==Phrack Inc.== Volume One, Issue Eight, Phile #1 of 9 Index Welcome to the long-awaited Phrack Inc. Issue 8. I'm quite sorry for all of the delays, but it's time to go back to school and it's been a hectic summer. Unfortunately, over the summer, Fatal Error of 617 died in a motorcycle accident. He was the sysop of Metropolis Elite and was around a while back. This issue is released in memory of him, regardless of any personal opinions. Taran King Sysop of Metal Shop Private Contents: #1 Phrack Inc. Index by Taran King (1k) #2 Phrack Pro-Phile V on Tuc by Taran King (6k) #3 City-Wide Centrex by The Executioner (14k) #4 The Integrated Services Digital Network by Dr. Doom (18k) #5 The Art of Junction Box Modeming by Mad Hacker 616 (6k) #6 Compuserve Info by Morgoth and Lotus (8k) #7 Fun with Automatic Tellers by The Mentor (7k) #8 Phrack World News VII Part I by Knight Lightning (25k) #9 Phrack World News VII Part II by Knight Lightning (26k) =============================================================================== ==Phrack Inc.== Volume One, Issue Eight, Phile #2 of 9 ==Phrack Pro-Phile V== Written and Created by Taran King June 25, 1986 Welcome to Phrack Pro-Phile V. Phrack Pro-Phile is created to bring information to you, the users, about old or highly important/controversial people. This month, I bring to you one of the most influential users of our times and of days of old... TUC ~~~ Tuc is the sysop of RACS III (TUCBBS), a telecom enthusiasts' bulletin board in Stony Point, N.Y. (914). ------------------------------------------------------------------------------- Personal ~~~~~~~~ Handle: Tuc Call him: Scott Jeffrey Ellentuch Past handles: None Handle origin: Nickname in high school derived from teachers calling him EllenTOUCH, EllenTOOK, and his corrections were phrased "TUCK!" Date of Birth: 10/10/65 Age at current date: 20-1/2 years old Height: 6'3-1/2" Weight: About 195 lbs. Eye color: Brown Hair Color: Black Computers: TRS Model I, then, 2 Atari 800's, then, countless Apple II+'s, then, finally, 1 IBM PC. Sysop/Co-Sysop of: RACS III (TUCBBS), Phreak Advisor: Sherwood Forest II ------------------------------------------------------------------------------- Tuc started out in the BBS world in July 1980 when he first got his modem, a Novation Acoustic. In August of 1981, Connection-80 of Stony Point, his first bulletin board, was launched into the BBS world. It started on a TRS-80 Model I, Epson MX-80 printer, 2 single density disk drives, a Novation Acoustic modem, and a home built auto-answer module. At the time, he didn't even know what phreaking was, so it was a general public board. A software switch to RACS III occurred on January 10, 1982, running until January 10, 1985. The hard drive arrived a few months ago to build it to the board that it currently is. Members of the elite world which he has met include King Blotto, Lex Luthor, Dr. Who, Crimson Death, The Videosmith, Jester Sluggo, The Sprinter, Mark Tabas, BIOC Agent 003, Agrajag, Telenet Bob, Big Brother, Cheshire Catalyst, Egyptian Lover, Magnetic Surfer, Paul Muad'Dib, Lord Digital, Sir Knight, 2600 Editor (Emanuelle Goldstein [sp.]), Susan Thunder, Modem Rider, Sharp Razor, Hertz Tone, The Flying Avocado, and The Ace. His phreak experience began in March of 1982 through the new board's software having a section called "Phreak-80". People started calling and paying attention to it, including one caller by the name of Susan Thunder, which is how he personally began to phreak. She lead him around the scene which included the infamous 8 BBS and to other people such as Larry Kelly. Some of the memorable phreak boards he was on included 8 BBS, MOM, OSUNY, The Private 414 Board (as in THE 414's), Blottoland, The Connection, L.O.D., Plovernet, Pirate 80, Sherwood Forest I, II, and III, WOPR, IROC, Pirate Trek, Pirate's I/O, Datanet, Stalag 13, A.I. Labs, and Hell Phrozen Over. He gives credit for his phreak knowledge to Susan Thunder and the people that she put him in touch with. Tuc's work is as a computer and communications security freelance consultant. He's done lots of programming in basic for the TRS-80, and assembly language for the IBM 370. Tuc does hack and phreak, but with his employer's consent. Tuc attends the TAP meetings in New York occasionally, but in the past he was a regular. He's attended all Phreak-Con's, he was an assistant editor of the original TAP, and was a pioneer in the phreak world before blue boxing and Alliance Teleconferencing was common knowledge. Besides that, he was the one on West 57th Street labeled "Scott Jeffrey Ellentuch". He was hard to find on that particular program. Tuc has been involved with various groups in his lifetime including (in the order that he joined them) The Warelords, The Knights of Shadow, Apple Mafia, and, at the same time as Apple Mafia, Fargo 4A. ------------------------------------------------------------------------------- Interests: Telecommunications (modeming, phreaking, hacking), martial arts (weaponry), radio controlled cars and airplanes, and video games. Tuc's Favorite Things --------------------- Women: A quiet evening with the girlfriend. Cars: MG-TD Kit Car. Foods: Anything vegetarian. Music: The Hooters, and any band he worked for. Leisure: Having just a "good old time". Most Memorable Experiences -------------------------- Car ride with 8 phreaks in Tuc's VW Super Beetle at a Phreak Con. The Fargo 4A stunt (getting all Fargo, N.D. DA's to go home). Some People to Mention ---------------------- Susan Thunder (for getting him started) All those that helped him while he was coming up in the world (too many to mention) ------------------------------------------------------------------------------- Tuc is 150% against credit carding. He thinks that is out and out criminal activity, something that is totally against the code of ethics of phreaking and hacking. He also doesn't appreciate the fighting between phreaks that occurs so often in the phreak world today. He thinks the modern community is crumbling. ------------------------------------------------------------------------------- I hope you enjoyed this phile, look forward to more Phrack Pro-Philes coming in the near future. And now for the regularly taken poll from all interviewees. Of the general population of phreaks you have met, would you consider most phreaks, if any, to be computer geeks? No names mentioned, but yes, a few of the ones he has met are computer geeks. Thank you for your time, Tuc. Taran King Sysop of Metal Shop Private ==Phrack Inc.== Volume One, Issue Eight, Phile #3 of 9 ^ ^ / + \ / + \ %PLP%>>>>>>>>>>>>>>>>>>PLP<<<<<<<<<<<<<<<<<<%PLP% %---% %---% % P % The Executioner % P % % h % % h % % a % and the % a % % n % % n % % t % PhoneLine Phantoms! % t % % o % - - - % o % % m % % m % % s % Present: The City Wide Centrex % s % %---% %---% [PLP]>>>>>>>>>>>>>>>>>>PLP<<<<<<<<<<<<<<<<<<[PLP] The CWC (City-Wide Centrex) feature provides multiple location large business customers with centrex features, attendant features, and dialing capabilities that are transparent across geographic locations and are independent of the configuration of the #1AESS switches providing the service. Historically, centrex customers have been somewhat limited to the bounds of the servicing switch. Customers could be built across switches, but with limitations. Multiple locations could be arranged to share some features in common only when placed in a centrex complex served by a single switch. Obviously, for this to be feasible, the locations had to be geographically near each other. The CWC feature expands the concept of the centrex group by allowing a multi-located business to function as a single centrex arrangement called a CWC group. Although each customer location remains a part of its own switch with its own individual capabilities, it now functions as part of the CWC group. Selected centrex features that were defined to operate within the bounds of a serving switch centrex group are now redefined to operate within the bounds of the CWC group. The outer boundary of the CWC cannot exceed the boundary of the LATA due to LCCIS constraints. The CWC feature provides a comprehensive communications package for a multiple location centrex customer. Some advantages are: o Extension to Extension (Intercom) dialing. o Concentration of private facilities access at one location. o Elimination of dedicated facilities between locations within the CWC group. o Transparency of feature operation across switches. Use of CCIS trunks to replace tie trunks results in the need for fewer total trunks and trunk groups. Remote access reduces the total number of customer trunks required and centralizes customer facilities at one location. All switches need LCCIS so that information can be passed between locations. ================== =Intercom Dialing= ================== Intercom dialing gives the customer the ability to dial extension numbers (intercom) to other locations. This is done either by dialing the interlocation intercom number or by a speed call code which contains an interlocation intercom number. The customer has the option of routing these interlocation intercom calls via simulated private or public facilities. After determining the intercom number dialed is in location, the originating office routes the call to that location. The call is identified in the centrex customer's digit interpreter tables as an interlocation intercom call and normal interoffice call processing determines routing. A decision is made as to whether simulated facilities are used for routing the call based on the location identification of the called line. If needed, a simulated facility is seized. This is determined by a distant line status request on the called line at the end of dialing. The originating offices sends information to the terminating office identifying the call as interlocation intercom call. The CWC group and location identifier of the calling party are also sent. This is done by using the RCLDN (retrieval of calling line directory number) to transmit this information. The terminating office recognizes as incoming call as such. If the two-way simulated private facilities are used, the count on facilities at the terminating office is incremented. The use of 2 way simulated pricate facilities for a call is based on the location identifier of the calling line and whether simulated private facilities were used on the outgoing side. =========================== =Centrex Attendant Console= =========================== The tie trunks are replaced by CCIS trunks, therefore some changes are required in the use of the attendant console. The changes are as follows: o Busy Verification and attendant call through tests are not applicable since there will no longer be specific trunks dedicated to the customer. o The existing trunk group busy lamps are replaced with busy lamps for the simulated facilities between locations. The digit interpreter table entry at each remote location contains the "Dial 0" DN for the attendant. This is done to process interlocation intercom calls which terminate to the attendant. If the attendant console uses a centrex data link, the line equipment assigned to the DN should specify the call indicator lamp to be used. A different DN should be used for each location if separate call indicator lamps are desired for calls from each location. This call indicator lamp flashes at the intragroup rate of 120ipm (interruptions per minute) to indicate interlocation intercom calls. The RCLDN primitive is used to transmit information for intercom dialing between locations. In addition, the RDLS priminitive is used to provide CWC information to obtain the CWC group and location identifier of the called line. The originating, incoming, and CCIS incoming registers are used to save information at both he originating and terminating offices. These registers include the CWC group, CWC location identifier, a CWC call type, and an indicator whether simulated facilities were used at the originating. ========================== =Remote Access to Private= = Facilities = ========================== Remote access to private facilities allows the CWC customer to access physical private trunks and simulated facilities at a single location. This allows customers to consolidate their private facilities at one location. The number of trunks required is reduced. Any station can access these facilities by dialing the same access code as the main location. If a station dials the access code for a private facility, the call is routed to the main location using the same facility as an interlocation intercom call. It is then routed out from the main location. The CWC feature does not allow the customer to use the ACOF (Attendant Control of facilities) feature from a remote location. The types of private facilities which are accessible are: o Tie Trunks o FX (Foreign Exchange) o CCSA (Commmon Control switching arrangement) o ETS (Electronic Tandem Switching) o WATS (Wide Area Telecommunications system) o FRS (Flexible Route selection) o EEDP (expanded electronic tandem switching dialing plan) The CCIS direct signalling messages are used to communicate between the remote and main locations during the digit collection and analysis of out-going calls. Once the voice path has been established, a CCIS banded signalling message transmits the digits collected. A remote access register is used to store information retrieved during the processing of the signal requests. This register belongs to the OR (Originating Register) pool at the main location. The remote location is responsible for digit collection and transmission of collected digits. A remote access data CCIS direct signalling message transmits the digits from the remote to the main location, which returns instructions for the next action to be performed. The following items are sent from the remote to the main location: o The digits collected. o The FRL(facility restriction level) of orig. line. o A FRL present indicator o A customer changeable speed call indicator. o A call forwarding over private facilities indic. o An add-on indicator. o The CC location identifier of remote location. o The remote access register # of the main location. o An abandon remote access request indicator. The main location analyzes the information transmitted and returns the next set of instructions to the remote location. The full analysis of a call may require several direct signalling messages with information saved from the previous direct signalling messages. This is required to process the current direct signalling message being saved in the remote register. The information gathered is used to establish the voice path for the call. Upon receipt of a direct signalling request, processing is done in accordance with the function indicated in the remote register. The types are as follows: o Translate access code o Translate prefix digit o "1+" dialing check o Check for possible account code o Complete account code received o 3 digit translation o 6 digit translation o 10 digit translation o Analyze authorization code o FRS 3 Digit translation o CCSA translation o Abandon call After processing at the main location is complete, the remote access register is set up to identify the next type of function. Then, the main location returns a CCIS remote message to the remote location. The information returned from the main location is always in the same format and is saved on the OR. ========== =Features= ========== The CWC group is allowed many features, here is a list of them. 1. Call Forwarding Variable: Users can forward their calls to remote stations located in another office by dialing the access code and the intercom number of the CWC station. 2. Call Forwarding Busy Line: Provides for the forwarding of calls to any interlocation station within the CWC group upon encountering a busy station. 3. Call Forwarding Don't Answer: Provides for the forwarding of calls that are not answered within a predetermined number of ringing cycles. 4. Call Transfer: Allows the station user to transfer any established call to any other station within the CWC group with the following constraints. o Dropback rules do not permit 2 outgoing trunks to be involved in the final 2 party connection. However, 2 outgoing trunks can be involved in a 3 way conversation. o On interoffice calls involving a fully restricted station, flash capability is allowed. However, the controller is not permitted to connect the fully-restricted station to any other station, either in dropback or a 3 way conversation. Cross network call transfer transparency requires that each location be provided the Call Transfer-Individual or Call Transfer-Individual-All calls feature. The CTO (call transfer outside) option may be provided. 5. Call Waiting feature provides a burst of tone when the called party is busy on another call. The types of Call Waiting features and CWC interactions are: o Call Waiting Originating: allows a CWC calling station to direct a call waiting tone toward a busy station within the same CWC group. o Call Waiting Intragroup: gives call waiting tone to a called party which has call waiting terminating on all intragroup calls. o Dial Call Waiting: Allows originating CWC station users to invoke call waiting on CWC intragroup calls by dialing an access code followed by the extension number of the station to be call waited. 6. Distinctive Ringing/CW Tone: Allows a CWC station user to determine the source of a call incoming to the station. This is done by associating a distinctive ringing or tone pattern with the incoming call based on its source. Interlocation CWC calls receive intragroup treatment. 7. Message Desk Service: Provides centralized and personalized call coverage or message answering capabilities which can serve the needs of all CWC locations. The Call Forwarding Variable and Call Forwarding Busy Line/Don't Answer feature are needed of forwarding calls from stations within the CWC group. 8. LASS (Local Area Signalling Service): Provides the called party with call management and security services. Local CCIS is required for multiple-office grouping within a LATA for intercom calls. The following features comprise the LASS offering : o Automatic Recall: Enables a station user to place a call to the LCDN (Last Call Directory Number) currently associated with the users fone. The LCDN can either be the last party called by the station user or the last party to call the station user. o Distinctive Alerting: Allows the station user to prespecify a set of numbers which activate a distinctive ring or distinctive call waiting tone. The CWC extension numbers can be entered on the screen list. When the user receives a call from one of these numbers, the phone if idle, will ring with a special distinctive ringing pattern. If a call waiting customer's line is busy, a special tone notifies the customer of the impending call. o ICLID: provides the number which is calling the station user. (Explained in other files) o Selective Call Forwarding: (Explained in other file) o Selective Call Rejection: Provides the user with the capability of not being alerted by calls from a specified set of numbers. The user inputs the numbers to be rejected from the station set. These numbers are specified either directly (dialed in) or as the number of the last call received. The CWC extensions are allowed on the screen list. =========================================================== =(C) 1986 The Executioner and The Egyptian Lover and PLP = =========================================================== This file is based on the AT&T document for the CWC. ==Phrack Inc.== Volume One, Issue Eight, Phile #4 of 9 The Integrated Services Digital Network ---==> By Dr. Doom <==--- ISDN or Integrated Services Digital Network has been talked about off and on by AT&T and until now has just been a demented AT&T fantasy, but it is to soon become a reality. This phile is the second I have written on the subject and is a cumulation of information from three basic sources : <1> The ISDN AT&T Technical Journal <2> An interview with an AT&T Long Distance Operations Center Supervisor who will be referred to as Mr. R. <3> and some general ISDN articles from Southwestern Bell Newsletters. ISDN Definition =============== CCITT Definition : An end to end digital network that supports a wide range of services accessed by a set of standard multipurpose user-network interfaces. ISDN will allow for incredible new services that will drastically change the telecommunications industry and everyone's lives. For example, one new service ISDN will bring about is calling party identification. This will allow businesses and individuals who subscribe to that service to know exactly what number you are calling from before they even decide whether or not to answer the phone. In the case of dialups like MCI, the originating # will be stored in a computer along with whatever code and number that person dialed which would greatly hinder abuse of codes from a home phone. This is just the tip of the iceberg as far as ISDN is concerned. This phile will analyze and describe how The Integrated Services Digital Network will operate when it is implemented. Out of Band Signalling ====================== Essential to a network capable of providing such enhanced services as calling party identification is out-of-band signalling. Until the late 70's, when AT&T introduced the 4ESS toll switch and CCIS into the national network, switches had communicated with each other over the same channels in which our voice or data was transmitted (in-band). During this time, all signalling between switches had to be limited to a type that could be accommodated in the 'voice' channel thus making it impossible to offer any advanced services. The development of the separate Common Channel Interoffice Signaling (CCIS) network allowed for more freedom and flexibility and thus came about the AT&T Calling Card service. ISDN brings an interface from the network to the subscriber's equipment. This is a completely digital interface subdivided into two types of channels : The 'D' Channels are those used for sending signalling and control information across the interface. The 'B' Channels are those used only for customer information which can be in the form of voice, data, or video. The 'D' Channel hence manages the information or 'B' Channels making the signalling 'out-of-band' and not 'in-band' as it is now. This approach allows for two distinct benefits : <1> All the capacity in the information bearing channels is available for customer use. <2> The 'D' Signaling channel allows for distributed processing across the ISDN Network. ISDN Interfaces --------------- The CCITT has defined two major interfaces that will be used in conjunction with the 'D' and 'B' channels : The Basic Rate Interface (BRI) consists of one D Channel and two B Channels. This interface is used for locations where information transport is relatively small like a residence. The Primary Rate Interface (PRI) consists of one 'D' Channel and 23 'B' Channels. It is used for large capacity vehicles such as PBX's. Notice that there are 2 DIFFERENT 'B' Channels in the Basic Rate Interface. This allows TWO different types of data to be sent over the same connection at the same time. For example, you could be ULing files to a board on Channel 1 while talking to the SYSOP on Channel 2. So, if both you and a board both have a BRI ISDN Interface, next time the SYSOP says 'Go Voice', you simply pick up the handset, switch it to channel 2, and start talking... These multiple channels are also the foundation for the widespread use of Video Phones. Just like you were sending data over channel 1, and talking voice on channel 2, you can be sending video over channel 1 (allowing the party's to see each other) and talking on channel 2. ISDN Devices ============ AT&T Technologies, Advanced Micro Devices, and Intel are all in the process of designing equipment that will be compatible with ISDN. So far, the two main designs talked about through SWB and AT&T are : <1> The Voice/Data Terminal This will look like any regular computer terminal with the exception that it has a handset on the side of the terminal and a couple of switches that will allow you to decide which channel is for DATA and which channel is for VOICE. This will also (of course), allow two customers with a V/D Terminal to be exchanging DATA over one channel while talking voice over the other one. <2> The Video Phone This is where (yes) Big Brother is arriving... The Video Phone will work pretty much just like it does in Science Fiction movies like 'Aliens' or whatever. If two ISDN customers have video phones, they can talk and see each other or whatever they want to show each other (HAHA) at the same time. Video Phones obviously open up new frontiers for those with entrepreneurial instincts. You can bet there will be some interesting Video Phone Sex lines around... Then, you can have things like 'Dial a Movie...Please enter (1) to view Rambo'..etc... The list goes on. This also leads to a whole new world of problems for the telephone company like 'Obscene Video Calls'. This is again where Calling ID becomes important. Each of these units, and others that will work with ISDN will have some sort of a special viewing screen that will contain the necessary information about incoming calls which includes the originating number and can include such things as : <1> The name of the owner of that # <2> The city and state <3> The whole address for that # AT&T ISDN Building Blocks ========================= AT&T has designated certain 'building blocks' that will eventually be laid in place across the entire country to form ISDN. <1> AT&T Communications Service Node ------------------------------------ The service node is the customer's gateway to the AT&T Communications nodal family of services, including MEGACOM, MEGACOM 800, and Acunet. The first service node went into service in 1985 in Philadelphia, PA. <2> Integrated Access --------------------- This allows customers to integrate switched and private line services over a single DS-1 link to the Service Node. <3> Out-of-Band Signaling ------------------------- Discussed earlier. <4> CCS7 -------- The CCS7 Common Channel Signaling Network will soon replace CCIS as an out-of-band signalling between AT&T Network Communications Facilities. Because of its longer message format and layered structure, the CCS7 will support the new features. <5> Digital Backbone Network ---------------------------- This nationwide AT&T Network includes extensive lightwave and digital radio routes. By the end of 1988, these Digital Lightwave routes will extend to Europe with the TAT-8 lightwave system, and across the Pacific with HAW-4/TPC-3. <6> Intelligent Software Controlled AT&T Communications Network ----------------------------------- This brings about more advanced software related services listed in #1. AT&T ISDN Operations ==================== Access Transport ---------------- Your DS-1 signal is transported from your ISDN equipment to an AT&T Communications Service Node somewhere. Your line gets to AT&T by tariff from the local exchange carrier (i.e... Southwestern Bell, GTE, or whomever happens to own your local switch...) or AT&T. The direct link to the AT&T Service Node bypasses your local switching. AT&T Service Node ----------------- Your local AT&T Service Node is a service office that acts as a gateway to all the new AT&T Nodal ISDN services. This service node is typically composed of : <1> A Refinished 4ESS Switch <2> CNI Ring (Common Net.-Interface) <3> Digital Access and Cross Connect System (DACS) Here is a diagram of how a customer location either goes to a local switch or AT&T's node : Key --- CL = Customer Location = = DS-1 Line ! = DS-1 Line > = Exiting out to AT&T Network -------- - - **** - Bell - *CL*=======- 5ESS - **** - - -------- ! ! ! ! **** ! *CL* --------!-------- ****===========4ESS=====> - 4ESS= **** - ! ! ! *CL*======DACS=! ! CNI==> **** -DACS ! CNI -DACS= ! - ! 1PSS====> - !=1PSS - ----------------- AT&T Service Node The above diagram shows first how an AT&T Customer with ISDN can either continue service with his local telephone co. or go with a direct link to the AT&T Service Mode. All lines going to an AT&T Service Node whether through Bell or a direct link terminate on either the 4ESS or the DACS. When a line terminates on a DACS it serves as an Integrated Access Distributor and sends the call to the 1PSS (Packet Switch) for Acunet Packet Service or to the 4ESS and then eventually out to the AT&T Network. The AT&T Internodal Network --------------------------- In the internodal network facility, AT&T is in the process of deploying both digital lightwave and digital radio systems. Lightguide Systems : In areas where growth is low, the FT3C and FTX180 Single mode terrestrial lightguide systems will be used between nodes. On high growth routes AT&T will install fiber pairs at line rates of 1.7Gb/s with 20 mile repeater spacings. Digital Radio : In the digital radio area, 4Gb/s systems such as the TD-90 and the TD-180 provide a vehicle for rapid expansion of digital connectivity. ISDN and Digital Switches ========================= AT&T has redesigned the 5E Switching Modules in such a way that they are fully compatible with ISDN, but many of the existing 5E's and other switches were manufactured without ISDN capability. To meet this need, AT&T has produced ISDN interfaces that modularly connect to the system. Here is a diagram of a 5ESS Switching Module with interfaces : Key --- $ = ISDN V/D Terminal or Video Phone % = Standard Telephone = = Digital Line < = In-Band Line ISLU = Integrated Services Line Unit PSIU = Packet Switch Interface Unit -------------------------- - 5ESS - - Switching - - Module - - - ------------=----=-------- - = = - $====-----======== = - - - = - $====- - --------=--- - -ISLU- - - - %<<<<- ===== PSIU - - - - - - - $====-------------------------- The two new hardware additions are : <1> Integrated Services Line Unit and <2> The Packet Switch Interface Unit These units allow a LOCAL 5ESS (or other digital) Switch to serve both ISDN and non-ISDN customers. These interfaces are integrated into a switching module in a way that will allow ISDN customers to maintain all their previous Bell services like Local Calling. Notice also that all lines, whether ISDN or not, terminate on the ISLU. Calling Party Identification ============================ Discussed briefly in the preface of this phile, the ISDN enhanced Calling Party Identification service offered by AT&T ISDN will be into service along with the ISDN. This quote out of the AT&T ISDN Technical reference should give you a good idea of the impact ISDN will have on hacking and phreaking : 'One example of an enhanced service which has already been included in the ISDN signaling protocol and will have a fundamental impact on day to day telecommunications is the provisions of calling party identification. Calling party ID will help us decide whether or not to answer incoming calls and will minimize instances of nuisance calls and COMPUTER FRAUD via telephone.' Mr. R, our AT&T Supervisor has been attending ISDN Conferences that include representatives from all the major LD Companies (AT&T, MCI, GTE, LDS, etc..), the Regional Bells, and other concerned parties. He said quote 'One of the controlling factors behind The Integrated Services Digital Network is the simple fact that AT&T, MCI, and other long distance companies are losing MILLIONS to Phone Phraud.' Once ISDN is realized, so will network wide Calling Party Identification. Again, our friend Mr. R will enlighten us on the subject of ISDN Calling Party ID and a simple explanation of how it will work : 'Right now, when you pick up the phone in your home, Port Isabel South Western Bell knows that you did. Then, when you dial a number, they know what number you dialed. So they send that information along to us (the AT&T Toll Switch). We then send that along through the network to the person you are calling.' Of course, there is one transaction between AT&T and a Bell Office at the end that he left off, but if the person or computer you are calling has ISDN Calling Party ID service, your originating # will be sent along the DS-1 Line Interface from Bell to his equipment and show up on his screen after traveling through the network like Mr. R described. This is rather simple when you think about it and is one example of how a once shattered network is working together. Some Sample CP ID Uses ---------------------- This can be used by large telephone ordering companies to instantly display a record of that persons credit, previous orders, etc... before the call is even answered on the attendant's terminal. When someone logs onto a computer, the originating # is listed on the user log along with the account name, etc... so that if there is an unauthorized login, they can contact the authorities to do whatever or monitor that number until they get enough evidence to prosecute. The same thing holds true with LD Dialups. They will record the originating number along with the code and bill making MCI use rather dangerous. SWB ISDN News ============= The following article was extracted from The Southwestern Bell Texas Publication of Telephone Times and is entitled 'User Forum simplifies ISDN' : " Houston---Houston Marketing employees played show and tell with two customers and all three groups are better off for it. Marketing Representatives, with support from Bell Comm. Research, Illinois Bell, AT&T, and McDonald's Corp. met with Shell and Tenneco to discuss ISDN. 'ISDN is an evolving technology' said Bob Campbell, division manager marketing business sales. 'It's still in the developmental stage. These User Forums will give customers input on how it's deployed and what it will look like.' ISDN is an all digital network that transmits voice and data messages simultaneously over a single telephone line. 'The User Forums allow customers to share information on specific problems concerning implementation, training, customer premise equipment and applications,' Campbell said. Linda Hobson, manager marketing administrative and coordinator of the event, said not only will User Forums be standard practice in Houston, but probably will become the national standard. 'We're doing it quarterly here, but as more people become interested, we may meet more often,' Hobson said. Shell and Tenneco, who have signed letters of intent to purchase ISDN, were specifically interested in such topics as trial status (SWBT's ISDN trials will begin soon in St. Louis and Texas), available features, power requirements, and future enhancements. 'In the past, we bought the available enhancements, then sold them to the customer,' said Hobson. 'That's changing. We have to find out what the customer wants, then deliver the service that meets the specific needs'" That concludes the nice little article which by the way, contained some interesting little tidbits of information. Conclusion ========== ISDN is a VERY complicated plan that will drastically change the telecommunications scene in this country and abroad. Although AT&T has boasted in it's Technical Journals of being able to have its ISDN Capable Network completed by Early 1987, this date seems to keep getting postponed back according to our friend Mr. R (The AT&T Supervisor) and he is shooting for large scale ISDN no earlier that late 1988 or 1989. Whenever ISDN does become reality, people will probably just put out files with lists of computers that subscribe to ISDN Calling Party Identification, and tell people not to call them from their home. I hope you have enjoyed reading this phile on ISDN, I will be on the outlook for more information on it. If you don't already have the # and New User Passwords to Metromedia BBS, send me (Dr. Doom) mail on any of the boards I am on. ==Phrack Inc.== Volume One, Issue Eight, Phile #5 of 9 ************************************************************************** ******************** The Art of Junction Box Modeming ******************** ******** Written Exclusively For: ******** ******** PHRACK INC.! ******** ************************************************************************** * by Mad Hacker of 616 * * Watch for Thieve's World ][ coming soon, now with 33 megs! * ********************************************************************** This file will detail the use of a rural junction box to fraud the phone company and make all the free phone calls you want to BBS or AE by. There are two basic types of rural junction boxes: Residential and Group boxes. I will first discuss Residential as they are easier to find and easier to use. There are a couple of requirements before you can make full use of a Junction Box. First you must have some kind of portable computer with a built-in modem or at least a hand phone if all you want to do is make free calls to your friends. For computer I would recommend something like a Model 100 from Radio Shack. Small, inexpensive but only 300 baud and only 32K of total storage. Anyway you can find residential junction boxes in most any rural area just a few feet off the road and usually covered over with local weeds. Fish your way thru the weeds and open it up. Some just open with a twist or a turn, others are actually locked and require a little more patience. Anyway once you have it open, you should see at least 4 pairs (possibly more) of wires. You are only concerned with the pair containing both a red and a green wire. Now you need to make a choice: Do you want to totally cut off the regular owners of the phone line and do actual damage to this junction box or leave them connected but have the possibility of them picking up their phone and hearing your carrier? Usually you will want to cut them out totally, so simply find a bit of slack in the line and cut both wires. Now in most boxes the connection to the outside world comes from the bottom of the box, but sometimes you will find one that doesn't conform. Simply attach a hand phone to the wires (matching up colors, of course) and see if you get a dial tone. Anyway once you have the proper pair then hook up to your modem line and dial anyway. Meanwhile the lawful owners of the line will get a dead line on their end, so try to do this only when you think no one would be using the phone, like 11PM to 7AM or else they will probably call their LOC and tell them to fix the line and when they see the cut wires, they will wonder what went on there. Finally be a good guy and when you are done, resplice the wires together and shut the box. Now usually you don't want to cause permanent damage to the box, so simply strip off the insulation on the line and attach the red and green ends of your modem cord to them. Now when you cut in, it will be much like an extension was picked up. Simply dial away and have fun. Of course if anyone at the house picks up the line they will get your carrier and will wonder, so try to limit your activities also to the same hours mentioned above, unless you know who you are ripping off and when they use the phone. The advantages of this method is that once you strip the wires, there is little work to do each time you use the box again. Now what do you do if you are lucky enough to find a Group box? Well first you are confronted with a multitude of wires, anywhere from 10 pairs up to 100 if you use a box on the edge of a small town. Finding a pair of the right wires is a little more difficult unless your LOC has done repairs at this box in the last couple of months, in which case a lot of the wires will already be paired off. If you aren't so lucky find a couple of wires and try them out. Once again you have the choice of stripping or cutting the wires, but the advantage here is that you can use this box for about 4-6 months without having to find a new one. What is the this junk about having to find a new box? Well you see when you use a junction box in this manner, you are basically adding an illegal extension to a private line. Any calls you make will show up on the rightful owners bill. If you are only using the box for one or two short to medium length calls a week, then you might not have any problems. However if you use a box too much and the people keep calling the billing office about the extra calls, the billing office will call those numbers and hear the carrier. This will tip them off to the fact that someone is either lying at the rightful owner's house or that someone has tapped into their phone line. At this present time in the Midwest, it take about 2-3 months for the LOC to realize that someone is playing with their junction box. What they do is come out and repair the wires and usually put a newer lockable box on the site to discourage illegal use. I haven't yet really pushed the LOC to any limits yet, but one might suspect that has Junction boxing catches on to those of us who have access to laptop computers, the LOC may find some way of catching us at our little game. If anyone has any new information on how your LOC is handling this use of their junction boxes please let us know by leaving mail for Thomas Covenant on any Metal Shop board. [Postscriptum note by Thomas Covenant: I'd recommend one of those so- called "portable" AT-compatibles. Great clock speed, 1200 baud, and a bigger screen. And why not pack a picnic lunch and some booze? You'll be there all day once you get started!] ^Z, or "EOF" ==Phrack Inc.== Volume One, Issue Eight, Phile #6 of 9 COMPUSERVE INFO --------------- Compiled and Related by: Morgoth and Lotus ----------------- Since its rather humble beginnings in Dublin, Ohio some years ago, Compuserve, or CIS, as it will be referred to in this article, has grown to become the largest entertainment/public user oriented system in the country. This file is divided into two parts. The first is how to get your own CIS ID number, and make it last a relatively long time. This part may seem like old hat to some of you out there. The second part is information on what to do once you are on the system...tricks and tips to keep you out of trouble, or cause trouble. A Compuserve identification number is divided into two parts; a project number and a programmer number. An example would be 70007,1460. This ID is what you will be known by at all times on the system. When you log on, you will also be prompted for a password, in addition to your user ID. The password is divided into two words, kept apart by a separator (-,:,.,etc). The password may be any two words the user desires, including garbage, which makes gaining an ID by hacking the password almost, if not totally, impossible. The most popular, and about the only way left, of gaining an ID is by buying what the system calls a snapak. These are the little goodies you see in the store in the introductory packets. With this, you can gain access to most, but not all of the system. The first ID, or the "intro" ID will last about a week, at which time, Compuserve automatically changes the password, and sends the new one to you via the US Postal service. This is a key point to the ID scam. You MUST have valid Credit Card information to be able to continue using the ID. I have heard of intro IDs going bad in a matter of 2 or 3 days due to having non-valid credit card info. So you need to set up a location to which your second password can be mailed. This second password should last about a month, depending on how much credit the CC holder has on his card. When applying credit to a Visa or Mastercard, Compuserve will submit the charges about once a week. If you run up about $500 in connect charges, and the credit card cannot hold it, the ID will go bad. This is the most common way for an account to run out. Your first password has some limits. Due to hackers using snapaks, Compuserve has installed a system which prohibits IDs without the second password from entering any type of game online. This ranges from the ever-popular MegaWars, to YGI, all the way down to Casino. This is one reason why the second password is so important. If more than one person will be using the account, which is usually the case, there are also some limits to be observed. The same ID can no longer enter the CB simulator more than once. If it is tried, the message "exceeding job limit" will occur, and you will be taken back to the prior menu. The same ID can go into a SIG at the same time, but both people cannot enter COnference mode while on the SIG. The best way to talk to another user who is on the same ID is to go into any forum, say CBMART, and have one of them enter COnference mode. There, the two users can use the /SEN command to relay messages between the SIG and COnference. This is kind of complicated, but it is the only way. Also, anytime the message "exceeding job limit" goes to your screen, the people at CIS put a small "red mark" by your name. If it occurs too frequently, they look into the situation to find out if more than one person may be using the same ID. Special IDs -- Ok, now that you are on Compuserve, what should you look out for? As mentioned before, the user ID is divided into [project number,programmer number] format. The Programmer number is of no importance, but the Project number is. Some of the ones you should be aware of while online are: 70000,xxxx Compuserve Security 70003,xxxx Compuserve Employee 70004,xxxx Same as above 70005,xxxx Radio Shack demo account 70006,xxxx Customer service, or "Wizard" number (see below) 70007,xxxx Complimentary account 76703,xxxx SIG SysOp, or Forum Info Provider While on CB, look out for the 70000 IDs, and especially the 70006, or "wizard" numbers. The Wizard ids have some very special functions. The main one is called autogag, or /GAG. This allows the bearer of this ID to banish any user from the system, in a way. What it actually does is to keep the /GAGged person out of everyone's view. They will not show up on the /ust list, and anything they type will not show up on anybody else's screen. Kind of like a mute button on a television. The Chief of CIS security is Dan Pisker, and on CB he uses the handles "Dan'l", or "Ghost", with a 70000 id. Monitoring -- This is a very popular subject with the users of Compuserve, but when broken down, it is quite simple. CIS is capable of monitoring ANYTHING that is said on the system. This doesn't mean that they do, however. For /TALK to be monitored in a Forum or on CB, CIS must first have a court order...it is supposedly as illegal as tapping a phone line. This has been done before to catch some major hackers on the system. /SEN in a SIG is not supposedly monitorable....the status on it is the same as on /TALK. /SCR mode on CB or on a SIG is definitely monitorable, especially if the the /SCR key is typed on open channel. Keep /SCR conversations to a minimum. As far as anything else goes, anything said on open channel is quite definitely seen by SOMEBODY in the big chair up in Ohio. It would not surprise me at all if they hire people to go through CB Transcripts every day to look for that kind of thing. Also, when you are in COnference mode in a SIG, always check the /STAtus of the channel. If /STA EVER returns that there are more people on the channel you are on than the /USERS function does, then you can rest assured that the channel is being monitored. Nodes -- When you log on through CIS, you are going through a node. The node takes the form of 3 letters, designating the site of the computer through which you are connecting through Compuserve. An example would be "NYJ" (New York City). There are some special nodes you should know about, though. Tymnet - Anybody logging on through Tymnet will be assigned one of these nodes - QAI, QAJ, QAK, QAC, QAM, QAN, QAO, QCA, QCB, QCC, QCE, QCF, QCH. This cannot identify where you are calling from, just that you are logging in through the Tymnet network. Telenet - QBA, QBC, QBD, QBG, QBF, QEN, QEI, QEP. Also, another special node would be DB- (DBA, DBB, DBC, etc), which means that the user is logging on from Compuserve's Headquarters in Dublin. The way to tell what node somebody is in is by typing /UST on either CO mode on a SIG, or CB...the result is like this.... Job User Id Ch. Node Handle --- ---------- --- ---- ------ 1) 12 70003,1295 17 CSG Red Leather 2) 133 70006,1293 1s BAF Surf's Up! 3) 69 76703,1211 Tlk BOO JOE CUFFS 4) 22 70000,1959 30* DBA Pig Now, you can tell something specific about each of these four people based on the info given above. Red is in Columbus, Ohio, and is on Channel 17. She is also a Compuserve Employee. Surf is in Bakersfield, California, and is a Customer service personnel. He is also using /SCRamble. Joe is in Talk, is a sysop on a SIG, and is in Boston, Massachusetts. This is the format for Talk on CB. Pig is on talk in a SIG, and is a security personnel from Dublin, Ohio. The format for showing if somebody is in /Talk is different on a SIG than in regular CB. Also, the /SEN command is not implemented on CB. Have fun with this...hope it helps. Distribute the file however you want, but make sure the credits stay at the bottom. (c) 1986 Morgoth/Lotus ==Phrack Inc.== Volume One, Issue Eight, Phile #7 of 9 Fun with Automatic Tellers by +++The Mentor+++ Preface: This is not a particularly easy scam to pull off, as it requires either advanced hacking techniques (TRW or banks) or serious balls (trashing a private residence or outright breaking & entering), but it can be well worth your while to the tune of $500 (five hundred) a day. Laws that will be broken: Credit Fraud, Wire Fraud, Bank Fraud, Mail Fraud, Theft Over $200, Forgery, and possibly a few others in the course of setting the scheme up (rape and murder are optional, but recommended.) This all grew from an idea that Poltergeist had about a year ago be- fore he turned fed on Extasyy, and Cisban Evil Priest (Android Pope) and my- self were implementing it with great success before our untimely arrest and recruitment into the service of the State. It is risky, but no more so than some of the more elaborate carding routines floating around. The first step is to target your victim. The type person you are looking for is rich. Very rich. Now, don't go trying to hit on J.P. Getty or Johnny Carson or some- one who carries a high name recognition. This will just get you into trouble as everyone notices a famous person's name floating across their desk. Instead look for someone who owns a chain of hog feed stores or some- thing discreet like that. We targeted a gentleman who is quite active in the silver market, owning several mines in South Africa and not wanting this to be widely known (he had no desire to be picketed.) Next step, take out a p.o. box in this person's name. Extasyy wrote a good file on obtaining a box under a fake name, I don't know if it's still around. If not, there are several others out there. (Yeah, I know, this has already weeded out the weak of spirit. Anyone who has gotten this far without panic is probably going to get away with it.) Now comes the fun part, requiring some recon on your part. You need to know some fairly serious details about this person's bank dealings. 1) Find out what bank he deals with mainly. This isn't too dif- ficult, as a quick run through his office trash will usually let you find deposit carbons, withdrawal receipts, or *anything* that has the bank name on it. 2) Find out the account number(s) that he has at the bank. This can usually be found on the above-mentioned receipts. If not, you can get them in TRW (easier said than done) or you can con them out of a hassled bank teller over the phone (Use your imagination. Talk slowly and understandingly and give plausible excuses ["I work for his car dealership, we need to do a transfer into his account"].) 2a) [optional] If you can, find out if he has an ATM (Automatic Teller) card. You don't need to know numbers or anything, just if a card exists. This can also be ascertained over the phone if you cajole properly. 3) Armed with this information, go into action. a) Obtain some nice (ivory quality) stationary. It doesn't have to be engraved or anything, but a $5 or $10 invest- ment to put a letterhead with his initials or something on it couldn't hurt. But the most important thing is that it look good. b) Type a nice letter to the bank notifying them of your address change. Some banks have forms you have to fill out for that sort of thing, so you need to check with the bank first (anonymously, of course). You will have to have a good copy of his signature on hand to sign all forms and letters (again, trash his office). c) Call the bank to verify the new address. d) IMMEDIATELY upon verifying the change of address, send a second letter. If he already has an ATM card, request a second card with the business name engraved in it be sent for company use. If he doesn't have an ATM card, the let- ter should request one for account number xxxxxx. Ask for two cards, one with the wife's name, to add authenticity. e) Go to the bank and ask for a list of all ATM's on the bank's network. Often the state has laws requiring *all* machines take *all* cards, so you'll probably be in good shape. f) Await the arrival of your new card. The PIN (personal identification number) is included when they send out a card. After picking up the card, forget that you ever even *knew* where the p.o. box was, and make sure you didn't leave fingerprints. g) Begin making the maximum daily withdrawal on the card (in most cases $500/day), using a different machine each time. Since many of these machines have cameras on them, wear a hat & jacket, or a ski mask to be really paranoid. To cut the number of trips you have to make in half, be at an ATM a few minutes before midnight. Make one $500 withdrawal right before midnight, and another one right after. This cuts down on the number of trips, but police or bank officials may spot the pattern and start watching machines around midnight. Use your own judgement. Conclusion: Before using the card, make sure that all fingerprints are wiped from it. Usually the first hint you will have that they have caught on to your scam is that the machine will keep the card. Also, avoid using mach- ines in your own town unless it is a big city (Chicago, Milwaukee, Dallas, etc...). Well, I hope this file has proved interesting. Of course, it is only intended for entertainment, and I heartily discourage anyone from even *think- ing* about trying such a thing. Jail isn't fun, as I can testify. So I take no responsibility for the misapplication of this information. (But if someone else pulls it off, I wouldn't be averse to hearing about it...) +++The Mentor+++ June 20 ==Phrack Inc.== Volume One, Issue Eight, Phile #8 of 9 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue Seven/Part One PWN PWN PWN PWN Compiled and Written by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN On The Home Front ----------------- Well lots of things have been happening around here in the past few weeks. For starters, I received a call from Ralph Meola. Apparently someone had left his secretary with a message that I had called. Prior to this, someone named Steve had left a message as well which Ralph had assumed was Slave Driver. He called Steve first, mainly to discuss the letter that was sent to him via PWN issue V. Well eventually he got around to calling me. Not too much was said, but he wanted to clear up some misconceptions about his encounter with Sigmund Fraud. Meola claims that he never threatened Sigmund Fraud about getting his account to Stronghold East. Futhermore, he claims only to have called him because SF had posted several AT&T Calling Cards on an unnamed west coast bbs. Sigmund Fraud still publicly claims that what he said originally was true, but privately admitted that he was lying. Some other developments would include an imposter of myself who is running around on bulletin boards. Two of the boards that he is on include Elite Connection (303) and Green Galaxy (714). I have never called these boards and I advise the sysops to remove "my" accounts as this is not me. On the lighter side, Metal Shop Private now has 20 Megs of online storage. The G-phile library has been re-installed including most of the files from Metal Shop AE and Metal Shop Private is once again the official Phrack distribution center. Metal Shop AE is down for the time being because Cheap Shades has left for college, but he has since brought forth a new system known as the Quick Shop. All former MS AE members have been entered into QS's bbs log. Metal Shop Brewery has lost its modem and its hard drive is fried, so it will be gone for a while. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >From TeleComputist Staff: We apologize for the unoriginality of the free issue. The free issue was put out with the intentions of gaining the trust of the public and in doing so we neglected to come up with completely original material. However, future issues will be much shorter and contain only original information from the editor's themselves. TeleComputist no longer consists of set writers and anyone may submit articles. Please note that if you submit an article, make sure that it has not been distributed or seen by anyone else, otherwise we will not accept it. For subscription information and submission of articles; TeleComputist Newsletter P.O. Box 2003 Florissant, Missouri 63032 _______________________________________________________________________________ Boston Busts August 9, 1986 ------------ A couple of weeks prior to the above date, Dr. Who came to visit Recent Change and The Clashmaster. Well, he apparently had cashed roughly 16 checks belonging to one John Martino (a man who lives down the street from him). Around August 4, 1986, Dr. Who and Telenet Bob were picked up in a store in North Adams, Massachusetts. They were trying to pass off another check. The police were on the scene very shortly and they were taken in. Dr. Who told the police inspector about a PDP-11/23 when asked about it. He had frauded this at Harvard University and told them that RC Modeler (also known as Recent Change) had it. They converged on a sleeping RC who confessed everything. Dr. Who is being charged with 16 counts of theft. RC Modeler is being charged with larceny & possibly as an accomplice to theft. Telenet Bob is being charged with 1 count of attempted theft. Dr. Who and RC Modeler are reportedly out of the scene permanently and Dr. Who may be serving some prison time. Also, RC Modeler, when being questioned, was asked about Legion of Doom. This is VERY strange since we cannot figure out quite WHY this was asked. Sysops are asked to clear their accounts form any bbs they were on. ------------------------------------------------------------------------------- The following is the interpretation of the same events as described by the Concord Journal. The real names of the phreaks involved have been censored. Computer Theft Charge --------------------- An 18-year-old Concord man was charged on August 5, 1986 with stealing a $3,300 computer [PDP-11/23 with Venix software] from Harvard University and a portable stereo from an unknown store by using checks, police allege he knew to be forged, to pay for the items, police said. RC Modeler, was charged with two counts of larceny over $100, police said. [Also, accessory to the crime, RC says.] Police issued a warrant for RC's arrest after being tipped-off by the North Adam's police that he had allegedly made purchases with checks they alleged to be stolen and forged. North Adam's police, according to reports, arrested Doctor Who, of Lenox, MA. [and Telenet Bob], and charged him with using stolen and forged checks earlier this month. Police said Who told them about RC's purchases. They said Who wrote checks for the purchase of the computer equipment and the stereo for RC. ------------------------------------------------------------------------------- Well, RC might get off with 3 years of probation (including possible drug testing according to RC.). Dr. Who's court set is set for August 25, 1986. He will most likely be doing some prison time unfortunately. Please address all further questions to The Clashmaster. Information Provided By The Clashmaster _______________________________________________________________________________ Portrait Of The Typical Computer Criminal August 11, 1986 ----------------------------------------- from PC Week Magazine In studying the typical computer criminal, the National Center for Computer Crime Data, in L.A., may have recently shattered some common myths. Rather than being some genius computer programmer, according to the center's recently published report, the typical computer criminal is just that: quite typical. He's most often a male, with an average age of 22, and if not, he's next likely to be 19. Chances are he's a programmer, but if that job description doesn't fit, he's most likely a student or an input clerk. Less than 5% of the time, this criminal will be either unskilled or unemployed, and less than 2% of the time will he be a computer executive. In more than 40% of the cases that the center studied, criminals stole money, and if cash wasn't their style, they split between stealing information or programs and damaging software. For these crimes, 4/5ths of those caught had to pay a fine or do community service or both, or serve less than 6 months in jail. In close to 1/5th of the cases, the criminal's only punishment was to make restitution. Some notes from Sally Ride:::Space Cadet ---------------------------------------- Pisses me off! How dare they suggest we are not GENIUS computer programmers! Oh wait a minute, I know why they screwed up the statistics! They haven't caught the geniuses, so we throw off the statistical skew since we're still free. Also I think it's high time computer executives start accounting for their fair share of computer crime! They probably don't get in the statistics either since they pull off the really big money rip-offs and it doesn't get published by the high power companies they work for so the public keeps faith in them. Information Provided By Sally Ride:::Space Cadet _______________________________________________________________________________ Dan Pasquale: Still Hostile or Ancient History? September 8, 1986 ------------------------------------------------ Some updated information on Sergeant Dan Pasquale (Fremont, CA Police Department) aka The Revenger here. Supposedly he has been calling Oryan QUEST on several occasions and filling in Oryan as to his plans on whom to bust. However, an investigation into the truth of this matter shows otherwise. Most recently, Oryan QUEST informed me that Dan Pasquale was trying to gain information on The Yakuza. I told The Yakuza about this and had him call Dan himself to find out what was going on. Apparently he had no idea of who he was and had no idea of what he was talking about. He just said he'd no idea what I was talking about. He also said that he'd heard about a Shooting Shark incident much like this one. The Rocker of Speed Demon Elite also has called him claiming a similar story. The weird thing is, he also claims to not have talked to Oryan QUEST since around the beginning of summer. [Please note that Shooting Shark and The Rocker have been disliked by Oryan QUEST for some time and that situation has not changed]. Dan seemed pretty lax, didn't get excited, and seemed like a decent person all around. He said he hadn't been on a board for at least 3 months and that board was a legit one at that. He concluded by saying he didn't know who or why these rumors were starting up. Some last things to add, Dan said that he isn't into busting phreaks/hackers and all that stuff anymore. He just proved his point with Phoenix Phortress, took his raise, and got out of the deal. He is now teaching at the academy and is doing patrols. But, aside from that, he claims to have nothing at all to do with the modem world. Information Provided By [%] The Yakuza [%] Please refer to past issues of Phrack World News for more information on Dan Pasquale and/or Phoenix Phortress _______________________________________________________________________________ Zigmond Exposed September 1, 1986 --------------- Finally after months of confusion and question, the truth about Daniel Zigmond is out. It would appear that Zigmond is not an on-staff programmer at Carnegie Mellon University after all, but instead was a sort of part time worker there. Indeed, Daniel just graduated high school with the class of 1986 and currently attends the University of Pittsburgh this fall. He started part time work at CMU on April 1, 1984 (April Fools? Not this time). He does have a book coming out on Lisp programming which is what he did at Carnegie Mellon. All of this information came from his boss at CMU. As for Amiga World, Daniel has submitted a few articles, but he isn't "on staff." This came from his Amiga World editor. The reason there is nothing listed in his TRW account now is obvious since he is not old enough to have obtained credit cards, bought a car/house, or much of anything else. Zigmond says he lied about his age because he thought he would get more respect. He thought that people would think he was a rodent if they knew he was only 17 years old. Daniel Zigmond received(s) quite a lot of prank phone calls, including a bomb threat that brought the police to his house, and I ask everyone to stop. He tried to screw around with the phreak/hack community, but no damage was done. Its time to leave him alone because ragging serves no purpose. As for his article...only time will tell, but the general idea is that he made that up too just so he could become involved with the phreak/hack community. Information Provided and Researched by Lucifer 666 _______________________________________________________________________________ Maxfield Strikes Again August 20, 1986 ---------------------- --------------- Many of you probably remember a system known as "THE BOARD" in the Detroit 313 NPA. The number was 313-592-4143 and the newuser password was "HEL-N555,ELITE,3" (then return). It was kind of unique because it was run off of an HP2000 computer. On the Private Sector BBS (Sponsored by 2600 Magazine), Bill From RNOC had posted a list of numbers that were related to John Maxfield and while none of the numbers were anything close to the bbs number listed above, Bill reminded us that Maxfield was the proud owner of an HP2000 computer. This started started several people (including Sally Ride:::Space Cadet and myself) thinking that there might be a connection. Using resources that I cannot reveal, I was able to prove that "THE BOARD" was indeed a Maxfield/BoardScan operation. I also had learned that the BBS number itself really had call forwarding to one of Maxfield's own numbers. On August 15, 1986 I made this knowledge semi-public and warned Sally Ride:::Space Cadet and Ax Murderer (who lives locally to Maxfield). Unfortunately these warnings were in vain because on August 20, 1986 the following messages were found and sent to me by Sally Ride. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Welcome to MIKE WENDLAND'S I-TEAM sting board! (Computer Services Provided By BOARDSCAN) 66 Megabytes Strong 300/1200 baud - 24 hours. Three (3) lines = no busy signals! Rotary hunting on 313-534-0400. Board: General Information & BBS's Message: 41 Title: YOU'VE BEEN HAD!!! To: ALL From: HIGH TECH Posted: 8/20/86 @ 12.08 hours Greetings: You are now on THE BOARD, a "sting" BBS operated by MIKE WENDLAND of the WDIV-TV I-Team. The purpose? To demonstrate and document the extent of criminal and potentially illegal hacking and telephone fraud activity by the so-called "hacking community." Thanks for your cooperation. In the past month and a half, we've received all sorts of information from you implicating many of you to credit card fraud, telephone billing fraud, vandalism, and possible break-ins to government or public safety computers. And the beauty of this is we have your posts, your E-Mail and--- most importantly ---your REAL names and addresses. What are we going to do with it? Stay tuned to News 4. I plan a special series of reports about our experiences with THE BOARD, which saw users check in from coast-to-coast and Canada, users ranging in age from 12 to 48. For our regular users, I have been known as High Tech, among other ID's. John Maxfield of Boardscan served as our consultant and provided the HP2000 that this "sting" ran on. Through call forwarding and other conveniences made possible by telephone technology, the BBS operated remotely here in the Detroit area. When will our reports be ready? In a few weeks. We now will be contacting many of you directly, talking with law enforcement and security agents from credit card companies and the telephone services. It should be a hell of a series. Thanks for your help. And don't bother trying any harassment. Remember, we've got YOUR real names. Mike Wendland The I-team WDIV, Detroit, MI. Board: General Information & BBS's Message: 42 Title: BOARDSCAN To: ALL From: THE REAPER Posted: 8/20/86 @ 12.54 hours This is John Maxfield of Boardscan. Welcome! Please address all letter bombs to Mike Wendland at WDIV-TV Detroit. This board was his idea. The Reaper (a.k.a. Cable Pair) Board: General Information & BBS's Message: 43 Title: BOARDSCAN To: ALL From: AX MURDERER Posted: 8/20/86 @ 13.30 hours Hey guys, he really had us for awhile. For any of you who posted illegal shit, I feel sorry for you. I just can't wait to see his little news article. Cable Pair, do you have some sort of problem? If you've noticed, just about *everything* posted on this board is *legal*!!! So fuck off! You wanna get nasty? Well go ahead, call my house! Threaten me! HaHaHa, so what are you gonna do, take me to court for calling a bbs? Freedom of speech. YOU lose! Ax Murderer ------------------------------------------------------------------------------- Your guess is as good as mine as to what happens next. For those of you who are interested, Mike Wendland can be reached at WDIV-TV, 313-222-0444, 313-222-0540, 313-222-5000, 313-222-0532. Information Provided by Ax Murderer/John Maxfield/Sally Ride:::Space Cadet/Knight Lightning and the PWN Special Investigation Team - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Maxfield is in general pretty proud of his efforts with THE BOARD. He says that a lot of the people that he voice verified should have known it was him. However, it is believed that he had a kid helping him do some of the validations. According to John F. Maxfield the only reason this sting board was done was to show "What is currently happening in the phreak/hack community." He said no legal action will be taken at all, and besides, its fattened his "dossiers" on a lot of people! _______________________________________________________________________________ PWN Quicknotes -------------- There is a bulletin board called Alpha Center in the 514 NPA (Canada) that is being run by a guy named Mike Holmes who is writing a book on the personalities of phreakers and hackers. Mike will ask for your real name, address, phone number and other things, but it is not completely required. The board is 300 baud only. The name of the book is reported to be "Phreak me out!" and it is supposed to be "not about how to phreak or hack, but about hackers lives and their trials and tribulations." If you would like to find out more about this board or the book before calling, either contact Attila the Hun or leave Mike Holmes a message at his voice mailbox (214)733-5283. For the general password contact anyone of the below contributors, myself or Taran King. Information Provided By (8/1/86) Attila The Hun/Ryche/Sticky Fingers/The Pyro ------------------------------------------------------------------------------- People in foreign countries will soon be able to have the benefits of our famous 800 (toll free) numbers. In place of the 800 number, foreign callers will dial 196. This will be followed by a unique prefix and the line number from the company's domestic 800 service. It would work like this: 196-NXX-XXXX. AT&T will bill and record all these calls. This will give our overseas (and maybe Canada too) friends the opportunity to take advantage of the US toll network. Information Provided By Sally Ride:::Space Cadet (8/1/86) ------------------------------------------------------------------------------- Mountain States Telephone and Pacific North West Bell are trialing work stations to be used to allow operators to work from home via the personal computer. Mountain States Telephone has over 100 people in various occupations working from home now, while Pacific North West has just built one entire operating office equipped with IBMs and have several employees working remotely using the same technology. Information Provided By Sally Ride:::Space Cadet (8/8/86) ------------------------------------------------------------------------------- Supposedly, Bug Byter, Soft Jock, Street Urchin, the Bandit, the Gray Elf, Sea-Saw, and Quick Zipper have all were busted on August 5, 1986. It has also been reported that Street Urchin has to pay $7000 in restitution. Information Provided By Silent Assault (8/8/86) ------------------------------------------------------------------------------- A Commodore Hacker, Hackin Hank was busted for abusing MCI codes and had to pay a $2000 phone bill. He was caught after a person he called was called by MCI Investigations. This person got scared and told them everything he knew. Information Provided By Red Baron (8/8/86) ------------------------------------------------------------------------------- The following two phreaks were sentenced about 2 months prior to the date. MOB RULES, who was busted for MF Scanning that he had done 2 years previous, got 90 days in jail, 360 hours of community service, and 5 years probation. Video Vance has been given a flat 90 days in jail for being caught with 11 cases of dynamite. Information Provided By (8/8/86) ------------------------------------------------------------------------------- There is a bulletin board in Australia with many users interested in learning to phreak and hack. They need experienced people to converse with. Tell the sysop that you are calling from America. The number is 61-3-509-9611. Information Provided By Mad Madness (8/14/86) ------------------------------------------------------------------------------- Shadow Hawk 1 was busted for hacking two RSTSs in Chicago. They acquired all of his printouts and disks with information on it. Info by Shadow Hawk 1. (8/11/86) ------------------------------------------------------------------------------- The Prophet, formally of the PhoneLine Phantoms, was recently contacted by authorities for as yet unknown reasons. He has had his computer equipment confiscated, but as of this writing he has not been formally charged. And to clear up the rumor, I did not have anything to do with it. Information Provided By Solid State (8/23/86) ------------------------------------------------------------------------------- Some notes about Night Stalker's bust here, I haven't really talked much to him because his phone line is bugged, I could tell that much from all of the clicks that I heard after he had hung up while I was still on the line. Some of the reasons that he may have been busted were that credit Card numbers were frequently posted on The Underground and two months ago a member of the Underground called the White House with a bomb threat and was later visited by the U.S. Secret Service. They knew this person had used illegal extenders and codes to make the call. They inquired to where he obtained them and he told them all about The Underground. He is currently under surveillance, the Secret Service thinks he is transferring funds and have been following him and taking pictures, especially when he visited his bank. That's about all I know...end of the investigation. Information Provided By Night Stalker ------------------------------------------------------------------------------- In the last week of July, Cyclone II mistakenly was playing with a local VAX and became a bit careless with his methods. He was caught. You may have noticed that he hasn't been calling around for quite awhile. He won't be until this mess is cleared up, which should be in the near future. His computer was confiscated, as well as all of his files, papers, notes, and anything else the authorities could find that was illegal. He is laying low and would prefer not to receive too many calls. Information Provided by Cyclone II (8/4/86) ------------------------------------------------------------------------------- For those of us that subscribe to Home Box Office (HBO), did any of you see the HBO movie, Apology? Well the movie was based on fact and being that Apology can be accessed from a phone line I feel that it could be considered as possibly having something to do with phreaking. This Apology differs a little from the movie, because with this one you can hear other people's Apology's as well including the statements made from two phreaks in the Southern Bell area. These two phone phreaks/hackers/credit carders/anarchists as they described themselves apologized for all sorts of crimes including $200,000 phone bills to their phone company, bomb threats to their school, and prank calls to Hong Kong, Egypt, and London. One of the phreaks identified themselves as "The Cop." Just thought you might be interested to know about it...-KL _______________________________________________________________________________ Received: (from LISTSERV@PSUVM for TK0EEE1@UCLAMAIL via NJE) (LISTSE00-2058; 567 LINES); Wed, 20 Dec 89 01:22:33 CST Date: Wed, 20 Dec 89 01:22 CST To: TK0EEE1 From: LISTSERV@PSUVM ==Phrack Inc.== Volume One, Issue Eight, Phile #9 of 9 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue Seven/Part Two PWN PWN PWN PWN Compiled and Written by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P-80: Sting Board? August 28, 1986 ------------------ Below is a compilation of miscellaneous messages taken from the Communication/ Phreak section and the Elite user section of Pirate 80 Systems, a BBS run by Scan Man, also known as Scott Higgonbotham. Everything in []s are notes from Sally Ride and myself. ******************* ****** ****** ****** ******* ****** ******** ****** ****** ***************** ****** ****** ****** E I G H T Y ****** ****** FOR THE SERIOUS COMMUNICATIONS HOBBYIST WELCOME ABOARD <><><><><><><><><><><><> <> Knowledge is Power <> <> Thomas Jefferson <> <><><><><><><><><><><><> [Enter: An up and coming young phreaker named Shawn.] Msg#: 7284 *COMMUNICATIONS* 05/28/86 19:43:24 (Read 42 Times) From: SHAWN To: ALL Subj: CODES OK HERE WE GO 800 446 4462 SKYLINE (CODE: XXXXXXX) 800 626 9600 CODE (XXXXXXX) 800 222 4482 CODE (XXXXXX) 800 521 8400 CODE (XXXXXXXX) 800 227 0073 CODES (xxxxXxx X=0-9) METRO CODES: XXXXXX, XXXXXX, XXXXXX, XXXXXX, XXXXXX PBX: 312 455 7287 (CODE XXXX+Y) 503 652 6016: ID: XXX,XXX PASS **** later, Shawn [In the above message, the numbers were followed by codes that I have since censored out. This magazine will *NOT* publish codes.] ------------------------------------------------------------------------------- [It's common knowledge that a BBS userlog must be blanked before a BBS can be used as a sting board. I've also heard that law enforcement officials have been trying to bust P-80 and Scan Man for a long time, but have not been able to accomplish anything. Even the infamous Detective Dan Pasquale {See past issues of Phrack World News, "Phoenix Phortress Stings 7" and "Oryan QUEST Vs. Dan Pasquale"} and John Maxfield, head of BoardScan, are frustrated at being unable to deal with Scan Man. On June 20, 1986, or thereabouts, the following message appeared in the logon to P-80; "BI-ANNUAL USERLOG CLEANUP IN EFFECT. ALL MEMBERS PLEASE RE-LOGIN AS A NEW USER..."] ------------------------------------------------------------------------------- Msg#: 7870 *COMMUNICATIONS* 06/20/86 22:04:41 (Read 50 Times) From: ICARUS 1 To: ALL Subj: TMC BUST TMC has just nailed a hacker associate of mine for $935. The destination numbers were called and someone spilled their guts. The guy who got busted is worried because the Alliance bills have not come in yet. TMC users beware. Make sure your friends are amnesiacs as the phreaker's bible says. Icarus [Some friendly advice from Icarus 1, too bad not everyone heeded the message.] ------------------------------------------------------------------------------- Msg#: 7894 *COMMUNICATIONS* 06/21/86 19:44:09 (Read 44 Times) From: ICARUS 1 To: SCAN MAN (Rcvd) Subj: REPLY TO MSG# 7870 (TMC BUST) He was busted by TMC in the state of Nebraska. Icarus ------------------------------------------------------------------------------- Msg#: 7898 *COMMUNICATIONS* 06/21/86 20:43:10 (Read 43 Times) From: MAX MADDNESS To: ICARUS 1 (Rcvd) Subj: REPLY TO MSG# 7870 (TMC BUST) Hey check it out, I use TMC in Youngstown, Ohio (216-743-6533), but when TMC calls my phreak friends, they think the calls originate from Akron, Ohio which is 60 or so miles away. So when TMC calls and asks, "Do you know anyone in Akron?" people usually are honest and just say no. So even if I call +relatives, etc. usually I'm safe. Max ------------------------------------------------------------------------------- Msg#: 7880 *COMMUNICATIONS* 06/21/86 05:30:37 (Read 51 Times) From: THE FALCON To: ALL Subj: TMC What is the number to TMC? I just want to know so that I'm sure not to use it. Oh well, thanx and later. \_The Falcon_/ ------------------------------------------------------------------------------- Msg#: 7952 *COMMUNICATIONS* 06/23/86 13:06:23 (Read 44 Times) From: SHAWN To: ICARUS 1 (Rcvd) Subj: REPLY TO MSG# 7870 (TMC BUST) Well I told you guys a while ago that this would happen so stay away from them. Icarus ------------------------------------------------------------------------------- Msg#: 7961 *COMMUNICATIONS* 06/23/86 17:15:41 (Read 47 Times) From: BLADE RUNNER To: ALL Subj: TMC I was wandering around some guys hard drive this weekend and found some AT&T mail regarding TMC. From what I understand TMC is involved in the AT&T AGETRIAL project. Which indicates to me that TMC is also into computers and consequently knows what a hacker is. Another thing that was found was some information on the 1PSS switch that has been developed by AT&T and has already been deployed in dome BOCS and other communications networks. This troubles me in that this is the first that I have heard about it. I meant to say that it has been deployed on some networks already. If you have any valid information on the 1PSS SWITCH please post it and it will show up in the P.H.I.R.M. update issue for July, giving you credit for the information of course. BLADE RUNNER (PRESIDENT) P.H.I.R.M. ------------------------------------------------------------------------------- Msg#: 8456 *COMMUNICATIONS* 07/13/86 13:48:51 (Read 75 Times) From: SCAN MAN To: SHAWN (Rcvd) Subj: REPLY TO MSG# 7691 (GENERAL) GOT ANY CODES FOR 800-451-2300? [***IMPORTANT*** This is TMC's Miami, Florida dial-up. An interesting request from the sysop of one of the nation's top code boards. For those of you who remember it was Scan Man who asked the infamous Whacko Cracko Brothers, Inc. {See PWN Issue II, "The Life And Crimes of The Whacko Cracko Brothers, Inc."} to scan some codes on a certain dial-up just before they were arrested. Now he is asking Shawn for TMC codes, kinda interesting that Shawn got investigated less than a week later by TMC Security Department isn't it?] ------------------------------------------------------------------------------- Msg#: 8970 *COMMUNICATIONS* 08/10/86 06:41:48 (Read 34 Times) From: SHAWN To: SCAN MAN (Rcvd) Subj: REPLY TO MSG# 8456 (GENERAL) Well sorry it took me so long to find this message I kept forgetting to look at this one. Anyway if you really need some [codes, referring to the last message] I can dig some up easy enough well hack some I should say noting you can get about 100 in a matter a 10 or 15 minutes so its no big deal to me either way also watch 800 637 7377 I'm telling you now people that this company has tracing stuff and I have talked with them they offer me a job and I'm goin to take it but dont worry I'm not goin to be busting people I have to make it so you guys cant get in notin it is very easy to make it at least very hard to do ho well be careful. [Be careful indeed! 800-637-7377 is TMC's Las Vegas dial-up. What would you do if you were about to lose your computer and maybe your freedom? Work for the other side? The kid really has a way with words, I haven't seen spelling and grammer like that since first grade. As for his not busting people, isn't that a laugh, he has already stated that he will bust anyone he can starting with the lower level phreaks who are only into code abuse.] ------------------------------------------------------------------------------- Msg#: 8974 *COMMUNICATIONS* 08/10/86 13:14:13 (Read 34 Times) From: JOHNNY ROTTEN To: ALL Subj: PHREAKERS QUEST To all users of Phreaker's Quest... What happened to it? It just rings. If you have any info. Leave mail or whatever. ------------------------------------------------------------------------------- Msg#: 9058 *COMMUNICATIONS* 08/13/86 06:58:12 (Read 30 Times) From: SHAWN To: JOHNNY ROTTEN Subj: REPLY TO MSG# 8974 (PHREAKERS QUEST) Well you see I came very close to getting busted they called my voice line that is TMC of 800 637 7377 and I have never given it out to anyone at all [I bet!] so I knew that i was in for it they told me they knew I ran a board and they said they could not get in I kept deleted them haha anyways I had 2 choices 1 take it down 2 get busted. [Wonder how they got your home number Shawn? Did you give it out for validation on Pirate-80? Maybe around the time of the "Bi-annual userlog cleanup"? Or, could it be the cops are smart enough to ask the phone company for any other line running into a house where a suspect BBS is running?] ------------------------------------------------------------------------------- Msg#: 9052 *COMMUNICATIONS* 08/12/86 19:10:47 (Read 29 Times) From: JIM RATH To: ALL Subj: TMC Listen people... it is time to stop screwing with TMC.. (7377 number). Our good friend Shawn of Phreakers Quest just had his BBS put down from them. Shawn met some guy from TMC, and they have had ANI on the number for months now. If you value your own security, throw away any and all TMC information NOW, or you might be suffering the consequences later. For details on the "Bust" call Theives Underground II. It's SCARY! ------------------------------------------------------------------------------- Msg#: 9054 *COMMUNICATIONS* 08/12/86 23:50:02 (Read 28 Times) From: SCAN MAN To: JIM RATH (Rcvd) Subj: REPLY TO MSG# 9052 (TMC) Where is Thieves Underground located? [Why is Scan Man so interested in what Shawn is saying about his experience with TMC? I mean plenty of people on Pirate-80 have run-ins with some form of security everyday and he doesn't go researching them, why is this "TMC Run-IN" so important to him? Maybe he has a personal reason to be interested, then again maybe not.] ------------------------------------------------------------------------------- Msg#: 9086 *COMMUNICATIONS* 08/14/86 13:36:37 (Read 25 Times) From: JIM RATH To: SCAN MAN (Rcvd) Subj: REPLY TO MSG# 9054 (TMC) I believe TU is in Texas somewhere.. dunno where exactly (never really bothered remembering).. 214 AC though ------------------------------------------------------------------------------- Msg#: 9110 *COMMUNICATIONS* 08/15/86 03:54:20 (Read 16 Times) From: SHAWN To: JIM RATH (Rcvd) Subj: REPLY TO MSG# 9052 (TMC) If you want some details why dont you just ask me seeing as though i would be the one to ask the TU only knows what i tell him and scan man i need to talk with you about this they did have an idea of some things going on here and so one i would rather say it to yo then type it in shawn ------------------------------------------------------------------------------- Indeed, what is going on here Shawn? Just what did TMC mention about Pirate-80? And why not post it in on the public boards? For the answer to that maybe one could talk to Jeff Namey who works for TMC and is very proud to acclaim the efforts of one Scott Higgonbotham and his sting BBS Pirate 80 which has, in his own words, "Saved my company from near bankruptcy at the hands of the hackers." It is also interesting to note that Scan Man recently admitted to being a computer security consultant in Phrack Pro-Phile IV. He said his boss didn't know about his outside phreak/hack interests. Scan Man also claims to have infiltrated various security organizations. I wonder if he has infiltrated or simply joined as a regular member. ------------------------------------------------------------------------------- The following are highlights of a conversation with Ben Graves of TMC, around August 25th or 26th (SR=Sally Ride BG=Ben Graves): SR: Mr. Graves I need to talk to you about one of your employee's a Scott Higgonbotham (Scan Man). BG: What about Scott? SR: Well, my company is concerned with the impact of computer hackers on our business. Scott attended a convention in Miami around January and gave his business card to one of our security people. I'm following up on their conversation with the idea that perhaps my company could be given access to Scott's electronic bulletin board. In this way we could monitor for hackers abusing our codes. BG: That may be something we can arrange. I know that Scott has been a great help to TMC since we were able to pick him up. We began to have a big problem with hackers awhile back and Scott seems to have some of the answers. He's not in right now, can I have your number and I'll have him call you back? SR: You sure can. So, Scott's bulletin board has helped you reduce your losses to toll fraud? BG: Well, that's just one of the ways Scott has used to work on the problem. But, he has been very effective. SR: Thanks, Ben, I'll be waiting for the call. ------------------------------------------------------------------------------- The following are highlights of conversation with Pauline Frazier of TMC from around September 5, 1986 (Sally Ride: SR Pauline Frazier: PF) Operator: TMC, may I help you? SR: Yes, Ben Graves, please. Operator: I'm sorry, Mr. Graves is no longer employed here. SR: Oh!? Well, is Scott Higgonbotham in? Operator: One moment, please. PF: Hello, this is Pauline Frazier, I'm the office manager, may I help you? SR: Well, maybe, I was trying to reach Ben Graves, I just talked to him last week about another one of your employees, Scott Higgonbotham, now the receptionist says Ben no longer works here. PF: Yes, that is true, and neither does Mr. Higgonbotham. SR: May I ask why? PF: I'm really not able to say much, I think you should talk to our Regional Security Director, Kevin Griffo, he's on 804-625-1110. He could tell you much more than I can. SR: O.K., but maybe I should tell you why I'm interested. I was talking to Ben about an electronic bulletin board Scott is running. My company has someone on it and we're concerned that things might not be legal on there. There are access codes being posted of my company's and yours'. Could that be why they're no longer employed? PF: Do you mean he is posting TMC codes on there? SR: Well, I can't say he's the one posting the codes, but he is letting them be posted, along with a lot of other information such as computer logins and passwords. PF: Well, you know I never did like it when they hired that fellow. And, I told them so, too. When he started we had a problem with toll fraud, but nothing like it is now. He was able to catch a few of those hackers while he was here, and we pressed charges, but the problem just seemed to get worse and worse. SR: So, he actually had some hackers arrested? PF: Yes, several. He started working here in Charleston and then they sent him to New York when things got bad up there. But, things never have gotten any better since he's started here or in New York either. Sir, please, call Mr. Griffo about all this he can tell you more than I. SR: I will. Do you think he'd be in now? PF: Well, it's late here and he's probably gone home, try Monday. SR: Thanks, I will. (But you told me plenty, sweetheart!) [For the record I had a VERY similar chat with Pauline Frazier, it turned up the same results.] ------------------------------------------------------------------------------- The following are highlights of a conversation with Kevin Griffo, TMC, September 9th (Sally Ride: SR Kevin Griffo: KG). Oper: TMC, may I help you? SR: Yes, Kevin Griffo, please. Oper: His line is busy now, can he call you back? SR: Well, this is urgent, may I hold? Oper: Certainly, I'll let him know you're holding. KG: Hello, this is Kevin. SR: Mr. Griffo I've been referred to you by one of your Charleston employees, Pauline Frazier. She felt I should tell you what I told her yesterday about one of your now former employees, I think, Scott Higgonbotham. KG: Yeah, we let him go just last week. What about him? SR: My company feels Scott is running an illegal BBS and has for sometime been allowing access codes to be posted. Codes for your company's toll switches as well as ours and other's are being entered on his system as well as computer system logins and passwords. KG: Well, I'm not surprised. I have been to Scott's home to see the bulletin board. I knew codes were being posted, but I thought he was taking care of reporting them. SR: May I ask why you let him go? KG: Certainly, Scott just wasn't solving our problems. In fact, some of our people have thought he was somewhat to blame for many of them. Even though, at first, he appeared to be the answer. He was able to identify several computer hackers for us. SR: So, he did bust some hackers? Has he done so recently? I think a young man using the name Shawn on the bulletin boards was recently identified by your company. KG: No, he hasn't gotten anyone recently that I'm aware of, but he could have turned them over to one of the local franchises. You see TMC is a franchise operation. We try to help the franchises, but many do their own thing. We wouldn't necessarily know about all that goes on. SR: I'm sorry to hear you had this trouble. Perhaps, my company could be of assistance. We do work of a similar nature. KG: I'd certainly be interested in any help you could give. Can you put together a written proposal? ------------------------------------------------------------------------------- I also had an interesting conversation with Larry Algard of Pacific Northwest Bell. He confirmed that he had met Scott Higgonbotham at the Miami CFCA conference last January. He also mentioned that Scott had told him about his "sting" bulletin board, Pirate-80 in West Virginia. For those who are interested: TMC (Charleston Office).......................304-345-7275 Pauline Frazier, Office Manager (TMC).........See above Jeff Namey, Accounts Receivable (TMC).........304-744-6555 TMC (Miami Office)............................305-371-3544 TMC (Tidewater)...............................804-625-1110 Larry Algard (Pacific North West Bell)........503-242-8862 Pacific North West Bell (Employee Directory)..800-426-7039 Or write to; TMC 405 Capitol St. Parlor Suite Charleston, West Virginia 25301 All the thoughts in []'s and other information are the insane ramblings of Sally Ride:::Space Cadet and Knight Lightning, you tell me, are we spaced out or what?! The TMC employee interviews were by Sally Ride:::Space Cadet with me doing the background information. It was at this point in time that we decided to have a talk with Scan Man directly and give him a chance to clear his name and reputation. Unfortunately, Scan Man was very uncooperative and constantly avoided answering the questions I asked him. He also added that everything said in the interviews were lies. He claims that Kevin Griffo has never been to his house, he doesn't know Ben Graves, and Pauline Frazier hated him because she knew he was a hacker. He then went on to imply that Sally Ride:::Space Cadet was actually an employee of some communications carrier himself because of the terminology he used in some of his posts on P-80. Scan Man claimed that he has been telling people that he worked for TMC for quite some time and he only needed the codes from Shawn because he was going to be in Miami later that week. In other words, Shawn's near bust and his asking for TMC codes may have been a simple coincidence. He claims to have done system analysis for TMC, but also admitted to securing some of their computer systems, which isn't a crime. As for his being at the Miami CFCA conference, I will assume that he was infiltrating the con and was spotted as being a hacker. In order to gain the respect and confidence of the security officials, he told them that his bulletin board was a sting. Now, that story completely is believable with the exception of how he arrived, a plane trip paid for by TMC. Scan Man's last words contained a threat that if this affected his home life, he would personally track down the writers and contributors and shoot them with his rifle. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Notes from KL: One thing that I should mention is the fact that Pirate-80 has *NEVER* been busted or investigated. I mean its not hard to get onto and there are codes plastered everywhere you look. How many boards do you know of that have been busted for having codes on them? One example of this is with the credit card numbers owned by Richard Sandza, author of "The Night Of The Hackers" and "The Revenge Of The Hackers," both printed in Newsweek Magazine. "It wasn't long before I found out what was being done with my credit-card numbers, thanks to another friendly hacker who tipped me to Pirate 80, a bulletin board in Charleston, W. Va., where I found this: 'I'm sure you guys have heard about Richard Standza [sic] or Montana Wildhack. He's the guy who wrote the obscene story about phreaking in NewsWeek [sic]. Well, my friend did a credit card check on TRW...try this number, it's a VISA...Please nail this guy bad...Captain Quieg [sic].'" See this? This was published in "The Revenge Of The Hackers" in Newsweek Magazine! And what happened to P-80? Nothing! Here Richard Sandza has just announced to thousands of people that P-80 has credit card numbers posted on it and nothing happened. Why? The answer to that is left to the reader. There are a few other things to mention about Scan Man/P-80/TMC. Supposedly all of the computer equipment that P-80 runs on was donated by TMC themselves. It is also believed that Scan Man's only duty to the company was to report TMC codes so that they could be turned off. It would appear that this had changed but, we at Phrack Inc. in no way take any opinion whatsoever about the innocence or guilt of Scan Man. We leave it to the reader to decide for him/herself. I'm sure all parties concerned would appreciate you NOT calling the above numbers if all you plan to do is harass people or anything else among those same lines. After all a job is a job and harassing someone wouldn't do anyone any good either, it would just make them mad. If you are going to call, make sure it is for knowledge purposes only! Above all do NOT call Scan Man to harass him or his innocent family. My suggestion is that if you feel that Scan Man is an informant or whatever, then stop just calling his board. One last thing, a *VERY* big thank you to Sally Ride:::Space Cadet for a job well done and for all the time he spent working on the article. Information Provided by Knight Lightning & Sally Ride:::Space Cadet and directly/indirectly by Blade Runner/Evil Jay/Forest Ranger/Icarus 1/Jack The Ripper/Jim Rath Johnny Rotten/Larry Algard/Max Madness/Oryan QUEST/P-80 Systems/Scan Man/Shawn Suicidal Nightmare/Taran King/The Falcon/TMC Staff and other Anonymous Sources ------------------------------------------------------------------------------- PS: For those interested, this investigation was sparked by the interception of a memo from Larry Algard (Pacific Northwest Bell) to his boss, George Reay. What was in the memo? Several things, but mostly it spoke of the January CFCA (Communications Fraud Control Association) conference in Miami, Florida where Larry met one Scott Higgonbotham, Security Director for TMC (Tele-Marketing Company) who told him that he operated a "sting" bulletin board named Pirate 80 in West Virginia. _______________________________________________________________________________