______ ______ ____________ ____ ___ ______ / ____|\ / \ |____ ____|\ / | \ / / | / \ / / ____\| / __ |\ \_/ /|____\ | / | / / / / __ |\ / / / / /__/ / | / / / / /| |/ / / / /__/ / | / /__/______ | / / / / / / / | / / | / / |____________|\ |\_____ / / /__ / / /___/ / |___/ / |\_____ / / |_____________\| \|____| / |___| / |___ |/ |___|/ \|____| / ____ / \ --- / \ \ __ / /\ \ \ \ _/______|_/ / / / \ | | / / / / | ---\( |/ / / / | \|\(/\(/ \(/ | | / / / \ / / \ ___/ / / / Communications of The New Order Issue #3 November/December 1993 "What we have here is good and evil, right and wrong" - George Bush "Hi, this is agent 866 with the Secret Service.".......Karb0n "Dude if I just had some fuse!"........................Panther Modern "Whoosse GNuuuu?"......................................Nuklear Phusion "Real men don't divert."...............................Dead Kat "Dude I've been busy!".................................Cavalier "Boom-shlack-lack-boom!"...............................Jewish Lightning Special Thanks: John Falcon, Remj, Matrix, The Public, Scanner and Jupiter, Disorder, Lucifer, Mystic, Max Lumens, Plexor, Maelstrom, Coaxial Mayhem, and Phate members. ========= __/\/InTRoDuCTioN\/\__ Welcome to Issue #3 of CoTNO! For those of you reading CoTNO for the first time let explain the purpose of the magazine. We will only print articles which are of general interest to the H/P community. Those articles will be oriented at the beginner to average hacker and we will keep the total length of the 'zine short enough so it doesn't become a chore to read. We accept submissions from anyone who has the will to spread around a little of thier expertise. In fact, we have made it easier than ever to submit. We have established an Internet mailing address where you can send your proposals or you comments concerning CoTNO. The address is: ak687@freenet.hsc.colorado.edu Of course if you can get on the TNO HQ BBS, Flatline, you can leave us mail there. Occasionally you may even be able to catch one of us on IRC or on a bridge or in a Telco dumpster and you can chat with us live. We look forward from hearing from you. Ahem... [The following article appeared in the Dec. 28th issue of the Rocky Mountain News. The headline was on the front cover and the story appeared on page five. The Rocky Mountain News is Denver's biggest newspaper. My comments appear in parenthesis.] ----------------------------------------- *** TEEN HACKERS ACCUSED IN TELEPHONE SCAM *** Police say 'amazing' computer whizzes stole customers' access numbers; $50,000 in illegal calls made. Three Colorado teen-agers are suspected of setting up an elaborate computer- hacking system that tapped into a long-distance telephone company and stole secret access codes (k0dez!). The codes (k0dez!), or Personal Identification Numbers, were sold (sold? yeah right) or traded to others, particularly people linked to a huge computer underground (thats us!), said Detective Greg Bohlen of the Littleton Police Department. The victim, Long Distance Dialing Service of Louisiana (950-1001), estimates nearly $50,000 in illegal calls were made by non-customers with the codes, he said. (hey Cav, wasn't that the k0de that refused to die?) Police arrested Kevin Wilson (Damian), 18, of the 7400 block of South Gallup Street in Littleton, and two juveniles (Epsilon and Shockwave) from Jefferson County in the alleged scheme. The young hackers (they weren't hackers at all, they were pirates who didn't know telnet from telenet) had set up a system much like the computer in the movie _War Games_, Bohlen said. They programmed their computers to dial and redial in split-second speed, trying out different seven-digit (he means six digits, sheesh) combinations to find active access codes (programmed my ass, they just set up Code Thief to hack a 950). "In fact, the suspects called their system 'War Games,'" (t00 el33t) Bohlen said. "These kids are amazing (amazing???). When it comes to computer technology, thier knowledge and experience is amazing (WHAT?! These guys were couriers who spent all their time uploading and downloading console game.). But when it comes to everything else, they're out of touch. (I'll say) Their world revolved around computers." (nothing wrong with that) Bohlen said the three were arrested in October, but the investigation was not revealed until this week (every sysop in town knew about it within 24 hours) when computer experts finished testing equipment seized from their homes. Wilson and one of the juveniles are charged in a separate case involving the theft last summer of about $8,000 worth of computer equipment from a Littleton business where Wilson worked, Bohlen said. That case is pending. Formal charges in the hacking investigation have not been filed, he said. Wilson declined comment Monday, saying, "I don't know much about computers." (or about hacking and phreaking) But in a search warrant filed Oct. 21 in Arapahoe County District Court, police said Wilson "has confessed his advanced knowledge of computers (smooth move) and desire to obtain a prestigious reputation (I'm impressed) amoung computer bulletin-board operators." (He got busted just to impress a bunch of warez kiddies?) Long Distance Dialing Service notified Colorado authorities of the problem in September. U S West and MCI also participated in the investigation, court records show. ----------------------------------------- OK, now I set the story straight. Damian, Epsilon, and Shockwave are couriers for some of the local warez boards. They couriered console games from big boards in other states. Being that couriering causes some serious phone bills, they thought they would be elite and hack some codes. They set up Code Thief and let it run continously on 950-1001 until they got a code. They didn't divert and they didn't try and make the scan random. Of course LDDS noticed what was going on and traced them. They had had some trouble with hackers (hehehe) this year and were looking to catch someone. They let the pirates make a few phone calls with thier code and traced them everytime they used it. Those loozers didn't even try and divert. They just called directly from thier houses and downloaded games for hours. Thats real 'amazing'. If these guys had half a brain, they would have taken some precautions with thier code. First of all, they should have hacked the code from a payphone. Secondly, they should have diverted at least twice before using the code. ESS keeps a record of every call made so it isn't very hard for U.S. West to trace a call. These guys deserved to get caught. They thought they were so elite since they stole software that they could just steal phone service. I hate to tell them, but its just not that easy. Hacking is a game with some very high stakes, and they lost. To be good at the game takes patience and intelligence. You have to be willing to take precautions. You have to build on the knowledge of experienced hackers and be willing to help out those who aren't as experienced as you are. You have to take the time to learn from every resource available before you go out and attack a system. If these basic rules aren't followed, you are destined to lose the game. Damian will soon find out just how rough loosing can be. Don't make the same mistakes he did. I have included an article written by Cavalier and Jewish Lightning on hacking 950's in this issue. It is the best 950 article I have ever read and explains how to hack codes without getting caught. If you plan on getting some codes, read this article first. It might keep you out of jail. |>ead|========= úúúøoøúúú Phone Tapping Made Easy úúúøoøúúú ÄÄÄÄ=ð Written by Scanner ð=ÄÄÄ Okay, This is the first text file i've written for CoTNo so I hope that everyone can find some use for it. First off, i'll give a list of equipment you'll need and then a basic and easy way to set it up. I've included the Catalog Numbers so you don't have to waste anytime dealing with the incompetent moron's at Radio Shack, - "What are the last 4 numbers of your phone number? Shut up, gimme my shit, and get me the fuck outta here!" EQUIPMENT: 1. Telephone Recording Control . Made by Archer, Catalog Number 43-228A . No batteries required. 2. Beige Box (I used one that has a male and a female end. Fairly short in length, with the alligator clips on the male end). 3. Cheap Tape Recorder with a Mic Input and a Rem Input. You can also use one that has a Mic Input and Ear Input. The smaller the better. (Ex. Realistic Micro-27 Model No. 14-1044) (Optional) 4. 50 foot + basic telephone wire (Optional) 5. A 3.5mm to 2.5mm converter. Use this if you have 2 2.5mm jacks on your tape recorder. This is common in most mini cassette recorders. DIRECTIONS: 1. Get your Beige Box and find the number that you need to tap. Use some nifty Automatic Number Identifiers (ANI) to make sure that you have the right number. 2. Once you have the number, hook the beige box up to a 50' + wire and string it to a concealled location. 3. Attach the Telephone Recording Control and set to Record. 4. Insert the Control's two plugs into the recorder - the larger plug into the socket marked MIC, the smaller one into the socket marked REM. If you don't have a REM socket, try the EAR (earphone) socket. 5. My girlfriend suggested wrapping the equipment in a plastic bag so it doesn't get wet, and who said girlfriends aren't good for something! 6. The cool thing about this device is that it starts recording once the phone is picked up and stops recording once the phone is hung up. 6. Check back at least once a day. You don't need anyone knowing that the tap is there. I'm not quite sure what Ma Bell would do if they found one. Any information would be greatly appreciated. That's about it. Fairly easy and fun to do! I could think of many wonderful uses for it! Unfaithful Girlfriends, Bitchy Mothers, Exfriends, Lawyers, Cheap Skate Drug-dealers, you name it, one can always have fun with a phone tap! If you have any problems with this, you can contact me on T.N.O.'s Headquarters, FlatLine. Thanks and hellos going to my friends that helped me along. Scanner ========= /\ / \ /\ / \ /\ /\/ \/\/ \/\/ \/\ / \ / A PHUCKIN PHILE PHROM \ / Communications of The New Order \ \ / \ "Some Shit About 950's" / \ / \/\ /\/\ /\/\ /\/ \/ \ / \/ \ / \/ KiND of an INTRo: ---------------- Phreaking these days is getting pretty tricky. Half the text files written don't work anymore, and the other half were bullshit in the first place. But while phreaking is getting a little more technical, it is by no means impossible. Some methods from the mid 80's have survived over the years and still work today, with a few changes. One of the most timeless ways of phreaking is the good ol' 950 extenders... NiNE-FiVE-0Hz: ------------- Virtually every phreaker knows the convenience of having a working 950 code. They're free from payphones, the codes are easy to remember, they can last forever, you get a crystal clear connection, and they are one of the safest possible ways of dialing-out, and on and on and on... What's a 950? 950's get their name from the toll-free prefix in which the dial-ups are found (950-xxxx). Though the dial-ups vary from region to region, the 950 prefix is national and can be found in every US calling area. The best in depth definition is probably from MixMaster of ABUSE in his 950 text, so quoting him: "The 950 service offers national companies that network a system of letting the employees access through the business TOLL-FREE from a payphone... This lets the company issue their own toll free dial-in and with an issued passcode the employee may dial within the system to the office and extensions or dial to a long distance number... This is basically similar to 1-800... The 950 services are NOT in anyway affiliated with your local phone company and very few are affiliated with and MAJOR L/D company." Summing up, 950's are basically regional or national access PBX's for major businesses with a few long distance networks here and there that offer long distance service to subscribers who are away from home. These are called Specialized Common Carriers. This is how it works: The customer calls his assigned 950 dial-up. At the tone he enters his access code and then the number he wants to call. The call is charged to his account (Or his companies account). GhETTiN K0DEz AB0De: ------------------- This is Jewish Lightning and Cavaliers method of hacking codes: 1. Find a VIRGIN dial-up 2. Explore the dial-up 3. Hack the dial-up 4. Distribute codes UNo - Find a VIRGIN dialup: If you want a good code, that will last a long time, the best thing to do is hack it from a virgin dial-up. In order to find a virgin dial-up, you will need to do some scanning. All 950 dial-ups are located between 0000 and 1999. This makes them very easy to find. There are three ways to scan for tones: 1. HAND-SCANNING : Hand-scanning is not a lot of fun...in fact it is pretty boring, and very slow too. It may be good for scanning 800's, but now 950's, but if you do decide to do it by hand you can make you scan shorter by noting that 950 dial-ups will not even ring before they pick up, they will just pick up. So if you dial a 950-xxxx and it starts ringing, you know it's not a dial-up, so you might as well hang up. 2. WARDIALING : In order to scan for dial-ups using a regular wardialer, you need to scan with the speaker on and listen to every dial. This is just like hand-scanning, except your finger doesn't get tired. When you get a tone, jot the number down. As mentioned above, if a 950-xxxx starts ringing, you might as well abort to the next number, because there's no dial-up there. 3. TONELOC-ING! : If your modem detects dial-tone, use toneloc and scan for tones. Just type "toneloc 950-xxxx /m:0000-1999" and let'er rip. This is the most efficient and effective way to scan for dial-ups. The scan with toneloc takes about 4-5 hours. DOHss - Explore the dial-up: Once the scanning is done, explore the dial-up and learn more about it. There are two things in particular you will be looking for: Number One: the company who owns the dial-up Number Two: the format for the dial-up 1. Find out more about the company who runs this dial-up. The purpose of this step is to get an idea of who you are messing with and what precautions they have taken against phreakers. A very effective and obvious way of finding out more about a 950 is to enter numbers at the tone until you get a response (busy, recording, operator or otherwise) or use the speed-calling available on many dial-ups by dialing #<0-9> (Try #0 for the operator). If you get a recording, listen carefully, it might identify the long distance carrier who owns the 950. If you get an operator, he/she usually answers with the LD company's name. Ask him/her for the 800 customer service number. If they cannot give it to you for some reason or another, call up 800 directory assistance (1-800-555-1212) and ask for it. Now that you have got the name of the company and their toll- free number, call the company posing to be a possible customer. Ask for information on their long-distance telephone services and mention that your neighbor experienced problems with someone abusing his code and what this company does to counter toll-fraud. Ask specifically about a feature that records the numbers of where the call is coming from without sounding too smart, also ask about all the information that they put on the bill. If they have ANI, note this. If they don't know, and try to play it off like they have some other technical security bull-shit, then write "Take me! I'm yours" by their number. Try this with a few different service reps just in case someone was trying to bullshit you. 2. Now that you have a better idea of who you're messing with, you need to find out the format for the dial-up (ie, number of digits, code first, etc). The most common format is CODE+ACN, though some will accept CODE+1+ACN, in fact I have never found a dial-up that was not "code first". So you know the format, but you don't know how many digits the code is. In order to determine how many digits the code is, enter random digits until you get a response and note how many numbers you entered. Subtract 10 from this for the ACN (Area Code and Number) and you have the number of digits of the code. Do this a few times because as mentioned before, some dial-ups will accept a "1" before the ACN and this adds and extra digit that may not be necessary. For this reason, among other things such as strange formats, double check your findings. To illustrate this better, here's a "FOR EXAMPLE": You dial up 950-xxxx, wait for the tone, and enter 17 digits before you get a ring and then an "invalid code" recording. You try this again, and this time it only takes 16 digits before you get the recording. Chances are, you dialed a "1" before the last 10 digits. You try one more time, for good measure, and sure enough, it only takes 16 digits. Subtract 10 from that and you have a code length of 6. As mentioned above, some dial-ups have a bizarre format. Usually this is just a variation of the "code first" format. Here's another "For example": Sometimes after six digits you will get another dial tone, then you will need to enter ten more digits (ACN+Number) and then you should get a busy, constant ring, or a message that tells you that you have entered an invalid code. You can assume the code is a six-digit code plus area code plus number. This is not restricted to 6-digit codes though. Some with this format will be 8-digits, some with 7, etc. You just need to play with it until you can figure it out. Once you *think* you've got the format and the number of digits in the code, hang up and try the new format to see if you got it correct: 950-xxxx, X-DIGIT-CODE + AREA-CODE + NUMBER. TREz - Hack the dial-up: Wow! Now you have the 950 dial-up, information about the security, and the format for their codes. Time to hack. There are three ways you can do this: 1. Hack from a payphone 2. Hack using a code-hacking program such as Code Thief 3. Hack though a diverter from home 1. Hacking codes from a payphone is by far the SAFEST way to go. The payphone is the best diverter. The method entails going to a payphone with a dial-up in mind, and entering random X-digit numbers plus ACN where X equals the number of digits in the code. This gets pretty hectic thinking up random numbers, and then remembering what you dialed should you enter a valid code. So to make things easier and more efficient, write a program that generates random X digit numbers. You can even do this in BASIC (yes *BASIC*) with the following: 10 FOR K=1 TO X <- X=number of random numbers to print 20 RANDOMIZE TIMER <- if necessary 30 LPRINT INT(RND(0)*89999)+10000 <- LPRINT with print this out ^- both numbers have as many digits as in the code ie, if 6-digit code then "899999" and "100000" 40 NEXT K 50 that's it unless you want to put END here. Print a page or two out of these random numbers. Now head on down to your local 7-11 payphones and hack away. It's a good idea to use a phone number for the payphone next to you or a carrier as the destination phone number so you know right away if the code is good or not (you don't want to waste time waiting for an answer). It's hard to say how long this could take. It may be a few minutes, or you may have to take a few days on the same dial-up. You might want to circulate dial-ups for a change. You may have better luck with a different dial-up. 2. If you can find a good code-hacking program that works with your modem, and you feel like taking chances, set it up to hack. Here are some ways to make you more elusive and prolong your life as a successful phreaker. I will present these from a CodeThief point of view. Hopefully they will be versatile enough to adapt to your own code-hacking program: 1. Enter as many dial-ups as you can into your extender database. 2. Hack using "multiple extenders/multiple targets". 3. Never hack codes sequentially. 4. Pause for a few seconds between attempts. 5. Enter "dummy" numbers. These can be numbers of people you want to piss off, or disconnected numbers, etc. The idea of these tips is to increase the randomness of your hacking session. They are by no means the only ways of making you scan more chaotic. The basic concept is, the more random you are, then less obvious you are, and the longer your life in the wonderful world of phreaking. 3. The final method is hacking codes from your house, through a diverter. You can do this basically the same way as hacking from a payphone; using the same dial-up everytime, and a page full of random numbers. First, find yourself a diverter. From there, call your target dial-up and hack from there. This technique is very tedious because everytime you get an error recording, you have to hang up and then dial-up your diverter again, and then enter in the 950-xxxx again, and then enter in a different code, and then hang up and start all over again. So Jewish Lightning devised a way to get around that. The problem is you need a working code first; one that will allow you to "pound off" of it. This means, that when you make a call with it, after you are done, you can hold down the pound key for a second, and it will give you the extender tone. From here, you do not need to enter the code again, simply the number you are calling. Sorry guys, but with this method, it takes codes to make codes. Here's the general idea: 1. Call up your diverter. 2. From there, call the dial-up for your working code. 3. enter your working code. 4. enter the number for the target dial-up. 5. enter random CODE+ACN. 6. When you get the error recording, "pound off". 7. You are now at step 4. Repeat steps 4-6 until success. QUATRo - Distribute and Use da codes: Now that you've got a code or two, or three, you're going to want to hold on to these as long as you can, and of course, you don't want the gestapo to come a-knocking at your door, so let's talk about these two things. How NOT to get caught: Once you get your codes, you could use them from your house, but i don't recommend doing that directly. If you have one, use a diverter. If you don't, find one. You can find an outdial on Meridian Mail systems (not all, but a few), and you can set yourself up with a diverter from a Sys75 if you read PM's guide to hacking Sys75's. Second of all, use it from payphones. Don't always use it to call home though, that's just as good as using it from home. Call some friends. Just as with hacking, the more random you are, the less chance you have of getting nabbed. Finally, give your codes out. Now t-files out there say "don't give out your codes. let them hack their own codes." but we're here to tell you that it's best to share the wealth. That's right. We're telling you to give them out. Not to everyone, but to a circle of friends. Why? it's part of increasing the randomness. Say BLAH BLAH communications DOES have ANI...by giving out your codes to a select few, you have increased the number of call-origination points, the more these people have to investigate, and the less chance they have of coming full-force at you. If by some small stroke of bad luck you get a phone call of some kind, you can always blame it on someone else, becuase the phone company you fucked with KNOWS that you aren't the only person with the code. Give 'em Razors VMB or some shit like that. Most companies with 950's are small, regional companies. Chances are they don't have the resources to fund a full-scale criminal investigation. But remember that these are just chances. There's also always that slim chance that they CAN get you, so be careful. How to MAKE it LAST: The secret to making codes last it self control. When you get a few codes, don't be stupid and start calling all your favorite k-neeto bbs's nation-wide. Use it sparingly. When you give it out to your small circle of friends, make sure you can trust them to use it wisely also. If you excercise some self control, one code can last months. SoRTA an OUTRo: --------------- That's about the jist of it. Three sure-fire ways of GhETTiN H0oKeD uP WiT ZoME FReSh JiVE K0DEz AB0De. If you find a working code you are set for long distance calls for a couple of months (well worth it). Sounds crazy, but the past few codes we've had have lasted forever. Ask us about the "950 that would not die"! Cavalier. /// Jewish TNo // Lightning Communications \ TNo Communications BONUS: For those of you local to 303, Here is the 1993 total list of 950 dial-ups, the companies that run them, and the format for their code (what we've found so far). This list is for the 303 area! LD people, let us know which ones work where you are. Good Luck. Peace, Love, and Phuck the Phone Companies... 950-XXXX K0dE LeNgTh KaRRieR -------- ----------- ------- 0070: 6 US Long Distance 0244: 6 Automated Communications Inc. 0266: 7 Com Systems 0330: 6 National Networks 0390: 8 One-2-One 0420: 6 ACI 0488: 7? Metromedia (ITT) 0535: 6 Long Distance for less? 0569: 6 WCT 0621: ? Tele-National Communications 0638: 6/8? Telephone Express 0656: 6 National Networks 0658: 7? Oncore 0663: 6 0669: 6? 0675: 6 National Networks 0700: ? Telephone Express 0737: 6 Digital Service Communications (LDDS) 0738: Card? LDDS 0760: ? 0899: ? Telephone Express 1001: 6 LDDS 1022: 14 MCI 1023: 6 Metromedia 1033: 7 U.S. Telephone 1044: 6 Allnet 1055: 6 Oncore 1066: 6 Allnet 1250: ? 1311: 6 Metromedia 1315: ? 1400: 6 ASI 1450: 6 LDDS 1465: AC+7 Telephone Express 1468: 6? ITC 1477: 5 Call America 1478: 6? ITC 1485: 7? 1535: 6 LDDS 1539: 6 Allnet 1555: 6 Oncore 1569: 6 WCT 1621: ? Tele-National Communications 1683: 8 One-2-One 1685: 6 1801: 6 LDDS 1937: 7 National Networks 1946: 7? Westing House, Willow Springs 1960: 6 National Networks 1977: 6 National Networks 1982: ? Telephone Express 1991: 7 1999: 6 Metromedia 3290: psych... ========= FIGHT THE POWER===============================================FIGHT THE POWER FIGHT THE POWER===============================================FIGHT THE POWER FIGHT THE POWER====== Physical Security and Penetration =====FIGHT THE POWER FIGHT THE POWER====== =====FIGHT THE POWER FIGHT THE POWER====== Written =====FIGHT THE POWER FIGHT THE POWER====== =====FIGHT THE POWER FIGHT THE POWER====== By =====FIGHT THE POWER FIGHT THE POWER====== =====FIGHT THE POWER FIGHT THE POWER====== John Falcon (aka Renegade) =====FIGHT THE POWER FIGHT THE POWER====== =====FIGHT THE POWER FIGHT THE POWER====== Written Exclusively for CoTNO =====FIGHT THE POWER FIGHT THE POWER===============================================FIGHT THE POWER FIGHT THE POWER===============================================FIGHT THE POWER A recent case that is currently being sought to be brought on trial deals with Encryption and Private Security. This sparked a fire inside me that I would like to share. Physical Security. Now Encryption is great for when you get busted or when it's time for you to send your latest hacking tips over the network but what about when someone breaks in and steals all your disks? Then what? Now, I personally have been stealing and robbing places ever since I was 14 years old and until recently I still kept going. Now I would like to take some time out to tell you about physical security. "I don't believe any system is totally secure." - 'David Lightman' Matthew Broadrick War Games Now, there are many layers of security in the world...let's take them step by step. Part I: Exterior Security I spent some time in Gilliam Youth Center in Denver (a month) and during that time I started to ponder security to a extreme extent. Gilliam would be graded a low-security detention center. Their layout was described as seperate pods. You have a total of 20 seperate rooms in each pod usually houseing 1-2 people in each room. The doors themselves had no door handles inside the room but had a deadbolt when there was a lockdown. The normal locks were often circumvented by useing the plastic combs they would give for hair. The room itself usually had one pod monitor that sat at a desk near a door going into the main complex. The cafeteria and such were across the yard and they did check for silverware (it was plastic but...) The fence was a plastic/metalic tight chainlink that you couldn't climb normally but I watched as 2 kids about 13 and 15 scaled it just useing 2 toothbrushes sharpened down so that they could just climb the fence like a pegboard. They had metal posts that people used to just climb up and hop on the roof and over the fence but they used axle grease and made them a little harder to go up. Gilliam wouldn't be impossible to get out of. Actually useing a little organization you could get out quite easily and without much damage. Their classrooms are arranged as such so all you need to do is break a window (grant it it has wire mixed with it so it's a little harder but not impossible) and zing! On to a roof, then the ground then out the employee gates. Now for breaking into buildings. Fences are just one means of security. My father and grand-father has built them for the past 25 years so I think I could be considered an expert since I had to deal with the shit for the early years of my life. Most business places have what's called in the industry "Chain Link". This is relatively easy to work with and can be broken through easily. Now there are many security options for this fence. One is vibration detection. There is usually a cable that runs in the bottom two links of the fence. The cable senses any serious vibrations along the fence and then signals that to a main control box to which in turn sends it to the security monitoring place. This is not too hard to defeat...just wait till it's windy outside or even a little breezy and then shake a few sections of fence at the pole and then have another person cut a hole into the fence to crawl through above the cable but wide enough to go through. Crawling over the wire was something I never liked to do. Usually I would just cut a hole but sometimes you are able to. Now the owners can install what's called "Barbed Wire" across the top. This is just a pair of wires with about every foot and a half that has a little barb with sharpened ends. But sometimes you will get what I call "Nasty Shit". Razor Ribbon is a costly expense for the owner but it is a definate sign of someone saying.."Go Away". It is possible to cut with bolt cutters but it is spring loaded so it will spring back to get you. Now in 'Sneakers' they mentioned 'Laser Fencing'. This is just normal chain-link fenceing with an added twist. The laser acts as a super-sensitive vibration detector or can be rigged for a 'tripwire' type security. If this is the case..I would think of another way around it. Laser Fencing is expensive as hell usually means that they have some security force in the perimeter. Card Key security is an effective measure of security but I won't go into it because I am just writeing this as a quick overview of general security. There are a few types. Some are magnetic strip readers. Then you have some that use magnetic wires inside the card which are more durable. There really is no way of getting past this security because of the encryption that is involved. Well not easily anyway.. Now most external areas have cameras. Usually mounted near lights so they aren't visible at night. The best way of getting past them is do day survellance of the site. You can usually time how long it takes for it to move from one side to another. Make notes of the duration between sweeps and make sure that you have your timeing down to a T. But for cost effective reasons, cameras are usually places near doors. I Remember watching an 'A-TEAM' where they had to defeat a type of security like such. So good old Murdock crawled next to the camera without being detected and just took a picture of the area...Good idea when daylight but not too effective at night. Best to just tap into the armored cable coming from the video camera, create a millisecond of static while you attach a cable splitter to it and record about 10 minutes of tape and stick it on continous replay. Now all of the stuff I just mentioned is going to the extreme of things because just like any other business they have to keep cost conscious about these things. Most companies don't have the money to buy alot of external protection other than the normal fences with barbed wire and maybe (big maybe) a camera outside the main door. PART II: Interior Security When I was in California, I learned about security systems and such. I learned that most offices usually had door and window protection and some of the more richer offices usually had motion detection. Just remember 2 rules. 1) Never be too lax when you enter a building, especially when it comes to being paranoid. 2) Never be in a rush to break into anything. If there is going to be a time crunch. Do it another time...there will be better opportunities. Most offices in warmer climates usually don't lock their windows due to the fact of because they are always opening the window anyway and people just get lazy. That's what happen with many places that I have hit. Most offices now at days have computers in them. They also have little refrigerators, microwaves, a little radio, phones and such..maybe a small copy machine or fax. We entered this one building through a vacant office hopeing to enter their phone room and reprogram their pbx...well since we entered a empty office we couldn't get in to the core of the building. So we discovered that the walls between offices were just going up to the top of the ceiling tiles. So we tossed the lightest of us over the wall, he fell through the tiles and landed on a couch. We then ran out of the building for a while to see if there was any cops coming...when it was all clear we went back in and looked around always looking out the windows for anyone pulling up. This particular score gave us 5 386's (At the time were the hottest things around) 2 VCR's, 2 fax machines, a tv, a phone, a flatbed scanner, 2 dot matrix printers and 1 laser printer. And 10 old Apple //e computers sitting in a stack in the back room. Needless to say that particular one we cleaned house, but nothing like when we another one we did in the same building 2 years later which managed to yield 2 486's and a whole network of Macintosh computers. Shame.... PART III: Planning Now I am not one to blow sunshine up anyone's ass when it comes to planning. Planning is needed for most operations. When we entered those buildings, we had a team of 5 people. One was sitting in a car overlooking the entrance to the place. One to keep tabs on communications and make sure that the coast was clear and 3 for penetration. All people had radio communications useing 2-meter ham radios set to low power settings on a obscure frequency. We only used the radios to talk to anyone that was not in the same room or for talking to the people outside. (We later moved up to Motorola Business Frequency radios due to the fact we found them in one office.) The car would sit and watch the entrance was also monitoring police band radio for any calls to the area and relaying if there were any cars passing by especially cop cars just cruseing around. The second person makeing sure we were informed when a call came from anyone and playing second watch also had a car available for cargo purposes. Then the 3 people were usually computer experienced in some way to deal with the large amount of cables required in disconnecting the systems and makeing sure cables and documentation was gathered. As you can see, this was a good setup. Let me give you a full transcript of what we did for the first one. <11:30pm> Car 1 arrives at the target to begin monitoring all traffic inside and outside the area. He calls in on his 2-meter radio. "Nine-one to base" to base." "Roger, Nine-One" "Target clear...2 cars in lot..look abandoned." "Roger. Received...Base out." <1:45am> Car 2 approaches target site... "Nine-Two to Nine-One" "Roger, Nine-Two" "Approaching target, will be in visual in 5 minutes" "Confirmed. Nine-One out.." <1:50am> Car 2 enters target area and then immediately kills it's lights parks near the entrance to the building in a shadowy area. 3 men move quickly out of the car and begin trying windows to find if anyone locked the one they found earlier that were unlocked. The found that 2 were but the third wasn't. They poke a head inside with a mini-flashlight looking at the ceiling for any ultrasonic or motion detectors for extra insurance. Satisfied they move quickly into the office and begin takeing inventory of all the items. They find a local network of macs and laserprinters and a host of 486 servers. They begin to remove cables and cords from the wall and start rooting through drawers to find anything in the drawers for documentation and disks. "Nine-One to Strike, Be advised that one police cruiser has past target....no sign of stopping" "Roger" One strike member finds a small pbx controller (A Meridian) which he then trys to hunt for manuals (which he finds near the end) All the stuff begins to pile up near the entrance while they make sure that nothing was missed.. "Strike-One to Nine-Two come in for pickup" "Roger" Car 2 moves into position with a popped hatch...(An acura integra) and they begin to haul in all the stuff...which fills up quickly... "Nine-Two to Nine-One...come in for assistance" "Roger" Car 1 comes in to pick up the rest of the stuff and picks up the rest of the team members...(A Ford Bronco II) All the people are ready and the place was swept to make sure that no prints were left if any.. All the equipment then was taken to one of the team member's garage and was hidden. Then the group was then assembled at the local donut shop watching the cops eye them... That was one of the better ones...I have had where the owners were concerned one day and they just installed a security system the same day we enter the target and had a close run in with the police...therefore the necessity of good communication as any military infantry man could tell you. Oh well...so ends another submission into CoTNO.... Remember to "FIGHT THE POWERS THAT BE!" ========= *--*--*--*--*--*--*--*--* | | * Complete Guide * | to | * The IRC * | | *--*--*--*--*--*--*--*--* by: Panther Modern Disclaimer: I have used many names in this text of real people on the IRC. I do not wish any of these references to be taken seriously. They are intended to add an air of humor and realism to the text. Introduction ~~~~~~~~~~~~ The IRC can be a fun and productive tool for communication over the internet. If used correctly, it can provide many hours of conversation with and about any imaginable person or thing, respectivly. The knowledgable IRC user will be able to find the channels or people he needs with grace, and use these to his advantage. The knowledgable user will be able to keep up with kicks, bans, de-ops, and other tasteless ploys that other users try to play on him. A knowledgable IRC user is a good IRC user. This guide to the IRC will be split into sections, regarding subject matter. The sections are as follows: 1.................What is IRC? 2.................Hooking in to the IRC 3.................Basic techniques on the IRC 4.................Operator status on the IRC 5.................Useful techniques on the IRC 6.................Other techniques on the IRC 1. What is IRC? ~~~~~~~~~~~~~~~ IRC is an acronym, which stands for Internet Relay Chat. It is a real-time chat network over the Internet. This means that one person can be talking from a computer in Texas, while another person can be talking from a computer in Germany, and all speach from Texas will be seen instantly in Germany, and all speach from Germany seen instantly in Texas. Real conversations can take place, with no lag. The IRC is split into channels, created by the users. If you join a channel, you are talking to the users who are in that channel. So people can talk about whatever they want on the IRC. There are ways to have private conversations, also. All in all, the possibilities of the IRC are endless. 2. Hooking in to the IRC ~~~~~~~~~~~~~~~~~~~~~~~~ There are many different ways to hook in to the IRC. It is mostly done through clients. A client is a software program that is on the machine you are using to connect to the IRC. The client connects with the IRC server, and you are thus hooked into the IRC network. This is all around the best way to hook into the IRC. If you are on a fast machine, you will have a very fast connection to the IRC, without lag. This does not take up more then 3 megs of drive space, so it won't break most users' quotas. It does not keep a process open, so the SysAdmin won't get angry. And it's very easy to install. On the other hand, one can set up an IRC server. For this, you will need to have root, and/or own the machine. You will need access to the Internet Ports on the machine. If you run a server, you will be able to get IRC Operator status (IRCop), which has many benefits. I will go into more detail on this later. There are also servers all around the net which one can access the IRC on. These servers are generally European, so people in the United States waste bandwidth when calling them. The servers are slow, and over- used. Generally, these are useful only if one of the two aforementioned techniques are totally unavailable. Servers are generally considered to be sleazy on the IRC, and you may be kicked out of a channel just for being on one. I would not reccomend ever using a server. The final way to hook into the IRC is through what is known as "raw IRC." Raw IRC is very low quality. You are recieving the same data that your IRC client would recieve, as you are hooked directly into the server. The data is unfiltered, and very ugly. It is more difficult to do anything with raw IRC. This is definately the last choice in using IRC. If everything else is unavailable, Raw is the way to go. Other then that, forget about it. Clients, Servers, and Help packages can all be obtained through ftp.santafe.edu. You will want to get the latest version of the IRC II package. This is the latest IRC client. To install the client package, first uncompress, then detar it into your user directory. Next, type install, and go through the questions which it asks. It will ask for server name. Mattering on where you are located, you will enter the closest server. The most popular that I have seen are: irc.colorado.edu irc.netsys.com irc.mit.edu All of these servers are fast and efficient. irc.netsys.com is slightly more widely used. After you tell your IRC server all of your system/server specs, it will go on to compile itself. Now you will have an IRC client. Simply type "irc" to enter the client. I have never installed a server, so I don't know anything about it To go to the raw IRC, telnet to one of the servers, port 6667. You will get no feed from the server. Type user a b c d [enter] Where 'user' is the command user, a is the account name you are using, b is any random number, c is any random number, and d is your IRC quote, which should be between quotes. Next, type nick username [enter] where nick is the command nick, and username is the nickname you wish to be known by on the IRC. You will now see the server's message of the day, and you will be able to proceed to use the IRC. To get to an anonymous IRC server, first you must telnet to one. These go up and down too fast to list them here. They can be obtained usually by asking around on bulletin boards. It will ask for a username. Enter the nickname you want to be known by. It will then ask for a terminal emulation. Enter this. If you have chosen VT100, the server will look just like an IRC client. Most likely the server will be very slow. Use it just like an IRC client. As a side note, if you set up an IRC client, it is reccomended that you add the help package to your system. It is much faster and better then the help bot which resides on the IRC. 3. Basic techniques on the IRC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Once you are hooked in to the IRC network in some way, the next logical move is to begin using it. The following directions will be for people using the IRC through either a client, a telnet server, or through their own server, as accessed from a client. People using raw IRC should enter the same basic commands, but without /'s. All talk to and from channels, and between persons while on the raw IRC should be through the privmsg command. Once in a channel, enter "privmsg ," And the message will go through to the channel. If you substitute a person's name for the channel name, the message will go through to that person. Basic client commands are: ------------------------------------------------------------------- Command Usage Summary of usage ------------------------------------------------------------------- /join /join This command is used to join a channel. If the channel has a key on it (see operator section) then the key should be added to the command after the channel name. This can also be used to start a new channel. For instance, if you want to join #warez, you type: /join #warez But if #warez has a key on it, which is "doomrules" /join #warez doomrules Or, say you want to start your own channel, called "#l0ser" you will type: /join #l0ser You will be in your channel, with operator status. ------------------------------------------------------------------- /nick /nick This command will change your IRC nickname. This is the name that people see you under. For instance, if your name is "Lamer" and you want to change it to "K00lGuy" you would type: /nick K00lGuy You will now be known as "K00lGuy." ------------------------------------------------------------------- /msg /msg This command sends a private message to a person, or a public message to a channel. For instance, if you want to call Pot a lamer, you would type: /msg pot you lamer! Now Pot will know that he is a lamer. Or, say you want to insult the people on #hack for banning you. You type /msg #hack You lamers! You banned my sorry ass! ------------------------------------------------------------------- /me /me This will make a message come out as an "action." For instance, say you want to say that you think U4EA just said a stupid thing, you would type: /me thinks that U4EA is a dumbass! If your nickname happens to be Tremolo, it will come out as: * Tremolo thinks that U4EA is a dumbass! ------------------------------------------------------------------- /leave /leave This will make you leave a channel. For instance, if you are hangin on #warez, and get tired of sittin with Elminster, you can type: /leave #warez Now, you won't have to deal with Elminster's shit any longer! ------------------------------------------------------------------- /who /who This will tell you who is on a given channel. For instance, say you are on #lamers, #warez, and #hack. You want to know who's on #hack, so you type /who #hack It will tell you everyone who's on, their operator status, their user comment, their system's address, and other useless information. ------------------------------------------------------------------- /whois /whois This will give you information on a person. For instance, if you want to know all about RAgent, you can type /whois RAgent It will tell you his comment, his nick, his system's address, it will tell you what server he is using, and a little bit about the server. ------------------------------------------------------------------- ------------------------------------------------------------------- Those are all the basic commands you will need to get around on the IRC, for the most part. For commands to execute when you are the channel operator, see the IRC Operator section. For more advanced commands, see the Useful Techinques section. To talk, while on any channel, simply type in your text and press enter. As I stated above, while on raw IRC, you will have to privmsg to the channel in order to talk to it. 4. Operator Status on the IRC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you happen to notice that someone changes the mode on a certain channel to +o , or you see an @ symbol next to your name on your IRC client/telnet server, you will know that you have operator status in that channel. This can be a very useful thing to have. Also, operator status will be given whenever you start a channel. The main command you will use if you have this status is the /mode command. This command controls all the settings for a given channel. There are many flags that can be used with the /mode, and the command is typed as follows: /mode <+/-> <(optional)name> All flags are either + (there) or - (not there). --------------------------------------------------------------------- Flag Usage --------------------------------------------------------------------- o The operator flag. If someone has this flag, they are a channel operator. This flag requires a name. For instance, if you are Serpent, and you want to give channel operator status to Pluvius, and you are on #warez, you would type: /mode #warez +o pluvius and IRC would return: *** Mode changed to +o Pluvius on #warez by Serpent Say he starts to annoy you... /mode #warez -o pluvius Suddenly, Pluvius has no operator status any more. --------------------------------------------------------------------- b The banned flag. If you have this, you are banned. If you give this to someone, they are banned. This flag requires a name. For instance, say that you don't want Y-WiND0Ze in your channel which happens to be #tacobell, you would give him the +b flag: /mode #tacobell +b y-wind0ze and he wouldn't be able to join. He would be banned. --------------------------------------------------------------------- i This flag makes a channel invite-only. If this flag is engaged, the channel is a private channel. No one can get in without being invited. --------------------------------------------------------------------- m Makes the channel moderated. This flag, when given to a channel, makes the channel be moderated. This means that only the channel operators can talk. This is a very useless command. --------------------------------------------------------------------- n This makes it so that no messages can be sent to the channel. For instance, if Kbg keeps messaging to the channel, asking to be invited, you can add this flag. Ahhhh.. Silence. Kbg can no longer say anything to the channel, unless he somehow gets in. --------------------------------------------------------------------- s This makes the channel secret. If the channel is secret, it will not show up on any channel listings. There will be no way for a person to find the channel unless he knows about it. --------------------------------------------------------------------- p This makes the channel private. The channel, in channel listings, will be listed as "*Private*," instead of being listed by it's name. This is good for hiding the channel, but letting people know that something is there. --------------------------------------------------------------------- l This sets the max number of users in a channel. This command is, for the most part, useless. It's good for having a scaled-down channel where only a few people can come in, so that the channel will stay fairly quiet. Other then that, it's just fun to use to set to neat numbers. For instance, say you're in #BlueBox, and you want to be cool, you set the 'l' flag to 2600. You do this by typing: /mode #BlueBox +l 2600 Now everyone will see that there is a 2600 and say "Trexer is elite!" (If your name happens to be Trexer.) --------------------------------------------------------------------- k This sets a channel key. A key on a channel means that a passcode must be used to get in. This sets that code. It is useful for having ONLY who you want to be in the channel. It is also nice, for having a channel where you don't have to work and invite everyone, but everyone who should be able to get in will have the key. It is used by typing: /mode #keykard +k 494949 Now, to join, someone will have to type: /join #keykard 494949 If they don't know the 494949 part, they will not be able to join. (There are other irc operator commands, also.) --------------------------------------------------------------------- /kick This kicks someone out of a channel. For instance, say that Maelstrom is being lame, in #lamer. You type: /kick #lamer maelstrom Now he's out of the channel. If he's not banned, he can come back in. If he's banned, the channel is invite only, or the channel has a key, he will not be able to get back in without taking the proper steps first. --------------------------------------------------------------------- /topic This sets the topic on a channel. So say you're in #redbox and you want everyone to know that you are a good redboxer, and your name happens to be SSerpent. You would type: /topic #redbox SSerpent is a /<-RaD 'Boxer! Now everyone who comes in will know. --------------------------------------------------------------------- --------------------------------------------------------------------- These are the main operator commands, the ones that are most used. Other modes and a few other operator commands exist, but they are not widely used, and are slightly obscure. The IRC oprator I am talking about here is not to be confused with an IRCop. An IRCop is a person who has been given a special status by a server which he/she may run, or help to run, or is friends with those who run it. They are operators on every channel on the IRC regardless, and they have the ablility to /kill someone, which means to disconnect that person from their server. /kill is a stupid and useless thing, and is not something to worry about. If you are /kill'ed, simply /server being whatever server you use. You will now be back on the IRC. 5. Useful Techniques on the IRC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are a few other techniques on the IRC which did not seem to fit in any of the previous sections. These techniques are not to be discounted, though, as they are very useful. ------------------------------------------------------------------- Command Summary of usage ------------------------------------------------------------------- /dcc This is one of the more useful commands on the IRC. It is a file transfer command, as well as a private message command. It cannot be used from an anonymous IRC server. Say you want to send a file called "ellenude.gif" to lonewolf: /dcc send lonewolf ellenude.gif Lonewolf will see this: DCC Request recieved (ellenude.gif 39393) from Kilslug the number after the file name is filesize. Lonewolf will proceed to type: /dcc get kilslug ellenude.gif Now his DCC will start recieving it. If he wants to see the progress of the transfer, he would type /dcc list He will see the file name, who's sending, etc.. If he is recieving the file, he will see the bytes gotten in the "read" column. If he is sending, he will see the bytes gotten in the "sent" column. The other use of DCC is to send private messages. The only part of the IRC which is not logged in any way at any time, according to the IRC-II Help files, is by DCC chat. Say you want to engage DCC chat with Cairo, you would type: /dcc chat Cairo If Cairo wants to chat with you, he will type /dcc chat CryptKepr To send a message to Cairo, CryptKepr would type /msg =cairo Notice the = sign. This makes it a DCC message. ------------------------------------------------------------------- /ignore This allows you to ignore someone. No messages at all will be recieved from them. Period. The only thing you will see from them will be if you list members of a channel; they will appear in the listing. ------------------------------------------------------------------- /away Marks you as being away. If someone pages you, they will recieve your away note telling them you're not there. Also, their page will be logged for you to see later. If you want to tell everyone that you're milking your cow, you would type: /away Milking my cow, be back later! Now everyone will know what you're doing and why you're not there. To end, type /away alone. ------------------------------------------------------------------- /mode There are also personal /mode commands. The two most important are +i and +n. The i flag makes it so that no one can get information on you without specifying your exact name. Someone listing a channel if they are not inside won't see you there if you have the i flag on. The n flag makes it so that you can't recieve any pages (msg's.) This is useful if alot of people are paging you and you want them to shut up. Also, if you want to see who is banned in a channel, regardless of operator status or even being in that channel, you can type /mode +b It will tell you all the people/sites currently banned within the channel. ------------------------------------------------------------------- /query This will put you on a permanent mode talking to someone. If you type: /query lestat everything you type from then on will go to lestat just like you were msg'ing him. This is useful if you have a lot to say and don't want to /msg all the time. To end, type: /query ------------------------------------------------------------------- /bind This is used to bind special characters to certain actions. The most important of these is the IRC_STOP bind. To set this up, type: /bind ^Z IRC_STOP This will make it so that when you type ^Z, you will "shell" out of IRC, making it into a backround process. As many people who use IRC know, it is sometimes annoying not being able to ^Z out. Now you can, with ease. ------------------------------------------------------------------- /exec This command is used to EXECute a command from the UNIX shell, without ever leaving IRC. For instance, if you want to do a ls -al, from IRC, you just type: /exec ls -al It will show you all the files in your directory, in your IRC window, instead of you having to ^Z out, or exit out. You can execute any command that will work in sh with /exec. ------------------------------------------------------------------- /load This command is used to load an IRC script. ------------------------------------------------------------------- ------------------------------------------------------------------- There are also two important IRC environment variables that you can set. These are IRCNICK and IRCNAME. The IRCNICK variable is your default nickname on the IRC. Once you go in, and your nickname is whatever you set IRCNICK to, it can still be changed by the /nick command. It is not a permanent setting. The IRCNAME variable sets your user comment to whatever you want it to be. This is the comment about you that people will see when they do a /whois command on you. These variables can be set from the csh command line with setenv IRCNICK setenv IRCNAME "" Notice the quotes with IRCNAME. This is an important part of it. 6. Other Techniques on the IRC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There have been many scripts written for the IRC, to do some nice fun things. ------------------------------------------------------------------- Script Summary of usage ------------------------------------------------------------------- tsunami This is a flood script, which is designed to drive a person off of the IRC. It is very effective, if the user has a good copy of it. It sends page after page of EI and IE combonations, very quickly. Some better quality versions send actual messages, and greetings, such as "Lamer," "fuck off," "leave now," "Fuck you," "go away," and other fun greetings. This script is very fun to use/abuse. It is run under the perl system, by executing the command: /exec perl tsunami After which, the user will see several telnet error messages, and the reciever of the tsunami will begin to recieve constant junk. ------------------------------------------------------------------- utc The UTC reply bomb is a script which takes advantage of a bug in earlier versions of the IRC-II client. The bomb "bombs" the client with junk, and causes it to lose connection to it's server, engaging "error 0." This bomb also works on some VMS systems. It is very fun to bomb an entire channel such as #gaysex and watch all of them suddenly log off with "error 0." The script is /load'ed, then is executed, usually with: /bomb or /bomb * to bomb the current channel. ------------------------------------------------------------------- vmsbomb This is a myth, in my oppinion. I have never seen this script either in action, or in source. It is supposed to be able to disable all VMS systems regardless of version number. Yeah. I'll believe it when I see it. ------------------------------------------------------------------- icmp The ICMP bomb is a much talked about bomb on the IRC. It is, in reality, not an IRC script, but a modified ping program. It is designed to destroy logical links between systems. It's use on the IRC is fairly obvious: Run it on a server, watch all of the people on the server drop off like flies, and watch the chaos begin. Mega netsplit. (netsplits are times when the servers are split up and not communicating.) I have the source to one of these, but I can't get it to work correctly. If anyone has a working copy, I would appreciate it if you could get it to me. Usage would be: /exec icmp ------------------------------------------------------------------- Xdcc There are many versions of this script floating around. It is a script which helps to automate DCC sessions. I, personally, do not use it, and do not like it. But many, many people do. So try it out... Usage: THe script is /load'ed, then takes care of itself from there, for the most part. ------------------------------------------------------------------- Toolz A great guy called Yazoo writes a big script for the IRC called Yazoo's Toolz. These are very helpful, and has many nice options. Xdcc was, for the most part, stolen from Yazoo's Toolz. But Yazoo knows how to program it much better. It has many nice commands, such as mega-de-op, flood protection, ban protection, etc.. It also has nice features such as keeping logfiles, and highlighting important information like pages. Also, it can be used as a type of bot, as it has the ability to op people automatically on command, and to distribute files on command automatically. This is a very nice script and is a must have. Usage: /load the script file, then do a /commands for a list of commands. ------------------------------------------------------------------- (A Command that makes no sense:) /ping hello!? what the hell is this thing for?? Tells you how many seconds it takes your system to send a data packet to another user's system, and for their system to send it back. -- Who cares?? If anyone finds a use for this, tell me. Usage: /ping ------------------------------------------------------------------- Bots: IRC Bots are scripts that act a certain way, and do whatever they are told/programmed to do. Many, many bots are out there, and they do alot of different things. The most common bots are there to give certain people operator status when they enter a channel. The bot has an internal list of people that it is programmed to give operator status to, and it gives the status to these people. If you can make friends with a bot operator, you can get on the list and you can get ops whenever you come into the channel. Other bots are there to distribute files. This 'zine, for instance may soon be distributed by a bot of my programming. Bots which distribute files go around, send people messages "download the file by sending me this message" .. when the message is sent, the bot sends the file via DCC connection. There is another breed of bot, which I call an IdiotBot. These are bots which sit there, and do anything anyone tells them to do. They are there to serve. Not just their master, no. But everyone, on every channel they happen to be in. Say I want ops in #hack. IdiotBot is in there, and the bot has ops. I just send him a message: /msg idiotbot mode #hack +o p_modern if you read the area on ops, you would see that this mode is the operator status mode. Now, I'll have operator status, and I can go and do what I want. These bots have no control, and I urge all operators to kill them off on site. Sooner or later, some asshole gets the ops from the bot, and fucks over the channel, pulling all ops out with a script, and putting a +m on, making the channel totally useless. Don't let this happen. Kill IdiotBots everywhere. There are many, many other bots. Some interesting ones I have seen: - a bot that bans people if they try to ban the people on the bot's list - a bot that calls master.. strange, though, master never comes. - many different greeting bots "Hi, how are you today?" - A bot that tells sexual stories about the smurfs ------------------------------------------------------------------- ------------------------------------------------------------------- Closing ~~~~~~~ I hope you enjoyed the article, and learned something about the IRC. I hope that if your name was mentioned, you found it to be humorous and did not take it seriously. I must now issue a warning: *** WARNING *** Do NOT take the IRC seriously. I have seen too many people go crazy over someone on the IRC, get all pissed off, and try to kill that person in some way. The IRC is virtual, it's bullshit. If someone fucks with you, fuck 'em back. It's that simple. If you're really mad, go beg an operator in #pub or #talk to /kill 'em. But don't take anything outside the IRC. I've done it myself, and it wasn't worth it. Do NOT start flame wars in public on the IRC. No one wants to hear it, most of the time. It takes away from the real conversation. Just have fun, do whatcha want on the IRC. No one can fuck with you there. And don't post things on the IRC which you want to keep .. for instance.. a code, posted on the IRC in #hack, will die very very quickly. It's just not worth it. Be careful who you tell things to while on the IRC. If you tell the wrong person, or if you make a typing mistake and it's broadcasted to everyone.. Disaster.. If you want to contact me, you can do so in the following ways: email: raymondb@ucsu.colorado.edu IRC: P_Modern bulletin board: The UnderCity 303-321-8164 ========= <[]> <[]><[]> <[]><[]><[]><[]> <[]><[]> <[]><[]> <[]> Conference Set-Up <[]> <[]> <[]> <[]> by <[]> <[]> <[]> <[]> Karb0n -<[TNo]>- <[]> <[]><[]> <[]><[]> <[]><[]><[]><[]> <[]><[]> <[]> Already time for another submission to COTNO? Seems just like last week I wrote for the first COTNO. Well in this submission i'll be talking about Meet-Me conferences and Dial-In Bridges, how to set them up, and methods of billing (not that we pay of course). The most popular and the most convenient conferences are of course the AT&T Dial-In bridges. These are the conferences that most everyone is familiar with. God knows how many AT&T conference's Dead Kat and I set up. To damn many to count thats for sure. But as DK and I found out, we had more fun setting them up than actually calling into them, but thats just us I guess. First things first, to set up conference's you must Beige Box, at least this is the most convienent way so we'll just stick with that for now. Now I will not be explaining what a Beige is or how to make one since there are probably more T-files on that box than any other. You can even find them on your local PD board. But get your beige box and get ready to field phreak. This is just a suggestion but before you get out there and hook up I would have the info and equipment you will need to set up the conference. You don't need alot of shit. All you need is a Pen and a piece of paper, and maybe something hard to write on. I recommend a pen over a pencil for obvious reasons. It would not be cool to break your lead while on the phone with the Meet-Me operator. On the piece of paper you should write the number of the Tele-Conference service and either your local ANI or an 800. I will post all the number's and other information you will need to know at the end of this article. Ok, when you have all your equipment go hook up your beige to wherever you beige from. Now the only time I beige is when I am gonna set up a conference and it's never from the same location. Since it's usually at different times of the day or night, I never know if the owner of the phone line is home or not. So what i've found to work best is when you're hooking up to your line make sure it has call waiting. The operator will call you back after you set up the conference and having the owner of the phone line pick up his phone could lead to some very uncomfortable moments! You can find a line with call waiting by hitting *70 on every line until you hear the three short dialtones. I hope everyone knows what I mean. Anyway, call the ANI and write the number down because the operator will ask you what number you're calling from, this is how they bill the number. Next call the tele-conference service and set up your meet-me's. The rest is basically talking with the operator and bullshitting her (or Bolshit as Visionary would say). I'm not gonna tell you what to say to her. I mean it might take you a couple of try's before you know what to say and are convincing enough, but I will tell you this, keep it short and simple. As Dead Kat and I have found out, it's easier to just say: "I need six conference's set for the 1st,2nd,3rd,etc.. of December... from 6pm to 2:00am MST.. and I want to bill them to the number I'm calling from..." We have set more than 8 conference's up in just one call. There's no need to make one call for every conference. Oh, and I almost forgot, she will ask you how many ports you want. What she means is how many lines in do you want. You can have up to 20 ports, but I would not recommend this at all. Twenty people on a conference tends to make it hard to talk to anyone. I would say no more than ten, maybe 15 if you know a shit load of people will call, but ten should do the trick. As soon as you hang up with her, dial a number that you know will ring and that will let you stay on for a few minutes. A good example is a VMB with a long greet or maybe a number that just rings forever. Stay on the line until you hear the call waiting beep and just click over. When you answer, the op will tell you the pin's and numbers for the conferences. Just work with what you have, you probably will have your own style and what not, but let me mention this, the op will give you a "Host PIN". This is for the person who set it up and no one else. Just some advice, don't call the conference direct and use this code. You'll end up paying for the meet-me. Well it's easy. All you need is a beige box, a place to beige, and the 800 number. Here are the numbers for the ATT conference's. These numbers are basically the same, you can call either one and set them up. 1-800-232-1111 -AT&T Conference Set-up 1-800-544-6363 -AT&T Conference Set-up 1-800-775-5513 -ANI (Good as of 12-31-93) And I thought i'd give you a little bit of info... The price per minute is about .45 cents a minute per line, so after the conference add up the approx amount of people that were on and how long the conference was up for and find out how much of a bill it is. I'm sure the people who's house you beige from won't be happy when they get there $1000+ bill. Heh! Karb0n -=/TNo/=- Email: Andersom@ucsu.colorado.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAizVmLgAAAEEANUO4ihO17KCxYHMwkv0Oi0BrZiv1/OENAIIq8lDVfhPaCob kwh5otvPW8v9aPbg/I+YtGM36ZjX1QzjGXOig8WJP+TuqV7YrKezAKtpA4tIU4r5 PxfDrYLLtMIFf7bQ35xsTL14yOThaiqUMSFt1zvwyfNC0EoajUQaDir1hSVlAAUR tAZLYXJiMG4= =2vgM -----END PGP PUBLIC KEY BLOCK----- ========= %%%%%%%%%%%%%%%%%%%%%%%%%% % % % Chemical Equivilency % % % % Table % % % % By: Coaxial Mayhem % % % %%%%%%%%%%%%%%%%%%%%%%%%%% Explanation: If you need an explanation of what this is, then you shouldn't be reading it. Now, on to the list. acacia gum arabic acetic acid vinegar acetone nail polish aluminum oxide alumia aluminum potassium sulfate alum aluminum sulfate alum ammonium carbonate hartshorn ammonium hydroxide ammonia ammonium nitrate salt peter ammonium oleate ammonia soap amylacetate bananna oil barium sulfide black ash cetyltrimethylammoniumbromide ammonium salt carbon carbonate chalk carbon tetrachloride cleaning fluid calcium hypochloride bleaching powder calcium oxide lime calcium sulfate plaster of paris carbonic acid seltzer ethylene dichloride dutch fluid ferric oxide iron rust furfuraldehyde bran oil glucose corn syrup graphite pencil lead hydrochloric acid muriatic acid(diluted) hydrogen peroxide peroxide lead acetate sugar of lead lead tetro-oxide red lead magesium silicate talc magesium sulfate epsom salts methylsalicylate winter green oil naphthalene mothballs naphtha lighter fluid phenol carbolic acid potassium bicarbonate cream of tarter potassium chromium sulfate chrome alum potassium nitrate saltpeter sodium dioxide sand sodium bicarbonate baking soda sodium borate borax sodium carbonate washing soda sodium choride salt sodium hydroxide lye sodium silicate glass sodium sulfate glaubers' salt sodium thiosulfate photographers hypo sulferic acid battery acid sucrose cane sugar zinc choride tinner's fluid zinc sulfate white vitriol ========= -=#=--=#=--=#=--=#=--=#=--=#=--=#=- -=# #=- -=# -=[ Operator Skams ]=- #=- -=# by #=- -=# #=- -=# Nuklear Phusion #=- -=# -=[TNo]=- #=- -=# #=- -=#=--=#=--=#=--=#=--=#=--=#=--=#=- This file is made to show the gateways of information that can be obtained from your local operator. Skamming your operator, whether it be AT&T/MCI/Sprint, or a local bell, is as easy as making a phone call. Part I: Picking an Identity -=-=-=-=-=-=-=-=-=-=-=-=-=- Choosing the right "occupation" is very important. Because the general public would not normally be able to obtain this information, picking your occupation is crucial. Choose something "telephony", such as Station Repair, MTS Security, Toll Service Maintenance, or Central Office Supervisor. You can easily find other occupations by trashing a bell office. Note: do not use the names 'Hank Poecher' (re-organized to spell 'phone hacker') or 'Chester Karma' (master hacker) invented by Dead Kat. Almost every Colorado hacker has abused AT&T or a bell office via one of these names, and quite possibly the dicks are catching on. Part II: Skamming -=-=-=-=-=-=-=-=- The phun part. While skamming, it is important to remember that if you screw up with an operator, don't fucking panic. If they ask you a question that you do not know the answer to, just explain that you must ask your supervisor, will contact them later. Call back again, and in most cases you will most likely get a different person, so simply start again. Note: if you choose to skam from your house, use a divertor, or a company that doesn't have ANI, or a so called 'HaKR tRakR!#%!@%!@%'. A good company to use for this would be Encore (800/288.2880). Encore has been abused literally thousands of times, and, to my knowledge, have taken no security action against a hacker in it's over four years of business. Skam A - LAC The LAC stands for Line Assignment Center. The line assignment center is used to obtain a customer's phone number, by giving an operator at the LAC the customer's address. You must have the full street address. Obtaining the number to your desired LAC is a simple process. Call up your local bell office and say something to the effect of: "Hello, this is Hank Poecher with station 29 repair, what do you show as the number for the LAC that handles the xxxxx area?" If you are able to obtain the LAC using this method you are either: a) a good social engineer b) eleet Once you obtain the desired LAC, call up the LAC office and feed them something like: "Hello, this is Chester Karma with repair, I have an address here and I need to know the cable pair and phone number going into that address" (The cable pair isn't neccessary, but if you say cable pair, they are more likely to think that you are a phone co. employee). Skam B - CN/A Office/ID The CN/A stands for Customer Name/Address. The Customer Name/Address Office is used to obtain a customer's name and address (hence the name) by giving an operator the the CN/A office the customer's phone number. You must have the full phone number. To obtain the desired CN/A office and ID, call up your local bell office (on occasion, i have heard that Sprint is much easier to obtain info from than your local bell office), or the CSSC (Customer Sales and Service Center) at 800/222.0300, and say you are from an AT&T office, such as the AT&T Northeastern Administrative Offices, or something along the lines of that. When you call, depending on the operator you get, obtaining the desired info may be easy, or difficult. When you finish identifying yourself, tell the operator that you were given a bit of incorrect info and need the correct information. A simple phone conversation might sound like this: "This is Hank Poecher from Northeastern Administrative AT&T Offices, and it appears that we were given a bit of incorrect information. We were given the CN/A number for Washington as 203-789-6815, but it looks like that is the CN/A office for Connecticut. What do you show as the correct number for the CN/A in Washington, and it's ID code? Could you check your handbook? Thank you." This method has worked many times. If you fuck up or the operator will not give you the CN/A, simply move down the list and try company b. Now, once you finally obtain the CN/A and id, the next step is rather easy. Call up the CN/A office you obtained by skamming the operators during normal business hours, and throw a line like this: "Hello, this is Chester Karma down at Sprint. My code is A12345, and I need a hit on a customer at 206-555-1212. Thank you." Try not to sound like an eleven year old, just as real as possible. Again, if they ask you a question that you do not know the answer to or the ID given does not work, say that you must ask your supervisor and will get back with them later. Skam C - Free Payphone Calls Part 1 First of all, you'll need to know the number of some "silent" or "dead lines". "Dead lines" are phone numbers that answer before the first ring and just sit there. The only noise that they make is a "click" when they answer. Silent phone numbers are easy to find. If you haven't already found one, scan (xxx) XXX-1119. A good one to use is (310) 516-1119. If you choose to scan for dead lines, make note of the one's that answer with the loudest click. Once you find two or three of these, write them down and go to your local payphone. dial 0 + the number you want to call. When the operator comes on, change your voice and say that you want to "third party bill this number." When she asks what number you want to bill to, give her a dead line. The operator will then call to "verify" the billing charges while you are on-line. When she calls, listen very closely for the click of the dead line. As soon as you hear the dead line click, change your voice again and pretend to answer the phone, using "Hello?". The operator will think that you are the person that owns the phone number (dead line), and ask if it's okay for whoever to bill to that number. Just say "yes" and she will put your call through. If this sounds complex at first, practice it until you get it down perfectly. What your doing here is acting like both people. Again, a good company to use for this is "Encore" at 800/288.2880. When you get the dialtone, put in any valid number, and go from there. Part 2 Billing to the pay-phone next to you is also a very easy way to pull off free phone calls from pay-phones. For this to work, your payphone must: a) accept incoming calls b) be privately owned, such as a COCOT payphone (Customer Owned Coin Operated Telephone), so it doesn't show up as a "payphone" on the operators computer. If the payphone you want to bill to doesn't have the number listed on front, call an ANI to get the number. Then call up the long distance company of your choice, and tell them you want to "third party bill this number" again. Give them the number of the payphone that's right next to you, and wait for them to call and verify the charges. When you answer the other payphone, change your voice, and accept the charges. Skam D - Finding Bridges Finding a bridge is by far one of the easiest things to social engineer. Call information in any state (xxx-555-1212), and ask for the number to AT&T NETWORK SYSTEMS for a major city in that state. Call Network Systems, and say you are from Maintenance and need the number to the conference bridge. If they don't operate or have a bridge there, just ask for the number to the bridge that they use. Skam E - Using the Operator to Divert Finding divertors have always been a hassle. Some phreakers in their states have already abused their diverters to the point of killing them or rendering them useless; or you live in a hick town where there are no divertors; or you are too lazy to scan for divertors. But every state, no matter how lame or small, has their friendly operator. Using the operator to divert is easy, plus IT'S LEGAL! Although some states forward ANI information when they place a call, MANY DON'T, which makes it an ideal way to divert. You can test your operator by dialing '0', and asking her to call an ANI. When she puts it through, it should sound something like this: "NPA-000-0000". If it does, Your in luck. if it doesn't, and instead reads of your full phone number, you should find some REAL divertors. Now, to put this to your use, call up the operator and tell her that your 'X' (where 'X' is any single digit in the full number you wish to call) key is broken (do not say your '0' key is broken, for obvious reasons), and ask her to place the call to '(XXX) XXX-XXXX'. This should be an 800 number, or a local number. She will put the call through. using this method of diverting is very useful for calling an 800 AT&T conference when you want to use the host, or calling an 800 PBX. You can also use it for 950's or local calls. Look for the eleet conclusion (part 2) of operator skams coming soon... ========= /-------------------/<*>\------------------\ \ / / Elite Music \ \ Part II / / by \ \ John Falcon / / \ \-------------------\<*>/------------------/ A Whole New World - ----- --- ----- (A take off on "A Whole New World" from Aladdin) [Editor's Note - When I first saw this posted on Flatline I nearly died laughing. JF didn't warn me or Karb0n at all. I thought you might get a laugh out of it as well!] DeadKat- I can call around the world Hacking, boxing, internetworking Tell me, Karb0n, now when did You last let your voice go far? I can open your lines Take you system by system Over, sideways and under On a electronic tone we fly A whole new world A new fantastic point of view No one to tell us no Or where to go Or say we're doing it illegal Karb0n- A whole new world A dazzling world I never knew But when I'm calling through here It's crystal clear that now I'm in a whole new world with you DeadKat- Now I'm in a whole new world with you Karb0n- Unbelievable speeds Indescribable systems Snagging, trunking, freedialing Through an endless microwave sky A whole new world (DeadKat- Don't you dare hang up the line) A hundred thousand things to see (DeadKat- Hold your breath- it gets better) I'm like a shooting star I've come so far I can't go back to where I used to be DeadKat- A whole new world (Karb0n- Every call a surprise) With new networks to pursue (Karb0n- Every moment, red-letter) Both - I'll phreak from anywhere When there's time to spare Let me share this whole new world with you A whole new world That's where we'll be DeadKat- A thrilling chase Karb0n- A wondrous place Both - For you and me The Spirit of Hacking --- ------ -- ------- (A take off on Rush's The Spirit of Radio) Begin the day with a System 75, An outdial unobtrusive Plays that dialtone that's so elusive And the touch-tones make your morning move Off on your way, hit an open trunk, There is magic at your fingers For the Spirit ever lingers, Undemanding contact in your happy solitude. Invisible pulses crackle with life Bright monitors bristle with the energy Emotional feedback on a carrier wavelength Bearing a gift beyond price, almost free All this machinery making information Can still be open-ended. Not so coldly charted, it's really just a question Of your honesty, yeah, your honesty. One likes to believe in the freedom of information, But charging high prices and endless compromises Shatter the illusion of integrity. For the words of the profits were written on the telco wall, MaBell's hall And echoes with the sounds of salesmen. ========= End of CoTNO Issue #3. Look for Issue #4 to be released in Febuary '94. Will include: How to Hack Meridian Mail Abusing MCI Unix Security Operator Skams Part II Elite Music Part III and much more! And remember... "TNO! TNO! We're in your system, and you don't know!" =========