FREQUENCY: Inside the Hacker Mind December 2001 Freq16 (Disclaimer: Due to the fear of information and speech so many authorities have, we must ask that you read this ezine for educational purposes only.) 1. Introduction "A Night to Remember" 2. The (Almost) Untraceable Hack 3. Social Engineering For Dummies 4. Examining Student Databases 5. Theories of Network Interception 6. Ethics in Filtering 7. Hidden Dangers of Equal Access 8. An Introduction to D.A.T.U.'s 9. The End of an Era 10. Crosstalk 11. Closing Arguments 12. Crew 1. INTRODUCTION "A NIGHT TO REMEMBER" With a few subtle beeps, followed by the familiar voice of the atomic clock in Colorado, and finally the full version of Underworld's "Cowgirl" the Hackermind All Nighter began at midnight on Friday, November 16th, 2001 and aired until 3 am, Saturday, November 17th, 2001. The three hour extravaganza was something that we never thought would happen, considering how heavily it would rely on listener participation. But in the end, the Hackermind listeners came through and proved that they are the greatest listeners in the world by making what some have said was the greatest episode of Hackermind ever. And while we usually try to keep the ezine and radio show separate from one another, I thought it was only fitting to pay homage to the event by giving our readers/listeners some background information on how this came to be, and what can be expected in the future. It began when we decided that it would be cool to have Hackermind on at a later time, more towards the early morning hours when hackers are known to be at their best. And if we were going to do an episode that late, why not keep going until dawn? It could be an event with new people calling in each hour, and all sorts of fun activities along the way. For those of you who tune in every week, you undoubtedly remember us talking about this idea on the air several months ago. Back then, we were pushing for a true "all nighter," something around six hours long. Many seemed to like the idea, but reality soon sunk in and the concept of doing a six hour show became apparent. It would be impossible, and few people would bother to stick around for what was nothing more than a long episode of Hackermind. In time the idea slowly disappeared, but as things often do, it came back around months later. But now things were a bit different. With more listeners than ever and advertisements in 2600 we knew that the possibility of having people participate in a longer edition was better than ever. Once again the idea struck, only not in the form of a "long episode of Hackermind." Now we saw it as more of an online party for our faithful listeners, as well as anyone else would like to attend. The problem, and you know there's always a problem, was when to do it. Should we wait a month and tell more and more people about it, or just go for it the next week? While we wanted as many listeners as possible, we knew the longer we waited the less likely it was to happen. With that, we announced that the Hackermind All Nighter would be happening soon, with the idea that it would probably be the following week. But before anything was finalized, we needed to know how we could keep people entertained for three hours straight. The first concept was to attract listeners with the promise of getting their voice on the air, something that had never been done before on the show. With a loop line that was in working condition, we decided the best idea would be to have our listeners call that and say whatever they wanted. But would we get a dozen people who had no interest in the show whatsoever calling in just to cuss everyone out, or would our fans come through and join in on the festivities? It's something that must be considered when making a program such as this, mainly for the benefit of the listeners. The last thing you want is someone calling in to insult them, after all, that's the host's job *insert grin here*. It was decided the best time to offer up the loop line would be at the end of the program, so that hopefully only people who were serious about calling in would be able to. The idea was, anyone who just wanted to yell at our listeners wouldn't wait around for two hours to do so. The loop line conference call was a great idea, but it would never last three hours. Next we decided to have a chat session unlike any other, with both hosts participating. Only we wouldn't just chat, we would hop around from channel to channel spreading the Hackermind join with us. Next, we thought up the idea of doing a "live remote" with Screamer going outside on his cell phone to make it sound like both he and Dash were on the phone. While we have no proof, we've never heard of anyone sneaking around their neighborhood while hosting a show on their computer before…and it has certainly never happened on this show. So with those ideas on paper, we told everyone when the All Nighter would occur and waited. When the day finally came, we started with a simple introduction followed by a light hearted chat session. Of course the usual insults flew like crazy, some coming from people trying to kill the Hackermind spirit, but most in good humor. However, it didn't take long for everyone to join in on the jovial celebration and the chat was alive with energy. We hopped around channels, had a trivia contest (congrats Unreal), and got to reply to our listeners live on the air. Next came some music followed by the live outdoor remote, complete with Screamer smoking a cigar (how nice for a host to do so live on the air). Then, some more music, fun with operators, and then, of course, the moment everyone was waiting for…the loop line. With Screamer and Dash on the high end several people dialed in to be the first listeners ever to have their voice on the air. And while there was little to say, the conference call allowed people to meet one another outside of a chatroom and really say hi. And on top of that, in the tradition of "Off the Hook" it sounded really cool on the air. A group of hackers having a mature discussion on a loop line, live on Hackermind…folks it doesn't get any better than that. And now for the question on everyone's mind, when's the next Hackermind All Nighter? Some want it in a month, some every two months…but it's important to remember that the more times you do something, the duller it becomes. Will anyone really want to hear the same things again in a month? Or every two months? We seriously doubt it, it would have lost it's appeal long before then. For that reason, it may take a while for the next one to come around. Fear not, it will happen…but only when we're certain it'll be great. Lastly, I'd like to thank everyone who participated and helped make the first ever Hackermind All Nighter a night to remember. And with that, ladies and gentlemen, boys and girls, listeners and readers, we present you with issue sixteen of Frequency: Inside the Hacker Mind. -screamer 2. THE (ALMOST) UNTRACEABLE HACK: by Da Peng After my article dealing with Cayman Routers last month, I wanted to expand on the possibilities these wonderful little marvels possess while they're still around. As we all know, once information gets out things like this begin to disappear, which I suppose is a good thing. I noticed 2600 had information regarding Cisco routers, so one has to wonder how long these Cayman routers will remain open. I won't bore you with details I've already covered, but if you don't know what I'm talking about check out Freq15's "On the Inside." I will however, remind everyone what a wingate is, as there has been some confusion on the net as to what exactly a wingate is and does. To clarify, a wingate is really just a machine you telnet through that won't pass on your IP. In much the same way as routing your phone calls through AT&T's automatic operator service will protect your ANI, a wingate will protect your IP. Of course, telnetting through a machine that has an account which can be traced back to you is quite pointless. You'd be amazed by how many people have hacked from their university accounts only to be surprised when the cops come knocking. A wingate can alleviate this problem for the most part by giving you anonymity against most IDS's, although it's of the utmost importance to remember that newer IDS's will have the capability of finding similarties in connections and actually be able to trace you back THROUGH wingates. Let's suppose you want to snoop around a system for curiosity's sake, but really don't want the sysadmin breathing down your neck...what can you do? All those wingates on cyberarmy.com require a password, and you really don't want to pay 36 dollars on sdf.lonestar.org to set up a bogus account. Cayman Routers to the rescue! The first step is finding a router, or even better, a cluster of routers. This is easily accomplished by nmapping networks belonging to SBC. These may include SNET, Ameritech, and Southwestern Bell. All these services install routers on their customer's property without informing them that the administrative password IS NOT SET. Thus, by sniffing a network for machines running port 23 you could find wide open routers! Go ahead, try it right now, you're bound to find some. Giving you the networks to scan would be a little like handing you the keys to my car, so I'll leave that enormous challenge to you *chuckle*. With the routers found, begin your telnetting adventure by connecting to one router. Once inside, (you'll know you're in the admin shell if you don't see a login prompt) simply telnet to yet another router. Continue this process until you've gone through as many routers as you've found, and remember, the more the better. From the last router, go ahead and telnet to your final destination, or "target" if you will. You can now see what ports are open on the target machine by connecting to each one individually (bad thing about those routers, you can't run nmap on them), or you could even pound away at the "root" login all night if you like, secure in the fact that the admin will see nothing but the IP of the router. And even if he did contact the owner of the router, do you think Joe Shmoe would know what to do? What about the thirteen other Joe Shmoes you telnetted through? Obviously a router isn't the greatest machine in the world to use due to its many limitations, but if you're looking for a nice IP hider then I highly suggest giving them a try. The reasons for using them in this manner are many, some being illegal, and some simply because you value privacy. Whatever your reason, I hope you see the possibilities these machines hold. They won't make attacking a machine any easier, but they will help make it a lot less stressful. Of course, with newer IDS's coming about this too may someday vanish. But for the time being these routers are out there, and they're wide open. It boggles the mind that something like this is still going on, but it is. Be good, have fun, and keep enjoying your anonymity, Waa! 3. SOCIAL ENGINEERING FOR DUMMIES: by K1d C0lt3r Hacking computers has always interested me, but my obsession to have things my way didn't stop there. After several years I began to hear about a skill called "social engineering," or the act of hacking a person. There have been many masters of this, one of them being Kevin Mitnick, but I think I've risen to the point of having the ability to teach others. On several occasions I've managed to get teachers to reverse low grades, I've gotten people to offer me sensitive information, and hell...I've even gotten girls using social engineering. The most important thing to remember when social engineering is that it doesn't matter what you say, but rather, how you say it. Going up to a girl and asking her out is a difficult task, but what if you changed your tone and sounded more positive? What if you acted as though you had plans for that Friday night, but you wanted to change them to hang out with her? I make no guarantees, but the confidence you feel would seep out and be picked up by her. She would see you're not shy, and may even say yes. The same can apply with people who possess information you desire. Asking them for it would sound suspect, but what if you were in a rush and didn't have time to bother with pleasantries. "Yeah hi I'm up on the pole and it's friggin' pouring, can you give me blah blah blah" is one example that may work, as long as you're talking to an operator and it is in fact raining. People naturally want to believe you. It's human nature to take in something quickly, nod our way through it, and then give whatever information we're asked for. I'm sure you've given out info without question before, just give it some thought. Have you ever handed over your credit card number to someone just because they asked? It's as simple as sounding as though you have a legitimate reason. While I can't tell you how to handle every single situation you find yourself in, here are some tips on how to be a better social engineer. Like I said before, there's no way to guarantee results, every person is different. 1. Confidence - The more sure of yourself you sound, the more people will believe you. 2. Expertise - If you're pretending to be a techie, TALK LIKE A TECHIE! Use the words they use. 3. Be Friendly - People always want to help those that are kind to them, especially operators, who are used to being yelled at day in and day out. 4. NEVER GIVE IN! - Stay in character at all times. Even if they seem like they're on to you, stay confident in who you are. Act as though you have no idea why they don't believe you. Remember, if they don't know you're a fake they won't pursue it further. Social engineering is an act that improves with practice. The more confident you sound, and the more believable your pitch (pitch = story you're trying to sell), the better chances you have of getting what you want. If you keep your cool, and stay focused throughout, you're almost guaranteed a victory. It can't be stressed enough though, people are different from one to the next. What one person believes, another may shoot down. Believe in yourself, and others will believe in you. 4. EXAMINING STUDENT DATABASES: by Screamer Chaotix For the longest time I've been obsessing over an issue that is of the utmost importance to me; privacy. People should have the right to decide what sort of information about them is given out, and what is not. For example, if you don't want your number in the phone book you must pay to keep it out (unless you go through the hassle of putting in a false name). But at least there you have a choice, what about your personal records? How many times, and to how many people, have those been given out just so they could "build a demographic" and make more money? If you think about it long enough, it's quite sickening...especially when you consider how many people feel hackers are the ones invading privacy. With this in mind, I felt it was important to point out something I noticed while visiting a friend of mine at his university. And while naming the school may be a great help to getting the problem solved, it would also imply that this happens exclusively at this school alone. Rather, I'd like to explain the problem and let the world do with the information what it will. You've probably seen them if you attend a large university, they're called "email stations" and are commonly lower end machines that are meant to be used exclusively for, you guessed it, email. In this case they were iMacs, and given my inexperience with Mac's (and all Apple machines for that matter) I was a little uneasy about using it. Nonetheless, I was going to obey the large sign above the machines and use them for their intended purpose. But after doing so, I noticed something that caught my eye and raised my interests. It was a small icon that read "xxxxx Mainframe" (where xxxxx is the school name). As a hacker I was blown away by such an icon, but also knew not to expect too much from something that could have been nothing more than an image file under a different name. Upon clicking on it, I was taken back by what occurred. I was immediately presented with a warning, stating the usual "Unauthorized access is strictly prohibited blah blah blah." But rather than take me to a login prompt, it dumped me right into the middle of what appeared to be a specially designed system. A machine with a purpose if you will, and not your common UNIX shell. The machine liked to call itself the "Student Database" and had several options from which any user (including a person that didn't go to the school) could use. I chose the student records and was presented with a new screen asking for a student or faculty name. Out of pure curiosity I entered in my friends name, and voila, I was presented with a screen that listed his name, email, an ID number (which I believe to be a type of student ID, although I may be mistaken) and perhaps the most noticeable entry, his address. Right there, clear as day I could see ID information, his email, and even the place in which he currently resided. Like the good little hacker/citizen I am, I showed this to him, much to his disgust. Having seen one too many hacker movies he automatically assumed I had "hacked into" the school's database, but after walking over to his machine and doing the same thing he was shocked beyond belief. Both of us starting throwing around possibilities, such as how anyone could use his ID to obtain his grades, send him emails (even if he didn't want someone in particular to have his email), and worst of all...come visit him at his home on campus. Technologically, there was little to it, which is what makes it so frightening. Typically when we see sensitive information out in the open it's usually found by a hacker that had to use some sort of skill to obtain it, but this could have very easily been seen by anyone! And if you think you must need some form of ID to use the machines, or even get into the building, you're sadly mistaken. Student ID's are only required for the cafeteria and to purchase books. Anyone, including your worst enemy, could go onto one of these machines and find out where you live, what your email is, and perhaps even use your ID for malicious purposes. And all of this is made available without your permission. Upon closing the terminal connection I was able to view the location of the database on the internet. When I got back home the first thing I did was telnet to the location, but fortunately there was a login screen that wouldn't let me in. The purpose of this article is not how you can get in from home however, it's how anyone can get in just by walking into a public building on-sight and using a computer. Although to suggest that this information would be difficult to get from the outside would be ridiculous, especially considering the login screen gives you tips on how to log in. Hopefully this article has given the reader some idea of just how insecure their private information is, and how anyone can walk up to any machine and open up a connection into the mainframe. If your school, or anywhere that stores your information for that matter, uses these techniques I strongly suggest you write to the people in charge and tell them how uncomfortable you are. Or maybe you could even use one of the terminals to obtain their home address and send them a letter, I'm sure they'll be quite surprised. -screamer 5. THEORIES OF NETWORK INTERCEPTION: by Nefarious A lot has been talked about recently on the possibilities of network interception, especially considering all the commotion going on with wide open routers and internet "dark zones." In these paragraphs I hope to introduce the reader to the basic concepts of network interception as well as some possibilities these techniques may hold. I don't guarantee you'll be able to read private data, but the information contained in this text will certainly open your eyes. To begin, I'm assuming the reader is on a LAN of some sort, preferably within the confines of a building but a cable modem network will also work. Have you ever thought to yourself, I wonder what these machines are saying to each other? Or perhaps, what's User A's machine sending to User B? Many older, outdated theories suggest you could "run a sniffer" and see what's going through your network, unfortunately they assumed that all data packets were traveling through your local machine. This led many, mostly those who understood little about internet protocols, to sit and wonder why the only thing showing up were some odd replies their machine was sending out for some reason. The reason is simple, network administrators aren't fo-er, aren't usually fools. They know how dangerous it is to allow everyone on a LAN to have access to everyone else's data flow, as well as how much bandwidth it eats up. For this reason, switched networks were developed. Rather than allow anyone to see your data, a switched network would control an address resolution grid that would determine which packets go where, thus negating any chances of sniffing someone else's data. However, using a simple program such as ettercap ARP (Address Resolution Protocol) sniffing can still be performed. An excellent article that goes more into detail on ARP spoofing is in 2600 issue 18:3 and I strongly suggest you check it out for a more in depth look of how each sniffing technique is performed. With ARP spoofing, you can actually fool the address resolution table into thinking that you're the computer the ARP packets are destined for, thus putting yourself between your target and the switch. Here's a good place to run your favorite sniffer, if you're not using ettercap already. Other techniques of getting an interception exist, but for the most part they are somewhat similar. If you have further interest in this, feel free to search online and see what you can come up with. There's bound to be numerous posts out there about intercepting network traffic. Now the obvious question, how can you locate your target? And once found, what can be obtained through sniffing? Finding your target, assuming you're not in the same room and can't just walk over and see their IP, is as simple as sending them an email. If they're one of those kind people that reply, you can view the header files of the email and get their originating IP address. From here, you can proceed with the ARP spoof and retrieve the information that flows between their machine and the switch. This will allow you to see http requests, telnet sessions, as well as ARP, DNS, and other IP packets. Grab a few telnet passwords if you like, or test your skills at cracking SSH if you like. The sniffing is the easy part, especially with a tool like ettercap. But as I mentioned before, you must be sure you're ON the LAN you're trying to sniff…I hate to say it, but far too many people have attempted to sniff networks they had no part of for it to be funny anymore. And now, the ethical considerations of network interception. Many view it as an invasion of privacy, and for the most part it most certainly is. Still, there's a lot to be learned about networks through interception. You can see exactly how two machines communicate with one another, and what different forms of communication look like. It's also possible to see just how open internet traffic really is, without having to pay the consequences yourself. But all in all, I would suggest you give this a shot if you're interested in learning more about how local area networks operate. Perhaps you could try it using a machine you own, after all, that would be the polite thing to do. 6. ETHICS IN FILTERING: by Sad is Tic If I may, I'd like to step away from the technical stuff and think out loud if I may. You're welcome to read my thoughts, but I remind you that your opinions may differ from mine. Ever since my school computer refused to let me visit certain sites, such as those containing the word "hacker", I began to wonder just how justified these filters were. True, people make the claim that if you don't want to put up with someone's filtering software then don't use their computer. But in the end, who has the right to say what I'm allowed to see or not see? It was this idea that provoked me to write this opinionated piece, I hope you enjoy it. Libraries are famous for being pro-free speech. They're the institutions that allow you to read controversial books like Hitler's Mein Kampf, or The Catcher in the Rye, or yes, even Huckleberry Finn (Some may say I put those in the wrong order, but when you think about it, Huck Finn has gotten more shit than Catcher and Kampf put together!). They have movies for rent, and some you can take out for free, among them "Pulp Fiction," "Hackers," and "Boogie Nights." Behind the counters they carry Playboy and Penthouse, available to anyone who is over age 18. Yes, libraries are great for speech…which makes me wonder, why the hell can't I go to www.2600.com on their computers? We all know the reasons the software gives, as well as the library itself. But how fair is it that a library, a place so rich in information, would deny someone a particular source of information? They gladly print books about how to break out of prison (Loompanics baby!), but a site devoted to information about hackers, one that contains no illegal material, is filtered! True, you can probably use anonymizer.com to view it…but that's a hassle, and should not be tolerated as far as I'm concerned. One of these reasons I've heard, aside from the software blocking certain words, is that the library doesn't want children visiting adult sites. They can keep the adult magazines behind the counter, but they have no way of making sure someone under the age of 18 doesn't go on the computer to look at playboy.com. Aside from implementing a new system of age verification, what can be done? The answer is one that has been in place since the beginning of time, parental supervision. At least this will work if your children are under 15, after that I don't see why they couldn't go to the library by themselves. However, parental supervision would prevent those that couldn't understand what they're seeing from being "influenced" by suggestive material. But what about children over 15, or whatever age you let them go off on their own, who can watch them? I'll be honest and say that I don't have a clear cut answer for this, but all I can say is that I've never met a 15 year old who hadn't seen a picture of a naked person before. Of course, this only applies to adult related material. Sites like 2600.com only deal with information, and not even hacking related information, for that you need to purchase the magazine. I doubt anyone could argue that 2600 is more harmful than seeing photographs of suggestive content…and if you can, I'd love to hear it. No, the problem lies in the censorship itself. If we cut off access to something we're doing exactly what America is supposed to be against, we're denying people information. Whether you choose to read about hacking, bestiality, or bomb making, you have the right to do so. This is because information has never been a bad thing, only what people do with it. I'll be the first to admit that I wouldn't want my son or daughter to see sexual pictures before a certain age, but to say what we can or cannot see is something that is wrong in its very nature. As you can tell, I'm against censorship in all forms. I don't think that an institution should have the right to dictate what you can see. Filtering software is fine on home machines, for parents who want to decide what their children view, but on public machines we should have the same rights to information that we do in all other situations. There are flaws in this way of thinking though, most noticeably the idea of someone viewing racy material in a library. Do you really need to look at pictures of girls playing with Fido in a disturbing way in the middle of a library? I seriously doubt that with all my heart. But then again, to say that this isn't allowed would be a form of censorship! It's a vicious circle, but in the end I think what we need to focus on is that censorship has always been something American's are against. If we don't fight against it, at least in the public setting, we're allowing the government to say what we can or cannot see. What comes next, machines blocking access to all forms of independent publications because they "contain material that may be harmful to young readers?" Harmful as in "it actually dares to question authority." For brevity purposes, I won't give you all the horrible possibilities in this one article…I'm sure you can imagine them on your own. 7. HIDDEN DANGERS OF EQUAL ACCESS: by LAnKY For too long I've heard people bantering on and on about how great equal access is. Equal access, of course, being the ability to dial what are known as 101 codes to route a call through a different long distance carrier. For this reason, I felt it pertinent to write this article as a way to vent my frustrations and hopefully enlighten people that maybe didn't get it the first time around. To begin, a brief introduction on equal access and it's uses. Way back when there was The Phone Company, and they owned all aspects of telecommunications. Contrary to popular belief, most people loved them! Including phone phreaks, if you can believe that one. Their system was easily understood and easily used by people of all walks of life. This meant that you didn't have to be a phone technician in order to route a call. Later, capitalism stepped up and decided that phone company should break up, and we were left with "Baby Bells," or small divisions of this once great monopoly. Later, it was decided that if you subscribed to one particular LD company you should still have the right to use the company you wished to use, which was handy at a payphone. If you had a particular fondness for AT&T you should be allowed to use them at a payphone that had other services (actually this was usually the other way around, as AT&T typically had it's hand in virtually every payphone). At said payphone you would be able to dial what used to be 10 codes, which would be in the format 10xxx where xxx are the three digits that represent the company (222 = MCI, 333 = Sprint etc, check back issues of this ezine for a more comprehensive explanation and listing). Later, these codes became 101xxx numbers, which is where we are today. You've probably seen ads for 10-10-220 or 10-10-321, but seldom do people realize the hidden dangers of these services. Sure, on the outside they look safe and secure, but there may be numerous hidden fees, some quite outrageous. Not to mention other dangers, which I will explain shortly. First off, at the time of this writing placing a call through AT&T at 10-10-288 will cost you 95 cents per minute and a 4 dollar surcharge if you don't subscribe to them. This is not only absurd, but downright criminal. With no warning or explanation, an operator will connect your call and charge you that outrageous fee. I would suggest you dial 10-10-288-0 and see if they explain the charges to you, but there's the danger of them completing the call before you get to ask the question. A much safer route is to simply call up and ask, you'll find that the majority of "big" LD companies (MCI, Sprint, AT&T) all charge an enormous rate and surcharge. However, this is not the last of your worries. By making a call through another long distance company, you receive a bill from that company and are thus considered a "customer." What's the danger in that you ask? Quite simply, any of the "big" companies mentioned above will do whatever they can to get you to join, and they can do so legally by calling you. Yes, telemarketers can legally call you, even if you're on those statewide "Do Not Call" lists because you ARE a customer. To be sure you understand I want to stress that you do NOT have to sign up with a phone company in order to be their customer, simply placing a call through them makes you a paying customer…and this gives them the right to hound you about becoming a subscriber. Of course, telling the company "Do not call this number again," will void their right to call you. However, it's important to remember that they don't care about people, only phone numbers…if you call through their network one more than one line they have a legal right to call you on the other line you used even if you asked to not be called on the other! But again, by instructing them to not call you on that line will eliminate their right to do so. And believe me, companies love to play word games…don't give them any of that "I don't want you to call me" stuff, because they can argue that their calling you is simply not desirable, but that you never said "Do Not Call." For your own safety, be sure to get your point across clearly. You don't have to be extremely articulate though, saying "Don't call back" is just as effective, and enforceable by law, as saying "Put me on your do not call list" or "Do not call me." And should they break that law and call you back on the same line, feel free to bring them to court. It helps to have a recording of your telling them to not call back of course, unless your state/country insists both parties in a conversation be aware of a tape recording. Typically, only one party need be aware. This article is not meant to discourage you from using equal access, because there are several excellent service providers out there, among them "101-6868" and "10-10-811". However, even 811 has it's flaws. If you hang up before ten minutes you're automatically charged 50 cents. 101-6868 charges 7 cents a minute with no surcharges or hidden fees, so for calls where you're not sure if you'll get a person or an answering machine they can't be beat. But in the end it's up to you, the consumer, to get in touch with the carrier you wish to use to find out how much the call will cost you. All you need do is reach the carriers operator service by dialing the access code followed by a zero. If the service has no operators, I suggest you not use it…you don't know what you're getting into. 8. AN INTRODUCTION TO D.A.T.U.'S: by mm If you haven't heard of them by yet, I'm quite surprised. They're the talk of the town, and all the rage on the lines controlled by those in phreaker land. Direct Access Testing Unit's, or DATU's, are the newest thing to wet a phone phreak's appetite since cell phones. And for good reason, for they allow you to do virtually everything the operator can do, and then some. First, a brief introduction, followed by some theories of how DATU's can be used, and finally what it all means for the phone phreak community. Should you require other information, I suggest looking up "DATU" online or checking other ezines, it seems as though everyone's talking about them. A DATU is a very simple device used by phone company employees, such as operators, to do a number of simple tasks when a computer may not be readily available. I'm sure we've all heard, or perhaps been a part of, the hackers of yesteryear who controlled phone switches using their computers…well now things are easier than ever. With nothing more than your home phone, and let's face it, most of us have one of those, you can do an incredible number of things. Including, but not limited to; busy line verification, emergency interrupts, call forwarding, and perhaps (and this is only theoretical) shutdown an entire exchange! To find a DATU, I recommend using a wardialer that allows you to hear the connection being made. You're looking for a number that answers with a 400hz tone (UPL 26 claims these can be found with the suffix 9935, so I suggest you try that first.) Upon finding this tone, the next step is to key in a password. Passwords come in two flavors, user and admin. User passwords are four digits and, surprise surprise, are comprised completely of numbers (we're on a phone here ladies and gentlemen). The default is 1111, although it could be changed to anything. Some publications claim that you should try pairs like 3535 or 4747, but in my experience the phone company likes to keep it even simpler, something like 2222 or 3333 for example. Of course, your ease of cracking this code is dependent upon how dumb your telco is…so you shouldn't have any trouble at all! (The sarcasm is so thick you can cut it with a knife…) The admin pass on the other hand, is seven digits beginning with a #. This can be anything, and I'm afraid it's up to you to find it. If you do however, you'll have complete access to the DATU system, which contains voice prompts for easier use (ergo, no need figuring out what two tones means as opposed to three, etc). Unfortunately, the comments about admin rights on a DATU are purely hypothetical (such as shutting down an exchange) because I'm not aware of anyone who's cracked the code, although this does NOT mean people haven't. On the contrary, with only seven digits I'm certain someone out there has, I'm anxious to hear from them. Nonetheless, should you get in with the four digit user code you'll be presented with several options. These will be one button options, so you can press 1 to do a busy line verification on a particular number etc (busy line verification = check the line to see if voice or data is on the line or if it's merely off the hook). It's also possible to do an emergency interrupt, where you can actually cut into someone's line. Sick of getting a busy signal? Teach that person a lesson by dropping into the line and saying "Who the FUCK are you talking to!? Shit on a stick, you've been talking for over three god damn hours!" …well you get the idea. These DATU's, when found, can be great fun. Phone phreaks can learn so much from these devices it's not even funny…well actually it is. Imagine controlling one of these DATU's, even with only the user pass…you could be your own private operator! Of course, there are dangers. Suppose someone who wasn't interested in playing around, someone who only wanted to do damage, called the DATU and got in? This person could seriously mess with your life, and good luck proving the problem to the phone company…their employees probably don't even know what a DATU is! In conclusion, I want to stress that pounding away at a DATU passcode is risky business from home. The phone company will most likely notice all the failed attempts and change the access codes, giving you and fellow phone phreaks quite a headache. Be careful out there, and keep checking back for future articles dealing with DATU's. 9. THE END OF AN ERA: by Endless Echo Maybe it's just me, I wouldn't doubt it if it was, but there was something magical about the old days. The days when conference calls were made where intercept recordings were supposed to lie, or by entering the D key before a call completed to information. These were the lines few new about, but many enjoyed. Phone phreaks would meet up in this type of secret society to share information about phones and electronics, or just bullshit about typical everyday stuff. But this was no regular conference, this was a phreaker sanctuary. A place where only the technologically elite could meet and discuss these topics. Generally it was understood that if you found these lines, you knew enough to be on them. Which meant that there was little "one-upmanship", if any. It depended on where you went, what conference line you talked on, but for the most part they were genuinely friendly. These phreaks would call up their friends, or even total strangers, and bring them into the conference just for the fun of letting them participate in a genuine phone phreak conference call. Yes times were grand and the experience of hearing a dozen voices at once was awe inspiring. Perhaps you have to be a phreak to understand it, but there's something amazing about a conference line full of people. It's like meeting in a digital world, only it's nothing like a chatroom. A chatroom is merely words on a screen that people enter in. A conference line allows people to actually speak to one another and get to know who everyone is. There's no hiding, no ability to be "anonymously stupid." If you're on the line, everyone hears you, and that leads to many not wanting to be the odd man out by spouting off about total bullshit. But of course, all good things come to an end. And once the phone companies began realizing that people were using these lines as a conference rooms they quickly took action. Thinking about it makes me sick, how dare some profit seeking corporation tell me that I can't talk to more than one person at once…how dare they try to end our meetings! Conference calls were a way of meeting up with people in a plane of existence far beyond our world, within the maze of copper lines that made up the phone network…voices crossing, tones generating, and people communicating…but the phone company wasn't making any money off of it, and that made it illegal. Correction, they made money off the call you made, unless you called an intercept recording of course. In that case they made nothing, which is no skin off my back. They would make money if you got a group on a loop line, and that money would come from everyone connecting to that loop. Whereas if you called information and hit the D tone, or simply found a vacant intercept recording that allowed multiple connections, the phone company never registers a completed call. But before you agree that the phone company has a right to make money for use of their lines, imagine this if you will. Four people, all within the same LATA, call an intercept recording (which is also handled by their CO) and are able to talk to one another because the recording that would otherwise occupy the line (in other words "The number you have dialed has been disconnected, no other information is available") is missing. The phone company would say this is illegal, even though the local call is free and nothing would be charged anyway…the very idea that you're able to talk to a group of people makes them want their "conference" money (the outrageous fee you have to pay in order to conference calls together). So here we see the phone company wanting money for something that costs them nothing, and for a service they're not even providing. It's like saying you're not allowed to carry a letter to your friends house because the post office doesn't get the price of the stamp! (Thankfully our post offices use a bit more common sense than the phone companies.) All in all, these phone companies went after these great communication lines with a vengeance. If they weren't making money of them, they could just go to hell. So what if the conference was in a local area and the phone company wasn't losing money, they damn sure wanted to make it, and that made these calls illegal. You could hear it on the line, during those last conversations people had before their secret society was crushed by the all powerful phone company. People choked on words as their little world inside the phone network was cut off, and one by one they disappeared from the lines until all that remained was a dead phone. The era of phone phreak conference calls had come and gone. 10. CROSSTALK Ø Frequency, I am sending this letter as a reply to Red Rover's article, "The Dwindling Hacker Community." It would be easy for me to begin by quoting Red's statement, "I love computers, but I don't believe I have the drive to find new things that can be done or partake in the thrill of creating something." - and then tell him that he is the antithesis of a hacker and has no qualifications to comment upon the hacker community. Nay, for by his definition, my lack of ability to code assembly means I am no hacker. But I am a hacker. I have an insatiable desire to learn. I want to learn about all technology - not just computers. Phones, radios, CNC; all present an endless adventure. I have the drive, learning Linux from the command line and teaching myself C. No, I cannot write a POSIX compliant operating system from scratch. That would take study and training akin to a computer science major. And I have taken a different path. Training - let's use that as an analogy. Imagine a person wishes to learn a martial art, wishes to train. She joins a dojo, attends an initial class, and then is turned away by the sensei, told, "Your abilities are inadequate. Go away." If this unfortunate person is not so hurt as to shun martial arts altogether, she may persevere and train on her own. But without guidance from seniors, the person's technique will be bad, ineffective. The person may think she can defend herself, but can't. The person may learn enough to hurt others, but will more than likely lack the respect for that power and the respect for others that would be ingrained by training under a master. I would not wish that loss upon anyone. I have been very fortunate to spend time with wise "masters" of many fields, and the time spent with them was inspirational. I learned morals, ethics, and secrets of success if you will. As well as wizard-like technical insights. Not only did I learn from them, but I'll wager that they learned a thing or two from me. If a hacker is elite, she should be intelligent enough to learn something from a newbie. Before I conclude, I want to comment on two sentences: "Be friendly of course, but don't answer their questions." - Is it not the nature of hackers to learn new things and SHARE KNOWLEDGE WITH OTHERS? "Don't help them with information that can be easily obtained in a book." - Why not impart upon them many new and wondrous repositories of knowledge, and look like a grand master yourself? R.R., your editorial infuriated me. If the hacker community is dwindling, it is because of stagnant notions of elitism and hierarchy. Ever heard of feudalism? And yes, the use of "she" was a jab, Rove - think about it. dual_parallel REPLY> While we cannot comment for the author, we thought it was important to note that we print articles of varying viewpoints, at least we try to. Red Rover's article was an opinion, and frankly one shared by many in the hacker world. He/She believes, as far as we can tell, that people who are just learning should know their role and not claim to be something that they're not. You believe that a hacker is a person who is always learning. And because of the nature of hackers, there is no right answer. You both have different opinions and that's what this ezine is about. In the end, we hope that Rover understands there are a lot of people out there who are not computer geniuses, but still play around with these technologies and should be seen at hackers. While at the same time we hope you understand that by letting just anyone call themselves a hacker we wind up with about two million people who know nothing calling themselves hackers because it makes them feel good, and who never contribute to the community. In the end, the answer is in the mind of the reader. Ø Frequency, I've been noticing an increasing trend toward technical articles in your publication, and while I don't mind this, I have to say that I miss the old days. I loved to read the opinionated editorials and debate them with my friends, but now it seems that the ezine is relying on the once forbidden "how to" articles. Sure a lot of people enjoy reading about how to do stuff, but I thought Frequency wasn't about that? Sasha REPLY> Change and evolution should not be seen as a bad thing, as long as one never forgets their roots. Frequency remains a highly opinionated publication, much more so than any other ezine out there. While others discuss ways of robbing from people, our articles commonly express a love for technology or information in general, which we feel differentiates us from the masses. We've also found that restricting articles was futile, as hackers will write about what interests them…and that's computers, phones, and other forms of technology. On top of this, it gets quite difficult to create an entertaining monthly publication when your articles keep on saying "I hack because" etc. For that, among other stated reasons, we've been putting more variety in. So far we haven't heard any complaints about the content of the ezine, and you yourself said you don't mind, so we're assuming our readers approve. Ø Can I post Frequency on my site? REPLY> Of course, there is no need to ask permission to put up Frequency issues on your site. The same goes for past episodes of Hackermind. We create this ezine so people can read it, and the more people that do the happier we are. All we ask is that if you post an individual article, please give both the author and the ezine credit. A simple "by: so and so (from www.hackermind.net)" will do if you plan to publish the article in your own way. 11. CLOSING ARGUMENTS Ladies and gentlemen of the jury, I try so hard to separate the introduction from the closing arguments, so please stop me if I begin to intertwine them. You see, the intro is meant as a way of introducing a topic that will set the mood of the issue while the closing arguments are a chance to get out any last points, or make any observations that may have been noticed during the creation of said issue. For this reason, I will move on and discuss what has occurred throughout the month of November, which is the time at which this issue was slowly pieced together. There's the obvious All Nighter that was mentioned in the intro, but I'll stick to what I said and move on. What I would like to talk about though, is something that didn't only happen this month, it's been happening from some time now. Over dramatization is what you could call it, and while it may sound relatively harmless, it can do a great deal of damage. News articles come my way day in, day out, and many talk about the dangers that hackers could, theoretically, do if given the right circumstances. But even more shocking, is how the word hacker is used to sum up a group of criminals. Follow me here, for just a moment. There are criminals the world over, some kill, some steal, but seldom do we refer to them as a group in the media. "Murderers" aren't a threat to our nation, "Burglars" aren't the danger to world economy. And yet, "hackers" are. Why do people feel they must group all computer criminals into one convenient name, and assume they're all working together? "Hackers could pose threat to global economy" a story may read, but how many times have they talked about the dangers of "murderers?" Never, for murderers it's a case by case basis with each person getting their day in court. Rest assured, using a word like "cracker" is no better. You're still giving the media the satisfaction of implying that all computer criminals should be treated the same, regardless of whether they copied a file or spread a virus. In the end, it should come down to a case by case, person by person basis. Not all "murderers" or "burglars" are dealt with in the same way, and few are used as "examples." But this is a common occurrence when it comes to hackers, and I for one think it needs to be stopped. Why must someone fear jail time for figuring out how to get into a machine? Shouldn't there be laws that differentiate between figuring something about and actually doing damage? There should be, but there aren't. Hackers are forced to live in fear, grouped together as a common evil. If you do something cool like redirect traffic on the internet, even if it's just for a moment, you won't be tried as an individual…you'll be tried as a hacker. Because, according to the media, hackers commit crimes. I think Emmanuel Goldstein said it best, "Trespassing on private property will get you a night in jail and a fine, trespassing in computers will land you in prison for over a year…if you're lucky." Many out there have good intentions, claiming that we shouldn't talk about illegal activity at all. You should NEVER discuss how to make a free call, phreaking should be about learning the phone network they would say…and while I respect that completely, I think it's somewhat lacking in definition. A hacker doesn't only learn about technology, they break it down and make it do what they want it to do, and then rebuild it to make it better than ever. To say that discussing how free calls can be made is wrong is like saying that hackers are a bad thing! No, we must be responsible and not do damage, but all the while continue to figure out how systems can be broken. That's the only way we'll ever see how they can be made better, and have fun in the process. Because that's something else we need to remember, fun is not a bad thing folks. Destruction is, but fun is fun. Believe me, I used to sneak out of my house in the middle of the night to go drinking with my girlfriend, and while my parents would have flipped, there was no damage done and no one got hurt. Should I be arrested for that teenage indiscretion just because it would have annoyed my parents? Now, had I got loaded and went driving…that's where the trouble lies. Then you're actually risking something, you risk killing someone else. But we never would have done that, so there was no harm…the same with hacking. If you make someone's phone ring a few times, or change their site around, it's a joke! Granted, most hackers look down upon it because it's really not the most skilled thing in the world to do, but I don't know any that would say a kid should face 55 years in prison for it. In the end, I'm still puzzled by this insistent labeling. Maybe it's because I hate the fact that someone would assume that "all hackers think alike," when they certainly do not. But I think the real reason would be that, as well as the idea that they never say "all murderers think alike." Why must hackers be labeled and pointed out, or branded if you will? And perhaps the most ironic thing is, regardless of how many times they insist all hackers are bad and that everything they do is a crime…there really hasn't been any serious damage done by hackers. The net's still up, and the world economy is just fine. Odd isn't it? -screamer 12. CREW Editor in Chief - Screamer Chaotix Webmaster - Dash Interrupt Network Administrator - Da Peng NT Specialist - Unreal Contributing Writers - Da Peng, K1d C0lt3r, Nefarious, Sad is Tic, LAnKY, mm, Endless Echo Cover Design/Layout - Dash Interrupt Shout Outs - Everyone that tuned in for the first ever Hackermind All Nighter, The Blue Giant, Joe Engressia, Panther, Unreal, www.easyconference.com, the ladies of UCONN, Chang's Garden in Storrs CT, 1016868, Edward D. Wood Jr., Erica Leerhsen. WRITE FOR FREQUENCY! Send article submissions to articles@hackermind.net TUNE INTO HACKERMIND, THURSDAY'S AT 10PM EASTERN (0200 UTC). VISIT WWW.HACKERMIND.NET FOR DETAILS. WWW.HACKERMIND.NET 207.217.96.28