Copy Link
Add to Bookmark
Report
The Empire Times Issue 5
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% T H E E M P I R E T I M E S %
% ------------------------------- %
% The True Hacker Magazine %
% %
% October 18th, 1994 Issue 5 %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
This Issues Features:
# Selection Author Size
- ------------------------------- ------------- ----
X. Introduction armitage 4k
1. Raw Irc in a Nutshell PuD C0ur13r 4k
2. DMS Family of Switches erudite 6k
3. Defcon III Update dark tangent 3k
4. Bust of Mercury (aka merc) & others invalid media 10k
5. LDDS Multimedia, Operator Scams entropy 12k
6. NCSA Telnet x 6k
7. OSCINT Overview (Part 1 of a series) firefly 7k
8. OSCINT (Part 2 of a series) firefly 7k
------------------------------------------------------------------------------
Founder: Albatross
Editor: Armitage
Contributors: Entropy,
Erudite,
Firefly,
Invalid Media,
PuD Courier,
The Dark Tangent,
X.
Special Thanks: Northern Telcom,
Sevenup,
Noelle.
===========================================================================
-=- The Empire Times -=-
Introduction
Empire Times was once a rumor, but led by the know how of albatross,
they created an image, a way of life, an Empire. We brought it back, I
thought that there was no reason to let this empire die. This issue just
proves that we are back, and will keep going, the last issue was power-
packed, but it was not the last. The empire lives on, through busts,
complications and hardships.
Late? What do you mean late? So maybe you should just consider the
_actual_ release date about a week or so, or so, or soo after the date that
I tell you I plan to release it? Don't bitch at me, just wait a little
while longer, at least you still read it. I still plan on doing it on a
monthly schedule, but not exactly month after month, maybe a week or so late
every month, but it'll still be considered. "About Monthly". You know how
much support I get doing this? Not much, but there are a few helping hands,
(firefly, roach..). Other than that... I've had one complaint about this
zine, but I don't care, it's not my problem. Manowar --> fuck off, go away,
and stop wasting my time.
Brought back from the trenches of distractions such as irc. I just
thought The Empire Times was something we would do for fun, but somehow
people got my mail address, and sent for copy after copy of it. I've
assembled a mailing list for the magazine, I never thought we'd get this
kind of responses.
Hype. That is what everything these days is about. I don't know if
that is good, or bad. With all the things that have happened to the (602)
locals.. Invalid Media, VaxBuster, Merc and all them. I don't think I
want to understand. Whatever the case, someone is out there, someone is
leaking, but at this point, I don't care. I remind all of you to stay safe
and not to be as open as the next person. Invalid wrote something special
for Empire Times about the roundabout happenings in the (602) Scene.
At this time I would like to say a few things about current (well at
the time I am writing this) events. Invalid Media is looking to put upt
on the net. I think that is good and bad, it's good because it'll be net
accessible, but I think it's bad because more people will try to get in.
I hope it doesn't lose it's private factor. Reminder to all that UPT is
up, and still elite, so get the info and call.
Digital Anarchy is going better than ever. I'd like to mention it as
a really quality bbs, but don't want to offend the other great boards that
still exist. Boards are 99% dead, since the erruption of the internet.
That is good in some cases, but it does take most of the fun out of dialing.
However there are some still worth calling. Empire, Digital Anarchy, Plan-9,
Secret Techtonics, Unphamiliar Territories, Planet 10, Unauthorized Access,
Lucid Nightmare... Boards arn't the answer, but a social side, and an
alternative to irc.
Pumpcon is coming around the corner, at the end of October. Okinawa
thought it'd be a good idea to make it private. Well if you've seen the
info sheet, you'd see that it's not _that_ private. I hope it goes over
well, seeing that okinawa and ixom are putting out money, and taking the
trouble to do it. I think all in all it will come and go, with not many
people remebering it. That _should_ be due to the fact that pumpcon has
always been the party con(cept partycon). Whatever happens, I'm sure it
will go over nicely. I'm excited about it.
Till the next Empire Times,
armitage@dhp.com
===========================================================================
-=- The Empire Times -=-
Issue 5, File 1 of 8
IRC, The Untold Story
By PuD C0ur13r
You want to IRC, but don't have a client offhand, or you a client
is too hard to compile? Well, here's a secret for you.
You don't need a client for the irc. Try IRC raw.
No, I don't mean a hamburger raw. Sheesh. ;) Really,
though, raw is pure IRC. But personally I don't like raw irc.
Theres too much information there in Raw, and its a bit
confusing. But with info, it should be made easy.
Any irc server can be an anonymous IRC site. All you have to do is to telnet
to port 6667. ie - telnet irc-2.mit.edu 6665..6667
irc.colorado.edu 6667
irc.uiuc.edu 6667
poe.acc.virginia.edu 6667
hope.gate.net 6667
irc.iastate.edu 6667
cs-pub.bu.edu 6667
Once you are connected, you need to login. you do this with the following two
commands :
( note, do not try /user, this doesn't work)
user [put your 'real' user name here] 0 0 :[your 'full name]
ie - user PuD_r0ks 0 0 :PuD C0ur13r
(note - the 0's used to be fields for an ip address. However, this is obtained
via backwards checking now so these fields are redundant. On some
systems, most notably UMD, this will not work to change the 'real' user name
because it supports the identd protocol at port 113.)
nick [what you want your nick to be]
ie - nick roach
(again, don't try /nick. this is raw, not a client.)
you can join channels with
join #channel
ie - join #hack
(uhuhuhu, don't do /join either)
say your on #hack, and you wanna talk. Well just do this command:
privmsg #channel :[whatever you want to say]
ie - privmsg #hack : y0y0y0y0, PuD r0ks.
(note, the colon is needed).
And if you privately want to message someone, try this command.
privmsg [person's name] :[whatever else]
ie - privmsg armitage : hey, when is the next empire times?
the only things you can't do like this that I know of are - emotes and DCC
transfers. Emotes are lame anyway, and dcc is blocked out on most if not all
anonymous irc sites.
So there you have it. IRC raw in a nutshell.
But if you try IRC raw, and you think "Bleh, this is pretty
wierd. Is there any anon irc sites I can try?"
Well here are a few:
irc.nsysu.edu.tw login: irc
cybernet.cse.fau.edu login: bbs
suncc.ccu.edu.tw login: guest or gopher
dallet.channel1.com login: irc
ilink.nis.za login: irc
freenet.detroit.org login: guest
There are others, but those are the few that I know that work.
If anyone wants to update this article, or improve it (I
always need more anonymous irc sites. I could always make a
huge article on anon IRC sites. :) email me at roach@tmok.res.wpi.edu
SHOUTOUTS: (yhea, I want to shoutout too. ;)
armitage: PHRACK BOY, I MEAN ARMITAGE.
shadowdancer: d00d, watch out. keep yourself safe.
fenris wolf: Without you, this article could not have been
made. Thanks. :)
albatross: Wassup Homeboy?
y-windoze: HEY, WHEN IS MY PUD ARTICLE GOING TO BE PUBLISHED?!?
squinky: fry shit up, d00d.
Rest of the DC crew: w3rd up.
=============================================================================
-=- The Empire Times -=-
Issue 5, File 2 of 8
DMS Family of Digital Switching Systems
by Erudite
In this Infoarticle I hope to cover the capablities and flexabilities of
all the DMS Digital Switching Systems, I will also talk about other
Northern Telecom Devices and Systems. The majority of the file is based
on the DMS-100 system.
First we have breif descriptions of the DMS Switches:
DMS-10
------
This is a versatile switch which is cost-effective for the duties that
it was created for. It is a digital switch that services suburban and
rural areas. It is in service internationally as well as in the US
(rural and suburban areas). It allows access to local and long-distance
service. It can handle up to 12,000 subscribers. It is the smallest of
the DMS family.
DMS-100
-------
The purpose of the DMS-100 Switch is to provide coverage and connections
to the public network. It is designed to deliver services over subscribers
lines and trunks. It provides POTS (Plain Old Telephone Service), along
with very sophisticated business services such as ACD (Automatic Call
Distribution), ISDN (Integrated Service Digital Network), and MDC (Meridian
Digital Centrex).
DMS-200
-------
The DMS-200 switch has toll capabilities, it is used for toll-center
applications. It provides TOPS (Telephone Operator Position System) which
is the world's premier operator service, from Northern Telcom.
DMS-100/200
-----------
Simply, this combines the DMS-200 Toll capabilities and applications, with
the DMS-100 public networking, which makes it possible for this switch to
service subscriber lines, long distance circuits with toll applications.
DMS-250
-------
This is the long distance tandem switch that connects long distance calls.
It is used by the interexchange carriers. It is powerful, and they are
used to connect most of the U.S. population.
DMS-300
-------
This is the international exchange, which gates calls internationally.
It provides the most advanced range of international services. This
international digital switch can interface with almost *any* country in
the world. Talk about power. It is known as the International Gateway
System.
DMS-Supernode
-------------
This is faster, and can handle more throughput that the DMS-100.
DMS-Supernode SE
----------------
This is a reduced size Supernode system, it has a DMS-Core processing
engine, DMS-Bus high-speed messaging component, the Link Peripheral
Processor (LPP), and the Enhanced Network non-blocking switching network
(ENET), which makes it a cost effective system, combined all into one
compact unit.
DMS-MTX Cellular Switch
-----------------------
Northern Telcom's Cellular Switch. The DMS-MTX was the first cellular
switch in Northern American to offer subscribers.
DMS Architecture & Functionality
Messaging - "DMS-Bus" is the high speed data bus connecting most components
of the switch. This makes the DMS-Supernode system a true step up
communications platform.
Switching - The switching matrix calls to their destination. Currently
in planning is future switching fabrics that will allow for broader
data applications, including (ATM) Asynchronous Transfer Mode.
Maintenance & Billing - The DMS Systems provide full feature testing, and
other transaction and maintenance procedures.
Multicomputing platform - The DMS systems enables a high capacity, and other
"information" age applications and functions. Such as Videoconferencing,
transmission of imaging, and dialable ds-1 backup.
DMS Family Setup
Below will be a simple, common setup of dms systems to form a wide range
communications system.
DMS-100 ----------------- DMS-200 ----------------- DMS-250
(end office) /(Tandem office) (ld services)
/ |
/ |
/ |
/ |
/ DMS-300
DMS-Supernode ---------- DMS-100 (int services)
(maint,billing) / | \ |
(subscriber lines) |
+--- International
Gateway
DMS Applications and Markets
Switch Application Class Market
------- --------------------------- --------- -------------------------
DMS-100 End Office 5 Local Exchange Carriers
DMS-200 Toll Office 4 Local Exchange Carriers
DMS-
100/200 End Office/Toll Office 5 Local Exchange Carriers
DMS-250 Tandem Toll Center 4,3,2,1 Interchange Carriers
DMS-300 International Gateway CTI-3,CTX Int. LD Carriers
DMS-MTX Mobile Telephone Center Cellular Servers
Meridian
ACD Srvr Adjunct ACD Switch Local Exchange Carriers
Refrences: The DMS100 Advantage (nt)
=============================================================================
-=- The Empire Times -=-
Issue 5, File 3 of 8
Defcon III Update
by The Dark Tangent
XXXXXXXXXXXXXXXXXXXXXXXX XX DEF CON Announcement
XXXXXXXxxxxXXXXXXXXXXXXXXX XX DEF CON Announcement
XXXXXXxxxxxxXXXXXX X X DEF CON Announcement
XXXXXxxxxxxxxXXXXXXX X
XXXXxxxxxxxxxxXXXX XXXXXXXXX
XXXxxxxxxxxxxxxXXXXXXXXXX X
XXxxxxxxxxxxxxxxXXXXXX XX X
XXXxxxxxxxxxxxxXXXXXXXX
XXXXxxxxxxxxxxXXXXXXXX X XX
XXXXXxxxxxxxxXXXXXXXXXX XX X
XXXXXXxxxxxxXXXXXXXXX X DEF CON Announcement
XXXXXXXxxxxXXXXXXXXXXXXXXX DEF CON Announcement
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX DEF CON Announcement
Ok, nothing too fancy in this announcement. Just that DEF CON III is going
to be happening a little later next year, the first weekend in Augest '95
in Las Vegas.
There is a slight problem, however. We grew too large for most of the
Hotels. That means it is expensive for me to rent space large enough for
everything on the weekends. Sure the convention could be during the
weekdays, and everything would cost 1/2 as much, but everyone I talk to
tells me to do it on a weekend or not at all, so... Rooms will be around
$90 a night for a double.
We'll have three areas along one hallway. A double section for the
speaking, a section for people to hang out and talk and a section for
computer hookups and movies.
We have a mailing list up for information, etc. If you want to subscribe
mail majordomo@fc.net with "subscribe dc-announce" in the body of the
message.
There are lots of things being planned, but since shit always happens at
the last minute I'm not gonna say anything too early. We'll have more of
a focus on technical hacking this year, though.
Audio tapes, shirts, etc. are still available from DC II, if you are
interested mail dtangent@defcon.org for more info.
Thanks Armitage for putting this out...
The Dark Tangent
--
PGP Key (2.3a & 2.6) Available. Voice (AT&T) 0-700-TANGENT FAX 513-461-3389
DEF CON mailing list, mail: majordomo@fc.net with "subscribe dc-announce" in
the body. DEF CON FTP Site: fc.net, /pub/defcon WWW: dfw.net/~aleph1
============================================================================
-=- The Empire Times -=-
Issue 5, File 4 of 8
The Bust of Mercury (aka merc)
+other related busts
by Invalid Media
This is the unofficial textfile describing how merc got busted. A
litte background first - merc was the cosysop of Unphamiliar Territory (and
ran the board on many occasions when I wasn't up to it), he was also a
member of "the Posse" - a group which does not exist (its a figment of
Len Rose's imagination).
The source(s) for all of this information will not be disclosed and
real handle's will not be used to protect many people. If I were speaking of
The Dark Druid (for example) I might say Hacker A. Also please note that the
source for this information is NOT merc -- he is refusing to talk to anyone
at this point in time.
I. How it all started
Late August, merc was playing around with his lock-picking set and
decided to go to a bar. He was standing outside of The Dirty Drummer when a
cop strolled by. He was with non-Hacker A when this occurred. They both
got questioned and promptly arrested. His truck was seized at this time.
The morning of September 1st, merc's apartment was raided by many
different groups which include (but not limited to) Secret Service, Federal
Bureau of Investigations, IRS, Gail Thackeray (in person!).
Merc was (allegedly) dealing with the following:
a) Cellular telephony including engineering phones, making fraudlent
calls via tumbling and cloning.
b) Hacking and gaining complete control of many computer systems
(you know, all those that the Posse are accused of hacking).
Why was his apartment raided? Well, Gail Thackeray somehow found
out about his B&E bust and decided to take action right away - plus she
feared that he would go complete cellular and she would not be able to keep
track of his activities.
II. The following days
Well we all knew about his B&E bust but didn't know anything else
had happened. I was on irc a couple days after merc's bust and was /msg'd
by Hacker B with something along the lines of:
"what the hell is stuck up merc's ass? i called him and say hey and
he just hung up on me"
Not knowing anything other than the B&E bust, I just said that he
was most likely paranoid about it and doesn't want to take any chances until
things are completely cool again.
Having known merc for years, I decided to give him a call since he
obviously wouldn't hang up on one of his best friends.
RING, RING, RING... "i can't talk to you anymore..." <CLICK>
This is where I started getting really concerned. After repeated
attempts at trying to call him and stopping over at his apartment (with
little to no luck) I decided to give some other people a call.
Turns out, that same day Neurosis was busted, Mind Rape was visited,
and Richard Finch (a journalist who set us all up with an interview on KFYI
radio and who organized many 2600 meetings in Arizona) was also busted.
We called up Hacker C. He told us all he knew (and it was basically
information we already knew with the following additions):
a) merc was under investigation for at least a year
b) a wiretap and/or datatap has been plaguing merc for at least
an entire year.
c) they took fingerprints at merc's apartment
d) they didn't know much about Posse so they questioned him for hours
on the subject
III. Other related busts
It seems that on September 1st a lot of people were busted. On Sept-
ember 15th, a "security" user on my board, Keith Jensen of Sprint, posted
the following message:
--Begin UPT capture--
Subject: September 4th
From: sprinter@gail.upt.org (Keith Jensen - SPRINT)
Date: Thu, 15 Sep 94 16:42:25 PST
Organization: (Newsgroup) alt.neutral
September 4th at 4:09p, the Police, Secret Service and F.B.I. stormed
into the offices of Sprint in New York, promptly arrested me and seized
all the computer equiptment in my office.
I was charged with hidering an investigation taking place in New Orleans
into the escapades of Renegade, Dr. Demonsus, Wiseguy, and Revelation. I
have never heard of these people so please tell anything you know about
them. I was allegedly providing them with information they needed to gets
into TransUnion and Information America through Sprintnet.
According to them, I also helped them break into Government and Military
systems to obtain more credit card information.
They found a RS tone dialer in my office (which was not modified to make
it a red box) and charged me with possession of a toll-fraud device. I
have no idea what is going on. My office is still empty and raided and I
have taken an involuntary month-long vacation from Sprint until this will
clear up. Hopefully it will.
They asked me a lot of information about The Posse, my connections with
8BBS, Modem over Miami, The Phoenix Project, and MOD. I used to call some
of these boards many years ago but never did anything illegal through them
and it was over 10 years since I've heard 8BBS brought up.
A much pissed of Sprinter
--End UPT Capture--
There were a lot of posts about Sprinter's bust as well as merc's.
The following was posted by bobby0 on the general chit-chat forum:
--Begin UPT Capture--
Subject: merc/etc
From: bobby0@gail.upt.org (Bobby Zero - Normal User)
Date: Sat, 17 Sep 94 10:16:15 PST
Organization: (Newsgroup) alt.system.news
Would merc/mr/etc getting busted have anything to do with what happenee
er, happened to Sprinter? The timing seems pretty close.
Read this in CU digest today:
NEW ORLEANS (AP) -- "Dr. Demonicus," "Renegade" and four other
hackers used computerz to steal credit card numbers and used them
to buy $210,000 in gold coins and high-tech hardware, federal
prosecuters said Wednesday (Sep 8, 1994)
The nine-count indictment unsealed wednesday charged 5 men from
Lousiana and one from New York with conspiracy, computer fraut,
access device fraud, and wire fraud, US Attourney Eddie Jordan Jr. said.
Some of their hacker nicknames [gawd] were included. They were
identified as Dwayne "Dr. Demonicus" Comerger, 22; Brian Ursin, 21; John
Christopher "Renegade" Montegut, 24; Timothy "Revelation" Thompson, 21;
James McGee, 25; and Raymone "Wiseguy" Savage, 25, of Richmond Hills,
N.Y.
.. it doesn't mention phx at all, but I thought the timing was just kinda
odd.
--End UPT Capture--
At this point everyone is scared. A lot of hackers were busted and
the main thing they all had in common was an interest in Cellular telephony.
A week after Sprinter's post which set us all off, he posted the following:
--Begin UPT Capture--
Subject: my bust
From: sprinter@gail.upt.org (Keith Jensen - SPRINT)
Date: Wed, 21 Sep 94 16:32:36 PST
Organization: (Newsgroup) alt.neutral
This morning I was promptly visited at my house with one of the arresting
officers (Richard Dapesio) who apologized for the arrest and quickly
brought me back all the seized equiptment. They even gave me a check for
$75 to replace the tone dialer which they took apart and could never put
back together again.
I was told that the investigation was regarding only The Posse and many
people were visited. They told me that they apprehended all of the people
who they were going to already (on September 1st, my bust came on the 4th
because it took them a couple more days than it should have to get the
proper paperwork done). He said they got everyone they were looking for
except a few who they can't find because they are mobile. The reason I
was apprehended was because there was some information on my system that
was placed there by the New Orleans hackers (who are in the Posse group
he said) and they thought that I had given them access to my system and
its databases, but that wasn't true. They got in through a backdoor I
have yet to find. Its running BSD, so if anyone has BSD backdoors please
let me know.
Was this Operation Sundevil II? 46 hackers busted in one day. All those
busted were involved in credit card fraud or (the biggest fear people
have now) cellular phone fraud. People were using tumblers to make free
phone calls from their cellular phones and that had to be quickly
stopped. If you are involved in any way with the following things, I
would recommend stopping them:
Cellular phone fraud using tumblers or clones
Credit card fraud especially from Novell, Microsoft, and other
giant computer conglomerates.
46 hackers, 84 computers, hundreds of thousands of dollars in pirated
software, and thousands of dollars in carding computer equiptment,
software and cellular phones.
--End UPT Capture--
Ouch.
IV. Conclusion
Between August 31st and September 4th, a lot of hackers were busted.
The following is a list and reason (I'm just guessing)
Hacker Date Status Reason
------ ---- ------ ------
merc 01Sep94 Bust Cellular, Posse
involvement
Neurosis 01Sep94 Bust Cellular, Making
redboxes
Mind Rape 01Sep94 Questioned ??
Richard Finch 0?Sep94 Bust 2600
We don't know the current status of merc but he was always a good
hacker and friend and we wish him luck.
Invalid Media
upt@bud.indirect.com
upt@cyberspace.org
imedia@tdn.net
==============================================================================
-=- The Empire Times -=-
Issue 5, File 5 of 8
A Guide to the Wonders of LDDS
Metromedia and the World of
Operator Scamming
by Entropy
Ever find yourself at a payphone, without a redbox, code,
card, or other device by which you might place that essential call
to the warez boyz back home? Now assuming you (like most of us)
have some supernatural phear of quarters (or just dont have any)
you will need to find some other way to place your call. Now its simple.
You'll never have to hear another operator say: "Sir, how in gods name
are you putting those quarters in so fast?" or "Sir, you have yet to
deposit any real money!"
PART 1: Third Party Billing
---------------------------
- Billing From an Ordinary Payphone
You can't 3rd party bill to another payphone. Unless of
course you are know of a COCOT that accepts charges and doesn't
have an evil explanatory message saying something to the affect of,
"This is a payphone, fuck off." It's been that way for awhile now,
right?
Wrong. It can be done, it can be done easily, and it can be
done ANYWHERE IN THE CONTINENTAL UNITED STATES. The key is LDDS
Metromedia, the 4th largest long distance carrier in the US.
You've probably heard of Metromedia or some other company with a
similar name. They are tricksters with many divisions and they are
protecting their kodez, therefore they are known by MANY names,
some phone books even list LDDS Metromedia, and Metromedia as
seperate companies, but to my knowledge they are one and the same.
Generally you must be at a bank of phones (2 or more phonez)
for these techniques to work, unless you are at a COCOT, but i'll
get into that later. Here's how it works.
You approach a payphone in hopes of calling your mommy in
Atlanta but soon realize your redbox was stolen from your pocket
protecter by a group of bad bullies. Casually you move over to the
payphone beside yours and jot down its number. If the number isn't
on the phone you will have to call an 800 ANI to get it. (A list
of 800 ANI's is located at the end of this file.) Removing Entropy's
Paper Redbox from the pocket of your Guess jeans you note the 10-direct
code for LDDS Metromedia. You return to your original phone and dial:
109990+ACN
You will hear: "Welcome to LDDS Metromedia Operator Services,
to place a collect call press 1 or to bill this call to a calling
card enter the card # now. If you need operator assitance press 0."
In order to 3rd party bill you will have to go through an
operator. Don't be shy, they are friendly and have never heard of
toll fraud in their lives. Press 0 and when the operator comes on
tell her you want to place a 3rd party billed call. They will ask
you for the # to bill the call so you give them the # of the phone next
to you. If you're calling from an actual payphone (as a opposed to
a "standard" phone) they will put you on hold to verify the charges
and you will hear it ringing in the background. When the phone
beside you rings (it will ring) answer it (dont even worry about
changing your voice) and tell them you will accept the charges.
Heres an example:
1) Dial 109990-516-751-2600
2) Press 0, and wait for the operator.
3) Operator? Yes I'd like to bill this call to my friend at
411. Yes thats right 411. You won't bill to Sherry at
directory asistance? Would it help if i gave your her
operator number? (Try this from a COCOT, on occasion I
have gotten away with billing to directory assistance,
but I had to be tricky and give them a nunber like 617-
555-1212. Tricky, tricky eh?) Well then just bill it
to SUM-PAY-PHONE.
4) "Yes hello, oh yeah i talked to you a minute ago, yeah I
just like to bill my calls to this payph...i mean my
other line to save money... Yeah well it's a cellular
phone...uh huh, yes I know there if no logic to that I
just like to do it that way.... (If she persists.)
...Look lady, I am in a state of permanent psychosis, i'm
very scared right now."
5) "y0y0y0 e-man, how ewe doing ?@!$ eye g0t ewe y0r
warez!!@$"
This works, I am told, because LDDS does not use the database of
blocked numbers/payphones, or at least the one they have is
horrendously small. Bascially this means you can bill a call to ANYONE,
even if they have specifically requested that no collect calls be allowed.
And of course, (as you already know) you can 3rd party bill a call to your
favorite payphone - legally. Well at least _somewhat_ legally.
Yes thats right, the nice operators and helpful customer service
representatives concluded after hours of heated discussion that anything
LDDS is used for _MUST_ be completely legal - otherwise you couldn't do it.
...And you've been sitting home weekends soldering crystals...
Possible problems:
P: The operator recognizes your voice.
S: 1) Disguise your voice.
2) tell her that was your brother on the other other line
and that you are identical twins.
3) You want to fuck her like an animal.
P: The phone doesn't ring.
S: Your at a phone that does not accept incoming calls. This is
a problem, this means it won't work. If you ask the operator
whats wrong she will tell you the number you are billing to is
no longer in service and that no further information is available
about that number. There really isn't anything you can do about
it when this happens.
P: The number of the payphone isn't on the phone.
S: Use an 800 ANI. (See end of file)
- Billing from a COCOT
To quote 2600 Magazine, "Stupidity is an Olympic event in the
COCOT world..."
Countless articles have been written on the subject so I will assume
the reader is generally familiar with COCOT's (Customer Owned Coin
Operated Telephones.) The main weakness behind such phones is that they
were (and still are) subscriber loops. Originally the label "payphone"
was not associated with COCOT's and they could be abused in countless
ways. Now however, many phone companies have them "marked" as payphones,
you can't bill to them...etc. If you happen to be at a bank of two or more
such phones you can easily dial the operator and 3rd party bill to the
phone beside you. Unfortunately there are all sorts of things COCOT's
do to keep you from billing to the phones. Many COCOT's don't have the
number on them (use an 800 ANI) and in this area most COCOT's have
messages for operators saying not to bill to that line. This is however,
hardly the most powerful thing one can do with such a phone: when combined
with (you guessed it!) LDDS Metromedia a COCOT becomes a dangerous weapon.
In this case it is not so much the fault of the phone, but rather LDDS.
LDDS Metromedia classifies lines as "standard," a typical
residential line, and "payphone." Almost _ALL_ COCOTS are
classified by LDDS as "standard" phones. Now to save time and
money LDDS has implemented a particular policy having to do with
3rd party billing: they don't verify 3rd party billed calls when
made from a standard phone. Thats right, you can pick up your home
phone, dial 109990+617-GRENDEL and have the call billed to 202-456-
1414. They will do it without verification. This is great if you
want to go to prison when your number shows up on their bill at the
end of the month. I am unsure as to whether or not the billed party's
number has to needs be valid. If not a phreak would most likely get
away with billing from home. LDDS Metromedia will also 3rd Party Bill
calls to the phone you are calling from. (Use this as a last resort if
you get them to bill a call otherwise.)
You've probably realized by now that from a COCOT you should
be able to bill a call to the phone you are standing at or any
other random number that pops into your head. Using LDDS to bill
to a COCOT is even easier than boxing a call. All you have to do
is dial 109990+ACN, ask for the operator, and tell her to 3rd party
bill the call to wherever you want. Its that damn easy.
[Note: Just before the release of this file LDDS began asking for
full real (hah) names, they now keep them in a database... Apparently
some of Entropy's friends used this billing method a bit much. Just
billshit the name, and if they tell you the party is not accepting 3rd
calls then try again. No biggie.]
Part II: Fucking People Over
----------------------------
Scenario: Your friend just pissed you off. Your friend is
going to wish he never pissed you off.
Solution: Go to your local COCOT (or someone else's
subscriber loop) and call 109990+310-516-1119 (deadline).
Ask the operator to bill the call to the assholes house.
When you here a loud click the deadline has answered
and you can leave the phone hanging there and just walk
away. You might even want to put a little "Out of Order"
or "Do not hangup" sign on it, or rip the receiver right
off the phone. Doing both seems to produce (on the average)
much higher bills.
Part III: Collect Call Messaging and Operator Phun
--------------------------------------------------
This article is about practical methods of placing calls. The
information may or may not be new, and some sections may be considered
somewwhat lame. But everything in this phile is easy to do...and it
works. With that in mind lets move on to Part III.
Have you ever wanted to give someone a quick 15 second message
without bothering with the usual billing shit? Simply pick up your
payphone, or home phone for that matter, smack 0+ACN and just
select collect when you are given the option. When it asks you for
your name say something like, "Dont accept, the warez are on their
way!!" If you speak in a very distinct manner it may say it didn't
get your name. Try to slur 3 or 4 words together so it thinks of
each slur as being a segment of your name. The same goes for
slurring too much, if it hears one long "blahahhhh" it will ask you
to repeat.
Amazingly this technique even works with live operators. All
you have to do is tell them your name is "Dewd 'I have the k0d3z'
Michaels" or something to that effect. Tell them its a secret
thing between the two of you and if the operator doesnt say it they
won't know its you. In most cases the ops are required give them
that name.
And finally a list of k0d3z needed to do much of the shit in this
phile. Abuse them fully. Its a great compact carry-it-everywhere list
of ods and ends for the modern phreak. Have phun.
Entropy's Paper Redbox
To set up a a conf--
ATT Meetme: 1-800-232-1111
Alliance Dialin: 0-700-345-1000/2000
LDDS Metromedia: Dial 109990+ACN
Encore: 1-800-288-2880
ANI's: 1-800-568-3197
1-800-959-9090
1-800-769-3766 (hit 1 twice)
Deadlines: 310-516-1119
0-DaY GreeTz AnD SuCH!@#$
-------------------------
SuPaH-D00PaH y0y0'z g0 0ut t3w: Armitage, Da TeLc0PiMP
X, z00m, Olphart,
Kalen and the resta
the DC PoSSeY!@>#!11
(We have your inpho.)
Send all warez, (GaM3z ONliE Pl33Ze)
inph0, h0h0'z, k0d3z, & GiRLiEZ to: entropy@dans.dorm.umd.edu
"Phun is phucking a h0h0"
-Entropy, Octobah '94
=============================================================================
-=- The Empire Times -=-
Issue 5, File 6 of 8
Being Elite with NCSA Telnet
(common telnet used in computer labs)
written and tested by X
College campus is a great place to live. Especially if you have
ethernet in your rooms. However if you don't have ethernet, don't be
discouraged. Ethernet can be just as easily used from one of the greatly
convenient labs on campus, especially those that stay open 24 hours a day.
Most campus machines that I have delt with have NCSA Telnet that
connects people to the internet. TN3270 is the version that I have used
for years, and is the version from which I have tested my information.
However I have gotten these simple tricks to work on many other versions
including NCSA Telnet 2.5 for the Macintosh.
First off you need to find the directory on the network containing
the telnet files. Example: F:\APPS\TN3270\ or F:\PROGRAMS\TELNET\ or
whatever your administrators have decided to put it in. Unless you have
supervisor access on the network, you won't be able to edit the necessary
files on the network, therefore you should copy all these telnet
files into a temp directory onto the C drive. i.e. C:\TEMP. Next you need
to find the file called CONFIG.TEL. This is the file in which all the
information is kept, i.e your designated i.p. address. You need to edit
this file and since you now have your own version of telnet now on the C
drive, you won't hurt anything.. yet. Here is a shortened clip of an example
of a CONFIG.TEL file, my comments will be preceded by "***" :
CONFIG.TEL
--------------------------------------------------------------------------
# WARNING: The values for "myip" and "myname" are reserved for this
# Machine only. Do not use these values with any other machine.
*** This is exactly what you want to do :)
myip=rarp
------------------------------------------------------------------------
Rarp is a program which assigns this pc an i.p. random i.p. address
which currently isn't being used. Some schools go ahead and assign each pc
with it's own personal i.p. address so they can keep track of what goes on
from where. In that case it would look like this:
myip=135.2.45.23 (or whatever).
Now for the good fun, you can replace myip with your own i.p. address
such as another pc, your local unix machine, or your admins pc :). It is a
good thing to know beforehand what i.p. you want to take on. It has to be
on the same domain as you of course. i.e. 135.2.45.##
What happens now? You know that admin that doesn't like you and always keeps
a close eye on you? I wonder what would happen if you replace the myip to
his i.p. address and then trying to telnet somewhere. Well, once you
lets change the i.p. and try.
myip=135.2.45.50
If his pc has a name (like it is in the nameserver) then you can telnet into
a system and it appears like you are coming from your admins office. Watch
C:\TEMP\telnet hobbes.werd.edu
Connecting to 129.6.180.32, port TELNET (23)
*** all fake, simply for explanation
Linux 1.0.9 (hobbes.werd.edu) (ttyp2)
Welcome to hobbes!
It has been 23 minutes since our last break in.
Keep up the good work! -admin
Last login: Thu Oct 13 12:15:21 on ttyp3 from PC23.WERD.EDU.
You have new mail.
hobbes:~> who
x ttyp2 Oct 13 13:50 (ADMIN.WERD.EDU)
hobbes:~>
werd.. so now you appear to be telneting from your admins machine. But what
happened to your admin so happily sitting at his terminal in front of his
computer? Well, all his telnet sessions simply locked up and he probably
had to reboot.
This is a great way to hide the fact that you are hacking from a
certain machine in the lab and it will throw off any investigation of who
was using what machine at what time.
Now, you want to get rid of your admin? Simple. Try lots of feeble
hack attempts from your pc (now his address) on lots of elite .gov and .mil
sites. Run lots of scripts and be sure to leave lots of logs. The FBI
will most likely break down his door within the next week or so and haul him
off thinking he is some hack dude.
As for others in the lab that you have a disliking for, i.e. warez
dude, mudder, or even your cpsc teacher down the hall. Figure out what
i.p. they are using, change your CONFIG.TEL file to their i.p. and watch
them lose their connections. Hopefully they were transfering a file or
even battling the evil dreaded 3 headed monster on the elite mud.
It goes without saying that you should clean up your C:\TEMP\
directory as you do with anything, don't leave behind stuff that anyone
can use to link back to you. Or else your admins will figure out what
is happening (not likely) and take care of the problem.
Greetz: Y-WiNDOZE, Entropy, Manowar, The R0ach, PuD, amm, and all da
warez kiddiez.
=============================================================================
-=- The Empire Times -=-
Issue 5, File 7 of 8
Open Source Collection INTelligence
Part 1 in a series, "An Overview"
by Firefly
This is an overview of a soon-to-be-regular series on
OSCINT, or Open Source Collection INTelligence. I explore
this topic not only because it is interesting, but it deals
with hackers and Netcruisers in a non- slanderous light ...
which I find a refreshing change. I think that when this
series is done, you'll have a better idea of how we, the
hacking community, are more of an asset -- and a threat --
to the world at large.
-- Firefly
Resident OSCINT Advocate
PART THE FIRST -- OSCINT OVERVIEW
With the many advancements in information retreival
services, there is a growing threat of information being
obtained and used for the wrong reasons. Such improvements
include electronic CD-ROM databases for home computers,
academic data stored on computers on the Internet, and even
modern archival systems in local libraries. Unknowingly,
however, the scientific and technical (S&T) community
members responsible for creating the Information Explosion
by improving these archiveal services has also enabled the
public to rather easily obtain the data that is part of
classified secrets. Consider nuclear weapons: the American
public knows they exist, but their creative process is
classified by the government. Yet atomic experiments are
conducted daily throughout the S&T community and such
experiments -- with results -- are recorded and made
available to the public. Theoretically, then, a person could
research, locate parts for, and assemble an atomic weapon
within their own home -- many files on h/p/a BBSes cover
other such lethal concoctions. Proliferation of nuclear
weapons is a proven evil. But what effect does the
proliferation of information that leads to the proliferation
of such weapons take in the intelligence community? What
does this do to the definition of national security? What
does this mean for the intelligence community? What about
Big Business?
For starters, national leaders (from the President to
the thousand - dollar - suit - wearing mongrels running
megamonopoly-like corporations like MicroSLOTH) must sit
back and re-evaluate their fundamental definitions of
national security, intelligence, and corporate success. In
recent years, especially in the Clinton Administration, the
definition of national security has changed to include
economic issues as key factors that define how secure or
stable a nation is. Other transnational factors, such as
global warming, national development, and the environment
are also crucial in shaping American foreign policy.
Information on all these topics exists in the public domain
and is not considered a government secret.
The end of the Cold War has caused a worldwide debate
over many political definitions, especially what constitutes
war, peace, and the proper role of the nation-state in the
defense of its citizens. Intelligence during the Cold War
was a lengthy process that targeted the Soviet Union.
Through the years, collected information has been archived
by not only intelligence agencies, but private organizations
as well, such as LEXIS/NEXIS. Over forty years' worth of
information has been archived in libraries and constantly-
revised electronic databases. Business information such as
stock prices, annual reports, mergers, and other
information, is also available to whoever requests it. This
raw data is available to the public, academics, researchers,
and interested rival nations or corporations as well. With
the advent of computer technology and the resulting ability
to conduct rapid and global searches as well as instant
interpretation and presentation of collected data,
information is becoming freely available. A rival nation,
after locating relevant data on his target, could
incapacitate military and civilian command systems or
disrupt urban power grids and the civil infrastructure as a
prelude to a larger attack. A business competitor could
learn sensitive material and trade secrets from a rival
corporation and improve its competive status on the market.
Information is readily available on any subject from any
perspective. With a little bit of research, interpolation,
and brain-work with his findings, a person could cause
substantial damage to a rival nation or corporation by
stealing unsecured information that freely exists in the
public domain.
There are three traditional intelligence
collection methods. There is open source collection (e.g.:
FBIS, Jane's Defence), the traditional and secretive HUMINT
methods using spies and agents, and classified technical
surveillance (TECHINT). The latter are used to used to gain
access to Kremlin safes, high-level PLO meetings, OPEC
negotiations, and other areas where United States
representatives may not be welcome. The CIA has taken the
lead in such collection, and amassed a substantial archive
of information from open sources to collate with reports
gained through other secretive means to provide their "best-
guess" intelligence estimates. Interestingly, however, open
source collections account for about 75% of all foreign
intelligence gathered, especially in such areas as foreign
local politics, culture, quality of life, and public opinion
of foreign leaders and policy. Secretly-gathered information
usually reveals more high-level information than open
sources, however, when the two are joined and accurately
processed, a fairly accurate estimate should be possible.
Contrary to popular belief, the CIA places a surprisingly
high emphasis on OSCINT activities...and then classifies it.
Stay tuned -- "OSCINT: What is it?" (when we get into the
REALLY good stuff)
=============================================================================
-=- The Empire Times -=-
Issue 5, File 8 of 8
Open Source Collection INTelligence
Part 2 of Open Source Intelligence...
by firefly@dans.dorm.umd.edu
(and a college graduate too!!)
The most prominent open-source advocate is Robert Steele,
founder of Open Source Solutions, Inc., a year-old clearinghouse
of unclassified information. After establishing a $20 million
intelligence center for the U.S. Marines, Steele was shocked to
discover that its interface with CIA classified databases could
not provide the information that Marines wanted to know, such as
the turning radius for ships in Brazilian ports or how much
weight a bridge in Jordan could support. Much to his surprise,
the information sought was easily found in the "open" market of
commercial databases, academic sources, and computer networks.
"Secrecy corrupts truth", he professes, much to the chagrin of
intelligence specialists who agree that "if it's not secret, it's
not worth knowing." Due to his solid standing in the intelligence
community and his promise of better information for one-tenth to
one-hundredth of the cost of classified material, Steele is the
subject of scrutiny of several influential policy makers and
colleagues in the intelligence field. This not only publicizes
Steele's organization, but also illuminates the cost-
effectiveness and true potentials of open sources to both
government and private consumers as well.
Commercial ventures, such as OSS, although classified as
Open Source Intelligence organizations, are primarily research
organizations. A large percentage of time spent in OSINT-
gathering and collection is done in libraries behind computer
workstations on the many computer networks that span the globe
with the single purpose of gathering information. In a decade of
cutbacks in defense and intelligence funding, both OSINT-
gathering activities and the resulting information are cost-
effective methods of obtaining competitor information and data on
foreign targets. The OSINT customer -- government or corporate --
need not rent a satellite, hire agents, or spend mega-dollars on
technical sensing equipment. They need only purchase a newly-
updated report tailored exactly to their requirements, subscribe
to a newspaper, or read a book or bound reference. In this age of
cost-effectiveness being the paramount factor in authorizing
government programs, the silent opinion seems to be one of "let
some other guy do it" as a way to cut spending in not just
intelligence operations, but throughout the government as well.
Futurist Alvin Toffler wrote in Powershift that "information
is a substitute for time, space, capital, and labor." With the
new definition of national security including economic issues,
OSINT is an indispensable asset in determining national security
and national economic competitiveness. Toffler's "time-space-
capital-labor" equates to a college economics textbook discussion
of "land-labor-capital" lessons in economic theory. Without
these changes in fundamental political definitions, open sources
and the advent of information exchange agreements will continue
to be the unexplored and ignored intelligence medium of the
future, as relatively little economic or trade data is kept
secret by the government.
Open source information is everywhere. From the daily
newspaper to the national libraries, information overloads
today's people. This information overload has resulted from
computers and the many electronic archives of formerly-printed
media. With a request through the Freedom of Information Act,
citizens can peruse most government documents and reports legally
and easily. Electronic databases on any subject are only a few
keystrokes away and open to anyone with a personal computer and
phone line. This wealth of information and raw data exists in the
shadowy domain of cyberspace. As long as cyberspace remains
without a formal structure, government, or hierarchy, anyone can
access anything on-line. The use of computers has simplified the
ability to analyze and interpret large amounts of data, including
the ability to formulate estimates and predictions with limited
or hypothetical data. Intelligence, has therefore moved into a
new environment with a new set of tradecraft. Today's new
intelligence tools are keyboards, modems, and databases used in
the shadows of cyberspace.
Computers are useful in storing and analyzing information,
but are only one tool available to utilize open source
information. Television, periodicals, books, and personal
interviews can also lead to valuable intelligence information for
the OSINT operative. In the business world, stock reports,
phantom customers, newsletters, and professional symposiums are
all ways of gaining open information about a competitor or rival
market. No piece of information is unimportant in OSINT
operations. PSYTEP's Paul Caldwell remarked that there are "new
modes of intelligence-gathering being born everyday," including
TRASHINT (garbage-picking) and RECYCL-INT, (reading discarded
papers that are sent to a recycling company for disposal before
they are recycled). In essence, OSINT includes these modes of
inquiry as well as any investigative technique used by a private
investigator.
Some of these secret operations, such as RECYCL-INT, are
considered "gray-colored", since they are not quite ethical or
orthodox, however, they are legal. Many times intelligence is
gathered through overt -- albeit unorthodox -- methods, much to
the embarrassment of the target company or individual. Placing a
person in a position to gain information is relatively easy,
especially in the business world. An operative posing as a alley
vagrant could ruffle through a commercial garbage dumpster, read
discarded papers, and bring "interesting" data back to the
investigating office for incorporation into a larger report on a
rival's business strategy for the next decade. Far-fetched?
PSYTEP collection specialist Ronald Coetzee says that the "sky's
the limit on collections...you must be prepared to gather any bit
of info you see as relevant for your case."
Next Issue -- A Successful OSCINT story we all know of.
=============================================================================
The Empire Times Q & A Section.
Where can I get The Empire Times?
Via BBS
This is provided that you are on these systems, none accept many new
callers, so the #'s arnt listed.
[NPA] [#] [System Name] [System Operator]
----- ------------- ---------------------- -----------------
(301) PRIVATE Empire Albatross
(703) PRIVATE Digital Anarchy Armitage
(602) PRIVATE Unphamiliar Territory Invalid Media
(+49) XXXXXXXXX Secret Techtonics Sevenup
Via Anonymous FTP
etext.archive.umich.edu (ftp.etext.org) /pub/Zines/Emptimes
fc.net /pub/defcon/EMPIRE
Via The Empire Times Mailinglist
Mail armitage@dhp.com with "subscribe emptimes <your mail address>" in the
context of the message. To request old issues, just put
"request emptimes # <your mail address>" where # is the issue #.
Where can I get in touch with any of the writers?
Erudite/Armitage armitage@dhp.com
PuD C0ur13r roach@tmok.res.wpi.edu
Invalid Media upt@bud.indirect.com
Firefly firefly@dans.dorm.umd.edu
X x@dans.dorm.umd.edu
Entropy entropy@dans.dorm.umd.edu
Can I write? And where can I send my Article Submissions?
You can mail Armitage or Albatross on either Digital Anarchy or
Empire. You can also mail them to me personally at armitage@dhp.com with
"Submission" as the title, or in a piece of mail before it.
