Copy Link
Add to Bookmark
Report
Revival_1
----=[ CISSD ]=---- takes undue credit for the publication of Issue #1 of
__
|__| :
_____ _____:_____ ________|___ __|__ _
| . | __| | | | | | | |
---===[ | / __| /| | / _ | |__ ]===---
__|__|__|_____|___/ |__|___/__|__|_____|
| . | :
. . : .
.
- INTRODUCTION -
=========================================================================
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY JAN (C) 1992/93
-------------------------------------------------------------------------
As I type, IBIX(Maryland), Short Man(Ontario), Lister(ON), and
The Dope Man(ON), eat my phone bill for christmas dinner.. and in
that order. In an attempt to justify being WHQ for a text mag, i finally
sit to produce an issue.
Let us contemplate Mailing addresses temporarily. Send questions,
comments, kitchen utensils to:
TX c/o CISSD
37 Woolsthorpe Cres.
Thornhill, ON
L3T-4E1
CANADA
- TX
---
5 MOST FREQUENTLY ASKED CUSTOMER ASSISTANCE QUESTIONS(in order):
1. Who are you?
2. Where are you?
3. What are you?
4. Why are you?
5. How are you.
- IBIX
---
FOOLING BELL 800 ANI
Bell Canada 1-800 numbers are all blessed with the gift from bell
hell... Automatic Number Identification. And all is fine and well if you
are PBX'ing, but why?! The following is a simple, and consistent method
with which to fool BELL ani, to the extent where they only know what city
you are in.
You must train your ear... on just about every phone call you make,
you hear a faint 1300Hz tone accompanied by white noise. Each '='
representing this sound, and '-' representing silence, the pattern of sound
for a 1-800 number is approximately this:
----==========--==-----------------===========================RING
As a hacker, it is your duty to link to your three way node(where a
trusty hacker freind is waiting) at the '*' in the following illustration:
----==========--==-*---------------===========================BEEP!
'Your number please sir??'
'800 666 girl'
'Your number *AGAIN* please sir????'
'Oooops, that was my sisters number.. mine is [my area]-[my
exchange]-random four digits!'
'Thank you for (ab)using Bell Canada'
- TX
---
ADDITIONAL WAYS TO FOOL BELL ANI
You have just read a method of fooling Bell ANI for anyone equipped
with a 3-way line. However, some of you may not have 3-way, or may require
another method. Thus this article, Alternate methods of fooling Bell ANI.
The first step to fooling Bell Ani is very simple. We must connect with
the operator. Divert if you wish, but it is not neccessary. Once you have
gotten the operator say the follwing being careful to say EXACTLY what
I have written.
"Hello. Could I please speak with ANI?"
This is a keyphraze that will instantly gain you access to ANI. AT this
point we must fool ANI, and lull all suspicions. The following works for
me as a general rule.
"Hi ANI. I really love you! I'm VERY sorry about last night.....
let me take you out again tonight and make it up to you! I REALLY LOVE
YOU! I'll give you my real phone number! And I won't use aliases anymore!
I promise! I don't know what I'd do without you! Please give me another
chance. We can meet at my place...."
This is generally a safe way to fool ANI. After this, the most difficult
phaze is completed, it is up to you to close the conversation quickly
(can only talk to a bitch for so long....) and meet her after she
gets off work.
If this is done properly, You will gain access to wonderful crevices of Bell
employee property that will keep ypu going for weeks. However, be warned,
as with codes, an ANI is only good for so long.... after a week or two
it is best to find a new ANI.
- DOPE
---
TELEPHONE PIRATES - NOT JUST HACKERS ANYMORE
Excuse the numerous typos in this file, as it was taken from a recording
dicatated to me over a poor recording device... some words were
misheard/not heard at all and some information might be garfunkled...
sorry.
BEGIN _|
Telephone Pirates. Not just hackers anymore by Gerry Blackwell
-------------------------------------------
Two years ago, a teenage hacker 'broke into' westing house canada inc. sl1
PBX in missisauga, and stole $5000 worth of long distance telephone calls.
The company was lucky. It was petty crime commited by a not very clever
kid. That amount was peanuts. Still, westinghouse canada took a stand. It
tracked down the perpetrator and unlike other companies in similar
circumstances, brought the police in and went public with the story. 'We
were determined not to get a reputation for backing down.', says telecom
manager Al Addis.
Westing House had set up an 800 line terminating at a direct inward service
access(DiSA) port on the SL1. Executives on the road or at home could call
in to the switch, then dial out on the outWATS line to make their long
distance calls. Each executive had a four digit authorization code, and the
company monitor call detailed records regularily. The problem surfaced when
one senior executive long distance calling throught the disa port suddenly
skyrocketed.
DISA PORT BREACHED
------------------
It wasn't hard to figure out what had happened. Somebody had found out the
telephone number of the DISA port, possibly by using a PC program and a
modem to repeatedly dial numbers in sequence until it hit one that answered
with the wright kind of tone. Then a different PC program repeatedly dialed
then number, each time trying a different authorization code until one
worked.
That's the high tech method. It may be the theif learned the number by
shear accident. Westing house, like many other companies, had not stressed
the importance of keeping DISA numbers confidential. The kid who did the
hacking in this case only used the authorization code for his calls to
freinds and computer bulletin boards. The long distance charges appeared on
the Westing phone bill.
The company was lucky. The kid didn't, as many have, pass the authorization
code around to all his buddies, or worse, broadcast it on a hackers
bulletin board. Telecom staff at wessingtn house started phoning some of
the unnacountable numbers on the executive CDR printout. They ended up
talking to the parents of a freind of the perpatrator.
Again, they were lucky, this was an inexperienced hacker who didn't bother
to cover his tracks. 'It is unusual that the freinds parents were willing to
help.', Addis adds.
At that point, Westing House called the police, who went to the suspects
home with a search warrant. They found a PC set up for hacking. The company
stopped short of prosecuting, and eventually had to write off the $5000.
Westing House has now re-configured it's DISA ports so callers can only
access local lines, thus minimizing potential financial loss from further
hacking.
A BILLION DOLLAR INDUSTRY
-------------------------
THe Westing house case, unfortunately, is only the tip of the iceburg.
Theft of the telephone service and, more importantly, from customers is
endemic. Estimates in the US aggregate losses by customers at somewhere
between 500 million and 1 billion dollars a year.
Bell canada director of regional security in Ontario estimates losses by
phone company customers in Canada 'in the millions'. Srgt. Val King, in
charge of the computer crime unit of the RCMP economic crime directorate in
Ottawa has investigated at least one case in which the victims losses
topped $50 000. Other involved amounts of $20000 - $30000 and $40000
dollars.
EMBARRASSED VICTIMS
-------------------
The only thing remarkable about the Westing House case, is that the company
freely admits it happened. Most victims wont talk about the problem out of
the embarrasment, or fear of losing investors confidence, or the mistaken
idea that clamming up will prevent other criminals from figuring out how to
do it. "It can be a problem if you're not carefull", was the comment, all
too typical of the telecom manager of a large Canadian resourse company.
"But the less talking about it, the better."
That's the kind of attitude, said atlanta based security consultant Larry
Rigdon of communications consultants Ltd. that makes DISA fraud the
dirty little secret of the telecom industry.
"It's a major major problem", he said, yet nobody's talking about it. Not
even the media. In one of the hush hush cases, Rigdon claims the city of
New York was hit for $750 000 in a year, "But they won't admit it", he
says, "It's all political."
The RCMP's Val King says the unwillingness of coorporations to prosecute, or
even report a phone fraud case is one of the major problems in bedeviling
police work in this area.
"Even if a company doesn't wish to prosecute, we still like to know about
it.", he said, "it might help in advising companies on how to prevent other
crimes, AND you may actually have evidence that could help us prosecute a
criminal in another case.".
KIDS AREN'T THE REAL PROBLEM
----------------------------
But even with more help from the victims, prosecuting phone crooks won't be
easy. Rigdon and other security experts say, juvenile hackers are not
really the problem.
"If a company gets hit for $1000 in a month, maybe that's a kid", says
Rigdon, "But when it's $10 000, $50 000, $250 000, that's not a kid. That's
a proffesional who knows exactly what he's doing".
Says King, "it's falsely to think that hackers are all kids. It's just that
they're the ones who are easy to catch. As they get more experienced, they
learn to cover their tracks better.". Rigdon, and another US based security
consultant, Jim Ross, of Ross Engeneering Inc., in Adams Town(?) MD believe
many of the most dramatic cases of DISA fraud in the US can be traced to
drugs, trafficers, and other organised criminals. Bell Canada knows that
some of the cases investigated in Canada involve drugs or organised crime.
King admits some of the cases the RCMP investigated had links to organised
crime.
IN one US Case criminals stung a Harrisburg PA coorporation for $250 000
over a period of months. When the company discovered the fraud initially,
it upgraded security on its DISA ports so callers had to enter six digit
authorization codes instead of a four digit code. That didn't stop them for
long. All the calls were going to Columbia. When investigators finally
traced them back, they found the calls originated from a bogus construction
trailer set up on a vacant lot in manhatten. Of course the trailer was long
gone by the time investigators got there.
$50 000 in 8 days
-----------------
In another case, criminals bilked a chicago company of $50 000 in 8 days.
The same magnitude of loss can result when amateurs broadcast a DISA number
and authorization code on a Bulletin Board, Ross Says. For a few days,
hundreds of hackers may use the numbers wracking enormous phone bills for
the companies victimised.
HARD TO PROSECUTE
----------------
Inexperienced Phreakers(the term for telephone hackers), such as the kid
who stung Westing House are hard to prosecute, even when they leave a track
of muddy footprints behind them.
"Suppose you find the house where the calls are originating.", says
Detective Dave Hodgson of the Metro Toronto Police Fraud Squad. "There may be
five people in there. How do you know who commited the offence? You also
have to be there when they're doing it to charge them.". Hodgson has
investigated 'half a dozen' cases of phone theft in the last year, and
wasn't able to lay charges in any of them. King says his unit success rate
in prosecuting phone crooks is 'Less than 25%'.
THE VOICE MAIL DOOR
-------------------
The other major weak spot in modern telecommunication systems is the Voice
Messaging System.
In one case in the US, hackers broke access codes on a new
voice mail and automated attendant system installed in the Los Angelos
based certified grocers of california. The system included an 800 number for
the convinience of the grocery, wholesalers, employees, and customers.
Criminals broke into the system and temporarily commandeered 200 of 300 mail
boxes. They replaced the mail boxes owners greetings with recorded messages
giving up to the minute new york cocain prices and information about
hookers services. The company didn't detect the situation until it noticed
a suddent increase in the use of its 800 numbers.
Only in America you say? Think again. RCMP Srgt. Val King in charge of the
forces computer crime unit in Ottawa says there have been almost identical
cases in Canada, involving drugs and prostitution.
In one instance a hacker posing as the system administrator, broadcast a
message to select user saying the company suspected there was fraudulant
use of the system and was investigating. Could they please assist by giving
him a private message leaving their passwords, and ID? Luckily someone
checked with the real system administrator, and blew the whistle.
Hackers can easily, and will, if they haven't already, call into a Voice
Mail System, and through dial to the public switching network. If the line
is busy, or ringing no answer, the system allows callers to dial 0, and
then dial another extention rather than leaving a voice message for the
original recipiant. On many systems you can dial 0 and then 9 for an
outside line. From there, you can dial anywhere in the world.
So is there a problem with phone theft in Canada? you bet. How big is
harder to say, but if you accept estimates from experts like Ross and
Rigdon who say it's a billion dollar program in the US, it must be worse
than it seems in Canada, or it's soon going to get worse.
* Gerry Blackwell is a canadian journalist specialising in
telecommunications issues, and a contributing editor to telemanagement.
|~ END
In addition to this letter, a page was recieved detailing methods that
Canadaian companies shoud, and undoubtedly will use to protect themselves.
Hackers, take out your cyberdecks:
BEGIN _|
1. Best Defence:
Disconnect all DISA ports, using calling cards instead.
2. Next Best Defence:
Block all trunk calls to DISA ports or ??? All overseas calls.
(The biggest theft has involved overseas calls.)
3. Turn off DISA ports at night. Many fraudulant calls are made late
at the night.
4. Set the system to wait at least five rings before answering, and
don't answer with a steady tone. Answer with dead air, or a voice
message. (Hackers use many programs to automatically dial numbers
in search of DISA ports. They count the hit when the number answers
on the first or second ring with a steady tone.)
5. Issue a different DISA authorization code to each user. Do not
implement one code for all users.
6. Set mailbox password at a minimum six digits, and enforce frequent
password changes every 30 days if the feature is avaliable.
7. If users select their own authorization codes, set a poilicy and
make it stick that they can not use extention numbers, company ID,
or social insurance number. Make someone responsible for testing
codes for hackability.
8. Delete all Authorization codes programed into your PBX for testing
and service. Purge codes of former employees, or any code a former
employee might have known.
9. Implement DISA ports so that entering an invalid authorisation code
causes the system to drop the line.
10. Monitor the system continually through alarms status logs.
11. Study call detail reports on a regular basis to spot fraud related
calling patterns early.
|~ END
- TX
---
SO YOU KILLED THE MUTHA FUCKA. NOW WHAT?
The computer underground offers files which instruct in everything from
the weapons of death to methods of murder without remorse or being caught.
However, one encounters a fatal flaw in these ACSII councellors when one
actually commits a murder. As for the killing, we will assume
that you are capable of pulling this off yourself. Various creative methods
will be discussed in future editions, for now, however, we deal with the
after-effect.
Guns are always an easy way out. So, say you have just shot some bitch
... NOW what are you going to do? If you are reading this you are not made of
the stuff that would have you sit down and cry. Perhaps flight has entered
your mind? Well, running is not advised. In the before mentioned scenario
of having shot a woman, one is presented with a multitude of wonderous,
once-in-a-lifetime opertunities. For all eternity man has been obbsesed with
putting his penis in women. Vagina, mouth, butt, if its a hole, we stick it
in gleefully. So, now your looking at a WHOLE NEW HOLE! While unconventional,
this is a wonderful oppertunity.
Before even considering entry, one must take a few precautions. We are not
animals after all. Firstly, clear the entrance of any bone fragments that
could hurt poor ol' Jimmy. That done, finding a latex condom is advised since
the whore probably has aids. Now, get to it. Intercourse like its never been
before! You will find that various organs and mucle formations add and
decrease from the effect in very interesting ways. If you are fast enough to
do this while blood is still flowing, it is a very pleasant feeling.
I will discuss other things to try in the future also. However, before
I go, I will leave you with two other ideas. A nice slit with a knife
thats a bit tight also offers possiblity. Secondly, you may say, sure its
good fun, but I am going to get caught! Well, fear not. Murder usually
gets you caught anyway, and this will present an IDEAL insanity plea,
even though we know your not!
- DOPE
---
#1 WITH A BULLET
This article extracted from the Toronto Star Dec 26, 1992.
BEGIN _|
Montreal inventor touts a new age in ballistics
-----------------------------------------------
MONTREAL (CP) -
Picture the scene: a police officer finds a spent bullet at the scene
of killing.
Whose gun fired it?
Ask Michael Barrett.
Barett has come up with a system to automate the identification of
bullets after their discharge.
Every fired bullet bears markings from the gun that are just as
distinctive as a single fingerprint.
Barrett's computerized system, which is called Bulletproof, was developed by
forensic technology division of Walsh Automation Inc, a Montreal firm.
Barett says it advances ballistics - the science of projectiles and
firearms - into the next century.
The system carries a $500,000 pricetag, which may explain why there hasn't
been a rush to buy it, although ballistics experts throughout the world
have shown interest.
Barrett, of Montreal, said in a recent interview his microscope-data system
can identify and store data taken from test bullets from every registered
firearm in Canada.
He says the system can also:
- Trasmit data to any law enforcement agency or crime laboratory
in the world. That could alert authorities to the possibilty that
a security killer may be operating, and help track the movements
of criminals orginizations or terrorists,
- Help law-enforcement agencies solve crimes involving shooting.
- Save forensic examiners thousands of hours of tedious work
trying to link slugs to specific firearms.
- Cut down the handling of bullets used as court exibits, reducing
the chance of their damage or loss.
"Its an interesting, but expensive system," said Yves Ste-Marie, head
of Quebec's police labratory.
Gaylan Warren, a member of Association of Firearms and Toolmark Examiners,
a global organization, said the system has great potential.
"I've been to Montreal twice to look at the Walsh system and I'm convinced
that it does what they claim it can do," Warren a firearms examiner,
said in a telephone interview from his home in Newport, Wash.
"In ballistics you're dealing with cylindrical objects, and at times it takes
hours of painstaking work at the microscope before you can arrive at the
verdict."
Barrett's invention advances the microscope by years, Warren said. It has
a computer operated motor that can stop 50,000 times a revolution.
The slug can be videotaped and freeze-frames producd.
John W. Matthews, who was the RCMP's cheif scientist for firearms until he
retired in 1989, agreed with Warren that examining bullets takes a great
deal of time.
"Four to eight hours isn't uncommon."
Matthews, interviewed by telephone from his home in Ottawa, was excited
about the possibility that ballistics examiners could compare notes via
computer link.
Matthews, who said Barrett asked him to critique the system, termed it
"progressive. And when it gets on ine, (it) should prove a time-saver
for harried ballistics examiners.""
|~ END
Well, there's no real advance in technology here.. but the idea is
good, and it sounds like implementation might be welcomed by the wealthier
law enforcement agencies. The 8 hours examining a bullet could be the
escape of a criminal, or worse(in most cases), the death of another
individual.
On the other hand, aren't we surcomming to the enemy?.. What ever
happened to anti-big brother ideology? I'll show you my serial number if
you show me yours...
- DOPE(sourced/typed)
- TX (commentary )
---
C I S S D 's ANARCHY SERIES: UNDERWATER ANARCHY
Things that make you go BOOM!
Water. You can't set it on fire, and it makes a lousy bomb. Most of the time
it actually Impedes any attempt at being anarchic. However, water contains one
thing that can open new and unexplored forms of anarchy and physical violence:
The Scuba Diver.
Yes, the Diver. Scuba Divers love to explore new depths and flash their
high-tech and expensive gear all over the place. Divers are often upper class
middle aged men, which makes them an ideal target. Rich thrill seakers who
can flaunt their money, and in great quantitiy . Divers are also many times
the neuveau-riche, the very polluters of our society. No matter how you look
at it, Divers are filthy rich and are stinking bastards - the best kind for
attacks of anarchy.
In response, from the twisted depths of the CISSD's Collective Penii, I
present to you the Famed Underwater Diver Bomb.
Materials Needed:
1 Fairly Large Jar or othen type of Sealable Bottle.
Enough oil to fill half of the bottle
Enough Potassium to Fill the other Half of the bottle
Some kind of Trinket, or Toy (Preferable Shiny) to entice the Diver.
Remember, Potassium will burn quickly when exposed to air, and explodes in
water but not Oil.
What to Do Beforehand:
1) Take the Oil and fill the jar half way with it.
2) Place the Trinket inside, so it is quite Visible to anyone seeing the jar.
3) Fill the Other half of the jar with the Potassium and Close the lid as
Quickly as possible to Prevent YOUR injury.
4) Go to your local (or if you're on holliday, the beach) area where divers
Hang out and dive/explore and plant the bottle Underwater somewhere,
in a place where it can be seen easily, and attract a Diver's attention.
5) WAIT for the Fun and Fireworks.
Just what the hell does this sucker do anyways?:
Whats happening here is Simple, Potassium is a chemical that burns with air
and EXPLODES when comes in contact with water. The Oil Removes all the Air
from the jar as so the Potassium will not Burn and waste the Bomb. The
Shiny object or trinket is there merely to make the diver interested enough
in the Jar as to Open it.
Because OIL is LIGHTER than WATER, the oil floats away, and the water rushes
into the jar and hits the Potassium. Now, we all know what happens to the
Potassium when the ater hits it. By Bye Mr. Scuba Diver. Have PHUN!
- LISTER
---
SOON TO COME
Terminator X -=- AC's and DC's
1993 Updated list of Area Codes and some usefull
Direct Connect to out of area operators
Lister -=- JOYS OF THE HATCH
Report on our findings from our post-christmas
hatch hunting extraviganza
EUROPEAN SPACE AGENCY REPORT
---
CREDIT CARD FRAUD PREVENTION
Taken from the Toronto Star Dec 26, 1992.
BEGIN _|
You can't leave store without it
--------------------------------
Gucci leather it's not. But Totes' vinyl credit card "safe" wins
hands down when it comes to function over form.
Did that store clerk forget to return your MasterCard? This gadget
won't let you leave the counter without it.
Totes in Loveland, Ohio, has devised a case that holds seven charge
cards in plastic pockets with an electronically charged safety band. If you
close the black vinyl case without returning a card to its pocket, an alarm
(similar to a phone ringing) activates.
Totes' Credit Card Safe sells for $15, which includes a lithium
battery that operates the alarm system."
|~ END
I know several locals who steal cards this way and get away with it,
amazingly enough. I have released this article in attempt to curb
the habits of these persons and others before they are busted.
Why anyone would steal a card regardless of preventitive measures is
beyond me. Especially when its so much easier to write down the info...
- DOPE
---
C I S S D 's ANARCHY SERIES: GUIDE TO FRIED CHOOK
The LIVE Dead Chicken
[ This is a re-published article.. reminding us of CSSD in it's early days
of amateur hackerdom.. enjoy. - Ed ]
FRONTn'
------
Well, I'll have you all know that I do not recomend using any information
found within this file or archive and cannot be held responsible for
anything whatsoever since I'm not responsible anyway. Bla Bla blah blah
blah blah bla.
I also do not recomened reading this file if you are weak of heart, under
the age of 14, have ever spelt cool "c00L", upset by typos,
or are exicited by the idea of dressing in the oposite sex's clothing.
HISTORY
-------
Ok, by this point most of you will be wondering WHAT THE FUCK is a LIVE
dead chicken. Well, let me explain first with the breif history of the
chicken:
A year or so ago (1990), it occured to me that while people frequently
spoke of Cat Bombs and the like, nothing new had come out in quite a while
in this area. And I have a need to be origional. Also, liking my cat, I
did not like the idea of exploding feliones.
However, I have a DEEP and NUTURED hatred for Chickens, thus, the
LIVE dead chicken was born! You will find this 'recipe' is also an
effective weapon - read on to see.
THE REAL SHIT
-------------
There are two versions of the LIVE dead chicken. The first is effective, but
its much weaker. The second is MUCH more powerfull.
Ok, now, here is what all y'all people FUCKED UP 'nuff to try this (like me)
will need:
1 Chicken. It is best that the chicken be alive, or atleast recently dead,
however, a (un)frozen whole chicken will suffice with lesser results.
Several film canisters and/or any other smallish container.
A generous supply of Red phosphorus and Sodium Chlorate.
Sewing materials and/or Industial stapler
Duck Tape
Knife and other blunt instuments.
All right. Now that you have run about collecting everything, we start the
fun.
Assuming you have a live chicken, You will now need to end is filthy
life. Holding it down and making a lenghtways incision up its belly
is functional, but not so fun. I recomend beatting it a bit first and
various other stupid things that come to mind are always fun.
We ALL know its fun to cut their heads off, but don't. Makes the bomb
non-functional. Do that with another chicken tomorrow.
Now that the chicken is dead we need to worry about explosives.
In the weaker recipe (still not too weak), we use a sodium chlorate mixture.
This particular mix is IMPACT sensitive, so BE CAREFULL OUT THERE!
Anyway, mix the red phoshorus and sodium chlorate in 1:1 proportions
and fill whatever containers you have chosen. The containers should then
sealed and taped with duck tape.
At this poin you MAY want to hurl a container of the explosive at something a
little way away so you know how well you made the mix, and what you are
getting into. Play with them and see exactly how hard an impact they need,
thus, you will not accidently blow you face off.
Now, you will have to make a judgement call. I recomend taking SOME guts out
to fit more canisters of explosive in. See, the guts cusion impact thus
making the chances of explosion less likely. I recomand a small amount of
inards be removed an a rock be added in with the explosives. BUT, I leave
this to your discretion.
Once you have every conceivable item inside the chicken (you could even leave
a message in a steel container!) you will want to sew up ALL holes in the chicken.
Sewing should be done well, ie: stiches less that 3mm apart, for best effect.
You may noe tape up the chicken a bit. It help the blast, but dont tape
too much - you want the feathers free!
Basically, what you now have is an impact projectile. Drop/throw the sucka
and you get fireworks!
Now you see the beauty of this 'grenade'. You can FUCK someone up with it
in is powerfull forms, AND people will LAUGH! Imagine the hummilation
of dying from a Chicken bomb! Lying dead as the feathers settle around
corpse! heh, Also, one gets a good chance at a get-away. People tend to
stand transfixed wondering why a chicken exploded - or why the exposion
put feathers everywhere, and whether the guts on themself are the chickens
or from a victim. NO ONE will be paying attention to you most of the time!
Even better - terrorism and assassanation. WHO would stop someone with a
chicken?? You can carry this explosive pretty well anywhere with only a few
odd looks!
booooooooOOOOOOOOM !
--------------------
Now I will introduce the 'alternate' LIVE dead chicken ideas.
The following is the LIVE dead chicken but MUCH more powerfull:
Astrolite G is a form of ROCKET FUEL. It has a detonation velocity of
8600mps (meters per second) while TNT only packs 6900mps!
Now, astrolite g is made by:
mixing 2 parts by weight ammonia nitrate with 1 part anhydrous hydrazine.
This will make a clear liquid explosive! Note, you can spill this shit
on the grass - have it rain - come back 4 days later - it'll still blow up.
SO, ya pack a canister or two of this (maybe even a plastic lunch baggie)
with the rest of the explosive, and your BOOM is MUCH bigger.
I have also receive suggestions for the NAPALM CHICKEN. In this one would
replace the explosives with a full plastic baggie of Joy and gasoline[Ed:
or your favorite napalm recepie ], and place several ammonia pellets in the
chicken. When the bag breaks - there should be much napalm! This sorta
defeats the purpose of having a chicken with feathers.... but napalm is fun.
Especially when used in combonation with several unsuspecting police
officers.
- DOPE
---
BRAIN TO COMPUTER HOOKUP
Baltimore Local Paper - Harry - October '91
This paper MYSTERIOUSLY dissapeared after this issue was published.. [Ed:
Thanks IBIX ]
BEGIN _|
How would you like to recall what you thought as you were being born? A new
computer, being tested in Cupertino CA, connected to your brain and is able
to print out your entire memory. Every fact and feeling you have
experienced thorought your lifetime will be avaliable to you with the push
of a button.
Hideo Masayama, Japans leading computer designer, unvailed plans for the
device at this years computer expo in Yolkahama. The only catch is that, in
order to have this information avaliable to you, you must have a small plug
installed in your head. Masayama demonstrated the ease with which the
device is used once the emplant has been installed, by plugging a small
connector into a recepticle behind his own ear, and punching up the year
1948 on his computer. In an instant, his printer was in furious operation,
spewing out page after page of information, some of which was passed out to
the media in attendance. The scientist, who was 22 in 1948, talked to the
assembled press conference while the printout was in progress, and didn't
show any ill effects from the tap on his brain. The first printout page
passed out to the media had to do with his first day on the job at a
construction site where he worked while attending graduate school. The page
dated April 22, 1948, was in chronological order, according to the time of
day. "6 am.," it read. "Awake to terror and depression about first day on
job. Can't get out of bed. Can't get out of bed.
"6:04 am: Get out of bed and walk to the bathroom. Feel sad, because I know
I am too intelligent for this construction job, but since americans bombed
us into submission, can't find anything else. Hope to god, country can pull
out of it, so I can become the scientist I know I can be."
The printout went on to chronicle all the feelings and experiences of the
day.
"Clearly, this is a breakthrough unlike any other we have ever seen.", said
Masayama. "I am not going to share with you my birth memories, but I will
pass among you copies of a womans memories of her own birth. Her identity
is to remain, however, anonymous."
The womans birth memory printout began with the first light she shaw when
emerging from the woumb. It read, in part, "Dim light, brighter, brighter.
BLINDING LIGHT!! DANGER!! DANGER!! MEN!! WOMEN!! HANDS!! Hands holding me.
CUTTING ME!! DANGER!! DANGER!! THEY HAVE CUT MY CORD!! OH MY GOD!! THEY CUT
MY CORD!! WAKING ME!! BLOOD!! BLOOD!! FEAR!! FEAR!! PAIN!! PAIN!! TERROR!!
TERROR!! Wrapping me! Giving me to my mother. Oh, oh to be with my mother,
my mother."
Dr. Masayama claims that this process will teach people much mor about
themselves and their minds then they ever knew before. So many mental
ilnesses, he says, are caused by repressing bad things that happened to us,
and then having the bad memories come out in other harmful ways. If we
understand what has happened to us in the past, from birth to the present,
we have a head start in understanding what makes us tick, and what does
not. When asked about the operation to emplant the receptacle in the skull
Masayama described the procedure as simple. "No problem, really. We shave
an eighth inch of your hair behind the ear, and then drill a tiny hole in
the head directly to the brain."
The operation takes an hour, and can be done in a doctors office. The only
problem is that it's difficult to find a doctor experienced enough to do
the drilling, since the probe goes into the skull several inches deep, and
connects directly to the brain. "This is a problem at the present, but we
feel this is going to become so popular it will be as avaliable as ear
peircing."
Aside from the deep dark secrets locked up in our memories, which this will
let us in on, the computer brain memory printout has it's practical side.
"Forgetting simple everyday things will be a thing of the past. Where you
left your car keys, a forgotten telephone number, an important paper you
locked away? All of these things can be called up from the computer with
the push of a button."
Some experts are predicting that printouts of the partners involved will be
required to be avaliable to all persons getting married. They must be
required in some business deals, and there is worry that wives might plug
into husbands brians in order to check up on their sexual activity. The
future for brain computer memory devices is expected to be unlimited, and
could spell the end to civilisation as we know it. Think about it.
Dr. Masayama says the device could be on the market in time for valentines
day.
|~ END
- IBIX(sourced/dictated)
- TX (typed )
---
CREDITS
Well, to wrap up for this issue, I'd basically like to say Thank You.
It's been a SHITTY year, but thank you anyways. Y'see, however shitty, it
has allowed me to be exposed to more cruelty, feel more emotions, taste more
flavours of life, and be more people than any other year has.
It's time to settle down. Time to understand the cruelty, explore the
emotions, savour the flavour, and be myself. I finally love myself..
because however much i search for myself, I haven't the foggiest idea who i
am.
I know who the rest of these people are though.. [signing off.. TX]
LISTER LIST EOTD Recruiting - Overseas/Canada Relations
Sysop of 'The Revolutionary Front'
+1 416 936 6663 CISSD Canada/HQ
TERMINATOR X TX USA/Canada Relations - Intergroup Relations
Editor of 'REVIVAL' magazine
+1 416 886 5745 CISSD WHQ Voice
THE DOPE MAN DOPE Director of +1 416
Sysop of 'the Downtown Militarized Zone'
+1 416 450 7087 CISSD WHQ Data
IBIX IBIX US Contact - Director of +1 410
Concept design and development
-------------------------------------------------------------------------
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY (C) 1992/93
-----------------------------------------------------------------------------=[ CiSSD ]=---- is happy happy joy joy over Issue #2 of
__ /\
|__| \ \ :
_____ _____ _____ _____> \____ __|__ _
| . | __| | > | | > | |
---===[ | /_ __| /| | / _ | |__ ]===---
__|__|__|_____| _/ |__|___/__|__|_____|
| | / | | :
. \/ . : .
.
- WAR! -
=========================================================================
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY MAR (C) 1993/94
-------------------------------------------------------------------------
"Backstabbers. All of you are traitors..."
Well, that hurt. For two weeks, we all ate & slept fear, of Short
Mans anticipated arrest. We schemed around the clock to stop it, and
shamefully, we even schemed around the clock to make sure he wouldn't
rat. We protected our informants, and we didn't allow ANYBODY to get in
the way of our minute moral fiber that told us this arrest was wrong. I
personally found it hard to believe that the local blink who gets off on
telling 976 operators about his "Steel Penis" (The replacement because of
his mining accident), had enough time, or reason in the world, to run up
a $35000 phone bill for some PBX that isn't even in Canada.
We'd spoken about dissasociating with him before. He was the cause
of 911 pranks galore on our teleconferences.. he was the reason for some
international tension in our hacking circles.. he could even have been
the reason for an FBI investigation that brushed the livelyhood out of
our original 800 meridian, but he didn't understand.. and we never
considered his foolish mistakes an act of war. We liked Short Man..
despite our amazing problems with him, some might even say we loved him.
But it only took one sentence to break it all down.. one person to
say "don't trust them.".. one anti CiSSD comment, to scare Short Man into
submission. Now he's busted, and we all fear prosecution. You can't trust
someone who can't trust you.
- Terminator X(Ed)
WARNING: THE FOLLOWING TEXT CONTAINS MATERIAL WHICH MAY BE
CONSIDERED OFFENSIVE BY SOME. CISSD AND ITS MEMBERS BEAR NO
LIABILITY ON THE PART OF THE READER. READ AT YOUR OWN RISK.
DISCLAIMER: THE INFORMATION PRESENTED IN THE FOLLOWING TEXT IS
NOT INTENDED TO BE USED FOR PURPOSES CONTRARY TO LAWS IN THE
COUNTRY WHERE THE READER RESIDES. DUE TO AN INTERNATIONAL
DISTRIBUTION, OUR CHOSEN TOPICS WILL PROVIDE INFORMATION THAT
COULD POTENTIALLY BE USED FOR PURPOSES ILLEGITIMATE IN NATURE.
CISSD, AND ITS MEMBERS THEREFORE, BEAR NO RESPONSIBILITY FOR
THE ACTIONS OF THE READER, BE THEY A DIRECT, OR INDIRECT RESULT
OF READING THE FOLLOWING TEXT.
NOTE: BY READING BEYOND THIS POINT, YOU ARE AGREEING TO THE
CONDITIONS IN THE ABOVE WARNING, AND DISCLAIMER.
BTW, it should be noted that this file was, for the most part,
written in Canada; a country where freedom of expressions
existance is limited not only by public outcry, but also by
conflicting government legislation. CiSSD will not hesitate to
challenge the conflicting laws should any legal action occour
as a result of our controversial publication.
---
"We seem to be totally defenseless against these people. We have
repeatedly rebuilt system after system and finally management
has told the system support group to ignore the problem. As a
good network citizen, I want to make sure someone at network
security knows that we are being raped in broad daylight. These
people freely walk into our systems and are taking restricted,
confidential and proprietary information." - Digital Employee
---
TABLE OF CONTENTS
ITEM CONTRIBUTOR(S) LINE
==== ============== ====
Editorial Terminator X 16
Warning, Disclaimer -- 45
Table of Contents -- 82
[CiSSD] News and Natterings The Dope Man 142
[CiSSD] Meetings & Materials Terminator X 225
Bell Canada's Intent Towards Hackers The Dictator 278
Save The Scene! The Dope Man 338
Revival Discussion, From The Readers [Echo Of The Damned] 421
Abuse in the Home and School Terminator X 447
Free Calls, Third Billing Terminator X 526
Feature - 'All Systems Secure' 567
: DDN Security Management Lister 580
: Procedures for Host
: Administrators
: Canadian Telecom Safety The Dope Man 2832
: Checklist
News Bytes (and usually bites too) 2931
: Phone fraud bill $100 million Lister 2941
: Bell anxious to compete in Terminator X 3032
: cable, other markets
: $200M plea in TV battle Terminator X 3108
Erratum - Corrections from last issue Terminator X 3188
CiSSD Membership Information Terminator X 3219
Last Words From the Editor Terminator X 3254
119895 ]-[bytes]-------------------------------------------[lines]-[ 3307
---
"A sudden hot sweat had broken out all over Winston's body. His
face remained completely inscrutable. Never show dismay! Never
show resentment! A single flicker of the eyes could give you
away." - George Orwell, Nineteen Eighty Four
---
[CiSSD] NEWS AND NATTERINGS
The Dope Man
NEW MEMBERS
Well, its been a long 3 months since the last issue of REVIVAL, and
a lot has gone on in this time. Apart from the misunderstanding with
Zencor, DNR on a few lines and other such news (which is common to all
area codes), CiSSD has acquired a few new members.
As director of the group, it is my privilege to welcome our two
newest members, The Dictator and Hypnotech. We at CiSSD are confident we
have make good decisions... Both will make submissions to REVIVAL
and we are confident that good choices have been made in both cases.
If YOU feel you might have what it takes to be a CiSSD member, then
let us know! Our phone number appears at the bottom of this text, so
give us a call. Remember , you don 't have to be a Phreak or Hacker to
become a member. CiSSD has many legitimate interests, and talented
applicants may apply.
LAMERS OF THE MONTH
Short Man You've been singing too much Snow to have
turned Informer.
Viral Infector Didn't your mom tell you to think before you
open your mouth? We're waiting for your apology.
Napoleon You used Hypnotech to keep your wannabe Kode
KiDDie virus group alive. Then you had the nerve
to tell him you didn't need his service any
longer. Where are you and your group now?
Silver Foxx You are a moron.. never change the password on
an admin box! You got our 800 taken down cause
of your stupid ass power trip. Look at all the
power you've been left with now!
KLM Computers For being wit' Evan Towle, so to speak. Just
as a little reminder, Evan Towle put our
legitimate business practice under, by
propogating slanderous misinformation about our
product sources.. watch out for Evans under the
counter deals.. <smirk>
Its people like this that kill the scene. Why are they allowed
to exist until shit jumps off? Its inevitable, yet we wait for it to
happen.... We seek to discipline rather than prevent.
It isn't working.
Bruce Sterling said something at the end of "The Hacker Crackdown"
that fits rather well,
"It is the end of the amateurs"
Its both true and necessary. The lame jeopardize our existence.
I don't suggest not letting people learn, everyone must have a
"lame" period of knowing little, but more that those with lame attitudes
must be dealt with in some way. They jeopardize everything, yet can we
censor just as the government does? What do we sacrifice?
Do we go down with our morals intact? Or make a trade-off?
Its a decision that must be made for each individual, yet an issue
that must be dealt with immediately.
---
[CiSSD] MEETINGS & MATERIALS
Terminator X
CiSSD will hold monthly formal meetings for members, and informal
meetings for members and non-members alike. At current, CiSSD public
meetings only take place in Toronto. At current, we are planning a CiSSD
public meeting at the Rennesaince Hotel in Downtown Toronto Ontario,
on Sunday April 18 1993. Dress will be casual, and topics discussed open
to suggestion, as well as a fixed political agenda.
Plans are currently tentative. For confirmation of this meeting,
dial +1 416 417 0214. If you plan to attend, please leave a message, so
we have an idea of how many to expect. Public meetings are new for us,
and positive response can make them happen on an ongoing basis.
Date: Sunday April 18, 1993
Time: x:00 XX EST
Place: Rennesaince Hotel Lobby Downtown
City: Toronto, Ontario -- CANADA
Agenda: Group Membership Recruits and New Members Introductions
: Hacking ethic.. Who's gain, who's loss?
: General discussion, news discussion..
: Hacking info
: Pizza or McDonalds
Info: +1 (416) 417 0214
CiSSD promotional material will be avaliable soon. T-Shirts, Sweat-
Shirts, bearing the CiSSD logo will find a home in your home, if you
let them. As info becomes avaliable it will be released on our hotline;
+1 (416) 417 0214.
---
"Some of the devices used to best the computer are engagingly
simple -- as in the case of a young man who, obviously knowing
something about the ways of computers, applied for and received
a twelve-month installment loan from a New York bank. On
receiving from the bank, together with the loan, the book of
computer coded coupons he was supposed to send in with his
monthly payments, he tore out the last payment coupon in the
book instead of the first and sent it into the bank along with
one month's payment. He then received a computer-generated
letter from the bank thanking him effusively for paying off his
loan so promptly and assuring him of his excellent credit
standing. The young man didn't exactly steal from the bank --
he just left it up to the computer to make the next move."
- Thomas Whiteside, Computer Capers
---
BELL CANADA'S INTENT TOWARDS HACKERS
The Dictator
In a conversation I had recently with two internal members of Bell
Canada, I was priveledged to learn that bell "Frankly doesn't even
recognise a problem of system hackers and Long-Distance Phreakers, apart
from calling-card fraud."
It seems as though Bell Canada (who incedentally profited in excess
of $950 Million last year) doesn't find everyday phreaks a problem, even
going so far as to call 416 686-5890 a 'Fluke'. "The [Bell] Hiearchy is
too short-sighted to realize that there is definately the potential for
repeated hacking of PBX's, seeing how there population has grown to over
1000 in the metro area alone" said one Bell official. This attitude seems
to hold for other segments of H/P/V as well. "We don't even want to catch
the hacker," said a Bell investigations officer, "We just want to find
out how, and more importantly, why they hack." Bell believes Hackers to
be nothing more than bacteria on the phone trunks.
Bell Canada does not intend to alter service any further to deal
with hackers , and believes overseas billing via payphones will be
reinstated before 1994. Also, they have no intentions to stop third-
billing overseas from Non-Millenium (Digital) Payphones. "We can see no
purpose in affecting our customers' service any further."
When it comes to Cam-Net, Unitel, UTI and others' hacking problems,
a bell official simply stated that "They should get used to it. This is
the real world. If you can't forsee hacking of your services, you
shouldn't be offering them." It should also be noted that Bell wished no
part of Short-Man's trial. "Why should we get involved? He's just the
scum hackers scrape off of their shoes in the morning. Nothing would be
gained by prosecuting him. Besides, amassing the evidence would be more
exspensive than what we could possibly hope to charge him with," was the
response of a bell investigations officer.
With all this, Bell still intends to go ahead with their 800-Dialup
service which will allow you to third-bill to any number, regardless of
wether the number accepts the charges or not, by simply offering your
Visa or MC number in case the charges are reversed. "We have no
intention of offering a credit-card dialing service," stated one bell
official, "But we believe that this service will be benificial to our
customers, as well as sucessfully detering hackers.
All in all, Bell stills seems uptight in believing that they can't
be hacked into for any signifigant sum of money. That would seem to
leave most of us in 416 safe for the time being.
---
"Why should we get involved? He's just the scum hackers scrape
off their shoes in the morning. Nothing would be gained by
prosecuting him. Besides, amassing the evidence would be more
expensive than what we could possibly hope to charge him
with," - Bell Investigations Officer <See Above Article>
---
SAVE THE SCENE!
The Dope Man
The computer underground is in a time of crisis. Ten years ago,
being a hacker was an ideal, something that every kid who ever watched
War Games wanted to do, but couldn't. Back then, the scene was tiny and
efficient and busts were scarce. However, in 1993 things have changed.
In fact, one can hardly recognize the underground. Busts are commonplace
and even the average person with a modem can access deviency text files.
However, these developments pale in comparison with the one true issue,
the one thing that will be the end of it all. Hackers are no longer the
good guys.
Over the last few years tens of millions of dollars have been lost
worldwide due to the underground. Much of this figure is theoretical
loss, money that was never taken, but is rather the loss of projected
profit. The unfortunate thing is that the public does not differentiate
between these two types of loss. The media says "Teenage hacker steals
$100 000 in phone service" and it is accepted by the masses without
question. And why should they question?
The corporations and the police give the media the information for
their articles. Their motives for this are plain. These institutions do
not benefit from public sympathy for hackers, and they have both realized
the problem, and how to solve it. The media can only print what they are
told. Thus, we have the articles that condemn even 13 year old phreaks
as organized criminals. There is no mention of the morality of
phreaking, or Bell's over-pricing. Just a simple article reporting on a
criminal. Or, even better, as is the the current trend, feature articles
on the underground (which describe all of the anarchy files, but none of
the ethics). The media, the government, the police, the corporations -
All have it in for the scene, and they seem to be winning.
All is not lost, however. The Underground in its inflated size
spans the world, and encompasses many thousands of people. It may
generally be said that members of the hack and phreak communities tend to
be of an intelligent stock. Thus, we find our solution. They give us
bad media, we give ourselves good media. Its easy to do, and it works.
- Letters to the editor of papers explaining the morals behind the
boy they call a crook.
- Calling in to "answering machines" for radio shows.
- Phone-ins on the radio
- Call your local paper and tell them you will give them the inside
scoop on the computer underground, and guide them through, showing
the positive sides.
All of these activities are relatively easy, none are major
projects. However, on a massive scale, they will make a difference. The
difference between the life and death of the computer underground scene -
something none of us want to see in our life times. Police busts become
less frequent when the public disagrees (and you don't want to be busted
now do you?), and certainly hackers are treated better by police officers
who feel they are arresting a "nice kid who just fools around on his
computer too much".
Cops want to arrest crooks; not kids.
Society wants cops to bust crooks; not kids.
Crook is relative to the morals of the masses. You and I can change
these morals, reverse the damage, save our place in Cyberspace. But I
need your help, and you need mine. If we all work together, the
momentum of the movement will be unstoppable.
We will win - but we must care enough to try.
---
She's always miserable.. rather incomprehensable, and makes no
effort whatsoever to be sociable, but at least no one will ever
rob her of her happiness.
---
REVIVAL DISCUSSION, FROM THE READERS
[Echo Of The Damned] Postings
In the future, this column will be used for reader responses to past
issues of REVIVAL. To become involved in this column, apply to any BBS
system worldwide, supporting the Echo of The Damned network, and post in
the 'REVIVAL! Discussion' base.
All CiSSD HQ boards carry Echo of The Damned, and Echo of The Damned
hubs will also be granted to the most deserving applicant in any given
service area, and hubs will be responsible for activity within their own
area code. To apply as an Echo of The Damned hub, call CiSSD WHQ, The
Downtown Militarized Zone. To apply as a node, post to 'The Dope Man' or
your area hub Sysop, from any Echo of The Damned system.
- Termiantor X(Ed)
---
_
CRIME, krim, n. an act punishable by law; such acts
collectively: an offence, sin.
---
ABUSE IN THE HOME AND SCHOOL
Terminator X
It's a crying shame, believe it or not that 20 - 30% of children
are abused in their own homes, and a far larger number are abused in
their schools. I speak not of cuts and bruises, nor broken teeth and
broken bones, but rather, of a much more lasting pain; that of mental
abuse.
The offenders; Parents, teachers, and administrators. The victims;
our future -- the youth of today.
The figure is staggering. It is also very approximate, but before
you dismiss it, consider the following: What outlet does a child who
feels neglected, or maltreated, have in order to relieve the pain and
suffering.. or the feeling of aloneness? Who is it that sets guidelines,
and shows children where to go when they are hurting. When you were
growing up, or if you still are, who did you go to when you had a problem
you couldn't deal with? Your parents, the abusers? Your best freind..
what if you couldn't see your freind, or talk to him/her? How would you
feel? Surpressed?
Sadly enough, childen who are abused usually have a distinct inner
feeling that the abuser is right, and they are wrong. In an interview
with a young abused girl, she said she thought that maybe her
parents would be less abusive if she followed the rules. When asked what
rules she broke, she responded, "Sometimes, I don't clean up my room,"
She said, "I've never been grounded for more than 2 months, although,
even when I'm not officially [grounded], I can't go out, because I'll get
yelled at when I get home.
"My mom hasn't beat me since I was eight." She is sixteen now. Her
father spends most of his time fighting with her mother, which used to
tear her apart. "I'm used to it. Sometimes I just yell randomly in the
middle of an argument, and then laught riotously! It's the best
entertainment I get." She added, "TV has lost its edge. I'm sick of it.
I could do without it."
"Sex is the best. It's the only escape from the constant
screaming.", she said when asked what she does to relax. She has been on
birth control pills since the age of fourteen, and often has intercourse
without the use of latex protection. "I hope I get AIDS and die.", she
chuckled.
Abuse in the school is also from neglect. Since the advent of the
school designed for mass indoctrination (a.k.a. 'public school system'),
administration has become so impersonal that matters of phsycological
difficulty caused by neglect at home, are treated as disceplinary
problems. The victims are treated as 'delinquents'. They are demited, and
eventually become unemployable. Favorite phrases of administrators
include "I don't want to know" and "only you caused this situation."
We should work to have the school problem solved. The board of
education for your area should be encouraged to hire guidance officials
with phsycology experience. Problems of attendance and deteriorating work
habits should always be approached with the idea that mental problems due
to excessive stress in everyday life, or abuse, could be the underlying
reason for substandard acheivement.
Parental expectations need to be lowered to attainable levels. Not
every child has the capability to perform straight 'A's in all of their
subjects. Not every child has the will, and not every child has the
desire.
In Canada, there are laws against mental abuse, but there is no
sufficient platform for enforcement of these laws by the children who are
most hurt by the cruelty of their 'superiors'.
When asked why disceplinary action for attendance and smoking was so
severe at Thornhill Secondary School, a Vice Principal responded "These
kids simply need to follow the rules. If they can't do it, then they
deal with the consequences. It's not my job to oversee how they live at
home.
Who's job is it?
---
FREE CALLS, THIRD BILLING
Terminator X
In the (416) area code, it has become common practise for many
phreaks to third bill telephone calls to illegaly obtained Voice Mail Box
systems. Recently, however, phreaks are noticing it to be increasingly
difficult to third bill to these boxes.. and they can also no longer have
their boxes accept collect calls. The reason for this is DMS number
blocking.
The switch can be programmed to automatically reject third bill and
collect calls placed to a block of numbers. The system administrator for
the company owning the VMB exchange calls up, and has the phone company,
Bell Canada in our case, install a number screen on the VMB exchange.
DMS number blocking has one significant flaw. It is only capable of
placing a screen on number blocks of 1000 or more. If you are aware of
any VMB exchanges containing 900 or less VMB's, not only does the company
not have blocking, but cannot obtain blocking to prevent you from third
billing.
Another interesting footnote regarding third billing in the (4
16)
area is that Bell Mobility Cellular has opted for the time being not to
block their exchanges.. if you can hack Bell's, then that's the way to
go.. not that I support any of this at all. Seriously! Other than
emergency situations, third billing illegitimately provides nothing but a
shure-fire way to get caught.
Finally, it might be noted that Bell Mobility has experienced
approximately $20000 of similar fraud every month since this flaw was
uncovered.. That only includes that which DOES get caught. Those who
don't get caught are stealthier.. they spread it around.. and any
customer without detailed billing pays the bill without question.. they
really don't know if they used $500 of phone time this month.. how could
they?
- Terminator X
---
FEATURE: ALL SYSTEMS SECURE
Lister - The Dope Man
This month, CiSSD's independant researchers went off to look for
articles and we came up with a concensus on a single topic.. systems
security.
In addition to the other topics this month, we decided to publish a
few of the documents they found in our feature this issue, 'All Systems
Secure'.
Sourced by: Lister
Topic: DDN Security Management Procedures for Host Administrators
: Volume I of II
Length: 74.7KB
Begin ---*
VOLUME I
1. Purpose. This Circular is the first of two volumes
describing security management procedures for the Defense Data
Network (DDN). Volume I provides operational security
guidance for the DDN and describes the Host Administrator's
management responsibilities. It is based on review of
Government and industry documents on the DDN, local area
networks, and computer security. Volume I establishes methods
and procedures for detecting and reporting unauthorized
activity. It describes the resources and tools available to
the Host Administrator for investigating local incidents.
Additionally, it discusses the procedures and tools needed for
reporting network related incidents to the DDN Network
Security Officer (NSO). Volume II prescribes the policy for
enforcing network operational security and describes the
management responsibilities of the DDN Network Security
Officer (NSO). Volume II will receive limited distribution.
2. Applicability. This Circular applies to DCA Headquarters,
DCA field activities, and Government and commercial activities
using or managing the operation of the DDN.
3. Policy. DCA continually strives to improve its resources
for providing a reasonable level of security for the DDN.
These resources include the network access control system and
its audit trial analysis capabilities for detecting
unauthorized and illegal network activities. These detection
and audit capabilities will be used to identify and prosecute
unauthorized individuals who access or attempt to access
databases or system software of host computers connected to
the DDN. In addition, DCA has created the DDN Security
Coordination Center (SCC) to gather information regarding DDN
security problems and to disseminate problem definition,
status, and resolution information under the direction of the
NSO. These resources and tools alone are not sufficient.
Site personnel such as the Host Administrators need to assume
an active role and assure their constituents and the DDN that
they are providing for a reasonable level of protection of the
___________
OPR: DODM
Distribution: B,J,Special
ii DCAC 310-P115-1
network and computing resources under their jurisdiction.
Host Administrators are required to report suspicious
activities to their network manager. Formal investigations of
unauthorized or illegal activities occurring on the DDN must
be coordinated with the DDN Network Security Officer.
Individuals suspected of unauthorized access or use of host
computers over the DDN will be subject to prosecution under
Title 18 of the Federal Criminal Code.
4. Procedures. Chapters 4 and 5 describe the procedures for
performing the security functions of the Host Administrator.
5. Responsibilities. Chapter 1 describes the
responsibilities of the Host Administrator in performing the
security functions.
6. Related_Documents. The following documents are
recommended reference materials to supplement this document.
a. DoD Directive 5200.28, Security_Requirements_for
Automated_Information_Systems_(AISs), dated 21 March 1988.
b. DCAI 630-230-19, Security_Requirements_for_Automated
Information_Systems (draft), dated 18 October 1990.
c. Defense_Data_Network_Subscriber_Guide_to_Security
Services_1986-1992 (includes the DDN Security Classification
Guide at Appendix I).
d. Internet_Site_Security_Policy_Handbook (Internet
Draft). This document can be obtained by contacting the
Network Information Center (NIC), SRI International, 333
Ravenswood Ave., Menlo Park, CA 94025.
e. Computer Security Center (CSC-STD-002-85), Department
of_Defense_Password_Management_Guideline, aka "The Green
Book", dated 12 April 1985.
FOR THE DIRECTOR:
EDWARD J. HENDERSON, JR.
Colonel, USAF
Chief of Staff
DCAC 310-P115-1 iii
CONTENTS
BASIC CIRCULAR Paragraph__Page
Purpose................................. 1 i
Applicability........................... 2 i
Policy.................................. 3 i
Procedures.............................. 4 ii
Responsibilities........................ 5 ii
Related Documents....................... 6 ii
Illustrations........................... v
Glossary of Terms and Definitions....... vii
VOLUME I. DDN SECURITY MANAGEMENT PROCEDURES
FOR HOST ADMINISTRATORS
Chapter Paragraph__Page
1. INTRODUCTION
The DDN Security Resources............ 1 1-1
Responsibilities of the Host
Administrator....................... 2 1-2
Responsibilities of Other Site
Representatives..................... 3 1-2
2. THE DDN SECURITY PROBLEM
General............................... 1 2-1
Attack Points......................... 2 2-1
Categories of Network Abusers......... 3 2-1
Common Penetration Techniques......... 4 2-2
Necessary Precautions................. 5 2-4
3. NETWORK ACCESS SECURITY
General............................... 1 3-1
TAC Access Control System (TACACS).... 2 3-1
4. OPERATIONAL SECURITY MANAGEMENT OF
UNCLASSIFIED NETS
General............................... 1 4-1
Access Vulnerability.................. 2 4-1
Risk Assessment....................... 3 4-2
Security Policies and Procedures...... 4 4-2
Education Program..................... 5 4-5
5. OPERATIONAL SECURITY MANAGEMENT OF
CLASSIFIED NETS
General............................... 1 5-1
Limited Terminal Access Controls...... 2 5-1
Closed Community Characteristics...... 3 5-1
iv DCAC 310-P115-1
Chapter Paragraph__Page
Security Awareness.................... 4 5-1
6. DETECTION OF UNAUTHORIZED HOST ACCESS
General............................... 1 6-1
Detection Training.................... 2 6-1
Logging Events........................ 3 6-1
Peculiar Behavior..................... 4 6-1
Legal Recourse........................ 5 6-2
Prosecution as a Deterrent............ 6 6-2
Incident Reporting by Subscriber...... 7 6-2
Contacts.............................. 8 6-2
What Information To Report............ 9 6-3
Follow-up Information................. 10 6-3
7. TOOLS FOR INVESTIGATING INCIDENTS AT THE
HOST LEVEL
General............................... 1 7-1
Host System Logs...................... 2 7-1
Other Tools........................... 3 7-1
TACACS Reports........................ 4 7-1
8. SUMMARY
Penetration Techniques................ 1 8-1
Other Topics.......................... 2 8-1
DCAC 310-P115-1 v
ILLUSTRATIONS
Table Page
1 Vulnerability Analysis/
Operations Management and
Processing...................... 9-1
2 Vulnerability Analysis/
Communications.................... 9-3
3 Vulnerability Analysis/
Disasters......................... 9-4
4 Vulnerability Analysis/
Personnel......................... 9-5
5 Vulnerability Analysis/
Training.......................... 9-7
6 Vulnerability Analysis/
People Errors and Omissions....... 9-8
7 Tabulation of Vulnerability
Analysis/Self-Assessment
Results.......................... 9-9
vi DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 vii
GLOSSARY OF TERMS AND DEFINITIONS
ADP Automatic Data Processing.
CERT Computer Emergency Response Team.
DCA Defense Communications Agency.
DCS Defense Communications System.
FBI Federal Bureau of Investigation.
HOTLIST A list of all TAC user identifications which have
been stolen, have expired or which otherwise have
been compromised.
IPTO Information Processing Techniques Office.
LAN Local Area Network.
MILNET Military Network.
NAURS Network Auditing and Usage Reporting System.
NIC Network Information Center.
NSO Network Security Officer. Focal point for network
related operational security matters.
OSI Office of Special Investigations.
SCC DDN Security Coordination Center.
TAC Terminal Access Controller. C/30 computer that
connects end user terminals to the network and
provides an interface to the DDN. In this document
it also refers to a miniTAC which serves the same
function as a TAC.
TACACS TAC Access Control System. A system that controls
terminal access to the MILNET.
TACACS
GUEST
CARDS A temporary TACACS card given to a user who does not
have TACACS privileges but temporarily needs them.
A guest TACACS card may also be given to an
authorized new user who has not yet received a UID
or password.
TAC CARD A card authorizing the user TAC Access to the
MILNET.
viii DCAC 310-P115-1
TAC PORT Point where an end user terminal or modem is
connected to the TAC.
TASO Terminal Area Security Officer. Responsible for
enforcing all security requirements implemented by
the NSO for remote terminal areas. Also responsible
for ensuring that all countermeasures required to
protect the remote areas are in place.
UID User Identification.
WIN WWMCCS Intercomputer Network.
WWMCCS Worldwide Military Command and Control System.
DCAC 310-P115-1 1-1
CHAPTER 1. INTRODUCTION
1. The_DDN_Security_Resources. This Circular is intended to
provide Host Administrators a set of security guidelines to
operate on the Defense Data Network (DDN). This Circular will
assist you in maintaining the security of your local host
computer site, as well as the overall DDN. It does not in any
way supersede any current Service Regulations or Procedures
governing the security of ADP facilities not related to the
DDN. This Chapter provides you with a definition of your
security responsibilities as a Host Administrator. You must
have contact with certain offices to fulfill these
responsibilities. The duties of these offices are discussed
here to assist you in understanding their missions.
a. DDN_NSO_(Network_Security_Officer). The DDN NSO is
the single point of contact for dealing with network-related
operational security issues. The DDN NSO also implements
applicable policies included in DCAI 630-230-19, Security
Requirements for Automated Information Systems. The NSO
recommends security policy affecting the DDN and is
responsible for its general enforcement. The NSO also works
closely with Host Administrators to resolve network and
related computer security problems and incidents affecting
their sites.
b. Host_Administrator. A Host Administrator is the
person who has administrative responsibility for the policies,
practices, and concerns of a host, or hosts, connected to the
DDN, including responsibility for that host's DDN users.
Specifically, the Host Administrator is responsible for the
following activities:
(1) Assisting with network management by ensuring
that network policies and procedures are observed by the
users. Locally administering the TAC access control system
(TACACS), ensuring that all of their host users have been
authorized for DDN and TAC access and are registered in the
NIC user registration database (WHOIS/NICNAME).
(2) Locally managing the network access control
procedures and password system. Reporting network-related
host break-ins and assisting with investigations as needed.
c. NSC_(Node_Site_Coordinator). The NSC has physical
control over hardware and software, and coordination
responsibility for the DDN circuits and equipment located at
the DDN node site.
d. NIC_(Network_Information_Center). The NIC registers
all users in the WHOIS/NICNAME database and operates the
Network Auditing and Usage Reporting System (NAURS) computer
system that produces the MILNET TACACS audit and incident
reports. Call (800) 235-3155 for more information.
1-2 DCAC 310-P115-1
e. DDN_SCC_(Security_Coordination_Center). The SCC
gathers information about DDN computer and network security
incidents and works closely with the NSO to disseminate the
information necessary to contain, control, and resolve these
problems mainly through the DDN Security Bulletins. The
hotline number is (800) 235-3155.
f. CERT_(Computer_Emergency_Response_Team). The CERT
gathers and distributes information about Internet security
incidents. They work closely with the NSO and SCC on DDN-
related security problems. The hotline number is (412) 268-
7090.
2. Responsibilities_of_the_Host_Administrator. Host
administrators have the overall responsibility to provide a
reasonable level of protection to host sites from the
possibility of network compromises. They must act as liaisons
with the NSO, SCC, vendors, law enforcement bodies, and other
appropriate agencies to resolve any outstanding security
problems and prevent their future recurrence. They are
responsible for the enforcement of DDN policy at their site.
Because information acquisition and distribution is such a
vital part of the responsibility of the Host Administrator,
the use of electronic mail is a basic tool to support this
function and should be used whenever possible. Not all Host
Administrators have access to this valuable tool, but given
its value, these sites are strongly encouraged to implement
this capability.
3. Responsibilities_of_Other_Site_Representatives. There are
several other levels of responsibilities for the provision of
security for the DDN. At the most basic level, the individual
users should take the necessary precautions to minimize the
chances that their accounts could be compromised. They bear
the primary responsibility for the protection of their
information. If users took this responsibility seriously and
acted accordingly, the majority of computer incidents could
not occur. System managers have the responsibility to
maintain the resources and procedures to establish an
environment for "safe" computing (e.g., implementing
procedures for proper installation and testing of system
software, adequate backups, and reasonable system monitoring).
Vendors have the responsibility to notify their customers of
problems with their software (especially problems which could
compromise system security) and to distribute timely fixes.
DCAC 310-P115-1 2-1
CHAPTER 2. THE DDN SECURITY PROBLEM
1. General.
a. A computer network is a telecommunications system
primarily designed to allow a number of independent devices
(i.e., host computers, workstations, terminals, or
peripherals) to communicate with each other. Essentially, the
DDN is a worldwide collection of computer networks. As the
DDN expands its capabilities and resources, and as more
consitituents gain DDN access, the risk increases to the
overall security of the information and data flowing in the
network. Therefore, a major concern is that security problems
will rise in response to this expansion. Additionally, the
possibility of espionage activity also increases as the
network gets larger.
b. On November 2, 1988, Robert Tappan Morris, Jr.,
drastically changed the attitude of network users and
administrators regarding security network and computer
security problems. He unleashed his infamous Internet Worm
which afflicted over 6,000 MILNET and other Internet hosts.
The incident caused a fair amount of panic because most of the
sites were ill-prepared for such a massive scale of
intrusions. It was fortunate that, due to a miscalculation,
the attack was unrestrained. In its original manifestation,
Morris' Worm might have gone undetected at many sites. The
main lesson to be learned from that incident is that everyone
connected with the use of network and computing facilities
must always take into account the vulnerabilities of network
resources to compromise or attack.
2. Attack_Points. The DDN security problem is defined as the
accidental or intentional disclosure, destruction, or
modification of information flowing or accessed through the
DDN. Potential points of attack include terminal-to-network
interface connections, terminal-to-terminal interface
connections, terminal-to-host interface connections, and
interfaces or circuits themselves.
3. Categories_of_Network_Abusers. Identifying the security
problem or threat is a key element in determining security
risks. Consider the fundamental characteristics of the
threats to your assets before you worry about specific
techniques (to be discussed in the following section). For
example:
a. Unauthorized access by persons or programs which
amounts to the use of any network or computer resource without
prior permission. Such unauthorized access may open the door
to other security threats including the use of your facility
to access other sites on a network.
2-2 DCAC 310-P115-1
b. Disclosure or corruption of information. Depending on
the sensitivity of the information, disclosure without
modification may have more damaging consequences if the event
goes unnoticed.
c. Denial of service which prevents users from performing
their work. In fact, an entire network may be made unusable
by a rogue packet, jamming, or by a disabled network
component. (The Morris Worm contained all of these
characteristics. If you have considered options to address
these general characteristics, you may be well-equipped to
handle variations of historic penetration strategies that may
evolve in the future.)
4. Common_Penetration_Techniques. In evaluating the security
relationships between the security of your host computer and
the DDN, you may wish to consider the following penetration
techniques. These are methods that may be used to penetrate
your computers. Therefore, you must take precaution to
prevent the possible success of these types of attacks.
Several techniques exist to aid in the unauthorized access to
computer system components. These techniques are closely
associated with a system's vulnerabilities. Therefore, their
successful application first requires identifying a system's
vulnerabilities. Through analyzing a systems protection
mechanisms (or lack thereof), how they function, and their
deficiencies, consideration can be given to how such
mechanisms can be circumvented, nullified, or deceived. Many
of these techniques can be categorized by the types of
activity they involve and the system vulnerabilities they
exploit. A particular type of technique may be used to
exploit more than one vulnerability, and a vulnerability may
be exploited by more than one technique. Some techniques
leave signatures (i.e., traces of their utilization), others
do not. Such signatures, their detection, and analysis are
fundamental to threat monitoring and security auditing.
a. Browsing. An individual gains unauthorized access to
a user's files by exploiting the vulnerability of a file
access authorization mechanism in the operating system.
"Browsing" requires knowledge of file names and use of a
program, and it characteristically includes the following
operations:
(1) User's program A references a file not authorized
for such use.
(2) The operating system does not check the activity
and permits access.
(3) Program A gains access to the file, reads it, and
formats it for printout, or deposits it into a local file
under the penetrator's control. Unauthorized system users (if
they know all the file names in a system) can use this
DCAC 310-P115-1 2-3
technique numerous times to browse through all the files
looking for classified or sensitive information. This is not
generally possible, however, when files are protected by
passwords.
b. Masquerading. Gaining unauthorized access to a system
component by assuming the identity of another authorized user
is called "masquerading". Success of this technique stems
from a computer system having no means of establishing a
user's identity other than through symbolic identifiers. The
easiest method of masquerading is to obtain the password and
other identifiers of an authorized user from some report or
document that was carelessly left exposed. This situation is
most likely to occur in installations that support remote
terminals where no option exists to have such identifiers
suppressed by the terminal during the SIGN-ON procedure. Even
when a suppression capability is provided by the terminal that
overtypes any such identifiers before or after their printing,
they can still possibly be discerned. A more sophisticated
technique for gaining access to an authorized user's
identifiers is to wiretap the terminal and intercept the
identifiers when they are transmitted in the clear over
communication lines.
c. Scavenging. This penetration technique exploits the
vulnerability of unerased residual data. Both primary and
secondary storage media used for processing sensitive
information may continue to retain that information after
they have been released for reallocation to another use. The
latter may then "scavenge" the information by reading the
storage media before making any other use of it.
d. Unknown_System-State_Exploitation. This method takes
advantage of certain conditions that occur after a partial or
total system crash. For example, some user files may remain
open without an "end-of-file" indication. The user can then
obtain unauthorized access to other files by reading beyond
that indicator when the system resumes operation.
e. Asynchronous_Interrupt. This technique exploits
system vulnerabilities arising from deficiencies in the
interrupt management facilities of an operating system. If a
processor suspends execution of a protection mechanism to
process an interrupt and is then erroneously returned to a
user program without completing the security check then the
protection has been circumvented.
f. Spoofing. Spoofing exploits the inability of a
system's remote terminal users to verify that at any given
time they are actually communicating with the intended system
rather than some masquerading system. This deception, also
known as a "Mockingbird Attack," can be perpetrated by
intercepting the terminal's communication lines and providing
system-like responses to the user. A variation of spoofing is
2-4 DCAC 310-P115-1
the use of an application program to provide responses similar
to the operating system, so the operator will unknowingly
provide the passwords to an applications program and not to
the operating system.
g. Trojan_Horse. In this technique computer processing
is covertly altered by either modifying existing program
instructions or inserting new instructions. Once this has
been accomplished, whenever the altered processes are used the
perpetrator will automatically benefit from unauthorized
functions performed in addition to the routine output. This
modification is usually done by hiding secret instructions in
either the original source-code or the machine-code version of
a lengthy program. An even harder to detect method would be
to alter the operating and utility system programs so that
they make only temporary changes in the target program as it
is executing. The hardware version of the Trojan Horse
technique is relatively rare. However, the replacement of
valid micro-chips with slightly altered counterfeit chips is
entirely possible and would be very hard to detect. In either
the software or hardware Trojan Horse method, only someone
with access to a program or the computer system could become a
perpetrator.
h. Clandestine_Machine_Code_Change. This technique is
closely related to the Trojan Horse technique. This method
allows system programmers to insert code into the system that
creates trapdoors. At specific times based on certain
combinations, these trapdoors can be activated by a user from
the user's program. Individuals who initially design the
system, contract maintenance personnel who fix the system, or
people who are able to gain access to the supervisory state
also have this opportunity. The technique could be as simple
as users stealing job card information on work that has
already gone through the system. They then resubmit this
information to the system on their own job card along with
another program. This particular job may have dealt with
sensitive data and therefore a security violation would have
occurred.
5. Necessary_Precautions. The aforementioned techniques are
only a few ways that unauthorized access or usage of your host
computer system may be obtained. You must enforce proper
access control on remote terminals to prevent unauthorized
personnel from abusing unattended terminals used for input or
data modification. You must also emphasize the physical
protection of the terminal and the administration and control
of password access and use. Terminal users must be instructed
on the importance of protecting their user identification
(UID)/password.
DCAC 310-P115-1 3-1
CHAPTER 3. NETWORK ACCESS SECURITY
1. General. Access control is the primary method of
providing protection from unauthorized access into the DDN.
There are two basic kinds of access control systems -- those
that detect intrusion and those that stop an intruder from
gaining access to the network. Both intrusion detection and
network access control are functions of the TAC Access Control
System (TACACS) which monitors terminal network access. The
security of both the network and connected hosts is greatly
enhanced if the Host Administrator can provide local security
systems which can complement the TACACS. Possibilities
include installing security systems which limit physical
access to terminals connected to their hosts. Another weak
link in the security chain is dial-up access and host-to-host
connections (not under TACACS control). There is a great need
to establish some manner of access control with auditing
capabilities to cover these situations.
2. TAC_Access_Control_System_(TACACS). This section on
TACACS is provided to inform you of the tracking capability
that exists if your computer terminal is connected to a
Terminal Access Controller (TAC). The information obtained by
the TACACS will be quite useful in enforcing proper access
control for those users entering the MILNET through TACs.
TACACS uses a login procedure to control access to MILNET.
When a MILNET user attempts to open a connection to a host,
the TAC prompts for the user's TAC user ID and access code.
TACACS is automatically monitored; a variety of reports are
available for use by the NSO.
a. User_Registration. DCA's Data Network Operations
Division establishes policy for the MILNET and administers the
MILNET TAC access and control system through the Network
Information Center (NIC). TACs are used on MILNET to provide
controlled network access to most locations. The Host
Administrator is responsible for registering all users of
their hosts who have network access and who have been
authorized for MILNET TAC access through MILNET TACS. All of
those users must be registered and given TAC access cards by
the NIC. The access cards are valid for one year at which
time the TAC User must request a renewal from the Host
Administrator. If a password is compromised, the UID/password
can be invalidated (hotlisted).
b. Guest_Accounts. A limited number of temporary guest
cards are available for distribution by each Host
Administrator on MILNET. These cards have a limited lifetime
and are not for permanent use. They are for users without
TACACS privileges who temporarily need network access, or for
new users at startup time before they receive their own UID
and password.
3-2 DCAC 310-P115-1
c. WHOIS/NICNAME_Database. Every request to authorize a
new TAC user or renew an existing TAC user must come from a
MILNET Host Administrator. Information about authorized users
is kept in the WHOIS/NICNAME database on a host at the NIC.
Host Administrators can request information on authorized TAC
users that are changed or deleted from the database. The
WHOIS/NICNAME database can be accessed by anyone on the MILNET
but can be changed only by operators at the NIC.
DCAC 310-P115-1 4-1
CHAPTER 4. OPERATIONAL SECURITY MANAGEMENT OF
UNCLASSIFIED NETS
1. General.
a. This Chapter provides operational guidance on security
management of an unclassified network. Chapter 5 provides
guidance for operating on a classified net. The potential
exists for authorized and unauthorized users to conduct
illegal activities on shared communications networks such as
the DDN. Network abusers fall into three categories:
(1) A person sponsored and authorized on the DDN who
engages in an unauthorized activity.
(2) A person accessing the network illegally.
(3) A person with access to a host system who need
not log-in through a TAC and engages in unauthorized activity.
b. While your individual databases may be unclassified,
compiling large amounts of unclassified data may result in the
creation of sensitive information. [SENSITIVE UNCLASSIFIED
INFORMATION is defined as any information the loss, misuse, or
unauthorized access to, or modification of which adversely
might affect U.S. national interest, the conduct of DoD
programs, or the privacy of DoD personnel (e.g., FOIA exempt
information and information whose distribution is limited by
DoD Directive 5230.24.)] Network security can only be as
effective as what the local Host Administrator/ADP system
security officer does to enforce strict access control
procedures. Network security is a principle responsibility of
Host Administrators.
c. You may wish to investigate additional authentication
systems to protect local computing assets (i.e., systems such
as smart cards or Kerberos, developed at MIT. This is a
collection of software used in a network to establish a user's
claimed identity and to control access to a large number of
interconnected workstations).
2. Access_Vulnerability. Connection to the DDN will require
a reevaluation of the risk assessment concerning threat and
vulnerability of your host locations. Users accessing these
hosts should be told what level of data security will be
provided. For example, do maintenance contracts exist with
the system software vendors to fix defects that might
otherwise compromise the resources? You should consider what
is the level of sensitivity of data that users should store on
your systems. It would be unwise for users to store very
sensitive information on a vulnerable system whether the
information was classified or not. It is also very important
that your site does not seem to encourage penetration attempts
through the use of a welcome banner as part of the login
4-2 DCAC 310-P115-1
request response of the host. The courts have given great
leeway to intruder defendants who claimed that they were
encouraged to browse by the banner. Additionally, your login
challenge should not include information about the operating
system. It helps a would-be abuser determine which
penetration techniques would probably be most effective.
3. Risk_Assessment. Risk assessment is a requirement of DCAI
630-230-19. A checklist providing guidelines for reevaluating
the threat and vulnerability that results from connecting to
the DDN has been included (see Tables 1-6, Vulnerability
Analysis).
4. Security_Policies_and_Procedures. This section covers
many diverse aspects such as physical security and data
security, authorizations, education, and training.
a. Physical_Security. Physical security includes the
facilities that house computers as well as remote computer
terminals. Within security parameters established by the Host
Administrator, work areas must be restricted with physical
barriers, appropriate placement and storage of equipment and
supplies, and universal wearing of identification badges, as
applicable.
b. Authorization. Another crucial factor that must be
considered in devising a security program is user
authorization. Only people with a "need to know" and with a
realization of proper precautions can be given access to
sensitive or proprietary information or to ADP facilities.
The use of passwords and terminal access restrictions can
provide extra security for highly sensitive information.
Passwords can be used to reduce accidental or non-accidental
modification by authorized personnel by restricting access to
their respective database files.
c. Data_Security. Although it is not foolproof, the best
known identification/authentication scheme is the use of
passwords. The Host Administrator must assure that passwords
are kept secret by their users. The Host Administrator must
also assure that passwords are long enough to thwart
exhaustive attack by changing them often and by adequately
protecting password files. (In the case of MILNET TAC Users,
the TACACS generates passwords with the proper attributes.
The users are not given the option to create their own TAC
passwords.) When creating passwords, the following
restrictions should be observed. Failure to do so will result
in passwords that could be found in a database dictionary, or
otherwise easily discovered.
(1) Don't use words that can be found in a
dictionary.
DCAC 310-P115-1 4-3
(2) Don't use traceable personal data.
(3) Don't allow users to create their own passwords.
(4) Change passwords frequently.
(5) Keep passwords private.
d. One-Time_Passwords. [The following is excerpted from
CSC-STD-002-85.] One-time passwords (i.e., those that are
changed after each use) are useful when the password is not
adequately protected from compromise during login (e.g., the
communication line is suspected of being tapped). The
difficult part of using one-time passwords is in the
distribution of new passwords. If a one-time password is
changed often because of frequent use, the distribution of new
one-time passwords becomes a significant point of
vulnerability. There are products on the market that generate
such passwords through a cryptographic protocol between the
destination host and a hand-held device the user can carry.
e. Failed_Login_Attempt_Limits. [The following is
excerpted from CSC-STD-002-85.] In some instances, it may be
desirable to count the number of unsuccessful login attempts
for each user ID, and base password expiration and user
locking on the actual number of failed attempts. (Changing a
password would reset the count for that user ID to zero.)
f. Monitoring_Terminal_Use. The Host Administrator
should also have some method of monitoring terminal use. A
log-in sheet is convenient to provide an audit trail if the
host has no automated access control and audit capability.
This record should contain such information as login and
logout times, purpose, project being worked on, project
classification, and anything else deemed necessary by you as
the Host Administrator. Additionally, the classification
level at which the terminal may be used should be prominently
displayed at the terminal location. You will need to work
closely with the system manager to assure that host activities
are monitored as well. This information will be extremely
valuable in conjunction with TAC connections and will be the
primary information for incidents where access originated from
an external host and no network audit data is available.
g. Terminal_Usage. You must also ensure that proper
procedures are enforced when using computer terminals. The 4-
following points should be considered:
(1) Automated login procedures that include the use
of stored passwords should not be allowed.
(2) Terminals logged onto the DDN network or to the
host computer should not be left unattended.
4-4 DCAC 310-P115-1
(3) Some form of access control for dial-up telephone
connections, such as dial-back procedures, should be used.
[Note: Dial-back is not acceptable on lines that may be
subject to Call Forwarding.]
(4) Unclassified sensitive information in printed
form or in terminal display should be revealed on a "need to
know" basis only.
(5) Proper disposal of printed information (i.e.,
tearing, shredding, or otherwise obliterating such material)
is mandatory.
(6) Securing of terminals and access lines during
non-business hours.
(7) Securing of software programs and stored data
during non-business hours.
(8) Recording of equipment, custodians, serial
numbers, and equipment locations to aid in identifying lost or
stolen equipment.
h. Electronic_Mail. Any electronic mail host
administrator should have written procedures for users to
follow in the event that any mail in the host is determined to
be classified. The Host Administrator must be notified
immediately to purge any backup files containing the
classified mail, retrieve it from addresses and mail boxes,
and remove it from the active data base. Such an event is an
administrative security violation that must be reported to the
offender's organization security officer immediately.
i. Internal_Controls. Even the most sophisticated access
control system is ineffective if an organization has weak
internal controls. Case studies of commercial firms often
describe abuses made by employees who have resigned from a
company, but still have active user IDs and passwords. It is
just as important for Military or DoD organizations to remove
network access, as well as local host computer access, from
anyone being transferred, retired, or otherwise leaving the
organization. Changing (all of) the password(s) associated
with a user's account(s) should be part of the local exit
procedures. Every Host Administrator should have written
procedures for retiring e-mail accounts. Consideration should
also be given to establishing a procedure to reevaluate an
individual's requirement to access the network when the person
is transferred within the organization. It is the Host
Administrator's responsibility to enact the following:
(1) Procedures to remove individuals' access to the
DDN upon that individual's departure.
DCAC 310-P115-1 4-5
(2) If sponsoring a non-DOD organization's access to
the DDN, procedures must be established to require a written
agreement that the non-DOD organization will have an
individual's access to the DDN removed upon that individual's
departure.
j. Encryption. Another method of securing data is
encryption, a powerful method of protecting information
transmitted between the host computer and remote terminals.
It limits access to information stored in the computer's data
base. An individual user not possessing the proper encryption
key has little chance of gaining usable information from a
computer protected in this manner.
5. Education_Program. Security training is a key element of
a security program. Evaluating the risks within a DDN
environment and implementing an active DDN security program
requires properly trained personnel. An effective training
program will provide both formal and informal instruction.
Depending on the size and complexity of the ADP environment
and the level of data being processed, the instruction will
range from security awareness education for top-level
management, to highly technical security training for DDN
operations personnel. (See DCAI 630-230-19).
a. General_Information. Users of the host system should
be provided with information regarding their computing and
network environment and their responsibilities within that
setting. Users should be made aware of the security problems
associated with access to the systems via local and wide-area
networks. They should be told how to properly manage their
account and workstation. This includes explaining how to
protect files stored on the system, and how to log out or lock
the terminal/workstation. Policy on passwords must be
emphasized. An especially important point that must be
emphasized is that passwords are not to be shared.
b. Specific_Topics. The below listed training areas must
be taught at the appropriate administrative, management, and
staff levels. You must also implement testing plans to assure
that personnel will know their responsibilities in emergency
situations. Drills should be scheduled periodically to
determine that the emergency procedures are adequate for the
threat to be countered. The Host Administrator's security
training program should include specifics in the following
areas as applicable:
(1) General security awareness.
(2) User security.
(3) Security administration.
(4) Transition control and computer abuse.
4-6 DCAC 310-P115-1
(5) Software security.
(6) Telecommunications security.
(7) Terminal/device security.
(8) System design security.
(9) Hardware security.
(10) Physical security.
(11) Personnel security.
(12) Audit.
(13) Data security.
(14) Risk assessment.
(15) Contingency/backup planning.
(16) Disaster recovery.
(17) Security accreditation.
(18) Security test and evaluation (ST&E).
(19) DDN security and contractor interface.
(20) Common penetration techniques.
DCAC 310-P115-1 5-1
CHAPTER 5. OPERATIONAL SECURITY MANAGEMENT OF
CLASSIFIED NETS
1. General. Unauthorized user activities obviously pose a
greater threat to the classified nets. Since the classified
communications nets are closed communities, classified hosts
must maintain their own access control and audit system to
detect and analyze problems. For specific details concerning
security in the WIN Communications System (DSNET 1), refer to
JCS Pub 6-03.7, Security_Policy_for_the_WWMCCS_Intercomputer
Network (Unclas), dated April 88. For specific details
concerning security in the Sensitive Compartmented Information
Network (DSNET 3), refer to the following documents: DIAM 50-
3, Physical_Security_Standards_for_SCI_Facilities (FOUO); DIAM
50-4, Security_of_Compartmented_Computer_Operations (C), dated
June 80; and DCID 1/16, Security_Policy_for_Uniform_Protection
of_Intelligence_Processed_in_Automated_Information_Systems_and
Networks (S), dated July 88.
2. Limited_Terminal_Access_Controls. Terminal access
controllers, when used on the classified subnetworks, are
currently limited to controlling access into the network. The
TACs do not collect and forward audit information of network
activity to a central location for analysis, usage data
collection, and processing as is done on the unclassified
networks. The TAC Access Control System (TACACS), necessary
for dial-in access, has not been implemented on the classified
networks because there is no dial-in access. In the WIN
Communications System, for example, TACs are not used; network
access is controlled by the interconnected hosts. The WWMCCS
Intercomputer Network (WIN) hosts also collect audit data of
user activity at each host location.
3. Closed_Community_Characteristics. Most, if not all, of
the guidance given in Chapter 4 is incorporated in creating a
"closed" community. A major difference in access control of
classified networks is that no dial-up access is allowed.
Also, personnel having access to a facility will have, as a
minimum, a system high clearance level for their site. There
are multiple classification levels at some locations. The
Host Administrator must take special precautions to ensure
that the classification of passwords and the access authority
of operating personnel are at or above the classification
level of the operation being performed.
4. Security_Awareness. Because of the nature of classified
systems and the greater threat that security infractions can
cause, it is incumbent that the host administrator assure that
there exists sufficient exposure to security awareness and
training. The listed training areas must be taught at the
appropriate administrative, management, and staff levels. You
must also implement testing plans to assure that personnel
will know their responsibilities in emergency situations.
The Host Administrator's security training program must
5-2 DCAC 310-P115-1
include specifics in the following areas:
(1) General security awareness.
(2) User security.
(3) Security administration.
(4) Transition control and computer abuse.
(5) Software security.
(6) Telecommunication security.
(7) Terminal/device security.
(8) System design security.
(9) Hardware security.
(10) Physical security.
(11) Personnel security.
(12) Audit.
(13) Data security.
(14) Risk assessment.
(15) Contingency/backup planning.
(16) Disaster recovery.
(17) Security accreditation.
(18) Security test and evaluation (ST&E).
(19) DDN security and contractor interface.
(20) Most common penetration techniques.
DCAC 310-P115-1 6-1
CHAPTER 6. DETECTION OF UNAUTHORIZED HOST ACCESS
1. General. Because you, as the Host Administrator, are
responsible for the security of the host computer, early
detection of potential abuse will serve to prohibit losses.
Effective monitoring will also deter potential perpetrators
from attempting to experiment with illegal schemes if the
probability of detection is high. The following points
provide guidance for the types of events you should look for
to detect unauthorized activity:
a. Unexplained use of disk space.
b. Unknown files listed in the directory.
c. Repeated failed attempts to access the host.
d. Unusual log-in times.
e. A file being accessed by someone who has no
authorization to be in that file.
f. Excessive time (hours) on line or a pattern of
unusually short access times (less than one minute).
2. Detection_Training. Detection of unauthorized activities
at host locations is a responsibility shared by all personnel
within the work place. The Host Administrator, however, may
find it necessary to educate personnel on this point and
delegate responsibilities. Apart from the measures taken to
manage the security environment, Host Administrators must act
with diligence regarding technical or quasi-technical areas
affecting security. For example, their responsibilities might
include enforced cycling of password changes,
compartmentalizing proprietary information away from the
generally accessible system and limiting its accessibility to
those with a bona fide "need-to-know," monitoring access logs
and maintaining audit trails to facilitate detection of
unusual activity, and using security systems and services
offered by their network systems and service providers.
3. Logging_Events. Illegal attempts to gain access into
sensitive areas (i.e., trespassing or guessing at passwords in
order to sign on or access files from remote terminals) should
be logged and reviewed regularly. One effective detection of
unauthorized activities is to display the last log-on time and
date on the screen after the user has successfully logged onto
the system. Statistics of access violations should be
collected with regard to details of the particular terminals
being abused and the files being accessed. The results should
be reviewed by the NSO.
4. Peculiar_Behavior. If not typical of or appropriate for
your organization, beware of unsupervised work especially if a
6-2 DCAC 310-P115-1
person regularly volunteers for overtime work and is allowed
to stay on the premises unsupervised. Have two-man control
procedures for sensitive information work. In addition, be
advised that many computer crimes occur during holiday
periods, or during times when host computers are experiencing
low traffic. Pay particular attention to peculiar activities
during these periods.
5. Legal_Recourse. Public Law 98-473, known as the
"Counterfeit Access Device and Computer Fraud and Abuse Act of
1984" added Section 1030 to Title 18 United States Code on
October 12, 1984. It was the first federal computer crime law
that criminalized unauthorized access to classified national
security information or information in certain financial
records. Additionally, it criminalized certain unauthorized
accesses to computers operated on behalf of the Government.
6. Prosecution_as_a_Deterrent. When there is adequate
evidence collected for conviction, the perpetrator should
always be prosecuted. This action would serve as a serious
warning to others contemplating making similar attempts and
can be extremely effective as a deterrent. However, as recent
world events have revealed, this really doesn't deter abuse
adequately. Therefore, you must assure proper protection of
your computer systems.
7. Incident_Reporting_by_Subscriber. The flow of security
incident reporting should be from the end user to the Host
Administrator, or other appropriate individual who determines
if the problem is local or network related. If the problem is
network related, the problem should be referred to the
appropriate Network Manager/Security Officer. The Network
Manager/Security Officer would contact the DDN NSO, if
appropriate, for assistance in obtaining audit trail data from
the NIC for MILNET. Depending on the seriousness of the
incident, the DDN NSO would assure that the appropriate
investigating agency was involved, and support requests for
information for formal investigations.
8. Contacts. To correspond with the DDN NSO, use any one of
the following methods of contact:
a. Via network mail to: SCC@NIC.DDN.MIL or
DCA-MMC@DCA-EMS.DCA.MIL
b. Via U.S. mail to: HQ Defense Communications Agency,
Code: DODM, Attn: DDN-NSO, Washington, DC 20305-2000
c. Via commercial phone to: (800) 451-7413, or
(800) 235-3155 for the SCC
d. Via DSN/AUTOVON to: 312-222-2714/5726
e. Via AUTODIN to: DCA WASHINGTON DC//DODM//
DCAC 310-P115-1 6-3
f. Classified correspondence must be forwarded via
AUTODIN or U.S. mail using procedures appropriate for its
classification level.
9. What_Information_To_Report. Your incident reports must
include certain minimal information to enable the DDN NSO to
take action. The DDN NSO requires a brief, unclassified
description of the incident and the name, telephone number,
and organization of the person reporting the incident. If the
incident's occurrence is classified, the report and any
classified discussions between the DDN NSO and officials at
the affected organization must take place using secure modes
of communication. The following is the minimum information
necessary for an incident report:
a. Date of report (Day-Month-Year, e.g., 01 Jan 87)
b. Date and time period of incident(s) (Zulu time)
c. Personal data of person reporting the incident:
(1) Name
(2) Telephone number
(3) Organization
d. Network involved (e.g., MILNET, DSNET 1, 2, or 3)
e. Did unauthorized access come from the DDN, if known?
(If not, refer reporting person to his/her Host
Administrator).
f. Presumed classification of incident (i.e.,
Unclassified, Confidential, Secret, Top Secret, Top
Secret/Sensitive Compartmented Information. [Note: Contact
the DDN NSO should you have any questions concerning the level
of classification of a particular incident.]
g. Brief description of incident (Unclassified).
10. Follow-up_Information. Follow-up contact with Host
Administrators might be required to obtain more detailed
information that may not have been initially available. The
DDN NSO would try to determine the following factors:
a. Where the activity was initiated (i.e., at another
host or specific TAC)
b. What routines the intruder ran on the host system
c. What files the intruder accessed on the host system
6-4 DCAC 310-P115-1
d. What user identification log-in was used. For
example, was there a password? Was the password the same as
the log-in? Was the account password protected? Did the user
change the password initially provided? Security incidents
that are discovered to be a local problem will be investigated
at the Host Administrator level.
DCAC 310-P115-1 7-1
CHAPTER 7. TOOLS FOR INVESTIGATING INCIDENTS
AT THE HOST LEVEL
1. General. This Chapter will help you, the Host
Administrator, with investigations of security incidents that
are determined to be a local problem. The tools available for
investigating network incidents are products of audit trail
data collected in the TAC Access and Control System for the
unclassified networks and in the audit data collection systems
of the individual hosts (if they exist) in both the classified
and unclassified networks. The network traffic data collected
by the network utilities at the community of interest
monitoring centers is useful for network control and design
purposes, but its use for network security investigative
purposes is limited.
2. Host_System_Logs. The host system can provide a wealth of
information that can complement the network data. Most
operating systems automatically store numerous bits of
information in log files. Examination of these log files on a
regular basis is often the first line of defense in detecting
unauthorized use of the system. Lists of currently logged in
users and past login histories can be compared. Most users
typically log in and out at roughly the same time each day.
An account logged in outside the "normal" time for the account
may be in use by an intruder. System logging facilities, such
as the UNIX "syslog" utility, should be checked for unusual
error messages from system software. For example, a large
number of failed login attempts in a short period of time may
indicate someone trying to guess passwords. Operating system
commands which list currently executing processes can be used
to detect users running programs they are not authorized to
use, as well as to detect unauthorized programs which have
been started by a cracker.
3. Other_Tools. The tools available for conducting an
incident investigation on unclassified nets consist of the
TACACS reports, provided to the DDN NSO, and the Host audit
and log book, if used. Additionally, personnel may be
interviewed to provide necessary insight. The tools available
for conducting an investigation on classified nets include the
Host audit, system logs, physical log book, and personnel as
well. Additionally, the UID/password and the specific
terminal will provide further useful information. No TACACS
reports are available for the classified nets.
4. TACACS_Reports. TACACS incident reports are reviewed by
the DDN NSO for unauthorized network activity. Other TACACS
reports are available to the DDN NSO to help investigate
illegal or unauthorized network activity. You as the Host
administrator can request investigative assistance from the
DDN NSO to obtain TACACS audit data for MILNET. Assistance
may also be requested by the Host Administrator to involve an
investigating agency (e.g., FBI, OSI, NIS, MI, etc.).
7-2 DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 8-1
CHAPTER 8. SUMMARY
1. Penetration_Techniques. This document has provided you,
as Host Administrators, guidelines for securing your host
computer locations. Security problems arise and espionage
activity may increase as access to computers increases.
Therefore, you must apply these instructions because you are
ultimately responsible for the security of the DDN. This
instruction has covered common penetration techniques you must
guard against.
2. Other_Topics. The major items this document emphasizes
are the following:
a. Proper access control procedures
b. Reevaluation of the risk assessment of your host site
c. Security education training
d. Detection of unauthorized or suspected unauthorized
access
e. Incident reporting
f. Tools for local incident investigation
g. Assistance from the DDN NSO for network incident
investigations
8-2 DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 9-1
TABLE 1: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Operations Management and Processing**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Has a systems security officer | |
been appointed? | |
-------------------------------------------------------------
Have procedures been developed | |
defining who can access the | |
computer facility, and how and | |
when that access can occur? | |
-------------------------------------------------------------
Have procedures been established | |
to provide physical protection of | |
local and remote terminal access | |
equipment? | |
-------------------------------------------------------------
Have procedures been established | |
to provide physical protection of | |
host computers?
-------------------------------------------------------------
Is someone designated as a terminal | |
area security officer? | |
-------------------------------------------------------------
Have procedures been established to | |
positively identify transactions | |
occurring to and from remote | |
locations? | |
-------------------------------------------------------------
Have security procedures been | |
established for the microcomputers | |
which will communicate with the DDN? | |
-------------------------------------------------------------
Have procedures been established | |
for providing physical security over | |
these microcomputers and the data | |
processed by them? | |
-------------------------------------------------------------
Have procedures been established | |
to protect data within the custody | |
of the microcomputer user? | |
-------------------------------------------------------------
Have alternate means of processing | |
been established in the event either | |
the individual or the personal | |
computer is lost? | |
-------------------------------------------------------------
9-2 DCAC 310-P115-1
TABLE 1: VULNERABILITY ANALYSIS (con't)
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Is the securit
y over the micro- | |
computer environment regularly | |
reviewed? | |
-------------------------------------------------------------
Have the vendor installed pass- | |
words been changed? | |
-------------------------------------------------------------
Does someone verify that all current | |
passwords are different from a list | |
of commonly used or vendor installed | |
passwords? | |
-------------------------------------------------------------
DCAC 310-P115-1 9-3
TABLE 2: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Communications**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Is sensitive information transmitted | |
over common carrier lines protected | |
(e.g., through cryptography)? | |
-------------------------------------------------------------
Can data being transmitted or | |
processed be reconstructed in | |
the event either main processing | |
or remote processing loses integrity?| |
-------------------------------------------------------------
Are processing actions restricted | |
based on the point of origin or the | |
individual making the request? | |
-------------------------------------------------------------
Have procedures been established | |
for providing host connection | |
access control over remote terminals | |
and on-site terminals? | |
-------------------------------------------------------------
Is a log maintained of accesses | |
to computer resources? | |
-------------------------------------------------------------
Do non-employees have access to | |
communications facilities (except | |
where the system specifically is | |
designed for those non-employees)? | |
-------------------------------------------------------------
9-4 DCAC 310-P115-1
TABLE 3: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Disasters**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Have the types of potential | |
disasters been identified? | |
-------------------------------------------------------------
Has equipment been provided to | |
deal with minor disasters, such | |
as fire and water damage? | |
-------------------------------------------------------------
Have alternate processing | |
arrangements been made in the | |
event of a disaster? | |
-------------------------------------------------------------
Have procedures been established | |
to provide back-up equipment or | |
automatic data processing (ADP) | |
processing capabilities in event of | |
loss of primary ADP resources? | |
-------------------------------------------------------------
Have simulated disasters been | |
conducted to ensure that disaster | |
procedures work? | |
-------------------------------------------------------------
Are critical programs and data | |
retained in off-site storage | |
locations? | |
-------------------------------------------------------------
Have users been heavily involved | |
in developing disaster plans for | |
applications that affect their areas?| |
-------------------------------------------------------------
DCAC 310-P115-1 9-5
TABLE 4: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Personnel**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are formal reports required for | |
each reported instance of computer | |
penetration? | |
-------------------------------------------------------------
Are records maintained on the most | |
common methods of computer | |
penetration? | |
-------------------------------------------------------------
Are records maintained on damage | |
caused to computer equipment and | |
facilities? | |
-------------------------------------------------------------
Is one individual held accountable | |
for each data processing resource? | |
-------------------------------------------------------------
Does management understand threats | |
posed by host connection to DDN? | |
-------------------------------------------------------------
Is management evaluated on its | |
ability to maintain a secure computer| |
facility? | |
-------------------------------------------------------------
Are the activities of any non- | |
employees in the computer center | |
monitored? Is an escort policy | |
enforced? | |
-------------------------------------------------------------
Are contractor personnel subject to | |
the same security procedures as other| |
non-employees? | |
-------------------------------------------------------------
Are procedures installed to restrict | |
personnel without a "need to know"? | |
-------------------------------------------------------------
Have procedures been established | |
to limit the damage, corruption, or | |
destruction of data base information?| |
-------------------------------------------------------------
Has a security incident report form | |
been created? | |
-------------------------------------------------------------
9-6 DCAC 310-P115-1
TABLE 5: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Training**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are employees instructed on how to | |
deal with inquiries and requests | |
originating from individuals without | |
a "need to know"? | |
-------------------------------------------------------------
Has an adequate training program | |
been devised to ensure that employees| |
are aware of the requirements to pro-| |
tect their equipment from unauthor- | |
ized use or unauthorized purposes? | |
-------------------------------------------------------------
Have personnel been advised on | |
penalties of the Federal Computer | |
Crime Law for unauthorized access to | |
Government ADP systems? | |
-------------------------------------------------------------
DCAC 310-P115-1 9-7
TABLE 6: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**People Errors and Omissions**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are errors made by the computer | |
department categorized by type | |
and frequency, such as programming | |
errors? | |
-------------------------------------------------------------
Are records maintained on the | |
frequency and type of errors | |
incurred by users of data | |
processing systems? | |
-------------------------------------------------------------
Are users provided a summary of | |
the frequency and types of user- | |
caused errors identified by the | |
application system? | |
-------------------------------------------------------------
Are the losses associated with | |
data processing errors quantified? | |
-------------------------------------------------------------
Are records maintained on the | |
frequency and type of problems | |
occurring in operating systems? | |
-------------------------------------------------------------
Are abnormal program terminations | |
on computer software summarized | |
by type and frequency so that | |
appropriate action can be taken? | |
-------------------------------------------------------------
Are personnel trained to recognize | |
attempts to access their system by | |
common penetration techniques? | |
-------------------------------------------------------------
9-8 DCAC 310-P115-1
TABLE 7: TABULATION OF VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Self-Assessment Results**
---------------------------
HOW TO IDENTIFY VULNERABILITIES
-------------------------------------------------------------
| # of | Rank for |
Component | "No's" | Action | Comments
-------------------------------------------------------------
Operations Management | | |
and Processing | | |
-------------------------------------------------------------
| | |
Communications | | |
-------------------------------------------------------------
| | |
Disasters | | |
-------------------------------------------------------------
| | |
Personnel | | |
-------------------------------------------------------------
| | |
Training | | |
-------------------------------------------------------------
People Errors and | | |
Omissions | | |
-------------------------------------------------------------
*--- End
Sourced by: The Dope Man
Topic: Canadian Telecom Safety Checklist
Length: 2.1KB
Begin ---*
SAFETY CHECKLIST (CANADIAN TELECOM Feb 93)
Ultimately, human factors are the weakest link in any protection plan.
Some of these protection steps will cost money and cause inconvenience to
your users, but the only way to eliminate CPE-based toll fraud is to
manage equipment you control.
Your telecommunications equipment can be protected against virtually all
toll fraud if you follow this checklist. You should consult your vendor
to obtain detailed (in writing, if there are liability concerns) about
your equipment.
1. Deny unauthorized access to long-distance trunking
facilities through your voice-mail systems.
- block activation/assign passwords.
2. Secure Direct Inward System Access (DISA) numbers.
- do not publish DISA numbers.
- use long authorization codes.
3. Foil "Dumpster divers".
- shred CDR records.
- switch printouts and other documentation.
4. Change codes frequently.
- delete former employee codes.
5. Secure authorization codes.
- use many digits.
- do not share among employees.
- treat like credit card numbers.
6. Block DISA in all equipment.
- at least restrict nights, weekends,
holidays (prime times for fraud).
7. Monitor call records.
- look for suspicious calling patterns.
- automate exception reporting.
8. Restrict international calls.
- block or selectively allow for certain
country and area codes.
9. Restrict call forward.
- do not permit forwarding to long-distance
or trunking facilities.
10. Secure access codes and passwords.
- discourage employees from having them
in plain view.
- warn of "shoulder surfing".
11. Secure your equipment rooms.
- know who has access to them.
- do not use for janitorial storage.
12. Deactivate ports access.
- block access to remote maintenance ports.
13. Keep telephone numbers private.
- do not discuss number plan outside of company.
- destroy old internal phone books.
*--- End
---
"I saw no man use you at his pleasure. If I had, my weapon
should quickly have been out, I warrant you. I dare draw as
soon as another man, if I see occasion in a good quarrel, and
the law on my side" - William Shakespeare, Romeo & Juliet
---
NEWS BYTES (and usually bites too)
The Dope Man - Lister - Terminator X - Ibex
Special thanks this month go out to Ibex, whose only forms of
communcation with us have been limited to US Post, and messages back and
fourth on a voice mail system. We unfortunately won't be able to publish
your submission this issue, due to time constraints. Sorry.
Sourced by: Lister
Topic: Phone fraud bill $100 million
Length: 3.3KB
Begin ---*
Bell bans overseas card calls from pay booths
By Dana Flavelle/Toronto Star - Toronto, Ontario
Long-distance telephone fraud is an estimated $100 million headache
for Canadian telephone companies and some of their biggest customers --
and it's growing, says a telecommunications industry expert.
"It's become a huge issue in the last year or so in Canada," said
Ian Angus, a consultant who's writing a book on the subject.
At least some long-distance fraud is committed by computer hackers
who gain access to major corporate telephone networks and start ringing
up big bills, he said.
But most of it is "low-tech" credit card and telephone calling card
fraud, Angus said in a telephone interview following yesterday's
announcement by Bell Canada that it will no longer accept overseas card
calls from pay phones.
"We didn't want to do this," Bell spokesperson Una MacNeil said in
an interview. "We know it's an inconvenience. But it's a significant
enough problem that we have to put a plug in it until we work out a
longer-term solution."
In the past two months, one in five overseas calls made from pay
telephones has been fraudulent, she said. Bell is not revealing the cost
of the fraud for "security" reasons, she said.
Effective yesterday, a customer who tries to use a credit card or
telephone calling card to make an overseas call from a pay phone will be
given the following options by an operator:
[] Go to a non-pay phone to place a card call;
[] Have the call billed to a third party, provided there's someone
avaliable to accept the charges;
[] Make a collect call, except in cases where no collect call
agreement exists between Canada and the coutry being called; or
[] Pay cash.
In addition, Bell has stopped accepting cash calls from certain
kinds of pay phone to five overseas contries: China, Pakistan,
Bangladesh, Macao and Hong Kong.
Situated mainly in airports and major hotels, these are the kind of
pay phones that simply "read" the magnetic strip on the back of the
credit or calling card, and will also accept cash calls.
For reasons Bell officials wouldn't explain, phony cash calls can be
placed from these kinds of telephones to these specific countries.
"We don't like to talk a lot about this issue because we don't want
to give people ideas," MacNeil said.
Credit cards and calling cards can still be used to make pay phone
calls within North America, where fraud hasn't been a big problem, Bell
said.
Most of the fraud is being committed by organized theives, who get
hold of calling card numbers by watching people use their cards in busy
public places like airports, said Angus.
Then, they set up shop around public pay phones using those numbers
to make calls for customers who are charged about $5, he said.
Police in Montreal busted one racket operating in a subway station
earlier this year, he said.
A task force of Bell and Northern Telecom engineers is trying to
devise electronic ways of thwarting such frauds and, better still,
detecting people in the act.
MacNeil was confident full overseas service will eventually be
restored, but couldn't predict when.
"It is a large problem and we have a lot of people working on it."
she said.
*--- End
Sourced by: Terminator X
Topic: Bell anxious to compete in cable, other markets
Length: 2.9KB
Begin ---*
By Kevin Dougherty/Financial Post - Montreal, Quebec
Bell Canada wants to be able to deliver cable television or any
other value-added telecommunications sercice to the homes or offices of
its telephone customers, the utility's president said yesterday.
"The telephone companies must be allowed to fully compete in all
communications markets for the benefit of all Canadians," Robert Kearney
said at a Canadian Club luncheon. "Bell Canada should be able to carry
anything, independant of technology, for any customer anywhere."
While Bell Canada wants the Canadian Radio - television and
Telecommunications Commision to consider it a common carrier, it also
wants "other access carriers, like cable companies" to be designated
common carriers as well.
Kearney said Bell Canada agrees that basic telephone service should
continue to be regulated, paying tribute to the Canadian "social agenda"
that has allowed a 98% penetration rate for telephone service in Canada.
But he said all other services should be deregulated.
The regulatory commission will have to untangle what is competitive
and what is not competitive, he added. The commission began hearings on
broadcasting last week and plans further consultations later this year on
telecommunications.
Kearney said Bell Canada is not prepared to offer its definitions
yet.
But he said that five years from now -- if the issue has not been
resolved -- the cable companies and telecommunications carriers won't be
fighting over technologically irrelevant barriers.
They will be fighting for their survival.
"Everybody should be a common carrier," he told reporters.
More immediately, Bell Canada is pressing the CRTC to grant a rate
increase, hiking charges for local calls for the first time since 1983.
Bell Canada is allowed a rate of return in the 12.5%-to-13.5% band,
he noted, but this year, the return will fall to 10.75% and in 1994 it
will be below 10%.
Resellers, who buy space on Bell Canada wholesale and sell services
at a discount, accounted for 7% of the telecommunications market last
year, not the 2% the CRTC had predicted, he said.
This year, resellers and Unitel Communications Inc., which offers a
competing long-distance service to Bell Canada's will together hold a 15%
market share.
Reflecting Bell Canada's declining revenue, New York bond rating
service Standard & Poor's has lowered the rating on its debt. Kearney
speculated it could take another downgrading before Bell Canada is
allowed an improved rate of return.
He said U.S. telephone companies cross-subsidize local telephone
service 2cents-3cents a minute, while 17cents a minute of Bell Canada's
long-distance revenue, or about $2 billion a year goes to subsidize local
service.
"The subsidy keeps our local rates low, but is an incredible drain
on our competitiveness."
*--- End
Sourced by: Termiantor X
Topic: $200M plea in TV battle
Length: 1.0KB
Begin ---*
Broadcasteres demand cable firms pay for carrying programs
By Richard Siklos/Financial Post - Hull, Quebec
Canada's private broadcasters yesterday appealed to federal
regulators for permission to start charging cable operators up to $200
million a year to carry their signals.
The fee-for-carriage plan put forth by the Canadian Association of
Broadcasters is perhaps the most radical proposal before the four-week
Canadian Radio-television and Telecommunications Commission hearing into
the structure of Canadian television.
From the broadcasters' perspective, it is no longer equitable for
cable to distribute local over-the-air television signals without paying
for permission to do so.
"It's an issue of fairness," CAB chairman Douglas Holtby told the
hearing. "The taking of our signals by cable is fundamentally contrary to
basic Canadian values."
CAB is seeking between 35cents and 80cents a month per local signal
from cable. Its case is supported by an angus reid group Inc. study
showing that most subscribers either believe a portion of the $1.6
billion consumers spend on cable already goes to private TV, or don't
know where the money goes.
Despite the advent of cable only specialty services such as CNN and
The Sports Network, local private broadcasters, such as those owned by
WIC Western International Communications Ltd., CanWest Global
Communications Corp. and Baton Broadcasting Inc., accounted for 52% of
cable viewing in 1992. And it is not fair, the broadcasters argue, that
they shoulder the burden of producing the bulk of Canadian programming
required by regulators.
The broadcasters' plan has met with stiff opposition from cable
operators, who maintain TV owes its success to cable. Maclean Hunter
Cable TV last week said private TV's aregument that it cannot live on
advertising revenues alone is a result of takeovers and the industry's
profligate spending on U.S. programming, which increased from $142
million in 1985 to $248 million in 1991.
The CAB has similarly rejected cable's counter-offer to create a
fund of up to $100 million a year over five years for independant
producers. CAB president Michael McCabe said the cable fund would be an
administrative nightmare that doesn't address the issue of broadcasters'
signals.
McCabe said the broadcast system would be better served by cable
fees, from which at least 33% and as much as 100% would go to
programming. "I'm not impressed by your fears," CRTC charman Keith Spicer
told McCabe, noting independent producers have expressed reservations
about the plan.
The CAB is hoping fee-for-carriage regulations recently instituted
by the U.S. Federal Communications Commission will buoy its case.
However, their cable opponents privately predict the plan is doomed on a
range of fronts.
*--- End
---
Imagine, if it were 1984:
doubleplusungoodthink revivals refs unconcepts.rewrite fullwise
upsub antefiling. make unoldthink and uncrimethink. unrisk
joycamp. revival absolutewise ungood. - Miniluv
---
ERRATUM
I'm not much of an editor, and I don't care.. but there were a few
offensive errors in the last issue.. here are the corresponding
apologies..
IBEX might have been offended that i reffered to him as IDIX
throughout the North America realease of the last issue.. I never did
like global edit(I jest of course). Sorry.
CHAIN was not given proper credit for his dictating of articles last
issue. Thanks for your ongoing contributions which are ongoing(!!)hint,
hint!
As well, there were numerous typos and other stupid errors... too
numerous to mention here.. I will leave those up to you, the reader, to
discover.
- Terminator X
---
If you can't find the solution, maybe you're answering the
wrong question!
---
CiSSD MEMBERSHIP INFORMATION
With a large resurganse in CiSSD activities, we have decided to
begin accepting some members through an application process. Our commune
is not yet large enough to accept the masses without rebellion, but is
open enough to accept those with ideas similar to our own, and open
minded enough to publish comment from those who are opposed to us. Please
write to richfair@eastern.com , and I will publish your comments, and
respond to 'letters to the editor.'
If you are seriously interested in becoming a CiSSD member, you can
download the CiSSD application from any CiSSD Headquarters BBS, and
upload the completed form, or send the completed form E-Mail to
richfair@eastern.com .
In addition to members, CiSSD will honour those who have special
achievements, members, or non members alike. If you know someone you
believe to deserve CiSSD recognition, please write to the same
address(richfair@eastern.com), or leave a message on our voice mail.
---
The Downtown Militarized Zone BBS
(416) 450 7087 Sysop - The Dope Man
[CiSSD] WHQ
The Revolutionary Front BBS
(416) 936 6663 Sysop - Lister
[CiSSD]/HELL/cDc
CiSSD Voice Mail Canada
(416) 417 0214 Users - Terminator X - The Dope Man - Lister
CiSSD Fax Line - Projected for April 18 1993
CiSSD Voice Mail BBS - Projected for July 1 1993 (Canada Day)
---
LAST WORDS FROM THE EDITOR
Terminator X
It's 2:12AM. I should be heading over to Dope's place tommorow.
Sometimes I think his house is a big black hole.. except it's not that
big, and it's rather colourful, but that' s besides the point. It's a
black hole in the sense that while physical objects, and the thought
process remain intact, the ability to be productive is sucked away into
no-where!
The only thing we can consistently produce is a couple of large
pizza's, and a day of joy and happiness.. but then, isn't that what I go
over there for? Certainly, I don't go for the Brampton 'chicks'.. and
there's no way in hell I go for the big beatiful Brampton Downtown.. I
think I go to have fun and pal around with a real freind. If you don't
have one, I suggest you pick one up.
They make great birthday gifts..
CREDITS
The Dope Man Repeat contributor, and CiSSD President. May no-one
CiSSD ever provoke him to think twice, because having him
think once was painful enough for the rest of us!
This is a man with many a creative idea.
Lister Interpersonal relations, Repeat contributor, not to
CiSSD mention system hacker extrordinaire. One might(and
would) attribute his hacking ability to his
independance and persistance.
Dictator Dedicated to provoking a political turnaround, this
CiSSD one has a style and approach all to his own. When
reminded that he wasn't being paid for his efforts,
he informed me that he was. What was I thinking!
Ibex With somewhat of a different thinking approach than
CiSSD the rest of us, he manages to provoke us into
questioning our own views. It's an inspiration, and a
southern accent all in one.
Hypnotech Back on the scene, after a little break from the
CiSSD hustle and bustle of a group lifestyle, he's jumped
right into the mag to add his bricks to our
group foundation. You will see contributions from
him next issue. Good luck in the future.
Terminator X Editor. And a lousy one at that. Enjoys music, and
CiSSD releasing magazines months after their projected
release date. Out for now, Ed.
-------------------------------------------------------------------------
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY (C) 1993/94
-------------------------------------------------------------------------
----=[ CiSSD ]=---- is finally sober over Issue #3 of
__ /\
|__| \ \ :
_____ _____ _____ _____> \____ __|__ _
| . | __| | > | | > | |
---===[ | /_ __| /| | / _ | |__ ]===---
__|__|__|_____| _/ |__|___/__|__|_____|
| | / | | :
. \/ . : .
.
- FROGS -
=========================================================================
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY MAY (C) 1993/94
-------------------------------------------------------------------------
Once again, the frog has overestimated our stupidity. Surely we will
not fall for the same trick twice.
We have learned a few things about frogs. They don't have very much
to do. They're rather bored most of the time, but they impress you by
breathing a lot of hot air out of their lungs, and then they sit quietly
in order to lure you in. They smell funny, but it's one of those smells
you have to sniff again to make sure that your nose didn't decieve you
the first time.
If you lick a toad, you get high, but frogs are not toads, so
everyone sucking up to a frog finds out shortly that it's not all it's
cracked up to be, and generally leaves it be.. it's smell was unappealing
in the first place.
You can buzz about trying to find a place to observe the frog, in
order that you might protect yourself from its self serving, greed driven
actions, but when the frog thinks you are sitting pretty, he tries to
aggrivate you again. If you are silly enough to become aggrieved by his
mischeivous tactics, he will stick out his tounge, and swallow you
whole.
For once, a group of flies, known as CiSSD, has outwitted a group of
amphibians, who for the most part, aren't frogs, but all wish they
were. We learned the only way to get high from a frog is to smoke him.
But we flies don't need to get high.. I think we can be content with
removing his lilly pad.. He will no longer be part of this amphibian
community.
[No one will appreciate this as much as those who are involved in
the war against the evil frog. Entertainment for your efforts. Thanks a
lot guys.. Zap the Frog, rejoin the scene when you grow up. For now you
are only a tadpole.]
---
Due to the hustle and bustle of a busy end of school term, some of
our regular columns were forced to flee. 'NEWS AND NATTERINGS OF THE DOPE
MAN' will most definately be back for next issue, and will more than
probably be joined by 'NEWS BYTES (and usually bites too!)'.
Despite these ommisions, we hope sincerely that you enjoy this
issue. After all, some things may come and go in waves, but the computer
underground is here to stay.
- Essence/TX
---
WARNING, DISCLAIMER
WARNING: THE FOLLOWING TEXT CONTAINS MATERIAL WHICH MAY BE
CONSIDERED OFFENSIVE BY SOME. CISSD AND ITS MEMBERS BEAR NO
LIABILITY ON THE PART OF THE READER. READ AT YOUR OWN RISK.
DISCLAIMER: THE INFORMATION PRESENTED IN THE FOLLOWING TEXT IS
NOT INTENDED TO BE USED FOR PURPOSES CONTRARY TO LAWS IN THE
COUNTRY WHERE THE READER RESIDES. DUE TO AN INTERNATIONAL
DISTRIBUTION, OUR CHOSEN TOPICS WILL PROVIDE INFORMATION THAT
COULD POTENTIALLY BE USED FOR PURPOSES ILLEGITIMATE IN NATURE.
CISSD, AND ITS MEMBERS THEREFORE, BEAR NO RESPONSIBILITY FOR
THE ACTIONS OF THE READER, BE THEY A DIRECT, OR INDIRECT RESULT
OF READING THE FOLLOWING TEXT.
NOTE: BY READING BEYOND THIS POINT, YOU ARE AGREEING TO THE
CONDITIONS IN THE ABOVE WARNING, AND DISCLAIMER.
ADDITIONAL NOTE: THE EDITOR OF THIS MAGAZINE DOES NOT CONDONE
PLAUGERISM. IF ANY ARTICLES APPEAR TO HAVE BEEN COPIED WITHOUT
PROPER CREDIT, NOTIFICATION WOULD BE APPRECIATED. DUE TO THE
VAST NUMBER OF SUBMISSIONS WE RECIEVE EACH MONTH, IT IS
DIFFICULT TO FULLY DETERMINE WHAT IS, AND IS NOT ORGINAL
MATERIAL.
---
TABLE OF CONTENTS
ITEM CONTRIBUTOR(S) LINE
==== ============== ====
Editorial Essence 17
Warning, Disclaimer -- 67
Table of Contents -- 95
Getting Revival -- 159
Letters to the Editor -- 182
Telekom Stupidity Revealed Lister 298
Politics and The Hacker The Dictator 343
Emotional Maturity, Fourteen Essence 430
Years of Age
CyberPunk! The Dictator 471
Laserprinter Forgery Kryten 604
Caller ID Information and Lister 624
Specifications
The Diatribes of Grappling The Grappler 813
FEATURE: Privacy, Line Taps and Lister 937
The US Government
| The Clipper Chip: A Technical Dorothy Denning 944
| Summary
| The White House: Statement by The Press Secretary 1088
| the Press Secretary
Hinterland Who's Who - 800 Exchanges Lister 1346
Poetry Corner The Grappler/Essence 1577
Official [CiSSD] Bad-Ass Belcore Lister 1657
glossary
Erratum - Corrections from last issue Essence 3241
Zen What? The ???? ??? 3321
[CiSSD] Membership Information Essence 3533
[CiSSD] Contact Addresses -- 3563
Last Words From the Editor Essence 3619
| Credits 3653
169092 ]-[bytes]-------------------------------------------[lines]-[ 3677
---
GETTING REVIVAL!
In order to recieve REVIVAL magazine, you may transfer the latest
issue every second month from the following address:
ftp 141.214.4.135 docs/zines/revival/rvlcissd.xxx
where 'xxx' is the issue number. ie: 'rvlcissd.003'. If you do not
have internet access, the following electronic bulletin board systems are
REVIVAL(!) distribution sites:
=[North America]==============================[+1]=
Der Diz - NuKE '93 (208) 343 5038
WHQ The Downtown Militarized Zone (416) 450 7087
CHQ The Revolutionary Front (416) 936 6663
Atomic Nature (416) 477 9563
Screaming Revulsion (418) 622 9712
---
LETTERS TO THE EDITOR
---=[ ANONYMOUS LETTER re: ABUSE IN THE HOME AND SCHOOL ]=---
(Edited for Clarity)
The look at school system as being a negative aspect in kids lives was
obviously a biased one by a disgruntled teenager who doesn't have the
ability to look at the whole picture. I'll give you credit for seeing
the problem as being the parents. The whole problem lies in the homes.
These so called disceplinary actions at high schools are those a person
would face in everyday life, so I say GET USED TO IT! And to answer your
question, it is the parents jobs! It is not the job of a highly trained
teaching professional to teach common manners in a high school
enviornment!
I would like to point out that the article had many good points and
the point of parental expectations in school, is an excellent one! I can
not count the times a parent has come in saying I should be doing a
better job! Like what[?] Go home and make the damn student do his/her
homework! I can't make a student do his/her work[.] It's motivation[that
is needed!] I remember when a good education and having your parents
proud of you was motivation enough. You'll make a good adult TX[.] I hope
you remember the things you know now when you have your own kids.
P.S
- Blame the government [that] we're underfunded and can't afford the
extra support personel we would all like for the new generation.
--- Editors Response ---
You are perfectly right to refer to me as a disgruntled teenager. I
think, however, that I do have the ability to look at the whole picture..
I simply chose not to. That was clearly a serious error on my part.
I feel that, maybe not the whole problem, but at least a large
proportion of the problem lies in the homes. A good chunk of the problem
would be solved if parents made a concious effort to control the
environmental variables that are in their hands.
It is not the teachers responsibility to teach discepline at school,
but because it seems so neccesary, and because children are so neglected
in their homes, I feel that the school system, given appropriate
government funding, should take a different approach to training the
large majority of students who have no motivation, and little self-
respect.
Although I believe I was reffering to parents expectations of the
_students_ in my article, it is also very true that parents expectations
of _teachers_ are also quite ridiculous in many cases. My own mother used
to always blame my teachers for anything I would do wrong. I allowed her
to, because I had no reason to want to take the blame myself, but due to
this long period of time when I took no responsibility, I later had(and
am still having) trouble disceplining myself to work effeciently, and
productively. At this stage in my life, most of my school grades are
borderline failing due, not to any fault of my teachers, but to my own
lack of motivation, and my own lack of self discepline.
I still feel that proud parents, and achievement in school might be
enough motivation to continue doing well, but it's up to the parents to
give their children a kick-start at an early age, so that they might
continue to maintain their pride in achievement later on in life.
I still haven't ranked myself as being responsible enough to have
kids. Maybe when I'm significantly older, or at least, more mentally
developed, and able to meet the challenges that modern society places on
parents, I will reconsider. Too many parents, unfortunately, assume
that bringing up children is easy.
Finally (as this is rather a long response), the government should
indeed be blamed for underfunding. The problems that I continually pick
at in the educational system would be solved if any one school had a
complete, full time staff.. including the neccesary teachers,
councillors, and administrators it takes to help the children who don't
get a fair shake at home.
- Essence/TX
---=[ Split Adrenalyn's LETTER re: REVIVAL #2 ]=---
Well, I just finished reading Revival Issue #002 and I have to say
that it's the best "underground" mag I've EVER read. The articles are
well written, discussing topics that we all can relate to, the articles
pose questions which I'm sure many of us have all asked ourselves about
whatever topic.
It's also not the same old underground mag (it doesn't have a whole
bunch of TEXT files put together into an "issue"), but more of an
information mag, giving you the insight to the PHAC scene.
Good job on this one guys, when's #003 coming?
--- Editors Response ---
Well, it's here! Assuming that I'm sticking to any deadlines, the
magazine will be released on the last saturday of every other month. The
deadline for submissions by non-CiSSD members to REVIVAL! magazine will
be two weeks before the release date.
Thanks for the glowing compliments. While I doubt they're fully
deserved, it is true that the magazine is more than a bunch of text
files. I think that most CiSSD members take a special pride in the
magazine, as it acts as a forum for us to air our views to the public,
and the public to air their views to the rest of the public! It is very
important that we have an appeal to everyone, from some perspective or
another.. We will continue to be political, and provocative.
- Essence/TX
---
TELEKOM STUPIDITY REVEALED
Lister
This week's "Research and Technology" section of the German news magazine
{Focus} (Nr. 17/93, pg. 106) features an *interesting* article about the
German telephone network.
According to the article all you need to tap into another phone line is a
phone line which is hooked up to a modern digital switch and a simple 16
key touch tone beeper. The article shows the original TELEKOM beeper. For
interested users, {Focus} included the TELEKOM reorder number and its
approval ID.
By dialing one of the special "A","B","C" or "D" keys (rightmost column),
you get acces to TELEKOMs switch testing facilities. After you are in the
testing system, you have to enter a three-digit switch id. Then enter the
phone number you wish to call or listen to. If the phone line is busy,
then just enter "1" and you will have a *forced* three way call.
With a modem or any other computer controlled dialing devices it is
rather simple to find the available switch ids in several hours.
Since the testing facility will identify itstelf by sending a rather
loud test tone, most persons will find out, that there is something
strange going on, if they are tapped by someone. But there are also
others that will never take much care about this situation.
Isn't it STUPID that TELEKOM apparently has NOT learned anything what
happend around 20++ years within the USA with the blue/red/ ... boxes
that gave interested users nice and mostly free features?
This time you even do not need any *illegal* devices, but a rather common
and widely available touch tone beeper give you full control over several
local switches!
As elementary mathematics shows, any additional key to press would lower
the chance by 1 to 16 to get access to such a testing system. It would
have been so simple to hide the access code to this system within a
normal number range. If that number would have been changed regularly,
then nobody would ever get access to it. But these measures require work,
and that seems to be hard for a monopoly company!
---
POLITICS AND THE HACKER
The Dictator
Everyone reading this magazine has a reason to do it.. for their
freedom may depend on it. Why, you ask? Because you are dealing with
the Cyberpunk Realm of fantasy, virtual reality, and revolution. Fantasy
is apparant with every hacker or cyberpunk reading this article and
imagining the possibilities of society and technology, working together
towards perfect harmony--or anarchy, the Virtual Reality of a world where
no one's money is their own, where people are not more than the sum of
their words as they flicker past on your screen, where personality is no
more than who you can impress with your extended vocabulary or "K-Rad
K00lness."
However, another aspect is not so obvious, but it is there, perhaps
more than any other. We, as hackers, phreakers, cyberpunks etc. have the
want, the burning desire to change the world into a place that we have
all had a glimpse of, The 'New World' of the 90's, so to speak.
The underground is not a happy place. It is a place where one can
obtain seemingly endless flows of information, but where one must
constantly be prepared to show up a counterpart, and to deal with the
obligations of group affiliation, the backbone of the Underground.
It's all for status, for knowledge, for power. But the power,
ultimately, is for the change of OUR lives, for the change of our ability
to control what will become of the future. it is SO enticing that we may,
at times, forget that the methods we use are the methods we have all
strived to pull away from: Commercialism, and Capitalism. We attempt to
use all means necessary to amass power, power which will ultimately
affect our future for the better.
We do this by squeezing money, time, and belongings from the average
citizen, thereby undermining our very goals, for when we have amassed all
the power required, and are ready to return to normal life, we will be
forced to deal with the same CyberPunks who were once our allies,
partners, or even counterparts, thereby, in the end, succombing to the
realities of our ways, the same realities as Capatalism: the reality that
there is NO escape.
It does NOT have to be that way, however! We have all seen the world
in which we all work together to further a common cause, to accomplish
certain tasks. We all know the power of the underground. we all know that
the power held by each individual, if harnessed, would produce an
invaluable machine for change.
We NEED to pull together. CiSSD has created a group whose purpose lies
in the free-flow of information, and we consistantly work towards that
goal. We all know what can be, if we only try. In Toronto, Canada in
early may, the working class held a march on parliment hill demanding a
reform. If this was backed by the prowess of every hacker in the
underground, we would have a message that could be heard EVERYWHERE the
telephone or computer screen reached!
What we need is ORGANIZED REVOLUTION!
The Great Dope Man put it best when he remarked that "Deviency is its
own reward." Whether or not he realised it at the time, this phrase had
the potential to be the catalyst for the greatest revolution ever
recorded. Deviency, the art of going against the norms of society, if
proctised by enough people with enough frequency, WOULD become the norm,
thereby rewarding all who wished it with an altered standard of living.
Now the only way to ensure that this standard of living would be for
the better, would be to have 'organized deviency' or an ORGANIZED
REVOLUTION. One in which the entire underground drove for something,
putting all of our amassed strength against those we hate in society,
instead of one another. The potential is enormous. We are not limited by
restrections on what information we can amass, nor on how far this
information can be destributed. We are not limited as to what aspects of
this Capatalist world we live in we can gain control of. We CAN make a
difference! We CAN change our downward plummet into extinction. But a
CAPATALIST world will never be able to make the changes, as the changes
would be looked upon as inefficient or irrelevant.
We have the power in our HANDS! We now need only make use of it.
For we have the reasons, just look into you paper.
The time is Upon us, we must act. The WORLD calls for a change. It's our
responsibility, because WE are the only people who can change it.
HACKERS, PHREAKERS, CYBERPUNKS OF THE WORLD, UNITE TO BRING ABOUT
THE NEW WORLD ORDER!
---
EMOTIONAL MATURITY, FOURTEEN YEARS OF AGE!
Essence/TX
Most of my articles are provoked by a real life experience that
leads me to think about a topic from a completely different perspective.
This one is no different, but I am quite shocked and surprised that I
haven't seen anyone take my perspective before.. and why?.. Maybe because
it's a confusing one.
I've never been one to base decisions on age. I feel that generally,
age is an unimportant factor when deciding what privelidges are
appropriate for each individual. More important than age, is maturity.
Clearly, when it comes to this, 'The law is an ass'.
Canadian law bases emotional maturity on i) age and ii) chasteness
of character. More notably, the law states that any female, fourteen
years or older, who has not previously been of chaste character, is
emotionally mature enough to make the decision to have sex. In plain
english, this means that any girl age fourteen who acts like a whore can
be taken advantage of. Any girl age fourteen who acts decently is not
mature enough to have sex. Having sex with any girl age 14 to 18
inclusive who has behaved decently and with self respect, is rape.
Despite all the complaints about males having to worry about rape
charges, whether or not they rape a girl, I think the laws pertaining to
rape are particularily flacid, and weak. There are clauses that shift the
responsibility of rape onto the victim females if the male can show the
female to have 'provoked' the incident. Are we in a day and age where sex
is so important that the male partner can't even take the time to be
reasonably sure about the emotional stability, and maturity of his
partner?
Any guy who justifies his sexual activities by rattling off
sex-laws, and how they pertain to his case, should be removed from our
society. We don't need the inconsiderate. We don't need the low-lifes.
- Essence/TX
---
CYBERPUNK!
The Dictator
The following article was featured in TIME magazine. I felt it was
an accurate portrayal of cyberpunks in the computer underground
community.
BEGIN _|
In the 50s it was the beatniks, staging a coffehouse rebellion against
the conformity of America in the Eisenhower era. In the 60s the Hippies
arrived, combining anti-war activism with the energy of Sex, Drugs, and
Rock'N'Roll. Now a new subculture is bubbling up from the underground,
popping up from computer screens around the world like a piece of
hypertext.
It's called CYBERPUNK, a late - 20th centure term derived from
CYBERNETICS, the science of communication and control, and PUNK, an
antisocial rebel or hoodlum.
Within this odd pairing lurks the essence of CYBERPUNK's international
culture: a way of looking at the world that combines infatuation with
high-tech tools and disdain for conventional ways of using them.
Origionally applied to a school of hard-boiled science-fiction writers
and then to certain semi-tough computer hackers, the word CYBERPUNK now
covers a broad range of music, art, psychedelics, smart drugs and
cutting-edge technology, as well as the computer hacker who laboriously
tries to put this new subculture to work. I have heard CYBERPUNK called
everything from "Technology with an Attitude" (Stewart Brand, Whole Earth
Catalog) to "An unholy alliance of the technical world with the
underground of pop culture and street-level anarchy" (Bruce Sterling,
Science-Fiction writer).
As in any counterculture movement, some denziens would deny they are
part of a movement at all. Although the largest CYBERPUNK journal (PUNK!
Magazine) claims to have a readership of 70 000, there are probably no
more than a few thousand computer hackers, futurists, phreakers,
computer-savvy artists and musicians, and assorted science-fiction
'geeks' on the planet who would actually call themselfes CYBERPUNKS.
Nevertheless, this may be the defining counterculture of the computer
age. It embraces, in spirit at least, not just the nearest
thirtysomething hacker hunched over a terminal, but also nose-ringed
twentysomethings gathered at clandestine RAVES, teenagers who feel about
the Amiga the way their parents felt about records, and even
preadolescent VIDKIDS fused to their SNES and Genesis games -- the
training of CYBERPUNK.
Obsessed with technology, CYBERPUNKS are future-oriented to a fault.
CYBERPUNKS already have one foot in the 21st century, certain that in the
long run, everyone will be a CYBERPUNK.
The CYBERPUNK look, a kind of science-fiction surrealism tweaked by
computer graphics, is finding its way into art galleries, music videos,
and Hollywood movies. CYBERPUNK magazines, many cheaply published or
distributed by electronic medium, are multiplying like cable-TV channels.
CYBERPUNK music is hot enough to keep several record companies and scores
of bands cranking out CD's. CYBERPUNK oriented books are snatched up as
soon as they hit the market. And CYBERPUNK films like BLADERUNNER,
ROBOCOP, VIDEODROME, TOTAL RECALL, TERMINATOR 2 and THE LAWNMOWER MAN
have moved out of the cult market and into the mainstream.
In the US (and therefore Canada), CYBERPUNK culture is likely to get a
boost from of all things, the Clinton Administartion, due to his intrest
in the US's "Data Highways" and what the CYBERPUNKS refer to as
CYBERSPACE. Both terms refer to the globe-circling, interconnected
telephone network that is the conduit for billions of voice, fax, and
data transmissions. This huge CYBERSPACE, the INTERNET, stretches across
the atlantic, touching down in Iceland, and western Europe, then on to
Japan, South Korea, Indonesia, Australia and New Zealand. CYBERPUNKS look
at the wires from the inside; and talk of the network as if it were an
actual place, a virtual reality that can be entered, explored, and
manipulated.
CYBERSPACE playes a major role in the CYBERPUNK world view. The
literature is filled with 'Console Cowboys' who prove themselves by
donning virtual realitry gear and performing heroic feats in the imagery
'matrix' of CYBERSPACE. "CYBERPUNK", a 1991 book, features profiles of
three canonical CYBERPUNK hackers, including Robert Morris, the Cornell
University student whose computer virus brought the entire INTERNET to a
halt in 1988.
However, CYBERSPACE is more than a playground. It's a medium. Every
night on GEnie, Compuserve, and thousands of smaller BBSes, people by the
hundreds of thousands are logging on to a great computer-mediated
talkfest, an interactive debate that allows them to leap over barriers of
time, place nationality, sex, and social status.
Most computer users are content to visit cyberspace now and then, but
the CYBERPUNK goes there to live, and play, and even DIE. the WELL (Whole
Earth 'lectronic Link), an INTERNET site, was shaken 2 1/2 years ago when
one of its most active participants ran a program that erased every
message he had ever left - it involved thousands of posts - an act that
amounted to virtual suicide. A few weeks later he committed suicide for
real.
The WELL has been a magnet for CYBERPUNK thinkers, and the question
is, is there a CYBERPUNK movement? The WELL launched a freewheeling
campeign that ran for months and filled more than 300 pages of text. The
debate yielded, among other things, a concise list of wants of the
CYBERPUNK movement:
INFORMATION WANTS TO BE FREE. A good piece of information will
eventually get into the hands of thouse who can make the best use of it,
despite the best efforts of censors, copyright lawyers and the secret
service.
ALWAYS YIELD TO THE HANDS-ON IMPERATIVE. CYBERPUNKS maintain that they
can run the world for the better, if they can only get there hands on the
control box.
PROMOTE CENTRALIZATION. Society is splintering into hundreds of
subcultures and designer cults, which is a no-no.
'SURF THE EDGES'. When the world is changing by the nanosecond, the
best way to keep your head above the water is to stay at the front end of
the Zeitgeist.
For CYBERPUNKS, pondering history is not so important as coming to
terms with the future. For all the flaws, they have found ways to live
with technology, to make it theirs, something the back-to-the-land
hippies never accomplished. CYBERPUNKS use the technology to bridge the
gulf between art and science, between the world of literature and the
world of industry. Most of all, CYBERPUNKS realize that if you didn't
control technology, it would eventually control you. It is a lesson that
will serve CYBERPUNKS - and the rest of the world - well into the next
century.
|~ END
---
LASERPRINTER FORGERY
Kryten
Most of us remember those pre-historic typewriter things. If you do then
the correction key that some models had was your best friend, and can
be your best friend again. That is the correctable (carbon film) ribbon.
The manual warned against using this ribbon for typing legal documents
because undetectable alterations would be too easy.
Recently I heard a taped interview with Frank Abagnale, a reformed forger
who now advises companies on fraud prevention. It was a quite an
interesting cassette. This is where I tie in my first paragraph.
Abagnale said that output from most laserprinters and photocopiers can be
removed in a similar manner with correction tape because the toner
powder, like carbon film ribbon, only sits on the surface of the paper
but does not impregnate the fibers. I tried it and he's right.
---
CALLER ID INFORMATION AND SPECIFICATIONS
Lister
I know this information may be regarded as old hat, and that it's
not very sensitive in nature; but it makes an interesting read
nonetheless. Hopefully, it will shed a bit of insight as to the inner
workings of Caller ID.
INTRODUCTION
Calling Number Delivery (CND), better known as Caller ID, is a
telephone service intended for residential and small business
customers. It allows the called Customer Premises Equipment
(CPE) to receive a calling party's directory number and the date
and time of the call during the first 4 second silent interval in
the ringing cycle. The customer must contact a Bellcore Client
Company to initiate CND service.
According to Pacific Bell representatives, the following states
and district currently support CND service: Delaware, District
of Columbia, Florida, Georgia, Idaho, Kentucky, Louisiana, Maine,
Maryland, Nebraska, Nevada, New Jersey, Oklahoma, Tennessee,
Vermont, Virginia, and West Virginia.
The following states are scheduled to support CND service by
April, 1992: Alaska, Arizona, California, Colorado, Illinois,
Indiana, Iowa, Massachusetts, Mississippi, New Hampshire, New
York, North Carolina, North Dakota, Ohio, Oregon, Rhode Island,
and South Carolina.
PARAMETERS
The data signalling interface has the following characteristics:
Link Type 2-wire, simplex
Transmission Scheme Analog, phase-coherent FSK
Logical 1 (mark) 1200 +/- 12 Hz
Logical 0 (space) 2200 +/- 22 Hz
Transmission Rate 1200 bps
Transmission Level 13.5 +/- dBm into 900 ohm load
PROTOCOL
The protocol uses 8-bit data words (bytes), each bounded by a
start bit and a stop bit. The CND message uses the Single Data
Message format shown below.
Channel Carrier Message Message Data Checksum
Seizure Signal Type Length Word(s) Word
Signal Word Word
CHANNEL SEIZURE SIGNAL
The channel seizure is 30 continuous bytes of 55h (01010101)
providing a detectable alternating function to the CPE (i.e. the
modem data pump).
CARRIER SIGNAL
The carrier signal consists of 130 +/- 25 mS of mark (1200 Hz) to
condition the receiver for data
.
MESSAGE TYPE WORD
The message type word indicates the service and capability
associated with the data message. The message type word for CND
is 04h (00000100).
MESSAGE LENGTH WORD
The message length word specifies the total number of data words
to follow.
DATA WORDS
The data words are encoded in ASCII and represent the following
information:
o The first two words represent the month
o The next two words represent the day of the month
o The next two words represent the hour in local military time
o The next two words represent the minute after the hour
o The calling party's directory number is represented by the
remaining words in the data word field
If the calling party's directory number is not available to the
terminating central office, the data word field contains an ASCII
"O". If the calling party invokes the privacy capability, the
data word field contains an ASCII "P".
CHECKSUM WORD
The Checksum Word contains the twos complement of the modulo 256
sum of the other words in the data message (i.e., message type,
message length, and data words). The receiving equipment may
calculate the modulo 256 sum of the received words and add this
sum to the reveived checksum word. A result of zero generally
indicates that the message was correctly received. Message
retransmission is not supported.
EXAMPLE CND SINGLE DATA MESSAGE
An example of a received CND message, beginning with the message
type word, follows:
04 12 30 39 33 30 31 32 32 34 36 30 39 35 35 35 31 32 31 32 51
04h= Calling number delivery information code (message type
word)
12h= 18 decimal; Number of data words (date,time, and directory
number words)
ASCII 30,39= 09;
September
ASCII 33,30= 30;
30th day
ASCII 31,32= 12;
12:00 PM
ASCII 32,34= 24;
24 minutes (i.e., 12:24 PM)
ASCII 36,30,39,35,35,35,31,32,31,32= 6095551212;
calling party's directory number (609) 555-1212
51h= Checksum Word
DATA ACCESS ARRANGEMENT (DAA) REQUIREMENTS
To receive CND information, the modem monitors the phone line
between the first and second ring bursts without causing the DAA
to go off hook in the conventional sense, which would inhibit the
transmission of CND by the local central office. A simple
modification to an existing DAA circuit easily accomplishes the
task.
MODEM REQUIREMENTS
Although the data signalling interface parameters match those of
a Bell 202 modem, the receiving CPE need not be a Bell 202
modem. A V.23 1200 bps modem receiver may be used to demodulate
the Bell 202 signal. The ring indicate bit (RI) may be used on a
modem to indicate when to monitor the phone line for CND
information. After the RI bit sets, indicating the first ring
burst, the host waits for the RI bit to reset. The host then
configures the modem to monitor the phone line for CND
information.
According to Bellcore specifications, CND signalling starts as
early as 300 mS after the first ring burst and ends at least 475
mS before the second ring burst
APPLICATIONS
Modem manufacturers will soon be implementing new modem features
based on CND information as this service becomes widely
available.
Once CND information is received the user may process the
information in a number of ways.
1. The date, time, and calling party's directory number can be
displayed.
2. Using a look-up table, the calling party's directory number
can be correlated with his or her name and the name
displayed.
3. CND information can also be used in additional ways such as
for:
a. Bulletin board applications
b. Black-listing applications
c. Keeping logs of system user calls, or
d. Implementing a telemarketing data base
REFERENCES
For more information on Calling Number Delivery (CND), refer to
Bellcore publications TR-TSY-000030 and TR-TSY-000031.
---
THE DIATRIBES OF GRAPPLING
The Grappler
"My non-existence never bothered me before I was born."
Grappler Speaks:
From the electronic wilderness, As I look down upon the scene with
dismay a question formulates within the depths of my conscious reasoning:
What the hell is going on? All I see is the senseless leeching of text
files, etc. So you've got all this info on pbx, freemasonry, virus's,
etc. but what good is it if it only ends up on some disk, never to be
read again? What are we really trying to accomplish here? I mean so
what if you can call long distance for free via some pbx if you only use
that pbx to call your friends, etc. Do you think that BELL really cares
if you hack someone's calling card? They only benifet from the average
phreaks activities and you are just playing into their game, and they
only tend to prosecute when activities get out of hand and the customer
catches on that some 15 yr. old computer devotee just charged $1000 on
his/her calling card.
What is the gain in this situation? The only winning party is Bell
and no one besides! This brings me to my point, everything you do must
be oriented towards a specific goal by which you as a person will profit
by. Now when I say profit, I am not just referring to the materialistic
sense of the word, I am also talking about the spiritual and emotional
aspects of this as well.
One of the #1 rules of Grappling is:
"Strive for the Infinite in all that you do."
It is upon this law that all of grappling hangs so therefore we can
say that it is a solid foundation upon which to build from. Now what this
means is that in order to get anywhere in this lifetime, one must be
prepared to always sacrifice the lower for the higher. One must
carefully weigh every move and make sure that any actions will not be a
regression to any previous plane of existence. A classic demonstration
of this principle is as follows: (Fantasy)
You sign a pact with the devil which states that he will provide you
with 1 million dollars in exchange for your soul. You being an average
person consent, you end up spending all of the money within a years time
and going broke. With this abrupt end to your material wealth comes the
sudden realization that you have nothing left to sell.
So as you can see, as illustrated above one must always ascend the
planes and never ever move down as you may end up stuck there!
Now I realize that the illustration above is not a very good example
of how one may apply this theory to everyday living but I think that you
get the gist of it. (I hope)
I believe that our time on earth is far too limited and we must take
advantage of every single second that we are alive. Conformity is for the
weak and those who fall into society 's trap are as lambs to the
slaughter. By this I am not saying that one must deliberatley go out and
break the law but what I am saying is that if you always play according
to societies rules then you are just wasting time. Let's look at the
average persons life:
birth -> school -> marriage/kids -> job -> death.
Now this is not necessarily in the stated order and there may be
some deviancy from this projection but not by any significant margin. So
as you can see nothing that the average person does is really of any
importance other than the obvious procreation bit. Now you may object to
this statement and if you do then I welcome a debate but if you look at
this from an unbiased viewpoint and step out of the confines of everyday
thinking you will come to realize that the only thing that really matters
in the end is death. This is a rather morbid statement but if you think
about it: Death is a fact of life and therefore something which must be
confronted everyday, death makes everything that we do irrelevant and in
the end the average joe's life has amounted to a 15 minute eulogy that no
one really cares about anyway. So you may be right now sitting before
your computer screen with a look of "what the fuck is going on here, this
guy is baked!". How does this pertain to you or fit into the context of
this article? Well I'll tell you: What I am trying to do with this
article is to make you analyze things very acutely, I want you to
scrutinize every action you take from this point forward, and realize
that any action that you do take should be in conformance with your own
will. If you commit an action against your own personal will then you
are stepping back into the chaos that is society and well on your way to
becoming a slave.
"Your all a bunch of FUCKING SLAVES!"
*Jim Morrison
So applying this to computers and the point of this article, it's
all fine and dandy to download thousands of text files on HPACV but is
this all that the scene is about? Are we merely content with this? I
for one am not and actively utilize my HPACV knowledge to attain
information that the average person is not even aware exists. Why let
those in control reap the rewards of the slavedog morality which is
society when you can have a piece of the pie to? Computers practically
run the world or at least play a sizeable role in wordly affairs and
therefore it would be safe to assume that if you own one then you
probably have access to the same. Organization is the key and that is
why I have recently applied to CiSSD in the hopes that membership will
raise me up to bigger and better things as opposed to just being a
spectator as most are.
Now, I have noticed that there is alot of interest in conspiracy
among the members of the local boards, well so what if there is a
conspiracy because what can we really do about it if there is? Awareness
is only 1/8 of the big picture, what I am saying is that why not create
your own conspiracies?
"I don't know about you but I'm gonna have my kicks before the
whole shithouse goes up in flames man!"
*Jim Morrison
I feel that I have rambled on incoherently long enough, I know this
article has jumped around alot but that is merely a reflection of my
frustrated state of mind. I feel very strongly about all that I have
said and will accept with open arms any criticisms, flak, etc for these
views. I have chosen to embrace this life with unbending determination
to achieve something of significance, have you? This ends the diatribe.
---
PRIVACY, LINE TAPS AND THE US GOVERNMENT
Lister
Here guys (and gals), this is a nice little article by Dorothy Denning,
and it may be of interest to you. Quite a frightening prospect if you'd
ask me...
BEGIN __|
Subject: THE CLIPPER CHIP: A TECHNICAL SUMMARY
Date: 19 Apr 93 18:23:27 -0400
Organization: Georgetown University
The following document summarizes the Clipper Chip, how it is used,
how programming of the chip is coupled to key generation and the
escrow process, and how law enforcement decrypts communications.
Since there has been some speculation on this news group about my
own involvement in this project, I'd like to add that I was not in any
way involved. I found out about it when the FBI briefed me on Thursday
evening, April 15. Since then I have spent considerable time talking
with the NSA and FBI to learn more about this, and I attended the NIST
briefing at the Department of Commerce on April 16. The document
below is the result of that effort.
Dorothy Denning
THE CLIPPER CHIP: A TECHNICAL SUMMARY
Dorothy Denning
April 19, 1993
INTRODUCTION
On April 16, the President announced a new initiative that will bring
together the Federal Government and industry in a voluntary program to
provide secure communications while meeting the legitimate needs of
law enforcement. At the heart of the plan is a new tamper-proof
encryption chip called the "Clipper Chip" together with a split-key
approach to escrowing keys. Two escrow agencies are used, and the key
parts from both are needed to reconstruct a key.
CHIP STRUCTURE
The Clipper Chip contains a classified 64-bit block encryption
algorithm called "Skipjack." The algorithm uses 80 bit keys (compared
with 56 for the DES) and has 32 rounds of scrambling (compared with 16
for the DES). It supports all 4 DES modes of operation. Throughput
is 16 Mbits a second.
Each chip includes the following components:
the Skipjack encryption algorithm
F, an 80-bit family key that is common to all chips
N, a 30-bit serial number
U, an 80-bit secret key that unlocks all messages encrypted with the
chip.
ENCRYPTING WITH THE CHIP
To see how the chip is used, imagine that it is embedded in the AT&T
telephone security device (as it will be). Suppose I call someone and
we both have such a device. After pushing a button to start a secure
conversation, my security device will negotiate a session key K with
the device at the other end (in general, any method of key exchange
can be used). The key K and message stream M (i.e., digitized voice)
are then fed into the Clipper Chip to produce two values:
E[M; K], the encrypted message stream, and
E[E[K; U] + N; F], a law enforcement block.
The law enforcement block thus contains the session key K encrypted
under the unit key U concatenated with the serial number N, all
encrypted under the family key F.
CHIP PROGRAMMING AND ESCROW
All Clipper Chips are programmed inside a SCIF (secure computer
information facility), which is essentially a vault. The SCIF
contains a laptop computer and equipment to program the chips. About
300 chips are programmed during a single session. The SCIF is located
at Mikotronx.
At the beginning of a session, a trusted agent from each of the two
key escrow agencies enters the vault. Agent 1 enters an 80-bit value
S1 into the laptop and agent 2 enters an 80-bit value S2. These values
serve as seeds to generate keys for a sequence of serial numbers.
To generate the unit key for a serial number N, the 30-bit value N is
first padded with a fixed 34-bit block to produce a 64-bit block N1.
S1 and S2 are then used as keys to triple-encrypt N1, producing a
64-bit block R1:
R1 = E[D[E[N1; S1]; S2]; S1] .
Similarly, N is padded with two other 34-bit blocks to produce N2 and
N3, and two additional 64-bit blocks R2 and R3 are computed:
R2 = E[D[E[N2; S1]; S2]; S1]
R3 = E[D[E[N3; S1]; S2]; S1] .
R1, R2, and R3 are then concatenated together, giving 192 bits. The
first 80 bits are assigned to U1 and the second 80 bits to U2. The
rest are discarded. The unit key U is the XOR of U1 and U2. U1 and
U2 are the key parts that are separately escrowed with the two escrow
agencies.
As a sequence of values for U1, U2, and U are generated, they are
written onto three separate floppy disks. The first disk contains a
file for each serial number that contains the corresponding key part
U1. The second disk is similar but contains the U2 values. The third
disk contains the unit keys U. Agent 1 takes the first disk and agent
2 takes the second disk. The third disk is used to program the chips.
After the chips are programmed, all information is discarded from the
vault and the agents leave. The laptop may be destroyed for
additional assurance that no information is left behind.
The protocol may be changed slightly so that four people are in the
room instead of two. The first two would provide the seeds S1 and S2,
and the second two (the escrow agents) would take the disks back to
the escrow agencies.
The escrow agencies have as yet to be determined, but they will not be
the NSA, CIA, FBI, or any other law enforcement agency. One or both
may be independent from the government.
LAW ENFORCEMENT USE
When law enforcement has been authorized to tap an encrypted line,
they will first take the warrant to the service provider in order to
get access to the communications line. Let us assume that the tap is
in place and that they have determined that the line is encrypted with
Clipper. They will first decrypt the law enforcement block with the
family key F. This gives them E[K; U] + N. They will then take a
warrant identifying the chip serial number N to each of the key escrow
agents and get back U1 and U2. U1 and U2 are XORed together to
produce the unit key U, and E[K; U] is decrypted to get the session
key K. Finally the message stream is decrypted. All this will be
accomplished through a special black box decoder operated by the FBI.
ACKNOWLEDGMENT AND DISTRIBUTION NOTICE. All information is based on
information provided by NSA, NIST, and the FBI. Permission to
distribute this document is granted.
|~~ END
BEGIN |__
THE WHITE HOUSE
Office of the Press Secretary
For Immediate Release April 16, 1993
STATEMENT BY THE PRESS SECRETARY
The President today announced a new initiative that will bring the
Federal Government together with industry in a voluntary program to
improve the security and privacy of telephone communications while
meeting the legitimate needs of law enforcement.
The initiative will involve the creation of new products to accelerate
the development and use of advanced and secure telecommunications
networks and wireless communications links.
For too long there has been little or no dialogue between our private
sector and the law enforcement community to resolve the tension
between economic vitality and the real challenges of protecting
Americans. Rather than use technology to accommodate the sometimes
competing interests of economic growth, privacy and law enforcement,
previous policies have pitted government against industry and the
rights of privacy against law enforcement.
Sophisticated encryption technology has been used for years to protect
electronic funds transfer. It is now being used to protect electronic
mail and computer files. While encryption technology can help
Americans protect business secrets and the unauthorized release of
personal information, it also can be used by terrorists, drug dealers,
and other criminals.
A state-of-the-art microcircuit called the "Clipper Chip" has been
developed by government engineers. The chip represents a new approach
to encryption technology. It can be used in new, relatively
inexpensive encryption devices that can be attached to an ordinary
telephone. It scrambles telephone communications using an encryption
algorithm that is more powerful than many in commercial use today.
This new technology will help companies protect proprietary
information, protect the privacy of personal phone conversations and
prevent unauthorized release of data transmitted electronically. At
the same time this technology preserves the ability of federal, state
and local law enforcement agencies to intercept lawfully the phone
conversations of criminals.
A "key-escrow" system will be established to ensure that the "Clipper
Chip" is used to protect the privacy of law-abiding Americans. Each
device containing the chip will have two unique "keys," numbers that
will be needed by authorized government agencies to decode messages
encoded by the device. When the device is manufactured, the two keys
will be deposited separately in two "key-escrow" data bases that will
be established by the Attorney General. Access to these keys will be
limited to government officials with legal authorization to conduct a
wiretap.
The "Clipper Chip" technology provides law enforcement with no new
authorities to access the content of the private conversations of
Americans.
To demonstrate the effectiveness of this new technology, the Attorney
General will soon purchase several thousand of the new devices. In
addition, respected experts from outside the government will be
offered access to the confidential details of the algorithm to assess
its capabilities and publicly report their findings.
The chip is an important step in addressing the problem of
encryption's dual-edge sword: encryption helps to protect the privacy
of individuals and industry, but it also can shield criminals and
terrorists. We need the "Clipper Chip" and other approaches that can
both provide law-abiding citizens with access to the encryption they
need and prevent criminals from using it to hide their illegal
activities. In order to assess technology trends and explore new
approaches (like the key-escrow system), the President has directed
government agencies to develop a comprehensive policy on encryption
that accommodates:
-- the privacy of our citizens, including the need to
employ voice or data encryption for business purposes;
-- the ability of authorized officials to access telephone
calls and data, under proper court or other legal
order, when necessary to protect our citizens;
-- the effective and timely use of the most modern
technology to build the National Information
Infrastructure needed to promote economic growth and
the competitiveness of American industry in the global
marketplace; and
-- the need of U.S. companies to manufacture and export
high technology products.
The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the privacy
rights of individuals as policy options are developed.
The Administration is committed to working with the private sector to
spur the development of a National Information Infrastructure which
will use new telecommunications and computer technologies to give
Americans unprecedented access to information. This infrastructure of
high-speed networks ("information superhighways") will transmit video,
images, HDTV programming, and huge data files as easily as today's
telephone system transmits voice.
Since encryption technology will play an increasingly important role
in that infrastructure, the Federal Government must act quickly to
develop consistent, comprehensive policies regarding its use. The
Administration is committed to policies that protect all Americans'
right to privacy while also protecting them from those who break the
law.
Further information is provided in an accompanying fact sheet. The
provisions of the President's directive to acquire the new encryption
technology are also available.
For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.
---------------------------------
QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S
TELECOMMUNICATIONS INITIATIVE
Q: Does this approach expand the authority of government
agencies to listen in on phone conversations?
A: No. "Clipper Chip" technology provides law enforcement with
no new authorities to access the content of the private
conversations of Americans.
Q: Suppose a law enforcement agency is conducting a wiretap on
a drug smuggling ring and intercepts a conversation
encrypted using the device. What would they have to do to
decipher the message?
A: They would have to obtain legal authorization, normally a
court order, to do the wiretap in the first place. They
would then present documentation of this authorization to
the two entities responsible for safeguarding the keys and
obtain the keys for the device being used by the drug
smugglers. The key is split into two parts, which are
stored separately in order to ensure the security of the key
escrow system.
Q: Who will run the key-escrow data banks?
A: The two key-escrow data banks will be run by two independent
entities. At this point, the Department of Justice and the
Administration have yet to determine which agencies will
oversee the key-escrow data banks.
Q: How strong is the security in the device? How can I be sure
how strong the security is?
A: This system is more secure than many other voice encryption
systems readily available today. While the algorithm will
remain classified to protect the security of the key escrow
system, we are willing to invite an independent panel of
cryptography experts to evaluate the algorithm to assure all
potential users that there are no unrecognized
vulnerabilities.
Q: Whose decision was it to propose this product?
A: The National Security Council, the Justice Department, the
Commerce Department, and other key agencies were involved in
this decision. This approach has been endorsed by the
President, the Vice President, and appropriate Cabinet
officials.
Q: Who was consulted? The Congress? Industry?
A: We have on-going discussions with Congress and industry on
encryption issues, and expect those discussions to intensify
as we carry out our review of encryption policy. We have
briefed members of Congress and industry leaders on the
decisions related to this initiative.
Q: Will the government provide the hardware to manufacturers?
A: The government designed and developed the key access
encryption microcircuits, but it is not providing the
microcircuits to product manufacturers. Product
manufacturers can acquire the microcircuits from the chip
manufacturer that produces them.
Q: Who provides the "Clipper Chip"?
A: Mykotronx programs it at their facility in Torrance,
California, and will sell the chip to encryption device
manufacturers. The programming function could be licensed
to other vendors in the future.
Q: How do I buy one of these encryption devices?
A: We expect several manufacturers to consider incorporating
the "Clipper Chip" into their devices.
Q: If the Administration were unable to find a technological
solution like the one proposed, would the Administration be
willing to use legal remedies to restrict access to more
powerful encryption devices?
A: This is a fundamental policy question which will be
considered during the broad policy review. The key escrow
mechanism will provide Americans with an encryption product
that is more secure, more convenient, and less expensive
than others readily available today, but it is just one
piece of what must be the comprehensive approach to
encryption technology, which the Administration is
developing.
The Administration is not saying, "since encryption
threatens the public safety and effective law enforcement,
we will prohibit it outright" (as some countries have
effectively done); nor is the U.S. saying that "every
American, as a matter of right, is entitled to an
unbreakable commercial encryption product." There is a
false "tension" created in the assessment that this issue is
an "either-or" proposition. Rather, both concerns can be,
and in fact are, harmoniously balanced through a reasoned,
balanced approach such as is proposed with the "Clipper
Chip" and similar encryption techniques.
Q: What does this decision indicate about how the Clinton
Administration's policy toward encryption will differ from
that of the Bush Administration?
A: It indicates that we understand the importance of encryption
technology in telecommunications and computing and are
committed to working with industry and public-interest
groups to find innovative ways to protect Americans'
privacy, help businesses to compete, and ensure that law
enforcement agencies have the tools they need to fight crime
and terrorism.
Q: Will the devices be exportable? Will other devices that use
the government hardware?
A: Voice encryption devices are subject to export control
requirements. Case-by-case review for each export is
required to ensure appropriate use of these devices. The
same is true for other encryption devices. One of the
attractions of this technology is the protection it can give
to U.S. companies operating at home and abroad. With this
in mind, we expect export licenses will be granted on a
case-by-case basis for U.S. companies seeking to use these
devices to secure their own communications abroad. We plan
to review the possibility of permitting wider exportability
of these products.
|~~ END
---
HINTERLAND WHO'S WHO - 800 EXCHANGES
Lister
Exchanges - 800 Service
0 1 2 3 4 5 6 7 8 9
+------+------+------+------+------+------+------+------+------+------+
20| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
21| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
22| ---- | AT&T | AT&T | AT&T | LDL | AT&T | MIC | AT&T | AT&T | C&W |
23| NTK | AT&T | AT&T | AT&T | MCI | AT&T | SCH | AT&T | AT&T |Delta |
24| SIR | AT&T | AT&T | AT&T | ---- | AT&T | ---- | AT&T | AT&T | ---- |
25| ---- | AT&T | AT&T | AT&T | TTU | AT&T | LSI | AT&T | AT&T | ---- |
26| ---- | SCH | AT&T |CanCO | ICT |CanSWO| COM |CanEO |CanTor| FDG |
27| ---- | ---- | AT&T | ---- | MCI | ITT | ONE | SNT | ---- | MAL |
28| ADG | ---- | AT&T | MCI | MCI | ---- | ---- | ---- | MCI | MCI |
29| ---- | ---- | AT&T | PRO | ---- | ---- | ---- | ARE | ---- | CDC |
30| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
31| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
32| ---- | AT&T | AT&T | AT&T | HNI | AT&T |Sprint| AT&T | AT&T | TET |
33| TET | AT&T | AT&T | MCI | AT&T | SCH | AT&T | FST | AT&T | ---- |
34| ---- | AT&T | AT&T | AT&T | AT&T | AT&T | AT&T |Sprint| AT&T | DCT |
35| COM | AT&T | AT&T | ---- | AT&T | ---- | AT&T | ---- | AT&T |Sprint|
36| ---- |CanMtl| AT&T |CanMtl| HNI | MCI |Sprint| AT&T | AT&T |Teleco|
37|Teleco| ---- | AT&T |Teleco| ---- |ATCCig| ---- |Telnet| ---- | ---- |
38| ---- | ---- | AT&T |Teleco| FDT |Hedges| TBQ |CanTor| MCI | ---- |
39| ---- | ---- | AT&T | EXF | ---- | MCI | ---- |Teleco| ---- |Americ|
40| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
41| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
42| ---- | AT&T | AT&T | AT&T | AT&T | TTH | AT&T | ---- | AT&T | ---- |
43| ---- | AT&T | AT&T | AT&T | AGN | AT&T | IDN | AT&T | AT&T | ---- |
44| TXN | AT&T | AT&T | AT&T | MCI | AT&T | AT&T | AT&T | AT&T | ---- |
45| USL | AT&T | AT&T | AT&T | ALN | ---- | MCI | AT&T | AT&T | ---- |
46| ---- |CanNCO| AT&T |CanEQu| ---- |CanNWO| ALN | ICT | AT&T | ---- |
47| ---- | ALN | AT&T |Sprint| ---- |Teleco|Teleco| MCI |Alascm| ---- |
48| ---- | ---- | AT&T | ---- |Teleco|Teleco| C&W |Sprint|Sprint| TOM |
49| ---- | ---- | AT&T | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
50| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
51| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
52| ---- | AT&T | AT&T | AT&T | AT&T | AT&T | AT&T | AT&T | AT&T |Midco |
53| ---- | AT&T | AT&T | AT&T | ---- | AT&T | ALN | AT&T | AT&T | ---- |
54| ---- | AT&T | AT&T | AT&T | AT&T | AT&T |Sprint| AT&T | AT&T | ---- |
55| CMA | AT&T | AT&T | AT&T | AT&T |[Diry]| AT&T | ALN | AT&T | ---- |
56| ---- |CanNB | AT&T |CanNfl| ---- |CanNSP| ALN |CanWQu| ---- | ---- |
57| ---- | ---- | AT&T | ---- | AMM | ---- | ---- |Telnet| ---- | LNS |
58| WES | ---- | AT&T |Teleco|Teleco| ---- |Action| LTQ |Action| LGT |
59| ---- | ---- | AT&T |Teleco|Teleco| ---- | ---- | ---- | ---- | ---- |
60| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
61| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
62| ---- | AT&T | AT&T | ---- | AT&T | NLD | AT&T | MCI | AT&T | ---- |
63| ---- | AT&T | AT&T | AT&T | AT&T | AT&T | CQU | AT&T | AT&T | BUR |
64| ---- | AT&T | AT&T | AT&T | CMA | AT&T | ---- | AT&T | AT&T | ---- |
65| ---- | ---- | AT&T | ---- | AT&T | ---- | ---- |Teleco|Teleco| ---- |
66| ---- |CanAlb| AT&T |CanBC |Sprint|CanMan| MCI |CanSsk|CanTor|Sprint|
67| ---- | ---- | AT&T |Teleco|Teleco| ---- |Sprint| MCI | MCI | ---- |
68| ---- | ---- | AT&T | MTD | ---- | ---- | LGT | NTS | MCI | ---- |
69| ---- | ---- | AT&T | ---- | ---- | MCI | ---- | ---- | NYC | PLG |
70| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
71| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
72| TGN | ---- | AT&T | ---- | RCI | SAN |Sprint| MCI |Teleco|Sprint|
73| ---- | ---- | AT&T |Sprint| ---- |Sprint|Sprint| MEC | MEC | ---- |
74| ---- | MIC | AT&T | EDS | ---- |Sprint| ---- |Teleco|Teleco|Teleco|
75| ---- | ---- | AT&T | MCI | TSH | SPR | ---- | TID | ---- | MCI |
76| ---- | ---- | AT&T | ---- |Alascm| MCI | MCI |Sprint| SNT | ---- |
77| GCN | SNT | AT&T | CTI | ---- | ---- |Sprint| MCI |Sprint|Teleco|
78|Teleco| ---- | AT&T | ALN |Allnet| SNH |(Futu)| ---- | ---- | TMU |
79| ---- | ---- | AT&T | ---- | ---- | ---- | ---- | TID |Teleco| ---- |
80|Sprint| ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
81| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
82| ---- | AT&T | AT&T | THA | AT&T | MCI | AT&T |Sprint| AT&T |Sprint|
83| ---- | AT&T | AT&T | AT&T | ---- | AT&T |Teleco|Teleco| ---- | Star |
84| ---- | AT&T | AT&T | AT&T | LDD | AT&T | ---- | AT&T | AT&T | ---- |
85| TKC | AT&T | AT&T | ---- | AT&T | AT&T | ---- | TLS | AT&T | ---- |
86| ---- | ---- | AT&T | ALN | TEN | ---- | MCI | ---- | SNT |Sprint|
87| ---- | ---- | AT&T | MCI | AT&T | ALN | MCI |Sprint| ALN | MCI |
88| NAS | NAS | AT&T | ---- |Sprint| AT&T | ALN | ETS | MCI | ---- |
89| ---- | ---- | AT&T | ---- | ---- | ---- | TXN | ---- | CGI | C&W |
90| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
91| ---- | ---- |(Pagr)| ---- | ---- | ---- | ---- | ---- | ---- | ---- |
92| ---- | ---- | AT&T | ALN | ---- | ---- | MCI |Sprint| CIS | ---- |
93| ---- | ---- | AT&T | MCI | ---- | ---- |R-Comm| MCI | ---- | ---- |
94| TSF | ---- | AT&T | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
95| MCI |PhAmer| AT&T | ---- | ---- | MCI | ---- | ---- |[T-??]|[T-??]|
96| CNO | ---- | AT&T | SOC | ---- | ---- | C&W | ---- | TED | C&W |
97| ---- | ---- | AT&T | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
98| ---- | ---- | AT&T | WUT | ---- | ---- | WUT | ---- | WUT | C&W |
99| ---- | ---- | AT&T | ---- | ---- | ---- | Valu | ---- | ---- | MCI |
+------+------+------+------+------+------+------+------+------+------+
0 1 2 3 4 5 6 7 8 9
Exchanges - 800 Service - Appendix
Abbreviations of carriers/regions used in the table:
Action - Action Telecom Co.
ADG - Advantage Network, Inc.
AGN - AMRIGON
Alascm - ALASCOM
Allnet - Allnet Communication Services
Americ - AmeriCall Corporation (Calif.)
AMM - Access Long Distance
ARE - American Express TRS
AT&T - AT&T
ATCCig - ATC Cignal Communications
BUR - Burlington Tel.
C&W - Cable & Wireless Comm.
CanAlb - Telecom Canada/Alberta (403)
CanBC - Telecom Canada/British Columbia (604)
CanCO - Telecom Canada/Central Ontario (416)
CanEO - Telecom Canada/Eastern Ontario (613)
CanEQu - Telecom Canada/Eastern Quebec (418)
CanMan - Telecom Canada/Manitoba (204)
CanMtl - Telecom Canada/Montreal Area (514)
CanNB - Telecom Canada/New Brunswick (506)
CanNfl - Telecom Canada/Newfoundland (709)
CanNCO - Telecom Canada/North Central Ontario (705)
CanNSP - Telecom Canada/Nova Scotia, PEI (902)
CanNWO - Telecom Canada/NW Ontario (807)
CanSsk - Telecom Canada/Saskatchewan (306)
CanSWO - Telecom Canada/SW Ontario (519)
CanTor - Telecom Canada/Toronto Area (416)
CanWQu - Telecom Canada/Western Quebec (819)
CDC - ClayDesta Communications
CNO - COMTEL of New Orleans
COM - COM Systems
CQU - ConQuest Comm. Corp
CTI - Compu-Tel Inc.
DCT - Direct Communications, Inc.
Delta - Delta Communications, Inc.
EDS - Electronic Data Systems Corp.
ETS - Eastern Telephone Systems, Inc.
EXF - Execulines of Florida, Inc.
FDG - First Digital Network
FDN - Florida Digital Network
FDT - Friend Technologies
FST - First Data Resources
GCN - General Communications, Inc.
Hedges - Hedges Communications
HNI - Houston Network, Inc.
ITT - United States Transmission System
LDD - LDDS-II, Inc.
LDL - Long Distance for Less
LGT - LITEL
LNS - Lintel Systems
LSI - Long Distance Savers
LTQ - Long Distance for Less
MAL - MIDAMERICAN
MCI - MCI Telecommunications Corp.
MDE - Meade Associates
MEC - Mercury, Inc.
MIC - Microtel, Inc.
Midco - Midco Communications
MTD - Metromedia Long Distance
NLD - National Data Corp.
NTK - Network Telemanagement Svcs.
NTS - NTS Communications
ONC - OMNICALL, Inc.
ONE - One Call Communications, Inc.
PhAmer - Phone America
PHE - Phone Mail, Inc.
PLG - Pilgrim Telephone Co.
PRO - PROTO-COL
R-Comm - R-Comm
RCI - RCI Corporation
SAN - Satelco
SCH - Schneider Communications
SIR - Southern Interexchange Services
SLS - Southland Systems, Inc.
SNH - Sunshine Telephone Co.
SNT - SouthernNet, Inc.
SOC - State of California
Sprint - U.S. Telcom, Inc. (U.S. Sprint)
Star - STAR-LINE
TBQ - Telecable Corp.
TED - TeleDial America
Teleco - Teleconnect
Telnet - Telenet Comm. Corp.
TEN - Telesphere Network, Inc.
TET - Teltec Savings Communications Co.
TGN - Telemanagement Consult't Corp.
THA - Touch America
TID - TMC South Central Indiana
TKC - TK Communications, Inc.
TLS - TELE-SAV
TMU - Tel-America, Inc.
TOM - TMC of Montgomery
TSF - SOUTH-TEL
TSH - Tel-Share
TTH - Tele Tech, Inc.
TTU - Total-Tel USA
TXN - Tex-Net
USL - U.S. Link Long Distance
Valu - Valu-Line
WES - Westel
WUT - Western Union Telegraph Co.
Other abbreviations
(Futu) - for future assignment
(Pagr) - reserved for radio paging
[Diry] - Directory Assistance Exchange
[T-??] - reserved for testing
Notes on 800
------------
Where local telcos, such as Illinois Bell offer 800 service, they
purchase blocks of numbers from AT&T on prefixes assigned to AT&T. They
are free to purchase blocks of numbers from any carrier of their choice
however.
Often, exchanges of the form NN2 are used internally within an area code
or region, such as 552 or 772 in Saskatchewan, or for intra-state use.
Specific intra-state or intra-provincial uses are not mentioned in this
document.
The information was updated according to carriers accessible from Canada.
As far as can be determined, only the AT&T, MCI and Sprint 800 services
are accessible from Canada at present. However, 337 (assigned to First
Data Resources) seems to be connected to MCI. This could be due to the
purchase of some companies; the prefixes would then be assumed by the
buyer.
N0X/N1X prefixes for 800 service are starting to appear. The first widely
known one is 800 used by Sprint (as in 1 800 800 xxxx). This is the only
N(0/1)X prefix for 800 to be accessible from Canada at present.
---
POETRY CORNER
The Grappler - Essence
With the unquenchable thirst of an ocean
Death drinks of lifetimes in a flinch
I am but a cups worth of this
As meaningless as a glass of water
To know this is the mortal cross
we all must bear.
(C)1993 The Grappler
My Teddy Bear
Without my teddy bear, I cannot sleep.
I cannot breathe, or concentrate.
I cannot set my mind out straight,
but my teddy bear doesn't miss me.
Without my teddy bear, I cannot feel.
I play a game, I act in haste,
romantic thoughts are put to waste,
but my teddy bear doesn't miss me.
Without my teddy bear, I cannot see.
It's all pitch black, and in the day,
without a map, i've lost my way,
but my teddy bear doesn't miss me.
Without my teddy bear, I cannot smell.
There's no purfume, no sweet soft skin,
No hugs to be supported in,
but my teddy bear doesn't miss me.
Without my teddy bear, I cannot taste.
I cannot taste her loving kiss,
the interweaved celestial bliss,
but my teddy bear doesn't miss me.
My teddy bear, come back to me.
It sickens me to think you might,
alone and lost, be filled with fright,
and maybe, you might miss me.
(C)1993 Essence
Victim
Like ice, her cold heart controls her warm hands.
Inticing me to join her,
Inviting me to touch her,
She melts my heart but inside she is cruel.
My face her hands carressing,
My body, hers is blessing.
Intense her hatred runs right through her blood.
Her passion makes her sexy,
Her warm lips make her sexy.
I enter her, and let my heart breathe fire.
My fire, and love exhausted,
yet she has just molested,
Another Victim.
(C)1993 Essence
---
OFFICIAL [CiSSD] BAD-ASS BELLCORE GLOSSARY
Lister
The following I picked up in my travels on the Internet. I
rarely find a COMPREHENSIVE glossary like this one. Although it is
intended for Bellcore employees, it has obvious uses for social
engineering; or just for reference. All in all, it makes and interesting
read and I hope you benefit out of it..
A & B LEADS
Designation of leads derived from the midpoints of the two
pairs comprising a 4-wire circuit.
ABBREVIATED DIALING
Preprogramming of a caller's phone system or long distance
company's switch to recognize a 2- to 4-digit number as an
abbreviation for a frequently dialed phone number, and
automatically dial the whole number.
Synonym: Speed Dialing.
ACCESS CHARGE
Monies collected by local phone companies for use of their
circuits to originate and terminate long distance calls.
Can be per minute fees levied on long distance companies,
Subscriber Line Charges (SLCs) levied directly on regular
local lines, fixed monthly fees for special telco circuits
(ie. WAL, DAL,T-1), or Special Access Surcharge (SAS) on
special access circuits.
ACCESS LINE
A telephone circuit which connects a customer location to
a network switching center.
AIRLINE MILEAGE
Calculated point-to-point mileage between terminal
facilities.
ALL TRUNKS BUSY (ATB)
A single tone interrupted at a 120 ipm (impulses per
minute) rate to indicate all lines or trunks in a routing
group are busy.
ALTERNATE ROUTE
A secondary communications path used to reach a
destination if the primary path is unavailable.
ALTERNATE USE
The ability to switch communications facilities from one
type to another, i.e., voice to data, etc.
ALTERNATE VOICE DATA (AVD)
A single transmission facility which can be used for
either voice or data.
ANALOG SIGNAL
A signal in the form of a continuous varying physical
quantity, e.g., voltage which reflects variations in some
quantity, e.g., loudness in the human voice.
ANNUNCIATOR
An audible intercept device that states the condition or
restrictions associated with circuits or procedures.
ANSWER BACK
An electrical and/or visual indication to the calling or
sending end that the called or received station is on
the line.
ANSWER SUPERVISION
An electrical signal fed back up the line by the local
telephone company at the distant end of a long distance
call to indicate positively the call has been answered by
the called party. Tells billing equipment to start timing
the call.
AREA CODE
A three digit number identifying more than 150 geographic
areas of the United States and Canada which permits direct
distance dialing on the telephone system. A similar
global numbering plan has been established for
international subscriber dialing.
Synonym: Numbering Plan Area (NPA).
ATTENDANT POSITION
A telephone switchboard operator's position. It provides
either automatic (cordless) or manual (plug and jack)
operator controls for incoming and/or outgoing telephone
calls.
ATTENTUATION
A general term used to denote the decrease in power
between that transmitted and that received due to loss
through equipment, lines, or other transmission devices.
It is usually expressed as a ratio in dB (decibel).
AUDIBLE RINGING TONE
An audible signal heard by the calling party during the
ringing-interval.
AUTHORIZATION CODE
A 5- to 14-digit number entered using a touch-tone phone
to identify the caller as a customer of the long distance
service. Used primarily before Equal Access as a way to
verify the caller as a customer and bill calls.
AUTO ANSWER
A machine feature that allows a transmission control unit
or station to automatically respond to a call that it
receives.
AUTOMATIC CALL DISTRIBUTOR (ACD)
A switching system designed to queue and/or distribute a
large volume of incoming calls to a group of attendants to
the next available "answering" position.
AUTOMATIC DIALING UNIT
A device which is programmed with frequently called
numbers. The caller presses one to three digits and the
preprogrammed number is automatically dialed into the
phone circuit.
AUTOMATIC IDENTIFICATION OF OUTWARD DIALING (AIOD)
The ability of some centrex units to provide an itemized
breakdown of charges (including individual charges for
toll calls) for calls made by each telephone extension.
AUTOMATIC NUMBER IDENTIFICATION (ANI)
On long distance calls, the process by which the local
phone company passes a caller's local billing phone number
to his/her long distance company when a "1+" or "10-XXX"
call is made. With ANI a caller's long distance carrier
knows who (what phone number) to bill without requiring
the caller to enter any extra digits to be identified.
AUTOMATIC ROUTE SELECTION (ARS)
Synonym: Least Cost Routing
BAND
(1) The range of frequencies between two defined limits.
(2) In reference to WATS, one of the five specific
geographic areas as defined by the carrier.
Synonym: Bandwidth.
BANDWIDTH
see BAND.
BASEBAND
The total frequency band occupied by the aggregate of
all the voice and data signals used to modulate a radio
carrier.
BAUD
A unit of signaling speed. The speed in Baud is the number
of discrete conditions or signal elements per second. If
each signal event represents only one bit condition, then
Baud is the same as bits per second. Baud does not equal
bits per second.
BLOCKED CALLS
Attempted calls that are not connected because (1) all
lines to the central offices are in use; or (2) all
connecting paths through the PBX/switch are in use.
BREAK
A means of interrupting transmission, a momentary
interruption of a circuit.
BREAKEVEN POINT
Level of usage at which the total cost of a service with a
high fixed up-front monthly fee but low minute costs
becomes equal to the total cost of another service with
low (or zero) monthly fee but relatively high per minute
cost. At usage levels higher than breakeven, the service
with the high monthly fee is cheaper.
BROADBAND
A transmission facility having a bandwidth of greater than
20 kHz.
BUS
A heavy conductor, or group of conductors, to which
several units of the same type of equipment may be
connected.
BUSY
The condition in which facilities over which a call is to
be transmitted are already in use.
BUSY HOUR
The time of day when phone lines are most in demand.
BUSY TONE
A single tone that is interrupted at 60 ipm (impulses per
minute) to indicate that the terminal point of a call is
already in use.
BYPASS
The direct connection to customer-premises equipment by an
IC. This occurs when an IC connects its own facilities
(or facilities leased from a non-BOC entity) directly to
an end user's premises, circumventing the use of the BOC
network..
CARRIER
A long distance company which uses primarily its own
transmission facilities, as opposed to resellers which
lease or buy most or all transmission facilities from
carriers. Many people refer to any type of long distance
company, whether it has its own network or not, as a
carrier, so the term is not as restrictive as it used to
be.
CARRIER ACCESS CODE (CAC)
The sequence an end user dials to obtain access to the
switched services of a carrier. Carrier Access Codes for
Feature Group D are composed of five digits, in the form
10XXX, where XXX is the Carrier Identification Code.
CARRIER COMMON LINE CHARGE (CCLC)
A per minute charge paid by long distance companies to
local phone companies for the use of local public switched
networks at either or both ends of a long distance call.
This charge goes to pay part of the cost of telephone
poles, wires, etc.
CARRIER IDENTIFICATION CODE (CIC)
The three-digit number that uniquely identifies a carrier.
The Carrier Identification Code is indicated by XXX in the
Carrier Access Code. The same code applies to an
individual carrier throughout the area served by the North
American Numbering Plan.
CARRIER SYSTEM
A system for providing several communications channels
over a single path.
CELLULAR MOBILE RADIO
A high capacity land mobile radio system in which an
assigned frequency spectrum is divided into discrete
channels that are assigned to a cellular geographic
serving area.
CENTRAL OFFICE (CO)
With local telephone companies, the nearby building
containing the local telco switch which provides local
telephone service. Also the physical point where calls
enter the long distance network. Sometimes referred to as
Class 5 office, end office, or Local Dial Office.
CENTREX, CO
PBX Service provided by a switch located at the telephone
company central office.
CENTREX, CU
A variation on Centrex CO provided by a telephone company
maintained "Central Office" type switch located at the
customer's premises.
CHANNEL
A communications path via a carrier or microwave radio.
CIRCUIT
A path for the transmission of electromagnetic signals to
include all conditioning and signaling equipment.
Synonym: Facility.
CIRCUIT SWITCHING
A switching system that completes a dedicated transmission
path from sender to receiver at the time of transmission.
CISSD
An elite group of hackers and phreakers with the skills to
bring the h/p scene into the 21st century. Unlike other
more conventional groups, CiSSD holds revolutionary and
new ideas that bing a fresh new perspective the the h/p
community.
Synonym: HeLL Inc.
CLASS OF SERVICE/CLASS MARK (COS)
A subgrouping of telephone customers or users for the sake
of rate distinction or limitation of service.
COAXIAL CABLE
A cable with a solid outer shield, a space and then a
solid inner conductor. The electromagnetic wave travels
between the outer shield and the conductor. It can carry a
much higher band width than a wire pair.
CODEC
Coder-Decoder. Used to convert analog signals to digital
form for transmission over a digital median and back again
to the original analog form.
COMMON CARRIER
A government regulated private company that provides the
general public with telecommunications services and
facilities.
COMMON CHANNEL INTEROFFICE SIGNALING (CCIS)
A digital technology used by AT&T to enhance their
Integrated Services Digital Network. It uses a separate
data line to route interoffice signals to provide faster
call set-up and more efficient use of trunks.
COMMON CONTROL SWITCHING ARRANGEMENT (CCSA)
The use of carrier switches under a carrier's control as
part of a customer's private network. The carrier's
software controls and switches the customer's calls over
private lines the customer has rented. Control of the
switch and switching functions is done in common for all
users using the software and switching system.
CONDITIONING EQUIPMENT
Equipment modifications or adjustments necessary to match
transmission levels and impedances and which equalize
transmission and delay to bring circuit losses, levels,
and distortion within established standards.
CONFIGURATION
The combination of long-distance services and/or equipment
that make up a communications system.
CONTROL UNIT (CU)
The central processor of a telephone switching device.
COST COMPONENT
The price of each type of long distance service and/or
equipment that constitutes a configuration.
CROSS CONNECTION
The wire connections running between terminals on the two
sides of a distribution frame, or between binding posts in
a terminal.
CROSS TALK
The unwanted energy (speech or tone) transferred from one
circuit to another circuit.
CUSTOMER ACCESS LINE CHARGE (CALC)
The FCC-imposed monthly surcharge added to all local lines
to recover a portion of the cost of telephone poles,
wires, etc., from end users. Before deregulation, a large
part of these costs were financed by long distance users
in the form of higher charges.
CUSTOMER OWNED AND MAINTAINED (COAM)
Customer provided communications apparatus and associated
wiring.
CUSTOMER PREMISE EQUIPMENT (CPE)
Telephone equipment, usually including wiring located
within the customer's part of a building.
CUT
To transfer a service from one facility to another.
CUT THROUGH
The establishment of a complete path for signaling and/or
audio communications.
DATA SET
A device which converts data into signals suitable for
transmission over communications lines.
DATA TERMINAL
A station in a system capable of sending and/or receiving
data signals.
DECIBEL (dB)
A unit measurement represented as a ratio of two voltages,
currents or powers and is used to measure transmission
loss or gain.
DEDICATED ACCESS LINE (DAL)
An analog special access line going from a caller's own
equipment directly to a long distance company's switch or
POP. Usually provided by a local telephone company. The
line may go through the local telco Central Office, but
the local telco does not switch calls on this line.
DELAY DIAL
A dialing configuration whereby local dial equipment will
wait until it receives the entire telephone number before
seizing a circuit to transmit the call.
DELTA MODULATION (DM)
A variant of pulse code modulation whereby a code
representing the difference between the amplitude of a
sample and the amplitude of the previous one is sent.
Operates well in the presence of noise, but requires a
wide frequency band.
DEMODULATION
The process of retrieving data from a modulated signal.
DIAL LEVEL
The
selection of stations or services associated with a
PBX using a one to four digit code (e.g., dialing 9 for
access to outside dial tone).
DIAL PULSING
The transmitting of telephone address signals by
momentarily opening a DC circuit a number of times
corresponding to the decimal digit which is dialed.
DIAL REPEATING TIE LINE/DIAL REPEATING TIE TRUNK
A tie line arrangement which permits direct trunk to trunk
connections without use of the attendant.
DIAL SELECTIVE SIGNALING
A multipoint network in which the called party is selected
by a prearranged dialing code.
DIAL TONE
A tone indicating that automatic switching equipment is
ready to receive dial signals.
DIALING PLAN
A description of the dialing arrangements for customer use
on a network.
DIRECT DISTANCE DIALING (DDD)
A basic toll service that permits customers to dial their
own long distance call without the aid of an operator.
DIRECT INWARD DIALING (DID)
A PBX or CENTREX feature that allows a customer outside
the system to directly dial a station within the system.
DIRECT OUTWARD DIALING
A PBX or CENTREX feature that allows a station user to
gain direct access to an exchange network.
DROP
The portion of outside telephone plant which extends from
the telephone distribution cable to the subscriber's
premises.
DRY CIRCUIT
A circuit which transmits voice signals and carries no
direct current.
DUAL TONE MULTI-FREQUENCY (DTMF)
Also known as Touch-Tone. A type of signaling which emits
two distinct frequencies for each indicated digit.
DUPLEX
Simultaneous two-way independent transmission.
DUPLEX SIGNALING
A long-range bidirectional signaling method using paths
derived from transmission cable pairs. It is based on a
balanced and symmetrical circuit that is identical at both
ends. This circuit presents an E&M lead interface to
connecting circuits.
ECHO
A signal that has been reflected or otherwise returned
with sufficient magnitude and delay to be perceived by the
speaker.
ECHO RETURN LOSS (ERL)
The loss which must be in the echo path to reduce echo to
a tolerable amount.
ECHO SUPPRESSOR
A device which detects speech signals transmitted in
either direction on a four-wire circuit, and introduces
loss in the direction of transmission.
EITHER END HOP OFF (EEHO)
In private networks, a switch program that allows a call
destined for an off-net location to be placed into the
public network at either the closest switch to the
origination or to the destination. The choice is usually
by time of day. Uses either Head End Hop Off or Tail End
Hop Off.
ELECTRONIC KEY TELEPHONE SETS (EKTS)
A generic term indicating key telephones with built-in
microprocessors which allow access to PBX-like features as
well as access to multiple CO lines, using 2 to 4 pair
wiring.
ELECTRONIC SWITCH
Modern programmable switch (often denoted ESS, for
Electronic Switching System) used in most BOC telephone
companies, many independent telephone companies, and by
virtually all new long distance companies. Completely
solid state electronics, as opposed to older
electro-mechanical switches.
ELECTRONIC SWITCHING SYSTEM (ESS)
Used as a station instrument on a PBX. Also a Bell System
term for electronic exchange switching equipment.
ELECTRONIC TANDEM NETWORK (ETN)
(1) A private network automatically and electronically
connecting the calling office to the called office through
Tandem-Tie Trunks. The network switches also function as
PBXs. (2) An AT&T product name. (3) Used as a generic term
for a PBX base network.
ENHANCED PRIVATE SWITCHED COMMUNICATIONS SERVICE (EPSCS)
A private network utilizing Bell provided equipment
located in the central office and dedicated to a specific
customer.
E&M LEADS
A pair of leads which carry signals between trunk
equipment and separate signaling equipment unit. The M
lead transmits battery or ground signals to the signaling
equipment, and the E lead receives open or ground signals
from the signaling equipment.
E&M SIGNALING
An arrangement whereby signaling between a trunk circuit
and an associated signaling unit is effected over two
leads providing full-time, 2-way, 2-level supervision.
ENTERPRISE NUMBER
A unique telephone exchange number that permits the called
party to be automatically billed for incoming calls.
EQUAL ACCESS
Reprogramming of Local Exchange Company (LEC) switches to
allow other long distance companies besides AT&T to be the
"1+" primary long distance company for users of long
distance (by creating a new type of Feature Group access
circuit, FGD). Also provides "10-XXX" dialing for
secondary and casual calling, generates true hardware
Answer Supervision when calls are terminated over FGD
circuits, and provides ANI (Automatic Number
Identification) on originating calls.
EQUALIZATION
The procedure of compensating for fluctuation in circuit
amplitude, delay, or distortion.
ERLANG
A unit of traffic intensity. One Erlang is the intensity
at which one traffic path would be continuously occupied,
e.g. one call per hour.
ERLANG B TABLE
A widely used table derived from a mathematical formula
which allows the determination of the traffic capacity of
a given group of circuits.
EXCHANGE
A telephone switching center.
EXCHANGE NETWORK FACILITIES FOR INTERSTATE ACCESS (ENFIA)
AT&T's pricing arrangement for local loops offered to OCCs
for connecting the OCC's network to the local telephone
company's central office.
EXTENDED AREA SERVICE (EAS)
Adding expanded local calling areas to a caller's basic
local calling area for a (generally) small additional
monthly fee. The EAS local calls can be either free
(after a small additional monthly fee is paid) or at a
cost of reduced per call charges.
FACILITIES
Typically refers to transmission lines or circuits, or
long distance services. A caller's facilities are the
circuits available to make calls.
FACSIMILE
The transmission of pictures, maps or other documents via
communications circuits using a device which scans the
original document, transforms the image into coded signals
and reproduces the original document at a distant point.
FEATURE GROUP A
Line-side originating and terminating LATA access for
which an originating subscriber dials an assigned
telephone number that connects to a specific IC. The IC
returns a tone to signal the caller to input additional
tone-generated digits of the called number.
FEATURE GROUP B
Trunk-side originating and terminating LATA access for
which an originating subscriber dials a 950-WXXX number
(where W=0,1 and XXX is the Carrier Access Code), which is
translated to a specified XXX carrier trunk group.
Optional rotary dial service and ANI may be available.
FEATURE GROUP C
Trunk-side LATA access for AT&T, generally, on a direct
basis between each EO and an AT&T switching system.
FEATURE GROUP D
Also referred to as "Equal Access," Feature Group D is
trunk-side LATA access affording call supervision to an
IC, a uniform access code (10XXX), optional calling-party
identification, recording of access-charge billing
details, and presubscription to a customer-specified IC.
FEDERAL COMMUNICATIONS COMMISSION (FCC)
The government agency established by the Communications
Act of 1934 which regulates the interstate communications
industry.
FIBER OPTICS
High speed transmission using light to send images (in
telecommunications: voice or data) through a flexible
bundle of glass fibers.
FOUR WIRE CIRCUITS
Circuits which use two separate one-way transmission paths
of two wires each, as opposed to regular local lines which
usually only have two wires to carry conversations in both
directions. One set of wires carries conversation in one
direction, the other in the opposite direction.
FREQUENCY
The number of complete cycles per unit of time.
FREQUENCY DIVISION MULTIPLEXING (FDM)
The division of an available frequency range (bandwidth)
into various subdivisions, each having enough bandwidth to
carry one voice or data channel.
FREQUENCY RESPONSE
The reaction of frequencies to the circuit components.
FULL DUPLEX
A circuit which allows transmission of a message in both
directions at the same time.
Synonym: 4-wire.
FULL PERIOD
Relates to private line service, which is rented for the
exclusive use of a single customer for an entire month.
FX (FOREIGN EXCHANGE) SERVICE
A service which allows a customer to appear to have a
local presence in a distant part of town or, a different
town altogether, by connecting his/her phone directly to a
local business line in a part of town with a different
exchange than his/her local calling area over a leased
private line, or to a local telco in a distant town
through long haul private lines purchased from a long
distance carrier.
GRADE OF SERVICE
The probability of a call being blocked by busy trunks,
expressed as a decimal fraction, and usually meaning the
busy-hour probability.
GROUP
12 circuits processed as a unit in a carrier system.
HALF DUPLEX
A circuit for transmitting or receiving signals in one
direction at a time.
HARDWIRE
To wire or cable directly between units of equipment.
HARMONIC
The full multiple of a base frequency.
HARMONIC DISTORTION
The ratio, expressed in decibels, of the power at the
fundamental frequency, to the power of a harmonic of that
fundamental.
HEAD END HOP OFF (HEHO)
A method of traffic engineering whereby calls are
completed by using long distance facilities directly off
the switch that serves that location.
HERTZ (Hz)
International standard unit of frequency. Replaces, and is
identical to, the order unit "Cycles-per-second."
HOMING
Returning to the starting position, as in a rotary
stepping switch.
HOOKSWITCH
The device on which the telephone receiver hangs or on
which a telephone handset hangs or rests when not in use.
The weight of the receiver or handset operates a switch
which opens the telephone circuit, leaving only the bell
connected to the line.
HOT-CUT
Virtually instantaneous replacement of one line with
another.
HYBRID
An electronic circuit which performs the wire conversions
necessary for the connection of a local loop with a long-
haul facility.
INTERCEPT
To stop a telephone call directed to an improper telephone
number, and redirect that call to an operator or a
recording.
INTERCONNECT
(1) The arrangement that permits the connection of
customer's telecommunications equipment to a
communications common carrier network. (2) The industry
name for manufacturers, excluding the Bell system, which
provide telephone equipment for the customer premises.
INTER-EXCHANGE MILEAGE (IXC)
The airline mileage between two cities.
Synonym: Long Haul Mileage.
INTEREXCHANGE PLANT
The facilities between the subscriber switching center and
another switching center.
INTERFACE
The junction or point of interconnection between two
systems or equipment having different characteristics.
INTERFERENCE
Any unwanted noise or crosstalk on a communications
circuit which acts to reduce the intelligibility of the
desired signal or speech.
INTER-MACHINE TRUNK (IMT)
A circuit which connects two automatic switching centers.
INTER-OFFICE TRUNK (IOT)
A direct trunk between local exchange offices.
INTERNATIONAL RECORD CARRIER (IRC)
Carriers providing international telecommunications
services, including voice, telex, and data communications.
INTERSTATE
Any connection made between two states.
INTRASTATE
Any connection made that remains within the boundaries of
a single state.
JITTER
Short term instability of the amplitude and/or phase of a
signal. Commonly called PHASE JITTER.
KEYSET
A telephone instrument having an appearance of two or more
telephone lines which can be accessed by depressing a
button (key) on the face of the set.
KEY SYSTEM
The equipment utilized to provide the features associated
with key sets, including keysets, multipair cable, key
service unit, distribution frames.
LEASED LINES
Any circuit or combination of circuits designated to be at
the exclusive disposal of a given subscriber.
Synonym: Private line; Full Period Line.
LEAST COST ROUTING (LCR)
A method of automatically selecting the least costly
facility for transmission of a call.
Synonym: Most Economical Route Selection (MERS);
Automatic Route Selection; Flexible Route Selection.
LEVEL
An expression of the relative signal strength at a point
in a communications circuit compared to a standard.
LOADING
A system for adding regularly spaced inductance units to a
circuit to improve its transmission characteristics.
LOCAL ACCESS AND TRANSPORT AREA (LATA)
A geographic area (called "exchange" or "exchange area" in
the MFJ) within each BOC's franchised area that has been
established by a BOC in accordance with the provisions of
the MFJ for the purpose of defining the territory within
which a BOC may offer its telecommunications services.
LOCAL AREA NETWORK (LAN)
Intraoffice communication system usually used to provide
data transmission in addition to voice transmission.
LOCAL EXCHANGE CARRIER (LEC)
A local telephone company, either one of the Bell
Operating Companies or one of the 1400+ independent local
telephone companies.
LOCAL LOOP
The local connection between the end user and the Class 5
central office.
LONG HAUL
Circuits spanning considerable distances.
LOOP BACK
A method of performing transmission tests on a circuit not
requiring the assistance of personnel at the distant end.
LOOP SIGNALING
Any of the three signaling methods which use the metallic
loop formed by the trunk conductors and the terminating
equipment bridges.
MAIN DISTRIBUTION FRAME (MDF)
The point where outside plant cables terminate and from
which they cross connect to terminal or central office
line equipment.
MAIN PBX
A PBX directly connected to a tandem switch via an access
trunk group.
MANUAL TIE LINE
A tie line which requires the assistance of an attendant
at both ends of the circuit in order to complete a call.
MASTER GROUP (MG)
240 circuits processed as a unit in a carrier system.
MESSAGE TELEPHONE SERVICE (MTS)
AT&T's tariffed pricing name for long distance telephone
calls.
MESSAGE UNIT (MU)
A local toll rate calling plan which is time and distance
sensitive.
MICROWAVE (M/W)
Radio transmission using very short lengths, corresponding
to a frequency of 1,000 megahertz or greater.
Synonym: Microwave Radio.
MICROWAVE RADIO
Synonym: Microwave.
MODEM
A device which modulates and demodulates signals on a
carrier frequency and allows the interface of digital
terminals with analog carrier systems.
MODIFIED FINAL JUDGEMENT (MFJ)
The agreement between the U.S. Department of Justice and
AT&T governing the breakup of the pre-Divestiture Bell
System into AT&T and 22 Bell Operating Companies and other
entities. On August 26, 1982, U.S. District Court Judge
Harold Greene accepted, with modifications, an
AT&T/Justice Department settlement terminating the
government's 1974 antitrust suit against AT&T. Judge
Greene's decree did away with the provisions of the 1956
consent decree that had kept AT&T out of competitive,
unregulated ventures.
MODULATION
Alterations in the characteristics of carrier waves.
Usually impressed on the amplitude and/or the frequency.
MONITORING DEVICE
Records data on calls placed through a company's telephone
system: number called, length of calls, calling location.
MOST ECONOMICAL ROUTE SELECTION (MERS)
Synonym: Least Cost Routing.
MULTIPLEXING
The act of combining a number of individual message
circuits for transmission over a common path. Two methods
are used: (1) frequency division, and (2) time division.
NETWORK
A collection of switches connected to one another by
transmission facilities.
NETWORK NUMBERING EXCHANGE (NXX)
The three digit location code representing the central
office. "N" may be any number between "2" and "9" and "X"
may be any number.
NETWORK TRUNKS
Circuits connecting switching centers.
NNX CODES
The 3-digit code used historically for local Exchange
Codes. "N" can be any number from 0 to 2, "X" can be any
digit. The current numbering plan allows for more
variation in assigning Exchange Codes, and under it
Exchange Codes are commonly referred to as "NXXs."
NODE
A major switching center of a network.
NON-BLOCKING
A switching network having a sufficient number of paths
such that a subscriber originating a call can always reach
any other idle subscriber without encountering a busy.
NUMBERING PLAN AREA (NPA)
A geographical division within which no two telephones
will have the same 7 digit number. "N" is any number
between "2" and "9"; "P" is always "1" or "0"; and "A" is
any number excluding "0". Commonly referred to as "area
code."
NXX CODES
The current general configuration for Exchange Codes
within each Area Code. See also: "NNX Codes"
OFFERED TRAFFIC
The number of call attempts in any specified period of
time.
OFF HOOK
The condition which results when a telephone is lifted
from its mounting, allowing the hookswitch to operate.
OFF-NETWORK ACCESS LINE (ONAL)
A local exchange (Feature Group access), Foreign Exchange,
or WATS line connecting both incoming and outgoing traffic
from a long distance company's network to the public
switched network. Generally a circuit leased by a long
distance carrier to be used by many customers not hooked
directly into the long distance carrier's network.
OFF NETWORK CALLING
Telephone calls through a private switching system and
transmission network which extend to the public telephone
system.
OFF PREMISES EXTENSION (OPX)
An extension telephone or keyset that is geographically
separated from its associated PBX.
ON HOOK
The condition which results when a telephone handset is
placed on its mounting, which causes the hook-switch to
open its contacts.
ON NETWORK CALLING
A term used to describe a call that originates and
terminates on a private network.
OPERATOR ASSISTED CALLS
Non-DDD calls requiring manual intervention.
ORIGINATING OFFICE
The central office that serves the calling party.
OTHER COMMON CARRIER (OCC)
A long distance company other than AT&T having many of its
own long distance circuits, either owned or leased. Some
people use OCC to refer to all AT&T long distance
competitors, including resellers, but this is not
technically correct.
OUT-OF-BAND
Any frequency outside the band used for voice frequencies.
OUT-OF-BAND SIGNALING
Use of narrow band filters to place the voice signal on a
carrier channel below 3,400 CPS, reserving the 3,400 -
3,700 CPS band for supervisory signals.
OVERBUILD
Adding radio capacity to a telecommunications network.
OVERFLOW
Switching equipment which operates when the traffic load
exceeds the capacity of the regular equipment.
PAD
A non-adjustable resistance network used to insert
transmission loss into a circuit.
PHASE JITTER
SEE Jitter
POINT OF PRESENCE (POP)
A physical location within a LATA at which an IC
establishes itself for the purpose of obtaining LATA
access and to which the BOC provides access services.
POINT-TO-POINT
A communications circuit between two terminations which
does not connect with a public telephone system.
PORT
Entrance or access point to a computer, multiplexor device
or network where signals may be supplied, extracted or
observed.
POSTAL TELEPHONE AND TELEPGRAPH (PTT)
Foreign government agencies responsible for regulating
communications.
PRIMARY AREA
A customer's local telphone calling area.
PRIMARY INTEREXCHANGE CARRIER (PIC)
The IC designated by a customer to provide inter-LATA
service automatically without requiring the customer to
dial an access code for that carrier.
PRIMARY ROUTING POINT
The switch designated as the control point for a longhaul
telephone call.
PRIVATE BRANCH EXCHANGE (PBX)
A private phone system (switch) used by medium and large
companies which is connected to the public telephone
network (local telco) and performs a variety of in-house
routing and switching. User usually dial "9" to get
outside system to the local lines.
PRIVATE LINE (PL)
A full-time leased line directly connecting two points,
used soley by purchaser. The most common form is a tie
line connecting two pieces of a user's own phone equipment
- flat rate billing, not usage sensitive.
PRIVATE USE NETWORK
Two or more private line channels contracted for by a
customer and restricted for use by that customer only.
PUBLIC SWITCHED NETWORK (PSN)
The pre-Divestiture nationwide network maintained by AT&T
and the independent telephone companies which provides
nationwide, unrestricted telephone service.
PUBLIC UTILITY COMMISION (PUC)/PUBLIC SERVICE COMMISSION (PSC)
The state commissions regulating intrastate
communications.
PULSE CODE MODULATION (PCM)
The form of modulation in which the information signals
are sampled at regular intervals and a series of pulses in
coded form are transmitted representing the amplitude of
the information signal at that time.
PULSE-LINK REPEATER
Connects one E&M signaling circuit directly to another.
PULSE MODULATION
The modulation of a series of pulses which represents
information - bearing signals. Typical methods involve
modifying the amplitude (PAM), width or duration (PWM) or
position (PPM). Pulse Code Modulation (PCM) is the most
common modulation technique involved in telephone work.
PUSH BUTTON DIALING
Synonym: Dual Tone Multi-Frequency.
QUEUE
A temporary delay in providing service caused by the
inability of the system provided to handle the number of
messages or calls attempted.
RADIO COMMON CARRIER (RCC)
A communications common carrier that provides radio paging
and mobile telephone services to the public.
RATE CENTER
A specified geographic location used by the telephone
company to determine interchange mileage for rate
determination purposes.
REDUNDANCY
Duplicate equipment that is provided to minimize the
effect of failures or equipment breakdowns.
REGENERATION
The process of receiving distorted signal pulses and from
them recreating new pulses at the correct repetition rate,
pulse amplitude, and pulse width.
RE-HOMING
A major network change which involves moving customer
services from one switching center to another and
establishing the necessary trunking facilities to do so.
REMOTE ACCESS
The ability of transmission points to gain access to a
computer which is at a different location.
REPEATER
An electronic device used to amplify signals which have
become too weak.
REPEATING COIL
The telephone industry's term for a voice-frequency
transformer.
RESELLER
A long distance company that purchases large amounts of
transmission capacity or calls from other carriers and
resells it to smaller users.
RESTORATION
The re-establishment of service by rerouting, substitution
of component parts, or as otherwise determined.
RETARD COIL
A coil having a large inductance which retards sudden
changes of the current flowing through its winding.
RINGBACK TONE
Synonym: Audible Ringing Tone.
RINGDOWN
A circuit or method of signaling where the incoming signal
is actuated by alternating current over the circuit.
ROUTE DIVERSITY
Two (or more) private line channels (circuits) furnished
partially or entirely over two physically separate routes.
Serves to prevent total loss of service if one cable gets
cut or goes out.
ROUTE OPTIMIZATION
Synonym: Least Cost Routing.
ROTARY HUNT
An arrangement which allows calls placed to seek out an
idle circuit in a prearranged multi-circuit group and find
the next open line to establish a through circuit.
SATELLITE RELAY
An active or passive repeater in geosynchronous orbit
around the Earth which amplifies the signal it receives
before transmitting it back to earth.
SELECTIVE CALLING
The ability of a transmitting station to specify by the
use of assigned codes which of several stations is to
receive a message.
SERVICE AND EQUIPMENT RECORD
A list of equipment billed to customer by type, quantity,
monthly charge, location and billing dates.
SF SIGNALING (SINGLE-FREQUENCY)
A signaling system which uses a 2,600 Hz in-band signal on
the voice path. The tone is on in the idle condition,
pulsed for dialing, and off when the circuit is in use.
SHORT HAUL
Circuits designed for use over distances of 10-200 miles.
SIGNALING
The process of transferring information between two parts
of a telephone network to control the establishment of
communications between long distance carrier terminal
points, and customer equipment required for voice grade
dedicated circuits.
SIGNALING CONVERTER
A device with input and output signals that contain the
same information but employ different electrical systems
for transmitting that information. Used at the terminal
of a trunk to convert the equipment signals to the system
used on the trunk. Examples are: (1) ring down to SF,
(2) E&M to SF.
SIGNALING, IN-BAND
A type of signaling using an AC signal (usually 2,600 Hz)
within the normal voice band. This signal can be
transmitted from end to end of a long voice circuit
without an intermediate signaling equipment. Since the
signaling is audible, the signaling equipment must be
arranged for "tone on when idle" operation.
SIGNAL TO NOISE RATIO
Ratio of the signal power to the noise power in a
specified bandwidth, usually expressed in db.
SIMPLEX (SX) SIGNALING
A signaling path over a dry talking circuit which uses the
two sides of the circuit in parallel, derived by
connecting the midpoints of repeating coils or retardation
coils which are across the circuit.
SINGLE SIDEBAND RADIO (SSB)
A form of amplitude modulation of a radio signal in which
only one of the two sidebands is transmitted. Either of
the two sidebands may be transmitted, and the carrier may
be transmitted, reduced or suppressed.
SINGING
A continued whistle or howl in an amplified telephone
circuit. It occurs when the sum of the repeater gains
exceeds the sum of the circuit losses.
SOFTWARE DEFINED NETWORK (SDN)
A switched long distance service for very large users with
multiple locations. Instead of putting together their own
network, large users can get special usage rates for calls
made on regular long distance company switched long
distance services.
Synonym: Virtual Private Network.
SPECIAL GRADE NETWORK TRUNK
A trunk specially conditioned by providing amplitude and
delay equilization for the purpose of handling special
services such as medium-speed data (600 to 2400 BPS).
SPECIALIZED COMMON CARRIER (SCC)
Synonym: Other Common Carrier.
SPEED NUMBER
A one, three, or four digit number that replaces a seven
or ten digit telephone number. These numbers are
programmed into the switch in the carrier's office or in a
PBX.
STATION
Any customer location on a network capable of sending or
receiving messages or calls.
STATION MESSAGE DETAIL RECORDING (SMDR)
A computer generated report showing internal usage on a
telephone system. Usually including extension number,
trunk number used, phone number dialed, time of call,
duration and operator involvement.
STORE-AND-FORWARD
A technique in which a message is received from the
originator and held in storage until a circuit to the
addressee becomes available.
STORED PROGRAM CONTROL (SPC)
A system whereby the instructions are placed in the memory
of a commoncontrolled switching unit and to which it
refers while processing a call for instructions regarding
class marks, code conversions, routing, as well as for
trouble analysis.
SUPERGROUP (SG)
60 circuits processed as a unit in a carrier system.
SUPERMASTERGROUP (SMG)
600 circuits processed as a unit in a carrier system.
SUPERVISION
Synonym: Answer Supervision.
SUPERVISORY SIGNALS
A signal, such as "on-hook" or "off-hook," which indicates
whether a circuit or line is in use.
SWITCH
Equipment used to interconnect lines and trunks.
SWITCHED ACCESS
Connection between caller's phone system and switch of
chosen long distance carrier when a regular long distance
call using regular local lines is made. Also the
connection between the switch of caller's long distance
carrier in the distant city and the phone being called.
SWITCH HOOK
Synonym: Hookswitch.
SWITCHING
The operations involved in interconnecting circuits in
order to establish communications.
SWITCHING CENTER
A location at which telephone traffic, either local or
toll, is switched or connected from one circuit or line to
another.
SWITCHING OFFICE
A telephone company office which contains a switch.
T-1
24 voice channels digitized at 64,000 bps, combined into a
single 1.544 Mbps digital stream (8,000 bps signaling),
and carried over two pairs of regular copper telephone
wires. Used primarily by telephone companies until 1983.
Now used for dedicated local access to long distance
facilities, long-haul private lines, and for regular local
service. Today, most any 1.544 Mbps digital stream is
called T-1, regardless of its makeup or what the
transmission medium is.
T-CARRIER
A time-division, pulse-code modulation, voice carrier used
on exchange cable to provide short-haul trunks.
TAIL END HOP OFF (TEHO)
In a private network, a call which is carried over flat
rate facilities (Intermachine Trunks or IMT) to the
closest switch node to the destination of the call, and
then connected into the public network as a local call.
TANDEM
A switching arrangement in which the trunk from the
calling office is connected to a trunk to the called
office through an intermediate point.
TANDEM SWITCHING SYSTEM
Synonym: Tandem Tie Trunk Network.
TANDEM TIE TRUNK NETWORK (TTTN)
A serving arrangement which permits sequential connection
of tie trunks between PBX/CENTREX locations by utilizing
tandem operation.
TANDEM TRUNKING
Trunks which connect two or more switches together.
TARIFF
The published rates, regulations, and descriptions
governing the provisions of communications service.
TELCO
Local telephone company.
TELECOMMUNICATIONS
The transmission of voice and/or data through a medium by
means of electrical impulses and includes all aspects of
transmitting information.
TELEGRAPH
A system employing the interruption of, or change in, the
polarity of DC current signaling to convey coded
information.
TELEPHONE
A device which converts acoustical (sound) energy into
electrical energy for transmission to a distant point.
TELETYPEWRITER
A machine used to transmit and/or receive communications
on printed page and/or tape.
TERMINAL
A point at which information can enter or leave a
communications network.
TERMINAL EQUIPMENT
Devices, apparatus and their associated interfaces used to
forward information to a local customer or distant
terminal.
TERMINATION
(1) An item that is connected to the terminal of a circuit
or equipment. (2) An impedance connected to the end of a
circuit being tested. (3)The points on a switching network
to which a trunk or line may be attached.
TIE-LINE
A private leased line linking two phones or phone systems
directly. Can ring distant phone automatically when
telephone is lifted from its mounting, or when a short
code is dialed.
TIME DIVISION MULTIPLEXING (TDM)
Equipment which enables the transmitting of a number of
signals over a single common path by transmitting them
sequentially at different instants of time.
TOLL CALL
Any call to a point outside the local service area.
TOLL CENTER
A central office where operators (human or mechanical) are
present to assist in completing incoming toll calls.
TOLL OFFICE
A center for the switching of toll calls.
TOLL PLANT
The facilities that connect toll offices throughout the
country.
TOLL RESTRICTION
A restriction in outgoing trunks which counts the first
three digits dialed and diverts calls to forbidden codes
either to a busy tone, to the operator, or to a recorded
announcement.
TOUCH-TONE ADAPTOR
A device that can be connected to a rotary dial telephone
to allow for DTMF signaling.
TRAFFIC
Calls being sent and received over a communications
network.
TRAFFIC MEASUREMENT AND RECORDING SYSTEMS (TMRS)
A computer generated report showing usage information of
telephone systems. Usually this includes trunk
utilization, outages, queueing time, and the need for
additional common equipment.
TRAFFIC SERVICE POSITION SYSTEM (TSPS)
A toll switchboard position configured as a push button
console.
TRANSMISSION
The electrical transfer of a signal, message or other form
of data from one location to another without unacceptable
loss of information content due to attenuation,
distortion, or noise.
TRANSMISSION LEVEL
The level of power of a signal, normally 1,000 Hz, which
should be measured at a particular reference point.
TRANSMISSION SPEED
Number of pulses or bits transmitted in a given period of
time, usually expressed as Bits Per Second (BPS) or Words
Per Minute (WPM).
TRUNK
A telephone circuit or path between two switches, at least
one of which is usually a telephone company Central Office
or switching center. Regular local CO circuits are called
PBX trunks, because there is a switch at both ends of the
circuit.
TRUNK GROUP
An arrangement of communications channels into an
identical group.
TRUNK TYPE (TT)
Trunks that use the same type of equipment going to the
same terminating location.
TRUNK UTILIZATION REPORT (TUR)
A computer printout detailing the traffic use of a trunk.
TWO-WIRE CIRCUIT
(1) A channel for transmitting data in one direction at a
time. (2) A short distance channel using a single
send/receive pathway, usually 2 copper wires, connecting a
telephone to a switch.
TELETYPEWRITER EXCHANGE SERVICE (TWX)
A service whereby a customer's leased teletypewriter is
connected to a "TWX" switchboard and from there connected
over regular toll circuits to a teletypewriter of any U.S.
customer who subscribes to a similar service.
UNIFORM CALL DISTRIBUTOR (UCD)
A device located at the telephone office or in a PABX
which distributes incoming calls evenly among individuals.
UNIFORM SERVICE ORDER CODE (USOC)
The information in coded form for billing purposes by the
local telephone company pertaining to information on
service orders and service equipment records.
VALUE-ADDED NETWORK SERVICE (VANS)
A data transmission network which routes messages
according to available paths, assures that the message
will be received as it was sent, provides for user
security, high speed transmission and conferencing among
terminals.
VIA NET LOSS (VNL)
The lowest loss in dB at which a trunk facility can be
operated considering limitations of echo, crosstalk, noise
and singing.
VOICE CONNECTING ARRANGEMENT
An interface arrangement provided by the telephone company
to accomodate the connections of non-carrier provided
voice terminal equipment to the public switched telephone
network.
VOICE FREQUENCY (VF)
Any of the frequencies in the band 300-3,400 Hz which must
be transmitted to reproduce the voice with reasonable
fidelity.
VOICE GRADE
An access line suitable for voice, low-speed data,
facsimile, or telegraph service. Generally, it has a
frequency range of about 300-3000 Hz.
VOICE GRADE FACILITY (VGF)
A circuit designed to DDD network standards which is
suitable for voice, low-speed data, facsimile, or
telegraph service.
WIDE AREA TELECOMMUNICATIONS SERVICE (WATS)
WATS permits customers to make (OUTWATS) or receive
(INWATS) long-distance calls and to have them billed on a
bulk rather than individual call basis. The service is
provided within selected service areas, or bands, by means
of special private access lines connected to the pubic
telephone network via WATS-equipped central offices. A
single access line permits inward or outward service, but
not both.
WIDEBAND
A term applied to facilities or circuits where bandwidths
are greater than that required for one voice channel.
WIRE CENTER
The physical structure that houses one or more central
office switching systems.
"0" or "0-"
Zero minus dialing. Allows a caller to dial zero and
nothing else to get the Operator.
"0+"
Zero plus dialing. An operator assisted long distance call
which is charged to the calling party.
"00+" or "00-"
Double zero dialing. Allows a caller to get an AT&T
Operator in areas in which dialing only one zero would
connect the caller with the local Operator because AT&T
has given Operators back to the local telephone company.
"1+" DIALING
The capability to dial "1" plus the long distance number
for calls withing the North American Numbering Plan area.
Intra-LATA calls are carried by the local telephone
company. Inter-LATA calls are carried by the caller's
primary carrier, or by AT&T if equal access has not come
to the caller's area yet.
"10-XXX" DIALING
The ability to send calls over a carrier other than a
caller's primary carrier by dialing "10-XXX" then "1+" the
long distance number, where "XXX" is the 3-digit Carrier
Code of the alternative long distance company (also called
a secondary carrier). Available only to Equal Access
customers.
800 SERVICE
The ability of a caller to dial a long distance telephone
number without incurring a charge for the call, which is
paid for by the party offering the 800 number.
Synonym: Inward WATS service.
900 SERVICE
Allows callers to receive information from the service
provider via a recorded audio message, which can range
from 60 seconds to a continuous live hookup, by calling a
900 number. This service can also be used to enable
callers to vote or "make a choice" by dialing one of two
900 numbers. 900 calls are typically billed to the caller
at $.50 for the first minute of any call and $.35 for each
additional minute.
976 NUMBERS
Service which allows callers to listen to recorded
messages such as horoscopes, 'adult' dialogue, stock
market or sports reports by calling 976-xxxx. The local
telephone company charges callers a fee which is split
between the local telephone company and the service
provider.
---
ERRATUM - CORRECTIONS FROM LAST ISSUE
Essence
Last issue got through the mill pretty well.. the errors were small
and misplaced, but a few notable errors should be taken into
consideration.
i. You Didn't Get Duped
You weren't actually given an imitation file if your filesize was
wrong.. the official distribution copies were screwed around in the
quality control phase, and there was a discrepancy in the official
distribution. Here are the reported, and actual file sizes in the
distribution copies.
REPORTED SIZE IN BYTES [119895]
ACTUAL SIZE IN BYTES [120034]
The byte size of the magazine is reported in every issue(except for
the first) so that we won't have multiple distribution errors as we did
with the first issue. It is a quality control measure. Of course, this
will not prevent imitation files from spreading. Anyone can fake a file
and adjust the file size. Zencor Technologies(tm) has threatened to
discredit us, and we feel they may potentially be a source of imitation
files. We will leave it up to the reader to determine if the magazine
lives up to the standards you have come to expect from CiSSD, and whether
it is therefore, a fake.
If you want to be sure to get the real deal every issue, you can
download the official distribution version from the internet site:
ftp 141.214.4.135 docs/zines/revival/rvlcissd.xxx
where 'xxx' is the issue number. ie: 'rvlcissd.003'. If you do not
have internet access, then check 'Getting Revival', near the beggining of
this magazine for distribution sites.
ii. Voice Mail BBS date was WACkO!
The projected date for the Voice Mail BBS was somewhat unrealistic.
Several CiSSD members, including myself, are undergoing geographical
repositioning at this time, which would make it impossible to run a
stable voice mail. This date has been corrected in this issue, to
September 1st 1993.
The FAX date, on the other hand, accurate to a week, and the fax
line is now active.
---
ADVERTISEMENT:
____________________________________________________________________
- REVIVAL: New Distribution Sites -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revival magazine is looking for new distribution sites all over
the world. Requirements are not stringent. Any board with a positive
image, a few megs of hard-drive space, any hacking oriented message
base, and a knowledgable Sysop qualifies to be the first in its area.
Revival issue #4 is on its way, and we would like to set up sites
for distribution right away. Preffered sites are those who have
access to Internet, who can request revival from our internet site
automatically every other month.
To apply as a REVIVAL distribution site, write a message to
annon08ea@nyx.cs.du.edu, containing the password to an account by the
name 'REVIVAL'. For a faster response, phone The Downtown Militarized
Zone (+1 416 450 7087), and comment with your boards name and number,
as well as the password to the 'REVIVAL' account, or finally, you can
call voice to +1 416 417 0214, and have the same information handy.
____________________________________________________________________
- -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---
ZEN WHAT?
The Dope Man/Essence
Over the last few months, CiSSD has been having a problem with a
group named Zencor. We found it rather disturbing when we recieved
several apologies, for Zencor's misjudging our intent, and specially when
we stopped recieving threats from Zencor members, but all the quiet
seemed only to be a cover. Now they've gone and thrown the following
underground newsletter in our path. Mind you, they did TELL members not
to give it to us, but unfortunately, not all of their members are as
intellegent as their leader Zoth The Frog, and now we have a chance for
rebuttle. Oh and, shhhh.. don't tell Zencor!
Z> ZENCOR
Z> ======
Z>
Z> Progenerate Newletter Issue #1 : April 1993
Z> ===========================================
Y'know, that's mighty interesting Zoth. I clearly remember you
lecturing me on how our group was in it's infancy, and Zencor was
experienced. You told me about how Zencor was King of the Commodore 64
scene back in the day and we would die put up against a group with your
experience and knowledge. Hrmm.. Issue #1? Your first newsletter?.. Oh
that's because you used to teleport to group members houses right? Tsk
Tsk.. I'd hate to think you were telling a fib!
Z> CiSSD Group Exposed As CanTel Informants!
Z> -----------------------------------------
Z>
Z> The Canadian International Society Of Social Deviancy, composed of
Z> Dope Man, Terminator X, and Lister, has been exposed as a group bent
Z> on causing legal troubles for various underground societies, including
Z> ZENCOR.
Shoot! How'd you find out about this one? BTW: It's "Society FOR
Social Deviancy", but you don't have times to remember unimportant things
like that, Zoth A Frog.
Z> While Frog was in prison, members of ZENCOR (particularly ShortMan and
Z> Mystic Ruler) became friendly with these so-called hackers, and
Z> disclosed quite a bit of sensitive information to them.
While Frog was in prison? Oh yeah! I remember when you were in
Juvinile Hall having your asshole reamed*. BTW, you're group wasn't
exactly freindly with us, but they were as nice as you could expect
anyoine to be to their babysitter. Like you said Zoth A Frog, "They're a
bunch of fucking lamers, and you can babysit them if you want to". Sorry,
we're done babysitting for now.
Sensitive information? Since when was your Ex-Girlfreinds name
considered sensitive information? BTW: She's a wonderful person.. you
should take her out sometime!
Z> Suspicions on the part of high-level ZENCOR members lead to entry into
Z> the CiSSD VoiceMailBox.
Suspicions on the part of your high-level Zencor member(s)? Who are
they? I mean, I know there (is one)/(are some), but who are they, and
more importantly, why? By the way, you're the first person to ever
penetrate our voicemail box. I feel so raped. I'm sure you know the
feeling, fluffy.
Z> A number of messages were intercepted and recorded.
Congratulations. Which amazing Zencor brand phone did you use to do
it? The 'Super ZencordaPhone II'? What's the list price on that anyways?
$1580? Oh. Out of my budget, but since members pay to be in your group,
they get a 10% discount, right? How do I join?
Z> Amongst these were communications with a CanTel security
Z> officer. Apparantly this pig had apprehended CiSSD members (who were
Z> never overly adept at hacking activities) hacking VoiceMailBoxes for
Z> their own use.
... as opposed to for sale to the general public, like yours.
Z> There had been a deal arranged in which CiSSD members
Z> would inform the security officer (known as Bird Of Prey) of other
Z> hacker's activities in exchange for immunity. Frog extrapolates on
Z> this and theorizes, with supportive evidence that the thought-dead
Z> bunch of lamers (YAM) contracted CiSSD to "shut down rival groups".
Aha! And what supportive evidence would that be? Really! Please
write, and let me know.. more than likely this would be based on the same
supportive evidence that showed santa clause to deliver presents by
reindeer rather than via Federal Express.
Z> The following is a transcript of two of the most important messages
Z> intercepted:
In order to improve readability, I will title them for you.
Message #1:
Z> Dope Man, I havn't talked to you in a while, not that I'm sick of you
Z> or anything. I enjoy the conference calling that you guys do. You guys
Z> blend together, did you know that? Here's today's give and take.
Z> Here's my take and I'll give you my give after. I was talking to
Z> someone at Metro 55 division today, fraud, and someone has been
Z> hacking into some additional VMBs, nothing new, but this time leaving
Z> threatening messages to customers. On a tip from Bell Security they
Z> are going to the home of [SHORT MAN]. I don't know if your eyebrows
Z> have lifted or not, but it happens that this guy is also blind. It
Z> happens that this guy is hacking into US networks and has done about
Z> thirty-five thousand in fraud. [SHORT MAN] is going to be in a lot of
Z> shit, the guys in the US want to prosecute. Mabye you want to chat
Z> with him a bit. That's between you and I. I'm gonna give you the VMB
Z> and the password to SATAN and STAR. The conversations you will hear
Z> are the result of me taking back their VMBs, much like I did with you
Z> guys, but these guys aren't as trusting. These guys are on the heavy
Z> metal/drug end from what I can tell.
Now quickly, before we go on, lets take some time to organize our
minds. What did Bird of Prey say in this message?
GIVE TAKE
---- ----
- Password to a random Drugee's - Request for us to talk to
Voice Mail System. Short Man regarding his phone
hacking.
Shall we go on now then? Good.
Message #2:
Z> Bird Of Prey. Gotta like that. Satan has won the award for the
Z> stupidest non-paying subscriber ever at CanTel. So we've had to rub
Z> him out of the VMB hacking community for good. I was up till 1 last
Z> night, all he did was complain, calling me OPP, Rent-A-Cop, and I
Z> offered many times to do something and he kept saying "What's your
Z> game?". Well, he's toast, so goodbye. The total was about twenty-eight
Z> VMBs.
Now let's summarize this message. Bird Of Prey wipes out the VMB's
belonging to some hackers because they wouldn't accept the new ones he
was trying to give them, and he had to go to bed.
Z> Disgusting, isn't it?
Oh, I'd say! Gawd forbid he should get some sleep! (?!)
Z> Now then, what is ZENCOR going to do about it?
Z> The following plan has been enacted:
Z>
Z> 1) The RCMP has been dispatched to shut down all pirate CiSSD BBS
Z> systems, with ZENCOR-obtained file and user lists, recorded
Z> conversations and other evidence. All CiSSD computer equipment will
Z> be confiscated and a number of criminal charges will be laid.
Oh good! Call the police! That's what we should have done, but
you're the smarter hacking group.. only you would think of bringing the
Canadian equivelant of the FBI into it!
Only shutting down the CiSSD pirate systems? Oh! BTW, which ones
were those again? If you could let me know, we'll shut them down for
you.
Also, seing as you're so adept to taking down Pirate BBS's, I'm sure
that you'll have a great time getting access to any in the next little
while.
Z> 2) CanTel management has been informed of their "double-agent". Bird
Z> Of Prey will lose his fucking job.
Well, actually, it's not a fucking job, but coincidentally, it's
rather close to yonge street. Either way, the fucking jobs are best out
on jarvis.. oh.. and watch me shiver as I take you seriously. Unlike you,
Bird of Prey still has a job.
Z> 3) Other groups have been informed of CiSSD's plans to harm them.
Which would explain why they've been posting in our network so much
recently. I await their revenge. BTW: Are these the plans you
've
SPECULATED we have to harm other groups? Or are these the ones I keep
hidden in the cookie jar, underneath the section carefully labeled
'DOUBLE FUDGE' in red ink?
Z> 4) Everyone involved in or connected with CiSSD has been successfully
Z> CN/Aed and all their personal information is on file.
Successfully? Wow! I'm impressed. I was beggining to think you
didn't know how to speak to an operator in english.
Z> 5) All ZENCOR systems to which CiSSD has any knowledge has been shut
Z> down completely.
Actually, no. Would you like a list?
Z> Furthermore, there will be NO FURTHER fraternization with CiSSD. Frog
Z> warned everyone about this sort of thing!
Frog this, frog that. Apparently, frog is a schizophrenic,
constantly reffering to himself in the third person, but I won't
complain.. as long as _Zoth A Frog_ doesn't fraternize with me, I'm
happy. Oh wait, did you want the last word? Here you go:
Z> Furthermore, there will be NO FURTHER fraternization with CiSSD. Frog
Z> warned everyone about this sort of thing!
_Notes:_
(+) Texts based on pre-release version of newsletter. Release version
was not avaliable at time of editing.
(*) See USENet Sex FAQ
---
CiSSD MEMBERSHIP INFORMATION
With a large resurganse in CiSSD activities, we have decided to
begin accepting some members through an application process. Our commune
is not yet large enough to accept the masses without rebellion, but is
open enough to accept those with ideas similar to our own, and open
minded enough to publish comment from those who are opposed to us. Please
write to annon08ea@nyx.cs.du.edu, and I will publish your comments, and
respond to 'letters to the editor.'
If you are seriously interested in becoming a CiSSD member, you can
download the CiSSD application from any CiSSD Headquarters BBS, and
upload the completed form, FAX(NEW!) the form to the CiSSD fax line, or
send the completed form E-Mail to annon08ea@nyx.cs.du.edu.
In addition to members, CiSSD will honour those who have special
achievements, members, or non members alike. If you know someone you
believe to deserve CiSSD recognition, please write to the same
address(annon08ea@nyx.cs.du.edu), leave a message on our voice mail, or
fax us information on why this person deserves special recognition.
NOTICE: richfair@eastern.com, mentioned in last issue, has ceased to
exist. The problem may be temporary, but the site is not reliable. Any
letters, or work that was sent to richfair@eastern.com last month was
lost. Many Apologies. Please use Lister's address
(annon08ea@nyx.cs.du.edu) until our mail problems are rectified.
---
[CiSSD] CONTACT ADDRESSES
The Downtown Militarized Zone BBS
(416) 450 7087 Sysop - The Dope Man
Revival Distribution Site
[CiSSD] WHQ/HeLL
The Revolutionary Front BBS
(416) 936 6663 Sysop - Lister
Revival Distribution Site
[CiSSD]/HeLL/cDc
CiSSD Voice Mail Canada
(416) 417 0214 Users - Essence - The Dope Man - Lister
NEW! - CiSSD Fax Line - (416) 250 5264
c/o The Dictator
CiSSD Voice Mail BBS - Projected for September 1 1993 (Canada Day)
(Projected date changed due to geograhical difficulties)
Lister - annon08ea@nyx.cs.du.edu
---
ADVERTISMENT:
______/\___/\X__ /\______ ___________ _______/\ /\____/\
\ ____/ __/ /_/ / / / / _\ /__ _//_/ / ____/
/ _ / / / // / /\ / / /\ / __/ / _/ // / _ /
/ \_/ /__ _ / |/ / / |/ / _/ / / _ / \_/
\____/_____X_// /_____/ /_____/ _/ / _/__// /\____/
\/ \/ \/ \/
____________________________________________________________________
- D A M N E D -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo of the Damned is currently looking for Nodes in North
America [1:2773/NPA.0], and internationally where english is spoken on
Bulletin Board Systems [CoutryCode:2773/Node.0].
Echo of the Damned is dedicated towards the free flow of
information, and productivity in the h/p scene.
To apply as an Echo of the Damned node, please leave a voice
message, containing your bulletin boards name and telephone number, as
well as the password to an account named 'EOTD STAFF', at
+1 416 417 0214.
____________________________________________________________________
- -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---
LAST WORDS FROM THE EDITOR
Essence/TX
I pushed my luck long enough. It was only a few weeks, but my
parents got sick and tired. When sleeping at home becomes an optional
extra, you definately have family problems. Interestingly enough, I
enjoyed being out on my own. I relied on my parents for food every few
days when I needed it; and if I was exhausted from overactivity, and
unable to sleep in -5c degree weather, I still had a bed at home where I
could sleep but I rathered not to. I was sick of being at home. I was
sick of my two parent, boy and girl child, middle class family. I hated
the american dream.
The dream was never quite what the stories tell you. Whenever I
showed my love for someone else, they were unresponsive. I gather, I too
was unresponsive when someone loved me. Whenever there was an argument, I
was reason and my mother, or my sister was emotion. My dad and I never
fight. He too is reasonable. He too argues with my mother. They should
never have stayed together, as respectively they are 'bad logic', and
'bad love'.
Had they only loosened the noose a little, and let me be me, instead
of someone they were moulding me into, I might still want to be with
them; I might still care. But they didn't and I don't. They reach for me,
and I break their hearts. I don't have time for them, I need to get out
and be with my freinds.
Had they only seen what I was feeling, heard what I was saying,
known what I knew, we could still be the american dream. Sometimes, to
really love someone, you have to let them go. I guess, they were only
dreaming. Maybe next time round, they'll listen closer.
CREDITS
The Dope Man Repeat contributor, and CiSSD President. There's no
CiSSD/HeLL business like .. Show Business.
Lister Interpersonal relations and repeat contributor. If
CiSSD/HeLL you like his articles, send him some Vodka.
The Dictator Repeat offender, who feels that political revolt is
CiSSD payment enough for his writings.
The Grappler Spreading diatribes to and fro, he's progressing from
CiSSD the imaginary world of C=64, that so many of us hated
to leave behind when we grew up.
Kryten Contributor who attends many CiSSD meetings for the
Independant free pizza. Gusto's *SUCKS* when it's cold.
City-TV Thanks for making our release weekend enjoyable. Drop
Chum by anytime!
Essence/TX Editor. See you next issue.
CiSSD
-------------------------------------------------------------------------
THE CANADIAN INTERNATIONAL SOCIETY FOR SOCIAL DEVIANCY (C) 1993/94
-------------------------------------------------------------------------
