Copy Link
Add to Bookmark
Report
Taco Bell Core Issue 01
The Taco Bell Syndicate
Presents
TTTTTTTTTTTTTTTTTTTTTTTTT BBBBBBBBBBBBBBB
TTT BB BBB
TTT BB BBB
TTT BB BBB
TTT BB BBB
TTT BB BBB
TTT BB BBB
TTT BBBBBBBBBBBBBB
TTT BB BBB
TTT BB BBB
TTT BB BBB
TTT aco BB BBB
TTT BB BBB ell
TTT BBBBBBBBBBBBBBB
CCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCC
CC
CC
CC
CC
CC
CC
CC
CC ore
CC
CCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCC
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
****************************
* Issue: 1 *
* May, 1993 *
****************************
CONTENTS:
Introduction......................................... Shredder
Caller ID areas...................................... Keith Cathode
Operation Sundevil: What was it?..................... Shredder
Our Friends, the Concord Journal..................... Keith Cathode
The Trusty Rad Shack Red Box (old, but relevant)..... Shredder
Scannage............................................. Keith Cathode
Fake Feds call Temple of Stan........................ Shredder
USENIX UNIX Security Symposium Announcement.......... Shredder
Interesting Addresses, etc. ......................... TBS
News from the World of Telecom....................... TBS
Releases, Past and Future............................ Shredder
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Introduction
by Shredder
Right now, you're probably wondering, "Who the hell is TBS? And what the
hell is THIS?" THIS is Taco Bell Core, the monthly online magazine/newsletter
thingy of TBS. Where we put out information/interesting things written by
us and anyone else who wants to send us something. Stuff we've written,
found, leeched off the Internet. TBS is the Taco Bell Syndicate. A group
of people who believe in the power of computers and freedom of information.
We believe in sharing knowledge freely with everyone. Anyways. Enough
introductory stuff. This issue was pretty easy to throw together from stuff
we all had lying around. But we can't do the next one without some outside
stuff. We take all submissions dealing with computers, security, freedom
of information, the government policies on the above, telecommunications,
etc. Just send it to tbs@tacobel.UUCP and if we like it, we'll print it.
If you'd like to be put on the TBS mailing list and receive this every
month, send your internet address to postmaster@tacobel.UUCP. Whee.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Areas in Massachusetts where Caller ID is available
by Keith Cathode
This is a list of communities that currently support CID. This text was
originally supposed to be released by Death, but he's too lazy. I suppose
that I should give him some credit as well. Death and Keith Cathode of the
Taco/BELL Syndicate. There I said it. BFD.
--------------------------------------------------------------------------------
[508]
Beverly........524.621.922.927
Danvers........750.762.774.777
Essex..........768
Gloucester.....281.282.283
Hamilton.......468
Magnolia.......525
Manchester.....525.526
Middleton......750.762.774.777
Peabody........530.531.532.977
Rockport.......546
Salem..........740.741.744.745
Wenham.........468
W.Peabody......535
[617]
Braintree......356.380.843.848.849
Canton.........575.821.828
Cohasset.......383
Dedham.........320.326.329.461.462
Hingham........740.749
Holbrook.......767.961.763.986
Hull...........925
Lynn...........581.592.593.594.595.596.598.599
Lynnfield......334
Marblehead.....631.639
Mattapan.......296.298
Milton.........296.298.696.698
Nahant.........581
Norwood........255.551.762.769
Quincy.........328.376.471.472.479.770.773.774.756.847.984.985
Randolph.......767.961.963.986
Saugus.........231.233
Scituate.......544.545
Stoneham.......279.438
Swampscott.....581.592.593.594.595.598.599
Wakefield......224.245.246
Westwood.......255.320.326.329.461.462.551.762.769
Weymouth.......331.335.337.340
One last point before I cut the shit; this is very tedious, and dyslexic
errors are your own tough luck. Cheers. Stay free and all that stuff.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Operation Sundevil: What was it?
by Shredder
Operation SunDevil, a legendary event in computer history. But what
was it and what were the results of it?
On May 9, 1990, the U.S. Attorney's in Phoenix, Arizona released to
the press an announcement of a crackdown on "illegal computer hacking
activities". The official name for this action was "Operation SunDevil",
named after the mascot of Arizona State University, where this case started.
Twenty seven search warrants were used on May 8, 1990, resulting
in four arrests, with 150 Secret Service Agents carrying out the operation.
Operation SunDevil was an effort to arrest several hackers to posting stolen
credit card codes and telephone calling card codes. The targets for this
crackdown had been selected through a detailed two year investigation. Forty
two computer systems were seized by the US secret service, and about twenty
five of them were actually running bulletin boards. During 1990, the
Phoenix branch of the Secret Service had close to 300 BBS's that were
under observation, and all of them had been either called by Secret Service
agents or by informers, who passed logs of their sessions on to the Secret
Service. The four people who were arrested were: "Tony the Trashman" in
Tucson, AZ on May 9th, "Dr. Ripco", sysop of the Ripco BBS, was also
arrested, on illegal firearms possessions however. Also arrested were
"Electra", in PA, and an unnamed male juvenile hacker in PA.
Along with the forty or so computers taken, the Secret Service also
took approximately 23,000 disks, and unknown quantities of printed material,
computer printouts, magazines, notebooks, diaries, non-fiction books on
hacking, and anything else that caught the Feds' eye.
The Secret Service claimed in a press conference on May 9, 1990, that
the primary purpose of Operation SunDevil was to send a message to the
hacking community, that they could not hide behind the "relative anonymity
of their computer terminals.", and that the Feds could and would bust them.
They said that this bust "should convey a message to any computer enthusiast
whose interests exceed the ethical use of computers." But who is to decide
what are the so-called "ethical uses" of computers?
The outcome of Operation SunDevil was a let down for the Feds. They
had sent their "message", but only one indictment was served as a result
of the arrests. Prosecutors involved in the case say chances are "extremely
high" that all charges will be dropped. In the end, this two year, expensive
operation resulted in not much of a real prize for the Feds, and shows
that even if you do get arrested, the Feds don't really have much of a
case against you, even if they do take all your stuff.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Our Friends, the Concord Journal
by Keith Cathode
This comes from the wonderful Concord Journal.
CALLS TRACED TO COMPUTER HACKERS
By Shannon Strybel
A two month spate of constant hang-up calls has been linked to a group of
school-age computer hackers, according to Concord Police LT. Leonard
Wetherbee.
Wetherbee says that a group of computer aficionados, ranging from
elementary school children to high schoolers, are probably responsible
for a great majority of hang-up calls received by residents throughout
town.
So far three teens have been identified, but in their ongoing
investigation police suspect a much larger group of students is
involved.Because they are juveniles, police cannot legally reveal their
names.
The lieutenant says the station has been flooded with reports
from residents saying they've received calls at all hours, and at regular
intervals since December.
"What these kids are trying to do is to find other computer
systems and see if they can break into them. They think it's a great
challenge."
The kids set up their computer telephone modem to automatically
dial hundreds of phone numbers until it finds another computer system.
They put in a series of numbers, say from 369-000 through 369-1000, and
the computer dials each number," explained Wetherbee. "As soon as a human
voice picks up, it hangs up because it is not a computer."
Wetherbee says he has received reports from companies in Concord
who 's computer systems have been breached, but because the investigation
is on going, he declined to state which companies. According to the
lieutenant, many companies have systems which notify them through a print
out when there has been an attempted or a successful break into their
computers
Inspector Paul Malone says he has identified three of he alleged
computer hackers by tracing who owned the computer technology and
expertise to try to break into computer systems.
"I have spoken with the three, who are in high school, and
explained that what they are trying to do is wrong and has serious
ramifications punishable by law." says Macone "I told them that they are
right on the edge. Iis as if they are walking around a building and
trying to break in."
Anyone charged with making annoying phone calls, a misdemeanor,
can receive a fine of up to $500 an up to 90 days in jail. Police say
someone who breaches a computer system can be charged with a variety of
misdemeanors and felonies, from malicious destruction to larceny,
depending on information gleaned and how that information is used.
The inspector says he is not sure how many juveniles are
involved, but he suspects they range in age from elementary school
students to th high school level. In addition he says the numbers could
have been given out to any number of other computer hackers in the
Greater Boston area.
"There are clubs of these hackers who meet regularly throughout
the state and exchange modem numbers so they can practice. Because of the
information we have, we believe there is as unknown larger group with the
concord numbers."
Maura Roberts, who teaches a computer workshop as Concord
Carlisle High School, says hacking is a challenge for many students.
"Kids today start it [learning how to use computers] so young and
they are more sophisticated in their approach to computers because they
have no fear. It becomes a challenge to find out what else they can do
with it."
Roberts speculates younger children probably do not realize
trying to break into other systems is wrong, but look at it as a game.
"For older kids, part of the challenge may be that it is wrong."
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Red Box Planzz (d00d, they're s0 3l!t3)
by Shredder
That's a joke, by the way. Red boxes are extremely easy to build and use
following the below procedure. They work by duplicating the tones coins
make when they are deposited into a payphone. Be aware it is extremely
easy to foil red-boxers by placing a "notch filter" into the phone which
blocks out red-box tones. Basically, when the telco works on a phone,
they place a notch filter into it. Boxing is a dying art.
Pretty much everyone has a red box, but just so those of you who don't
stop asking, here they are. Instructions are given on how to make both
a red box, and a combo box, which lets you still use the tone dialer to
make DTMF (touchtone) tones.
Parts List:
----------
Thin insulated wire (if you want to make a combo box)
DPDT Switch (if you want to make a combo box)
Timing Crystal
(somewhere close to 6.490 mHz. The tried and tested value
is 6.5536 mHz. Radio Shack will special order 6.5536
crystals for you for a PRICE. Also, you can buy 6.500 mHz
crystals from DigiKey (800-344-4539) for $1.73 (Part number: X415)
33-Memory Toner Dialer
Available in most Radio Shacks. Make sure you get the MEMORY one.
Model number: 43-141
Instructions
------------
1. Take your tone dialer and turn it over so the speaker is on top.
Take off the battery compartment cover and remove the 4 screws.
2. Remove the back cover of the tone dialer, being careful not to
break the wires that connect the circuitry to the speaker.
3. Look at the circuitry, you will see a small grey cylinder
marked 3.579. This is the original tone dialer crystal.
Desolder this. If you are just making a red box, solder the two
leads of the 6.5X crystal to the contacts where the 3.579 crystal
was. For a combo box, skip to 5.
4. Close the tone dialer and replace the screws. Voila.
5. A combo box is slightly more complicated, but not much.
Instead of soldering the 6.5X crystal directly to the contacts,
solder each of the two leads to one set of poles on the DPDT
switch, but NOT the middle. Solder the original 3.579 tone
dialer crystal to the other set of poles, again NOT the middle.
Solder a piece of wire to each of the middle poles. The completed
switch should look something like this:
-----
| | (Each || has two poles)
===================
| |
===================
|| || ||
|| || ||
3.579 two 6.5X crystal
crystal wires
6. Now connect the two wires to each of the terminals where the
3.579 crystal was originally connected. Glue/tape/whatever
the switch (and crystals if you want) to the outside of the
tone dialer with epoxy. You may be able to fit the crystals
inside the dialer case. It also helps to thread the wires
through the holes in the back of the tone dialer. Close it up
and voila.
Using the Red Box
------------------
On the combo box, the switch switches between crystals. If you can't
figure it out from your wiring, the 6.5X crystal makes the higher
pitched tones. (duh.) Place 5 *'s in P1 (or any other memory
location). Using the 6.5 X crystal, that simulates the tones a
quarter makes when it's dropped in the phone. There you go.
Red boxing local calls requires a little more work, you can't just
beep the tones. You need to start it off with a real coin, or go
through an access number. (10ATT has been mentioned in this respect)
Whoopee. Now you too have a red box, just like everyone else.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Scannage
by Keith Cathode
1800 328 66xx
-------------
A5- After Hours
RT- Resident Type (Subject to random answer)
AED Auto Extension Dialing
ANSM Answering Machine
ASYS Answerig System (ie Spirit, VoiceCall)
01 VMB A5
08 A5-AED/VMB
09 RT-ANSM
15 Carrier : Prime Net
16 A5-AMSM : Land O' Lakes
20 ANSM
23 A5-ANSM : Stock Quotes
25 PBX
28 VMB : AT&T
40 A5-ANSM
45 A5-ANSM
46 RT-ANSM : Tax Help
50 A5-ANSM
52 VMB
55 ASYS : Credit Union
57 VMB : Audix
60 ASYS
62 ANSM : Ministry
63 A5-ANSM
67 A5-ANSM
68 ASYS : Uniglobe
77 A5-ANSM
80 A5-ANSM : Cytol
84 RT-ANSM/AED
86 Outdial +9
87 ASYS
89 Disconnect
90 VMB +*
96 Carrier : Rocky Mountain Support BBS 300-2400 N81
97 VMB
1800 366 10xx
-------------
01 Phone Mail
09 Phone Mail
10 A5-ANSM
14 PBX
20 VMB +#
24 CARRIER : H.S.
28 A5-ANSM
30 VMB :Express Messaging
45 Sprint
46 Sprint
47 Sprint
48 Telecheck
49 VMB
52 Fax Carrier
54 Telecheck
58 VMB
60 PBX
71 PBX/VMB
72 Sprint
78 Sprint
81 ANSM/AED
84 ANSM/AED :Tech Store - Offer catalog
87 Carrier(HS): E71 , N81 , 071 Did not work.
96 VMB/AED :Sprint. Sales & Info
97 RT-ANSM/AE
1800 877 38xx
-------------
03 VMB
16 Voice Answering Service
34 Fax
36 ANSM
37 VMB
39 VMB :7dig Boxes
55 VMB : Express Messaging
56 VMB : Meridian
65 Fax
71 PBX
77 Fax
79 Fax
81 VMB :Audix
85 VMB :+1 = Credit Card Center
86 VMB
88 ASYS :+3 = Data Communications Center
97 VMB
1800 456 00xx [Brought to us by The Henchman of Social Chaos]
-------------
00 PBX
05 VMB
09 VMB
12 VMB
14 Fax
25 Carrier
36 Bank
47 VMB : Aspen + *
50 Carrier
54 Carrier
9997 = Test tone
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Fake Feds call the Temple of Stan
by Shredder
(In case you don't know, The Temple of Stan is my BBS, see the end
of this file for the number, etc.)
It all began on Saturday, April 18th. It was around 9:00 and
I'd just got up, and went downstairs to check my email and read the new
messages on the Temple. Just my luck, someone had just logged in. It was a
new user, and as usual, I watched to see what they would do. I was surprised
and also a little shocked when they logged in and left me some feedback, an
exact copy of which follows:
To: system
Subject: Law and order
From: daniel (Daniel T. Edmunds)
Comments: New User. Be nice. Or not.
Message-ID: <yoJ62B1w165w@tacobel.UUCP>
Date: Sat, 17 Apr 93 09:08:33 EDT
Organization: The Temple of Stan - TBS World HQ - Concord, Mass, USA
This is federal officer Daniel T Edmunds. Your BBS has been reported
as spreading information about Phone fraud, Credit card fraud, computer
breaking and entering, and many other crimes. Rather than seize your
system, I am merely requesting that you cease all such activity
forthwith. We have a user on line currently who will verify this for us.
If this does not occur within 7 days, we will take full legal action.
We realize that you are probably engaged in what you consider to
be "fun". This is not fun. This is against the law. Failure to comply may
result in your arrest, confiscation of your hardware and any related
software, and if needed the arrest of any and all users deemed to be
participating in such activities.
Officer Daniel T. Edmunds.
Hm. Quite. They also left a phone number. So, the first thing I did
was to call up ATDT and leave a message their asking what the hell to do.
A few hours later, Magic Man wrote back, he had talked to Count Zero, and
they thought it was probably a fake. They suggested trying the number he
left. Then, i dialed up my Internet account, and mailed a message to the
EFF about what had happened. Interestingly enough, they still haven't
responded. I also received mail from Rogue Agent, giving me the names of two
other people to contact, if my fears turned out to be valid. I called the
number he left, it gave a tone and then hung up. I called New England
Telephone and got them to call it. "Nope, it's not a personal telephone
number". Sounded like a test number to me, but they wouldn't tell me if
it was or not.
Next day. Sunday. I call the FBI in Boston. The easiest way to tell
if this guy is a fake or not, I thought, is to ask the FBI. So, the Boston
FBI tell me there's no Daniel T. Edmunds in the Boston Office, and to try
FBI Headquarters. So, I call FBI Headquarters, they tell me there's no FBI
agent anywhere with that name, that impersonating a Federal Agent is a
Federal offence, and to call the Boston Feds back. So, I do, they tell
me to call back the next day (Monday) and talk to the fraud squad.
Monday. I talk to the fraud squad, they take all the details and
tell me they'll call me back.
Thursday, April 22nd. The Feds called at 9:00 AM, waking me up.
The guy who called, Ed Clarke, seems quite nice, actually. He tells me
there is DEFINITELY no FBI agent under that name, but that they're not
going to start some huge investigation. I agree, it's kind of a little
thing, especially with the whole Waco thing. But, he adds, the normal
procedure is to track down the person and warn them face to face that
it's illegal. Which would have the desired effect for me, to warn them that
they can't fuck with my board like that. So, it's left that if he ever
gets in contact with me again, to call them, and that they're putting his
name in their files, in case he pops up again. So, if someone using the
name Daniel T. Edmunds calls your board and tries something like this,
mail shredder@tacobel.UUCP and let me know.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
UNIX Security Conference
leeched off the Internet by Shredder
4th USENIX UNIX SECURITY SYMPOSIUM
October 4-7, 1993
Santa Clara Marriott Hotel
Santa Clara, California
Sponsored by the USENIX Association
In cooperation with:
The Computer Emergency Response Team (CERT)
and the ACM SIGSAC
The goal of this symposium is to bring together security practitioners,
system administrators, system programmers, and others with an interest in
computer security as it relates to networks and the UNIX operating system.
This will be a three and one-half day, single-track symposium. The symposium
will consist of tutorials, refereed and invited technical presentations, and
panel sessions. The first day will be devoted to tutorial presentations,
followed by two and one-half days of technical sessions. There will also
be two evenings available for Birds-of-a-Feather sessions and
Work-in-Progress sessions.
TUTORIALS
October 4, 1993
This one-day tutorial program will feature two tutorials, designed to address
the needs of both management and technical attendees. The tutorials will
supply overviews of various security mechanisms and policies. Each will
provide specifics to the system and site administrator for implementing
numerous local and network security precautions, firewalls, and monitoring
systems.
TECHNICAL SESSIONS
October 5-7, 1993
In addition to refereed paper presentations, the program will include invited
talks and panel sessions. The program committee invites you to submit
proposals, ideas, or suggestions for these presentations
Papers that have been formally reviewed and accepted will be presented during
the symposium and published in the symposium proceedings. Symposium
proceedings will be distributed free to technical sessions attendees during
the symposium and after will be available for purchase from the USENIX
Association.
SYMPOSIUM TOPICS
Papers are being solicited in areas including but not limited to:
o User/system authentication
o File system security
o Network security
o Security and system management
o Security-enhanced versions of the UNIX operating system
o Security tools
o Network intrusions (including case studies and intrusion detection efforts)
o Security on high-bandwidth networks
DATES FOR REFEREED PAPER SUBMISSIONS
Extended abstracts due: June 4, 1993
Program Committee decisions made: June 30, 1993
Camera-ready final papers due: August 15, 1993
REFEREED PAPER SUBMISSIONS:
Send ASCII or Postscript submissions to: ches@research.att.com
Send hard copy submissions to the program chair:
Bill Cheswick
AT&T Bell Laboratories
Room 2c416
600 Mountain Ave.
Murray Hill, NJ 07974
PROGRAM COMMITTEE
Bill Cheswick, AT&T Bell Laboratories, Program Chair
Steve Bellovin, AT&T Bell Laboratories
Matt Bishop, Dartmouth College
Ed DeHart, CERT, Carnegie Mellon University
Jim Ellis, CERT, Carnegie Mellon University
Marcus Ranum, Trusted Information Systems
FOR REGISTRATION INFORMATION
Materials containing all details of the symposium program, symposium
registration fees and forms, and hotel discount and reservation information
will be mailed beginning July 1993. If you wish to receive registration
materials, please contact:
USENIX Conference Office
22672 Lambert Street, Suite 613
El Toro, CA 92630 USA
(714) 588-8649; FAX: (714) 588-9706
E-mail: conference@usenix.org
USENIX
The UNIX and Advanced Computing Systems Professional and Technical Association
Bill Cheswick, program chair, has announced that Robert Morris Sr. will be
the key note speaker at this year's Usenix Security Symposium. Mr. Morris
has been involved with computer security since the early days of UNIX.
The program committee would like to remind those interested in submitting
papers that there is less than two months to do so.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Interesting Things, People, Places
by TBS
(Oh no, ANOTHER list of addresses)
2600 Magazine
- 2600@well.sf.ca.us
- (516) 751-2600 (answering machine)
- (516) 751-2608 (Fax)
The Electronic Frontier Foundation (EFF)
- Mail to: eff@eff.org
- Anonymous FTP to: ftp.eff.org
Woo. All the Phracks, cDc's, etc. to leech from
AT&T Hacker Group
- 1-800-521-8235
- Investigate toll fraud, PBX abuse, code abuse, etc.
- Obviously, this is ANI'd. Do us all a favour and don't call it
from home.
Coin Test (Works in MA)
- 0-959-1230
- Good way to check if your s00per-3l!t3 red b0x is working
Digi-Key
- 1-800-344-4539
- Electronics supplies, crystals
The SPA Piracy Hotline
- 1-800-388-7478
- Why not turn in your least favourite WareZzz d00d?
(If you have a slightly skewed sense of justice)
Enjoy. Whee.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Telecom News
by TBS
The following press release was taken from Computer Underground Digest 5.28.
THE WHITE HOUSE
Office of the Press Secretary
For Immediate Release April 16, 1993
STATEMENT BY THE PRESS SECRETARY
The President today announced a new initiative that will bring
the Federal Government together with industry in a voluntary
program to improve the security and privacy of telephone
communications while meeting the legitimate needs of law
enforcement.
The initiative will involve the creation of new products to
accelerate the development and use of advanced and secure
telecommunications networks and wireless communications links.
For too long there has been little or no dialogue between our
private sector and the law enforcement community to resolve the
tension between economic vitality and the real challenges of
protecting Americans. Rather than use technology to accommodate
the sometimes competing interests of economic growth, privacy and
law enforcement, previous policies have pitted government against
industry and the rights of privacy against law enforcement.
Sophisticated encryption technology has been used for years to
protect electronic funds transfer. It is now being used to
protect electronic mail and computer files. While encryption
technology can help Americans protect business secrets and the
unauthorized release of personal information, it also can be used
by terrorists, drug dealers, and other criminals.
A state-of-the-art microcircuit called the "Clipper Chip" has
been developed by government engineers. The chip represents a
new approach to encryption technology. It can be used in new,
relatively inexpensive encryption devices that can be attached to
an ordinary telephone. It scrambles telephone communications
using an encryption algorithm that is more powerful than many in
commercial use today.
This new technology will help companies protect proprietary
information, protect the privacy of personal phone conversations
and prevent unauthorized release of data transmitted
electronically. At the same time this technology preserves the
ability of federal, state and local law enforcement agencies to
intercept lawfully the phone conversations of criminals.
A "key-escrow" system will be established to ensure that the
"Clipper Chip" is used to protect the privacy of law-abiding
Americans. Each device containing the chip will have two unique
2
"keys," numbers that will be needed by authorized government
agencies to decode messages encoded by the device. When the
device is manufactured, the two keys will be deposited separately
in two "key-escrow" data bases that will be established by the
Attorney General. Access to these keys will be limited to
government officials with legal authorization to conduct a
wiretap.
The "Clipper Chip" technology provides law enforcement with no
new authorities to access the content of the private
conversations of Americans.
To demonstrate the effectiveness of this new technology, the
Attorney General will soon purchase several thousand of the new
devices. In addition, respected experts from outside the
government will be offered access to the confidential details of
the algorithm to assess its capabilities and publicly report
their findings.
The chip is an important step in addressing the problem of
encryption's dual-edge sword: encryption helps to protect the
privacy of individuals and industry, but it also can shield
criminals and terrorists. We need the "Clipper Chip" and other
approaches that can both provide law-abiding citizens with access
to the encryption they need and prevent criminals from using it
to hide their illegal activities. In order to assess technology
trends and explore new approaches (like the key-escrow system),
the President has directed government agencies to develop a
comprehensive policy on encryption that accommodates:
-- the privacy of our citizens, including the need to
employ voice or data encryption for business purposes;
-- the ability of authorized officials to access telephone
calls and data, under proper court or other legal
order, when necessary to protect our citizens;
-- the effective and timely use of the most modern
technology to build the National Information
Infrastructure needed to promote economic growth and
the competitiveness of American industry in the global
marketplace; and
-- the need of U.S. companies to manufacture and export
high technology products.
The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed.
3
The Administration is committed to working with the private
sector to spur the development of a National Information
Infrastructure which will use new telecommunications and computer
technologies to give Americans unprecedented access to
information. This infrastructure of high-speed networks
("information superhighways") will transmit video, images, HDTV
programming, and huge data files as easily as today's telephone
system transmits voice.
Since encryption technology will play an increasingly important
role in that infrastructure, the Federal Government must act
quickly to develop consistent, comprehensive policies regarding
its use. The Administration is committed to policies that
protect all Americans' right to privacy while also protecting
them from those who break the law.
Further information is provided in an accompanying fact sheet.
The provisions of the President's directive to acquire the new
encryption technology are also available.
For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.
- - ---------------------------------
QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S
TELECOMMUNICATIONS INITIATIVE
Q: Does this approach expand the authority of government
agencies to listen in on phone conversations?
A: No. "Clipper Chip" technology provides law enforcement with
no new authorities to access the content of the private
conversations of Americans.
Q: Suppose a law enforcement agency is conducting a wiretap on
a drug smuggling ring and intercepts a conversation
encrypted using the device. What would they have to do to
decipher the message?
A: They would have to obtain legal authorization, normally a
court order, to do the wiretap in the first place. They
would then present documentation of this authorization to
the two entities responsible for safeguarding the keys and
obtain the keys for the device being used by the drug
smugglers. The key is split into two parts, which are
stored separately in order to ensure the security of the key
escrow system.
Q: Who will run the key-escrow data banks?
A: The two key-escrow data banks will be run by two independent
entities. At this point, the Department of Justice and the
Administration have yet to determine which agencies will
oversee the key-escrow data banks.
Q: How strong is the security in the device? How can I be sure
how strong the security is?
A: This system is more secure than many other voice encryption
systems readily available today. While the algorithm will
remain classified to protect the security of the key escrow
system, we are willing to invite an independent panel of
cryptography experts to evaluate the algorithm to assure all
potential users that there are no unrecognized
vulnerabilities.
Q: Whose decision was it to propose this product?
A: The National Security Council, the Justice Department, the
Commerce Department, and other key agencies were involved in
this decision. This approach has been endorsed by the
President, the Vice President, and appropriate Cabinet
officials.
Q: Who was consulted? The Congress? Industry?
A: We have on-going discussions with Congress and industry on
encryption issues, and expect those discussions to intensify
as we carry out our review of encryption policy. We have
briefed members of Congress and industry leaders on the
decisions related to this initiative.
Q: Will the government provide the hardware to manufacturers?
A: The government designed and developed the key access
encryption microcircuits, but it is not providing the
microcircuits to product manufacturers. Product
manufacturers can acquire the microcircuits from the chip
manufacturer that produces them.
Q: Who provides the "Clipper Chip"?
A: Mykotronx programs it at their facility in Torrance,
California, and will sell the chip to encryption device
manufacturers. The programming function could be licensed
to other vendors in the future.
Q: How do I buy one of these encryption devices?
A: We expect several manufacturers to consider incorporating
the "Clipper Chip" into their devices.
Q: If the Administration were unable to find a technological
solution like the one proposed, would the Administration be
willing to use legal remedies to restrict access to more
powerful encryption devices?
A: This is a fundamental policy question which will be
considered during the broad policy review. The key escrow
mechanism will provide Americans with an encryption product
that is more secure, more convenient, and less expensive
than others readily available today, but it is just one
piece of what must be the comprehensive approach to
encryption technology, which the Administration is
developing.
The Administration is not saying, "since encryption
threatens the public safety and effective law enforcement,
we will prohibit it outright" (as some countries have
effectively done); nor is the U.S. saying that "every
American, as a matter of right, is entitled to an
unbreakable commercial encryption product." There is a
false "tension" created in the assessment that this issue is
an "either-or" proposition. Rather, both concerns can be,
and in fact are, harmoniously balanced through a reasoned,
balanced approach such as is proposed with the "Clipper
Chip" and similar encryption techniques.
Q: What does this decision indicate about how the Clinton
Administration's policy toward encryption will differ from
that of the Bush Administration?
A: It indicates that we understand the importance of encryption
technology in telecommunications and computing and are
committed to working with industry and public-interest
groups to find innovative ways to protect Americans'
privacy, help businesses to compete, and ensure that law
enforcement agencies have the tools they need to fight crime
and terrorism.
Q: Will the devices be exportable? Will other devices that use
the government hardware?
A: Voice encryption devices are subject to export control
requirements. Case-by-case review for each export is
required to ensure appropriate use of these devices. The
same is true for other encryption devices. One of the
attractions of this technology is the protection it can give
to U.S. companies operating at home and abroad. With this
in mind, we expect export licenses will be granted on a
case-by-case basis for U.S. companies seeking to use these
devices to secure their own communications abroad. We plan
to review the possibility of permitting wider exportability
of these products.
-----------------------------------------------------------------------------
(Taken from alt.security)
Texas A&M Network Security Package Overview
BETA Release 1.0 -- 4/16/93
Dave Safford
Doug Schales
Dave Hess
DESCRIPTION:
Last August, Texas A&M University UNIX computers came under extensive
attack from a coordinated group of internet crackers. This package of
security tools represents the results of over seven months of development
and testing of the software we have been using to protect our estimated
twelve thousand internet connected devices. This package includes
three coordinated sets of tools: "drawbridge", an exceptionally powerful
bridging filter package; "tiger", a set of convenient yet thorough
machine checking programs; and "netlog", a set of intrusion detection
network monitoring programs. While these programs have undergone
extensive testing and modification in use here, we consider this to
be a beta test release, as they have not had external review, and
the documentation is still very preliminary.
KEY FEATURES:
For full technical details on the products, see their individual README's,
but here are some highlights to wet your appetite:
DRAWBRIDGE:
- inexpensive (pc with SMC/WD 8013 cards)
- high level filter language and compiler
- powerful filtering parameters
- DES authenticated remote filter management
- O(1) table lookup processing for full ethernet
bandwidth processing, even with dense class B net
filter specifications.
TIGER:
- checks key binaries against cryptographic
checksums from original distribution files
- checks for critical security patches
- checks for known intrusion signatures
- checks all critical configuration files
- will run on most UNIX systems, and has tailored
components for SunOS, Next, SVR4, Unicos.
NETLOG:
- efficiently logs all tcp/udp establishment attempts
- powerful query tool for analyzing connection logs
- "intelligent" intrusion detection program
AVAILABILITY:
This package is available via anonymous ftp in
sc.tamu.edu:pub/security/TAMU
Note that there are some distribution limitations, such as the inability
to export (outside the US) the DES libraries used in drawbridge; see the
respective tool readme's for details of any restrictions.
CONTACT:
Comments and questions are most welcome. Please address them to:
drawbridge@sc.tamu.edu
-----------------------------------------------------------------------------
The world awaits the new HP Palmtop. The 100-LX. Should be out in 2-3
more weeks. Features include: 80 X 25 screen, 1 PCMCIA v2.0 slot, DOS 5.0
in ROM, all the stuff from the 95LX, plus links to Lotus cc:Mail wireless
mail. 1 MB RAM standard. Whoopee. Get this and a pocket modem and it's
pretty much a hacker/phreaker's best friend. Lists for $750, but will
probably be offered for less, as the 95LX was.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Releases, Past and Future.
by Shredder
Here's what we got so far:
TBS0001.TXT A Moron's Guide to DECServers ........ Keith Cathode
TBS0002.TXT The Merlin System..................... Keith Cathode
TBS0003.TXT Caller ID Areas (in this issue, also). Keith Cathode
Upcoming releases:
Well, i'm working on a beginner's guide to UNIX and the Internet,
to be releases some time far in the future. Who knows what the rest
of TBS have planned? Not I. We're looking for text file submission
as well as articles for this. So. Send us stuff. See the end of
the file for how to submit schtuff.
/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
The Taco/Bell Syndicate are:
Keith Cathode <napalm@tacobel.UUCP> <napalm@ai.mit.edu>
Death <death@tacobel.UUCP>
Shredder <shredder@tacobel.UUCP> <shredder@ai.mit.edu>
R0dman <r0dman@tacobel.UUCP>
Bubble Sorter <bublsort@tacobel.UUCP>
Squeek <squeek@tacobel.UUCP>
The Inquisitor <vlad@tacobel.UUCP>
Han Solo <han@tacobel.UUCP>
All submissions/comments/flames/etc., are welcome.
Please send to tbs@tacobel.UUCP
Hey! Want to be on the TBS Mailing List?
Send mail to postmaster@tacobel.UUCP, giving your
internet address, and you will receive TBCore mailed
to you each month. Woo-ee.
Taco Bell Core, and other TBS Releases can also be
obtained by Anonymous FTP. FTP to ftp.ai.mit.edu,
look in the directory /pub/tbs. Woo.
Why not try:
The Pulsating Temple of Stan
(508)371-9849 1200-14.4K
<tacobel.UUCP> Internet mail/USENET News
cDc Global Domination Direct Factory Outlet
Current home of the Taco Bell Syndicate
Cheers to: Everyone in TBS, cDc, whose files inspired the
creation of this, MIT, for the use of their
FTP Server, 2600 Magazine, just for being
2600, the people who go to 2600 meetings in
Boston,, the Committee to Destroy the Universe.
and all the callers to the Temple of Stan.
Magic Man, Count Zero, and Rogue Agent
for all their advice and help.
A big FUCK YOU to: Skippy, and Shannon Strybel
