Copy Link
Add to Bookmark
Report
The Empire Times Issue 2
From armitage@dhp.com Sun Sep 25 19:27:20 1994
Date: Sun, 25 Sep 1994 15:48:03 -0400
From: armitage@dhp.com
To: dtangent@fc.net
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% T H E E M P I R E T I M E S %
% ------------------------------- %
% The True Hacker Magazine %
% %
% July 10, 1992 Issue II %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Editor in Chief: Albatross Co-Editor: {Spot is Open}
Email: bbs.albatros@goonsquad.spies.com Staff: {Spot is Open}
wdem416@worldlink.com
Dist. Center: The Empire Corporation
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Phile Description Size Author or Group
- ------------------------------------------------ ---- ---------------
1 Introduction 1k Albatross
2 The Grim Reaper and his CBI Story 10k The Grim Reaper
3 Why the Secret Service Will Bust You 11k C.P.S.R
Instead of the F.B.I.
4 Use The Freedom of Information Act For You 38k F.O.I.A.
5 Carding in the 90's 4k Mustang
6 Specs on Caller ID 6k TELECOM
7 Foiling The Cracker 37k S.E.I.
8 Phreak Knowledge {What All Should Know} 8k Rebel Lion
9 The Beginner's Guide To Hacking On Datapac 73k The Lost Avenger
10 SummerCon '92 (The Conference) 7k Albatross
11 The News .... On the MOD Bust 10k {Various News}
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=- The Empire Times -=-
Volume 1, Issue 2, File 1 of 11
Introduction
As Time goes on and on, it seems that The Empire Times are reaching
a bigger and better field of people, I have noticed myself that the
level of knowledge has jump 10 fold since the first issue and that was small. Well after you finsh this baby I think The world will be in for
the time of there life....
The Times Needs writes like mad, so talk to me and I see what
I can do to give ya a helping hand. I need Freelance writers and
dedicated staff members....
"Don't let anybody stand in your way, Fight till the end,
Never give in and never let them win, Allways fight Back"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=- The Empire Times -=-
Volume 1, Issue 2, File 2 of 11
The Grim Reaper & His CBI Story
by
The Grim Reaper
Well, I am sure you have all heard that I had a small legal problem today,
and I know how stuff gets blown out of proportion, so I thought I'd
explain the story myself. Here goes...
I have carded a few items in the past 3 days, and I have NEVER done this
before. The Grim Reaper got CBI accounts and placed orders, and I picked
them up. Well, one of the places Grim ordered from was Paradise Computers,
they knew it was a bogus order, but told us the package was shipped. Then
they called the FEDS. Anyhow, the Feds must have been watching the pickup
spot, then following me around till I met up with Grim to deliver his share
of the stuff. As soon as we went to make the exchange, the Secret Service,
FBI, state police, and local police were running at us with bulletproof
vests and automatic guns. They handcuffed us, separated us, and took each
of us back to our homes for them to search.
So I haven't talked to Grim Reaper since I saw him lying next to me on
the ground being arrested. But here's my story. About 20 agents came
to my apartment and grabbed all computer equipment without a receipt. So
we still have 1 modem, and this computer system. Anyhow, they grabbed\
every piece of paper they could find. Unfortunately, I am a very
organized person, and had "the who's who in the pirate world" written
down for my use. So if you ever gave me your real name, number, or
address, it is now in the hands of the Secret Service and FBI. This
list was quite large, as it took 2 years to compile.
These boys did their homework. They knew Enterprize was USA HQ and they
knew my handle, and they knew I supplied the group with software. They
weren't going for just anyone here guys, they knew they needed to bust a
group leader. Well, they did. Got me on carding, pirating, and a ton of
other legal terms having to do with both of these.
I was charged with 6 different counts, each holding a 5-30 year prison
sentence. It doesn't look good for me at all. I'll post a file as
soon as I get arraigned and let you guys know what is going on.
But I will say this now, and I MEAN it. I love the groups, the software,
and the competition. But regardless of what happens to me, I am done
forever. No more NotSoHumble Babe, no more USA. I hate to do this to
everyone, but I really don't have a choice. And regardless of who I am
that got busted, be strong and support what you believe in your hearts:
piracy. Don't let them win. You guys can all go on without me. Just
promise me you won't give up and throw in the towel. If anyone wants
to contact me, you can leave e-mail on Enterprize for me, or call voice
AT YOUR OWN RISK. They told me they were tapping the phone lines.
Just got to say a few goodbyes...
Genesis: man, this stuff is in your blood, don't allow my mistakes to
mess up something you've loved your whole life. You Gotta Ski!
Silencer: well, you warned me and I didn't listen. I needed to listen to
the kid with a knowledgable mind. Sorry, the second time I left
a group and left you hanging...
Cool Hand: Joe, you are a really nice person to talk to, and you've got a
wife and kids. Remember that man, is this stuff worth it?
Line Noise: Neil, I guess you are one of the happier ones to hear of my
bust. No THG, no USA. You will rule the world man, but be
more careful than I was.
The PieMan: Well, you can quit threatening to turn my board in if you ever
get caught. My board was officially busted.
Fab.Furlough: Deep down inside, you are a backstabber. But I still love
you man...
And to all I didn't say anything to, doesn't mean I don't care. I hope USA
will continue to live and prosper. And I will do anything I can(legally)
to help USA prosper. Goodbye...
The NotSoHumble Babe
Of course, that was the version she wanted to play to the general
public. The NotSoHumble Babe and The Grim Reaper were not just doing this
for the first time, it had been a routine thing for quite a while.
(For at least 4 months, when TGR carded his 486/33).
I guess it would be helpful to take a few steps back, and get a look
at the whole picture as I know it (From reliable sources, and from personal
experiance with these two people).
The NotSoHumble Babe was always known for her good contacts in the
software field, that is the reason for USA's quick appearence. People
probably wondered how she did it? I am sure she had many ways, but the one
tactic she used which gained her the interest of the FBI was telling the
software Co's she was a distributor. All of them believed this expept for
one. When this one checked her Employer Identification Number, and found
it didn't check out with her, they knew something was up. They then had
her lines monitored, and because of this found out they had more then a
business fraud on their hands, they found out they had a veteran Credit
Card abuser, and the leader of a major pirate group. This then in turn
caused a lot more investigation to take place, and in turn the interest
of the Secret Service. Since they were being monitored, the SS knew all
their plans. When TGR had ordered his next shipment of carded goods, the
SS notified the company of what was going on, and set the trap. Now,
after several months of investigation on The Grim Reaper (Mike Arnolds)
and The NotSoHumble Babe, the case was about to come to a close, they
had everything they needed to convict these two people in court, and whoever
else they wanted.
As Amy said in her text above, she and Mike were on the way to meet each
other to split the goods they had carded. When Amy went to FedEx to pick
up her shit, and go meet Mike, they were surrounded, and arrested.
This took place on 1-29-92 at approximately 2:27pm.
Mike and Amy were taken back to their houses, where all of their equipment
was looked over. As she said, anything without a receipt was confiscated.
Then, came the big talks from the Feds - Interrogation.
This day totally changed Mike's and Amy's life drastically. Things would
not be the same. And because of this, they were both pretty moved.
Because of this insecure feeling, and because they are both unable to take
this shit themselves, and not implicate other people, they decided to
cooperate 100% with the authorities. Anything they didn't have on paper,
anything the Feds found unclear, Mike and Amy are/were right there to make
a clear picture for them. Amy failed to say this, I see. I know first hand,
The Grim Reaper and The NotSoHumble Babe are going to drag as many as they
can with them. A loser thing to do, but that's what they are going to do.
Looks like it's time for us all to either call it quits for a while, or
be very fucking careful. TGR and TNSHB are both history. They fucked up.
And now they will pay for their mistakes. But we don't need to be party to
their bullshit. Delete their accounts from your board, blacklist them,
lock out newusers, change the system pw, and even go as far as deleting all
USA affiliates if you feel it is necessary.
What about USA? What about Genesis and BBS-A-Holic? Well, Genesis was one
of her partners in crime. Thomas always made it a habit to get something out
of each of her shipments, so to do this, he had to contribute somehow, nothing
is free. He helped card about 25% of the shit they got, so I am sure he is a
nervous mother fucker right now. The Feds are monitoring his local FedEx
anyway, so if he goes there to pick up his last package, his ass is in jail
too. He also was a very avid user of the 950-0511 extender, as the Feds are
aware of, and they might pop him for this, who knows? The board? USA?
I have heard, but not from Genesis, that USA is now officially dead.
BBS-A-Holic is down, and no idea when it will come back up.
But when it does again come online, I will not be a member on that system.
Thomas is considering turning himself in, if he does this, he said he too will
cooperate with the Feds, which means if you were his friend yesterday, and
helped him card shit, or anything, then you might share his cell tomorrow.
What do you know about The Grim Reaper, The Void, and Vision-x? -
The Grim Reaper is getting popped for the second time, therefore, I think
his ass will be in jail a few years, once he is sentenced. The Void?
I am not sure, but I assume since he had carded all of his computer
equipment, that it was all confiscated, along with all of his backups.
Mike being in jail, or not, will never again run a board. As for Vision-x,
who knows. Warlord has not made a public statement yet, so noone knows yet.
He does live in 313 as did the other two, so if I were him I would be scared
shitless, especially since he was supposed to receive a carded 386/25 from
USA. Felony Net and Toxic Net are all history. Perhaps Warlord will bring
them back, though, but I don't foresee this any time soon.
The Grim Reaper and The NotSoHumble Babe were charged with Credit Card
Fraud, ammounting 18,200$, and software piracy adding up to 72,000$.
Once you add Genesis' (Thomas') part in, the credit card fraud will probably
amount to 21,000$, but, that's just my guess, based on all this shit he told
me about that he assisted in, and some he did on his own.
When TNSHB says to call her board and leave her your questions, or number
to call you back at, it is just a simple way to drag you in. Dont fall for
it. Lives and freedom are too precious to ruin for a bitch like her.
Just for the hell of it, here are their telephone numbers, if you want to
verify all this shit, just call and ask them. (I advise you do this from a
payphone a LONG way from your house, and dont identify yourself)
The Grim Reaper (Mike) 313-981-1903/313-981-1296
The NotSoHumble Babe (Amy) 313-442-2523
Genesis (Thomas) 213-328-7507
Hope this has all been helpful. If you want more history on these people,
send a public message on OoofNet in care of [>ANONYMOUS<], and I will give
the desired history out.
[> ANONYMOUS <]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=- The Empire Times -=-
Volume 1, Issue 2, File 3 of 11
Why The Secret Service Will Bust You
Instead of The F.B.I.
Here is a letter from the Director of the Secret Service to US
Rep. Don Edwards, D-California, in response to questions raised
by Edwards' Subcommittee. This copy comes from Computer Professionals
for Social Responsibility in Washington, DC.
DEPARTMENT OF TREASURY
UNITED STATES SECRET SERVICE
WASHINGTON, DC 20223
The Honorable Don Edwards
Chairman
Subcommittee on Civil and Constitutional Rights
Committee on the Judiciary
House of Representatives
Washington, D.C. 20515
Dear Mr. Chairman:
Thank you for your letter of April 3, 1990, concerning your
committee's interest in computer fraud. We welcome the
opportunity to discuss this issue with your committee and I
hope the following responses adequately answer your
questions.
Question 1:
Please describe the Secret Service's process for investigating
computer related crimes under Title 18, United States Code,
Section 1030 and any other related statutes.
Response:
The process by which the Secret Service investigates
computer related crimes is similar to the methods we use to
investigate other types of criminal investigations. Most of the
investigative techniques are the same; surveillances, record
checks, witness and suspect interviews, etc. the primary
difference is we had to develop resources to assist in the
collection and review of computer evidence.
To provide our agents with this expertise, the secret service
developed a computer fraud investigation course which, as of
this date, has trained approximately 150 agents in the proper
methods for conducting a computer fraud investigation.
Additionally, we established a computer Diagnostics center,
staffed with computer professional, to review evidence on
computer systems.
Referrals of computer related criminal investigations occur in
much the same manner as any other case. A victim sustains a
loss and reports the crime, or, a computer related crime is
discovered during the course of another investigation.
In the investigations we do select, it is not our intention to
attempt to supplant local or state law enforcement. We
provide enforcement in those cases that are interstate or
international in nature and for one reason or another are
beyond the capability of state and local law enforcement
agencies.
When computer related crimes are referred by the various
affected industries to the local field offices, the Special
Agent in Charge (SAIC) determines which cases will be
investigated based on a variety of criteria. Each SAIC must
consider the economic impact of each case, the prosecutive
guidelines of the United States Attorney, and the investigative
resources available in the office to investigate the case .
In response to the other portion of your question, the other
primary statute we use to investigate computer related crimes
is Title 18, United States Code, Section 1029 ( Access Device
Fraud). This service has primary jurisdiction in those cases
which are initiated outside a bank and do not involve
organized crime, terrorism, or foreign counterintelligence
(traditional responsibilities of the FBI).
The term "access device" encompasses credit cards, debit
cards, automatic teller machines (ATM) cards, personal
identification numbers (PIN's) used to activate ATM machines,
credit or debit card account numbers, long distance telephone
access codes, computer passwords and logon sequences, and
among other things the computer chips in cellular car phones
which assign billing.
Additionally, this Service has primary jurisdiction in cases
involving electronic fund transfers by consumer (individuals)
under Title 15, U. S. code, section 169n (Electronic Fund
Transfer Act). This could involve any scheme designed to
defraud EFT systems used by the public, such as pay by phone
systems, home banking, direct deposit, automatic payments,
and violations concerning automatic teller machines. If the
violations can be construed to be a violation of the banking
laws by bank employee, the FBI would have primary
jurisdiction.
There are many other statutes which have been used to
prosecute computer criminals but it is within the purview of
the U.S. Attorney to determine which statute will be used to
prosecute an individual.
Question 2:
Has the Secret Service ever monitored any computer bulletin
boards or networks? Please describe the procedures for
initiating such monitoring, and list those computer bulletin
boards or networks monitored by the Secret Service since
January 1988.
Response:
Yes, we have occasionally monitored computer bulletin boards.
The monitoring occurred after we received complaints
concerning criminal activity on a particular computer bulletin
board. The computer bulletin boards were monitored as part of
an official investigation and in accordance with the directives
of the Electronic Communications Privacy Act of 1986 (Title
18 USC 2510)
The procedures used to monitor computer bulletin boards
during an official investigation have involved either the use of
an informant (under the direct supervision of the investigating
agent) or an agent operating in an undercover capacity. In
either case, the informant or agent had received authorization
from the computer bulletin board's owner/operator to access
the system.
We do not keep records of the bulletin boards which we have
monitored but can provide information concerning a particular
board if we are given the name of the board.
Question 3:
Has the Secret Service or someone acting its direction ever
opened an account on a computer bulletin board or network?
Please describe the procedures for opening such an account and
list those bulletin boards or networks on which such accounts
have been opened since January 1988.
Response:
Yes, the U.S. Secret Service has on many occasions, during the
course of a criminal investigation, opened accounts on
computer bulletin boards or networks.
The procedure for opening an account involves asking the
system administrator/operator for permission to access to the
system. Generally, the system administrator/operator will
grant everyone immediate access to the computer bulletin
board but only for lower level of the system. The common
"pirate" computer bulletin boards associated with most of
computer crimes have many different level in their systems.
The first level is generally available to the public and does not
contain any information relation to criminal activity. Only
after a person has demonstrated unique computer skills, been
referred by a known "hacker," or provided stolen long-distance
telephone access codes or stolen credit card account
information, will the system administrator/operator permit a
person to access the higher levels of the bulletin board system
which contains the information on the criminal activity.
As previously reported in our answer for Question 2, we do not
keep records of the computer bulletin boards on which we have
established accounts.
Question 4:
Has the Secret Service os0someone acting under its direction
ever created a computer bulletin board or network that was
offered to the public? Please describe any such bulletin board
or networks.
Response:
No, the U. S. Secret Service has not created a computer bulletin
board nor a network which was offered to members of the
public. We have created an undercover bulletin board which
was offered to a select number of individuals who had
demonstrated an interest in conducting criminal activities.
This was done with the guidance of the U.S. Attorney's office
and was consistent with the Electronic Communications
Privacy Act.
Question 5:
Has the Secret Service ever collected, reviewed or
"downloaded" transmissions or information from any computer
network or bulletin board? What procedures does the Secret
Service have for obtaining information from computer bulletin
boards or networks? Please list the occasions where
information has been obtained since January 1988, including
the identity of the bulletin boards or networks, the type of
information obtained, and how that information was obtained
(was it downloaded, for example).
Response:
Yes, during the course of several investigations, the U. S.
Secret Service has "down loaded" information from computer
bulletin boards. A review of information gained in this manner
(in an undercover capacity after being granted access to the
system by it's system administrator) is performed in order to
determine whether or not that bulletin board is being used to
traffic in unauthorized access codes or to gather other
information of a criminal intelligence nature. At all times,
our methods are in keeping with the procedures as outlined in
the Electronic Communications Privacy Act (ECPA).
If a commercial network was suspected of containing
information concerning a criminal activity, we would obtain
the proper court order to obtain this information in keeping
with the ECPA.
The U. S. Secret Service does not maintain a record of the
bulletin boards we have accessed.
Question 6:
Does the Secret Service employ, or is it considering employing,
any system or program that could automatically review the
contents of a computer file, scan the file for key items,
phrases or data elements, and flag them or recommend further
investigative action? If so, what is the status of any such
system. Please describe this system and research being
conducted to develop it.
Response:
The Secret Service has pioneered the concept of a Computer
Diagnostic Center (CDC) to facilitate the review and
evaluation of electronically stored information. To streamline
the tedious task of reviewing thousands of files per
investigation, we have gathered both hardware and software
tools to assist our search of files for specific information or
characteristics. Almost all of these products are
commercially developed products and are available to the
public. It is conceivable that an artificial intelligence process
may someday be developed and have application to this law
enforcement function but we are unaware if such a system is
being developed.
The process of evaluating the information and making
recommendations for further investigative action is currently
a manual one at our CDC. We process thousands of computer
disks annually as well as review evidence contained in other
types of storage devices (tapes, hard drives, etc.). We are
constantly seeking ways to enhance our investigative mission.
The development of high tech resources like the CDC saved
investigative manhours and assist in the detection of criminal
activity.
Again, thank you for your interest. Should you have any further
questions, we will be happy to address them.
Sincerely,
/s/
John R. Simpson, Director
cc: Honorable Charles E. Schumer
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=- The Empire Times -=-
Volume 1, Issue 2, File 4 of 11
Use The Freedom of Information Act For You
>>> Freedom of Information Kit <<<
The following files are for individuals or organizations who wish to
make an FOIA application to a federal agency.
This kit is also available in printed form. If you wish to obtain the
printed version, please send a check or money order made payable to
FOIA,Inc. for $3.00 to:
FOIA,Inc., P.O. Box 02 2397, Brooklyn, NY 11202-0050.
USING THE FREEDOM OF INFORMATION ACT
The Freedom of Information Act entitles you to request any record
maintained by a federal Executive branch agency. The agency must
release the requested material unless it falls into one of nine exempt
categories, such as "national security," "privacy," "confidential
source" and the like, in which case the agency may but is not compelled
to refuse to disclose the records.
This kit contains all the materials needed to make FOIA requests for
records on an individual, an organization or on a particular subject
matter or event.
1988 EDITION
Fund for Open Information and Accountability, Inc.
P.O. BOX 02 2397, Brooklyn, NY 11202-0050
(212) 477-3188
INSTRUCTIONS
HOW TO MAKE A COMPLETE REQUEST
Step 1: Select and make copies of the sample letter. Fill in the
blanks in the body of the letter. Read the directions printed to the
right margin of the letter in conjunction with the following
instructions:
For individual files: Insert the person's full name in the first blank
space and any variations in spelling, nicknames, stage names, marriage
names, titles and the like in the second space. Unlike other requests,
the signatures of an individual requesting her/his own file must be
notarized.
For organizational files: In the first blank space insert the full and
formal name of the organization whose files you are requesting. In the
second blank space insert any other names, acronyms or shortened forms
by which the organization is or has ever been known or referred to by
itself or others. If some of the organization's work is conducted by
sub-groups such as clubs, committees, special programs or through
coalitions known by other names, these should be listed. There is no
need to notarize signature for organizational requests.
For subject matter or event files: In the first blank space state the
formal title of the subject matter or event including relevant dates and
locations. In the second blank space provide the names of individuals
or group sponsors or participants and/or any other information that
would assist the agency in locating the material you are requesting.
Step 2: The completed sample letter may be removed, photocopied and
mailed as is or retyped on your own stationary. Be sure to keep a copy
of each letter.
Step 3: Addressing the letters: Consult list of agency addresses on
page 7 and 8 of this kit.
FBI: A complete request requires a minimum of two letters. Send one
letter to FBI Headquarters and separate letters to each FBI field office
nearest the location of the individual, the organization or the subject
matter/event. Consider the location of residences, schools, work, and
other activities.
INS: Send a request letter to each district office nearest the location
of the individual, the organization or the subject matter/event.
Address each letter to the FOIA/PA office of the appropriate agency. Be
sure to mark clearly on the envelope:
Attention FOIA Request
FEES
In 1987 a new fee structure went into effect. Each agency has new fee
regulations for search and review time and for duplication of released
documents.
Commercial requesters must pay for search and review time and for
duplication costs.
News Media representatives and Educational and Scientific Institutions
whose purpose is scholarly or scientific research pay for duplication
only. Public Interest groups who can qualify as press, educational, or
scientific institutions will be charged duplication costs only.
All other non-commercial requesters are entitled to up to 100 pages of
free copying and up to 2 hours of free search time. Requesters will
have to pay fees for work that extends beyond those limits unless they
qualify for a fee waiver or reduction (see below).
No fee may be charged if the cost of collection exceeds the fee.
Advanced payment may not be demanded unless a requester has previously
failed to pay on time or the fee exceeds $250.
FEE WAIVER
You will notice that the sample letter includes a request for a fee
waiver with instructions for the agency to refer to an attached sheet.
Fees for all non-commercial requesters, beyond the 2 hours/100
page/automatic waiver described above, may be waived or reduced if the
disclosure of the information is:
"in the public interest because it is likely to contribute significantly
to public understanding of the operations or activities of the
government and is not primarily in the commericial interest of the
requester."
You should always request a waiver or fees if you believe the
information you are seeking will benefit the public. Read the fee
waiver worksheet for non-commercial users included in this kit on page 5
for help in composing a request for a fee waiver. If your request for a
waiver is denied, you should appeal that denial, citing the ways in
which your request meets the standards set in the attached fact sheet.
HOW TO MAKE SURE YOU GET EVERYTHING YOU ARE ENTITLED TO. . .
AND WHAT TO DO IF YOU DON'T
After each agency has searched and processed your request, you will
receive a letter that announces the outcome, encloses the released
documents, if any, and explains where to direct an appeal if any
material has been withheld. There are four possible outcomes:
1. Request granted in full:
This occurs very infrequently. If the response you get indicates that
the agency has released all records pertinent to your request, with no
exclusions or withholdings, you will receive the requested documents
with an agency cover letter, or if bulky, the documents may be mailed
under separate cover.
Next step: Check documents for completeness (see instructions below)
and make an administrative appeal if you find a discrepancy between your
own analysis and that of the agency (see instructions below).
2. Request granted in part and denied in part:
This response indicates that the agency is releasing some material but
has withheld some documents entirely or excized some passages from the
documents released. The released documents may be enclosed or, if
bulky, mailed under separate cover.
Next step: Check documents for completeness (see instructions below)
and make an administrative appeal of denials or incompleteness (see
instructions below).
3. Request denied in full: This response and the denied part response
indicate that the agency is asserting that material in its files
pertaining to your request falls under one of the nine FOIA exemptions.
These are categories of information that the agency may, at its
discretion, refuse to release.
Next step: Make an administrative appeal (see instructions below).
Since FOIA exemptions are not mandatory, even a complete denial of your
request can and should be appealed.
4. No records: This response will state that a search of the agency's
files indicates that it has no records corresponding to those you
requested. Next step: Check your original request to be sure you have
not overlooked anything. If you receive documents from other agencies,
review them for indications that there is material in the files of the
agency claiming it has none. For example, look for correspondence, or
references to correspondence, to or from that agency. If you determine
that there are reasonable grounds, file an administrative appeal (see
instructions below).
HOW TO CHECK DOCUMENTS FOR COMPLETENESS
Step 1: Before reading the documents, turn them over and number the
back of each page sequentially. The packet may contain documents from
the agency's headquarters as well as several field office files.
Separate the documents into their respective office packets. Each of
these offices will have assigned the investigation a separate file
number. Try to find the numbering system. Usually the lower righthand
corner of the first page carries a hand-written file and document
number.
For instance, an FBI document might be marked "100-7142-22." This would
indicate that it is the 22nd document in the 7142nd file in the 100
classification. As you inspect the documents, make a list of these file
numbers and which office they represent. In this way you will be able
to determine which office created and which office received the document
you have in your hand. Often there is a block stamp affixed with the
name of the office from whose files this copy was retrieved. The
"To/From" heading on a document may also give you corresponding file
numbers and will help you puzzle out the origin of the document.
When you have finally identified each document's file and serial number
and separated the documents into their proper office batches, make a
list of all the serial numbers in each batch to see if there are any
missing numbers.
If there are missing serial numbers and some documents have been
withheld, try to determine if the missing numbers might reasonably
correspond to the withheld documents. If they don't, the release may be
incomplete and an administrative appeal should be made.
Step 2: Read all the documents released to you. Keep a list of all
documents referred to in the text, including letters, memos, teletypes,
reports, etc. Each of these "referred to" documents should turn up in
the packet released to you. If any are not in the packet, it is
possible that they are among the documents withheld and a direct inquiry
should be made.
In an administrative appeal, ask that each of these "referred to"
documents be produced or that the agency state plainly that they are
among those withheld. List each "referred to" document separately. The
totals of unproduced vs. witheld must be within reason; that is, if the
total number of unproduced documents you find referred to in the text of
the documents produced exceeds the total number of documents withheld,
the agency cannot claim that all the "referred to" documents are
accounted for by the withheld category. You will soon get the hang of
making logical conclusions from discrepancies in totals and missing
document numbers.
Another thing to look for when reading the released documents is the
names of persons or agencies to whom the document has been disseminated.
The lower left-hand corner is a common location for the typed list of
agencies or offices to whom the document has been directed. In
addition, there may be additional distribution recorded by hand, there
or elsewhere, on the cover page. There are published glossaries for
some agencies that will help in deciphering these notations when they
are not clear. Contact FOIA, Inc. if you need assistance in deciphering
the text.
Finally, any other file numbers that appear on the document should be
noted, particularly if the subject of the file is of interest and is one
you have not requested. You may want to make an additional request for
some of these files.
HOW TO MAKE AN ADMINISTRATIVE APPEAL
Under the FOIA, a dissatisfied requester has the right of administrative
appeal. The name and address of the proper appeal office will be given
to you by each agency in its final response letter.
This kit contains a sample appeal letter with suggestions for adapting
it to various circumstances. However, you need not make such an
elaborate appeal; in fact, you need not offer any reasons at all but
rather simply write a letter to the appeals unit stating that "This
letter constitutes an appeal of the agency's decision." Of course, if
you have identified some real discrepancies, you should set them forth
fully (for example see Step 2 under "How to Check Documents for
Completeness"), but even if you have not found any, you may simply ask
that the release be reviewed. If you are still dissatisfied after the
administrative appeal process, the FOIA gives you the right to bring a
lawsuit in federal district court.
MONITORING THE PROGRESS OF YOUR REQUEST
You should receive a letter from each agency within 10 days stating that
your request has been received and is being processed. You may be asked
to be patient since requests are being handled on a first come first
served basis. The best strategy is to be "reasonably" patient, but
there is no reason to sit complacently and wait for an interminable
period of time.
A good strategy is to telephone the FOIA office in each agency after
about a month if you have received nothing of substance. Ask for a
progress report. Note the name of the person you speak to and what they
say. Continue to call every 4 to 6 weeks.
Good record keeping helps avoid time-consuming and frustrating
confusion. A looseleaf notebook with a section devoted to each request
simplifies this task. At the beginning of the request process,
sometimes it is difficult to foresee what course of action you will want
to take in the future. Keep copies of all correspondence to and from
each agency. They can be inserted between the notes on phone calls so
that all relevant material will be at hand for future use, including
phone consultations, correspondence, newspaper articles, preparation for
media appearances, congressional testimony or litigation.
[NOTE: All the text in braces [] is for your information. Do NOT
include in request]
[NOTE: Start by photocopying several copies of this letter or retype if
you prefer]
SAMPLE REQUEST LETTER FOR ALL AGENCIES
Date:
To: FOIA/PA Unit
[Check box for appropriate agency]
__ FBI Headquarters
__ FBI Field Office
__ Other Agency
This is a noncommerical request under the Freedom of Information and
Privacy Acts. I have attached a sheet setting out my application for a
fee waiver of any fees in excess of those which are provided free
because of my category.
My category for fee and fee waiver purposes is:
(check one)
__ request for personal file;
no search fee and 100 free pages.
__ journalist, academic or scientist;
no search fee and 100 free pages.
__ other non-commerical requester (group or person);
2 hours free search and 100 free pages.
I request a complete and thorough search of all filing systems and
locations for all records maintained by your agency pertaining to and/or
captioned:
____________________________________________________________
____________________________________________________________
____________________________________________________________
including, without limitation, files and documents captioned, or whose
captions include:
[describe records desired and/or insert full and formal name]
____________________________________________________________
____________________________________________________________
____________________________________________________________
This request specifically includes where appropriate "main" files and
"see references," including but not limited to numbered and lettered sub
files and control files. I also request a search of the Electronic
Surveillance (ELSUR) Index, or any similar technique for locating
records of electronic surveillance and the COINTELPRO Index. I request
that all records be produced with the administrative pages. I wish to
be sent copies of "see reference" cards, abstracts, search slips,
including search slips used to process this request, file covers,
multiple copies of the same documents if they appear in a file, tapes of
any electronic surveillance, photographs, and logs of physical
surveillance (FISUR). Please place missing documents on "special
locate."
I wish to make it clear that I want all records in your office
"identifiable with my request," even though reports on those records
have been sent to Headquarters and even though there may be duplication
between the two sets of files. I do not want just "interim" documents.
I want all documents as they appear in the "main" files and "see
references" of all units of your agency.
If documents are denied in whole or in part, please specify which
exemption(s) is(are) claimed for each passage or whole document denied.
Give the number of pages in each document and the total number of pages
pertaining to this request and the dates of documents withheld.
I request that excized material be "blacked out" rather than "whited
out" or cut out and that the remaining non-exempt portions of documents
be released as provided under the Freedom of Information Act.
Please send a memo (with a copy or copies to me) to the appropriate
unit(s) in your office to assure that no records related to this request
are destroyed. Please advise of any destruction of records and include
the date of and authority for such destruction.
As I expect to appeal any denials, please specify the office and address
to which an appeal should be directed.
I can be reached at the phone listed below. Please call rather than
write if there are any questions or if you need additional information
>from me. I expect a response to this request within ten (10) working
days, as provided for in the Freedom of Information Act.
[Have signature notorized ONLY if requesting your own files]
Sincerely,
(Signed)_______________________________________________
Name (print or type):_______________________________
Address:___________________________________________________
___________________________________________________________
Telephone:________________________
Social Security number (optional): _______________________
(for personal files)
Date of Birth:____________________
Place of birth:___________________
(for organization files)
Date of founding:_____________________________________
Place of founding:____________________________________
Address of organization:______________________________
___________________________________________________________
___________________________________________________________
[MARK CLEARLY ON ENVELOPE: FOI/PA REQUEST]
FEE WAIVERS
Fee Waiver Worksheet for Non-Commercial Requesters
All non-commercial requesters are entitled to apply for a fee waiver for
charges in excess of those which are provided free because of
requester's category. Following amendments to the FOIA in October 1986,
the Justice Department issued a memo outlining six criteria to be used
by agencies in determining whether or not to grant fee waivers. Many
Congresspeople dispute the memo's legality, pointing out its invitation
to subjective judgements, and its proclivity to intimidate requesters.
Nevertheless, until the six criteria are eliminated, either by Congress
or court decisions, requesters will have to address them in order to
qualify for a fee waiver.
To apply for a fee waiver, attach a separate sheet of paper to your
request letter explaining in narrative form how your request satisfies
each of the following six criteria.
(1) Explain how the records you are requesting are likely to shed light
on the operations or activities of the government.
(2) Describe how the records you are requesting will contribute to the
understanding of government operations or activities. If the
information being requested is not already in the public domain bring
this fact to the agency's attention.
(3)a. Explain to the agency how the public will ultimately benefit from
the information you are requesting. Legislative history and recent case
law indicate that the "public" is not limited to U.S. public nor must it
be the "public at-large." For example, Representatives English and
Kindness jointly stated during recent Congressional debate, "Public
understanding is enhanced when information is disclosed to the subset of
the public most interested, concerned or affected by a particular action
or matter." Furthermore, District Court Judge Harold Greene in a 1987
opinion involving a request by a Canadian newspaper said, "There is no
requirement in the [FOIA] statute that news media seeking fee waivers
[must] serve the American public exclusively, or even tangentially . . .
an FBI official does not have the authority to amend the law of the
United States by restricting it beyond its plain terms."*
In other words, the public you seek to educate does not have to reside
in the United States, nor is the size of that public relevant to your
entitlement to a fee waiver.
(3)b. Explain to the agency your qualifications (educational, work
experience, etc.) for understanding the requested information and
outline your ability and intention to disseminate the information once
it has been obtained.
You might want to cite any of the following activities in order to
demonstrate your ability and intention to disseminate information to the
public: writing newspaper or scholarly articles, writing books,
granting interviews, public speaking engagements, preparing
Congressional testimony, producing pamphlets, videos, film, radio
programs, etc.
(4) The Justice Department memo stipulates that the contribution to
public understanding must be "significant." What constitutes a
"significant" contribution is clearly susceptible to subjective
interpretation. However, we suggest that you make reference to current
news stories, efforts to correct the historical record or expose
government or corporate fraud or threats to public health and safety.
Broadly speaking, any information that would enable the public to hold
the government accountable for any of its operations or activities can
be persuasively argued to be a "significant" contribution to public
understanding.
(5) and (6) Explain to the agency (if it is the case) that any
commercial interest that will be furthered by the requested records is
not the primary interest when compared to the public interest that will
be served. For example, if the information is requested pursuant to the
publication of a book, you should explain (if it is the case) that this
book is not destined to become a bestseller because of topic, publisher,
or anticipated audience, etc.
News media representatives, scholars or scientists, should make requests
for documents and fee waivers on the appropriate institutional
letterhead. Similarly, requests for organizational files should be made
on the appropriate letterhead.
You have a right to file an administrative appeal if you receive an
adverse decision regarding either your fee category or fee waiver
request. The letter containing the adverse decision will tell you to
whom you should direct the appeal.
------
* Joint statement by Reps. English and Kindness, Congressional Record,
H-9464, October 8, 1986; Judge Greene's opinion in Southam News v. INS.
(Civ. No. 85-2721, D.D.C., November 9, 1987).
SAMPLE ADMINISTRATIVE APPEAL LETTER
Date:
To: FOIA/PA Appeals Office RE: Request number [Add
this if the agency has given your request a number]
This is an appeal pursuant to subsection (a)(6) of the Freedom of
Information Act as amended (5 U.S.C. 552).
On [date] I received a letter from [name of official] of your agency
denying my request for [describe briefly the information your are
after]. This reply indicated that an appeal letter could be sent to
you. I am enclosing a copy of my exchange of correspondence with your
agency so that you can see exactly what files I have requested and the
insubstantial grounds on which my request has been denied.
[Insert following paragraph if the agency has withheld all or nearly all
the material which has been requested]
You will note that your agency has withheld the entire (or nearly
entire) document that I requested. Since the FOIA provides that "any
reasonably segregable portion of a record shall be provided to any
person requesting such record after deletion of the portions which are
exempt," I believe that your agency has not complied with the FOIA. I
believe that there must be (additional) segregable portions which do not
fall within the FOIA exemptions and which must be released.
[Insert following paragraph if the agency has used the (b)(1) exemption
for national security purposes to withhold information]
Your agency has used the (b)(1) exemption to withhold information. [I
question whether files relating to events that took place over twenty
years ago could realistically harm the national security.] [Because I am
familiar with my own activities during the period in question, and know
that none of these activities in any way posed a significant threat to
the national security, I question the designation of my files or
portions of my file as classified and exempt from disclosure because of
national security considerations.]
[Sample optional arguments to be used if the exemption which is claimed
does not seem to make sense; you should cite as many specific instances
as you care to of items withheld from the documents that you have
received. We provide two examples which you might want to adapt to your
own case.]
"On the memo dated______the second paragraph withheld under the (b)(1)
exemption appears to be describing a conversation at an open meeting.
If this is the case, it is impossible that the substance of this
conversation could be properly classified." Or, "The memo dated____
refers to a meeting which I attended, but a substantial portion is
deleted because of the (b)(6) and (b)(7)(c) exemptions for unwarranted
invasions of personal privacy. Since I already know who attended this
meeting, no privacy interest is served by the withholding."
I trust that upon examination of my request, you will conclude that the
records I have requested are not properly covered by exemption(s)____
[insert the exemption(s) which the agency's denial letter claimed
applied to your request] of the amended FOIA, and that you will overrule
the decision to withhold the information.
[Insert following paragraph if an itemized inventory was not supplied by
the agency]
If you choose to continue to withhold some or all of the material which
was denied in my initial request to your agency, I ask that you give me
an index of such material, together with the justification for the
denial of each item which is still withheld.
As provided in the Freedom of Information Act, I will expect to receive
a reply to this adminstrative appeal letter within twenty (20) working
days.
If you deny this appeal and do not adequately explain why the material
withheld is properly exempt, I intend to initiate a lawsuit to compel
its disclosure. [You can say that you intend to sue if that is your
present inclination even though you may ultimately decide not to file
suit.]
Sincerely,
name:
address:
signature:
[MARK CLEARLY ON ENVELOPE:
ATTENTION: FREEDOM OF INFORMATION APPEALS]
FUND FOR OPEN INFORMATION AND ACCOUNTABILITY, INC.
P.O. BOX O2 2397, BROOKLYN, NY 11202-0050
FOIA/PA ADDRESSES FOR SELECTED FEDERAL AGENCIES
Administrative Office of the U.S. Courts
Washington, D.C. 20544
(202) 633-6117
Bureau of Prisons
320 1st St., NW
Washington, D.C. 20534
(202) 724-3198
Central Intelligence Agency
Information and Privacy Coordinator
Washington, D.C. 20505
Civil Service Commission
Appropriate Bureau:
___ Bureau of Personnel Investigation,
___ Bureau of Personnel
___ Information Systems
Civil Service Commission
1900 E Street, N.W.
Washington, D.C. 20415
(202) 632-4431
Commission on Civil Rights
General Counsel, U.S. Commission on Civil Rights
1121 Vermont Ave., N.W., Rm. 600
Washington, D.C. 20405
(202) 376-8177
Consumer Producet Safety Commission
1111 18th St., N.W.
Washington, D.C. 20207
(301) 492-6580
Defense Intelligence Agency
The Pentagon
Washington, D.C. 20301-6111
(202) 697-8844
Department of Defense/Department of the Air Force
Freedom of Information Manager
Headquarters, USAF/DADF
Washington, D.C. 20330-5025
(202) 545-6700
Department of Defense/Department of the Army
General Counsel
Secretary of the Army
The Pentagon, Rm. 2E727
Washington, D.C. 20310
(202) 545-6700
Department of Defense/ Marine Corps
Commandant of the Marine Corps
Department of the Navy
Headquarters, Marine Corps
Washington, D.C. 20380-0001
(202) 694-2500
Department of Defense/ Dept. of the Navy
Chief of Naval Operations
OP 09 B30
Pentagon, Rm. 5E521
Washington, D.C. 20350-2000
(202) 545-6700
Department of Energy
1000 Independence Ave., S.W.
Washington, D.C. 20585
(202) 252-5000
Department of Justice/
General Administration
__ Civil Rights Division,
__ Antitrust Division,
__ Drug Enforcement Administration
__ Immigration and Naturalization Service
FOIA/ Privacy Act Unit
Department of Justice
Constitution Ave. & 10th St., N.W.
Washington, D.C. 20530
(202)633-2000
Department of Labor
200 Constitution Ave., N.W.
Washington, D.C. 20210
(202) 523-8165
Department of State
Director, Freedom of Information Bureau
for Public Administration
Department of State, Rm 239
2201 C St., N.W.
Washington, D.C. 20520
(202) 647-3411
Department of the Treasury
Internal Revenue Service
1111 Constitution Ave., N.W.
Washington, D.C. 20224
(202) 566-5000
(Consult phone book for regional offices)
Environmental Protection Agency
Freedom of Information Office A101
Room 1132 West Tower
401 M St., S.W.
Washington, D.C. 20460
(202) 382-4048
Equal Employment Opportunities Comm.
Office of Legal Services
2401 E St., N.W., Rm. 214
Washington, D.C. 20507
Attn. Richard Roscio, Assc. Legal Counsel
(202) 634-6922
Federal Communications Commission
1919 M St., N.W.
Washington, D.C. 20554
(202) 254-7674
Food and Drug Administration
5600 Fishers Lane
Rockville, MD 20857
(301) 443-1544
Health and Human Services
200 Independence Ave., S.W.
Washington, D.C. 20201
Housing and Urban Development
451 Seventh St., S.W.
Washington, D.C. 20410
(202) 755-6420
National Aeronautics & Space Administration
400 Maryland Ave, S.W.
Washington, D.C. 20546
(202) 453-1000
National Archives and Records Service
Pennsylvania Ave. at 8th St., N.W.
Washington, D.C. 20408
(202) 523-3130
National Labor Relations Board
1717 Pennsylvania Ave., N.W.
Washington, D.C. 20570
(202) 632-4950
National Security Agency
Ft. George G. Meade, MD 20755-6000
(301) 688-6311
National Security Council
Old Executive Bldg.
17th & Pennsylvania Ave., N.W.
Washington, D.C. 20506
Attn. Brenda Reger
(202) 395-3103
Nuclear Regulatory Commission
Director, Office of Administration
Washington, D.C. 20555
(202) 492-7715
Secret Service
U.S. Secret Service
1800 G St., N.W.
Washington, D.C. 20223
Attn. FOIA/ Privacy Office
(202) 634-5798
Securities and Exchange Commission
450 5th St., N.W.
Washington, D.C. 20549
(202) 272-2650
U.S. Customs Service
1301 Constitution Ave., N.W.
Washington, D.C. 20229
(202) 566-8195
U.S. Agency for International Development
320 21st. St., N.W.
Washington, D.C. 20532
(202) 632-1850
U.S. Office of Personnel Management
1900 E St., N.W.
Washington, D.C. 20415
(202) 632-5491
U.S. Postal Service Records Office
475 L'Enfant Plaza, S.W.
Washington, D.C. 20260-5010
(202) 245-5568
Veterans Administration
810 Vermont Ave., N.W.
Washington, D.C. 20420
(202) 389-2741
[2/88]
Federal Bureau of Investigation
Offices where files are held
Albany, NY 12207 Memphis, TN 38103
502 U.S. Post Office and Courthouse 67 N. Main St
518-465-7551 901-525-7373
Albuquerque, NM 87102 Miami, FL 33137
301 Grand Ave. NE 3801 Biscayne Blvd
505-247-1555 305-573-3333
Alexandria, VA 22314 Milwaukee, WI 53202
300 N. Lee St 517 E. Wisconsin Ave
703-683-2680 414-276-4684
Anchorage, AK 99513 Minneapolis, MN 55401
701 C St 392 Federal Bldg
907-276-4441 612-339-7861
Atlanta, GA 30302 Mobile, AL 36602
275 Peachtree St. NE 113 St. Joseph St
404-521-3900 205-438-3674
Baltimore, MD 21207 Newark, NJ 07102
7142 Ambassador Rd Gateway 1, Market St
301-265-8080 201-622-5613
Birmingham, AL 35203 New Haven, CT 06510
Room 1400, 2121 Bldg 150 Court St
205-252-7705 203-777-6311
Boston, MA 02203 New Orleans, LA 70112
John F. Kennedy Federal Office Bldg 1250 Poydras St., Suite 2200
617-742-5533 504-522-4670
Buffalo, NY 14202 New York, NY 10278
111 W. Huron St 26 Federal Plaza
716-856-7800 212-553-2700
Butte, MT 59702 Norfolk, VA 23510
U.S. Courthouse and Federal Bldg 200 Granby Mall
406-792-2304 804-623-3111
Charlotte, NC 28210 Oklahoma City, OK 73118
6010 Kenley Lane 50 Penn Pl
704-529-1030 405-842-7471
Chicago, IL 60604 Omaha, NE 68102
219 S. Dearborn St 215 N. 17th St
312-431-1333 402-348-1210
Cincinnati, OH 45205 Philadelphia, PA
50 Main St 600 Arch St
513-421-4310 215-629-0800
Cleveland, OH 44199 Phoenix, AZ 85012
1240 E. 9th St 201 E. Indianola
216-522-1400 602-279-5511
Columbia, SC 29201 Pittsburgh, PA
1529 Hampton St 1000 Liberty Ave
803-254-3011 412-471-2000
Dallas, TX 75202 Portland, OR 97201
1801 N. Lamar 1500 SW 1st Ave
214-741-1851 503-224-4181
Denver, CO 80202 Quantico, VA 22135
Federal Office Bldg FBI Academy
303-629-7171 703-640-6131
Detroit, MI 48226 Richmond, VA 23220
477 Michigan Ave 200 W. Grace St
313-965-2323 804-644-2631
El Paso, TX 79901 Sacramento, CA 95825
202 U.S. Courthouse Bldg 2800 Cottage Way
915-533-7451 916-481-9110
Honolulu, HI 96850 St. Louis, MO 63103
300 Ala Moana Blvd 1520 Market St
808-521-1411 314-241-5357
Houston, TX 77002 Salt Lake City, UT 84138
515 Rusk Ave 125 S. State St
713-224-1511 801-355-8584
Indianapolis, IN 46204 San Antonio, TX 78206
575 N. Pennsylvania St 615 E. Houston
317-639-3301 512-225-6741
Jackson, MS 39264 San Diego, CA 92188
100 W. Capitol St 880 Front St
601-948-5000 619-231-1122
Jackonsville, FL 32211 San Francisco, CA 94102
7820 Arlington Expressway 450 Golden Gate Ave
904-721-1211 415-552-2155
Kansas City, MO 64106 San Juan, PE 00918
300 U.S. Courthouse Bldg Hato Rey, PR
816-221-6100 809-754-6000
Knoxville, TN 37919 Savannah, GA 31405
1111 Northshore Dr 5401 Paulsen St
615-588-8571 912-354-9911
Las Vegas, NV 89101 Seattle, WA 98174
Las Vegas Blvd. S 915 2nd Ave
702-385-1281 206-622-0460
Little Rock, AR 72201 Springfield, IL 62702
215 U.S. Post Office Bldg 535 W. Jefferson St
501-372-7211 217-522-9675
Los Angeles, CA 90024 Tampa, FL 33602
11000 Wilshire Blvd 500 Zack St
213-477-6565 813-228-7661
Louisville, KY 40202 Washington, DC 20401
600 Federal Pl 1900 Half St. SW
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=- The Empire Times -=-
Volume 1, Issue 2, File 5 of 10
The Empire Times Presents
Carding in The 90's
By Mustang
False
------
Carders are out to phuck people over, By charging vast
amounts of money to there credit Cards.
True
----
Carders are really trying to fuck up the government, by making
charges that people refuse to pay and the government has to pick
up the tab.
Now we all know the dangers of carding, but this file is dedicated to
showing you the ways to get by these problems. If any problem is not
written in this file or there is something that is wrong E-mail me on
Empire or other fine boards.
Traces-Even though it's a long shot that the store has a trace, never
ever call from home. Use a payphone or public phone.
Always know exactly what you want, So you cann make your order fast
and easy. Try and use a deep voice when calling a store that way they
belive it is a adult. Always use a drop point and never your own home.
Know you already have the card number and name. Now pick up the pay
phone and call a store.
Store Clerk- Hects, Can I help you?
Carder- Yes can you please conect me with the BLAH BLAH department.
Store Clerk- Please hold.
Department Clerk- BLAH BLAH department can I help you?
Carder- Yes I would like to order by credit card one BLAH BLAH.
Department Clerk- Ok... I will need your credit card number.
Carder- American Express, Number xxxxxxxxxxxxxxxx.
Departmen Clerk- Ok... Now what's your name.
Carder- My name is JOHN DOE.
Department Clerk- What's your experation date?
Car
der- Me experation date is BLAH BLAH.
Department Clerk- Please hold while I cheack to see if the info is valid.
Department Clerk- Everything checks out.
Carder- (Sigh) Can I have that deliverd to my home?
Department Clerk- Yes, What's your address?
Carder- My addrress is BLAH BLAH.
Department Clerk- Thank You it's should arrive in a few weeks.
Carder- Thanks alot.
CLICK
Its as easy as that. Next you have to pick up the stuff you orderd
at your drop site. Now if you read the above you know that sending
a dilevery to your own home is fucking stupid. So what you do is go
out into your naborhood and find a nice little house for sale.
Then when you order somthing give the address. Now when the UPS man
comes here is a good story to tell him.
UPS Man- Dose BLAH BLAH live here.
Carder- She used to but moved out last week, she told me to pick up
any mail that came to the house and foward it to here.
UPS Man- Ok can you please sign here.
Carder- Sure, Thank You.
Now you have the delivery. (Note, Never put your real name down on
the sign in sheet. Now find a good place to hide the goods for about
a Two days just so now one get suspiciuos then take it home and have
a ball.
Geting Credit Card Numbers.
There are many ways of doing this. I will just name a few.
Trashing- Going through trash looking for numbers.
Looking around ATM- machines for those little cards that have
thecard number on them.
Using Programs- That spit out card numbers.
And then my favorte is a system written by Saturday Knight, This
file can be found on any Elite BBs, it's called AMEX.zip.
Well that's alll I have to say about carding for this issue.
And remember Don't card just for fun becase that's how you get busted.
I would like to thank The following:
-----------------------------------
Dameon- For helping me get started.
Cultish Person- For showing how not to be a good user.
Alby - For all his help.
=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=- The Empire Times -=-
Volume 1, Issue 2, File 6 of 11
Specs On Caller ID
This is a copy of the data sheet picked up at the Rockwell
booth at the COMDEX show.
INTRODUCTION
Calling Number Delivery (CND), better known as Caller ID, is a
telephone service intended for residential and small business
customers. It allows the called Customer Premises Equipment
(CPE) to receive a calling party's directory number and the date
and time of the call during the first 4 second silent interval in
the ringing cycle. The customer must contact a Bellcore Client
Company to initiate CND service.
According to Pacific Bell representatives, the following states
and district currently support CND service: Delaware, District
of Columbia, Florida, Georgia, Idaho, Kentucky, Louisiana, Maine,
Maryland, Nebraska, Nevada, New Jersey, Oklahoma, Tennessee,
Vermont, Virginia, and West Virginia.
The following states are scheduled to support CND service by
April, 1992: Alaska, Arizona, California, Colorado, Illinois,
Indiana, Iowa, Massachusetts, Mississippi, New Hampshire, New
York, North Carolina, North Dakota, Ohio, Oregon, Rhode Island,
and South Carolina.
PARAMETERS
The data signalling interface has the following characteristics:
Link Type: 2-wire, simplex
Transmission Scheme: Analog, phase-coherent FSK
Logical 1 (mark) 1200 +/- 12 Hz
Logical 0 (space) 2200 +/- 22 Hz
Transmission Rate: 1200 bps
Transmission Level: 13.5 +/- dBm into 900 ohm load
(I have copied this data as presented. I believe the
transmission level is meant to be -13.5 dBm.)
PROTOCOL
The protocol uses 8-bit data words (bytes), each bounded by a
start bit and a stop bit. The CND message uses the Single Data
Message format shown below.
Channel Carrier Message Message Data Checksum
Seizure Signal Type Length Word(s) Word
Signal Word Word
CHANNEL SEIZURE SIGNAL
The channel seizure is 30 continuous bytes of 55h (01010101)
providing a detectable alternating function to the CPE (i.e. the
modem data pump).
CARRIER SIGNAL
The carrier signal consists of 130 +/- 25 mS of mark (1200 Hz) to
condition the receiver for data.
MESSAGE TYPE WORD
The message type word indicates the service and capability
associated with the data message. The message type word for CND
is 04h (00000100).
MESSAGE LENGTH WORD
The message length word specifies the total number of data words
to follow.
DATA WORDS
The data words are encoded in ASCII and represent the following
information:
o The first two words represent the month
o The next two words represent the day of the month
o The next two words represent the hour in local military time
o The next two words represent the minute after the hour
o The calling party's directory number is represented by the
remaining words in the data word field
If the calling party's directory number is not available to the
terminating central office, the data word field contains an ASCII
"O". If the calling party invokes the privacy capability, the
data word field contains an ASCII "P".
CHECKSUM WORD
The Checksum Word contains the twos complement of the modulo 256
sum of the other words in the data message (i.e., message type,
message length, and data words). The receiving equipment may
calculate the modulo 256 sum of the received words and add this
sum to the reveived checksum word. A result of zero generally
indicates that the message was correctly received. Message
retransmission is not supported.
EXAMPLE CND SINGLE DATA MESSAGE
An example of a received CND message, beginning with the message
type word, follows:
04 12 30 39 33 30 31 32 32 34 36 30 39 35 35 35 31 32 31 32 51
04h= Calling number delivery information code (message type word)
12h= 18 decimal; Number of data words (date,time, and directory
number words)
ASCII 30,39= 09; September
ASCII 33,30= 30; 30th day
ASCII 31,32= 12; 12:00 PM
ASCII 32,34= 24; 24 minutes (i.e., 12:24 PM)
ASCII 36,30,39,35,35,35,31,32,31,32= (609) 555-1212; calling
party's directory number
51h= Checksum Word
DATA ACCESS ARRANGEMENT (DAA) REQUIREMENTS
To receive CND information, the modem monitors the phone line
between the first and second ring bursts without causing the DAA
to go off hook in the conventional sense, which would inhibit the
transmission of CND by the local central office. A simple
modification to an existing DAA circuit easily accomplishes the
task.
(I will mail the Rockwell data sheet, which includes the
suggested schematic diagram.)
MODEM REQUIREMENTS
Although the data signalling interface parameters match those of
a Bell 202 modem, the receiving CPE need not be a Bell 202
modem. A V.23 1200 bps modem receiver may be used to demodulate
the Bell 202 signal. The ring indicate bit (RI) may be used on a
modem to indicate when to monitor the phone line for CND
information. After the RI bit sets, indicating the first ring
burst, the host waits for the RI bit to reset. The host then
configures the modem to monitor the phone line for CND
information.
(I'm skipping some Rockwell-specific information here.)
According to Bellcore specifications, CND signalling starts as
early as 300 mS after the first ring burst and ends at least 475
mS before the second ring burst
APPLICATIONS
Modem manufacturers will soon be implementing new modem features
based on CND information as this service becomes widely
available.
Once CND information is received the user may process the
information in a number of ways.
1. The date, time, and calling party's directory number can be
displayed.
2. Using a look-up table, the calling party's directory number
can be correlated with his or her name and the name
displayed.
3. CND information can also be used in additional ways such as
for:
a. Bulletin board applications
b. Black-listing applications
c. Keeping logs of system user calls, or
d. Implementing a telemarketing data base
REFERENCES
For more information on Calling Number Delivery (CND), refer to
Bellcore publications TR-TSY-000030 and TR-TSY-000031.
To obtain Bellcore documents contact:
Bellcore Customer Service
60 New England Avenue, Room 1B252
Piscataway, NJ 08834-4196
(908) 699-5800
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=- The Empire Times -=-
Volume 1, Issue 2, File 7 of 11
``Foiling the Cracker''
A Survey of, and Improvements to, Password Security
This work was sponsored in part by the U.S. Department of Defense.
Daniel V. Klein
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15217
dvk@sei.cmu.edu
+1 412 268 7791
With the rapid burgeoning of national and international networks, the
question of system security has become one of growing importance. High speed
inter-machine communication and even higher speed computational processors
have made the threats of system ``crackers,'' data theft, data corruption
very real. This paper outlines some of the problems of
current password security by demonstrating the ease by which individual
accounts may be broken. Various techniques used by crackers are outlined,
and finally one solution to this point of system vulnerability, a proactive
password checker, is proposed.
Introduction
The security of accounts and passwords has always been a concern for the
developers and users of Unix.
When Unix was younger, the password encryption algorithm was a simulation of
the M-209 cipher machine used by the U.S. Army during World War II.
Robert T. Morris
Ken Thompson
Password Security: A Case History
Communications of the ACM
22
11
594-597
November 1979
Morris1979
This was a fair encryption mechanism in that it was difficult to invert under
the proper circumstances, but suffered in that it was too fast an algorithm.
On a PDP-11/70, each encryption took approximately 1.25ms, so that it was
possible to check roughly 800 passwords/second. Armed with a dictionary of
250,000 words, a cracker could compare their encryptions with those all stored
in the password file in a little more than five minutes. Clearly, this was a
security hole worth filling.
In later (post-1976) versions of Unix, the DES algorithm
Proposed Federal Information Processing Data Encryption Standard
Federal Register (40FR12134)
March 17, 1975
DES1975 was used to encrypt passwords. The user's password is used as the DES
key, and the algorithm is used to encrypt a constant. The algorithm is
iterated 25 times, with the result being an 11 character string plus a
2-character ``salt.'' This method is similarly difficult to decrypt (further
complicated through the introduction of one of 4096 possible salt values) and
had the added advantage of being slow. On a \(*mVAX-II (a machine substant-
ially faster than a PDP-11/70), a single encryption takes on the order of
280ms, so that a determined cracker can only check approximately 3.6
encryptions a second.
Checking this same dictionary of 250,000 words would now take over 19
hours of CPU time. Although this is still not very much time to break
a single account, there is no guarantee that this account will use one of
these words as a password. Checking the passwords on a system with 50
accounts would take on average 40 CPU days (since the random selection
of salt values practically guarantees that each user's password will be
encrypted with a different salt), with no guarantee of success. If this new,
slow algorithm was combined with the user education needed to prevent the
selection of obvious passwords, the problem seemed solved.
Regrettably, two recent developments and the recurrence of an old one have
brought the problem of password security back to the fore.
CPU speeds have gotten increasingly faster since 1976, so much so that
processors that are 25-40 times faster than the PDP-11/70 (e.g., the
DECstation 3100 used in this research) are readily
available as desktop workstations. With inter-networking, many sites have
hundreds of the individual workstations connected together, and enterprising
crackers are discovering that the ``divide and conquer'' algorithm can
be extended to multiple processors, especially at night when those processors
are not otherwise being used. Literally thousands of times the computational
power of 10 years ago can be used to break passwords.
New implementations of the DES encryption algorithm have been developed, so
that the time it takes to encrypt a password and compare the encryption
against the value stored in the password file has dropped below the 1ms mark.
Matt Bishop
An Application of a Fast Data Encryption Standard Implementation
Computing Systems
1
3
221-254
Summer 1988
Bishop1988
David C. Feldmeier
Philip R. Karn
UNIX Password Security \- Ten Years Later
CRYPTO Proceedings
Summer 1989
Feldmeier1989
On a single workstation, the dictionary of 250,000 words can once
again be cracked in under five minutes. By dividing the work across multiple
workstations, the time required to encrypt these words against all 4096 salt
values could be no more than an hour or so. With a recently described
hardware implementation of the DES algorithm, the time for each encryption
can be reduced to approximately 6 ms.
Philip Leong
Chris Tham
UNIX Password Encryption Considered Insecure
USENIX Winter Conference Proceedings
January 1991
Leong1991
This means that this same dictionary can be be cracked in only 1.5 seconds.
Users are rarely, if ever, educated as to what are wise choices for
passwords. If a password is in a dictionary, it is extremely vulnerable to
being cracked, and users are simply not coached as to ``safe'' choices for
passwords. Of those users who are so educated, many think that simply
because their password is not in /usr/dict/words, it is safe from
detection. Many users also say that because they do not have any private
files on-line, they are not concerned with the security of their account,
little realizing that by providing an entry point to the system they allow
damage to be wrought on their entire system by a malicious cracker.
Because the entirety of the password file is readable by all users, the
encrypted passwords are vulnerable to cracking, both on-site and off-site.
Many sites have responded to this threat with a reactive solution \- they
scan their own password files and advise those users whose passwords they are
able to crack. The problem with this solution is that while the local site
is testing its security, the password file is still vulnerable from the
outside. The other problems, of course, are that the testing is very time
consuming and only reports on those passwords it is able to crack. It does
nothing to address user passwords which fall outside of the specific test
cases (e.g., it is possible for a user to use as a password the letters
``qwerty'' \- if this combination is not in the in-house test dictionary, it
will not be detected, but there is nothing to stop an outside cracker from
having a more sophisticated dictionary!).
Clearly, one solution to this is to either make /etc/passwd unreadable,
or to make the encrypted password portion of the file unreadable. Splitting
the file into two pieces \- a readable /etc/passwd with all but the
encrypted password present, and a ``shadow password'' file that is only
readable by root is the solution proposed by Sun Microsystems (and
others) that appears to be gaining popularity. It seems, however, that this
solution will not reach the majority of non-Sun systems for quite a while,
nor even, in fact, many Sun systems, due to many sites'
reluctance to install new releases of software.
The problem of lack of password security is not just endemic to Unix. A
recent Vax/VMS worm had great success by simply trying the username as the
password. Even though the VMS user authorization file is inaccessible to
ordinary users, the cracker simply tried a number of ``obvious'' password
choices \- and easily gained access.
What I propose, therefore, is a publicly available \fIproactive\fR password
checker, which will enable users to change their passwords, and to
check a priori whether the new password is ``safe.'' The criteria for
safety should be tunable on a per-site basis, depending on the degree of
security desired. For example, it should be possible to specify a minimum
length password, a restriction that only lower case letters are not allowed,
that a password that looks like a license plate be illegal, and so on.
Because this proactive checker will deal with the pre-encrypted passwords, it
will be able to perform more sophisticated pattern matching on the password,
and will be able to test the safety without having to go through the effort of
cracking the encrypted version. Because the checking will be done
automatically, the process of education can be transferred to the machine,
which will instruct the user \fIwhy\fR a particular choice of password is bad.
Password Vulnerability
It has long been known that all a cracker need do to acquire access to a
Unix machine is to follow two simple steps, namely:
Acquire a copy of that site's /etc/passwd file, either through an
unprotected uucp link, well known holes in sendmail, or via
ftp or tftp.
Apply the standard (or a sped-up) version of the password encryption
algorithm to a collection of words, typically /usr/dict/words plus some
permutations on account and user names, and compare the encrypted results to
those found in the purloined /etc/passwd file.
If a match is found (and often at least one will be found), the
cracker has access to the targeted machine. Certainly, this mode of attack
has been known for some time,
Eugene H. Spafford
The Internet Worm Program: An Analysis
Purdue Technical Report CSD-TR-823
Purdue University
November 29, 1988
Spafford1988
and the defenses against this attack have also
long been known. What is lacking from the literature is an accounting of
just how vulnerable sites are to this mode of attack. In short, many people know that there is a problem, but few people believe it applies to them.
``There is a fine line between helping
administrators protect their systems and providing a cookbook for bad guys.''
F. Grampp
R. Morris
Unix Operating System Security
AT&T Bell Labs Technical Journal
63
8
1649-1672
October 1984
Grampp1984
The problem here, therefore, is how to divulge useful information on the
vulnerability of systems, without providing too much information, since
almost certainly this information could be used by a cracker to break into
some as-yet unviolated system.
Most of the work that I did was of a
general nature \- I did not focus on a particular user or a
particular system, and I did not use any personal information that might be
at the disposal of a dedicated ``bad guy.'' Thus any results which I have
been able to garner indicate only general trends in password usage, and
cannot be used to great advantage when breaking into a particular system. This
generality notwithstanding, I am sure that any self-respecting cracker would
already have these techniques at their disposal, and so I am not bringing to
light any great secret. Rather, I hope to provide a basis for protection for
systems that can guard against future attempts at system invasion.
The Survey and Initial Results
In October and again in December of 1989, I asked a number of friends and
acquaintances around the United States and Great Britain to participate
in a survey. Essentially what I asked them to do was to mail me a copy of
their /etc/passwd file, and I would try to crack their passwords (and
as a side benefit, I would send them a report of the vulnerability of their
system, although at no time would I reveal individual passwords nor even of
their sites participation in this study). Not surprisingly, due to the
sensitive nature of this type of disclosure, I only received a small fraction
of the replies I hoped to get, but was nonetheless able to acquire a database
of nearly 15,000 account entries. This, I hoped, would provide a
representative cross section of the passwords used by users in the community.
Each of the account entries was tested by a number of intrusion strategies,
which will be covered in greater detail in the following section. The
possible passwords that were tried were based on the user's name or account
number, taken from numerous dictionaries (including some containing
foreign words, phrases, patterns of keys on the keyboard, and enumerations),
and from permutations and combinations of words in those dictionaries.
All in all, after nearly 12 CPU months of rather exhaustive testing,
approximately 25% of the passwords had been guessed. So that you do not
develop a false sense of security too early, I add that 21% (nearly 3,000
passwords) were guessed in the first week, and that in the first 15
minutes of testing, 368 passwords (or 2.7%) had been cracked using what
experience has shown
would be the most fruitful line of attack (i.e., using the user or
account names as passwords). These statistics are
frightening, and well they should be. On an average system with 50
accounts in the /etc/passwd file, one could expect the first account to
be cracked in under 2 minutes, with 5\-15 accounts being cracked by the end of
the first day. Even though the \fBroot\fR account may not be cracked, all it
takes is one account being compromised for a cracker to establish a toehold
in a system. Once that is done, any of a number of other well-known security
loopholes (many of which have been published on the network) can be used to
access or destroy any information on the machine.
It should be noted that the results of this testing do not give us any
indication as to what the \fIuncracked\fR passwords are. Rather, it only
tells us what was essentially already known \- that users are likely to use
words that are familiar to them as their passwords.
Bruce L. Riddle
Murray S. Miron
Judith A. Semo
Passwords in Use in a University Timesharing Environment
Computers & Security
8
7
569-579
November 1989
Riddle1989
What new information it did provide, however, was the \fIdegree\fR of
vulnerability of the systems in question, as well as providing a basis for
developing a proactive password changer \- a system which pre-checks a
password before it is entered into the system, to determine whether that
password will be vulnerable to this type of attack. Passwords which can be
derived from a dictionary are clearly a bad idea,
Ana Marie De Alvare
E. Eugene Schultz, Jr.
A Framework for Password Selection
USENIX UNIX Security Workshop Proceedings
August 1988
Alvare1988
and users should be
prevented from using them. Of course, as part of this censoring process,
users should also be told why their proposed password is not good, and
what a good class of password would be.
As to those passwords which remain unbroken, I can only conclude that these
are much more secure and ``safe'' than those to be found in my dictionaries.
One such class of passwords is word pairs, where a password consists of two
short words, separated by a punctuation character. Even if only words of
3 to 5 lower case characters are considered, /usr/dict/words provides
3000 words for pairing. When a single intermediary punctuation character is
introduced, the sample size of 90,000,000 possible passwords is rather
daunting. On a DECstation 3100, testing each of these passwords against that
of a single user would require over 25 CPU hours \- and even then, no
guarantee exists that this is the type of password the user chose.
Introducing one or two upper case characters into the password raises the
search set size to such magnitude as to make cracking untenable.
Another ``safe'' password is one constructed from the initial letters of an
easily remembered, but not too common phrase. For example, the phrase ``Unix
is a trademark of Bell Laboratories'' could give rise to the password
``UiatoBL.'' This essentially creates a password which is a random string of
upper and lower case letters. Exhaustively searching this list at 1000 tests
per second with only 6 character passwords would take nearly 230 CPU
days. Increasing the phrase size to 7 character passwords makes the
testing time over 32 CPU years \- a Herculean task that even the most
dedicated cracker with huge computational resources would shy away from.
Thus, although I don't know what passwords were chosen by those users I was
unable to crack, I can say with some surety that it is doubtful that anyone
else could crack them in a reasonable amount of time, either.
Method of Attack
A number of techniques were used on the accounts in order to determine if the
passwords used for them were able to be compromised. To speed up testing,
all passwords with the same salt value were grouped together. This way, one
encryption per password per salt value could be performed, with multiple
string comparisons to test for matches. Rather than considering 15,000
accounts, the problem was reduced to 4,000 salt values. The password tests
were as follows:
Try using the user's name, initials, account name, and other relevant
personal information as a possible password. All in all, up to 130 different
passwords were tried based on this information. For an account name
klone with a user named ``Daniel V. Klein,'' some of the passwords that
would be tried were: klone, klone0, klone1, klone123, dvk, dvkdvk, dklein,
DKlein, leinad, nielk, dvklein, danielk, DvkkvD, DANIEL-KLEIN, (klone),
KleinD, etc.
Try using words from various dictionaries. These included lists of men's and
women's names (some 16,000 in all); places (including permutations so that
``spain,'' ``spanish,'' and ``spaniard'' would all be considered); names of
famous people; cartoons and cartoon characters; titles, characters, and
locations from films and science fiction stories; mythical creatures
(garnered from Bulfinch's mythology and dictionaries of mythical beasts);
sports (including team names, nicknames, and specialized terms); numbers
(both as numerals \- ``2001,'' and written out \- ``twelve''); strings of
letters and numbers ( ``a,'' ``aa,'' ``aaa,'' ``aaaa,'' etc.); Chinese
syllables (from the Pinyin Romanization of Chinese, a international standard
system of writing Chinese on an English keyboard); the King James Bible;
biological terms; common and vulgar phrases (such as ``fuckyou,'' ``ibmsux,''
and ``deadhead''); keyboard patterns (such as ``qwerty,'' ``asdf,'' and
``zxcvbn''); abbreviations (such as ``roygbiv'' \- the colors in the rainbow,
and ``ooottafagvah'' \- a mnemonic for remembering the 12 cranial nerves);
machine names (acquired from /etc/hosts); characters, plays, and
locations from Shakespeare; common Yiddish words; the names of asteroids;
and a collection of words
>from various technical papers I had previously published.
All told, more than 60,000 separate words were considered per user (with any
inter- and intra-dictionary duplicates being discarded).
Try various permutations on the words from step 2. This included making the
first letter upper case or a control character, making the entire word
upper case, reversing the word (with and without the aforementioned
capitalization), changing the letter `o' to the digit `0' (so that the word
``scholar'' would also be checked as ``sch0lar''), changing the letter `l' to
the digit `1' (so that ``scholar'' would also be checked as ``scho1ar,''
and also as ``sch01ar''), and performing similar manipulations to change the
letter `z' into the digit `2', and the letter `s' into the digit `5'.
Another test was to make the word into a plural (irrespective of whether the
word was actually a noun), with enough intelligence built in so that
``dress'' became ``dresses,'' ``house'' became ``houses,'' and ``daisy''
became ``daisies.'' We did not consider pluralization rules exhaustively,
though, so that ``datum'' forgivably became ``datums'' (not ``data''), while
``sphynx'' became ``sphynxs'' (and not ``sphynges''). Similarly, the suffixes
``-ed,'' ``-er,'' and ``-ing'' were added to transform words like ``phase''
into ``phased,'' ``phaser,'' and ``phasing.'' These 14 to 17 additional
tests per word added another 1,000,000 words to the list of possible
passwords that were tested for each user.
Try various capitalization permutations on the words from step 2 that were not
considered in step 3. This included all single letter capitalization
permutations (so that ``michael'' would also be checked as ``mIchael,''
``miChael,'' ``micHael,'' ``michAel,'' etc.), double letter capitalization
permutations (``MIchael,'' ``MiChael,'' ``MicHael,'' ... , ``mIChael,''
``mIcHael,'' etc.), triple letter permutations, and so on. The single letter
permutations added roughly another 400,000 words to be checked per user,
while the double letter permutations added another 1,500,000 words. Three
letter permutations would have added at least another 3,000,000 words \fIper
user\fR had there been enough time to complete the tests. Tests of 4, 5, and
6 letter permutations were deemed to be impracticable without much more
computational horsepower to carry them out.
Try foreign language words on foreign users. The specific test that was
performed was to try Chinese language passwords on users with Chinese names.
The Pinyin Romanization of Chinese syllables was used, combining syllables
together into one, two, and three syllable words. Because no tests were
done to determine whether the words actually made sense, an exhaustive search
was initiated. Since there are 398 Chinese syllables in the Pinyin system,
there are 158,404 two syllable words, and slightly more than 16,000,000 three
syllable words.
The astute reader will notice that 398\s-2\u3\d\s+2 is in fact 63,044,972.
Since Unix passwords are truncated after 8 characters, however, the number
of unique polysyllabic Chinese passwords is only around 16,000,000.
Even this reduced set was too large to complete under the imposed time
constraints.
A similar mode of attack could as easily be used with English, using rules
for building pronounceable nonsense words.
Try word pairs. The magnitude of an exhaustive test of this nature is
staggering. To simplify this test, only words of 3 or 4 characters in length
>from /usr/dict/words were used. Even so, the number of word pairs is
\fBO\fR(10\s-3\u7\d\s+3) (multiplied by 4096 possible salt values), and as of
this writing, the test is only 10% complete.
For this study, I had access to four DECstation 3100's, each of which was
capable of checking approximately 750 passwords per second. Even with this
total peak processing horsepower of 3,000 tests per second (some machines were
only intermittently available), testing the \fBO\fR(10\s-3\u10\d\s+3)
password/salt pairs for the first four tests
required on the order of 12 CPU months of computations. The remaining
two tests are still ongoing after an additional 18 CPU months of computation.
Although for research purposes this is well within acceptable ranges, it is a
bit out of line for any but the most dedicated and resource-rich cracker.
Summary of Results
The problem with using passwords that are derived directly from obvious words
is that when a user thinks ``Hah, no one will guess this permutation,'' they
are almost invariably wrong. Who would ever suspect that I would find their
passwords when they chose ``fylgjas'' (guardian creatures from Norse
mythology), or the
Chinese word for ``hen-pecked husband''? No matter what words or permutations
thereon are chosen for a password, if they exist in some dictionary, they are
susceptible to directed cracking. The following table give an overview of
the types of passwords which were found through this research.
A note on the table is in order. The number of
matches given from a particular dictionary is the total number of matches,
irrespective of the permutations that a user may have applied to it. Thus, if
the word ``wombat'' were a particularly popular password from the biology
dictionary, the following table will not indicate whether it was entered as
``wombat,'' ``Wombat,'' ``TABMOW,'' ``w0mbat,'' or any of the other 71 possible
differences that this research checked. In this way,
detailed information can be divulged without providing much knowledge to
potential ``bad guys.''
Additionally, in order to reduce the total search time that was needed for
this research, the checking program eliminated both inter- and
intra-dictionary duplicate words. The dictionaries are listed in the order
tested, and the total size of the dictionary is given in addition to
the number of words that were eliminated due to duplication. For
example, the word ``georgia'' is both a female name and a place, and is only
considered once. A password which is identified as being found in the common
names dictionary might very well appear in other dictionaries. Additionally,
although ``duplicate,'' ``duplicated,'' ``duplicating'' and ``duplicative'' are
all distinct words, only the first eight characters of a password are used in
Unix, so all but the first word are discarded as redundant.
box, tab(:), center;
cp+2fB s s s s s s
cfB cfB cfB cfB cfB cfB cfB
cfB cfB cfB cfB cfB cfB cfB
l n n n n n n .
Passwords cracked from a sample set of 13,797 accounts
Type of:Size of:Duplicates:Search:# of:Pct.:Cost/Benefit
Password:Dictionary:Eliminated:Size:Matches:of Total:Ratio\s-2\u*\d\s+2
User/account name:130\s-3\u\(dg\d\s+3:\-:130:368:2.7%:2.830
Character sequences:866:0:866:22:0.2%:0.025
Numbers:450:23:427:9:0.1%:0.021
Chinese:398:6:392:56:0.4%\s-3\u\(dd\d\s+3:0.143
Place names:665:37:628:82:0.6%:0.131
Common names:2268:29:2239:548:4.0%:0.245
Female names:4955:675:4280:161:1.2%:0.038
Male names:3901:1035:2866:140:1.0%:0.049
Uncommon names:5559:604:4955:130:0.9%:0.026
Myths & legends:1357:111:1246:66:0.5%:0.053
Shakespearean:650:177:473:11:0.1%:0.023
Sports terms:247:9:238:32:0.2%:0.134
Science fiction:772:81:691:59:0.4%:0.085
Movies and actors:118:19:99:12:0.1%:0.121
Cartoons:133:41:92:9:0.1%:0.098
Famous people:509:219:290:55:0.4%:0.190
Phrases and patterns:998:65:933:253:1.8%:0.271
Surnames:160:127:33:9:0.1%:0.273
Biology:59:1:58:1:0.0%:0.017
\fI/usr/dict/words\fR:24474:4791:19683:1027:7.4%:0.052
Machine names:12983:3965:9018:132:1.0%:0.015
Mnemonics:14:0:14:2:0.0%:0.143
King James bible:13062:5537:7525:83:0.6%:0.011
Miscellaneous words:8146:4934:3212:54:0.4%:0.017
Yiddish words:69:13:56:0:0.0%:0.000
Asteroids:3459:1052:2407:19:0.1%:0.007
Total:86280:23553:62727:3340:24.2%:0.053
In all cases, the cost/benefit ratio is the number of matches divided by the
search size. The more words that needed to be tested for a match, the lower
the cost/benefit ratio.
The dictionary used for user/account name checks naturally changed
for each user. Up to 130 different permutations were tried for each.
While monosyllablic Chinese passwords were tried for all users (with 12
matches), polysyllabic Chinese passwords were tried only for users with
Chinese names. The percentage of matches for this subset of users is 8% \-
a greater hit ratio than any other method. Because the dictionary size is
over 16\(mu10\s-2\u6\d\s+2, though, the cost/benefit ratio is infinitesimal.
The results are quite disheartening. The total size of the dictionary was
only 62,727 words (not counting various permutations). This is much smaller
than the 250,000 word dictionary postulated at the beginning of this paper,
yet armed even with this small dictionary, nearly 25% of the passwords were
cracked!
tab(:), center, box;
cp+2fB s s
cfB cfB cfB
l n n.
Length of Cracked Passwords
Length:Count:Percentage
1 character:4:0.1%
2 characters:5:0.2%
3 characters:66:2.0%
4 characters:188:5.7%
5 characters:317:9.5%
6 characters:1160:34.7%
7 characters:813:24.4%
8 characters:780:23.4%
The results of the word-pair tests are not included in either of the two
tables. However, at the time of this writing, the test was approximately 10%
completed, having found an additional 0.4% of the passwords in the sample
set. It is probably reasonable to guess that a total of 4% of the passwords
would be cracked by using word pairs.
Action, Reaction, and Proaction
What then, are we to do with the results presented in this paper? Clearly,
something needs to be done to safeguard the security of our systems from
attack. It was with intention of enhancing
security that this study was undertaken. By knowing what kind of passwords
users use, we are able to prevent them from using those that are easily
guessable (and thus thwart the cracker).
One approach to eliminating easy-to-guess passwords is to periodically run a
password checker \- a program which scans \fI/etc/passwd\fR and tries to
break the passwords in it.
T. Raleigh
R. Underwood
CRACK: A Distributed Password Advisor
USENIX UNIX Security Workshop Proceedings
August 1988
Raleigh1988
This approach has two major drawbacks. The first
is that the checking is very time consuming. Even a system with only 100
accounts can take over a month to diligently check. A halfhearted check is
almost as bad as no check at all, since users will find it easy to circumvent
the easy checks and still have vulnerable passwords. The second drawback is
that it is very resource consuming. The machine which is being used for
password checking is not likely to be very useful for much else, since a
fast password checker is also extremely CPU intensive.
Another popular approach to eradicating easy-to-guess passwords is to force
users to change their passwords with some frequency. In theory, while this
does not actually eliminate any easy-to-guess passwords, it prevents the
cracker from dissecting /etc/passwd ``at leisure,'' since once an
account is broken, it is likely that that account will have had it's password
changed. This is of course, only theory. The biggest disadvantage is that
there is usually nothing to prevent a user from changing their password from
``Daniel'' to ``Victor'' to ``Klein'' and back again (to use myself as an
example) each time the system demands a new password. Experience has shown
that even when this type of password cycling is precluded, users are easily
able to circumvent simple tests by using easily remembered (and easily
guessed) passwords such as ``dvkJanuary,'' ``dvkFebruary,'' etc.
Dr. Brian K Reid
1989
DEC Western Research Laboratory
Personal communication.
Reid1989
A good
password is one that is easily remembered, yet difficult to guess. When
confronted with a choice between remembering a password or creating one that
is hard to guess, users will almost always opt for the easy way out, and
throw security to the wind.
Which brings us to the third popular option, namely that of assigned
passwords. These are often words from a dictionary, pronounceable nonsense
words, or random strings of characters. The problems here are numerous and
manifest. Words from a dictionary are easily guessed, as we have seen.
Pronounceable nonsense words (such as ``trobacar'' or ``myclepate'') are
often difficult to remember, and random strings of characters (such as
``h3rT+aQz'') are even harder to commit to memory. Because these passwords
have no personal mnemonic association to the users, they will often write
them down to aid in their recollection. This immediately discards any
security that might exist, because now the password is visibly associated
with the system in question. It is akin to leaving the key under the door
mat, or writing the combination to a safe behind the picture that hides it.
A fourth method is the use of ``smart cards.'' These credit card sized
devices contain some form of encryption firmware which
will ``respond'' to an electronic ``challenge'' issued by the system onto
which the user is attempting to gain acccess. Without the smart card, the
user (or cracker) is unable to respond to the challenge, and is denied access
to the system. The problems with smart cards have nothing to do with
security, for in fact they are very good warders for your system. The
drawbacks are that they can be expensive and must be carried at all times
that access to the system is desired. They are also a bit of overkill for
research or educational systems, or systems with a high degree of user
turnover.
Clearly, then, since all of these systems have drawbacks in some
environments, an additional
way must be found to aid in password security.
A Proactive Password Checker
The best solution to the problem of having easily guessed passwords on a
system is to prevent them from getting on the system in the first place. If
a program such as a password checker reacts by detecting guessable
passwords already in place, then although the security hole is found, the hole
existed for as long as it took the program to detect it (and for the user to
again change the password). If, however, the program which changes user's
passwords (i.e., /bin/passwd) checks for the safety and guessability
before that password is associated with the user's account, then the
security hole is never put in place.
In an ideal world, the proactive password changer would require eight
character passwords which are not in any dictionary, with at least one
control character or punctuation character, and mixed upper and lower case
letters. Such a degree of security (and of accompanying inconvenience to the
users) might be too much for some sites, though. Therefore, the proactive
checker should be tuneable on a per-site basis. This tuning could be
accomplished either through recompilation of the passwd program, or
more preferably, through a site configuration file.
As distributed, the behavior of the proactive checker should be that of
attaining maximum password security \- with the system administrator being
able to turn off certain checks. It would be desireable to be able to test
for and reject all password permutations that were detected in this research
(and others), including:
tab(:);
c lw(2.3i) c lw(2.3i).
\(bu:T{
Passwords based on the user's account name
T}:\(bu:T{
Passwords based on the user's initials or given name
T}
\(bu:T{
Passwords which exactly match a word in a dictionary (not
just /usr/dict/words)
T}:\(bu:T{
Passwords which match a word in the dictionary with some or all
letters capitalized
T}
\(bu:T{
Passwords which match a reversed word in the dictionary
T}:\(bu:T{
Passwords which match a reversed word in the dictionary with some or all
letters capitalized
T}
\(bu:T{
Passwords which match a word in a dictionary with an arbitrary letter turned
into a control character
T}:\(bu:T{
Passwords which match a dictionary word with the numbers `0', `1', `2', and
`5' substituted for the letters `o', 'l', 'z', and 's'
T}
\(bu:T{
Passwords which are simple conjugations of a dictionary word (i.e., plurals,
adding ``ing'' or ``ed'' to the end of the word, etc.)
T}:\(bu:T{
Passwords which are patterns from the
keyboard (i.e., ``aaaaaa'' or ``qwerty'')
T}
\(bu:T{
Passwords which are shorter than a specific length (i.e., nothing shorter than
six characters)
T}:\(bu:T{
Passwords which consist solely of numeric characters (i.e., Social Security
numbers, telephone numbers, house addresses or office numbers)
T}
\(bu:T{
Passwords which do not contain mixed upper and lower case, or mixed letters
and numbers, or mixed letters and punctuation
T}:\(bu:T{
Passwords which look like a state-issued license plate number
T}
The configuration file which specifies the level of checking need not be
readable by users. In fact, making this file unreadable by users (and by
potential crackers) enhances system security by hiding a valuable guide
to what passwords are acceptable (and conversely, which kind of
passwords simply cannot be found).
Of course, to make this proactive checker more effective, it woule be
necessary to provide the dictionaries that were used in this research
(perhaps augmented on a per-site basis). Even more importantly, in addition
to rejecting passwords which could be easily guessed, the proactive password
changer would also have to tell the user why a particular password was
unacceptable, and give the user suggestions as to what an acceptable password
looks like.
Conclusion (and Sermon)
It has often been said that ``good fences make good neighbors.'' On a
Unix system, many users also say that ``I don't care who reads my files, so I
don't need a good password.'' Regrettably, leaving an account vulnerable to
attack is not the same thing as leaving files unprotected. In the latter
case, all that is at risk is the data contained in the unprotected files,
while in the former, the whole system is at risk. Leaving the front door to
your house open, or even putting a flimsy lock on it, is an invitation to the
unfortunately ubiquitous people with poor morals. The same holds true for an
account that is vulnerable to attack by password cracking techniques.
While it may not be actually true that good fences make good neighbors, a
good fence at least helps keep out the bad neighbors. Good passwords are
equivalent to those good fences, and a proactive checker is one way to
ensure that those fences are in place before a breakin problem occurs.
-- ============ -- =========== -- =========== -- =========== -- =========== --
"The only thing that separates us from the animals is superstition
and mindless rituals". Daniel Klein CMU-SEI +1 412/268-7791
dvk@sei.cmu.edu
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- The Empire Times -=-
Volume 1, Issue 2, File 8 of 11
Phreak Knowledge
Written, Edited, and Remixed
By
Rebel Lion
You are about to witness the power of phreak knowledge.
Maybe you're a lamer. Maybe you don't know what a lamer is.
Maybe you just want to know a little bit about phreaking.
I'm gonna teach you how.
I. Definitions
Dialup: A telephone number used to access a long distance service such
as MCI. Once accessed, a call may be made through a Calling Card.
An extender for an LD company.
Calling Card: An account with a LD service such as Sprint or MCI. The card
itself is plastic and has the subscriber's account number
printed on the front, resembling a credit card. Never actually
steal one, for it will be cancelled. Just copy down the number
and use it for LD or whatever.
INWATS: Inward Wide-Area Tellicommunications Service. WATS is an 800 number.
Inwards means a WATS that recieves calls, (a normal 1-800 number).
PBX: Private Branch Exchange. An extender owned by a private company that
allows employees to make calls from outside the company, to be charged
to the company. Naturally, a phreak uses this oppurtunity to hack out
the code himself and use the PBX for his own needs.
Loop: A loop involves two phone numbers. One is the tone side, which is called
by one person. The other is the silent side which is called by the
second person. The two people can then talk to each other. Used by Ma
Bell for some stupid testing thing. Used by Joe Phreaker to talk to
people without giving out his home phone number [voice validation,
maybe even conference shit].
Ma Bell: A generic term for the phone company, the place you're ripping off.
Bridge: A bridge is one big line where many people can call up and be added
to an on-going group talk. Used by phreaks for a big conference.
AT&T Alliance Teleconference: A new conference system by AT&T that allows up
to 50 people in a conference and can easily
be accesed by any payphone with an AT&T calling
card. It's made for business pigs, so it's a very
un-suspicious user-phreindly system. It's run on
a voice system, so its much easier than with an
operator.
ANI: Automatic Number Identification. It is used by companies to identify
the number of the caller. Used by phreaks when beige boxing or using
a diverter to tell the number they're calling through.
Diverter: Basically calling up a company or small business and accesing
their outward line. If you're gonna waste your time with this,
make sure you use an ANI number to tell you actually have
a diverter, and aren't just hearing your own dial tone
[its happened].
Local: A non-LD call.
Blue Boxing: The original phreaking. Using a 2600hz tone to seize a trunk
(using a tone that operators use to connect phone calls).
You can also move yourself all around the phone company
when you blue box, because Ma Bell thinks you're an operator.
This still works under ESS, but if you try it an FCC man will
be at your door within an hour. See ESS.
Beige Boxing: Using a lineman's handset, or similar homemade device, to
access other people's lines through a bridge head.
Red Boxing: Using a device ["box"] to produce quarter tones at a phortress
phone. Free calls.
Black Boxing: Using a device ["box"] to recieve a collect call without
paying. Does not work under ESS.
ESS: Electronic Switching System. New brand of switching system used by Ma
Bell. It is a computer program written to monitor, detect, and prosocute
phreakers to the fullest. ESS detects foreign tones on the line, and
alerts another computer in the system exactly where the call was originated. As you can see, this is a dangerous weapon against phreakers.
Other switching systems: The original switching system was step by step
which used pulse and actually moved a relay for
every digit you dialed. Next was crossbar, which
had DTMF [touch-tones], but didn't have advanced features that ESS has, such as last call re-dial,
trace call, other * fucntions, and 911 for emergancy.
VMB: Voice Mail Box. An advanced answering machine where the user pays a VMB
company to store messages for them, which are then retrieved by the user
with a code. Phreaks can hack out a VMB's access code, and then change
the box to their own.
Conference Call: A telephone call where more than two parties [people] talk at one time.
Area Code/NPA: First set of 3 digits in a telephone number. NPA-Nxx-xxxx.
Prefix: Second set of 3 digits in a telephone number. NPA-Prefix-xxxx.
Exchange: Last 4 digits of a telephone number. NPA-Nxx-exchange.
CN/A: Customer Name and Address. This is an office that an emplyee of Ma Bell
calls up to recieve the name and address of someone from their phone
number. Used by phreaks to see who their ripping off.
Phortress Phone: A standard pay phone.
Phreaking: The illegal use of the phone system by an individual or group.
Phreak: An abuser of the phone system for his own benefit.
Scanning: Either by hand or by using a program, dialing random or sequential numbers in an exchange, prefix, or NPA, looking for carriers, PBX's, or other Ma Bell test functions.
Extender: A number used by a LD company that can be dialed free from phortress phones [950-xxxx]. Provides instant long distance access for calling card holders.
II. Abbreviations
NPA: Number Planning Area [area code] (703)
Nxx: Prefix (765)
xxxx: Exchange (6567)
VMB: Voice Mail Box
ESS: Electronic Switching System
CN/A: Customer name and Address
PBX: Private Branch Exchange
99xx: A prefix scan (from 7659900 to 7659999)
LD: Long Distance
PIN: Personal Identification Number
WATS: Wide Area Telecommunications Service
XDC: X digit code, where x the number of digits in the code
ACN: Any standard 10-digit telephone number
CO: Central Office
SxS: Step by Step, the first switching system
III. Conclusion
Phreak Knowledge is very usefull to everyone in the present. Hopefully,
phreaking will not die, and any new technology Ma Bell comes up with,
Phreaks will fight back at. Unfortunatley, ESS has disproven this theory. This
new, electronic switching system, has shown the end to much of our heritage.
Blue Boxing, Black Boxing, and in some places even Red Boxing, have all
been destroyed. We must ban together and fight against these evils, or we all
will perish.
-==============================Thanks=================================-
Nat X, for teaching me the art of PBX'ing and to go through two of em when
using Alliance.
Chuck U Farley, for teaching me to always be cautious.
-==============================Call===================================-
Death Row (703) 892-0015
-=====================================================================-
"All Is Fair In Love And Phreak."
-=====================================================================-
___________________________
| |
| Phreaking Will Never Die |
|___________________________|
| |
| Rebel Lion 06/20/92 |
|___________________________|
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- The Empire Times -=-
Volume 1, Issue 2, File 9 of 11
The Beginner's Guide To Hacking On Datapac 1992 Update
Written By The Lost Avenger
Welcome to once again to the first return issue of the UPi newsletter.
This file was originally released for Spectrum Issue #1, and then re-released
in the very first UPi Newsletter (Volume 1, Issue 1) and from there I have now
decided that the public's positive reaction to this file was still so
tremendous that it made me decide to re-release the file again and also
re-write and update it to the 1992 specifications for Datapac. Hope you enjoy
reading this file as I did writing it.
After reading through my large collection of g-files. I have found that
there hasn't been a good text file for beginner about hacking the Datapac
network. This guide will give a general incite on how to identity different
types of operating systems when you are hacking about Datapac, and on generally
basic information about Datapac. I hope this will give you more knowledge
about the Datapac network to help get you started. Hope you learn a lot about
Datapac and enjoy reading it at the same time. I have released this file in
UPi Issue Number 1 but I have updated it and re-releasing it.
These are the ten rules of hacking that I go by when I hack around on
systems. These rules are important in order maintain from being caught or
discovered illegally hacking on a system.
I. Do not intentionally damage *any* system.
II. Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible.)
III. Do not leave your (or anyone else's) real name, real handle, or real
phone number on any system that you access illegally. They *can* and
will track you down from your handle!
IV. Be careful who you share information with. Feds are getting trickier.
Generally, if you don't know their voice phone number, name, and
occupation or haven't spoken with them voice on non-info trading
conversations, be wary.
V. Do not leave your real phone number to anyone you don't know. This
includes logging on boards, no matter how k-rad they seem. If you
don't know the sysop, leave a note telling some trustworthy people
that will validate you.
VI. Do not hack government computers. Yes, there are government systems
that are safe to hack, but they are few and far between. And the
government has infinitely more time and resources to track you down than
a company who has to make a profit and justify expenses.
VII. Don't use codes unless there is *NO* way around it (you don't have a
local Telenet or Tymnet outdial and can't connect to anything 800...)
You use codes long enough, you will get caught. Period.
VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law.
It doesn't hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car.
You may feel a little funny, but you'll feel a lot funnier when you
when you meet Bruno, your transvestite cellmate who axed his family to
death.
IX. Watch what you post on boards. Most of the really great hackers in the
country post *nothing* about the system they're currently working
except in the broadest sense (I'm working on a UNIX, or a COSMOS, or
something generic. Not "I'm hacking into General Electric's Voice Mail
System" or something inane and revealing like that.)
X. Don't be afraid to ask questions. That's what more experienced hackers
are for. Don't expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a beginning hacker
shouldn't mess with. You'll either get caught, or screw it up for
others, or both.
I think in my own opinion the best way to find systems is by scanning them
out. Getting them off a board or off a friend is not very safe as they may
already have been hacked to death. Now you are probably wondering how you scan
for systems, well this is what you do. First you select a four digit number
representing the area you want to scan, for example 4910 or something like
that. What you do from there is when you connect to the Datapac network (See
Part V for more details on how to connect to Datapac) you type ".." and press
enter. You should get some kind message such as "DATAPAC: XXXX XXXX" (with
XXXX XXXX the Datapac node number you are on). Once you get that message you
will enter a four digit number (the prefix) that you have selected, but don't
press enter yet. After that type in another four digit number (the suffix)
your have selected and press enter. Datapac will give respond to that by
giving you a Network Message which is discussed later (see Part VII for the
Datapac Network Messages). These messages will tell you if the system you are
trying to reach is out of service, up, busy, and so on. If you have
successfully connected to a system and want to disconnect from if and go back
into Datapac type in the following string "<Control>-P Clear <Enter>". To
continue scanning for more systems just keep on adding one to the last digit of
the number in the suffix that you entered before and press enter. To keep on
scanning just continue this until whatever suits your needs, for example you
may start scanning at 4910 0000 and could stop scanning at 4910 1000.
Ok now in this section I will discuss on how to connect to the Datapac
network. Ok what you do to connect to Datapac is first make sure you computer
is on. Then you load your terminal program, next call your local Datapac
node. Once connected type to Datapac type in "..<Enter>". Datapac will
respond to this with the following message:
DATAPAC: XXXX XXXX
The XXXX XXXX is the Datapac node number you are on. If you have a Network
User Identifier (NUI) then you can enter it in the following way, if you don't
have one then skip this part:
NUI <Your NUI> <Enter>
you will then see the next message:
PASSWORD:
XXXXXX
If Datapac did not send that message then that means that NUI that you entered
is not a valid one. If you did get this message then enter the password
assigned and press enter. Datapac will respond with either one of the
following messages:
DATAPAC: network user identifier <Your NUI> active.
which means that the password entered is correct or
DATAPAC: network user identifier error
which means that the password entered is not correct. Take note that if you
have the valid NUI and it is on and you want to turn it off then type in the
following command:
NUI Off<Enter>
>from there Datapac will send:
DATAPAC: network user identifier not active
which means that you are no longer using the NUI, which also means that won't
be able to connect to NUA's that don't accept collect calls. Once you enter
in all that information.. you can know enter in a NUA. To enter in a NUA just
type in 1+DNIC+NUA (example 1208057040540 for QSD). If you connect to the NUA
properly then you will get this message:
DATAPAC: Call connected to: XXXX XXXX
The XXXX XXXX is the NUA that you have requested to connected to, otherwise it
will display a different message which is discussed later on in this document.
When a Datapac call is established through the network, a call connected
message is received at the originating DTE. All or some of the following
messages may be identified depending on the type of call, options used for the
call, and the type of destination.
Example:
[HUNTED] [BACKED UP] [BACKED UP & HUNTED]
[i LCN] [P/N PACKETSIZE: (128 OR 256)] [NUI (6 to 8 CHAR)CHARGING]
[CUG:(CUG#)] [REVERSE CHARGE]
MESSAGE EXPLANATION
Call connected to: XXXXXXXX A virtual circuit has been established between
an originating DTE and a remote (receiving)
DTE.
Hunted The remote logical channel is part of a hunt
group.
Backed Up The call attempt to the remote DTE has failed.
The network has re-directed the call to another
predetermined DTE that has been optioned as
backup.
i The call has been placed to an international
address.
P Priority service. Packet size: 128.
N Normal service. Packet size: 128 or 256.
DNA Data Network Address of the originating DTE.
LCN Logical Channel Number of the recipient DTE.
NUI The call will be billed to the 6 to 8 character
Network User Identifier.
CUG The recipient DTE is part of a closed user
group.
Reverse Charge The recipient DTE has accepted the charge
associated with the established call.
There are thirty-three messages which may appear when you are accessing the
Datapac network. All of these network-generated messages which are sent to a
terminal, are written as "Datapac: text". The "text" will be one of the
following messages:
ADDRESS
This is a Datapac herald mess
age for an SVC terminal. The "address"
displayed is your Datapac network address. This message indicates that you are
connected to the Datapac network. Proceed with the call request command.
{P,R} TERMINAL ADDRESS -- (DESTINATION ADDRESS LOGICAL CHANNEL)
This is a Datapac herald message for a PVC terminal. It indicates that you
are connected to the network (address and destination address)
CLOSED USER GROUP ERROR INVALID ADDRESS, MORE THAN 12 DATA CHARACTERS, or COMMA
REQUIRED BEFORE DATA CHARACTERS
These messages indicate an error in the call request command--correct and
re-enter the command.
CALLED BY [P][R] or [N][I] ADDRESS (XXX)
This message indicates that a host or terminal has called you. Proceed
with sign-on. (Note: P or N denotes grade of service. R specifies the
charging option, if applicable. I specifies that it is an international call.
(XXX) specifies the logical channel number if it is a national call, and
specifies the gateway id if it is an international call.
CALL CONNECTED
This message indicates that the SVC connection between your terminal and
the destination has been established successfully.
RE-ENTER
This message indicates that a transmission error has occurred in the
current input line. Re-enter the line. If the problem persists, report the
trouble to Telecom Canada.
INPUT DATA LOST
This message indicates that a transmission error has occurred. Since part
of your input line has already been transmitted to the destination, enter a
"line delete" character for your application and a carriage return (CR). When
the destination replies, re-enter the line.
PARITY ERROR
This message indicates that a parity error has occurred in the current
input line from a terminal which is operating in echo mode. The character
which is in error is not echoed. Re-enter the character and continue normal
input. If the problem persists, report the trouble to Telecom Canada.
INPUT ERROR
This message indicates that there is a network problem, due to overruns.
If the problem occurs often, contact Telecom Canada.
PVC DISCONNECTED - TEMPORARY NETWORK PROBLEM
This message indicates that a network problem is preventing the requested
call from continuing. Wait for the Datapac herald message, then continue. If
the condition persists, contact Telecom Canada.
PVC DISCONNECTED - DESTINATION NOT RESPONDING
This message indicates that either the access line to the destination, or
the destination itself is down. Try again later. If the condition persists,
contact the destination.
PVC DISCONNECTED - REMOTE REQUEST
This message indicates that the destination has asked that the connection
be discontinued.
INVALID COMMAND
This message indicates that there is a syntax error in the command.
Correct it and re-enter the command.
COMMAND NOT ALLOWED
This message indicates that the command which was entered, although
syntactically correct, cannot be implemented either due to the NIM state, or
because it violates and/or conflicts with the service options selected --e.g.,
a call request command, when an SVC is already established.
CALL CLEARED -- DESTINATION BUSY
This message indicates that the destination computer cannot accept another
call. Try again later.
CALL CLEARED -- INCOMPATIBLE CALL OPTIONS
This message indicates that the call request command includes facilities
which are not available at the destination or are incompatible with it. Verify
and try the call again. If the problem persists, contact the destination.
CALL CLEARED -- TEMPORARY NETWORK PROBLEM
This message indicates that a network problem has occurred--try again
later. If the problem persists, report it to Telecom Canada.
CALL CLEARED -- DESTINATION NOT RESPONDING
This message indicates that the destination is either not acknowledging
your request to connect or it is inoperable. Try again later. If the problem
persists, contact the destination.
CALL CLEARED -- ACCESS BARRED
This message indicates that the network has blocked your call because of a
Closer User Group violation. Verify the call establishment procedures with the
destination.
CALL CLEARED -- ADDRESS NOT IN SERVICE
This message indicates that the network address in the call request command
identifies a non-existent destination-- i.e., the address is not yet (or is no
longer) assigned. Verify the address and re-enter the call request command.
If the condition persists, contact the destination.
CALL CLEARED -- COLLECT CALL REFUSED
This message indicates that the destination is not willing to accept the
charges for the connection (e.g., it does not accept calls from Datapac public
dial ports). Verify the call establishment procedures and try the call
again. If the condition persists, contact the destination. (See Part VII and
Part VIII for more information.
CALL CLEARED -- LOCAL PROCEDURE ERROR
This message indicates that a network protocol error has occurred. Try the
call again. If the condition persists, report the trouble to Telecom Canada.
CALL CLEARED -- REMOTE PROCEDURE ERROR
This message indicates that a destination protocol error has occurred. Try
the call again. If the condition persists, contact the destination.
CALL CLEARED -- LOCAL DIRECTIVE
This message indicates that a virtual circuit has been cleared in response
to a clear command from a terminal user.
CALL CLEARED -- REMOTE DIRECTIVE
This message indicates that a virtual circuit has been cleared in response
to a clear request packet from the destination.
CALL CLEARED -- REMOTE REQUEST
This message indicates that a virtual circuit has been cleared in response
to an invitation from the destination to clear the call.
RESET -- TEMPORARY NETWORK PROBLEM
This message indicates that a network problem has occurred on the PVC
connection. Wait for the Datapac herald message, then continue. If the
condition persists, report the trouble to Telecom Canada.
RESET -- DESTINATION NOT RESPONDING
This message indicates that the destination end of the PVC connection is
not responding-- i.e., either the access line to the destination, or the
destination itself, is down. Try again later. If the condition persists,
contact the destination.
RESET -- LOCAL PROCEDURE ERROR
This message indicates that the PVC has been reset because of a network
protocol error. Wait for the Datapac herald message, then continue. If the
condition persists, report the trouble to Telecom Canada.
RESET -- REMOTE PROCEDURE ERROR
This message indicates that the PVC has been reset because of the
destination protocol error. Wait for the Datapac herald message, then
continue. If the condition persists, contact the destination.
If the host computer is connected via the ITHI option, this message
indicates that data has been disregarded due to the host not reacting to flow
control conditions sent by the PAD.
RESET -- LOCAL DESTINATION
This message is the network's response to a reset command from the terminal
user. Continue.
RESET -- BY DESTINATION
This message indicates that the destination has reset the virtual circuit.
Data may have been lost. Continue. If the condition persists; report it to
the destination.
RESET -- TEMPORARY NETWORK PROBLEM
These messages indicate that the network has reset the switched virtual
circuit. Data may have been lost. Continue. If the problem persists, report
it to Telecom Canada.
RESET -- LOCAL PROCEDURE ERROR
These messages indicate that the network has reset the switched virtual
circuit. Data may have been lost. Continue. If the problem persists, report
it to Telecom Canada.
Well let me just get back and discuss something that I was talking about
before but didn't go into any great detail about. The Network User Identifier
(NUI) is a credit card-like system associated with the Datapac Network -
similar to a calling card used to bill long distance calls. A NUI is a 6-8
character alphanumeric code which is entered during call set-up to indicate an
account to which Datapac calls may be billed. Associated with each NUI is a
password which is used as a security check when establishing a connection to
the Datapac network. The password is confidential, known only to the user.
The purpose of a NUI is to allow a Datapac user to make use of the Datapac
network for data communications without the requirement of a dedicated Datapac
connection or the need for the destination to accept reverse charge calls.
Once the NUI/password pair has been correctly validated, the call is set up to
the requested destination and call usage billed to the NUI/Datapac account
number.
At call set-up time, the user specifies the NUI and password to the
network. The password is used by the network to authenticate the use of the
NUI. After the NUI/password pair has been correctly validated (process whereby
NUI/password is checked by NUI application), the user will be able to bill all
subsequent session usage to the specified NUI.
There are many useful applications for NUI. NUI, when provided to
authorized users, can eliminate the need for host to accept reverse charge
calls. NUI is required by users of public dial who are placing calls to a host
application with the reverse charge blocking option. NUI permits subscribers
of dedicated and private dial Datapac services to "Third Party" usage charges
to a NUI account. For example, some users may decide that they do not want
usage charged to the dedicated access line which they are using (i.e., if using
someone else's line/terminal). By entering the NUI, all usage for subsequent
calls during the same session would be billed to the account associated with
the specified NUI. NUI permits sender paid calls to domestic Datapac network
addresses and to foreign networks. Users can make international calls to
overseas networks and charge the call usage to their NUI when using public dial
ports. Offshore networks accessed via Teleglobe do not accept collect calls.
Users also have the capability of placing sender paid calls to Domestic Datapac
addresses, Telenet, Tymnet, Autonet, ACUNET and DASNET in the United Sates.
NUI is required to complete calls using Datapac indial/outdial ports (i.e.,
devices at destination not connected to Datapac). NUI can be used to achieve
benefits of departmental accounting. The Datapac bill is itemized to indicate
the charges related to each NUI. This will assist in determining which
department has generated usage and the associated charges.
There are two main components to Datapac billing which is access and usage
Both are billed on a monthly basis. These are the monthly recurring charges
for dedicated access to the Datapac network.
Included in this component are; Service charges - The one time service
charge associated with a request for new service or a change to an existing
one. Monthly charges - The recurring charge for basic dedicated access to the
Datapac network. Other monthly - The additional recurring charges for any
optional charges features or enhancements (additional VCs, PVCs, CUGs, etc.) to
a dedicated access.
These are the charges for the variable amounts of customer data sent to and
>from the network. Included in this component are; Hold charges - Per minute.
This applies only to Public Dial Port and International calls. Call set-ups
(Call Requests) - Per attempt. Does not apply to Permanent Virtual Circuit
(PVCs) arrangements. Resets - Per occurrence when generated by the customer.
PAD usage - Per segment*. Applies to all services except Datapac 3000.
Network usage - Per segment*. Rateant the grade (1,2,3) of the
cities involved (DPSAs) and the distance between them. Surcharges - An
incremental 5% to 25% surcharge applies to network usage when a premium
throughput class is ordered. - A 25% surcharge applies to network usage with
customer requested Priority calls. NUI - although this is a recurring monthly
charge, it is grouped with usage for billing.
Billing of data packets in Datapac is done in segments and commonly
referred to as KILOSEGMENTS (1000 segments). In most cases, one segment is
equal to one packet containing from one to 256 characters. There are some
exceptions; Priority packets - Are a maximum 128 characters and are billed as
one segment, surcharge applies. 512 character packets - Are billed as two
segments. Packets to/from U.S. networks - Are a maximum 128 characters and
are billed as one segment. Packets to/from Overseas networks - The
international standard packet size is a maximum 64 characters and is billed as
one segment by Datapac. Some overseas networks have 128 character packets but
these are billed as two segments.
Network User Identifier (NUI) Charges
Monthly Service
Rate Charge
General NUI $2.40 $75.00
Corporate NUI $50.00 $125.00
Sub-NUI $2.40 No charge
General Access Rates
Monthly Service
Rate Charge
Closed User Group (CUG) $1.35 $75.00
- no charge for CUG options
Reverse Charge Call Feature $1.35 $22.00
Direct Call Feature $4.20 $75.00
Hunt Group $55.00 $22.00
Call Redirection $157.00 $22.00
- additional charge for diversity
where available
Usage Rates
Datapac usage includes the following billable components:
Hold Time (1,2) $0.04/min. Public Dial and
International ONLY
Call Set-up $0.01 each Public Dial/SVCs ONLY
Reset $0.01 each Customer initiated ONLY
PAD usage (1,2)
Datapac 3101 $0.50/kilosegment
Datapac 3201 $0.85/kilosegment
Datapac 3303 $0.70/kilosegment
Network Usage (1) see following table based on distance
and grade
(1) A 25% discount applies to these components for calls initiated and
completed between 7 PM and 7 AM and on weekends and certain holidays.
Applies to ** PUBLIC DIAL ONLY**.
(2) PAD and Hold Time charges are applied at both the calling and called end,
where applicable.
M I L E A G E
DPSA (city) 1-100 101-400 401-1000 1000+
----------- ----- ------- -------- ------
1 to 1 $0.40 $0.65 $1.06 $1.80
1 to 2 $1.01 $1.70 $2.33 $3.50
1 to 3 $1.70 $3.50 $4.13 $4.77
2 to 2 $1.75 $3.34 $4.24 $5.57
2 to 3 $2.44 $4.24 $5.30 $6.41
3 to 3 $3.13 $5.30 $6.36 $7.00
* NOTE : Larger cities are grade 1 Datapac Serving Areas smaller
cities are grade 3 DPSA's
The Datapac Summary Usage Statement is monthly statement is free of charge.
It is a summary of all calls that have been billed to the addresses or NUIs
that are part of an account for that billing period
Because this is a summary, it is not possible to accurately reconcile the
details of any totals on this statement. This is due to the standard accounting
practices of rounding rules, minimum charging and taxing procedures that have
been applied. If your organization needs this capability, it must be done from
a Detailed Usage Statement. There are other options that can be considered to
meet these needs such as; reverse charging, NUI, separate accounts or division
codes (where available). Please discuss this with the Sales Representative of
your local telephone company.
In addition to the customers account number, dates of the billing period
involved, tax totals and grand total, the following information is supplied;
Billed Address (or NUI and city); Other Address (or City Code if Public Dial
call), # of calls, # of resets, billable units (kilosegments), indication of
surcharges (if applicable), duration of calls, hold charges (if applicable),
and usage charges; A sub total of all above information for each billed address
and Service type of each address
This information is sorted in descending numerical/ alphabetical order.
This same information is given for the U.S. and Overseas Summary Usage
Statements and is grouped by Packet Switching Network name.
A new format for the Datapac Summary Usage Statement will begin
introduction in mid to late 1991. Improved methods of grouping, sorting and
reporting usage have been introduced as well as some additional details. Some
major highlights; Title page to display previous 12 months billing history,
page break by service type, sub-totals by service type, final page with
sub-totals of domestic, overseas and International usage with taxes and a grand
total. The information you need from a summary statement will be easier to
find and handle.
The Datapac Detailed Usage Statement which is chargeable option. It is
a monthly statement that details each and every call that has been billed to
the addresses or NUIs that are part of an account for that billing period.
In addition to the customers account number, the dates of the billing
period involved, tax totals and the grand total, the following information is
supplied for each call; Billed Address or NUI and city, service type, logical
channel (virtual circuit #), throughput class; Other Address and city (only
City if Public Dial call), service type, logical channel (virtual circuit #),
throughput class; Date, local start time and local stop time; Number of resets
(if any); Clear Cause Code; Billable Units (segments) received transmitted;
Call Set-up Class; Hold charges (if applicable); Usage charges and Taxing
province
This same information is given for the U.S. and overseas calls and grouped
by Packet Switching Network name.
The calls on this statement are grouped by billed address and other address
then sorted in descending numerical order. The calls between the Billed and
Other Address are sorted in descending chronological order.
Each call record on this statement can represent either a portion of or a
complete call. Under normal circumstances, an accounting record for a call is
generated when a call is cleared, or every 12 hours. If required, accounting
records can be generated on a call still in session (for variety of network
maintenance reasons). Therefore, a complete accounting record for a particular
call may appear on more than one line. Such instances are identified by the
Class and Clear Codes. If call total is required, it must be calculated
manually.
Well up to now I have discussed how to connect to Datapac, what a NUI is
and how much it cost for a NUI, summary usage statement, detailed usage
statements and usage statement codes. Let me changes topics for a minute and
describe the different type of Datapac services available.
Datapac 3000 is synchronous, application independent service that allows
data terminals (DTE's) and data communicating equipment (DCE) to exchange data
in a packet-mode over a public or private packet switching network.
The DTE/DCE interface connection, disconnection and transmission rules are
defined in a packet switching protocol called X.25 recommendation which is
developed and governed by the international telephone and telegraph consultativ
committee (CCITT).
X.25 protocol is a bit oriented framing structure based on the high level
data link control (HDLC). The CCITT recommendations for X.25 are divided into
three levels, namely:
The Physical Interface (Level 1) - Specifies the use of four-wire,
point-to-point synchronous circuit between the DTE and the network (DCE). This
circuit includes two modems or datasets (one connected to the DTE and the other
connected to the network). Characteristics are: 4-wire point-to-point or dial
via a V.22 bis modem; Full duplex via RS232 convention.
The Frame Level Logical Interface (Level 2) - Defines the frame level link
procedures used to synchronize transmission, initiate the "handshaking"
necessary to establish the 'R-U-There'/Yes-I-Am sequence, flow control
mechanism and perform error checking of data exchange across the DTE/DCE
interface (link). the DTE is usually located at the customer premises and is
called host while the DCE is located in the network. the procedures used to
control the link are defined as commands and responses. Characteristics are:
HDLC; Link access procedure balanced (LAPB) X.25(80) or X.25(84).
The Packet Level Logical Interface (Level 3) - Defines the packet formats
and control procedures required to establish a logical path (call request),
exchange information (data packets) and for removing the logical path (clear
request) between the DTE and DCR. Characteristics are: Logical Channels
(LCN`s); Packet Size; Window Size; And Throughput Class.
The customer's terminal (Host) is connected to a local modem which in turn,
is connected to a second modem (Remote) in the central office via by 4 wires
which in turn, is connected to a line processing module in the Datapac network.
This configuration is called the DTE/DCE link and can be assigned speeds of
1200 bps through 19200 bps.
This DTE/DCE link is assigned a unique Datapac network address (DNA) and
other link parameters such as line speed, modem type, flow control and security
by Telecom Canada.
When the electrical signals are in the correct state as specified in level
1, the Datapac line processing module continuously transmits a CCITT command
called SBMM (Set Asynchronous Balanced Node) to the customer's terminal (Host)
every three seconds. If the host is ready, it responds to the SABM with a
CCITT response UA (Unnumbered Acknowledgement). When this occurs, the link is
initialized (level 2 ready), the host and Datapac module exchange restarts or
restart/restart confirmation commands. When this occurs, the DTE/DCE link
generates a transition to the next X.25 level, level 3.
The DTE then signals the address it wishes to communicate with in a CCITT
defined call request format (8 digits ), 10 digits if using 9th and 10th digit
subaddressing on a Logical Channel (LCN) Datapac then routes the call request
to the appropriate destination (national or international) and awaits a CCITT
defined call accept packet. If this occurs, the accept packet is transmitted
back to the originating host and both hosts may now exchange CCITT defined data
packets. This is called a Switched Virtual Call (SVC); permanent virtual calls
(PVC's) are also offered. At the end of the session, either host can terminate
the SVC by transmitting a CCITT defined clear request packet. Up to 255 SVC's
may be supported simultaneously.
Dial access service is also offered at 2400 bps with a maximum of eight
LCN's over the public telephone network
Datapac 3000 provides customers with a cost effective service derived from
packet switching technology and X.25 protocol. Some benefits are: Simultaneous
communication with many (up to 255) different locations, national and
international, error free transmission, system expansion flexibility, cost
containment through reduced host port connections, 24 hours 7 days-a-week
service, lower communication costs, call parameter selection to suit particular
applications.
Datapac 3101 is a network access service which enables teletypewriter
compatible devices, such as time-sharing terminals, to access the Datapac
network.
Low speed, asynchronous devices are supported through an Interactive
Terminal Interface (ITI) in a Packet Assembler/Disassembler (PAD), which allows
the devices to access the network over dial-up (DDD) or dedicated access lines.
ITI, the end-to-end protocol for Datapac 3101 conforms to the CCITT
recommendations X.3, X.28 and X.29 and supports access to the Datapac network
for asynchronous, start-stop character mode terminals.
X.3 specifies the operation of the pad. It contains the specifications for
the twelve international parameters and their operation. Additional domestic
parameters are also in place to meet Canadian market requirements.
X.28 specifies the command language between the terminal and the PAD. It
also specifies the conditions which define the command mode and the data
transfer mode.
X.29 specifies the procedures to be followed by an X.25 DTE to access and
modify the parameters in the pad as well as the data transfer procedure.
The user needs no special hardware or software to interface a terminal to
the Datapac network. A knowledge of the ITI procedures is the only requirement
at the terminal end.
The Datapac 3101 service provides for terminal to host (user's computer)
and terminal to terminal communication. The host access should conform with
the X.25 protocol, using the Datapac 3000 access service, and also support the
higher level protocol conventions of ITI. host access may also be provided via
the Datapac 3101 service for some applications. The Datapac 3101 service also
provides block mode and tape support.
The Datapac 3201 Network access service which enables various terminals
that are buffered, pollable and operate asynchronously to communicate with host
computers through the Datapac network.
The Datapac 3201 service is typically used by the general merchandise and
specialty sectors of the retail industry in Canada. It provides a cost
effective communication solution whenever there is a requirement for sending
small amounts of information to a host computer and obtaining a short response.
The primary applications are on-line compilation of sales data to help in
inventory control, and on-line credit verification to detect fraudulent credit
cards. Other emerging applications involve trust companies, credit unions,
banks and service stations.
Datapac 3201 provides support at the customers' terminal end (for example a
retail store) by means of a Packet Assembler/Disassembler (PAD) which is
located in a Telecom Canada member company central office. The PAD polls the
various devices for information in an on-line real time environment.
Devices may communicate to the pad via two options: Shared multipoint
multidrop access at 1200 bps, or Dedicated access at 1200, 2400 bps.
Communication between the PAD and the terminal conforms to the ANSI
(American National Standards Institute) X3.28-1976 ISO (International Standards
Organization) poll/select asynchronous protocol. Telecom Canada undertakes to
test terminals which support this protocol, prior to connecting them to the
Datapac 3201 network.
Communication between the customers host computer location and the Datapac
network is accomplished by the use of a X.25 (Datapac 3000) interface which
supports the Datapac 3201 host to PAD "Point-Of-Sale (POS) end to end protocol"
specification.
- Data Collection: Average 1.7 to 2.3 seconds in the peak periods.
- Inquiry-Response (Credit Check): Average 2.7 to 4.2 seconds in
the peak periods.
A typical retail Datapac 3201 application uses short input and output
messages. (For example an average of 50 characters). One kilopacket (1,000
packets or 256,000 bytes) is equal to approximately 1,000 sales transactions or
500 credit authorizations. Average transaction volume would be less than 5000
packets per day.
Other optional Datapac network features include Closed User Group (CUG):
Allows devices within one group to communicate only with accredited devices of
the same group, resulting in a high degree of data security. Additional
options are available to limit call attempts between closed user groups or
within a closed user group, reverse charge call: Allows a user to charge a call
to the destination address, reverse charge call: Reverse charged calls destined
to a Datapac 3201 blocking: address will be blocked by the network.
Datapac 3303 (BSC) provides polled BSC communications protocol support for
IBM 3270 information display systems or their emulators.
Datapac 3303 (BSC) supports all the typical on-line inquiry response and
data entry applications normally accessed with these 3270 terminal clusters.
Datapac 3303 (BSC) is a PAD based service. The 3270 controllers connect to
the network via PAD's (Packet Assemblers/Disassemblers). PAD's perform the
host functions of communicating with the 3270 controllers in the binary
synchronous communications polling protocol, and in doing so, eliminate
cross-network polling.
Datapac 3303 (BSC) connections are dedicated facilities (one per
controller) at speeds of 2400, 4800, or 9600 bps. A virtual circuit is
maintained for each terminal across the network and out to the host at the
other end via a Datapac 3000 line. Most Datapac 3303 (BSC) connections
dialogue with hosts that are running Telecom Canada's Datapac access software
(DAS) in their IBM 3720, 3705, 3725 or Amdahl look-alikes front ends. DAS
supports X.25 connecting. To the network via Datapac 3000. It also supports
the end-to-end protocol transporting the 3270 data across the network.
Aside from lower communications costs, the main reasons for using Datapac
3303 (BSC) are: Ease of network reconfiguration, and dynamic multiple terminal
functionally.
New on-line systems are economically feasible and equipment changes can be
easily accommodated without disrupting service or affecting the network.
Terminals are now much more versatile than ever before. The capability exists
to dynamically access multiple hosts and/or applications from the same
destination (either manually, or via a user friendly mnemonic addressing
scheme). This means terminals behind the same controller can access different
destinations at the same time, saving equipment and communications facilities
costs. In conjunction with DAS (Datapac Access Software) in the host's front
end, that 3270 terminal can also act as an ASCII asynchronous device and access
such systems as Envoy/100 and iNet. In addition, each terminal now has the
ability to appear as either a BSC device to a non-SNA host or an SDLC device to
an SNA host in a matter of a few keystrokes.
There are currently 2 services under Datapac 3303 (SDLC). They are Datapac
3303/SDLC and Datapac 3303/SDLC Plus.
Both services allow IBM (and their emulators) devices to access the Datapac
network for the purpose of transmitting data using the SDLC link level
protocol.
Some common features of the Datapac 3303 (SDLC) are terminal pad based:
The service provides the X.25 framing and de-framing for SDLC data stream as
well as the packetization and de-packetization, QLLC end-to-end protocol: the
service conforms to IBM's QLLC specifications thus making it compatible with
most host X.25 PAD software/hardware implementations, physical unit type 2
accessibility: services such as the IBM 3270, 3177, 52xx, 36xx, 37xx, 47xx,
ATM's, etc. 2.4, 4.8, 9.6 kbps access speeds, Point to point and multipoint
on-net and off-net access, terminal or host initiated calling, normal or
priority packet size option and Closed User Group (CUG) options.
Datapac 3303/SDLC offers 1 VC per PU (controller), switched and permanent
virtual circuit support, and the following applications: virtual private line
emulation, centralized host processing simple call set up, international (via
Telenet/US) access, and token ring gateway support using the IBM 3174
Datapac 3303/SDLC Plus offers 1 VC per LU (end user terminal), local
command mode allows call set up and clearing from users terminal, automatic
direct call, mnemonic DMA dialing methods of call set up, switched virtual
circuit support, and the following applications: disaster recovery, alternate
host access using switching capability from user terminal and Datapac options
(packet size, charging, CUG's) at user terminal level.
Datapac 3304 offers batch terminal support. It supports RJE (or Remote Job
Entry) batch work stations or communications terminals operating under binary
synchronous communications (BSC) protocols.
Datapac 3304 allows users operating under IBM's Multileaving Interface
(MLI) protocol to access the Datapac network. It also supports compatible
computers and terminals using this protocol. Datapac 3304 supports the bulk
data transfer applications from these remote job entry (RJE) work stations
whin as 'transparent' s'pad-to-pad operation'. Devices are connected to the Da
dedicated lines aor 9600 bps. As users groimplement new technology, the termin
upgraded to X.25.
A typical user profile would include a host with a spooling or queueing
subsystem such as HASP II, JES 2, JES 3, ASP and RSCS, batch terminals such as
the IBM 3777 M2 and Data 100 and to have low to medium volumes to transmit.
Datapac 3305 also supports a variety of BSC RJE batch work stations such
as IBM 2770, IBM 2780, IBM 3740, IBM 3770 and IBM 3780.
It provides network access support for those customers using equipment
operating under IBM's point-to-point contention mode protocol and those
compatible computers and terminals using the same protocol.
Datapac 3305 supports the bulk data transfer (batch transmissions)
applications that occur between terminals, hosts, and a variety of other
devices such as communicating word processors.
Datapac 3305 provides savings for those customers running low to medium
volume applications.
Datapac 3305 is a PAD based service. The RJE (Remote Job-Entry) work
stations access the network via PAD's while the host computer may also use the
Datapac 3305 PAD or connect via an X.25 link on Datapac 3000.
Datapac 3305 supports three modes of access: Dedicated lines at 2400 or
4800 bps, private dial at 2400 bps and public dial at 2400 bps
It should be noted that the destination must be dedicated in order to
receive a call.
Datapac access software (DAS) provides a Datapac (X.25) compatibility for
IBM host computer environments. Datapac access software (DAS) resides in
customer-provided IBM hardware; the communications controller or front end
processor such as the IBM 3725 or IBM 3705, and co-exists with its compatible
IBM software such as NCP (Network Control Program), EP (Emulation Program) or
PEP (Partitioned Emulation Program). Datapac access software (DAS)
compatibility also extends to IBM look-alike hardware manufacturers such as
Amdahl.
DAS-installed host computer environments have access to their Datapac-bound
devices, such as those connected via Datapac 3101, Datapac 3303 (DSI/DSP),
Datapac 3303 (QLLC)*, and Datapac 3305, as well as those devices which are
connected via conventional communications facilities, such as private line or
dial-up.
DAS can also provide SNA conversion for non-SNA devices, such as conversion
>from 3270 BSC-3 (Datapac 3303 DSI/DSP) to physical unit type 2 (SNA 3270 SDLC
representation), and ASCII/asynchronous (Datapac 3101) to physical unit type 1
(SNA ASCII SDLC representation). These SNA conversion features allow the
customer to convert his host environment to SNA without modifying or replacing
his existing terminal/device population. DAS also provides an extended
conversion feature for 3270 devices that modifies the incoming data (3270) to
an ASCII/asynchronous datastream and re-routes the traffic into the Datapac
network. Thus providing external ASCII database access to the 3270 device
population.
Other DAS features include multiple host support, transparent path, host to
network callout, extended console routines, code conversion, etc.
Datapac International provides outgoing and incoming access to 6 U.S. based
Networks and to over 100 packet-switched networks around the world. To
successfully complete such calls, Datapac has implemented the International
CCITT X.75 procedures and X.121 International numbering plan. Thus, the
Datapac user originating an international call must use the following format:
(1) (DNIC) (FOREIGN ADDRESS)
: : :
One defines the Datapac International.: : :
Prefix. : :
: :
Packet networks are identified by a ........: :
four digit number called a DNIC :
(data network identification code) :
:
The foreign national address is .......................:
expressed as an eight to ten digit
address.
Calls to international networks, other than those to the U.S., must be pre-
paid; that is, placed from dedicated or private dial access, m
The packet size for an international call must be 128 characters.
On both the Summary and Detailed Usage Statements, Service Type (ST) codes
are used to identify the type of Datapac service involved with a particular
address.
Service Service
Type Description
Code
00 U.S. and overseas
01 3000 Dedicated
02 3101 De Private Dial (300-1200 bps)
04* " Pub05 06 " Out -Dial
07 3201 Shared
08 3303 BSC (DSP)
09 3304 MLI
112 " " Private12 " " P14 3101 Dedicat1
16* " Public Dial (2.4Kbps)
18 3000 Public Dial
19 3303 SDLC (Terminal)
20 3201 Dedicated
21 3303 SDLC (Multihost)
25 3303 SNA/SDLC - Private and Dedicated
26 3001 Enhanced Datapac 3000 Dial trial for off-net in-dial
27 3002 Enhanced Datapac 3000 Dial trial for off-net out-dial
On the Detailed Usage Statement, a code is used to indicate the class of
the call set-up associated with the associated accounting record of a call.
The following codes are used; C Regular call set-up - A call set-up charge
applies; CP Priority Call set-up - A call set-up charge applies; N No call
set-up - A call set-up charge DOES NOT apply and NP Priority no call set-up - A
call set-up charge DOES NOT apply.
On the Detailed Usage Statement, a code is used to describe the reason a
particular call cleared.
At the present time a 3 number code is being used. This will be replaced
by a 2 character alpha-numeric code in mid-1991.
A call set-up charge applies to those clear codes denoted by an *
Clear Code Description
000 00 Trunk network congested
001 01 DSR is invalid
002 02 DSR cannot be reached
003 03 TM not responding
004 04 Address not in tree
005 05 Service down
006 06 Address served not in tree
007 07 Addressed service not ready
010 0A CPM busy
013 0D CPM busy
015 0F Out of norm state - reset
160 A0 Trunk network congested
161 A1 DSR invalid
162 A2 DSR unreachable
163 A3 Time out
164 A4 Address not in tree
165 A5 Service down
166 A6 Network address not found
167 * A7 Addressed service not ready
173 AD CPM busy
174 AE Reset address error
175 AF Reset state error
176 * B0 Local user clear (see note)
177 * B1 Remote user clear
178 B2 Close request from above
179 * B3 Local procedure error
180 * B4 Remote procedure error
181 B5 Message not wanted
182 B6 Packet not wanted
183 B7 CPM shot
184 B8 Call collision
185 B9 Network congestion
186 BA Common block fail
187 BB Local block fail
189 BD Invalid call
190 BE Incoming call prohibited
193 * C1 Local clear before remote accepted
194 C2 X.75 call to clear
195 C3 X.75 reset to clear
196 C4 NUI barred
198 C6 RPOA required
199 C7 RPOA invalid
208 D0 Packet network address error
209 D1 Service not up
210 D2 Service to go down
212 D3 No links up
212 D4 Links restarting
213 * D5 Link out of service
214 D6 No more calls
215 D7 Invalid logical channel number
216 * D8 No free logical channels at called address
217 D9 Nonexistent CUP
218 DA Failure to set up CUP
219 DB Application processor busy
220 DC No application processor
221 DD Maximum number of facilities exceeded
222 * DE Collect call refused
223 DF CUG violation
224 E0 Illegal facility
225 E1 LRC fail
226 E2 Service coming up
227 E3 Service not up
Clear code 176 (B0) can also indicate a record was generated by the network
for accounting purposes. This is most often associated with PVCs or long calls
with a greater than 12 hour duration. The class for this type of record would
be N or NP.
In addition to the fixed monthly rates for Datapac access lines and
options, the following charges apply: Internetwork Usage Rates and Holding Time
Charges
$/HOUR FOR $/HOUR FOR
$/KS $/KS US ORIGINATED CDN. ORIGINATED
NETWORK DNIC DP3000 DP3101 CALLS CALLS
ACCUNET 3134 $ 2.65 $ 3.90 $ 2.00 DED. = $2.00
PUB. DIAL = $3.80
AUTONET 3126 $ 3.75 $ 5.10 $ 5.10 DED. = $0.60
PUB. DIAL = $2.40
BT TYMNET 3106 $ 2.75 $ 5.00 $ 5.60 DED. = $0.60
PUB. DIAL = $2.40
FEDEX 3138 $ 2.75 $ 5.10 $ 6.30 DED. = $0.60
3150 PUB. DIAL = $2.40
NET EXPRESS 3139 $ 2.50 N/A $ 0.60 DED. = $0.60
WESTERN 3101 $ 2.50 $ 5.00 $ 1.85 DED. = $0.60
UNION 3124 PUB.DIAL = $2.40
SPRINTNET 3120 $ 2.75 $ 5.10 $ 6.30 DED. = $0.60
PUB. DIAL = $2.40
(NOTE: DATAPAC 3303 (SDLC) IS ALSO SUPPORTED THROUGH SPRINTNET DP 3303 $/KS =
$5.90 $/HR = NIL )
Notes:
(1) Packet Assembler/Disassembler (PAD) charges are included each band.
(2) Each individual call is rounded up to the next higher minute
(3) Usage charges are calculated on a per Kilo-segment basis. A KS is 1000
segments; each segment is up to 128 characters.
In addition to the fixed monthly rates for U.S. access lines, the
following charges apply: Internetwork Usage Rates and Holding Time Charges
NETWORK DNIC $/KS $/KS $/HOUR FOR $/HOUR FOR
DP3000 DP3101 US ORIGINATED CDN. ORIGINATED
CALLS CALLS
ACCUNET 3134 $ 2.25 $ 3.25 $ 1.80 DED. $1.80
PUB. DIAL = $3.25
AUTONET 3126 $ 0.12 $ 0.15 $ 4.50 DED. = $0.60
(kchar) (kchar) PUB. DIAL = $2.40
BT TYMNET 3106 $ 0.07 $ 0.12 $ 4.98 DED. = $0.48
(kchar) (kchar) PUB. DIAL = $1.92
FEDEX 3138 $ 1.50 ( 0-1000 ks) $ 6.00 Not applicable
$ 1.40 (1001-2999 ks)
$ 1.30 (3000- + ks)
NET EXPRESS 3139 $2.00 N/A $ 0.30 DED. = $0.48
WESTERN UNION 3101 (Not available...)
SPRINTNET 3120 $ 2.35 $ 5.10 DED. = $0.60 DED. = $0.60
DIAL = $5.10 PUB. DIAL = $2.40
(NOTE: SDLC SERVICE IS ALSO SUPPORTED THROUGH SPRINTNET) DP 3303 $/KS = $4.80
$/HR = NIL)
Notes: All above rates are in U.S. Currency
(1) These charges represent both Datapac and selected U.S. Network holding
time charges.
(2) BT Tymnet cannot currently make sent-paid calls, but will be able to do so
shortly.
The Datapac outdial service is available in eighteen major centers (DPSA's)
are being served by outdial. They are: Vancouver, Calgary, Edmonton, Regina,
Saskatoon, Winnipeg, Toronto, Clarkson, London, Windsor, Kitchener, Hamilton,
Ottawa, Montreal, Quebec, Halifax, Saint John (NB) and St John's (Nfld) and is
only available at 300 and 1200 BPS.
The outdial port uses profile 6, except that the user of the is allowed to
escape to command mode by using outdial port "Control P". The destination
terminal must be set at even parity in order to receive the outdial call. Once
connected, Datapac 3000 users can set and read the remote ITI parameters by
sending level 1 packets (X.29).
Establish a call to Datapac via a dedicated or dial-in access. Note: If
using a dial-in access, a network user identifier (NUI) must be activated
before establishing the call. Enter the address of the outdial port. Datapac
will respond with the following:
DATAPAC: call connected
ENTER DESTINATION TELEPHONE NUMBER/ENTRER LE
NUMERO DE TELEPHONE DU DESTINAIRE
Enter the 7-digit telephone number (Local) of the destination terminal.
Datapac will respond with the following:
DIALING/COMPOSITION DU NUMERO (XXX-XXXX)
Printing the destination telephone number as it is dialed. Datapac will
then indicate:
RINGING/SONNERIE
as the modem detects ringback tone. When the destination modem answers the
call, Datapac will send the following message to the originating end:
CALL CONNECTED/COMMUNICATION ETABLIE
then proceed with your call. To clear a call upon completion, enter the clear
command:
(Control P) Clear <Enter>
Datapac will respond with the following:
DATAPAC: call cleared - remote Note: If you have used a NUI to place the ca
the network with the command:
NUI Off <Enter>
Datapac will respond with the following:
DATAPAC: network user identifier not active
Well I have talked about Datapac outdials know I will include a list of
outdial ports for the 18 cities that I mentioned above. Well here's the list.
Calgary (ALTA) 300 63300900
1200 63300901
Clarkson (ONT) 300 91900900
1200 91900901
Edmonton (ALTA) 300 58700900
1200 58700901
Halifax (NS) 300 76101900
1200 76101901
Hamilton (ONT) 300 38500900
1200 38500901
Kitchener (ONT) 300 33400900
1200 33400901
London (ONT) 300 35600900
1200 35600901
Montreal (QUE) 300 82700902
1200 82700903
Ottawa (ONT) 300 85700901
1200 85700902
Quebec City (QUE) 300 48400900
1200 48400901
Regina (SASK) 300 72100900
1200 72100901
St-John's (NB) 300 74600900
1200 74600901
Saskatoon (SASK) 300 71200900
1200 71200901
St. John (NFLD) 300 78100900
1200 78100901
Toronto (ONT) 300 91600901
1200 91600902
Vancouver (BC) 300 67100900
1200 67100901
Windsor (ONT) 300 29500900
1200 29500901
Winnipeg (MAN) 300 69200902
1200 69200901
You want to hack a system on Datapac. So you decided to call and it
connects onto the NUA you want, but you find you are having troubles getting
the system to recognize your input. So here are some answers to some common
problems people find when connecting to systems.
The screen remains blank A physical link has failed - check the cables
between computer, modem and phone line. The remote modem needs waking up -
send a <CR> or failing that, a ENQ <Ctrl> E, character The remote modem is
operating at a different speed. Some modems can be brought up to speed by
hitting successive <CR>'s; they usually begin at 120 Bps and then go to 300,
and so on up the ladder. The remote is not working at V21 standards, either
because it is different CCITT standard. Since different standards tend to have
different wake-up tones which are easily recognized with practice, you may be
able to spot what is happening. If you are calling a North American service
you should assume Bell tones. Both your modem and that of the remote service
are in answer or in originate and so cannot speak to each other. Always assume
you are in the originate mode.
The screen fills with random characters. Data format different from your
defaults - check 7 or 8 bit characters, even/odd parity, stop and start bits.
Mismatch of characters owing to misdefined protocol - check start/stop, try
alternatively EOB/ACK and XON/XOFF. Remote computer operating at a different
speed from you - try in order, 120, 300, 600, 1200, 2400, 4800, 9600, 14400,
19200, 38400. Poor physical connection - if using an acoustic coupler check
location of handset, if not, listen on line to see if it is noisy or crossed.
The remote service is not using ASCII/International Alphabet No 5.
Every character appears twice. You are actually in half-duplex mode and
the remote computer as well as your own are both sending characters to your
screen - switch to full-duplex/echo o All information appears on only one li
has the facility, enable it to induce carriage returns when each display line
is filled. many online services and public dial-up ports let you configure the
remote port to send carriage returns and vary line length. Your software may
have a facility to show control characters, in which case you will see <Ctrl>-K
is the remote service is sending carriage returns.
Most of the display makes sense, but every so often it becomes garbled.
You have intermittent line noise - check if you can command line the remote
computer to send the same stream again and see if you get the garbling. The
remote service is sending graphics instructions which your computer and
software can't resolve.
The display contains recognized characters in definite groupings, but
otherwise makes no sense. The data is intended for an intelligent terminal
which will combine the transmitted data with a local program so that it makes
sense. The data is intended for batch processing. The data is encrypted.
Data seems to come from the remote computer in jerky bursts rather than as
a smooth stream. If you are using PSS or a similar packet-switched service and
it is near peak business hours either in your time zone or in that of the host
you are accessing, the effect is due to heavy packet traffic. There is nothing
you can do - do not send extra commands to speed up twill arrive at the host ev
Most of the time everything works smoothly, but I can't get past certain
prompts. The remote servr computenormally generate - check your terminal softw
sending them.
The following is a list of acronyms and terms which are often referred to
in this document and others dealing with this subject.
ACP - Adapter/Concentrator of Packets.
ASCII - American Standard Code for Information Interchange alternate name for
International Telegraph Alphabet No 5 - 7 bit code to symbolize common
characters and comms instructions, usually transmitted as 8 bit code to
include a parity bit.
Asynchronous - Description of communications which rely on start and stop bits
synchronize originator and receiver of data = hence asynchronous protocols,
channels, modems, terminals, etc.
Call Accept - In packet switching, the packet that confirms the party is
willing to proceed with the call.
Call Redirection - In packet switching, allows call to automatically
redirected from original address to another, nominated address.
Call Request - In packet switching, packet sent to initiate a datacall.
Closed User Group - A type of high security NUI in use on several PSNs
throughout the world. CUG users can access optional parameters and NUAs
blocked out by security.
CUG - Closed User Group.
Data Circuit Terminating Equipment - Officalese for modems.
Data Country Code - The first three digits in the four digits of any given
DNIC.
Data Network Identifier Code - The four digits which come before the area
code/address/port address of any given NUA. The DNIC shows which PSN any
given host is based upon. The DNIC can also be broken down into two parts,
the DCC and the NC. For more information, see part VIII.
Data Terminal Equipment - Officalese for computers.
DCC - Data Country Code.
DCE - Data circuit terminating equipment.
Destination Paid Call - A collect call to a NUA which accepts collect charges.
DNIC - Data Network Identifier Code.
DTE - Data Terminal Equipment.
DTE Address - The five digits following the area code of the host on any given
NUA. For example, the NUA 234122345678 has a DTE address of 45678.
Gateway - A host on a given PSN which is connected both the the originating PSN
and one or more different or same PSN's. Gateways also allow one user on
one PSN the ability to move to another PSN and operate on the second as if
the first was not interfering.
Host - Any system accessible by NUA on the PSN.
Hunt/Confirm Sequence - String of characters sent to the SprintNet POTS
dialin/port which allows SprintNet to determine the speed and data type to
translate to on its PAD.
ITI Parameters - Online PAD parameters (X.3 or ITI) which allow the user to
modify existing physical measurements of packet length and otherwise.
LAN - Local Area Network.
Local Area Network - A data network which operates within the confines of an
office building or other physical structure where several computers are
linked together into a network in order to share data, hardware, resources,
etc. These may or may not own a host address on any data network, and if
so, may be accessed via NUA; otherwise direct dialin is the only
alternative.
NC - Network Code.
NCP - Nodes of Communication of Packets.
Network Code - The fourth digit of any given PSN's DNIC.
Network Protocol - The hardware protocol which allows the host systems to
communicate efficiently with the PSN it is connected to. Generally,
synchronous protocols (X.??) are used within the network and asynchronous
protocols (V.??) are used to access the network, but asynchronous protocols
within the network and/or synchronous dialin points are not unheard of.
The standard protocol for packet transfer today is the X.25 synchronous
data protocol. For detailed information, please see part V and Appendix F.
Network User Address - The address of any given host system on any PSN. This
address is thought of as a "phone number" which is dialed to access the
desired host.
Network User Identifier - The ID and password which allow the user which has
logged onto the PSN's PAD to originate calls to host systems which do not
accept collect calls. it is often thought of as a "k0de" or a calling card
which will be billed for at the end of every month.
NUA - Network User Address.
NUI - Network User Identifier.
Outdial - Any system which allows local, national, or international dialing
from the host system. PC-Pursuit can be defined as a local outdial system.
Most outdials operate using the Hayes AT command set and others may be menu
oriented.
Packet Assembler/Disassembler - The device/host which translates the actual
input/output between the host and the user. The PAD often translates
between baud rates, parities, data bits, stop bits, hardware protocols, and
other hardware dependant data which reduces the hassle of continual
modification of terminal and hardware parameters local to the originating
terminal.
Packet Switched Exchange - Enables packet switching in a network.
Packet Switched Network - A network based upon the principle of packet
switching, which is the input/output of packets to and from the PAD which
translates input and output between the user and the host. For detailed
information, please see part IV.
Packet Switched System - Another name for the PSN.
Packet Switch Stream - The PSN used by British Telecom.
PAD Delay - The extra time that is used to translate incoming and outgoing
packets of data which is composed of a continuous stream of clear-to-send
and ready-to-send signals. PAD delay can vary depending on the type of
network protocol and network/port speed is being used.
PAD - Packet Assembler/Disassembler (technical), Public Access Device (customer
service description).
PDN - Public Data Network or Private Data Network.
Port Address - The two optional digits at the end of any given NUA which allow
the PAD/PSN to access a given port. For example, 131202129922255 would
reach the NUA 31202129922255, 55 being the port address.
Private Data Network - Any network (LAN/WAN/PSN) which is owned and operated by
a private company. Private networks are usually smaller than public
networks and may host a myriad of features such as gateways to other
public/private networks, servers, or outdials.
PSE - Packet Switch Exchange.
PSN - Packet Switched Network.
PSS - Packet Switch Stream or Packet Switched System.
PTSN - Public Switched Telephone Network.
Public Data Network - Another name for the PSN.
Public Switched Telephone Network - The voice grade telephone network dialed
from a phone. Contrast with leased lines, digital networks, conditioned
lines.
Server - A type of network which is connected to a host system which can be
reached either via NUA or direct dial which provides the "brain" for a LAN
or WAN.
V.?? - Asynchronous network protocol.
V1 - Power levels for data transmission over telephone lines.
V3 - International Alphabet No 5 (ASCII).
V4 - General structure of signals of IA5 code for data transmission over public
telephone network.
V5 - Standardization of modulation rates and data signalling rates for
synchronous transmission in general switched network.
V6 - Standardization of modulation rates and data signalling rates for
synchronous transmission on leased circuits.
V13 - Answerback simulator.
V15 - Use of acoustic coupling for data transmission.
V19 - Modems for parallel data transmission using telephone signalling
frequencies.
V20 - Parallel data transmission modems standardized for universal use in the
general switched telephone network.
V21 - 300 bps modem standarized.
V22 - 1200 bps full duplex 2-wire modem for PTSN.
V22 bis - 2400 bps full duplex 2-wire modem for PTSN.
V23 - 600/1200 bps modem for PTSN.
V24 - List of definitions for interchange circuits between data terminal
equipment and data circuit terminating equipment.
V25 - Automatic calling and/or answering equipment on PTSN.
V26 - 2400 bps mode on 4-wire circuit.
V26 bis - 2400/1200 bps modem for PTSN.
V27 - 4800 bps modem for leased circuits.
V27 bis - 4800 bps modem (equalized) for leased circuits.
V27 ter - 4800 bps modem for PTSN.
V29 - 9600 bps modem for leased circuits.
V35 - Data transmission at 48 kbps using 60-108 kHz band circuits.
V42 - Combined error correction and data compression standard to give 9600 bps
on dial-up lines.
WAN - Wide Area Network.
Wide Area Network - A data network which operates on a continuous link basis as
opposed to the packet switched basis. These do not operate on the X.25
protocol and may only be accessed via direct-dial or a host on a PSN which
is linked with the WAN.
X.?? - Generally symbolizes some type of synchronous network protocol.
X1 - International user classes of services in public data networks.
X2 - International user facilities in public data networks.
X3 - Packet assembly/disassembly facility (PAD).
X4 - General structure of signals of IA5 code for transmission over public data
networks.
X20 - Interface between data terminal equipment and a data circuit terminating
equipment for start stop transmission services on public data networks.
X20 bis - V21 compatible interface.
X21 - Interface for synchronous operation.
X25 - Interface between data terminal equipment and data circuit terminating
equipment for terminals operating in the packet switch mode on public data
networks.
X28 - DTE/DCE interface for start/stop mode terminal equipment accessing a
PAD on a public data network.
X29 - Procedures for exchange of control information and user data between a
packet modem DTE and a PAD X95 - Network parameters in public data
networks.
X96 - Call process signals in public data networks X121 - International
addressing scheme for PDN's.
X400 - Standards for electronic mail, covering addressing and presentation.
Some interesting books I think you should read that are related to
Phreaking & Hacking:
Cyberpunk - Outlaws And Hackers On The Computer Frontier, By Katie Hafner And
John Markoff, Simon And Schuster Incorporated, Simon And Schuster Building,
Rockefeller Center, 1230 Avenue Of The Americas, New York City, NY 10020, 1991,
368 Pages
Data Theft, By Hugo Cornwall, Mandarin Paperbacks, Michelin House, 81 Fulham
Road, London, England SW3 6RB, 1989, 402 pages
Hacker's - Heros Of The Computer Revolution, By Steven Levy, Bantam Doubleday
Dell Publishing Group Incorporated, 666 Fifth Avenue, New York City, New York
10103, 1985, 448 Pages
New Hacker's Handbook, By Hugo Cornwall, Century Hutchinson Limited,
Brookmount House, 62-65 Chandos Place, Covent Garden, London, England WC2N 4NW,
1989, 194 pages
The Cuckoo's Egg, By Cliff Stoll, Pocket Books A Division Of Simon And Schuster
Incorporated, Simon And Schuster Building, Rockefeller Center, 1230 Avenue Of
The Americas, New York City, NY 10020, 1990, 356 Pages
The Hacker's Handbook, By Hugo Cornwall, E Author Brown Company, 3404 Pawnee
Drive, Alexandia, MN 56308, 1986, 186 Pages
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- The Empire Times -=-
Volume 1, Issue 2, File 10 of 11
SummerCon '92 (The Conference)
By Albatross
********************
* Empire Times *
* Present: *
* *
* SummerCon '92 *
* St. Louis,MO *
* June 26th - 28th *
********************
SummerCon: (Day 2, Saturday June 27th)
----------
The Morning started off with everybody waking up with hang overs and
and wet condoms from the previous night with the little girls. Anyhow
Saturday was the day of the conference which was suppose to begin at 1pm
but was postpone due to late fucks. ANyho
w after the shit got going
there were some speakers on some intestiing shit with you should check out:
SummerCon Conference:
--------------------
Dispatar: Opened up The Meeting with a little chat about Phrack
and what everything was about etc.. Nothing all That!!
Gatsby: His Speech was on that crazy 1000 member bust of some carding
ring way out in California some where that was just blown outta
proportion. Anyhow Gatsby was saying that the 1,000 member card
ring was just The Crypt Keeper blabbing his whole fucking story
to the Feds and more or less did nothing more but rat on
everybody cause he was scared from the feds {WHAT NOT TO DO!!}
Gatsby more or less wrapped it up with by talking about what
all has happen since that bust and who all was this and that
etc....
Emmanuel: Mr 2600 man got up to speak about the beginnings of 2600
and what all it really stands for and what type do. 2600
has about 15,000 Subscribers and about 3,000 newstand
locations, and all there info is encrypted and in very
secure locations, so in other words nobody knows you from
your membership info, unless the decide to read the mailing
labels as there passing thru the Post Office which is a crime
in the first place..
Anyhow Emmanuel is looking for Writers to give 2600 a big
hand cause there desperate for some writers and he also states
that he will publish anybody's SSN (ie. George Bush)
Control-C: Mr Ex-LOD member got up to talk on how he got a job with
Michigan Bell Security by breaking into there systems, but he
then lost his job because some Bell employee never liked him
cause he was a Criminal and shit, and also cause the contract
said he could break into and test Michigan Bell's security but
he went over board and the Government said he had no contract
not to fuck with them. (Fucking Feds)
Anyhow The feds bust Control-C and they get other Ex-LOD
members to testify against Control-C at a grand jury
investigation so that they would end up with lighter sentences
and all the wimpy shit that goes alone with that Backstabing
move..
Signal Surfer: Super Hacker Signal Surfer talks about his new software
that he is look for people to Beta test for him on either
IBM's of Mac's. The Software will allow you to get a legal
internet account and address so that you can recieve mail
and read news groups and all that shit (Just not telnet
or FTP shit).
The Software is great cause I'm beta testing it and I love
it so far, it's great for a email site (Look 4 my address).
NOTE: If you wish to beta test this software called WorldLink
you can reach Signal Surfer (Robert Stratton) at:
InterCon Voice: 703-709-9890 ext. 253
950 Herndon Parkway FAX: 703-709-9896
Herndon, VA 22070 Email: strat@intercon.com
Predat0r: This is the man behind TAP magazine. Dude to the fact
that predator didn't want Chris Coggins camera on during his
speech I'll hold back some details on his talk.
Pred, was talking about how they did some shit and obtained
a 3,000 dollar computer so he could run a board But due to
some problems it had to be sold, and in the process of being
sold the G-Men snagged them and he served some time behind
bars. Anyhow on a lighter note, Tap Magazine is planning on
being back in The Fall of '92 and Tap is also looking for
writers: You can reach Predator on The Blitzkrieg BBS
located in Knoxville, Kentucky
The Blitzkrieg BBS
502-499-8933
502-491-5198
NUP: Columbian Coke
ICOM: This is a cool dude behind a somewhat small but growing
printed mag called 'CyberTek' (Great shit), The mag is
loaded with stuff on making your own Pirate Radio/TV station
and fucking with caller ID and many other Tek/Anarchy type
of projects. To get a hold of this great mag you can reach ICOM
at:
The New CyberTek BBS
--------------------
Uncensored: (914) 761-6877
The Implosion: (914) 762-6954
Blood Axe: This is the legendary Chris Coggins, the man looking for a
job that doesn't wanna cut his hair. Anyhow Chris talked
about everything and just went on and on, but some of the key
key things he had to say was about his artical in Computer
World Magazine on computer hackers and shit like that. Also
Blood Axe went into shit on PSN networks, but over all it was
pretty informative....
Mr. Drunkfux: Talked about all the shit that happened at HoHo Con back in
'91 and how the hotel got totally trashed like shit. The
Hotel security tried to blame The Hoho Con organizers for
fires in the hallways and holes in the walls, and Drunkfux was
getting on there shit like 'Well if there was a fire what
happen to the smoke alarms' and how they had witnesses that
say that they say hotel employees punch holes in the walls
just so they could blame it on HoHo Con.. fuck that shit...
More or less that was end of teh SummerCon Conference, and I compiled
a listing of what States were being represented by at the conference and
they were:
Massachusetts Argentina (The Country)
Texas Missouri
Illinois Maryland
Louisiana Virginia
Florida New York
Kentucky Indiana
California Mississippi
South Carolina Colorado
Michigan
That was the end of the high point of the Conference, and so we shall wait
till next year when more people shall come and bring more computers with them
and do more hacking, and all that shit... (And make gifs from pictures)
Anyhow, Till Next we meet, See ya!!!!!!
SummerCon 4 ever
Phrack: 1 Secret Service: 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=- The Empire Times -=-
Volume 1, Issue 2, File 11 of 11
M.O.D (Masters of Disaster)
Get Busted
5 Computer Hackers Charged with Tampering, Fraud, Conspiracy July 8, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Samuel Maull (Associated Press)
NEW YORK -- Five computer "hackers" have been indicted on federal charges of
breaking into computer systems run by telephone companies, credit reporting
services and educational institutions, officials said.
The hackers, in their teens and 20s, did it to show off for their peers, to
harass people they didn't like, to obtain services without paying, and to get
information they could sell, said U.S. Attorney Otto Obermaier.
During these invasions, they obtained 176 credit reports from the TRW credit
information company, destroyed an education series of a television station, and
left electronic graffiti on an NBC television news show.
Obermaier said much of the evidence against the defendants was obtained through
wiretaps which were the first ever used to intercept data exchanges between
computers communicating with each other.
The defendants were part of a group of hackers, people adept at using computers
to get into other computers or data systems, who called themselves MOD, which
stands for "masters of disaster" or "masters of deception."
Obermaier said MOD's members include Julio "Outlaw" Fernandez, 18, John
"Corrupt" Lee, 21, Mark "Phiber Optik" Abene, 20, Elias "Acid Phreak"
Ladopolous, 22, and Paul "Scorpion" Stira, 22. All are from New York.
They are charged with computer tampering, computer fraud, wire fraud, illegal
wiretapping and conspiracy. They will be arraigned Manhattan federal court on
July 16. Each count is punishable by up to five years in prison.
The indictment charges that on November 28, 1989, MOD destroyed the information
in WNET Channel 13's Learning Link computer in New York City.
Learning Link provided education and instructional material to hundreds of
schools and teachers in New York, New Jersey and Connecticut.
A message left on the Learning Link computer said, "Happy Thanksgiving, you
turkeys, from all of us at MOD." The message was signed "Acid Phreak," "Phiber
Optik," and "Scorpion," said Stephen Fishbein, assistant U.S. attorney in
charge of the prosecution.
During an NBC news broadcast on November 14, 1990, two hackers identified as
"Acid Phreak" and "Phiber Optik" claimed responsibility for sending the "Happy
Thanksgiving" message that appeared on the screen, Fishbein said.
The hackers also allegedly broke into telephone switching computers operated
by Southwestern Bell, New York Telephone, Pacific Bell, US West and Martin
Marietta Electronics Information and Missile Group.
In some case the defendants added and altered calling features. For example
they call-forwarded local numbers to long distance numbers so they could get
long distance calls for the price of a local call, Obermaier said.
Southwestern Bell reported it lost some $370,000 in 1991 because of computer
tampering by three of the defendants.
Obermaier said no defense intelligence was compromised by the Martin Marietta
invasion.
Two other defendants, Morton Rosenfeld, 21, and Alfredo de la Fe [Renegade
Hacker], 18, pleaded guilty to conspiracy to use and traffic in unauthorized
access devices in connection with MOD's activities.
_______________________________________________________________________________
Hackers Indicted For Breaking Into Phone, Credit Systems July 8, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Gail Appleson (Reuter Business Report)
NEW YORK -- A group of computer hackers has been indicted for breaking into
computer systems operated by major telephone companies and credit reporting
agencies in what prosecutors said were "crimes of the future."
The charges mark the first time court-authorized wiretaps were used to obtain
conversations and data transmissions of computer hackers, the government said.
"I see these cases as crimes of the future," Ray Schaddick of the Secret
Service, told a news conference.
The indictment alleges the defendants broke into computer switching systems
operated by Southwestern Bell, New York Telephone, Pacific Bell, U S West and
Martin Marietta Electronics Information and Missile Group.
Southwestern Bell allegedly lost $370,000 because of the crimes.
The defendants also allegedly tampered with systems owned by the nation's
largest credit reporting companies, including TRW, Trans Union and Information
America. They allegedly obtained 176 TRW credit reports on various
individuals.
The indictment does not state a total amount of money lost by victims of the
tampering, and Manhattan U.S. Attorney Otto Obermaier said the hackers, who
were all under the age of 22, were often just after power.
Indeed, the men called themselves "MOD," an acronym used variously for "Masters
of Disaster" and "Masters of Deception." They used individual aliases such as
"Corrupt," "Outlaw," "Phiber Optik" and "Acid Phreak."
Obermaier quoted the indictment as alleging the group broke into the computers
"to enhance their image and prestige among other computer hackers and to harass
and intimidate rival hackers and other people they did not like."
One of the defendants allegedly said that he wanted information that would let
him change TRW credit reports so he and others could "destroy people's lives
or make them look like saints."
The defendants also allegedly infiltrated computers systems to obtain
telephone, credit, information and other services without paying from them and
to obtain passwords, account numbers and other information they could sell to
others.
On one occasion they allegedly intercepted data communications on a network
operated by Bank of America and they wiped out almost all of the information
contained on a system operated by the Public Broadcasting System affiliate in
New York, WNET, that provided educational materials to schools in New York, New
Jersey and Connecticut.
They left a message on the computer that said "Happy Thanksgiving you turkeys,
from all of us at MOD."
The defendants in the case are Julio Fernandez, 18; John Lee, 21; Mark Abene,
20; Elias Ladopoulos, 22, and Paul Stira, 22. All are from New York.
The indictment contains 11 counts of computer tampering, computer and wire
fraud, illegal wire tapping and conspiracy. If convicted, the defendants
face a possible maximum prison term of more than 50 years and fines of more
than $2.5 million.
Prosecutors said two other defendants previously pleaded guilty to buying
information from the five hackers.
_______________________________________________________________________________
Computer "Masters of Disaster" Indicted July 8, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Taken from United Press International
NEW YORK -- Five alleged computer hackers known as "Masters of Disaster" were
indicted on federal charges for breaking into computers of major institutions
for fun and for gain, authorities said.
The defendants, known as "MOD" or "Masters of Disaster/Masters of Deception,"
broke into computers "to harass and intimidate rival hackers and other people
they did not like; to obtain telephone, credit, information and other services
without paying for them; and to obtain passwords, account numbers and other
things of value which they could sell to others," the indictment said.
The case marked the first court-authorized use of wiretaps in an investigation
to obtain data transmissions of computer hackers who use computer-connected
telephone lines for unauthorized access to other computers, said a spokesman
for U.S. Attorney Otto Obermaier.
The indictment was announced with two arrests in separate, but related computer
fraud cases.
Among the computers the defendants allegedly broke into were telephone
switching computers operated by Southwestern Bell, New York Telephone, Pacific
Bell, U.S. West and Martin Marietta Electronics Information and Missile Group.
The hackers also allegedly wiped out of almost all information within the
Learning Link computer operated by WNET and left the words, "Happy
Thanksgiving you turkeys, from all of us at MOD."
Southwestern Bell allegedly lost about $370,000 in 1991, due to alleged
tampering by three of the defendants, two of whom also allegedly intercepted
data on a network operated by the Bank of America.
With access to credit and information services such as TRW, one of the alleged
hackers claimed he could "destroy people's lives or make them look like
saints," the indictment said.
The defendants were identified as Julio "Outlaw" Fernandez, 18, of the Bronx;
John "Corrupt" Lee, also known as John Farrington, 21, of Brooklyn; Mark
"Phiber Optik" Abene, 20, of Queens; Elias "Acid Phreak" Ladopoulos, 22, of
Queens, and Paul "Scorpion" Stira, 22, also of Queens.
They are scheduled for arraignment at 10 am, July 16 in U.S. District Court in
Manhattan on charges of fraud, wire fraud, illegal wiretapping and conspiracy.
In November 1991, Fernandez and Lee sold information to Morton Rosenfeld on
accessing credit services and later provided a TRW account number and password
that was used to obtain about 176 TRW credit reports on individuals.
Rosenfeld, 21, of Brooklyn, pleaded guilty to conspiracy on June 24. Alfredo De
La Fe [Renegade Hacker], 18, of Manhattan, pleaded guilty on June 19, to using
and selling telephone numbers and codes.
Rosenfeld must appear September 9 for sentencing, De La Fe on August 31.
Obermaier's office conducted the probe with James Heavey, special-agent-in-
charge of New York's U.S. Secret Service, William Doran, special-agent-in-
charge of New York's FBI office, and Scott Charney, chief of the computer
crime unit of the Department of Justice.
_______________________________________________________________________________
