An Interpretation of Computer Hacking (Spring, 1988)
----------------------------------------------------
By Captain Zap

The following article is one view of computer hackers. We'd like to say right
up front that it is not ours and in fact we take exception to a good many of
the facts presented. We would be most interested in hearing what the hackers of
the world have to say regarding this perception of them. Please send us your
feedback.


The ongoing wave of computer crime that is being reported in the media around
the world shows the ease of computer system break-ins that are becoming more
and more widespread. Both the technology and the society have changed since the
birth of the first computer and the growth of the computer has come to the
average household in the U.S.

The speed has increased while the size has shrunk. One simply has to compare
the Apple or IBM personal computer to ENIAC, the first computer. ENIAC was very
large and needed a small electrical substation to operate while the personal
computer today runs on batteries or household electric. The memory in ENIAC was
just about 2K compared to today s personal computers, which commonly have 16
Megabytes of RAM.

All of this computing power is now in the hands of everyday persons and the
equipment can be carried to anywhere in the world. In addition, these people
can gain access to the computer center of any major and a large number of minor
computer sites. How? Through the phone lines around the world and the ability
of such a vast global network to interface almost anywhere on the face of the
planet. Simply put, the phone and the computer are now one and the use of
dial-up ports to the computer is becoming standard operating procedure. The
reasons are due to the desire for distributed databases and the need for all of
the information to flow over the phone networks around the world. We will now
look at the issue of information flow over the phone network and how easy it is
for someone to gain access to any part of the transmission.

Telecommunications and Fraud

The beginning of the formal underground phone network started in 1971 with the
formation of the newsletter entitled "YIPL," or Youth International Party Line.
This newsletter was structured with information on how the phone company
equipment would work and ways to defeat it. This was also seen as a protest
against the Vietnam War and the Federal tax that was placed on phone service to
help pay for the war.

The idea was to be able to place calls to others without paying any form of
toll charge. This one form of toll fraud was done with the use of homemade
electronic gear known to this day as the "blue box." The "box" was able to
simulate the signals of the phone company switches and it could place calls as
if one had the same controls as a regular AT&T operator.

Calls were placed over toll-free trunks such as 800 numbers. The phone company,
seeing the problem, placed a tone detector on trunks looking for the distinct
tone frequency of 2600 hertz. (This tone is the signaling frequency for the
long-distance trunks to disconnect but the blue box could still maintain a hold
on the trunk and place calls from remote locations.)

One other interesting aspect should be mentioned the use of a whistle that was
found in the boxes of "Captain Crunch" cereal. The name "Captain Crunch" was
used by the earliest phone phreak known to the phone system security force. His
real name is John Draper and he was the first person who used this whistle from
the cereal boxes and discovered that the toy would produce the exact same tone
(2600 hertz) that the phone system produced for the seizure of the trunk lines
needed to make long-distance phone calls.

Other "boxes" also exist. Here is a brief list:

 * Blue: Produces all (SF) single frequency tones and (DTMF) dual tone
   multifrequency. Able to dial without incurring toll charges.

 * Red: Able to produce coin identification tones that correspond to coins
   placed in a pay phone (nickel, dime, or quarter).

 * Green: Coin return. This allows the caller to return coins instead of the
   coins dropping into the coin box of the pay phone.

 * Silver: Able to simulate the DTMF and have the availability of generating
   1633 Hz. Tones are used on the AUTOVON voice network (the military phone
   system).

 * Black: Does not allow the connection of billing circuits to call. Must be
   used on called party's line. This is only usable on older switches such as
   step by step or #2 or #5 Crossbar.

 * Clear: Allows for calls to be placed from the new private pay phones that
   block the phone's microphone until a coin is inserted. But by using an
   impedance tap type of device the speech of the caller can be electronically
   placed in the earpiece and the conversation can proceed normally.

 * Cheese: Allows for a call to be placed to one location and then transferred
   to another location on a different line than the original number called.
   Used to hide actual location of the caller from traces by separating and
   isolating the call from the other line.

There are combinations to these boxes. They can be red-blue, or red-green, or
silver-red-blue.

But one of the simplest ways to defeat the phone system would be to use a
portable tape recorder. This would allow for the tones to be played into the
mouthpiece or to use an induction coupler to enter the tones. This way there is
no illegal equipment to be found and the phone phreak can do his work.

Other methods of phone fraud are now taking place due to the use of other
longdistance carrier networks. Carriers such as MCI and Sprint have had toll
fraud problems for years and now are starting to compare notes about toll fraud
and other pertinent information. The carriers have recently formed a group that
pools information about suspected code abuse. Such information includes phone
numbers dialed, called party name and address, suspected or known toll abusers,
and the new problem of multi-carrier abuse.

Most of the known abuse is being directed from the hacker bulletin boards that
post port numbers and access codes. Other incidents include employee use after
hours or just plain fraud by using another person's code.

We will first discuss the problem of multi-carrier abuse or "weaving" through
the different networks. This form of toll abuse gets its name due to the way
that calls are placed to the target phone.

In the United States, there are five major long-distance telecommunications
carriers: AT&T, U.S. Sprint, MCI, Allnet, and RCI.

If a caller wanted to hide in the different networks, he could start by dialing
a local PBX (Private Branch Exchange) and use the PBX as the first point of
contact to place the call. Most major PBXs today have the ability to allow
outsiders to gain access to the local telephone line through a switch in the
PBX.

This switch gives the local dial tone and allows a call to be placed to the
first local access port of one of the common carriers. The local port answers
and places a carrier or system dial tone across the line and the caller inputs
the access code, area code, and number to the next target switch.

The number input is the number of a target switch in another city and allows
for the caller to hide in the network of Bell and the first carrier. The second
targeted switch then answers and gives a system dial tone and the process is
repeated.

This progression will continue until the final target phone line is reached.
Such tactics can confuse even the best telephone company attempts to trace a
call. So the final product of the call is that the caller could be coming from
any major port on any of the carriers. Plus the added problem of being on all
carriers at the same time with the different interconnections allows for some
very interesting complications to occur.

Such access to the switch is very easy as many persons use these common
carriers to make long-distance calls. With the vast amount of persons who use
such services, the ability to find working accounting codes is still very easy!
Such codes can be found by the use of a modified War Games dialer program. This
particular program will call the local port of the common carrier and just like
its cousin the port scanner, will scan the common carrier port with the ability
to generate touch tones and  hack  out a working code that can be used for that
switch.

An example of a simple War Games program is listed at the end of this article.
This program was written for use with an Apple II+ and a Hayes Micromodem.

The operation of the program is very slow but other faster versions of this are
available to the system hacker. Other programs have been written for use by the
Hayes Smartmodem and the Prometheus ProModem 1200A.

It should be noted that some of the common carriers have changed the
programming of their switches to only accept valid codes for the local area
that is, not to accept any other code that might work in other parts of the
country. Traveling callers must call a special number and insert an additional
four-digit code after the regular authorization code.

Hacker Communications and Bulletin Boards

Some of the ways that the hackers communicate is through the use of conference
calls and the underground bulletin boards. Such methods of message traffic go
without charge and are able to be done by the vast majority of the hackers. The
hackers have the ability to place up to 30 calls to any place in the world and
join all of these calls together.

Most of the calls are placed to pass information over to other hackers that can
work on a problem and compare results and plan for more tactical attacks to the
target system.

The logic behind the thought is that the ability of one person to attack a
system is multiplied tenfold by the others working on the same system.

Such attacks have been placed on varied computer and communications systems by
the hackers. One such incident took place in Los Angeles, with phone phreaks
and hackers attacking the Bell System master control computers and trying to
turn off all the phones in the city with the exception of the emergency
circuits. This attack was for the most part successful resulting in the loss of
phone service for thousands, but not complete in its goal.

But this writer s opinion about the attack is that it was very successful
showing the ability of certain persons who were able to shut down some of the
phone service in the city. If such actions can be performed by persons who do
not have inside information or access to the facilities, then it is a very real
situation. Such attacks can be placed to a series of phone lines or just one.
Other attacks have involved the reprogramming of Bell System switches, changing
the destination of 800 toll-free calls to other locations, or ringing a vast
number of phones at the same time.

The phone/computer underground is still growing with the vast amount of
personal computers coming into the hands of many different persons who now have
a large amount of computing power at their fingertips.

Bulletin-Board Systems

Bulletin boards are, as they sound, a place where persons can place information
or requests for information. But in the world of the hackers, the bulletin
boards are a way to pass information via computer to other hackers. These
boards are set up by individuals in their homes and the users of the board call
a phone number that is attached to a modem and the host computer. A bulletin
board is nothing more than a place to swap information.

Such information like dialup port numbers, logons, and passwords are common
information available to the main hacker population. Other more secret
information is passed in confidential messages to each other and through the
use of sub-sections of the board where only a select few are able to enter.

The bulletin boards contain a wealth of information if one can gain access to
them. One reason that the boards are difficult to enter is because of their
security. A good rule to remember is that the hacker bulletin boards have far
better security than most large computer systems, and that the hackers check
out each user for their real identity. A series of checks is done that include
the place of employment, the phone number and the owner of that number, driver's
license, health records, and the like. Other security checks require that a
prospective user be recommended by another user to gain access, and then the
new user is granted a lower status than most users until he proves his worth in
the hacker world. The chance of a law enforcement person gaining access is
thereby greatly reduced. Other aspects of the security of the boards is that
some of them have a clause at the sign-on that states that the board is not
responsible for the information posted and that any information placed on the
board is for informational purposes only and that the person who is logging
onto the system is not a member of any law enforcement agency in any way,
shape, or form.

One of the methods used by the hackers to keep control and order in the hacker
community is know as Tele-Trial. Tele-Trial is a court that is convened by the
hackers to listen to complaints, set laws, and hand down decrees upon suspects.
Such decrees can include not granting access to the boards or having someone
executed electronically.

Such actions have come to the public s attention with the Tele-Trial of
Newsweek reporter Richard Sandza. The story with Mr. Sandza is that he wrote an
article about the hacker community and the hackers did not approve of the
story, so Mr. Sandza had his credit card information posted on a number of
bulletin boards and numerous articles delivered to his home.

Other interesting parts of this story include the distribution of his private
nonpublished phone number and a number of death threats. Mr. Sandza then wrote
an article entitled "Revenge of the Hackers" and was bombarded with another
wave of abuse from the hackers. This writer's opinion is that it is better to
make an ally with the hacker rather than to antagonize him, as he can perform
your destruction in a matter of seconds and such destruction can happen at any
time. And remember, the hacker can be the best prevention for computer security
sickness and that a reformed hacker can make for the best data processing
security person.

In general, most of the computer bulletin boards are nothing more than a place
where persons of general interest are allowed to communicate their ideas and
comments about hobbies, art, science, cars, ham radio and electronics, and of
course the major reason this article has been prepared - the computer/phone
underground. The boards in general have been a major problem in the control of
information due to the use of the boards by what some may call "information
junkies."

But the problem of the "information junkies" is one that is spanning the
computer arena with all types of persons using this form of high-speed
communication. And one of the major contributing factors involving the computer
abuse is the non-education of the users in ethics.

But the problem is twofold: The user must be held accountable for his actions
and the owners must secure their machines with a reasonable amount of security.

Part of the problem with the owners and of course the transmission facilities
is that the carriers do not take responsibility for the security of the
transmission, only that the transmission will get to the intended destination.
Add to that the cost of point-to-point encryption and you get very high costs
both in the equipment and in the maintenance of the system.

The bulletin boards contain a vast amount of information at the fingertips of
thousands of persons at any time. Some of the boards have the ability to have
multiple users on them at one time. And the boards that we will concern
ourselves with, the underground or clandestine boards, are the toughest to
crack. Information on these systems can range anywhere from how to make free
telephone calls to the formulation of crude plastic explosives to a person's
credit and personal information. Mostly the boards are a place where the study
of telecommunications and computers is placed above all other things. The
hackers call it nothing more than "electronic geography." They have nothing
more than a good sense of curiosity and they want to learn. So they go
exploring and find things that most would consider to be trivial. Information
found has been well documented and proven to be embarrassing to the owners. The
government has therefore given both the Secret Service and the FBI the job of
investigating all computer crimes. This includes the investigation of the
underground bulletin boards.

The boards are considered a major nuisance to the phone companies, but are only
considered a small threat to the computer owner. But they still produce good
copy for the morning paper and evening news. The general public thinks that the
hackers are wonder kids able to launch a nuclear missile in any direction who
can invade any computer system out there. They hear that a computer that
belongs to the U.S. government in a nuclear research facility has been "tapped"
by the hackers, or that there is a possibility of the hackers controlling
satellites and moving them out of their assigned orbits. Granted, they did not
move the bird, but they did gain access to the rotation control for the
satellite.

And it was stated that the information needed to do such things was found on an
underground bulletin board. That might be true, but information that is far
more valuable to people on earth is being posted on the boards. And this
information comes from the trash can or from insiders who have become
disgruntled or just from plain old research looking for publicly available
sources. Some of these public sources constitute users  manuals and system
documentation.

Another interesting fact about the boards is that they contain a group of
sub-sections that include subjects on telecommunications, software piracy, and
cracking of software protection systems, computer systems overviews and how
different systems work, and ways around the system security features. Some
bulletin boards also contain page after page of dial-ups to major computers
around the country. These include all of the Fortune 500 companies and a large
amount of military systems. So to the persons who state that the bulletin
boards are not a problem, I believe that they have not been on any of the major
underground boards and therefore should not make such rash statements.

As to the overall damage that a bulletin board can cause, the final cost has
yet to be determined. The boards allow for the transmission of information to a
large group of persons. What the person who gets this information does with it
is another story.

1 REM  WARGAMES DIALER PROGRAM  FILE MUST BE OPEN FIRST 
5 INPUT "NUMBER TO START" ;N 
10 D$=CHR$ (4) : Q$ = CHR$ (17):Z$ = CHR$ (26) 
15 FOR I=N TO 9999 
20 N$ = "0000" + STR$ (I):N$= "567" + RIGHT$ (N$,4) 
25 PRINT D$ "PR#2"  
30 PRINT Q$ " " N$ 
35 IF PEEK (1658) 1/4 128 THEN 1990 
40 PRINT D$ " PR#0 " 
45 PRINT D$ " APPEND DIALER 567 "
50 PRINT D$ " WRITE DIALER 567 "  
55 PRINT N$ 
60 PRINT D$ " CLOSE DIALER 567 "
65 PRINT Q$ " CHR$ (26) 
70 REM HANG UP AND BE SURE THAT YOU DID 
75 PRINT D$ " PR # 0 "
80 PRINT D$ " PR # 2 " :PRINT D$:PRINT Z$ 
85 FOR J=1 TO 600:A= -1:NEXT
90 NEXT