wind up changing us. When you have a domain, you feel that it's yours…now and forever. But when you wake up and see that it's gone, and that anyone out there could take it, you feel sick to your stomach. Of course you must blame the appropriate people, and in this case it would be ehost.com. Still, I ask myself what I would have done if I went to www.hackermind.net and saw a picture of a flaming skull, obviously the work of some person that thought it would be cool to own the site and do with it as they saw fit. Sure I would have went onto the next site, perhaps Hackermind.org…but it never would have been the same, not after so many people had gotten used to .net anyway. But that's the price we pay when everyone has to follow the same rules. Even when you know your right, it doesn't matter. I know I did what I was supposed to do, but ehost didn't see it that way…thus leading me into a situation that I had to fight my way out of. It worked out, but the experience was hellish nonetheless. -screamer 12. CREW Screamer Chaotix - Editor in Chief Dash Interrupt - Webmaster Da Peng - Network Administrator The Blue Giant - Writer Contributing Writers: Red Rover, Shelly, JayX, Da Peng Shout Outs: Postal Employees of the USA, Chandra North, Glory Mooreland, Michael Corleone Cover Layout/Design: Dash Interrupt TUNE INTO HACKERMIND, THURSDAY'S AT 10PM EASTERN BY OPENING LOCATION 64.152.82.80:9474 WITH WINAMP OR REAL PLAYER. SEND ARTICLE SUBMISSIONS TO: articles@hackermind.net SEND COVER SUBMISSIONS TO: covers@hackermind.net "I hate to say this, but it's working." -Topica Support, refusing to believe I get a "You do not have access to this list" error when trying to send messages to people on the mailing list. "I'm really sick of this shit!" -Screamer's dad, telling his boss at the post office exactly how he feels about having to watch 5 different Anthrax movies…now we know where Scream gets it from. WWW.HACKERMIND.NET